From 358f221d4f707a62421f01c18e103d3455c50227 Mon Sep 17 00:00:00 2001 From: admin Date: Wed, 17 Jul 2024 07:28:52 +0000 Subject: [PATCH] new configuration version --- ...signer-trust-4bad2fe3ccc54716cc87138f.yaml | 14 + ...ult-identity-4bad2fe3ccc54716cc87138f.yaml | 18 + ...lt-tls-trust-4bad2fe3ccc54716cc87138f.yaml | 14 + ...-auth-signer-4bad2fe3ccc54716cc87138f.yaml | 16 + ...-trust-store-4bad2fe3ccc54716cc87138f.yaml | 14 + ...evisauth-sts-4bad2fe3ccc54716cc87138f.yaml | 56 + .../auth-sts/etc/nevis/nevisauth_default.yml | 18 + .../var/opt/keys/trust/idp-pem-atb/keypass | 2 + .../opt/keys/trust/idp-pem-atb/truststore.jks | Bin 0 -> 788 bytes .../opt/keys/trust/idp-pem-atb/truststore.p12 | Bin 0 -> 1110 bytes .../opt/keys/trust/idp-pem-atb/truststore.pem | 17 + .../nevisauth/default/conf/LitDict.properties | 80 + .../default/conf/LitDict_de.properties | 80 + .../default/conf/LitDict_en.properties | 80 + .../default/conf/LitDict_fr.properties | 80 + .../default/conf/LitDict_it.properties | 80 + .../opt/nevisauth/default/conf/bc.properties | 1 + .../var/opt/nevisauth/default/conf/env.conf | 19 + .../nevisauth/default/conf/esauth4.security | 2 + .../opt/nevisauth/default/conf/esauth4.xml | 334 + .../opt/nevisauth/default/conf/logging.yml | 53 + .../opt/nevisauth/default/conf/nevisauth.yml | 16 + .../nevisauth/default/conf/otel.properties | 4 + .../default/conf/sts_audit_failure.groovy | 17 + .../default/conf/sts_audit_success.groovy | 16 + .../var/opt/nevisauth/default/log/.empty | 0 .../var/opt/nevisauth/default/plugin/.empty | 0 .../var/opt/nevisauth/default/run/.empty | 0 .../var/opt/nevisauth/default/status.sh | 79 + .../var/opt/nevisauth/default/tmp/.empty | 0 ...nt-nevisfido-7022472ae407577ae604bbb8.yaml | 18 + ...st-nevisfido-7022472ae407577ae604bbb8.yaml | 14 + ...signer-trust-7022472ae407577ae604bbb8.yaml | 14 + ...ult-identity-7022472ae407577ae604bbb8.yaml | 18 + ...lt-tls-trust-7022472ae407577ae604bbb8.yaml | 14 + ...-auth-signer-7022472ae407577ae604bbb8.yaml | 16 + ...-trust-store-7022472ae407577ae604bbb8.yaml | 20 + ...8s-nevisauth-7022472ae407577ae604bbb8.yaml | 61 + ...uth-database-b7b59e97b3fd18bb60178573.yaml | 26 + .../auth/etc/nevis/nevisauth_default.yml | 18 + .../var/opt/keys/own/idp-pem-signer/cert.pem | 17 + .../var/opt/keys/own/idp-pem-signer/key.pem | 42 + .../var/opt/keys/own/idp-pem-signer/keypass | 2 + .../opt/keys/own/idp-pem-signer/keystore.jks | Bin 0 -> 2636 bytes .../opt/keys/own/idp-pem-signer/keystore.p12 | Bin 0 -> 3122 bytes .../opt/keys/own/idp-pem-signer/keystore.pem | 60 + .../auth/var/opt/keys/trust/env-ca/keypass | 2 + .../var/opt/keys/trust/env-ca/truststore.jks | Bin 0 -> 443 bytes .../var/opt/keys/trust/env-ca/truststore.p12 | Bin 0 -> 758 bytes .../var/opt/keys/trust/env-ca/truststore.pem | 10 + .../var/opt/keys/trust/idp-pem-atb/keypass | 2 + .../opt/keys/trust/idp-pem-atb/truststore.jks | Bin 0 -> 788 bytes .../opt/keys/trust/idp-pem-atb/truststore.p12 | Bin 0 -> 1110 bytes .../opt/keys/trust/idp-pem-atb/truststore.pem | 17 + .../nevisauth/default/conf/LitDict.properties | 268 + .../default/conf/LitDict_de.properties | 268 + .../default/conf/LitDict_en.properties | 268 + .../default/conf/LitDict_fr.properties | 268 + .../default/conf/LitDict_it.properties | 268 + .../conf/Recovery_getCredentials.groovy | 62 + .../conf/Recovery_mobile_nless_auth.groovy | 52 + .../conf/SendSamlResponseWithAssertion.groovy | 19 + .../conf/SendSamlResponseWithError.groovy | 24 + .../opt/nevisauth/default/conf/bc.properties | 1 + .../default/conf/checkInsufficientLoa.groovy | 133 + .../nevisauth/default/conf/checkloa.groovy | 230 + .../opt/nevisauth/default/conf/countries.xml | 250 + .../nevisauth/default/conf/createuuid.groovy | 6 + .../default/conf/ensureAccountState.groovy | 125 + .../default/conf/ensureRecoveryCode.groovy | 101 + .../var/opt/nevisauth/default/conf/env.conf | 19 + .../nevisauth/default/conf/esauth4.security | 2 + .../opt/nevisauth/default/conf/esauth4.xml | 2594 ++ .../nevisauth/default/conf/fido2_auth.groovy | 202 + .../conf/fido2_fetchcaptchainfos.groovy | 37 + .../conf/fido2_fetchcaptcharesult.groovy | 53 + .../default/conf/handleRedirect.groovy | 26 + .../conf/handleRedirectRecovery.groovy | 23 + .../conf/handleRedirectRegistration.groovy | 26 + .../default/conf/idp_status_check.groovy | 145 + .../default/conf/initializeRecovery.groovy | 33 + .../opt/nevisauth/default/conf/logging.yml | 53 + .../default/conf/mobile_nless_auth.groovy | 105 + .../opt/nevisauth/default/conf/nevisauth.yml | 16 + .../nevisauth/default/conf/otel.properties | 4 + .../default/conf/prepare_done.groovy | 23 + .../default/conf/recovery-checkAccount.groovy | 79 + .../conf/recovery-preprocessing.groovy | 175 + .../conf/recovery_fetchcaptchainfos.groovy | 38 + .../conf/recovery_fetchcaptcharesult.groovy | 52 + .../default/conf/recovery_fido2_auth.groovy | 151 + .../default/conf/recovery_handlecode.groovy | 23 + .../default/conf/recovery_ongoing.groovy | 4 + .../default/conf/recovery_sendemail031.groovy | 41 + .../default/conf/requestedrolelevel.groovy | 129 + .../conf/returnTimeoutButKeepSession.groovy | 11 + .../conf/saml_idp_agov_authorization.groovy | 179 + .../conf/saml_idp_agov_dispatcher.groovy | 127 + .../conf/saml_idp_logout_confirm.groovy | 64 + .../conf/sanitizeAndDispatchEmailInput.groovy | 31 + ...nitizeAndDispatchRecoveryEmailInput.groovy | 25 + .../auth/var/opt/nevisauth/default/log/.empty | 0 .../var/opt/nevisauth/default/plugin/.empty | 0 .../auth/var/opt/nevisauth/default/run/.empty | 0 .../auth/var/opt/nevisauth/default/status.sh | 79 + .../auth/var/opt/nevisauth/default/tmp/.empty | 0 ...ent-identity-ca92034f995b39fde562293c.yaml | 18 + ...ver-identity-ca92034f995b39fde562293c.yaml | 18 + ...server-trust-ca92034f995b39fde562293c.yaml | 14 + ...t-truststore-ca92034f995b39fde562293c.yaml | 14 + ...uaf-instance-ca92034f995b39fde562293c.yaml | 63 + ...signer-trust-ca92034f995b39fde562293c.yaml | 16 + ...uaf-database-9385d1b33aefe975fb1c5914.yaml | 26 + .../fido-uaf/etc/nevis/nevisfido_default.yml | 18 + .../default/conf/agov-test-f666836d3cb4.json | 12 + .../var/opt/nevisfido/default/conf/env.conf | 11 + .../opt/nevisfido/default/conf/logging.yml | 27 + .../default/conf/metadata/metadata.json | 186 + .../opt/nevisfido/default/conf/nevisfido.yml | 116 + .../nevisfido/default/conf/otel.properties | 4 + .../default/conf/policy/biometrics_only.json | 24 + .../default/conf/policy/default.json | 44 + .../default/conf/policy/pin_only.json | 14 + .../var/opt/nevisfido/default/conf/status.py | 47 + .../var/opt/nevisfido/default/log/.empty | 0 .../var/opt/nevisfido/default/tmp/.empty | 0 ...ent-identity-087f275433f3973a1421318f.yaml | 18 + ...ult-identity-087f275433f3973a1421318f.yaml | 18 + ...server-trust-087f275433f3973a1421318f.yaml | 12 + ...signer-trust-087f275433f3973a1421318f.yaml | 12 + ...client-trust-087f275433f3973a1421318f.yaml | 12 + ...do2-database-3e9b024326987a3fad17a38f.yaml | 26 + ...s-nevisfido2-087f275433f3973a1421318f.yaml | 60 + .../fido2/etc/nevis/nevisfido_default.yml | 18 + .../var/opt/nevisfido/default/conf/env.conf | 10 + .../opt/nevisfido/default/conf/logging.yml | 21 + .../opt/nevisfido/default/conf/nevisfido.yml | 51 + .../nevisfido/default/conf/otel.properties | 4 + .../var/opt/nevisfido/default/conf/status.py | 47 + .../var/opt/nevisfido/default/log/.empty | 0 .../var/opt/nevisfido/default/tmp/.empty | 0 ...ult-identity-b8a36646f81c3247cdb5d90b.yaml | 20 + ...signer-trust-b8a36646f81c3247cdb5d90b.yaml | 16 + ...-trust-store-b8a36646f81c3247cdb5d90b.yaml | 18 + ...k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml | 58 + .../idm/etc/nevis/nevisidm_default.yml | 18 + .../keys/trust/idm-db-tls-truststore/keypass | 2 + .../idm-db-tls-truststore/truststore.jks | Bin 0 -> 1935 bytes .../idm-db-tls-truststore/truststore.p12 | Bin 0 -> 2358 bytes .../idm-db-tls-truststore/truststore.pem | 45 + .../idm/var/opt/nevisidm/default/.standalone | 0 .../conf/authorizationConfig.properties | 0 .../var/opt/nevisidm/default/conf/env.conf | 1 + .../opt/nevisidm/default/conf/import/.empty | 0 .../var/opt/nevisidm/default/conf/logging.yml | 34 + .../default/conf/nevisidm-prod.properties | 112 + .../opt/nevisidm/default/conf/otel.properties | 4 + .../default/conf/rolesAssignment.properties | 0 .../default/conf/rolesMapping.properties | 0 .../idm/var/opt/nevisidm/default/data/.empty | 0 .../idm/var/opt/nevisidm/default/lib/.empty | 0 .../idm/var/opt/nevisidm/default/log/.empty | 0 .../idm/var/opt/nevisidm/default/status.sh | 145 + .../idm/var/opt/nevisidm/default/tmp/.empty | 0 ...nevislogrend-097929211988398a87bcbb0c.yaml | 49 + .../etc/nevis/nevislogrend_default.yml | 18 + .../opt/nevislogrend/default/conf/env.conf | 14 + .../opt/nevislogrend/default/conf/logging.yml | 19 + .../default/conf/logrend.properties | 30 + .../default/conf/mimetype.properties | 3 + .../nevislogrend/default/conf/otel.properties | 4 + .../resources/conf/default.properties | 26 + .../resources/conf/text.properties | 210 + .../resources/conf/text_de.properties | 210 + .../resources/conf/text_en.properties | 210 + .../resources/conf/text_fr.properties | 210 + .../resources/conf/text_it.properties | 210 + .../webdata/resources/authcloud_login.js | 165 + .../webdata/resources/authcloud_onboard.js | 154 + .../webdata/resources/base64.js | 87 + .../webdata/resources/bootstrap-theme.min.css | 9 + .../webdata/resources/bootstrap.min.css | 11 + .../webdata/resources/bootstrap.min.js | 12 + .../webdata/resources/default.css | 222 + .../webdata/resources/dropdown.js | 36 + .../webdata/resources/e2eenc.js | 98 + .../webdata/resources/eye-off.svg | 3 + .../webdata/resources/eye.svg | 4 + .../webdata/resources/fido2_auth.js | 61 + .../webdata/resources/fido2_auth_std.js | 175 + .../webdata/resources/fido2_onboard.js | 70 + .../webdata/resources/fido2_utils.js | 40 + .../webdata/resources/forge.bundle.js | 28767 ++++++++++++++++ .../webdata/resources/icons/apple/black.svg | 1 + .../resources/icons/facebook/white.png | Bin 0 -> 2465 bytes .../webdata/resources/icons/google/google.svg | 9 + .../resources/icons/microsoft/microsoft.svg | 1 + .../webdata/resources/jquery-3.6.0.min.js | 2 + .../webdata/resources/loading.svg | 31 + .../webdata/resources/logo.png | Bin 0 -> 9718 bytes .../webdata/resources/logo_animated.gif | Bin 0 -> 69239 bytes .../webdata/resources/mauth_link_qr.js | 119 + .../webdata/resources/mauth_onboard.js | 106 + .../webdata/resources/mauth_push_qr.js | 172 + .../webdata/resources/mauth_usernameless.js | 119 + .../webdata/resources/oauth_consent.js | 43 + .../webdata/resources/qrious.min.js | 6 + .../webdata/resources/show-password.js | 11 + .../simplewebauthn-browser@7.1.0.min.js | 2 + .../webdata/static/022586a78ea7c9bee9da.ttf | Bin 0 -> 141236 bytes .../webdata/static/25e661e6749016eb34f8.ttf | Bin 0 -> 1017680 bytes .../webdata/static/2dec2f24e3bdf2c6862e.ttf | Bin 0 -> 247412 bytes .../webdata/static/8f9a758b21c6b505d8ce.ttf | Bin 0 -> 887796 bytes .../webdata/static/942a7be38dca65bca69b.woff2 | Bin 0 -> 320532 bytes .../webdata/static/bundle.js | 2 + .../webdata/static/bundle.js.LICENSE.txt | 21 + .../webdata/static/c51931730dc0184cb47a.woff2 | Bin 0 -> 392560 bytes .../webdata/static/df87f53caf449a3b7572.ttf | Bin 0 -> 248132 bytes .../webdata/static/f2fa8f369db189665539.ttf | Bin 0 -> 247892 bytes .../webdata/static/images/403-dark.svg | 37 + .../webdata/static/images/403.svg | 37 + .../webdata/static/images/404-dark.svg | 37 + .../webdata/static/images/404.svg | 37 + .../webdata/static/images/500-dark.svg | 37 + .../webdata/static/images/500.svg | 37 + .../webdata/static/images/access-app.svg | 37 + .../webdata/static/images/agov-logo-dark.svg | 10 + .../webdata/static/images/agov-logo.svg | 10 + .../webdata/static/images/agov-me-dark.svg | 11 + .../webdata/static/images/agov-me.svg | 11 + .../webdata/static/images/bin-dark.svg | 16 + .../webdata/static/images/bin.svg | 16 + .../static/images/bird-cookie-dark.svg | 3 + .../webdata/static/images/bird-cookie.svg | 3 + .../webdata/static/images/ch-logo.svg | 10 + .../webdata/static/images/email-dark.svg | 16 + .../webdata/static/images/email.svg | 16 + .../webdata/static/images/favicon.ico | Bin 0 -> 9662 bytes .../webdata/static/images/fido-key.svg | 15 + .../images/insufficient_rights-dark.svg | 92 + .../static/images/insufficient_rights.svg | 92 + .../webdata/static/images/login-dark.svg | 50 + .../static/images/login-instruction-dark.svg | 39 + .../static/images/login-instruction.svg | 39 + .../webdata/static/images/login.svg | 50 + .../webdata/static/images/logout-img-dark.svg | 46 + .../webdata/static/images/logout-img.svg | 46 + .../webdata/static/images/qr-code-mock.svg | 9 + .../webdata/static/images/recovery.svg | 90 + .../webdata/static/images/recovery_dark.svg | 90 + .../webdata/static/images/separator-big.svg | 3 + .../webdata/static/images/separator.svg | 3 + .../static/images/something_wrong-dark.svg | 21 + .../webdata/static/images/something_wrong.svg | 21 + .../webdata/static/images/spinner-dark.svg | 4 + .../webdata/static/images/spinner.svg | 4 + .../webdata/static/images/steps-dark.svg | 22 + .../webdata/static/images/steps.svg | 22 + .../webdata/static/images/timeout-dark.svg | 55 + .../webdata/static/images/timeout.svg | 55 + .../webdata/static/js-code/fido2_auth.js | 3 + .../static/js-code/recovery_accessapp_auth.js | 3 + .../static/js-code/recovery_check_code.js | 4 + .../webdata/static/js-code/recovery_code.js | 3 + .../static/js-code/recovery_fidokey_auth.js | 3 + .../static/js-code/recovery_intro_email.js | 3 + .../js-code/recovery_intro_email_sent.js | 3 + .../recovery_questionnaire_loginfactor.js | 9 + ...recovery_questionnaire_reason_selection.js | 9 + .../webdata/static/js-code/user_input.js | 3 + .../webdata/static/tailwind.css | 1 + .../webdata/template/AuthFailDialog.vm | 5 + .../webdata/template/AuthUidPwDialog.vm | 144 + .../webdata/template/Error.vm | 5 + .../webdata/template/LogoutDialog.vm | 45 + .../webdata/template/NoGui.vm | 5 + .../webdata/template/default.vm | 65 + .../webdata/template/fido2_auth.mock.js | 3 + .../webdata/template/fido2_auth.vm | 128 + .../webdata/template/footer.vm | 10 + .../webdata/template/form.vm | 127 + .../webdata/template/generic_auth_error.vm | 38 + .../webdata/template/header.vm | 84 + .../webdata/template/html.vm | 32 + .../webdata/template/js_end.vm | 76 + .../webdata/template/js_start.vm | 1 + .../webdata/template/json.vm | 88 + .../webdata/template/lang.vm | 32 + .../webdata/template/loainfo.mock.js | 3 + .../webdata/template/loainfo.vm | 58 + .../webdata/template/macros.vm | 295 + .../template/mauth_usernameless.mock.js | 3 + .../webdata/template/mauth_usernameless.vm | 375 + .../webdata/template/mock-defaults.js | 12 + .../webdata/template/op_header.vm | 81 + .../op_idmlogin_select_profile.mock.js | 3 + .../template/op_idmlogin_select_profile.vm | 89 + .../webdata/template/op_onbrdng_error.mock.js | 3 + .../webdata/template/op_onbrdng_error.vm | 48 + .../webdata/template/op_onbrdng_intro.mock.js | 3 + .../webdata/template/op_onbrdng_intro.vm | 70 + .../template/op_onbrdng_success.mock.js | 3 + .../webdata/template/op_onbrdng_success.vm | 38 + .../template/recovery_accessapp_auth.mock.js | 3 + .../template/recovery_accessapp_auth.vm | 194 + .../template/recovery_check_code.mock.js | 3 + .../webdata/template/recovery_check_code.vm | 138 + .../template/recovery_check_noCode.mock.js | 3 + .../webdata/template/recovery_check_noCode.vm | 50 + .../webdata/template/recovery_code.mock.js | 3 + .../webdata/template/recovery_code.vm | 106 + .../template/recovery_fidokey_auth.mock.js | 3 + .../webdata/template/recovery_fidokey_auth.vm | 83 + .../template/recovery_intro_email.mock.js | 3 + .../webdata/template/recovery_intro_email.vm | 192 + .../recovery_intro_email_sent.mock.js | 3 + .../template/recovery_intro_email_sent.vm | 55 + .../template/recovery_on_going.mock.js | 3 + .../webdata/template/recovery_on_going.vm | 50 + ...ecovery_questionnaire_instructions.mock.js | 3 + .../recovery_questionnaire_instructions.vm | 80 + ...recovery_questionnaire_loginfactor.mock.js | 3 + .../recovery_questionnaire_loginfactor.vm | 75 + ...recovery_questionnaire_no_recovery.mock.js | 3 + .../recovery_questionnaire_no_recovery.vm | 68 + ...ery_questionnaire_reason_selection.mock.js | 3 + ...recovery_questionnaire_reason_selection.vm | 94 + .../template/recovery_start_info.mock.js | 3 + .../webdata/template/recovery_start_info.vm | 61 + .../webdata/template/sandbox.mock.js | 3 + .../webdata/template/sandbox.vm | 212 + .../webdata/template/user_input.mock.js | 3 + .../webdata/template/user_input.vm | 165 + .../resources/conf/default.properties | 26 + .../resources/conf/text.properties | 210 + .../resources/conf/text_de.properties | 210 + .../resources/conf/text_en.properties | 210 + .../resources/conf/text_fr.properties | 210 + .../resources/conf/text_it.properties | 210 + .../webdata/resources/authcloud_login.js | 165 + .../webdata/resources/authcloud_onboard.js | 154 + .../webdata/resources/base64.js | 87 + .../webdata/resources/bootstrap-theme.min.css | 9 + .../webdata/resources/bootstrap.min.css | 11 + .../webdata/resources/bootstrap.min.js | 12 + .../webdata/resources/default.css | 222 + .../webdata/resources/dropdown.js | 36 + .../webdata/resources/e2eenc.js | 98 + .../webdata/resources/eye-off.svg | 3 + .../webdata/resources/eye.svg | 4 + .../webdata/resources/fido2_auth.js | 61 + .../webdata/resources/fido2_auth_std.js | 175 + .../webdata/resources/fido2_onboard.js | 70 + .../webdata/resources/fido2_utils.js | 40 + .../webdata/resources/forge.bundle.js | 28767 ++++++++++++++++ .../webdata/resources/icons/apple/black.svg | 1 + .../resources/icons/facebook/white.png | Bin 0 -> 2465 bytes .../webdata/resources/icons/google/google.svg | 9 + .../resources/icons/microsoft/microsoft.svg | 1 + .../webdata/resources/jquery-3.6.0.min.js | 2 + .../webdata/resources/loading.svg | 31 + .../webdata/resources/logo.png | Bin 0 -> 9718 bytes .../webdata/resources/logo_animated.gif | Bin 0 -> 69239 bytes .../webdata/resources/mauth_link_qr.js | 119 + .../webdata/resources/mauth_onboard.js | 106 + .../webdata/resources/mauth_push_qr.js | 172 + .../webdata/resources/mauth_usernameless.js | 119 + .../webdata/resources/oauth_consent.js | 43 + .../webdata/resources/qrious.min.js | 6 + .../webdata/resources/show-password.js | 11 + .../simplewebauthn-browser@7.1.0.min.js | 2 + .../webdata/template/default.vm | 65 + .../webdata/template/footer.vm | 11 + .../webdata/template/form.vm | 127 + .../webdata/template/header.vm | 3 + .../webdata/template/html.vm | 32 + .../webdata/template/js_end.vm | 76 + .../webdata/template/js_start.vm | 1 + .../webdata/template/json.vm | 88 + .../webdata/template/lang.vm | 32 + .../webdata/template/macros.vm | 295 + .../resources/conf/default.properties | 26 + .../resources/conf/text.properties | 210 + .../resources/conf/text_de.properties | 210 + .../resources/conf/text_en.properties | 210 + .../resources/conf/text_fr.properties | 210 + .../resources/conf/text_it.properties | 210 + .../webdata/resources/authcloud_login.js | 165 + .../webdata/resources/authcloud_onboard.js | 154 + .../webdata/resources/base64.js | 87 + .../webdata/resources/bootstrap-theme.min.css | 9 + .../webdata/resources/bootstrap.min.css | 11 + .../webdata/resources/bootstrap.min.js | 12 + .../webdata/resources/default.css | 222 + .../webdata/resources/dropdown.js | 36 + .../webdata/resources/e2eenc.js | 98 + .../webdata/resources/eye-off.svg | 3 + .../webdata/resources/eye.svg | 4 + .../webdata/resources/fido2_auth.js | 61 + .../webdata/resources/fido2_auth_std.js | 175 + .../webdata/resources/fido2_onboard.js | 70 + .../webdata/resources/fido2_utils.js | 40 + .../webdata/resources/forge.bundle.js | 28767 ++++++++++++++++ .../webdata/resources/icons/apple/black.svg | 1 + .../resources/icons/facebook/white.png | Bin 0 -> 2465 bytes .../webdata/resources/icons/google/google.svg | 9 + .../resources/icons/microsoft/microsoft.svg | 1 + .../webdata/resources/jquery-3.6.0.min.js | 2 + .../webdata/resources/loading.svg | 31 + .../webdata/resources/logo.png | Bin 0 -> 9718 bytes .../webdata/resources/logo_animated.gif | Bin 0 -> 69239 bytes .../webdata/resources/mauth_link_qr.js | 119 + .../webdata/resources/mauth_onboard.js | 106 + .../webdata/resources/mauth_push_qr.js | 172 + .../webdata/resources/mauth_usernameless.js | 119 + .../webdata/resources/oauth_consent.js | 43 + .../webdata/resources/qrious.min.js | 6 + .../webdata/resources/show-password.js | 11 + .../simplewebauthn-browser@7.1.0.min.js | 2 + .../webdata/static/022586a78ea7c9bee9da.ttf | Bin 0 -> 141236 bytes .../webdata/static/25e661e6749016eb34f8.ttf | Bin 0 -> 1017680 bytes .../webdata/static/2dec2f24e3bdf2c6862e.ttf | Bin 0 -> 247412 bytes .../webdata/static/8f9a758b21c6b505d8ce.ttf | Bin 0 -> 887796 bytes .../webdata/static/942a7be38dca65bca69b.woff2 | Bin 0 -> 320532 bytes .../webdata/static/bundle.js | 2 + .../webdata/static/bundle.js.LICENSE.txt | 21 + .../webdata/static/c51931730dc0184cb47a.woff2 | Bin 0 -> 392560 bytes .../webdata/static/df87f53caf449a3b7572.ttf | Bin 0 -> 248132 bytes .../webdata/static/f2fa8f369db189665539.ttf | Bin 0 -> 247892 bytes .../webdata/static/images/403-dark.svg | 37 + .../webdata/static/images/403.svg | 37 + .../webdata/static/images/404-dark.svg | 37 + .../webdata/static/images/404.svg | 37 + .../webdata/static/images/500-dark.svg | 37 + .../webdata/static/images/500.svg | 37 + .../webdata/static/images/access-app.svg | 37 + .../webdata/static/images/agov-logo-dark.svg | 10 + .../webdata/static/images/agov-logo.svg | 10 + .../webdata/static/images/agov-me-dark.svg | 11 + .../webdata/static/images/agov-me.svg | 11 + .../webdata/static/images/bin-dark.svg | 16 + .../webdata/static/images/bin.svg | 16 + .../static/images/bird-cookie-dark.svg | 3 + .../webdata/static/images/bird-cookie.svg | 3 + .../webdata/static/images/ch-logo.svg | 10 + .../webdata/static/images/email-dark.svg | 16 + .../webdata/static/images/email.svg | 16 + .../webdata/static/images/favicon.ico | Bin 0 -> 9662 bytes .../webdata/static/images/fido-key.svg | 15 + .../images/insufficient_rights-dark.svg | 92 + .../static/images/insufficient_rights.svg | 92 + .../webdata/static/images/login-dark.svg | 50 + .../static/images/login-instruction-dark.svg | 39 + .../static/images/login-instruction.svg | 39 + .../webdata/static/images/login.svg | 50 + .../webdata/static/images/logout-img-dark.svg | 46 + .../webdata/static/images/logout-img.svg | 46 + .../webdata/static/images/qr-code-mock.svg | 9 + .../webdata/static/images/recovery.svg | 90 + .../webdata/static/images/recovery_dark.svg | 90 + .../webdata/static/images/separator-big.svg | 3 + .../webdata/static/images/separator.svg | 3 + .../static/images/something_wrong-dark.svg | 21 + .../webdata/static/images/something_wrong.svg | 21 + .../webdata/static/images/spinner-dark.svg | 4 + .../webdata/static/images/spinner.svg | 4 + .../webdata/static/images/steps-dark.svg | 22 + .../webdata/static/images/steps.svg | 22 + .../webdata/static/images/timeout-dark.svg | 55 + .../webdata/static/images/timeout.svg | 55 + .../webdata/static/js-code/fido2_auth.js | 3 + .../static/js-code/recovery_accessapp_auth.js | 3 + .../static/js-code/recovery_check_code.js | 4 + .../webdata/static/js-code/recovery_code.js | 3 + .../static/js-code/recovery_fidokey_auth.js | 3 + .../static/js-code/recovery_intro_email.js | 3 + .../js-code/recovery_intro_email_sent.js | 3 + .../recovery_questionnaire_loginfactor.js | 9 + ...recovery_questionnaire_reason_selection.js | 9 + .../webdata/static/js-code/user_input.js | 3 + .../webdata/static/tailwind.css | 1 + .../webdata/template/AuthFailDialog.vm | 5 + .../webdata/template/AuthUidPwDialog.vm | 144 + .../webdata/template/Error.vm | 5 + .../webdata/template/LogoutDialog.vm | 45 + .../webdata/template/NoGui.vm | 5 + .../webdata/template/default.vm | 65 + .../webdata/template/fido2_auth.mock.js | 3 + .../webdata/template/fido2_auth.vm | 128 + .../webdata/template/footer.vm | 10 + .../webdata/template/form.vm | 127 + .../webdata/template/generic_auth_error.vm | 38 + .../webdata/template/header.vm | 84 + .../webdata/template/html.vm | 32 + .../webdata/template/js_end.vm | 76 + .../webdata/template/js_start.vm | 1 + .../webdata/template/json.vm | 88 + .../webdata/template/lang.vm | 32 + .../webdata/template/loainfo.mock.js | 3 + .../webdata/template/loainfo.vm | 58 + .../webdata/template/macros.vm | 295 + .../template/mauth_usernameless.mock.js | 3 + .../webdata/template/mauth_usernameless.vm | 375 + .../webdata/template/mock-defaults.js | 12 + .../webdata/template/op_header.vm | 81 + .../op_idmlogin_select_profile.mock.js | 3 + .../template/op_idmlogin_select_profile.vm | 89 + .../webdata/template/op_onbrdng_error.mock.js | 3 + .../webdata/template/op_onbrdng_error.vm | 48 + .../webdata/template/op_onbrdng_intro.mock.js | 3 + .../webdata/template/op_onbrdng_intro.vm | 70 + .../template/op_onbrdng_success.mock.js | 3 + .../webdata/template/op_onbrdng_success.vm | 38 + .../template/recovery_accessapp_auth.mock.js | 3 + .../template/recovery_accessapp_auth.vm | 194 + .../template/recovery_check_code.mock.js | 3 + .../webdata/template/recovery_check_code.vm | 138 + .../template/recovery_check_noCode.mock.js | 3 + .../webdata/template/recovery_check_noCode.vm | 50 + .../webdata/template/recovery_code.mock.js | 3 + .../webdata/template/recovery_code.vm | 106 + .../template/recovery_fidokey_auth.mock.js | 3 + .../webdata/template/recovery_fidokey_auth.vm | 83 + .../template/recovery_intro_email.mock.js | 3 + .../webdata/template/recovery_intro_email.vm | 192 + .../recovery_intro_email_sent.mock.js | 3 + .../template/recovery_intro_email_sent.vm | 55 + .../template/recovery_on_going.mock.js | 3 + .../webdata/template/recovery_on_going.vm | 50 + ...ecovery_questionnaire_instructions.mock.js | 3 + .../recovery_questionnaire_instructions.vm | 80 + ...recovery_questionnaire_loginfactor.mock.js | 3 + .../recovery_questionnaire_loginfactor.vm | 75 + ...recovery_questionnaire_no_recovery.mock.js | 3 + .../recovery_questionnaire_no_recovery.vm | 68 + ...ery_questionnaire_reason_selection.mock.js | 3 + ...recovery_questionnaire_reason_selection.vm | 94 + .../template/recovery_start_info.mock.js | 3 + .../webdata/template/recovery_start_info.vm | 61 + .../webdata/template/sandbox.mock.js | 3 + .../webdata/template/sandbox.vm | 212 + .../webdata/template/user_input.mock.js | 3 + .../webdata/template/user_input.vm | 165 + .../resources/conf/default.properties | 26 + .../resources/conf/text.properties | 210 + .../resources/conf/text_de.properties | 210 + .../resources/conf/text_en.properties | 210 + .../resources/conf/text_fr.properties | 210 + .../resources/conf/text_it.properties | 210 + .../webdata/resources/authcloud_login.js | 165 + .../webdata/resources/authcloud_onboard.js | 154 + .../webdata/resources/base64.js | 87 + .../webdata/resources/bootstrap-theme.min.css | 9 + .../webdata/resources/bootstrap.min.css | 11 + .../webdata/resources/bootstrap.min.js | 12 + .../webdata/resources/default.css | 222 + .../webdata/resources/dropdown.js | 36 + .../webdata/resources/e2eenc.js | 98 + .../webdata/resources/eye-off.svg | 3 + .../webdata/resources/eye.svg | 4 + .../webdata/resources/fido2_auth.js | 61 + .../webdata/resources/fido2_auth_std.js | 175 + .../webdata/resources/fido2_onboard.js | 70 + .../webdata/resources/fido2_utils.js | 40 + .../webdata/resources/forge.bundle.js | 28767 ++++++++++++++++ .../webdata/resources/icons/apple/black.svg | 1 + .../resources/icons/facebook/white.png | Bin 0 -> 2465 bytes .../webdata/resources/icons/google/google.svg | 9 + .../resources/icons/microsoft/microsoft.svg | 1 + .../webdata/resources/jquery-3.6.0.min.js | 2 + .../webdata/resources/loading.svg | 31 + .../webdata/resources/logo.png | Bin 0 -> 9718 bytes .../webdata/resources/logo_animated.gif | Bin 0 -> 69239 bytes .../webdata/resources/mauth_link_qr.js | 119 + .../webdata/resources/mauth_onboard.js | 106 + .../webdata/resources/mauth_push_qr.js | 172 + .../webdata/resources/mauth_usernameless.js | 119 + .../webdata/resources/oauth_consent.js | 43 + .../webdata/resources/qrious.min.js | 6 + .../webdata/resources/show-password.js | 11 + .../simplewebauthn-browser@7.1.0.min.js | 2 + .../webdata/template/default.vm | 65 + .../webdata/template/footer.vm | 11 + .../webdata/template/form.vm | 127 + .../webdata/template/header.vm | 3 + .../webdata/template/html.vm | 32 + .../webdata/template/js_end.vm | 76 + .../webdata/template/js_start.vm | 1 + .../webdata/template/json.vm | 88 + .../webdata/template/lang.vm | 32 + .../webdata/template/macros.vm | 295 + .../var/opt/nevislogrend/default/log/.empty | 0 .../var/opt/nevislogrend/default/status.sh | 22 + .../var/opt/nevislogrend/default/tmp/.empty | 0 .../proxy-idp/etc/nevis/create_nvpuser.sh | 25 + ...ession-store-699f0a21dd0e852f28d27e9d.yaml | 26 + ...visproxy-idp-0ceb05c56644a59d648c13b9.yaml | 70 + ...60a615abf41f-0ceb05c56644a59d648c13b9.yaml | 19 + ...idp-identity-0ceb05c56644a59d648c13b9.yaml | 18 + ...signer-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...dp-tls-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...uaf-identity-0ceb05c56644a59d648c13b9.yaml | 18 + ...signer-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...af-tls-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...ery-identity-0ceb05c56644a59d648c13b9.yaml | 18 + ...signer-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...ry-tls-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...-idp-ingress-0ceb05c56644a59d648c13b9.yaml | 16 + ...alm-identity-0ceb05c56644a59d648c13b9.yaml | 18 + ...signer-trust-0ceb05c56644a59d648c13b9.yaml | 14 + ...lm-tls-trust-0ceb05c56644a59d648c13b9.yaml | 14 + .../etc/nevis/nevisproxy_default.yml | 19 + .../opt/nevisproxy/default/conf/bc.properties | 12 + .../default/conf/conditionallog.properties | 1 + .../var/opt/nevisproxy/default/conf/env.conf | 6 + .../default/conf/isi3web.properties | 1 + .../opt/nevisproxy/default/conf/keystorepwget | 20 + .../nevisproxy/default/conf/log.properties | 236 + .../opt/nevisproxy/default/conf/navajo.xml | 33 + .../WEB-INF/crs-setup.conf | 870 + .../WEB-INF/csrf_default.lua | 73 + .../lua_http_processing_terminate_session.lua | 17 + .../WEB-INF/modsecurity.conf | 287 + .../recovery_pdf_session_processing.lua | 70 + .../WEB-INF/rules.conf | 32 + .../rules/REQUEST-901-INITIALIZATION.conf | 470 + ...QUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf | 423 + ...ST-903.9002-WORDPRESS-EXCLUSION-RULES.conf | 760 + ...ST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf | 416 + ...EST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf | 273 + ...QUEST-903.9005-CPANEL-EXCLUSION-RULES.conf | 64 + ...UEST-903.9006-XENFORO-EXCLUSION-RULES.conf | 587 + .../rules/REQUEST-905-COMMON-EXCEPTIONS.conf | 55 + .../rules/REQUEST-910-IP-REPUTATION.conf | 323 + .../rules/REQUEST-911-METHOD-ENFORCEMENT.conf | 76 + .../rules/REQUEST-912-DOS-PROTECTION.conf | 324 + .../rules/REQUEST-913-SCANNER-DETECTION.conf | 199 + .../REQUEST-920-PROTOCOL-ENFORCEMENT.conf | 1685 + .../rules/REQUEST-921-PROTOCOL-ATTACK.conf | 460 + .../rules/REQUEST-922-MULTIPART-ATTACK.conf | 92 + .../REQUEST-930-APPLICATION-ATTACK-LFI.conf | 156 + .../REQUEST-931-APPLICATION-ATTACK-RFI.conf | 153 + .../REQUEST-932-APPLICATION-ATTACK-RCE.conf | 730 + .../REQUEST-933-APPLICATION-ATTACK-PHP.conf | 734 + ...REQUEST-934-APPLICATION-ATTACK-NODEJS.conf | 96 + .../REQUEST-941-APPLICATION-ATTACK-XSS.conf | 885 + .../REQUEST-942-APPLICATION-ATTACK-SQLI.conf | 1596 + ...3-APPLICATION-ATTACK-SESSION-FIXATION.conf | 133 + .../REQUEST-944-APPLICATION-ATTACK-JAVA.conf | 304 + .../REQUEST-949-BLOCKING-EVALUATION.conf | 133 + .../rules/RESPONSE-950-DATA-LEAKAGES.conf | 140 + .../rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf | 476 + .../RESPONSE-952-DATA-LEAKAGES-JAVA.conf | 104 + .../rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf | 138 + .../rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf | 152 + .../RESPONSE-959-BLOCKING-EVALUATION.conf | 116 + .../rules/RESPONSE-980-CORRELATION.conf | 170 + .../WEB-INF/rules/crawlers-user-agents.data | 41 + .../WEB-INF/rules/iis-errors.data | 13 + .../WEB-INF/rules/java-classes.data | 43 + .../WEB-INF/rules/java-code-leakages.data | 17 + .../WEB-INF/rules/java-errors.data | 10 + .../WEB-INF/rules/lfi-os-files.data | 1115 + .../WEB-INF/rules/php-config-directives.data | 276 + .../WEB-INF/rules/php-errors.data | 219 + .../rules/php-function-names-933150.data | 44 + .../rules/php-function-names-933151.data | 1264 + .../WEB-INF/rules/php-variables.data | 19 + .../WEB-INF/rules/restricted-files.data | 145 + .../WEB-INF/rules/restricted-upload.data | 23 + .../WEB-INF/rules/scanners-headers.data | 8 + .../WEB-INF/rules/scanners-urls.data | 17 + .../WEB-INF/rules/scanners-user-agents.data | 217 + .../WEB-INF/rules/scripting-user-agents.data | 28 + .../WEB-INF/rules/sql-errors.data | 80 + .../WEB-INF/rules/unix-shell.data | 115 + .../rules/windows-powershell-commands.data | 253 + .../security_app_icon_application.conf | 18 + ...quest_validation_settings_modsecurity.conf | 18 + .../WEB-INF/web.xml | 1703 + .../resources/errorPages/403.html | 71 + .../resources/errorPages/404.html | 68 + .../resources/errorPages/500.html | 69 + .../resources/errorPages/502.html | 70 + .../resources/errorPages/Loggedout.html | 65 + .../resources/errorPages/timeout.html | 74 + .../resources/index.html | 71 + .../resources/static/022586a78ea7c9bee9da.ttf | Bin 0 -> 141236 bytes .../resources/static/25e661e6749016eb34f8.ttf | Bin 0 -> 1017680 bytes .../resources/static/2dec2f24e3bdf2c6862e.ttf | Bin 0 -> 247412 bytes .../resources/static/8f9a758b21c6b505d8ce.ttf | Bin 0 -> 887796 bytes .../static/942a7be38dca65bca69b.woff2 | Bin 0 -> 320532 bytes .../resources/static/bundle.js | 2 + .../resources/static/bundle.js.LICENSE.txt | 21 + .../static/c51931730dc0184cb47a.woff2 | Bin 0 -> 392560 bytes .../resources/static/df87f53caf449a3b7572.ttf | Bin 0 -> 248132 bytes .../resources/static/f2fa8f369db189665539.ttf | Bin 0 -> 247892 bytes .../resources/static/images/403-dark.svg | 37 + .../resources/static/images/403.svg | 37 + .../resources/static/images/404-dark.svg | 37 + .../resources/static/images/404.svg | 37 + .../resources/static/images/500-dark.svg | 37 + .../resources/static/images/500.svg | 37 + .../resources/static/images/access-app.svg | 37 + .../static/images/agov-logo-dark.svg | 10 + .../resources/static/images/agov-logo.svg | 10 + .../resources/static/images/agov-me-dark.svg | 11 + .../resources/static/images/agov-me.svg | 11 + .../resources/static/images/bin-dark.svg | 16 + .../resources/static/images/bin.svg | 16 + .../static/images/bird-cookie-dark.svg | 3 + .../resources/static/images/bird-cookie.svg | 3 + .../resources/static/images/ch-logo.svg | 10 + .../resources/static/images/email-dark.svg | 16 + .../resources/static/images/email.svg | 16 + .../resources/static/images/favicon.ico | Bin 0 -> 9662 bytes .../resources/static/images/fido-key.svg | 15 + .../images/insufficient_rights-dark.svg | 92 + .../static/images/insufficient_rights.svg | 92 + .../resources/static/images/login-dark.svg | 50 + .../static/images/login-instruction-dark.svg | 39 + .../static/images/login-instruction.svg | 39 + .../resources/static/images/login.svg | 50 + .../static/images/logout-img-dark.svg | 46 + .../resources/static/images/logout-img.svg | 46 + .../resources/static/images/qr-code-mock.svg | 9 + .../resources/static/images/recovery.svg | 90 + .../resources/static/images/recovery_dark.svg | 90 + .../resources/static/images/separator-big.svg | 3 + .../resources/static/images/separator.svg | 3 + .../static/images/something_wrong-dark.svg | 21 + .../static/images/something_wrong.svg | 21 + .../resources/static/images/spinner-dark.svg | 4 + .../resources/static/images/spinner.svg | 4 + .../resources/static/images/steps-dark.svg | 22 + .../resources/static/images/steps.svg | 22 + .../resources/static/images/timeout-dark.svg | 55 + .../resources/static/images/timeout.svg | 55 + .../resources/static/tailwind.css | 1 + .../host-management/WEB-INF/liveness.lua | 5 + .../host-management/WEB-INF/readiness.lua | 5 + .../default/host-management/WEB-INF/web.xml | 52 + .../var/opt/nevisproxy/default/htdocs/.empty | 0 ....agov-d.azure.adnovum.net_modsec_audit.log | 0 .../host-auth.agov-d.azure.adnovum.net/.empty | 0 .../var/opt/nevisproxy/default/run/restart.sh | 26 + .../var/opt/nevisproxy/default/run/status.sh | 28 + 747 files changed, 169829 insertions(+) create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-default-signer-trust-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-identity-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-tls-trust-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-sh4r3d-internal-idp-auth-signer-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-technical-trust-store-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/nevisauth_default.yml create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/keypass create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.jks create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.p12 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.pem create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/bc.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.security create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_failure.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_success.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/log/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/plugin/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/run/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/status.sh create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/tmp/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-default-signer-trust-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-identity-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-tls-trust-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-sh4r3d-internal-idp-auth-signer-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/nevisauth_default.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keypass create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/keypass create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.jks create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.p12 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.pem create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/keypass create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.jks create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.p12 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.pem create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/bc.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkInsufficientLoa.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/countries.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/createuuid.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.security create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_status_check.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/initializeRecovery.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/prepare_done.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-checkAccount.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-preprocessing.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fido2_auth.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_logout_confirm.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchRecoveryEmailInput.groovy create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/log/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/plugin/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/run/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/status.sh create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/tmp/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-client-identity-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-identity-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-trust-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-fido-uaf-extended-frontent-truststore-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/nevisfido_default.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/default.json create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/status.py create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/log/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/tmp/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-client-identity-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-identity-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-server-trust-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-tls-client-trust-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido-fido2-database-3e9b024326987a3fad17a38f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/nevisfido_default.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/status.py create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/log/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/tmp/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-default-identity-b8a36646f81c3247cdb5d90b.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-internal-idp-auth-signer-trust-b8a36646f81c3247cdb5d90b.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-technical-trust-store-b8a36646f81c3247cdb5d90b.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/nevisidm_default.yml create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/keypass create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.p12 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.pem create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/.standalone create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/authorizationConfig.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/import/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/rolesAssignment.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/rolesMapping.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/data/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/lib/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/log/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/status.sh create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/tmp/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/nevislogrend_default.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logging.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logrend.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/mimetype.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/otel.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/default.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_login.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/base64.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap-theme.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/default.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/dropdown.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/e2eenc.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye-off.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth_std.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_utils.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/forge.bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/apple/black.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/facebook/white.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/google/google.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/icons/microsoft/microsoft.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/jquery-3.6.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/loading.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/logo.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/logo_animated.gif create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_link_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_push_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/mauth_usernameless.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/oauth_consent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/qrious.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/show-password.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/simplewebauthn-browser@7.1.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/022586a78ea7c9bee9da.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/25e661e6749016eb34f8.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/2dec2f24e3bdf2c6862e.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/8f9a758b21c6b505d8ce.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/942a7be38dca65bca69b.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/bundle.js.LICENSE.txt create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/c51931730dc0184cb47a.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/df87f53caf449a3b7572.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/f2fa8f369db189665539.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/403-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/403.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/404-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/404.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/500-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/500.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/access-app.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/agov-logo-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/agov-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/agov-me-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/agov-me.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/bin-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/bin.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/bird-cookie-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/bird-cookie.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/ch-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/email-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/email.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/favicon.ico create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/fido-key.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/insufficient_rights-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/insufficient_rights.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/login-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/login-instruction-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/login-instruction.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/login.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/logout-img-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/logout-img.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/qr-code-mock.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/recovery.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/recovery_dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/separator-big.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/separator.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/something_wrong-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/something_wrong.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/spinner-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/spinner.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/steps-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/steps.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/timeout-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/images/timeout.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_accessapp_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_check_code.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_code.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_fidokey_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_intro_email.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_intro_email_sent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_questionnaire_loginfactor.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_questionnaire_reason_selection.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/user_input.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/tailwind.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/AuthFailDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/AuthUidPwDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/Error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/LogoutDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/NoGui.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/default.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/fido2_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/fido2_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/form.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/generic_auth_error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/html.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_end.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_start.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/json.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/lang.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/macros.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mock-defaults.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/default.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_login.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/base64.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap-theme.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/default.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/dropdown.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/e2eenc.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye-off.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth_std.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_utils.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/forge.bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/icons/apple/black.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/icons/facebook/white.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/icons/google/google.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/icons/microsoft/microsoft.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/jquery-3.6.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/loading.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/logo.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/logo_animated.gif create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_link_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_push_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/mauth_usernameless.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/oauth_consent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/qrious.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/show-password.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/simplewebauthn-browser@7.1.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/default.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/footer.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/form.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/html.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_end.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_start.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/json.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/lang.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/macros.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/default.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_login.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/base64.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap-theme.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/default.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/dropdown.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/e2eenc.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye-off.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth_std.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_utils.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/forge.bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/icons/apple/black.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/icons/facebook/white.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/icons/google/google.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/icons/microsoft/microsoft.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/jquery-3.6.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/loading.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/logo.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/logo_animated.gif create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_link_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_push_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/mauth_usernameless.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/oauth_consent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/qrious.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/show-password.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/simplewebauthn-browser@7.1.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/022586a78ea7c9bee9da.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/25e661e6749016eb34f8.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/2dec2f24e3bdf2c6862e.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/8f9a758b21c6b505d8ce.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/942a7be38dca65bca69b.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/bundle.js.LICENSE.txt create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/c51931730dc0184cb47a.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/df87f53caf449a3b7572.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/f2fa8f369db189665539.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/403-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/403.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/404-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/404.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/500-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/500.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/access-app.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/agov-logo-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/agov-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/agov-me-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/agov-me.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/bin-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/bin.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/bird-cookie-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/bird-cookie.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/ch-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/email-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/email.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/favicon.ico create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/fido-key.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/insufficient_rights-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/insufficient_rights.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/login-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/login-instruction-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/login-instruction.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/login.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/logout-img-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/logout-img.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/qr-code-mock.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/recovery.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/recovery_dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/separator-big.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/separator.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/something_wrong-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/something_wrong.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/spinner-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/spinner.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/steps-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/steps.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/timeout-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/images/timeout.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_accessapp_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_check_code.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_code.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_fidokey_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_intro_email.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_intro_email_sent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_questionnaire_loginfactor.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_questionnaire_reason_selection.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/user_input.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/tailwind.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/AuthFailDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/AuthUidPwDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/Error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/LogoutDialog.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/NoGui.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/default.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/fido2_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/fido2_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/form.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/generic_auth_error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/html.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_end.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_start.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/json.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/lang.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/macros.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mock-defaults.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.mock.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/default.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_de.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_en.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_fr.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_login.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/base64.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap-theme.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/default.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/dropdown.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/e2eenc.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye-off.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth_std.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_utils.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/forge.bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/icons/apple/black.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/icons/facebook/white.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/icons/google/google.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/icons/microsoft/microsoft.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/jquery-3.6.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/loading.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/logo.png create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/logo_animated.gif create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/mauth_link_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/mauth_onboard.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/mauth_push_qr.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/mauth_usernameless.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/oauth_consent.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/qrious.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/show-password.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/simplewebauthn-browser@7.1.0.min.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/default.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/footer.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/form.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/header.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/html.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_end.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_start.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/json.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/lang.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/macros.vm create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/log/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/status.sh create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/tmp/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/create_nvpuser.sh create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-idp-nevisproxy-remote-hybrid-session-store-699f0a21dd0e852f28d27e9d.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-1f0702aaabef60a615abf41f-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-identity-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-signer-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-tls-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-identity-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-signer-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-tls-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-identity-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-signer-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-tls-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-ingress-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-identity-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-signer-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-tls-trust-0ceb05c56644a59d648c13b9.yaml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/nevisproxy_default.yml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/bc.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/conditionallog.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/env.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/isi3web.properties create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/keystorepwget create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/log.properties create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/crs-setup.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/csrf_default.lua create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/lua_http_processing_terminate_session.lua create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/modsecurity.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/recovery_pdf_session_processing.lua create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-901-INITIALIZATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-905-COMMON-EXCEPTIONS.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-910-IP-REPUTATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-911-METHOD-ENFORCEMENT.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-912-DOS-PROTECTION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-913-SCANNER-DETECTION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-921-PROTOCOL-ATTACK.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-922-MULTIPART-ATTACK.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-949-BLOCKING-EVALUATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-950-DATA-LEAKAGES.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-959-BLOCKING-EVALUATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/RESPONSE-980-CORRELATION.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/crawlers-user-agents.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/iis-errors.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/java-classes.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/java-code-leakages.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/java-errors.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/lfi-os-files.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/php-config-directives.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/php-errors.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/php-function-names-933150.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/php-function-names-933151.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/php-variables.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/restricted-files.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/restricted-upload.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/scanners-headers.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/scanners-urls.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/scanners-user-agents.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/scripting-user-agents.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/sql-errors.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/unix-shell.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/windows-powershell-commands.data create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/security_app_icon_application.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/security_request_validation_settings_modsecurity.conf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/web.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/403.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/404.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/500.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/502.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/Loggedout.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/errorPages/timeout.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/index.html create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/022586a78ea7c9bee9da.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/25e661e6749016eb34f8.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/2dec2f24e3bdf2c6862e.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/8f9a758b21c6b505d8ce.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/942a7be38dca65bca69b.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/bundle.js create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/bundle.js.LICENSE.txt create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/c51931730dc0184cb47a.woff2 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/df87f53caf449a3b7572.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/f2fa8f369db189665539.ttf create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/403-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/403.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/404-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/404.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/500-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/500.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/access-app.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/agov-logo-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/agov-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/agov-me-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/agov-me.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/bin-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/bin.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/bird-cookie-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/bird-cookie.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/ch-logo.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/email-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/email.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/favicon.ico create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/fido-key.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/insufficient_rights-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/insufficient_rights.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/login-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/login-instruction-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/login-instruction.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/login.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/logout-img-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/logout-img.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/qr-code-mock.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/recovery.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/recovery_dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/separator-big.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/separator.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/something_wrong-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/something_wrong.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/spinner-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/spinner.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/steps-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/steps.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/timeout-dark.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/images/timeout.svg create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/resources/static/tailwind.css create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-management/WEB-INF/liveness.lua create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-management/WEB-INF/readiness.lua create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-management/WEB-INF/web.xml create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/htdocs/.empty create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/logs/host-auth.agov-d.azure.adnovum.net_modsec_audit.log create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/run/host-auth.agov-d.azure.adnovum.net/.empty create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/run/restart.sh create mode 100755 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/run/status.sh diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-default-signer-trust-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-default-signer-trust-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..d7736dc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-default-signer-trust-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-sts-default-default-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + keystores: + - name: "auth-sts-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-identity-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-identity-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..bc34a30 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-identity-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "auth-sts-default-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + cn: "auth-sts" + usage: "" + san: + dns: + - "auth-sts" + - "auth-sts.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-tls-trust-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-tls-trust-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..5d8cc2d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-default-tls-trust-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-sts-default-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + keystores: + - name: "idm-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-sh4r3d-internal-idp-auth-signer-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-sh4r3d-internal-idp-auth-signer-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..7792adc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-sh4r3d-internal-idp-auth-signer-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "auth-sts-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + cn: "signer" + usage: "signer" + san: + dns: [] + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-technical-trust-store-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-technical-trust-store-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..99b7b38 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-technical-trust-store-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-sts-technical-trust-store" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + keystores: [] + extraCerts: + - "-----BEGIN CERTIFICATE-----\nMIIDsDCCApgCCQDu0TbPT3tIYDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMC\nY2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxLjAsBgNVBAMMJW5l\ndmlzYWRtaW4tZC5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQxOTA3BgkqhkiG9w0B\nCQEWKmluZm9AbmV2aXNhZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDAe\nFw0yMzAzMTQwODU3MjJaFw0yODAzMTIwODU3MjJaMIGZMQswCQYDVQQGEwJjaDEQ\nMA4GA1UECgwHYWRub3Z1bTENMAsGA1UECwwEYWdvdjEuMCwGA1UEAwwlbmV2aXNh\nZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDE5MDcGCSqGSIb3DQEJARYq\naW5mb0BuZXZpc2FkbWluLWQuYWdvdi1kLmF6dXJlLmFkbm92dW0ubmV0MIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXmkdxlckq2BCEqSqFJ5GF3pe09R\n1fXZgqYw1C9a0/GpMLCZW6SppmNcLaxa6wy8iglfP3ftX7BWJUOoslXZztrVjrCb\nKYLI2THXWG+9+Xbq+X+BfTDyngClMLen0dNjT04n975r08C/LwuBwJHYGBGGT/W7\nUVbp8ZpBTne/tJ4bukwv2RQ3HcjSh7+cHZccDyCLxrhsQxxfrGWObwYO3pQ59EzK\nhDRpvAyP2OWTY2G+rauVZST16RKeyLGTG+yJTE321bka292RWx9NZKXALXEFN6LL\nshAYsVcoyjm//Rq2iZp+CVNClQoin6ME6gWwqqfOm2Ic6M6A+PTEcGZU8wIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQBtzXVhHBcHEJWjIk1xgYtxWcp7A2cfextycrgi\nW091PagQSDPxvhXEu/53bAsVlRg6mlTEr2qtllzNGn/nF/3j3V99ISJuwu/YWOez\nTKEfascA7jmrNUXBqpp2ArYYuCYjd0bHIcmU4UXYHKW4U3F1JDsfZuHs0tur/xmU\nJ/7BRXOWm3njfwTS6VFyN9iFJxhh+54hE+fls7lsrXX92VHwby3lK6Q8Qki6hQoD\nH2DFEgRdVPwCKtDXWiXNPEZYDhnnNYKtBwulU+3Hp/J3wGaCpWHjJTlCxxm7DcTO\nkkoKfz+mVAF2sIOpguua8dGx23alkCmJ8r8/WWZMut259IZg\n-----END CERTIFICATE-----\n" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml new file mode 100644 index 0000000..b5e08ab --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml @@ -0,0 +1,56 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "auth-sts" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth-sts" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" +spec: + type: "NevisAuth" + replicas: 1 + version: "7.2402.1" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 9000 + soap: 8991 + resources: + limits: + cpu: "2" + memory: "2000Mi" + requests: + cpu: "20m" + memory: "1000Mi" + livenessProbe: + soap: + tcpSocket: true + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 4 + readinessProbe: + management: + httpGet: + path: "/nevisauth/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts" + credentials: "git-credentials" + keystores: + - "auth-sts-default-identity" + - "auth-sts-sh4r3d-internal-idp-auth-signer" + truststores: + - "auth-sts-technical-trust-store" + - "auth-sts-default-default-signer-trust" + - "auth-sts-default-tls-trust" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/nevisauth_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/nevisauth_default.yml new file mode 100644 index 0000000..94e027b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/nevisauth_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisauth" + name: "default" + directory: "/var/opt/nevisauth/default" + pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/4bad2fe3ccc54716cc87138f" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "4bad2fe3ccc54716cc87138f" + patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable" + resources: + ports: + - "0.0.0.0:8991" + control: + start: "systemctl restart nevisauth@default &" + stop: "systemctl stop nevisauth@default" + status: "systemctl status nevisauth@default" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/keypass b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/keypass new file mode 100755 index 0000000..5b0d317 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'password' \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..a5d39982f0d4dd2c3cf93d2a7b62fbf698fd61f0 GIT binary patch literal 788 zcmezO_TO6u1_mY|W(3osi6u$Jndy0{MS7))C3=bJ`DJ>^89>>-g!_i_46G4)rUsTk z4aW?cm<|DP#sX$0MkXLK;9}#@YV$Z}%fifLAYmwGAi~BR%EBznTb!Dc1~xH8H#yNj zPMp`s*udP#z|hdx(%3u-$TcxAH?)Lu4HOLJ3}nDMd9XXhpowvj0WTXT(5|-cyo`*D ztPIRejQtEi@h+w&#zuzCM>_mi-yd-B__cE#+rE|wd07?yFeZisHrNI&6-U@f$tjw7H@2TCb$(Qbh7tJ~p z!z+;_DCCgn=5?Bnb1E~#+*xnmn8XSexj&3nv?y_Y$r~)ns3RHT5uJEz!nU>NPi{PL z?eLN1jw@OAe3lDSXKzaP)=xOG}dUj6Z|B@bm+ zKHO@Qkz{yXGu+L@XS&?&i*M{he+o4pT{~B{SGIC0KquG*4K45h|e zDmCdb<>8#|{s&JQ_%&wA^Q8Q%nG;$w`EzD6--Gqa8Ra+sr0wSV+}15@IkmI%{QUT< z4}aD&F*7nSE)Fp8GvEfsqbxrQFhMY{FpvdtR9Qgjfi?7?8*%B09}BEi#C?ulXe*=JWm1Z%ygG+ka2AHmIY(^tr0cHq|@115#? zg)j5I+}pM9bV7F4x$D*<2bfg~&NlWmGQ527ThdULXPamzi}2CP-pk@|IHuctTGjaH Gr9A+HI4Z^f literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..84a4258c79f879d2d5681aa6f87bdcfc0232a095 GIT binary patch literal 1110 zcmV-c1gZNlf&@|m0Ru3C1N;UFDuzgg_YDCD0ic2d?F51Y=`ex=&LNQUmS6$`ClCSwATSID2r7n1hW8Bu2?YQ! z9R>+thDZTr0|Wso1Q1T6)g428IuW8)CwJ^avv7cd15mnQWRsy#6HA_sQi@9H+Et~M z*VwtpFzddLJA}4pk|9{oLo2l02}^?pioCiWc%85mzuU4jStVN6O3Lu^AIn`sag^<6 ze`&0D1tTZDx>D|_G8p<(K#gQja6oM*hjc>ingxO&eG-T5qpFVMN&UMS+v>;o(hG0( z!J?D?I(dsghP~AaJd?Q{76H?f({(O86|GO;vfr+vS}(t#DNUDb%k3C0sOT z@$EgOJScB^0tprtA$?&|-(M^A{B$JzcPYUr=M0 zh|L;5&_+KzHAIy4fzb!FaYu)d1H>c(^Qg(($1w)t+N-(XfO^1N!ak zDbrKCW^|9Z+$SRH8g(NWH4Dq%5F% z8XUVMM1_#`|JQOEeRoyPbYGvMB=A_oplSA=|Fiw+=&=K+df%`0-2AP?3f6eRCw*m> zC;s*e+}h6M!xl>|nZpe>)TK~r++uVFP>CJ)%ZX`*(pEGO0v~gjz7-`QYgd=dCIC_I zqoONkFRu30>u0~u{J5u_1M(1o4&gf$5?sTx70$UjO5xnCMY}+BVYa;z+MCYp1K==C zFflL<1_@w>NC9O71OfpC00bbIZP;#0>Ev3W#wz-_st{h($ literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.pem new file mode 100644 index 0000000..f624d13 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAmigAwIBAgIBAjAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln +bmVkLWNhMB4XDTIzMDcyMDExMzkzN1oXDTI0MDcxOTExMzkzN1owIDEeMBwGA1UE +AwwVYXRic2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +MIIBigKCAYEAs8SITgXvwEBI+rmuBr6EkG5qeE9ctRBRLNP693MTpjkCi4rcqfzO +//EU4ogDrtLwl99w6mazKuK+73DCfaVTWBdLIN3sqWiX/uU+2pPS3ldymsJcDRhi +ERJAYUZKyw4JlQMAnZrt7DRdEXJH4VshOHRD6Q1TFQEsGVRIW2HakLatz8mxwNbD +xKdBqQS88x5WJgkI0cMdfOVKf59fH+xa32NSE1c0MYwj98doSNrLIh8n47qk4R2p +4bUyaGIx1ylXRjRMlx7b0ew/VfkSg8WtnR2DHj5sJ31uqrAXiMFY0slCiX0+Fu3O +uiul/FH1v2xgT2rH0JhhLt+dCCCqfLLjwuLMSneco6AvcihDaN+AujWSn/aoTWPD +BsB1ACKqkcaBBHt3giyEWb5T5J0QA5VfJEKYwBosvdFfUoPOgXTOQVGRnLMKfXSy +AHUzKiR8Z1x3VwmHT8HJME6BaR8MZP58nFV8k/NpYw7gryNod9n8ZrsK84aLEzmV +iYnPn1/V4fl9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVYXRic2lnbmVyLnVhdC5hZ292LmNo +MAoGCCqGSM49BAMCA0gAMEUCIQDIYEk1HuQxV83m1FQRfUuUgtOkX1gLDNlNEkCb +UfWMMAIgd6HpbvTeur7LYGtqztc7FMADJHDNgYyBAOng+xkxHQw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties new file mode 100644 index 0000000..6b68fda --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_de.properties @@ -0,0 +1,80 @@ + +accept.button.label=Akzeptieren +cancel.button.label=Abbrechen +continue.button.label=Weiter +deputy.profile.label=(Profil Stellvertreter) +error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut. +error_1=Bitte überprüfen Sie Ihre Eingabe. +error_10=Bitte wählen Sie den gewünschten Benutzer. +error_100=Zertifikat-Upload nicht möglich. Zertifikat bereits vorhanden. Bitte kontaktieren Sie Ihren Helpdesk. +error_101=Die angegebene E-Mail Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder ein alternatives Authentisierungsmittel. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Falls Ihr nächster Login fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort wurde nicht akzeptiert. Bitte wählen Sie eines, das den Passwortvorgaben entspricht. +error_5=Die Eingabe zur Bestätigung des Passwortes ist falsch. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortwechsel erforderlich. +error_7=Wechsel der Login-ID erforderlich. +error_8=Ihr Konto wurde infolge wiederholt fehlgeschlagener Authentisierung gesperrt. +error_81=Keine Rasterkarte gefunden, Zugang vom Internet verweigert. +error_83=Ihre Rasterkarte ist aufgebraucht. Bitte kontaktieren Sie Ihren Berater, um eine neue zu erhalten. +error_9=Die SSO-Session konnte nicht übernommen werden. +error_97=Sie verfügen nicht über die für den Zugriff auf diese Ressource benötigte Berechtigung. +error_98=Ihr Konto ist gesperrt. +error_99=Systemfehler. Bitte versuchen Sie es später. +info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten. +info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben? +info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +login.button.label=Login +logout.label=Logout +logout.text=Sie haben sich erfolgreich abgemeldet. +method.certificate.label=Zertifikat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN-Code +method.oath.label=OATH Authenticator-App +method.otp.label=OTP (One-Time Passwort) +method.recovery.label=Wiederherstellungscodes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Nie +policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden. +policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten. +policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein. +policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein. +policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten. +policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind. +policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten. +policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten. +policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein. +policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten. +policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten. +policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten. +policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind. +policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind. +policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten. +policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten. +policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen: +reject.button.label=Ablehnen +submit.button.label=Senden +tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorisierung +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties new file mode 100644 index 0000000..a482f9b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_en.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accept +cancel.button.label=Cancel +continue.button.label=Continue +deputy.profile.label=(Deputy Profile) +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties new file mode 100644 index 0000000..fc392a3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_fr.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accepter +cancel.button.label=Abandonner +continue.button.label=Continuer +deputy.profile.label=(Profil du suppléant) +error.saml.failed=Fermez votre navigateur et r;eacute;essayez. +error_1=Veuillez vérifier vos données, s.v.p. +error_10=Choisissez votre compte. +error_100=Téléchargement du certificat pas possible. Certificat existe déjà. Veuillez contacter le helpdesk s.v.p. +error_101=L'adresse e-mail é n'est pas valide. +error_11=Choisissez un autre certificat, s.v.p. +error_2=Choisissez un autre nom, s.v.p. +error_3=Si l'authentification ne réussit pas au prochain essai, votre compte sera bloqué. +error_4=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_5=Votre confirmation du mot de passe ne correspond pas au mot de passe donné. +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit différer de l'ancien. +error_6=Veuillez changer votre mot de passe, s.v.p. +error_7=Veuillez changer votre login ID, s.v.p. +error_8=Votre compte n'est pas active. +error_81=Pas d'access card trouvé, l'accès par l'internet est refusé. +error_83=Votre access card n'est plus valable, veuillez contacter votre gestionnaire. +error_9=Il n'est pas possible de transmettre la session. +error_97=Vous n'avez pas les autorisations nécessaires pour accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problème technique. Veuillez essayer plus tard, s.v.p. +info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter. +info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login. +info.oauth.consent=Voulez-vous autoriser l'application? +info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login. +login.button.label=Login +logout.label=Logout +logout.text=Au revoir +method.certificate.label=Certificat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Code mTAN +method.oath.label=Application d'authentification OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codes de récupération +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Jamais +policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés. +policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyFailure.regex.maxLength=La longueur doit être d'au plus {0}. +policyFailure.regex.minLength=La longueur doit être d'au moins {0}. +policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}). +policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}). +policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques. +policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyInfo.history.History=▪ ne peut pas être l' précédemment choisis. +policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}. +policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}. +policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII. +policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables. +policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques. +policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.title=Le mot de passe doit respecter les règles suivantes: +reject.button.label=Refuser +submit.button.label=Envoyer +tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorisation du client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties new file mode 100644 index 0000000..2744457 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/LitDict_it.properties @@ -0,0 +1,80 @@ + +accept.button.label=Accettare +cancel.button.label=Abortire +continue.button.label=Continua +deputy.profile.label=(profilo del delegato) +error.saml.failed=Chiudi il browser e riprova. +error_1=Verificare i dati immessi. +error_10=Per favore selezionare il conto utente corretto. +error_100=Impossibile caricare il certificato. Questo certificato esiste già. La preghiamo di contattare il Suo help desk. +error_101=L'indirizzo e-mail inserito non è valido. +error_11=Scegliere un altro certificato. +error_2=Per favore scegliere un altro nome. +error_3=Il conto verrà bloccato se il prossimo login non andrà a buon fine. +error_4=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_5=La conferma della password è errata. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve essere diversa dalla vecchia. +error_6=È necessario modificare la password. +error_7=Set up inizale dell'account per il portale necessario. +error_8=L'account è stato bloccato. Rivolgersi al servizio assistenza oppure provare con un altro strumento di autenticazione. +error_81=Nessuna carta di accesso trovata, accesso da internet rifiutato. +error_83=La sua carta di accesso non è più valida. Per favore contatti il suo assistente per ricevere una nuova carta di accesso. +error_9=La sessione non può essere ripresa. +error_97=Non si dispone delle autorizzazioni necessarie per accedere a questa risorsa. +error_98=L'account è stato bloccato. +error_99=Errore di sistema. Riprovare. +info.logout.confirmation=Si prega di confermare che si desidera disconnettersi. +info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +info.oauth.consent=Vuoi consentire all'applicazione? +info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +login.button.label=Login +logout.label=Logout +logout.text=È uscito con successo. +method.certificate.label=Certificato +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Codice mTAN +method.oath.label=App di autenticazione OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codici di ripristino +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +outarg.lastLogin.never=Mai +policyFailure.dictionary=▪ non può essere presa da un dizionario. +policyFailure.history.History=▪ deve essere diversa da password precedenti. +policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo. +policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli. +policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri. +policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri. +policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici. +policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII. +policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili. +policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali. +policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici. +policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli. +policyInfo.dictionary=▪ non può essere presa da un dizionario. +policyInfo.history.History=▪ deve essere diversa dalle password precedenti. +policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo. +policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i. +policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i. +policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i. +policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i. +policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII. +policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i. +policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i. +policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i. +policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i. +policyInfo.title=La password deve rispettare le seguenti direttive: +reject.button.label=Rifiuti +submit.button.label=Continua +tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare. +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorizzazione del client +title.saml.failed=Error +title.timeout.page=Logout diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/bc.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/bc.properties new file mode 100644 index 0000000..c399a82 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/bc.properties @@ -0,0 +1 @@ +bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf new file mode 100644 index 0000000..c7a71a4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf @@ -0,0 +1,19 @@ +RTENV_SECURITY_CHECK=no_shell + +JAVA_OPTS=( + "-Dfile.encoding=UTF-8" + "-XX:+UseContainerSupport" + "-XX:MaxRAMPercentage=80.0" + "-Djava.net.preferIPv4Stack=true" + "-Djava.net.connectionTimeout=10000" + "-Djava.net.readTimeout=15000" + "-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml" + "-Djava.awt.headless=true" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12" + "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}" +) + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.security b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.security new file mode 100644 index 0000000..fffe1dd --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.security @@ -0,0 +1,2 @@ +# this file is generated by nevisAdmin 4 +security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml new file mode 100644 index 0000000..c8eff84 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml @@ -0,0 +1,334 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml new file mode 100644 index 0000000..dcd8774 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml @@ -0,0 +1,53 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisauth/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "EsAuthStart" + level: "INFO" + - name: "org.apache.catalina.loader.WebappClassLoader" + level: "FATAL" + - name: "org.apache.catalina.startup.HostConfig" + level: "ERROR" + - name: "ch.nevis.esauth.events" + level: "FATAL" + - name: "AGOV-ACCT" + level: "DEBUG" + - name: "AuthEngine" + level: "INFO" + - name: "AuthPerf" + level: "INFO" + - name: "IdmAuth" + level: "DEBUG" + - name: "OpTrace" + level: "DEBUG" + - name: "Recovery" + level: "INFO" + - name: "Script" + level: "DEBUG" + - name: "SessCoord" + level: "DEBUG" + - name: "StdStates" + level: "INFO" + - name: "Store" + level: "DEBUG" + - name: "Vars" + level: "INFO" + - name: "ch.nevis.idm.client.IdmRestClientImpl" + level: "DEBUG" + - name: "jcan.OpContent" + level: "DEBUG" + Root: + level: "WARN" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml new file mode 100644 index 0000000..44c6e02 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml @@ -0,0 +1,16 @@ +server: + name: "default" + protocol: "https" + port: "8991" + host: "0.0.0.0" + tls: + keystore: "/var/opt/keys/own/auth-sts-default-identity/keystore.p12" + keystore-passphrase: "${exec:/var/opt/keys/own/auth-sts-default-identity/keypass}" + client-auth: "required" + truststore: "/var/opt/keys/trust/auth-sts-technical-trust-store/truststore.p12" + truststore-passphrase: "${exec:/var/opt/keys/trust/auth-sts-technical-trust-store/keypass}" +management: + server: + port: "9000" + healthchecks: + enabled: "true" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties new file mode 100644 index 0000000..67787db --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name=auth-sts +otel.traces.exporter=none +otel.metrics.exporter=none +otel.logs.exporter=none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_failure.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_failure.groovy new file mode 100644 index 0000000..34801d3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_failure.groovy @@ -0,0 +1,17 @@ +try { + def user = inargs['UserID'] ?: session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def techuser = session['agov.techuser.extId'] ?: 'unknown' + def sourceIp = request.getTransportLayerInformation().getRemoteIP() ?: 'unknown' + def credentialType = request.getResource().replaceAll("\\/nevisauth\\/services\\/sts\\/(.+)\\/", "\$1").toUpperCase() + def lasterrorinfo = notes.getProperty('lasterrorinfo', '-') + def lasterror = notes.getProperty('lasterror', '-') + + if (credentialType=='SAML') { + credentialType = 'PASSWORD' + } + LOG.warn("Event='TKNFAILED', Techuser=${techuser}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, lasterrorinfo='${lasterrorinfo}', lasterror=${lasterror}") +} catch (Exception e) { + LOG.warn("Exception in Script: ${e}") +} finally { + response.setResult('ok') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_success.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_success.groovy new file mode 100644 index 0000000..4bd08d1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/sts_audit_success.groovy @@ -0,0 +1,16 @@ +try { + def user = inargs['UserID'] ?: session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def techuser = session['agov.techuser.extId'] ?: 'unknown' + def sourceIp = request.getTransportLayerInformation().getRemoteIP() ?: 'unknown' + def credentialType = request.getResource().replaceAll("\\/nevisauth\\/services\\/sts\\/(.+)\\/", "\$1").toUpperCase() + + if (credentialType=='SAML') { + credentialType = 'PASSWORD' + } + LOG.info("Event='TKNISSUED', Techuser=${techuser}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}") + +} catch (Exception e) { + LOG.warn("Exception in Script: ${e}") +} finally { + response.setResult('ok') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/log/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/plugin/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/plugin/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/run/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/run/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/status.sh b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/status.sh new file mode 100755 index 0000000..0569031 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/status.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# +# NAME +# status.sh - Checks the status of the nevisAuth instance. +# +# SYNOPSIS +# status.sh +# +# DESCRIPTION +# Performs periodic checks until the instance is up or broken or timeout is reached. +# The script terminates when the process of the instance stops running. +# There are no arguments for this script. +# +# EXIT CODES +# 0 Instance is up. +# 1 Instance process is not running. +# 2 Instance is broken. +# 3 Timeout reached. + +# Defines how much we should sleep between checking if the instance is up. +interval=1 +# Defines how much we should wait the instance to start up until we give up and exit. +timeout=70 +((end_time=${SECONDS}+$timeout)) + +# Checks if the process of the instance is still running. +# Arguments: +# None +# Returns: +# In case it is running, returns 0, otherwise non-zero (exit code of systemctl). +isProcessRunning() { + systemctl is-active --quiet nevisauth@default + IS_RUNNING=$? + return $IS_RUNNING +} + +# Checks if the instance is up. (Attempts connecting to the instance) +# Arguments: +# None +# Returns: +# If the connection was successful and the instance up (is not broken), returns 0. +# If the connection was not successful, returns 1. +checkInstance() { + lsof -i :8991 -sTCP:LISTEN + EXIT_CODE=$? + return $EXIT_CODE +} + +# This function encapsulates the logic of checking if the process is running and if the instance is up. +# In case the process is not running, exits with exit code 1. +# Arguments: +# None +# Returns: +# If the instance process is running, returns the result of the instance check function. +check() { + if isProcessRunning + then + checkInstance + CS=$? + return $CS + else + echo "Process is not running." + exit 1 + fi +} + +# Check the status of the instance periodically. +while ((${SECONDS} < ${end_time})) +do + sleep ${interval} + if check + then + echo "Instance is up." + exit 0 + fi +done + +echo "Exceeded check timeout (70s). Instance is down." +exit 3 \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/tmp/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..18ecd04 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + cn: "auth" + usage: "" + san: + dns: + - "auth" + - "auth.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..0428493 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + keystores: + - name: "fido-uaf-default-server-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-default-signer-trust-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-default-signer-trust-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..43932f7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-default-signer-trust-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-default-default-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-identity-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-identity-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..c1df86f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-identity-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "auth-default-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + cn: "auth" + usage: "" + san: + dns: + - "auth" + - "auth.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-tls-trust-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-tls-trust-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..e59169a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-default-tls-trust-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-default-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + keystores: + - name: "idm-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-sh4r3d-internal-idp-auth-signer-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-sh4r3d-internal-idp-auth-signer-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..d96a03d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-sh4r3d-internal-idp-auth-signer-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + cn: "signer" + usage: "signer" + san: + dns: [] + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..4d5308b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,20 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "auth-technical-trust-store" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + keystores: + - name: "proxy-idp-notused-auth-realm-identity" + namespace: "adn-agov-nevisidm-01-uat" + - name: "proxy-idp-auth-realm-mobile-fido-uaf-identity" + namespace: "adn-agov-nevisidm-01-uat" + - name: "proxy-idp-auth-realm-recovery-identity" + namespace: "adn-agov-nevisidm-01-uat" + extraCerts: + - "-----BEGIN CERTIFICATE-----\nMIIDsDCCApgCCQDu0TbPT3tIYDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMC\nY2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxLjAsBgNVBAMMJW5l\ndmlzYWRtaW4tZC5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQxOTA3BgkqhkiG9w0B\nCQEWKmluZm9AbmV2aXNhZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDAe\nFw0yMzAzMTQwODU3MjJaFw0yODAzMTIwODU3MjJaMIGZMQswCQYDVQQGEwJjaDEQ\nMA4GA1UECgwHYWRub3Z1bTENMAsGA1UECwwEYWdvdjEuMCwGA1UEAwwlbmV2aXNh\nZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDE5MDcGCSqGSIb3DQEJARYq\naW5mb0BuZXZpc2FkbWluLWQuYWdvdi1kLmF6dXJlLmFkbm92dW0ubmV0MIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXmkdxlckq2BCEqSqFJ5GF3pe09R\n1fXZgqYw1C9a0/GpMLCZW6SppmNcLaxa6wy8iglfP3ftX7BWJUOoslXZztrVjrCb\nKYLI2THXWG+9+Xbq+X+BfTDyngClMLen0dNjT04n975r08C/LwuBwJHYGBGGT/W7\nUVbp8ZpBTne/tJ4bukwv2RQ3HcjSh7+cHZccDyCLxrhsQxxfrGWObwYO3pQ59EzK\nhDRpvAyP2OWTY2G+rauVZST16RKeyLGTG+yJTE321bka292RWx9NZKXALXEFN6LL\nshAYsVcoyjm//Rq2iZp+CVNClQoin6ME6gWwqqfOm2Ic6M6A+PTEcGZU8wIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQBtzXVhHBcHEJWjIk1xgYtxWcp7A2cfextycrgi\nW091PagQSDPxvhXEu/53bAsVlRg6mlTEr2qtllzNGn/nF/3j3V99ISJuwu/YWOez\nTKEfascA7jmrNUXBqpp2ArYYuCYjd0bHIcmU4UXYHKW4U3F1JDsfZuHs0tur/xmU\nJ/7BRXOWm3njfwTS6VFyN9iFJxhh+54hE+fls7lsrXX92VHwby3lK6Q8Qki6hQoD\nH2DFEgRdVPwCKtDXWiXNPEZYDhnnNYKtBwulU+3Hp/J3wGaCpWHjJTlCxxm7DcTO\nkkoKfz+mVAF2sIOpguua8dGx23alkCmJ8r8/WWZMut259IZg\n-----END CERTIFICATE-----\n" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml new file mode 100644 index 0000000..b71b2db --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml @@ -0,0 +1,61 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "auth" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" +spec: + type: "NevisAuth" + replicas: 1 + version: "7.2402.1" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 9000 + soap: 8991 + resources: + limits: + cpu: "2" + memory: "2000Mi" + requests: + cpu: "20m" + memory: "1000Mi" + livenessProbe: + soap: + tcpSocket: true + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 4 + readinessProbe: + management: + httpGet: + path: "/nevisauth/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" + credentials: "git-credentials" + database: + name: "auth" + requiredVersion: "7.2402.0" + keystores: + - "auth-sh4r3d-internal-idp-auth-signer" + - "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido" + - "auth-default-identity" + truststores: + - "auth-default-tls-trust" + - "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido" + - "auth-default-default-signer-trust" + - "auth-technical-trust-store" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml new file mode 100644 index 0000000..c8db4c2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-database-b7b59e97b3fd18bb60178573.yaml @@ -0,0 +1,26 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisDatabase" +metadata: + name: "auth" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "auth" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b7b59e97b3fd18bb60178573" +spec: + type: "NevisAuth" + databaseType: "MariaDB" + version: "7.2402.0" + url: "mariadb-agov-dev-gp.mariadb.database.azure.com" + port: 3306 + database: "nevisauth" + bootstrap: true + migrate: true + rootCredentials: + name: "root-adn-agov-nevisidm-01-dev-idm" + namespace: "adn-agov-nevisidm-01-dev-idm" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/nevisauth_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/nevisauth_default.yml new file mode 100644 index 0000000..e0debec --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/nevisauth_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisauth" + name: "default" + directory: "/var/opt/nevisauth/default" + pid: "systemctl show nevisauth@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/7022472ae407577ae604bbb8" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "7022472ae407577ae604bbb8" + patternClass: "ch.nevis.admin.v4.plugin.nevisauth.patterns.NevisAuthDeployable" + resources: + ports: + - "0.0.0.0:8991" + control: + start: "systemctl restart nevisauth@default &" + stop: "systemctl stop nevisauth@default" + status: "systemctl status nevisauth@default" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem new file mode 100644 index 0000000..2970f68 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln +bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE +AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo +FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A +G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK +4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho +TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa +7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI +D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v +aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J +nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo +MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu +OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H +-----END CERTIFICATE----- \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem new file mode 100644 index 0000000..199759d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem @@ -0,0 +1,42 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX +fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG ++b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k +Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm +Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N +SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq +fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ +/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL ++A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk +SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v +RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca +m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G +agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM +C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt +G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL +MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU +hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU +bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw +82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV +iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv +hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG +IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7 +9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t +VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA +OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy +wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q +2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f +Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ +Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo +F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP +8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv +yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb +cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy +cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm +w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4 +ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz +T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg +5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi +lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF +zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keypass b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keypass new file mode 100755 index 0000000..5d9d4df --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo '04d50XMDMUm03PYViVRR5E9iteWM7+7O+AHTAhvL8A=' \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..940bfe4e6b4a1f7531fec07b3be5b724be31cdf2 GIT binary patch literal 2636 zcmZ`*X*3j!8lIJA8X}3YCi@Z-GL$7*BN;SE_Q7YYjeV<_GQ_n zSwqN2g!weKiD6uI?z!jwxj&wB-sfG;`{RAid0q~K!vFvPpaTH^0POD_eGsS5PzwV9 z0B%DRky{VN%LP~F0z!aFAbuba3V;x~6*r|UrHRnR`#SA=^bLFKj)4Jr+j&9p@-{h) zzV7GVvxn20>3yyzMhu6K8l=NBG_eDzBAYmJ|!mbc~WJ{}|IT1GTc>!&VyFRt!7L6QW8>uVjv?)e!hz zm}BM`M&ws))|kc}Oxj6X(eHB^FJ|*{g0_0QzqjiS84eXj3n`eC@%e@c`HgDeF&2-m zP4G}oHi{LOJgPKynaz}5L(mw5iE05ketnT%z5gm-V%+L`-7=5(vK8J|26#ZLbG9bvYP8DF8*f!~tMD47zXc_MN~cXOTSV*nUo-;r@?S@~VhAcnsi z+-O&4v%DJQlbRPhkM+@7OpATEh*P}Dr|x#Q5&UT^xvsUZ!`9H~B1X*#ExnO8a#Hb9 zsL{A$_XYQmMVkv9Xx?jPgf++n+)>2X5szDk)dFcVNSIX48~x&+##Kn(g&VY;M*mwB zXRmdK6i{)_F}h0lma|q%Rl$N+&DC!p$QP=abx$SyIk+>7Um>RIn#<#<@u^s*knG#l zh92Fn=?stzM;@lEDNd=Ls$b5m9)hyvkP@y$sW^2bAhja=na5stxv#Fn zxJnE?fmSX9V7rkGeZ86)yg{aK3))Fd%Y!DSnEp~JwErT7N6+Jl4BM`OWgnAuQW%r& z({{CNq9;<}o7v=B>|*{J;(S_^l>l5W6oqGEFIH61 zCOo56v|!rGF`x2lL8jb*yn}HLU-H)j>g!B&WfCMho^uSWEU-f2JCmQTvWD1C1#!RF zMTp>G_Rz$!JK*CT=T0#AL*zd+L=!6G%5Ubsd17(X{bgT|q$Boc`Bxvm9_oO3g}8LbI}x&Jy~%d0L8+Pabc z;Mlpa!zh7K6&W(~e!Oa@}tv8y;{5KO|KlFIAb$VVZ*2bK=-ygcO_fT58NP^ z*q?5-nZ;i>Zi!gR@@=GKU`DE@G&zkDVr6`{cgn<$ zKiS~K5%DkB*_EIOR*Z%~x^lC1R1NC8rSjF1Gri9RhL7!fvt2Sc``#&GdWeVgca&+q za#bOW#B~aGdH>lp!L#Rb(I~K!GVR6YjHw*u&Ko7aXH_cg+$teamf)k(W0FuP&gSXu z=XFfsNYMZ#(~VSLuE#}3>o&c3C)t{N)}+v%D^TMX1 zRpf^wsOYx6g@-l`KjaGF#}~#5D(W#4n?DH1rIj+uj_>D7xm$%I+gfsqK4m8C+G!ns zT}>P77TB=VF)m1h#>A$$TH=3wj2P9FhvZsi|HGYXMO5F~5;FYoL$=uylHBCuFxL;H zU11IwJG;3`cKhw&xj&dz2zw9Jdno}$lNlBH zu5qhoI1}|Mr)w-zj&Hlj%h7tceW&@g(!!&k)#4j_T-4TRaJ;v!*pCKr64aq_&a?y) z(QSjQP9~>Cx2|IUP7U?J%4`b88Z*b%ezVvwB~rNS3(3v%-Rn)iqs`N%x_>k_>Q^nGq_dY>QJ zW*?TtKP~TA86%#rGg9hRZI@`xtx_5R-KT?3D`o~qFj;d!+ItM;WM-f5o2kcnXYl-Qq1gdpDQ`k%oN)o_n6Rgb@dBUEv|C?c>F#lr&`UVAssMJ`*-ie$`gZoXZqVxNCSk@@pfl%`@O-CijM!*j`G5-m}-O z1vdbqvmWQEmW18sc^)CEUE`g43%1m1gMVJlG>67?w@psX#QFP}SBTwLd|l^*bvh6K zhHdd_*AYXG46~9tm032rtEI1-_3)w(RS(;B+%8cXmjK)o^X;i zFC3gTw1A<%(i+@tTr{nYFa0+>TbDtqHJ;zGjOBH#rg zd@{x@X0KMrvR}WJkxvnImcuQ){c(#PzW9eFSP^XCiR;C}q1tGJc;=Tq5EuvmKE|LfqYfY3 zQTzzxKoH;xl=yEV3;C^!LkB+?6v_<-{x<@lPW&$OLy#yT;{Un(|L6;R5r8rUNdX>I z&G+0RgB=8|MHN`Z>)ehf4Y%WpVi(ytj;h*fk+6f7_~efnYp_>2^R8iIqLFX;3Q&r5 lNoTr{XJyBj3c;#LaS>}p`D^cMzUZ8~tM9_Mt-_bj_iuqs%Ul2e literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f2ffa49c4f74c3a892f3b865b113acecb8d6a5ff GIT binary patch literal 3122 zcma);c{CIZ_s7kc!Du|$hGd)U+h|4%F_tM?hzeuR5XrueWr{Hkqj*pxTa0LveH&RL z+oU8^mh8)rrN}l#-hSuzo}Tmm^}c`HbI<+U<=lVn`CcR$stN?KBgscbI3P+1rU|<| z08Rjne1riaAL;sy+mU3>rT<8Aj)KUXAAaNazwIr@k$-nVxdA{LnUnMzUPoU2(*fo| zIv}?7%7bZ@f@q5d~Jlq7V{eEeQ| zK5_CpT)YX|(nS&C@Yup+J-TmQF3?nkZ`^0CzFyUpP-T&)2}Z%ZO|y*|rLmenwjBk} zO}hG?b9qM5%!EfMHCd@WtXVE#FVhNU-DF*8-d^k5&{@VbBHNwD*D}n%+)N&RJMx+FVI*qD`VWeB-azU^uaQDyFX4ctx!u>9QW{38qI(qeo`2!SmeLu^x3AfF7_n6 z?6I!juvTl%o5U5HCOzdS-zO^Rq1^Fi*LCMOm{~~@9*$~DaVNV0nUJu1?4DkEvAK|UO?Qak8J6wy2msjc(ZMsd?FS!8La6{vNRbQdI_Y4#`cIom%V;c$8_~R-&AEQ12b- zBsqz%&aysXJQ>@ctc+5Kga+Wv-{f)u48tUShBaBltSk01Y8ujefYrnCOvl0(>C^ZD z__~{^0JK;v>~`~A>rssy_7o}S!o@;?9G*$gCQpSO*ByF=8V~iDrm{(DTi z@Opy1O6qr3ep-&KRij36fy{N3XeWt}@)IzA@#~Z~D_JNW^JT92G*q(?Z=4XG#?1=p zjYRr8SGJl!x)hZx*A3HK`pAc{%ME=7qUdWLE}*cQR04R=18!G4;3m}0NXE^gU5{xd zXF_33&DJthgpf@96+cDNG9OHDZ)p5tv&xPs(^McB{Rx>?+j}ADQt02MhidUgm)E>M9h?j zO*#G`=zPyi+lpgc6^`LbWT5G31?Mr?fsG|yTbSFn-4HF}vG)Q_svKw5ttLhZPAK6P znP2+;DSrL>=p50>nYo|9vGo!v`f+0e*UF#MUEWVR#QZv&Z4S!l`3Me5AxwGa3xCrt zAoLraJdSeW=T}pl7HWD$IN4oC6XNp?$4DgfgnA9(x~m?AIAQNzgNnYqKU$mWz4pO= z^Ujy@cQIk%P&W49dw1&H3eYZ8nB z?5tt5lafK_{$iC|Z8=NTqD1HPO8H>qjqErp&P#@Y0WLmK<@UisQVOS9xI6XnVDX6U z!?Omd9qvIXeR-**6G_W5x`bK~2^BxO@i4#E2vCxCq3-O=hoy;ZdMiZq?B-St;2(*d)A@#&eYX^Lx<#_nA+aEH!gtH1L0%qL0%<}#GDS8zpQmDRD`<_aJBhzt$X;_=q)wyEY{kR7 z^J2G+wt|UN*}$x2beJ4oq{#c@{sWK@h3z~oH(2MEzs=RjTb4$hN2Sjt#5{?eij>|8 zf{-7+*{U#2Fps8>VDq$@&{yFyuFxx0jy8>lS_dM!94~(DRb@2n8Kn>3J9;bhoRPQr zqyB@}oCr;5(>v<%Z~OFX8h3AhH?Pce&KE9t_2}n|b6vQ)cESN=wJz?;Die}4a=SCI{EqmV7X3!$bC4pHiKSm=A6)&K&cuM_P0!O?C;z?`q#9!mdQn)eS%MK zgyd7#l+zQQw;Fg2%;CMq7HhG^jq6r#^F0`zyJgP(RmJa~n<@cPeLw`E4n90 zm{}+CRhcvfiP~}}1C)2!p}nM7R-3)JVtgj%9(3@kB2l6yaR^LgybQeX#P6i&|gK}zx79IPZqIhLY5s~>I^B= zh&OQ1Z}-OR=)RKpRrz_|cP`BJ9d$k61MD%O{%!g)??xUaC7Y2FrtH9FG+&YF9*M}U zS>jbKnLaFToSeS{jM|-`WE5Pke%B*9c^nWdJl2v~byzXQ5O7rgcr(lA_8LTuGf(gO ziR}=j7M7$wZn_^^9SBYZ8bwj{Mp=!H7mM2Jt6MZuIMN4_3ok;2L5Ms9{fdxH+8|Y| zj8|(Zo8&I$aSAl%OqmGeUkmTAhFE_RLDzURpEcBx(USC6^r1d|WjmhNKN}9umyI}( z6yY1BY~HYpj&)~>zvVi&W^OG)y+Tjts>{g$<$dydz;Jdr?f2{Hk0-Z;?i2auM;oQ) zp}Uo!uCfrTBNlH6wm70|^>&-wgNw0Li^M8B`JfwH9nYjb%Ni=`I^}wbO(!jTIv&Lg z>5mp`tJE89+gD9R-uNtUVPxW_Z!BGOf1!`q5=gjXUlitsaSJ4Bd|f7T#UZl4=;iNT z@`_)0hYy#{9m`P3{~6_K9FiXZM6y=0Z`kA5*?nu3;6+y(?dNb{Q?7=oP9ke%C@oPW ziFw4#d49YyJ1Er$%}Do_RPPPY^-5)%P8)aX2*%%l(WoZtOJK~8Cz<><+D@l01rjWe zJNUU5oK*~u4)cIIF6{!8PoLRjs#Uk)U7ETOtF_({^>qo<>i*{)GihF0aIfg=l>x4E zw_*yuypcVXQA(RtzLIJ37Y$qz*_8ngM~FcK&eF8rKIK;#?;AkK$B$J%PT5%;j94`O zLLU6){HFcZ@I>p&cn2F&%J6ERn?}n{Vde7irrXKVyavP6p+zMPmv5eH#?n4xDLjz^ zPozaOix&bg`4~xMD$Iv4e2J^sq#{wDkX-gb!slE{9{|NV9QplgoTKWkTrZ;M6JP~yyUi*mgj#gBh;rfbVxHXpMA0S9VxX> zGRyrN_!xyPBL(V8#CY4;uYAb!NEDLi&mRp0fZ0HB*gkO;aHip_Ujt_rLQih<6?d2v pQ^{5xw)nMkm1Z{!667;BO-&z`72nOeD!SH;@gRxaaR0v({uj&oGlA8lYxYxn1Kizb0`b5Fsiu* za^k#3#s+3a7KSFqMkWSP;=CrvTs%4>4TRa)!8R~4LakzEWM_6_VDXXZJEZ8Xv+$CB zv3=lf*T+l5?%(aVbX({hR6hHAil?PhTSV{A+RKf1Gv~aX^}X@tlFX%BA4Ko}zd2dz zGt1p)&lfuxI2iB&oh!@F$oQWH=mDlB2K*qtFo@4;zzn1eWI+OaEMhDozZ0dzlng&i z`j}MA{p6xe{Ruw3KxFSTdomcfF)1=MYuIl0T9E(Tc-L{A%e#Cf`nTQ?pS#9>)BC6# zrKpYDQ-MnMf1WCS%8cW?g|!jiYnLatB`!?4Gi$#_!}f5q+x+kLgv4vKs$YC3>({vY OnX0xOi;hO!hd2Q4p_3l~ literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..58ff0b12ca4f524a756f1da823f6a32b83b045a8 GIT binary patch literal 758 zcmXqLV*13y$ZXKWG>45-tIebBJ1-+US|+ z-)FEP?ew)}*Z3Yc&bC>)xnF<7Zb!dYt5im3zw^nhlW$=2g ztpD0lw!Y_M<(vgYcSJ;eHtpRwW%e2ex3hju&nDSj)me2xP4mTywDnsUTn<@olTlpA zI@#Oo`QcqM(^jiL?W_5oyWRZCeQOgQraxC5H>)xReUay*UhxWj``wk5^01zE!>=v7^niKk<2th(qn( zMd^EVxrDABD2sk7_rq?_qnC^q=G}IiCekFyEV=d@dxWFXg<9VZzb2=-KkCvK^iAAw z@JrJ?_l-a6MHsHuxfJMx{9AJBx>qs3PT1Zb&0g{>+ZHeT=`g?c&-=(KPtKz%>-vjV zug^@sKP%onx86@lI(hffsS9gvPjl#$4&BljpH((R@mZ`uJD3!e#5$^#g)4HM+|%o3=MeU z$%2WIm4QV;Z`S#z8zgVtl-bJ4xFF%%Wd(c1OLdKtTP7FJ*`_O170M#AC*s3wnGor{ TTHWsjQ`auw_-W!807`NIeJV#a literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.pem new file mode 100644 index 0000000..9a6d369 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcTCCARagAwIBAgIQWRl1eifIt8yohQYzh6yr/jAKBggqhkjOPQQDAjAYMRYw +FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTIzMDYyODE0MzI0MFoXDTQzMDYyODE0 +MzI0MFowGDEWMBQGA1UEAxMNc2VsZnNpZ25lZC1jYTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABEwcjsIhSyyh0i9zP1G7ReOkFt/djzlGoUtSd5v3ZEk5QoZYjfl9 +04HdaZzrmveB2aRppbXgW7//s2Ma8wTd5uejQjBAMA4GA1UdDwEB/wQEAwICpDAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7YRoWIjHwkvFicwvk0Tx/yA4uUTAK +BggqhkjOPQQDAgNJADBGAiEAgyg9t0qgb+czuscs07pNGI+12BedrD+y71psIlqx +t2UCIQC/85UXyjYI9zg7Mg7rROTbGNCU3Jq/KIC3VzbbD+68VA== +-----END CERTIFICATE----- diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/keypass b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/keypass new file mode 100755 index 0000000..5b0d317 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'password' \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..a5d39982f0d4dd2c3cf93d2a7b62fbf698fd61f0 GIT binary patch literal 788 zcmezO_TO6u1_mY|W(3osi6u$Jndy0{MS7))C3=bJ`DJ>^89>>-g!_i_46G4)rUsTk z4aW?cm<|DP#sX$0MkXLK;9}#@YV$Z}%fifLAYmwGAi~BR%EBznTb!Dc1~xH8H#yNj zPMp`s*udP#z|hdx(%3u-$TcxAH?)Lu4HOLJ3}nDMd9XXhpowvj0WTXT(5|-cyo`*D ztPIRejQtEi@h+w&#zuzCM>_mi-yd-B__cE#+rE|wd07?yFeZisHrNI&6-U@f$tjw7H@2TCb$(Qbh7tJ~p z!z+;_DCCgn=5?Bnb1E~#+*xnmn8XSexj&3nv?y_Y$r~)ns3RHT5uJEz!nU>NPi{PL z?eLN1jw@OAe3lDSXKzaP)=xOG}dUj6Z|B@bm+ zKHO@Qkz{yXGu+L@XS&?&i*M{he+o4pT{~B{SGIC0KquG*4K45h|e zDmCdb<>8#|{s&JQ_%&wA^Q8Q%nG;$w`EzD6--Gqa8Ra+sr0wSV+}15@IkmI%{QUT< z4}aD&F*7nSE)Fp8GvEfsqbxrQFhMY{FpvdtR9Qgjfi?7?8*%B09}BEi#C?ulXe*=JWm1Z%ygG+ka2AHmIY(^tr0cHq|@115#? zg)j5I+}pM9bV7F4x$D*<2bfg~&NlWmGQ527ThdULXPamzi}2CP-pk@|IHuctTGjaH Gr9A+HI4Z^f literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..84a4258c79f879d2d5681aa6f87bdcfc0232a095 GIT binary patch literal 1110 zcmV-c1gZNlf&@|m0Ru3C1N;UFDuzgg_YDCD0ic2d?F51Y=`ex=&LNQUmS6$`ClCSwATSID2r7n1hW8Bu2?YQ! z9R>+thDZTr0|Wso1Q1T6)g428IuW8)CwJ^avv7cd15mnQWRsy#6HA_sQi@9H+Et~M z*VwtpFzddLJA}4pk|9{oLo2l02}^?pioCiWc%85mzuU4jStVN6O3Lu^AIn`sag^<6 ze`&0D1tTZDx>D|_G8p<(K#gQja6oM*hjc>ingxO&eG-T5qpFVMN&UMS+v>;o(hG0( z!J?D?I(dsghP~AaJd?Q{76H?f({(O86|GO;vfr+vS}(t#DNUDb%k3C0sOT z@$EgOJScB^0tprtA$?&|-(M^A{B$JzcPYUr=M0 zh|L;5&_+KzHAIy4fzb!FaYu)d1H>c(^Qg(($1w)t+N-(XfO^1N!ak zDbrKCW^|9Z+$SRH8g(NWH4Dq%5F% z8XUVMM1_#`|JQOEeRoyPbYGvMB=A_oplSA=|Fiw+=&=K+df%`0-2AP?3f6eRCw*m> zC;s*e+}h6M!xl>|nZpe>)TK~r++uVFP>CJ)%ZX`*(pEGO0v~gjz7-`QYgd=dCIC_I zqoONkFRu30>u0~u{J5u_1M(1o4&gf$5?sTx70$UjO5xnCMY}+BVYa;z+MCYp1K==C zFflL<1_@w>NC9O71OfpC00bbIZP;#0>Ev3W#wz-_st{h($ literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.pem b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.pem new file mode 100644 index 0000000..f624d13 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICwjCCAmigAwIBAgIBAjAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln +bmVkLWNhMB4XDTIzMDcyMDExMzkzN1oXDTI0MDcxOTExMzkzN1owIDEeMBwGA1UE +AwwVYXRic2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +MIIBigKCAYEAs8SITgXvwEBI+rmuBr6EkG5qeE9ctRBRLNP693MTpjkCi4rcqfzO +//EU4ogDrtLwl99w6mazKuK+73DCfaVTWBdLIN3sqWiX/uU+2pPS3ldymsJcDRhi +ERJAYUZKyw4JlQMAnZrt7DRdEXJH4VshOHRD6Q1TFQEsGVRIW2HakLatz8mxwNbD +xKdBqQS88x5WJgkI0cMdfOVKf59fH+xa32NSE1c0MYwj98doSNrLIh8n47qk4R2p +4bUyaGIx1ylXRjRMlx7b0ew/VfkSg8WtnR2DHj5sJ31uqrAXiMFY0slCiX0+Fu3O +uiul/FH1v2xgT2rH0JhhLt+dCCCqfLLjwuLMSneco6AvcihDaN+AujWSn/aoTWPD +BsB1ACKqkcaBBHt3giyEWb5T5J0QA5VfJEKYwBosvdFfUoPOgXTOQVGRnLMKfXSy +AHUzKiR8Z1x3VwmHT8HJME6BaR8MZP58nFV8k/NpYw7gryNod9n8ZrsK84aLEzmV +iYnPn1/V4fl9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVYXRic2lnbmVyLnVhdC5hZ292LmNo +MAoGCCqGSM49BAMCA0gAMEUCIQDIYEk1HuQxV83m1FQRfUuUgtOkX1gLDNlNEkCb +UfWMMAIgd6HpbvTeur7LYGtqztc7FMADJHDNgYyBAOng+xkxHQw= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties new file mode 100644 index 0000000..be20022 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties @@ -0,0 +1,268 @@ + +accept.button.label=Accept +button.submit=Submit +cancel.button.label=Cancel +continue.button.label=Continue +darkModeSwitch.aria.label=Dark mode toggle +deputy.profile.label=(Deputy Profile) +error.policy.failed=The new password does not comply with the policy. +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.login=Login +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +title.saml.failed=Error +title.timeout.page=Logout +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties new file mode 100644 index 0000000..add49b9 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties @@ -0,0 +1,268 @@ + +accept.button.label=Akzeptieren +button.submit=Senden +cancel.button.label=Abbrechen +continue.button.label=Weiter +darkModeSwitch.aria.label=Dark-Mode-Schalter +deputy.profile.label=(Profil Stellvertreter) +error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein. +error.saml.failed=Bitte schliessen Sie Ihren Browser und versuchen Sie es erneut. +error_1=Bitte überprüfen Sie Ihre Eingaben. +error_10=Bitte wählen Sie das richtige Benutzerkonto aus. +error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk. +error_101=Die eingegebene E-Mail-Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort. +error_5=Fehler bei der Passwortbestätigung. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortänderung erforderlich. +error_7=Änderung der Login-ID erforderlich. +error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt. +error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert. +error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten. +error_9=Übernahme der Sitzung fehlgeschlagen. +error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen. +error_98=Ihr Konto wurde gesperrt. +error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal. +error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen. +error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an. +error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an. +error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht. +error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support. +error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link. +errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft. +fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist. +fido2_auth.instruction1=Klicken Sie auf "Weiter" +fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen +fido2_auth.instruction3=Folgen Sie den Anweisungen +fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen +fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT +footer.link=https://agov.ch/?c=contact&l=de +footer.link.label=Kontakt +footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. - +general.AGOVAccessApp=AGOV access App +general.accessApp=AGOV access App +general.authenticate=Authentifizieren +general.back=Zurück +general.cancel=Abbrechen +general.confirm=Bestätigen +general.contactSupport=Support kontaktieren +general.continue=Weiter +general.edit=Ändern +general.email=E-Mail +general.email.address=E-Mailadresse +general.entryCode=Code-Eingabe +general.getStarted=Get started +general.goAGOVHelp=Weiter zur AGOV help +general.goAccessApp=Login mit AGOV access +general.help=Hilfe +general.help.link=https://agov.ch/pages/help_de.html +general.login=Login +general.loginSecurityKey=Sicherheitsschlüssel-Login starten +general.or=ODER +general.otherOptions=WEITERE OPTIONEN +general.recovery=Wiederherstellung +general.recoveryOngoing=Wiederherstellung nicht abgeschlossen +general.register=Registrieren +general.registerNow=Jetzt registrieren! +general.registration=Registrierung +general.securityKey=Sicherheitsschlüssel +general.skip.content=Direkt zum Hauptteil +generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran. +generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht. +generic.auth.error.subtitle=Etwas ist schiefgegangen +generic.auth.error.title=Fehler +info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein. +info.logout.confirmation=Bitte bestätigen Sie, dass Sie sich abmelden möchten. +info.logout.reminder=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +info.oauth.consent=Wollen Sie der Anwendung den Zugriff erlauben? +info.timeout.page=Ihre Session ist auf dieser Applikation abgelaufen. Versuchen Sie es nochmals mit einem Login. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sprache wählen +loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern. +loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen. +loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben. +loainfo.helper=Ihre persönlichen Daten müssen überprüft werden! +loainfo.later=Später +loainfo.startNow=Möchten Sie den Prozess jetzt starten? +loainfo.startVerification=Verifikation starten +loainfo.title=Verifizieren Sie Ihre Daten +login.button.label=Login +logout.label=Logout +logout.text=Sie haben sich erfolgreich abgemeldet. +mauth_usernameless.EID=Mit Schweizer E-ID fortfahren +mauth_usernameless.banner.error=Authentifizierung unterbrochen.
Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde. +mauth_usernameless.banner.info=Scan erfolgreich.
Bitte fahren Sie in der AGOV access App fort. +mauth_usernameless.banner.success=Authentifizierung erfolgreich!
Bitte warten Sie, bis Sie eingeloggt werden. +mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren? +mauth_usernameless.hideQR=QR-Code ausblenden +mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen +mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login? +mauth_usernameless.showQR=QR-Code anzeigen +mauth_usernameless.startRecovery=Kontowiederherstellung starten +mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden +mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden. +method.certificate.label=Zertifikat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN-Code +method.oath.label=OATH Authenticator-App +method.otp.label=OTP (One-Time Passwort) +method.recovery.label=Wiederherstellungscodes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +op-admin.login=AGOV-op-Admin +op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort +op-admin.login.loginid=LoginID +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV-op-Admin +op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Passwortänderung erforderlich +op-admin.pwchange.newpassword=Neues Passwort +op-admin.pwchange.newpassword2=Neues Passwort wiederholen +op-admin.pwchange.password=Aktuelles Passwort +op-admin.pwchange.title=Änderung des Passworts +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung) +op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...) +op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...) +op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb) +op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus... +op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden. +op-idmlogin.select.title=Profilauswahl +op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen. +op-onboarding.done.title=FERTIG +op-onboarding.failed.title=FEHLER +op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto. +op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet. +op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV-op-Onboarding +op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an. +outarg.lastLogin.never=Nie +policyFailure.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyFailure.history.History=▪ muss sich von vorhergehenden Passwörtern unterscheiden. +policyFailure.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyFailure.regex.lower=▪ muss {0} Kleinbuchstaben enthalten. +policyFailure.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyFailure.regex.maxLength=Länge des Passwortes darf höchstens {0} sein. +policyFailure.regex.minLength=Länge des Passwortes muss mindestens {0} sein. +policyFailure.regex.nonAlnum=▪ muss {0} nicht-alphanumerische Zeichen enthalten. +policyFailure.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyFailure.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyFailure.regex.nonLetter=▪ muss {0} Zeichen enthalten, die keine Buchstaben sind. +policyFailure.regex.numeric=▪ muss {0} numerische Zeichen enthalten. +policyFailure.regex.upper=▪ muss {0} Grossbuchstaben enthalten. +policyInfo.dictionary=▪ darf nicht aus einem Wörterbuch stammen. +policyInfo.history.History=▪ darf keines der zuletzt verwendeten Passwörtern sein. +policyInfo.regex.control=▪ darf höchstens {0} Kontrollzeichen enthalten. +policyInfo.regex.lower=▪ muss mindestens {0} Kleinbuchstaben enthalten. +policyInfo.regex.maxCharacterRepetitions=▪ darf nicht eine Sequenz länger als {0} des gleichen Zeichens enthalten. +policyInfo.regex.maxLength=▪ darf höchstens {0} Zeichen enthalten. +policyInfo.regex.minLength=▪ muss mindestens {0} Zeichen enthalten. +policyInfo.regex.nonAlnum=▪ muss mindestens {0} Zeichen enthalten, die nicht Alphanumerisch sind. +policyInfo.regex.nonAscii=▪ darf höchstens {0} Zeichen ausserhalb des ASCII-Zeichensatzes enthalten. +policyInfo.regex.nonGraph=▪ darf höchstens {0} nicht-druckende Zeichen enthalten. +policyInfo.regex.nonLetter=▪ muss mindestens {0} Zeichen enthalten, die keine Buchstaben sind. +policyInfo.regex.numeric=▪ muss mindestens {0} numerische Zeichen enthalten. +policyInfo.regex.upper=▪ muss mindestens {0} Grossbuchstaben enthalten. +policyInfo.title=Das Passwort muss den folgenden Passwort-Richtlinien entsprechen: +prompt.client=Mandant +prompt.newpassword=Neues Passwort +prompt.newpassword.confirm=Passwort bestätigen +prompt.password=Passwort +prompt.userid=Benutzer-ID +pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen. +pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen.. +pwreset.info.linktext=Passwort vergessen +pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen. +recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert +recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren. +recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut. +recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben +recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten. +recovery_check_code.invalid.code=Code ist ungültig +recovery_check_code.invalid.code.required=Code erforderlich +recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang +recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen +recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können? +recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen. +recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben. +recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können. +recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf. +recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode +recovery_code.validUntil=Gültig bis: +recovery_fidokey_auth.button=Schlüsselauthentifizierung starten +recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten" +recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren. +recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert +recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten. +recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten. +recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an +recovery_intro_email.important=Wichtig: +recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.). +recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA geschützt, und es gelten die Datenschutzerklärung sowie die Nutzungsbedingungen von Google. +recovery_intro_email_sent.banner.button=Keine E-Mail erhalten? +recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten. +recovery_on_going.finishRecovery=Wiederherstellung abschliessen +recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen. +recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab. +recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen. +recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm. +recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen +recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos) +recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort. +recovery_questionnaire_loginfactor.no=Nein +recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert? +recovery_questionnaire_loginfactor.yes=Ja +recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein. +recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte www.agov.ch/help für Support-Artikel. +recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte www.agov.ch/me und testen Sie, ob Sie sich erfolgreich anmelden können. +recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte www.agov.ch/me, um den verlorenen Loginfaktor zu entfernen. +recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe +recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel) +recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen +recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt +recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren +recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen +recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen +recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen +recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren +recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN) +recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus. +recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: +recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist. +recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen. +recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten +reject.button.label=Ablehnen +submit.button.label=Senden +tan.sent=Bitte erfassen Sie den Sicherheitscode, welcher an Ihr Mobiltelefon gesendet wurde. +title.login=Login +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorisierung +title.pwchange.label=Passwort ändern +title.pwreset=Passwort Vergesssen +title.saml.failed=Error +title.timeout.page=Logout +user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein +user_input.invalid.email.required=Erforderliches Feld +user_input.invalid.email.tooLong=Eingabe zu lang diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties new file mode 100644 index 0000000..be20022 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties @@ -0,0 +1,268 @@ + +accept.button.label=Accept +button.submit=Submit +cancel.button.label=Cancel +continue.button.label=Continue +darkModeSwitch.aria.label=Dark mode toggle +deputy.profile.label=(Deputy Profile) +error.policy.failed=The new password does not comply with the policy. +error.saml.failed=Please close your browser and try again. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +info.logout.confirmation=Please confirm that you want to log out. +info.logout.reminder=Your session on this application has expired. Try again with a login. +info.oauth.consent=Do you want to authorise this application to access your data? +info.timeout.page=Your session on this application has expired. Try again with a login. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +login.button.label=Login +logout.label=Logout +logout.text=You have successfully logged out. +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +method.certificate.label=Certificate +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=mTAN Code +method.oath.label=OATH Authenticator App +method.otp.label=OTP (One-Time Password) +method.recovery.label=Recovery Codes +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +outarg.lastLogin.never=Never +policyFailure.dictionary=▪ must not be taken from a dictionary. +policyFailure.history.History=▪ must be different from previously selected passwords. +policyFailure.regex.control=▪ cannot contain more than {0} control characters. +policyFailure.regex.lower=▪ must contain at least {0} lower case characters. +policyFailure.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyFailure.regex.maxLength=▪ must be at most {0} characters long. +policyFailure.regex.minLength=▪ must be at least {0} characters long. +policyFailure.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyFailure.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyFailure.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyFailure.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyFailure.regex.numeric=▪ must contain at least {0} numeric characters. +policyFailure.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.dictionary=▪ must not be taken from a dictionary. +policyInfo.history.History=▪ must be different from previously selected passwords. +policyInfo.regex.control=▪ cannot contain more than {0} control characters. +policyInfo.regex.lower=▪ must contain at least {0} lower case characters. +policyInfo.regex.maxCharacterRepetitions=▪ characters must not occur more than {0} time(s) consecutively. +policyInfo.regex.maxLength=▪ must be at most {0} characters long. +policyInfo.regex.minLength=▪ must be at least {0} characters long. +policyInfo.regex.nonAlnum=▪ must contain at least {0} non-alphanumeric characters. +policyInfo.regex.nonAscii=▪ cannot contain more than {0} non-ASCII characters. +policyInfo.regex.nonGraph=▪ cannot contain more than {0} non-printable characters. +policyInfo.regex.nonLetter=▪ must contain at least {0} non-letter characters. +policyInfo.regex.numeric=▪ must contain at least {0} numeric characters. +policyInfo.regex.upper=▪ must contain at least {0} upper case characters. +policyInfo.title=The password has to comply with the following password policy: +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +reject.button.label=Deny +submit.button.label=Submit +tan.sent=Please enter the security code which has been sent to your mobile phone. +title.login=Login +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Client Authorization +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +title.saml.failed=Error +title.timeout.page=Logout +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties new file mode 100644 index 0000000..3cc12b7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties @@ -0,0 +1,268 @@ + +accept.button.label=Accepter +button.submit=Envoyer +cancel.button.label=Abandonner +continue.button.label=Continuer +darkModeSwitch.aria.label=Activer l'apparence sombre +deputy.profile.label=(Profil du suppléant) +error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error.saml.failed=Fermez votre navigateur et r;eacute;essayez. +error_1=Veuillez vérifier votre saisie. +error_10=Veuillez sélectionner le compte d’utilisateur correct. +error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance. +error_101=L’adresse e-mail saisie n’est pas valable. +error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification. +error_2=Veuillez sélectionner un autre nom d’utilisateur. +error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue. +error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe. +error_5=Erreur de confirmation du mot de passe +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit être différent des précédents. +error_6=Changement de mot de passe requis. +error_7=Changement d’identifiant de connexion requis. +error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification. +error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé. +error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès. +error_9=La reprise de session a échoué. +error_97=Vous n’êtes pas autorisé à accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problèmes de système. Veuillez réessayer plus tard. +error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page. +error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement. +error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance. +error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste. +error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance. +error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance. +errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations. +fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous. +fido2_auth.instruction1=Cliquez sur "Continuer" +fido2_auth.instruction2=Une fenêtre d'authentification s'affichera +fido2_auth.instruction3=Suivez les instructions +fido2_auth.skipInstructions=Passer les instructions la fois suivante +fido2_auth.switchLogin=S'AUTHENTIFIER AVEC +footer.link=https://agov.ch/?c=contact&l=fr +footer.link.label=Contact +footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. - +general.AGOVAccessApp=Application AGOV access +general.accessApp=Application AGOV access +general.authenticate=Authentification +general.back=Retour +general.cancel=Annuler +general.confirm=Confirmer +general.contactSupport=Contacter le service d'assistance +general.continue=Continuer +general.edit=Editer +general.email=E-mail +general.email.address=Adresse e-mail +general.entryCode=Entrer le code +general.getStarted=Démarrer +general.goAGOVHelp=Rendez-vous sur AGOV help +general.goAccessApp=Login avec AGOV access +general.help=Aide +general.help.link=https://agov.ch/pages/help_fr.html +general.login=Login +general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité +general.or=OU +general.otherOptions=AUTRES OPTIONS +general.recovery=Récupération +general.recoveryOngoing=Récupération en cours +general.register=Créer un compte +general.registerNow=Enregistrez-vous dès maintenant! +general.registration=Enregistrement +general.securityKey=Clé de sécurité +general.skip.content=Passer au contenu principal +generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème. +generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste. +generic.auth.error.subtitle=Un problème s’est produit +generic.auth.error.title=Erreur +info.login=Veuillez entrer vos éléments de sécurité ci-après. +info.logout.confirmation=Veuillez confirmer que vous souhaitez vous déconnecter. +info.logout.reminder=Votre session sur cette application a expirée. Essayez encore avec un login. +info.oauth.consent=Voulez-vous autoriser l'application? +info.timeout.page=Votre session sur cette application a expirée. Essayez encore avec un login. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sélectionner la langue +loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours. +loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante. +loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS. +loainfo.helper=Vos données doivent être vérifiées! +loainfo.later=Plus tard +loainfo.startNow=Voulez-vous commencer le processus maintenant? +loainfo.startVerification=Démarrer la vérification +loainfo.title=Vérifiez vos données +login.button.label=Login +logout.label=Logout +logout.text=Au revoir +mauth_usernameless.EID=Continuer avec l'e-ID suisse +mauth_usernameless.banner.error=Authentification interrompue.
Veuillez réessayer lorsque la page sera rechargée. +mauth_usernameless.banner.info=Scan réussi!
Veuillez continuer dans l'application AGOV access. +mauth_usernameless.banner.success=Authentification réussie!
Veuillez attendre d'être connecté. +mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ? +mauth_usernameless.hideQR=Cacher le code QR +mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access +mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ? +mauth_usernameless.showQR=Afficher le code QR +mauth_usernameless.startRecovery=Commencer la récupération du compte +mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter +mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone. +method.certificate.label=Certificat +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Code mTAN +method.oath.label=Application d'authentification OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codes de récupération +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +op-admin.login=Administration de l’accès à AGOV op +op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe +op-admin.login.loginid=Identifiant de connexion +op-admin.login.password=Mot de passe +op-admin.login.title=Connexion +op-admin.logout=Administration de l’accès à AGOV op +op-admin.logout.message=Vous vous êtes déconnecté avec succès. +op-admin.logout.title=Déconnexion +op-admin.pwchange.intro.message=Changement de mot de passe requis +op-admin.pwchange.newpassword=Nouveau mot de passe +op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe +op-admin.pwchange.password=Mot de passe actuel +op-admin.pwchange.title=Changer de mot de passe +op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès +op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM +op-idmlogin.role.readonly-access=Accès par défaut (lecture seule) +op-idmlogin.role.support-basic=Cas de support (récupération, ...) +op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription) +op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations) +op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous... +op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production. +op-idmlogin.select.title=Séléction du profil +op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations. +op-onboarding.done.title=TERMINÉ +op-onboarding.failed.title=ERREUR +op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN. +op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification. +op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre. +op-onboarding.intro.title=DÉMARRER +op-onboarding.onboarding=Enregistrement de l’accès à AGOV op +op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement. +outarg.lastLogin.never=Jamais +policyFailure.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyFailure.history.History=▪ doit être différent des mots de passe préalablement sélectionnés. +policyFailure.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyFailure.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyFailure.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyFailure.regex.maxLength=La longueur doit être d'au plus {0}. +policyFailure.regex.minLength=La longueur doit être d'au moins {0}. +policyFailure.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyFailure.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII ({1}). +policyFailure.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables ({1}). +policyFailure.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyFailure.regex.numeric=▪ doit comprendre {0} caractères numériques. +policyFailure.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.dictionary=▪ ne peut pas être pris d'un dictionnaire. +policyInfo.history.History=▪ ne peut pas être l' précédemment choisis. +policyInfo.regex.control=▪ ne peut contenir plus de {0} caractères de commande. +policyInfo.regex.lower=▪ doit contenir au moins {0} caractère(s) minuscule(s). +policyInfo.regex.maxCharacterRepetitions=▪ ne peut contenir une séquence de plus de {0} du même caractère. +policyInfo.regex.maxLength=▪ la longueur doit être d'au plus {0}. +policyInfo.regex.minLength=▪ la longueur doit être d'au moins {0}. +policyInfo.regex.nonAlnum=▪ doit contenir au moins {0} caractères non alphanumériques. +policyInfo.regex.nonAscii=▪ ne peut contenir plus de {0} caractères non ASCII. +policyInfo.regex.nonGraph=▪ ne peut contenir plus de {0} caractères non imprimables. +policyInfo.regex.nonLetter=▪ doit contenir au moins {0} caractères qui ne sont pas des lettres. +policyInfo.regex.numeric=▪ doit comprendre au minimum {0} caractères numériques. +policyInfo.regex.upper=▪ doit contenir au moins {0} caractère(s) majuscule(s). +policyInfo.title=Le mot de passe doit respecter les règles suivantes: +prompt.client=Client +prompt.newpassword=Nouveau mot de passe +prompt.newpassword.confirm=Confirmez le mot de passe +prompt.password=Mot de passe +prompt.userid=ID de l'utilisateur +pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter. +pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe. +pwreset.info.linktext=Mot de passe oublié +pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau. +recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée +recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération. +recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier. +recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer. +recovery_check_code.enterRecoveryCode=Saisir le code de récupération +recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me. +recovery_check_code.invalid.code=Le code est invalide +recovery_check_code.invalid.code.required=Code requis +recovery_check_code.invalid.code.tooLong=Le code est trop long +recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération +recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ? +recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération. +recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération. +recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois. +recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération. +recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer. +recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr. +recovery_code.newRecoveryCode=Introduction du code de récupération +recovery_code.validUntil=Valable jusqu'au: +recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité +recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé" +recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération. +recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier. +recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée +recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien. +recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération. +recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha +recovery_intro_email.important=Important: +recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=Ce site est protégé par reCAPTCHA: les règles de confidentialité et conditions d’utilisation de Google s’appliquent. +recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email? +recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions. +recovery_on_going.finishRecovery=Terminer la récupération +recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité. +recovery_on_going.title=Veuillez terminer le processus de récupération. +recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie. +recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran. +recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération +recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte) +recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse. +recovery_questionnaire_loginfactor.no=Non +recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ? +recovery_questionnaire_loginfactor.yes=Oui +recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant. +recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter www.agov.ch/help pour obtenir des articles de soutien. +recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez www.agov.ch/me et vérifiez si vous pouvez vous connecter avec succès. +recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter www.agov.ch/me pour supprimer celui auquel vous avez perdu l'accès. +recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité +recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité) +recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription +recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access +recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité +recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access +recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access +recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter +recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access +recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié) +recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif. +recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération : +recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé. +recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération. +recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération. +reject.button.label=Refuser +submit.button.label=Envoyer +tan.sent=Veuillez saisir le code de sécurité que vous avez reçu au votre téléphone mobile. +title.login=Login +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorisation du client +title.pwchange.label=Changer mot de passe +title.pwreset=Mot de Passe Oublié +title.saml.failed=Error +title.timeout.page=Logout +user_input.invalid.email=Veuillez saisir un e-mail valable. +user_input.invalid.email.required=Champ requis +user_input.invalid.email.tooLong=La saisie est trop longue diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties new file mode 100644 index 0000000..0ac0b70 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties @@ -0,0 +1,268 @@ + +accept.button.label=Accettare +button.submit=Continua +cancel.button.label=Abortire +continue.button.label=Continua +darkModeSwitch.aria.label=Attivare la modalità scura +deputy.profile.label=(profilo del delegato) +error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error.saml.failed=Chiudi il browser e riprova. +error_1=Verificare i dati inseriti. +error_10=Scegliere l’account utente corretto. +error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk. +error_101=L’e-mail inserita non è valida. +error_11=Utilizzare un altro certificato o accedere con altre credenziali. +error_2=Selezionare un altro nome di accesso. +error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato. +error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password. +error_5=Errore nella conferma della password. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve differire da quelle precedenti. +error_6=È richiesta la modifica della password. +error_7=È richiesta la modifica dell’ID di accesso. +error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato. +error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato. +error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile. +error_9=Takeover di sessione fallito. +error_97=Accesso non autorizzato a questa risorsa. +error_98=L’account è stato bloccato. +error_99=Ci sono problemi di sistema. Riprovare più tardi. +error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido. +error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione. +error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione. +error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link. +error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto. +error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione. +errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo. +fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni. +fido2_auth.instruction1=Cliccare su "Continua" +fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione. +fido2_auth.instruction3=Seguire le istruzioni. +fido2_auth.skipInstructions=Non mostrare più le istruzioni +fido2_auth.switchLogin=ACCEDERE CON +footer.link=https://agov.ch/?c=contact&l=it +footer.link.label=Contatto +footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. - +general.AGOVAccessApp=App AGOV access +general.accessApp=App AGOV access +general.authenticate=Autentifica +general.back=Indietro +general.cancel=Annullare +general.confirm=Confermare +general.contactSupport=Contattare il supporto +general.continue=Continuare +general.edit=Modificare +general.email=e-mail +general.email.address=Indirizzo e-mail +general.entryCode=Codice +general.getStarted=Iniziare +general.goAGOVHelp=Vai ad AGOV help +general.goAccessApp=Login con AGOV access +general.help=Aiuto +general.help.link=https://agov.ch/pages/help_it.html +general.login=Accedere +general.loginSecurityKey=Iniziare il login con la chiave di sicurezza +general.or=O +general.otherOptions=ALTRE OPZIONI +general.recovery=Ripristino +general.recoveryOngoing=Ripristino in corso +general.register=Registrarsi +general.registerNow=Si registri ora! +general.registration=Registrazione +general.securityKey=Chiave di sicurezza +general.skip.content=Vai al contenuto principale +generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio. +generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help. +generic.auth.error.subtitle=Qualcosa non ha funzionato. +generic.auth.error.title=Errore +info.login=Per favore inserisca i suoi dati di accesso. +info.logout.confirmation=Si prega di confermare che si desidera disconnettersi. +info.logout.reminder=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +info.oauth.consent=Vuoi consentire all'applicazione? +info.timeout.page=La sessione su questa applicazione &egrave; scaduta. Prova ancora con un login. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Selezionare la lingua +loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi. +loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata. +loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS. +loainfo.helper=I dati devono essere verificati! +loainfo.later=Più tardi +loainfo.startNow=Iniziare la procedura? +loainfo.startVerification=Iniziare la verifica +loainfo.title=Verificare i dati. +login.button.label=Login +logout.label=Logout +logout.text=È uscito con successo. +mauth_usernameless.EID=Continuare con CH e-ID +mauth_usernameless.banner.error=Autenticazione interrotta.
Riprovare dopo che la pagina si sarà ricaricata. +mauth_usernameless.banner.info=La scansione è stata eseguita.
Continuare nell'app AGOV access. +mauth_usernameless.banner.success=Autenticazione riuscita!
Aspettare di essere connessi. +mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza? +mauth_usernameless.hideQR=Nascondi il codice QR +mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access. +mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ? +mauth_usernameless.showQR=Visualizza il codice QR +mauth_usernameless.startRecovery=Inizia il recupero dell'account +mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza. +mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono. +method.certificate.label=Certificato +method.fido.label=Mobile Authentication +method.fido2.label=FIDO 2 +method.mtan.label=Codice mTAN +method.oath.label=App di autenticazione OATH +method.otp.label=OTP (One-Time Password) +method.recovery.label=Codici di ripristino +method.safeword.label=SafeWord +method.securid.label=SecurID +method.ticket.label=Ticket +op-admin.login=AGOV op admin +op-admin.login.intro.message=Accedere con nome utente e password +op-admin.login.loginid=ID di accesso +op-admin.login.password=Password +op-admin.login.title=Accedere +op-admin.logout=AGOV op admin +op-admin.logout.message=La sessione è terminata. +op-admin.logout.title=Disconnessione +op-admin.pwchange.intro.message=È richiesta la modifica della password. +op-admin.pwchange.newpassword=Nuova password +op-admin.pwchange.newpassword2=Ripetere la nuova password +op-admin.pwchange.password=Password attuale +op-admin.pwchange.title=Modificare password +op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso +op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM +op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura) +op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...) +op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding) +op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni) +op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili... +op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche. +op-idmlogin.select.title=Selezione del profilo +op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser. +op-onboarding.done.title=FINITO +op-onboarding.failed.title=ERRORE +op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN. +op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione. +op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta. +op-onboarding.intro.title=INIZIARE +op-onboarding.onboarding=Registrazione AGOV op +op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione. +outarg.lastLogin.never=Mai +policyFailure.dictionary=▪ non può essere presa da un dizionario. +policyFailure.history.History=▪ deve essere diversa da password precedenti. +policyFailure.regex.control=▪ non può contenere più di {0} caratteri di controllo. +policyFailure.regex.lower=▪ deve conenere almeno {0} caratteri minuscoli. +policyFailure.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyFailure.regex.maxLength=▪ deve contenere al massimo {0} caratteri. +policyFailure.regex.minLength=▪ deve contenere almeno {0} caratteri. +policyFailure.regex.nonAlnum=▪ deve conenere almeno {0} caratteri non alfanumerici. +policyFailure.regex.nonAscii=▪ non può contenere più di {0} caratteri non ASCII. +policyFailure.regex.nonGraph=▪ non può contenere più di {0} caratteri non stampabili. +policyFailure.regex.nonLetter=▪ non può contenere più di {0} numeri o caratteri speciali. +policyFailure.regex.numeric=▪ deve contenere {0} caratteri numerici. +policyFailure.regex.upper=▪ deve conenere almeno {0} caratteri maiuscoli. +policyInfo.dictionary=▪ non può essere presa da un dizionario. +policyInfo.history.History=▪ deve essere diversa dalle password precedenti. +policyInfo.regex.control=▪ non può contenere più di {0} carattere/i di controllo. +policyInfo.regex.lower=▪ deve conenere almeno {0} carattere/i minuscolo/i. +policyInfo.regex.maxCharacterRepetitions=▪ non può contentere una sequenza più lunga di {0} caratteri uguali. +policyInfo.regex.maxLength=▪ deve contenere al massimo {0} carattere/i. +policyInfo.regex.minLength=▪ deve contenere almeno {0} carattere/i. +policyInfo.regex.nonAlnum=▪ deve conenere almeno {0} carattere/i non alfanumerico/i. +policyInfo.regex.nonAscii=▪ non può contenere più di {0} carattere/i non ASCII. +policyInfo.regex.nonGraph=▪ non può contenere più di {0} carattere/i non stampabile/i. +policyInfo.regex.nonLetter=▪ non può contenere più di {0} numero/i o caratere/i speciale/i. +policyInfo.regex.numeric=▪ deve contenere un minimo di {0} carattere/i numerico/i. +policyInfo.regex.upper=▪ deve conenere almeno {0} carattere/i maiuscolo/i. +policyInfo.title=La password deve rispettare le seguenti direttive: +prompt.client=Mandator +prompt.newpassword=Nuova Password +prompt.newpassword.confirm=Conferma password +prompt.password=Password +prompt.userid=Nome utente +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata +recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. +recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare. +recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero +recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me. +recovery_check_code.invalid.code=Il codice non è valido +recovery_check_code.invalid.code.required=Codice richiesto +recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo +recovery_check_code.noAccess=Non ho il mio codice. +recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino? +recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino. +recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto +recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte. +recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero. +recovery_code.banner.error=Per procedere, inserire il nuovo codice. +recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro. +recovery_code.newRecoveryCode=Introduzione del codice di ripristino +recovery_code.validUntil=Valido fino a: +recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave +recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave" +recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti. +recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata +recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail. +recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail. +recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha +recovery_intro_email.important=Importante: +recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.). +recovery_intro_email.siteProtectedWithRecaptcha=Questo sito è protetto da reCAPTCHA. Si applicano le norme sulla privacy e i termini di servizio di Google. +recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail? +recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni. +recovery_on_going.finishRecovery=Completare il ripristino +recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità. +recovery_on_going.title=Completare il processo di ripristino. +recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito. +recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo. +recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero +recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account) +recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account? +recovery_questionnaire_loginfactor.yes=Si +recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento. +recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti www.agov.ch/help per articoli di supporto. +recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti www.agov.ch/me e verifichi se può accedere con successo. +recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit www.agov.ch/me per rimuovere quello a cui ha perso l'accesso. +recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza +recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza) +recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione +recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza +recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV +recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere +recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV +recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato) +recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo. +recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero: +recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso. +recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino. +recovery_start_info.title=Il processo di ripristino sta per iniziare. +reject.button.label=Rifiuti +submit.button.label=Continua +tan.sent=Inserisci il codice di sicurezza che è stato inviato al tuo telefono cellulare. +title.login=Login +title.logout=Logout +title.logout.confirmation=Logout +title.logout.reminder=Logout +title.oauth.consent=Autorizzazione del client +title.pwchange.label=Cambiare Password +title.pwreset=Password Forgotten +title.saml.failed=Error +title.timeout.page=Logout +user_input.invalid.email=Inserire un'e-mail valida. +user_input.invalid.email.required=Campo obbligatorio +user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy new file mode 100644 index 0000000..f889eee --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy @@ -0,0 +1,62 @@ +import ch.nevis.idm.client.IdmRestClient +import ch.nevis.idm.client.IdmRestClientFactory +import groovy.json.JsonSlurper +import java.time.ZonedDateTime +import java.time.format.DateTimeFormatter +import java.time.ZoneId +import ch.nevis.esauth.auth.engine.AuthResponse +import groovy.xml.XmlSlurper + +IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters) + +String baseUrl = parameters.get('baseUrl') +String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId') +String userExtId = session.get('ch.adnovum.nevisidm.user.extId') +String endPoint = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId/fido2" +String endPointFidoUAF = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId/generic-credentials" + +def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto']) +def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' } +if (hasRecoveryRole != null) { + String result + try { + result = idmRestClient.get(endPoint) + resultFidoUAF = idmRestClient.get(endPointFidoUAF) + + def json = new JsonSlurper().parseText(result) +LOG.info('Result fido2: ' + json) + + def login=false + json['items'].each { + if ("active".equals(it.stateName)) { + response.setSessionAttribute('agov.recovery.securityKey', it.userFriendlyName) + response.setResult('loginWithFido2') + login=true + return + } + + } + if (login) { + return + } + def jsonFidoUAF = new JsonSlurper().parseText(resultFidoUAF) + LOG.info('Result fidoUAF: ' + jsonFidoUAF) + jsonFidoUAF['items'].each { + if ("active".equals(it.stateName)) { + response.setSessionAttribute('agov.recovery.accessapp', it.properties.fidouaf_name) + response.setResult('loginWithFidoUAF') + login=true + return + } + } + if (login) { + return + } + } catch(Exception e) { + LOG.error(e.toString()) + response.setResult('failed') + return + } + +} +response.setResult('ok') \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy new file mode 100644 index 0000000..958b6b1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_mobile_nless_auth.groovy @@ -0,0 +1,52 @@ +import groovy.json.JsonBuilder +import ch.nevis.esauth.auth.engine.AuthResponse + + +def getHeader(String name) { + def inctx = request.getLoginContext() + // case-insensitive lookup of HTTP headers + def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER) + map.putAll(inctx) + return map['connection.HttpHeader.' + name] +} + +def clearFidoUAFSession() { + def s = request.getAuthSession(true) + s.removeAttribute('ch.nevis.auth.fido.uaf.fidouafsessionid') + inargs.remove('fallback') +} + + +// dispatch AJAX calls and form POST when operation is done +if (inargs['fidoUafDone'] == 'true' || + inargs.containsKey('o.fidoUafSessionId.v') || + getHeader('Content-Type') == 'application/json') { + + if (inargs.containsKey('o.fidoUafSessionId.v') && (inargs['o.fidoUafSessionId.v'] != session['ch.nevis.auth.fido.uaf.fidouafsessionid'])) { + // received polling for wrong fido session; make sure, that stops + LOG.debug("received polling for wrong fido session ${inargs['o.fidoUafSessionId.v']} (correct: ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']})") + def json = new JsonBuilder() + json { + "status" "unknown" + "timestamp" org.joda.time.DateTime.now().toString() + } + String body = json.toString() + + response.setContent(body) + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + response.setStatus(AuthResponse.AUTH_CONTINUE) + return + } + + // continue with OutOfBandFidoUafAuthState + response.setResult('ok') +} + + +// dispatch form post with onReload input field : refresh QR-code FIDO UAF +if (inargs.containsKey('onReload')) { + clearFidoUAFSession() + response.setResult('default') +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy new file mode 100644 index 0000000..680791c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy @@ -0,0 +1,19 @@ +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' +def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000) + +LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + +// delete the login cookie +def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" +response.setHeader('Set-Cookie', agovLoginCookie) + +response.setResult('ok') +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy new file mode 100644 index 0000000..37b5dcf --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithError.groovy @@ -0,0 +1,24 @@ +import ch.nevis.esauth.auth.engine.AuthResponse + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' +def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000) + +def errorCode = notes['saml.errorCode'] ?: 'unknown' +def errorMessage = notes['saml.errorMessage'] ?: 'unknown' + +LOG.info("Event='SAMLERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, errorCode='${errorCode}', errorMessage='${errorMessage}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + +// delete the login cookie +def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" +response.setHeader('Set-Cookie', agovLoginCookie) + +response.setStatus(AuthResponse.AUTH_ERROR) +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/bc.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/bc.properties new file mode 100644 index 0000000..c399a82 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/bc.properties @@ -0,0 +1 @@ +bc.tracer.TraceIndentFactory=ch.nevis.bc.io.Log4jTraceIndentFactory \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkInsufficientLoa.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkInsufficientLoa.groovy new file mode 100644 index 0000000..8d27e75 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkInsufficientLoa.groovy @@ -0,0 +1,133 @@ +import groovy.xml.XmlSlurper + +def getUserAGOVLoiRoles() { + // set attibutes from DTO: -> AGOVaq + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() }) +} + +def getUserAGOVLoiIdVerification() { + // set attibutes from DTO: -> idVerification + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll {node -> node.name() == 'properties' && node.name.text() == 'idVerification' }.collect({ node -> node.value.text()}) +} + +def getUserAGOVLoiValidFrom(level) { + // set attibutes from DTO: -> validFrom + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == level}.getProperty("validFrom") +} + +def getUserAGOVLoiValidTo(level) { + // set attibutes from DTO: -> validTo + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == level}.getProperty("validTo") +} + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +try { + // beef + def session = request.getAuthSession(true) + def highestRoleLevelNumber = 0 + def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger() + def hasValidatedAddress = Arrays.stream(response.getActualRoles()).filter(s -> s == 'AGOV-Loi.level200').findAny().isPresent() + + LOG.debug('Requested role level '+ requestedRoleLevelNumber) + LOG.debug('idVerification: ' + getUserAGOVLoiIdVerification()) + LOG.debug('hasValidatedAddress : ' + hasValidatedAddress) + + session.setAttribute('idVerification', getUserAGOVLoiIdVerification().last()) + session.setAttribute('agov.hasValidatedAddress', '' + hasValidatedAddress) + + + if (requestedRoleLevelNumber == 0) { + // AuthnFailed_Zero_RoleLvl + response.setResult('noRoleLevel'); + return + } + + if (session.get('ch.adnovum.nevisidm.profileExtId') == '') { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100') + response.setResult('ok') + return + } + + // Transform sex to number + if(session.get('ch.nevis.idm.User.gender') == 'MALE'){ + session.setAttribute('ch.nevis.idm.User.gender', '1') + } + if(session.get('ch.nevis.idm.User.gender') == 'FEMALE'){ + session.setAttribute('ch.nevis.idm.User.gender', '2') + } + if(session.get('ch.nevis.idm.User.gender') == 'OTHER'){ + session.setAttribute('ch.nevis.idm.User.gender', '3') + } + + + for (String role : getUserAGOVLoiRoles()) { + if (role.startsWith('level')) { + def roleLevel = role.substring(5) + int roleLevelNumber = Integer.parseInt(roleLevel) + if (highestRoleLevelNumber == 0) { + highestRoleLevelNumber = roleLevelNumber + } + if (highestRoleLevelNumber< roleLevelNumber) { + highestRoleLevelNumber=roleLevelNumber + } + } + } + LOG.debug('Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString()) + LOG.debug(' Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber)) + + //set attribute Actual Role Level + session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber) + LOG.info('actual role level (agov) '+ highestRoleLevelNumber) + + if (highestRoleLevelNumber > 0) { + // set attribute contextClassRefToSet + session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString())) + } else { + // by default 100 + session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' ) + } + + if (highestRoleLevelNumber>=requestedRoleLevelNumber) { + + // set attribute ValidFrom and ValidTo (only for higher than 100) + if (highestRoleLevelNumber > 100) { + def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) + def validTo = getUserAGOVLoiValidTo('level'.concat(highestRoleLevelNumber.toString())) + + LOG.debug('ValidFrom :' + validFrom) + LOG.debug('ValidTo :' + validTo) + + if(validFrom != '') { + session.setAttribute('ValidFrom', '' + validFrom) + } + if(validTo != '') { + session.setAttribute('ValidTo', '' + validTo) + } + } + response.setResult('ok') + return; + } else { + // Insufficient_LoaInfo + response.setResult('insufficientLoa'); + return; + } +} catch (Exception ex) { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='exception occured: ${ex}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + // AuthnFailed_Zero_RoleLvl + response.setResult('noRoleLevel'); + return; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy new file mode 100644 index 0000000..87ef5fb --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy @@ -0,0 +1,230 @@ +import org.codehaus.groovy.runtime.StackTraceUtils +import groovy.xml.XmlSlurper + +def getUserAGOVLoiRoles() { + // set attibutes from DTO: -> AGOVaq + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() }) +} + +def getUserAGOVRecoveryRoles() { + // set attibutes from DTO: -> AGOV + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' }.collect({ node -> node.name.text() }) +} + +def getUserAGOVLoiIdVerification() { + // set attibutes from DTO: -> idVerification + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text().contains('AGOV-Loi,')}.collect({ node -> node.value.text()}) +} + +def getUserAGOVLoiIdVerification(level) { + // set attibutes from DTO: -> idVerification + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return list.'**'.findAll {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,level' + level}.collect({ node -> node.value.text()}) +} + +def getUserAGOVLoiValidFrom(level) { + // set attibutes from DTO: -> validFrom + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == level}?.validFrom?.text() +} + +def getUserAGOVLoiValidTo(level) { + // set attibutes from DTO: -> validTo + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + return payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == level}?.validTo?.text() +} + +def getUserIdVerificationForRecovery() { + // application is AGOV-AccountStatus + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + def result = list.'**'.find {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-AccountStatus,mustRecover'}?.value?.text() + + if (!result) { + // fallback if not explicitly set + def currentLoaRole = getUserAGOVLoiRoles()?.sort()?.last() ?: 'level100' + def chDomicile = list.country.text() == 'ch' + def lastIdVerification = list.'**'.find {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,' + currentLoaRole}?.value?.text() + switch (currentLoaRole) { + case 'level100': + result = chDomicile ? 'SimpleLetter' : 'Video' + break + case 'level200': + result = chDomicile ? 'Bmid' : 'Video' + break + case 'level300': + case 'level400': + result = chDomicile ? lastIdVerification : 'Video' + break + default: + LOG.warn("unexpected loa on account: ${currentLoaRole}") + // safest default, should work in any case + result = 'Video' + } + LOG.warn("Recovery method not set, choosing ${result} (based on currentLoad: ${currentLoaRole}, CH-domicile: ${chDomicile}, last verification method: ${lastIdVerification})") + } + return result +} + +def getUserMustRecoverValidFrom() { + // set attibutes from DTO: -> validFrom + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + def authzNode = payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == 'mustRecover'} + return (authzNode) ? ((authzNode.validFrom && !authzNode.validFrom.text().isEmpty()) ? authzNode.validFrom?.text() : authzNode.ctlCreDat?.text()) : '' +} + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +try { + // beef + def session = request.getAuthSession(true) + def highestRoleLevelNumber = 0 + def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger() + def adressVerificationList = getUserAGOVLoiIdVerification('200') + def adressVerification = 'None' + if (adressVerificationList && !adressVerificationList.isEmpty()) { + adressVerification = adressVerificationList[0] + } + + LOG.debug('Requested role level '+ requestedRoleLevelNumber) + LOG.debug('idVerification: ' + getUserAGOVLoiIdVerification()) + LOG.debug('adressVerification : ' + adressVerification) + + def idVerificationMethodList = getUserAGOVLoiIdVerification() + + session.setAttribute('idVerification', idVerificationMethodList.isEmpty() ? 'None' : idVerificationMethodList.last()) + session.setAttribute('agov.adressVerification', '' + adressVerification) + + + if (requestedRoleLevelNumber == 0) { + // AuthnFailed_Zero_RoleLvl + response.setResult('error'); + return + } + + if (session.get('ch.adnovum.nevisidm.profileExtId') == '') { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100') + response.setResult('ok') + return + } + + // Transform sex to number + if(session.get('ch.nevis.idm.User.gender') == 'MALE'){ + session.setAttribute('ch.nevis.idm.User.gender', '1') + } + if(session.get('ch.nevis.idm.User.gender') == 'FEMALE'){ + session.setAttribute('ch.nevis.idm.User.gender', '2') + } + if(session.get('ch.nevis.idm.User.gender') == 'OTHER'){ + session.setAttribute('ch.nevis.idm.User.gender', '3') + } + + + for (String role : getUserAGOVLoiRoles()) { + if (role.startsWith('level')) { + def roleLevel = role.substring(5) + int roleLevelNumber = Integer.parseInt(roleLevel) + if (highestRoleLevelNumber == 0) { + highestRoleLevelNumber = roleLevelNumber + } + if (highestRoleLevelNumber< roleLevelNumber) { + highestRoleLevelNumber=roleLevelNumber + } + } + } + LOG.debug('Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString()) + LOG.debug(' Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber)) + + //set attribute Actual Role Level + session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber) + LOG.debug('actual role level (agov) '+ highestRoleLevelNumber) + + if (highestRoleLevelNumber > 0) { + // set attribute contextClassRefToSet + session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString())) + } else { + // by default 100 + session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' ) + } + + // no login for users with a recovery role + for (String role : getUserAGOVRecoveryRoles()) { + if (role == 'mustRecover') { + session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover') + session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) + + def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None' + if (highestRoleLevelNumber < 300) { + // plus 100, if mustRecover + highestRoleLevelNumber += 100 + } + session.setAttribute('agov.recovery.currentAgovAq', 'urn:qa.agov.ch:names:tc:ac:classes:'.concat(highestRoleLevelNumber.toString()) ) + + def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification + session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification ) + + def validFrom = getUserMustRecoverValidFrom() ?: '' + session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) + + response.setResult('exit.2') + return + + } else if (role == 'recovery') { + session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery') + session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') + session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' ) + LOG.debug('idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())) + def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) + session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first())) + def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: '' + session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) + + response.setResult('exit.2') + return + } + } + + if (highestRoleLevelNumber>=requestedRoleLevelNumber) { + + // set attribute ValidFrom and ValidTo (only for higher than 100) + if (highestRoleLevelNumber > 100) { + def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) + def validTo = getUserAGOVLoiValidTo('level'.concat(highestRoleLevelNumber.toString())) + + LOG.debug('ValidFrom :' + validFrom) + LOG.debug('ValidTo :' + validTo) + + if(validFrom != '') { + session.setAttribute('ValidFrom', '' + validFrom) + } + if(validTo != '') { + session.setAttribute('ValidTo', '' + validTo) + } + } + response.setResult('ok') + return; + } else { + // Insufficient_LoaInfo + response.setResult('exit.1'); + return; + } +} catch (Exception ex) { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='exception occured: ${ex}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + ex = StackTraceUtils.sanitize(ex) + def affectedLines = ex.stackTrace.findAll { it.className.startsWith('Script') }.collect { "${it.methodName}:${it.lineNumber}" } + LOG.error("FATAL: Script failure (at lines: ${affectedLines})", ex) + // AuthnFailed_Zero_RoleLvl + response.setResult('error'); + return; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/countries.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/countries.xml new file mode 100644 index 0000000..ceefadf --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/countries.xml @@ -0,0 +1,250 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/createuuid.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/createuuid.groovy new file mode 100644 index 0000000..ec37add --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/createuuid.groovy @@ -0,0 +1,6 @@ +def session = request.getAuthSession(true) +String uuidString = UUID.randomUUID().toString() + +session.setAttribute('agov.subjectUUID', '' + uuidString) +response.setResult('ok') +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy new file mode 100644 index 0000000..391afdb --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy @@ -0,0 +1,125 @@ +import ch.nevis.esauth.auth.engine.AuthResponse +import ch.nevis.idm.client.IdmRestClient +import ch.nevis.idm.client.IdmRestClientFactory +import ch.nevis.idm.client.HTTPRequestWrapper + +import groovy.json.JsonSlurper + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters) + +String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId') +String userExtId = session.get('ch.adnovum.nevisidm.user.extId') +String loginId = session.get('ch.adnovum.nevisidm.user.loginId') +String profileExtId = session.get('ch.adnovum.nevisidm.profileExtId') + +String unitExtid= parameters.get('unitExtid') +String level100RoleExtid = parameters.get('level100.roleExtid') + +String baseUrl = "${parameters.get('idm.baseUrl')}/core/v1/$clientExtId" +boolean audited = false +String agovAq100AuthEndpoint = null +String endpoint = null + +// 1) create the profile if needed +if (profileExtId == null || profileExtId.isEmpty()) { + + endpoint = "${baseUrl}/users/${userExtId}/profiles" + profileExtId = UUID.randomUUID().toString() + + def postRequest = new HTTPRequestWrapper() + postRequest.addToHeaders('Content-Type', ['application/json']) + + def dto = "{\"extId\":\"${profileExtId}\",\"unitExtId\":\"${unitExtid}\",\"profileState\":\"active\",\"name\":\"Profile-${loginId}\",\"isDefaultProfile\":true,\"modificationComment\":\"Repaired for request ${requestId}\"}" + postRequest.setPayLoad(dto.getBytes('UTF-8')) + + def result = idmRestClient.postWithResponse(endpoint, postRequest) + if (result.getStatusCode() != 201) { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing profile (http status code ${result.getStatusCode()})'") + + response.setNote('saml.errorCode', 'Responder') + response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help") + + response.setResult('failed') + return + } else { + LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing profile'") + audited = true + } +} + + +// 2) add level 100 role if needed +if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.level100')).findAny().isPresent()) { + endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations" + def postRequest = new HTTPRequestWrapper() + postRequest.addToHeaders('Content-Type', ['application/json']) + + def dto = "{\"extId\":\"${UUID.randomUUID().toString()}\",\"roleExtId\":\"${level100RoleExtid}\"}" + postRequest.setPayLoad(dto.getBytes('UTF-8')) + + def result = idmRestClient.postWithResponse(endpoint, postRequest) + if (result.getStatusCode() != 201) { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create the missing AGOVaq 100 role (http status code ${result.getStatusCode()})'") + + response.setNote('saml.errorCode', 'Responder') + response.setNote('saml.errorMessage', "account of the user with agovId ${userExtId} is in a corrupt state, should contact agov help") + + response.setResult('failed') + return + } else if (!audited) { + LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'") + audited = true + } + agovAq100AuthEndpoint = result.getLocation() +} + + +// 3) set the AQ level 100 verification to None +if (!session['ch.adnovum.nevisidm.userDto'].contains("idVerificationNoneAGOV-Loi,level100")) { + + if (agovAq100AuthEndpoint == null) { + endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations" + + def result = idmRestClient.get(endpoint) + def json = new JsonSlurper().parseText(result) + + json['items'].eachWithIndex { az, i -> + if (az.roleExtId == level100RoleExtid) { + agovAq100AuthEndpoint = "${endpoint}/${az.extId}" + } + } + } + + endpoint = "${agovAq100AuthEndpoint}/properties" + + def patchRequest = new HTTPRequestWrapper() + patchRequest.addToHeaders('Content-Type', ['application/json']) + + patchRequest.setPayLoad('{"idVerification":"None"}'.getBytes('UTF-8')) + + def result = idmRestClient.patchWithResponse(endpoint, patchRequest) + + if (result.getStatusCode() != 200) { + LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to patch the AGOVaq 100 role (http status code ${result.getStatusCode()})'") + + } else if (!audited) { + LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='patched AGOVaq 100 role with idVerification'") + audited = true + } +} + + +if (audited) { + response.setResult('reload') +} else { + response.setResult('done') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy new file mode 100644 index 0000000..e1e6320 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy @@ -0,0 +1,101 @@ +import ch.nevis.esauth.auth.engine.AuthResponse +import ch.nevis.idm.client.IdmRestClient +import ch.nevis.idm.client.IdmRestClientFactory +import ch.nevis.idm.client.HTTPRequestWrapper + +import groovy.json.JsonSlurper + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def credentialType = session['authenticatedWith'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + + + + +IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters) + +String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId') +String userExtId = session.get('ch.adnovum.nevisidm.user.extId') +String sessionId = session.get('ch.nevis.session.conversationId') + +String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/code" + +// 1a) check if user has a credential +if (session['ch.nevis.idm.User.cred.context_password1.state'] == 'ACTIVE' ) { + LOG.debug("Account '${user}' has an active recovery code, no need to create new code") + response.setResult('done') + return +} + +// 1b) check if a recovery is ongoing (nothing to do) +if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) { + LOG.debug("Account '${user}' is in recovery, no need to create new code") + response.setResult('done') + return +} + + +// 2) set cookie for recoveryCode +if (outargs.containsKey('out.JWTToken')) { + def token = outargs.getProperty('out.JWTToken').bytes.encodeBase64().toString() + def agovRecoveryCodeCookie = "agovRecoveryCode=${token }; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovRecoveryCodeCookie) + outargs.remove('out.JWTToken') +} + +// 3) generate code if not yet done +if (!session['agov.new.recovery.code.generated']) { + inargs.remove('submit') + try { + def postRequest = new HTTPRequestWrapper() + postRequest.addToHeaders('Content-Type', ['application/json']) + + postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8')) + + def result = idmRestClient.postWithResponse(endPoint, postRequest) + if (result.getStatusCode() != 200) { + LOG.debug("Payload: ${new String(postRequest.getPayLoad())}") + LOG.debug("Result: ${result}") + LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})") + response.setResult('failed') + return + } + + def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8')) + + notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3')) + LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}") + + response.setSessionAttribute('agov.new.recovery.code.generated', 'true') + def validTil = "${json['recoveryCode']['validUntil'][2]}.${json['recoveryCode']['validUntil'][1]}.${json['recoveryCode']['validUntil'][0]}" + response.setSessionAttribute('agov.new.recovery.code.validTil', validTil) + response.setSessionAttribute('agov.new.recovery.code.pdfAuthToken', json['authToken']) + + LOG.info("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + } catch(Exception e) { + LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${e.getMessage()})") + LOG.error("Recoverycode processing failed: $e") + response.setResult('failed') + return + } + + response.setResult('encryptCode') + return +} + +if (inargs['submit']) { + def agovRecoveryCodeCookie = "agovRecoveryCode=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovRecoveryCodeCookie) + response.setResult('done') + return +} + +// show the GUI +response.setStatus(AuthResponse.AUTH_CONTINUE) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf new file mode 100644 index 0000000..c77ba59 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf @@ -0,0 +1,19 @@ +RTENV_SECURITY_CHECK=no_shell + +JAVA_OPTS=( + "-Dfile.encoding=UTF-8" + "-XX:+UseContainerSupport" + "-XX:MaxRAMPercentage=80.0" + "-Djava.net.preferIPv4Stack=true" + "-Djava.net.connectionTimeout=10000" + "-Djava.net.readTimeout=15000" + "-Dch.nevis.esauth.config=/var/opt/nevisauth/default/conf/esauth4.xml" + "-Djava.awt.headless=true" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" + "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12" + "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}" +) + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.security b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.security new file mode 100644 index 0000000..fffe1dd --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.security @@ -0,0 +1,2 @@ +# this file is generated by nevisAdmin 4 +security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml new file mode 100644 index 0000000..07cc3d0 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml @@ -0,0 +1,2594 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy new file mode 100644 index 0000000..a98babe --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy @@ -0,0 +1,202 @@ +import groovy.json.JsonBuilder +import groovy.json.JsonSlurper +import java.util.UUID + +if (inargs.containsKey('cancel_fido2')) { + response.setResult('cancel') + LOG.debug("Fido2Auth: authentication cancelled by user") + return +} + +def base64url(uuid) { + def msb = uuid.getMostSignificantBits() + def lsb = uuid.getLeastSignificantBits() + return new byte[] { + (byte) msb, + (byte) (msb >> 8), + (byte) (msb >> 16), + (byte) (msb >> 24), + (byte) (msb >> 32), + (byte) (msb >> 40), + (byte) (msb >> 48), + (byte) (msb >> 56), + (byte) lsb, + (byte) (lsb >> 8), + (byte) (lsb >> 16), + (byte) (lsb >> 24), + (byte) (lsb >> 32), + (byte) (lsb >> 40), + (byte) (lsb >> 48), + (byte) (lsb >> 56) + }.encodeBase64Url().toString() +} + +def showGui() { + response.setGuiName('fido2_auth') // name is the trigger for including the JS + response.setGuiLabel('title.login.fido2') + response.addInfoGuiField('info', 'info.login.fido2', null) + response.addHiddenGuiField('authRequestId', 'not used', session['ch.nevis.auth.saml.request.id']) + response.addTextGuiField('email', 'email', session['ch.nevis.idm.User.email']) + if (notes.containsKey('lasterrorinfo') || notes.containsKey('lasterror')) { + response.addErrorGuiField('lasterror', notes['lasterrorinfo'], notes['lasterror']) + } + if (parameters.containsKey('cancel')) { + response.addButtonGuiField('cancel_fido2', 'cancel.login.fido2.button.label', 'true') + } +} + +def getPath() { + if (inargs.containsKey('path')) { // form POST + return inargs['path'] + } + if (inargs.containsKey('o.path.v')) { // AJAX POST + return inargs['o.path.v'] + } + return null +} + +def post(connection, json) { + connection.setRequestMethod("POST") + connection.setRequestProperty("Content-Type", "application/json") + connection.setDoOutput(true) // required to write body + String body = json.toString() + LOG.debug("Fido2Auth: ==> Request: '${body}'") + connection.getOutputStream().write(body.getBytes()) +} + +String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId'] ?: request.getUserId() ?: notes['userid'] +if (userExtId == null) { + LOG.error("Fido2Auth: missing extId of nevisIDM user. check your authentication flow.") +} +// without the user extId this script won't work and we can fail with a System Error +Objects.requireNonNull(userExtId) + +def path = getPath() +if (path == null) { + showGui() // POST from JavaScript not received + return +} + +def connection = null +try { + def fullPath = "https://${parameters.get('fido')}${path}" + LOG.debug("Fido2Auth: opening connection to '${fullPath}'") + connection = new URL(fullPath).openConnection() +} catch (Exception e) { + LOG.error("Fido2Auth: opening connection failed", e) + notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed') + response.setResult('error') + return +} + +def json = new JsonBuilder() + +if (path == '/nevisfido/fido2/attestation/options') { + json { + "username" userExtId + "userVerification" "required" + } + post(connection, json) + def responseCode = connection.responseCode + + // non existing account, or account without FIDO2 key case + if (responseCode == 404 || responseCode == 400) { + + LOG.debug("Fido2Auth: <== Response: ${responseCode}") + + // Accounting + def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' + def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def credentialType = session['authenticatedWith'] ?: 'unknown' + def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' + def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000) + + LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'") + // returning a fake options structure, which shouldn't leak whether the user account exists or not + // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time + def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes()) + def responseText = """{"status": "ok", + "errorMessage": "", + "fido2SessionId": "${UUID.randomUUID()}", + "challenge": "${base64url(UUID.randomUUID())}", + "timeout": 300000, + "rpId": "${parameters['rpId']}", + "allowCredentials": [ + { + "type": "public-key", + "id": "${base64url(keyId)}", + "transports": [] + } + ], + "userVerification": "required"}""" + + response.setContent(responseText) // return response from nevisFIDO "as-is" + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + return + } + + def responseText = connection.inputStream.text + LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}") + response.setContent(responseText) // return response from nevisFIDO "as-is" + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + return +} + +if (path == '/nevisfido/fido2/assertion/result') { + + if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) { + // wrong request, "force" a timeout + LOG.debug('Fido2Auth: authentication timeout enforced, due to concurrent requests') + + response.setIsDirectResponse(true) + response.setContentType('text/html; charset=UTF-8') + response.setContent('Timeout') + response.setHttpStatusCode(205) + response.setHeader('IDP-AUTH', 'Timeout') + + // CONTINUE to keep the other request beeing processed + response.setStatus(AuthResponse.AUTH_CONTINUE) + return + } + + def userHandleValue = userExtId.getBytes().encodeBase64Url().toString() + LOG.debug("Fido2Auth: encoded userHandle: ${userHandleValue}") + json { + "id" inargs['id'] + "type" inargs['type'] + response { + "clientDataJSON" inargs['response.clientDataJSON'] + "authenticatorData" inargs['response.authenticatorData'] + "signature" inargs['response.signature'] + "userHandle" userHandleValue + } + } + post(connection, json) + def responseCode = connection.responseCode + // test if credentials exist + if (responseCode != 400) { + def responseText = connection.inputStream.text + LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}") + if (responseCode == 200 && new JsonSlurper().parseText(responseText).status == 'ok') { + response.setResult('ok') + return + } + } + //response.setHttpStatusCode(400) + //response.setIsDirectResponse(true) + // DEFINE how to handel error + notes.setProperty('lasterror', '1') + notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed') + response.setResult('error') + return +} + +response.setError(1, "FIDO2 authentication failed") +showGui() \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy new file mode 100644 index 0000000..87a2d36 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy @@ -0,0 +1,37 @@ +import groovy.json.JsonSlurper + +def url = parameters.get('url') + +try { + session.remove('agov.fido2.X-ReCAPTCHA-Integration') + def jsonSlurper = new JsonSlurper() + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.get().url(url).build().send(httpClient) + LOG.info('Response Message: ' + httpResponse.reasonPhrase()) + LOG.info('Response Status Code: ' + httpResponse.code()) + LOG.info('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + def json = jsonSlurper.parseText(httpResponse.bodyAsString()) + response.setSessionAttribute('agov.fido2.json.accountUrl', json.accountUrl) + response.setSessionAttribute('agov.fido2.json.registrationUrl', json.registrationUrl) + response.setSessionAttribute('agov.fido2.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled)) + response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey) + response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey) + if (session.get('agov.fido2.X-ReCAPTCHA-Integration') == null) { + response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'INVISIBLE') + } else { + response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE') + } + response.setResult('ok') + } else { + LOG.error('Unexcpected HTTP response code: ' + httpResponse.code()) + response.setResult('error') + response.setError(1, 'Unexpected HTTP reponse') + } +} catch (all) { + // Handle exception and set the transition + LOG.error('error: ' + all, all) + response.setResult('error') + response.setError(1, 'Exception during HTTP call') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy new file mode 100644 index 0000000..c5fca4b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy @@ -0,0 +1,53 @@ + +def url = parameters.get('url') +def email = inargs['email'] +def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +def payload = '{ "email": "' + inargs['userInputValue_prompt.email'] + '", "action": "LOGIN", "userIp": "' + ip + '", "userAgent": "' + userAgent + '"}' + +LOG.info('Token: ' + inargs['recaptcha_response']) +LOG.info('Integration: ' + session['agov.fido2.X-ReCAPTCHA-Integration']) +LOG.info('Payload: ' + payload) + +try { + + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.post() + .url(url) + .header("Accept", "application/json") + .header("X-ReCAPTCHA-Token", inargs['recaptcha_response']) + .header("X-ReCAPTCHA-Integration", session['agov.fido2.X-ReCAPTCHA-Integration']) + .entity(Http.entity() + .content(payload) + .contentType("application/json") + // .charSet("utf-8") + .build()) + .build() + .send(httpClient) + + LOG.info('Response Message: ' + httpResponse.reasonPhrase()) + LOG.info('Response Status Code: ' + httpResponse.code()) + LOG.info('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + if (httpResponse.bodyAsString().contains('SUCCESSFUL')) { + response.setResult('ok') + return + } else { + + response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE') + response.setResult('exit.1') + return + } + } else { + LOG.error('Unexcpected HTTP response code: ' + httpResponse.code()) + response.setResult('error') + response.setError(1, 'Unexpected HTTP reponse') + } +} catch (all) { + // Handle exception and set the transition + LOG.error('error: ' + all, all) + response.setResult('error') + response.setError(1, 'Exception during HTTP call') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy new file mode 100644 index 0000000..9bb42b6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirect.groovy @@ -0,0 +1,26 @@ +if(outargs.containsKey('saml.SAMLResponse')) { + // Accounting + def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' + def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def credentialType = session['authenticatedWith'] ?: 'unknown' + def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' + def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + LOG.info("Event='GOTOVERIFY', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + // Redirect + response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl')) + response.addOutArg('nevis.transfer.field.SAMLResponse', outargs.getProperty('saml.SAMLResponse').bytes.encodeBase64().toString()) + response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) + response.setIsRedirectTransfer(false) + + response.removeOutArg('saml.SAMLResponse') +} +else { + response.setResult('ok') +} + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy new file mode 100644 index 0000000..5370722 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy @@ -0,0 +1,23 @@ +if(outargs.containsKey('saml.SAMLResponse')) { + // Accounting + def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' + def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def credentialType = session['authenticatedWith'] ?: 'unknown' + def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' + def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + LOG.info("Event='GOTORECOVERY', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + // Redirect + response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl')) + response.addOutArg('nevis.transfer.field.SAMLResponse', outargs.getProperty('saml.SAMLResponse').bytes.encodeBase64().toString()) + response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) + response.setIsRedirectTransfer(false) + + response.removeOutArg('saml.SAMLResponse') +} +else { + response.setResult('ok') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy new file mode 100644 index 0000000..aaea4f7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy @@ -0,0 +1,26 @@ +if(outargs.containsKey('saml.SAMLResponse')) { + // Accounting + def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' + def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def credentialType = session['authenticatedWith'] ?: 'unknown' + def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' + def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + LOG.info("Event='GOTOREGISTER', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + // Redirect + response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl')) + response.addOutArg('nevis.transfer.field.SAMLResponse', outargs.getProperty('saml.SAMLResponse').bytes.encodeBase64().toString()) + response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) + response.setIsRedirectTransfer(false) + + response.removeOutArg('saml.SAMLResponse') +} +else { + response.setResult('ok') +} + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_status_check.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_status_check.groovy new file mode 100644 index 0000000..93fb67e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_status_check.groovy @@ -0,0 +1,145 @@ +import groovy.json.JsonBuilder +import java.security.MessageDigest +import java.util.HashSet +import ch.nevis.esauth.auth.engine.AuthResponse + +def getHeader(String name) { + def inctx = request.getLoginContext() + // case-insensitive lookup of HTTP headers + def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER) + map.putAll(inctx) + return map['connection.HttpHeader.' + name] +} + +def sha256(String input) { + // we do not catch NoSuchAlgorithmException, as every implementation of the Java platform is required to support SHA-256 + def digestBytes = MessageDigest.getInstance('SHA-256').digest(input.getBytes()) + return digestBytes.encodeBase64().toString() +} + + +def clearCurrentAuthenticationSession() { + + // clean up session attributes + def s = request.getAuthSession(true) + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + + // we backup the replaced requestId + if (requestId != 'unknown') { + s.setAttribute('agov.replacedRequestId', '' + requestId) + } + + // fido + s.removeAttribute('ch.nevis.auth.fido.uaf.fidouafsessionid') + // SAML + s.removeAttribute('finisherState-DeferredResponse') + s.removeAttribute('saml.idp.result') + s.removeAttribute('saml.inbound.issuer') + + def sessionKeySet = new HashSet(session.keySet()) + sessionKeySet.each { key -> + if ( key ==~ /ch.nevis.auth.saml.request.*/ ) { + s.removeAttribute(key) + } + } + // agov + s.removeAttribute('agov.requestedRoleLevel') + +} + + +// context: script is executed, thus we are in the initial dispatching of the state engine +// due to the resetAuthenticationCondition it will be called for sure after each SAMLRequest received +if (inargs['SAMLRequest'] != null) { + + if (session['ch.nevis.auth.saml.request.id'] != null) { + + // Accounting + def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' + def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' + def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' + def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' + def credentialType = session['authenticatedWith'] ?: 'unknown' + def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' + def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + // check if we receive a repost of the ongoing request + if (session['agov.currentSamlRequestHash'] != null && session['agov.currentSamlRequestHash'] == sha256(inargs['SAMLRequest'])) { + LOG.info("Event='AUTHCONTINUE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + request.getInArgs().remove('SAMLRequest') + request.getInArgs().remove('RelayState') + + // restore the finisher again (was removed by resetAuthenticationCondition) + def s = request.getAuthSession(true) + s.setAttribute('ch.nevis.session.finishers', '' + session['agov.backup.finishers']) + + // process it the same way, as if frontend triggered a reload + request.getInArgs().setProperty('onReload', 'now') + + response.setResult('continueAfterRepost') + return + } + // else, the new replaces the on-going one + LOG.info("Event='AUTHREPL', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + clearCurrentAuthenticationSession() + } + + // we track the SAML Request we received + def s = request.getAuthSession(true) + s.setAttribute('agov.currentSamlRequestHash', '' + sha256(inargs['SAMLRequest'])) + + // we set/update a login Cookie + def agovLoginCookie = "agovLogin=${System.currentTimeMillis()}; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovLoginCookie) + response.setResult('ok') + return +} + + +// from here on, corner cases // +// ============================= +def json = new JsonBuilder() + +if (inargs.containsKey('o.fidoUafSessionId.v')) { + + // timeout, and script in login page is still polling -> send fake response + LOG.debug('authentication timeout reached, login script is still polling access app status') + json { + "status" "unknown" + "timestamp" org.joda.time.DateTime.now().toString() + } + String body = json.toString() + + response.setContent(body) + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + response.setStatus(AuthResponse.AUTH_CONTINUE) + return +} +else { + // authentication timeout reached, or SSO-Endpoint bookmarked -> return a 404 + def agovLoginCookie = 'missing' + + if (getHeader('cookie') != null) { + def cookies = getHeader('cookie') + if (cookies.matches('^.*agovLogin=([^;]+).*$')) { + agovLoginCookie = cookies.replaceAll('^.*agovLogin=([^;]+).*$', '$1') + } + } + LOG.debug("agovLoginCookie: ${agovLoginCookie}") + if (agovLoginCookie == 'missing' || agovLoginCookie == 'deleted') { + LOG.debug('SSO-Endpoint bookmarked -> return a 404') + response.setHttpStatusCode(404) + response.setIsDirectResponse(true) + response.setStatus(AuthResponse.AUTH_ERROR) + } + else { + LOG.debug('authentication timeout reached -> return a 408') + response.setHttpStatusCode(408) + response.setIsDirectResponse(true) + response.setStatus(AuthResponse.AUTH_ERROR) + } + return +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/initializeRecovery.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/initializeRecovery.groovy new file mode 100644 index 0000000..3e54f56 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/initializeRecovery.groovy @@ -0,0 +1,33 @@ +if (inargs['authRequestId'] && (!session['ch.nevis.auth.saml.request.id'] || inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) { + // make sure we start from scratch + def mInargs = request.getInArgs() + mInargs.remove('email') + mInargs.remove('recaptcha_sitekey') + mInargs.remove('recaptcha_response') + mInargs.remove('continue') + mInargs.remove('authRequestId') + mInargs.remove('cancel') +} + +if (inargs['cd'] && session['agov.recovery.code']) { + // we are called with a new URL --> make sure we start from scratch + def s = request.getAuthSession(true) + def sessionKeySet = new HashSet(session.keySet()) + sessionKeySet.each { key -> + if ( key ==~ /ch.nevis.idm.*/ || key ==~ /ch.adnovum.nevisidm.*/ || key ==~ /agov.recovery.*/ ) { + s.removeAttribute(key) + } + } +} + +if (!session['ch.nevis.auth.saml.request.id']) { + response.setSessionAttribute('ch.nevis.auth.saml.request.id', java.util.UUID.randomUUID().toString()) +} + +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +response.setSessionAttribute('agov.recovery.ip', '' + sourceIp) +response.setSessionAttribute('agov.recovery.userAgent', '' + userAgent) + +response.setResult('default') \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml new file mode 100644 index 0000000..dcd8774 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml @@ -0,0 +1,53 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[esauth4sv.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-20.20c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisauth/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "EsAuthStart" + level: "INFO" + - name: "org.apache.catalina.loader.WebappClassLoader" + level: "FATAL" + - name: "org.apache.catalina.startup.HostConfig" + level: "ERROR" + - name: "ch.nevis.esauth.events" + level: "FATAL" + - name: "AGOV-ACCT" + level: "DEBUG" + - name: "AuthEngine" + level: "INFO" + - name: "AuthPerf" + level: "INFO" + - name: "IdmAuth" + level: "DEBUG" + - name: "OpTrace" + level: "DEBUG" + - name: "Recovery" + level: "INFO" + - name: "Script" + level: "DEBUG" + - name: "SessCoord" + level: "DEBUG" + - name: "StdStates" + level: "INFO" + - name: "Store" + level: "DEBUG" + - name: "Vars" + level: "INFO" + - name: "ch.nevis.idm.client.IdmRestClientImpl" + level: "DEBUG" + - name: "jcan.OpContent" + level: "DEBUG" + Root: + level: "WARN" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy new file mode 100644 index 0000000..e64b940 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy @@ -0,0 +1,105 @@ +import groovy.json.JsonBuilder +import ch.nevis.esauth.auth.engine.AuthResponse + + +def getHeader(String name) { + def inctx = request.getLoginContext() + // case-insensitive lookup of HTTP headers + def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER) + map.putAll(inctx) + return map['connection.HttpHeader.' + name] +} + +def clearFidoUAFSession() { + LOG.debug("start new FIDO UAF session (skipping ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']}") + def s = request.getAuthSession(true) + s.removeAttribute('ch.nevis.auth.fido.uaf.fidouafsessionid') + inargs.remove('fallback') +} + + +def clearIdmSessionAttributes() { + def s = request.getAuthSession(true) + def sessionKeySet = new HashSet(session.keySet()) + sessionKeySet.each { key -> + if ( key ==~ /ch.nevis.idm.*/ || key ==~ /ch.adnovum.nevisidm.*/ ) { + s.removeAttribute(key) + } + } +} + + +// check, whether we are still processing the correct AuthnRequest +if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) { + // wrong request, "force" a timeout + LOG.debug('authentication timeout enforced, due to concurrent requests -> return a 408') + + response.setIsDirectResponse(true) + response.setContentType('text/html; charset=UTF-8') + response.setContent('Timeout') + response.setHttpStatusCode(205) + response.setHeader('IDP-AUTH', 'Timeout') + + // CONTINUE to keep the other request beeing processed + response.setStatus(AuthResponse.AUTH_CONTINUE) + return +} + +// dispatch AJAX calls and form POST when operation is done +if (inargs['fidoUafDone'] == 'true' || + inargs.containsKey('o.fidoUafSessionId.v') || + getHeader('Content-Type') == 'application/json') { + + if (inargs.containsKey('o.fidoUafSessionId.v') && (inargs['o.fidoUafSessionId.v'] != session['ch.nevis.auth.fido.uaf.fidouafsessionid'])) { + // received polling for wrong fido session; make sure, that stops + LOG.debug("received polling for wrong fido session ${inargs['o.fidoUafSessionId.v']} (correct: ${session['ch.nevis.auth.fido.uaf.fidouafsessionid']})") + def json = new JsonBuilder() + json { + "status" "unknown" + "timestamp" org.joda.time.DateTime.now().toString() + } + String body = json.toString() + + response.setContent(body) + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + response.setStatus(AuthResponse.AUTH_CONTINUE) + return + } + + if (inargs['fidoUafDone'] == 'true') { + // get clean state, before validating user in IDM + LOG.debug("clear IDM session attributes") + clearIdmSessionAttributes() + } + + // continue with OutOfBandFidoUafAuthState + response.setResult('ok') +} + +// dispatch form post with fallback input field : transition to FIDO Token authentication +if (inargs['fallback'] == 'fallback') { + response.setResult('fido2') +} + // dispatch to recovery + if (inargs['fallback'] == 'recovery') { + response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl')) + response.setStatus(ch.nevis.esauth.auth.engine.AuthResponse.AUTH_CONTINUE) + response.setIsRedirectTransfer(true) + // Remove existing cookies before redirecting to RECOVERY + def agovRecoveryCookie = "agovRecovery=deleted; Path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovRecoveryCookie) + return +} + +// dispatch form post with onReload input field : refresh QR-code FIDO UAF +if (inargs.containsKey('onReload')) { + clearFidoUAFSession() + response.setResult('default') +} + +// dispatch form post with fallback input field : go to registration with right loa +if (inargs['fallback'] == 'register') { + response.setResult('registration') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml new file mode 100644 index 0000000..03a32b7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml @@ -0,0 +1,16 @@ +server: + name: "default" + protocol: "https" + port: "8991" + host: "0.0.0.0" + tls: + keystore: "/var/opt/keys/own/auth-default-identity/keystore.p12" + keystore-passphrase: "${exec:/var/opt/keys/own/auth-default-identity/keypass}" + client-auth: "required" + truststore: "/var/opt/keys/trust/auth-technical-trust-store/truststore.p12" + truststore-passphrase: "${exec:/var/opt/keys/trust/auth-technical-trust-store/keypass}" +management: + server: + port: "9000" + healthchecks: + enabled: "true" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties new file mode 100644 index 0000000..db61b17 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name=auth +otel.traces.exporter=none +otel.metrics.exporter=none +otel.logs.exporter=none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/prepare_done.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/prepare_done.groovy new file mode 100644 index 0000000..e916e2a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/prepare_done.groovy @@ -0,0 +1,23 @@ +// nevisProxy replaces the entire AUTH: scope when new outargs are returned by nevisAuth. +// Thus, we have to store tokens in the session (as a String) and restore them on subsequent step-ups. + +// restore tokens +session.each { key, value -> + if (key.startsWith('outarg.token.')) { + def name = key.substring(7) + if (outargs.containsKey(name)) { + LOG.debug("not restoring token (outarg: $name) from session: outarg already set") + } + else { + LOG.debug("restoring token (outarg: $name) from session") + outargs.put(name, value) + } + } +} + +// store tokens +outargs.each { name, value -> + if (name.startsWith('token.')) { + session.put('outarg.' + name, value) + } +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-checkAccount.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-checkAccount.groovy new file mode 100644 index 0000000..2751332 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-checkAccount.groovy @@ -0,0 +1,79 @@ +import ch.nevis.esauth.auth.engine.AuthResponse +import groovy.xml.XmlSlurper + + +// AGOVaq conversion +def maxLoiRoleToCtxClssConvertorMap = [ + "level100": "urn:qa.agov.ch:names:tc:ac:classes:100", + "level200": "urn:qa.agov.ch:names:tc:ac:classes:200", + "level300": "urn:qa.agov.ch:names:tc:ac:classes:300", + "level400": "urn:qa.agov.ch:names:tc:ac:classes:400", + "level500": "urn:qa.agov.ch:names:tc:ac:classes:500" +] + +def cleanSession() { + def s = request.getAuthSession(true) + + s.removeAttribute('agov.op.onboarding.ctxClass') + s.removeAttribute('agov.op.onboarding.minLoi') + s.removeAttribute('agov.op.onboarding.homeName') + s.removeAttribute('agov.op.onboarding.subject') + s.removeAttribute('agov.op.onboarding.process.state') + s.removeAttribute('ch.adnovum.nevisidm.userDto') + s.removeAttribute('saml.response.statusCode') + if (response.getActualRoles().length > 0) { + def actualRoles = Arrays.copyOf(response.getActualRoles(), response.getActualRoles().length) + actualRoles.each{ role -> response.removeActualRole(role) } + } +} + +// for autditing +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: 'unknown' +def maxLoi = 'unknown' + + +// new +if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null) { + try { + def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto']) + def userState = userDto.state + LOG.debug("Recovery: Dto is '${userDto}") + LOG.debug("Recovery: state is '${userState}") + if (userState == 'ACTIVE') { + def maxLoiList = userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() }) + maxLoi = (maxLoiList == null || maxLoiList.isEmpty()) ? null : maxLoiList.sort().last() + def accountStatusRoles = userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' }.collect({ node -> node.name.text() }) + def hasRecoveryRole = accountStatusRoles.isEmpty() ? null : accountStatusRoles.sort().first() + LOG.debug("Recovery: MaxLoi is '${maxLoi}'") + LOG.debug("Recovery: hasRecoveryRole is '${hasRecoveryRole}'") + if (maxLoi != null && maxLoiRoleToCtxClssConvertorMap.containsKey(maxLoi)) { + response.setResult('ok') + return + } else { + LOG.debug("Recovery: no 'AGOV-Loi'-role assigned to user ${user}") + response.setResult('notFullyRegistered') + return + } + } else { + // state != ACTIVE and no lasterror should not happen + LOG.error("Recovery: state='${userState}' but not lasterror set") + response.setNote('lasterror', '9909') + response.setNote('lasterrorinfo', 'internal error') + response.setResult('error') + return + } + } catch (Exception e) { + LOG.error("Recovery processing failed: Exception " + e) + response.setNote('lasterror', '9909') + response.setNote('lasterrorinfo', 'internal error') + response.setResult('error') + return + } +} + + response.setResult('error') + return + +// new \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-preprocessing.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-preprocessing.groovy new file mode 100644 index 0000000..e8fc47e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-preprocessing.groovy @@ -0,0 +1,175 @@ +import org.codehaus.groovy.runtime.StackTraceUtils +import groovy.xml.XmlSlurper + + +// AGOVaq conversion +def maxLoiRoleToCtxClssConvertorMap = [ + "level100": "urn:qa.agov.ch:names:tc:ac:classes:100", + "level200": "urn:qa.agov.ch:names:tc:ac:classes:200", + "level300": "urn:qa.agov.ch:names:tc:ac:classes:300", + "level400": "urn:qa.agov.ch:names:tc:ac:classes:400", + "level500": "urn:qa.agov.ch:names:tc:ac:classes:500" +] + +def maxLoiRecoveryStepupMap = [ + "level100": "level200", + "level200": "level300", + "level300": "level300", + "level400": "level400", + "level500": "level500" +] + +def getUserIdVerificationForRecovery(currentLoaRole) { + // application is AGOV-AccountStatus + def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + def result = list.'**'.find {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-AccountStatus,mustRecover'}?.value?.text() + + if (!result) { + // fallback if not explicitly set + def chDomicile = list.country.text() == 'ch' + def lastIdVerification = list.'**'.find {node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,' + currentLoaRole}?.value?.text() ?: 'missing' + switch (currentLoaRole) { + case 'level100': + result = chDomicile ? 'SimpleLetter' : 'Video' + break + case 'level200': + result = chDomicile ? 'Bmid' : 'Video' + break + case 'level300': + case 'level400': + result = chDomicile ? lastIdVerification : 'Video' + break + default: + LOG.warn("unexpected loa on account: ${currentLoaRole}") + // safest default, should work in any case + result = 'Video' + } + LOG.warn("Recovery method not set, choosing ${result} (based on currentLoad: ${currentLoaRole}, CH-domicile: ${chDomicile}, last verification method: ${lastIdVerification})") + } + return result +} + +def getUserMustRecoverValidFrom() { + // set attibutes from DTO: -> validFrom + def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto')) + def authzNode = payload.'**'.find {node -> node.name() == 'authorizations' && node.role.name.text() == 'mustRecover'} + return (authzNode) ? ((authzNode.validFrom && !authzNode.validFrom.text().isEmpty()) ? authzNode.validFrom?.text() : authzNode.ctlCreDat?.text()) : '' +} + + +// for autditing +def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' +def maxLoi = null + + +// new +if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null) { + try { + def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto']) + def userState = userDto.state + LOG.debug("Recovery: Dto is '${userDto}") + LOG.debug("Recovery: state is '${userState}") + def session = request.getAuthSession(true) + + if (userState == 'ACTIVE') { + + session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery') + + def maxLoiList = userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() }) + maxLoi = (maxLoiList == null || maxLoiList.isEmpty()) ? null : maxLoiList.sort().last() + + def idVerification = null + def agovAqValidFrom = null + if (maxLoi) { + idVerification = userDto.'**'.find { node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,' + maxLoi}?.value?.text() + idVerification = idVerification ?: 'None' + agovAqValidFrom = userDto.'**'.find { node -> node.name() == 'authorizations' && node.role.name.text() == maxLoi}?.validFrom?.text() + agovAqValidFrom = agovAqValidFrom?: userDto.'**'.find { node -> node.name() == 'authorizations' && node.role.name.text() == maxLoi}?.ctlCreDat?.text() + } + + def mustRecover = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'mustRecover' } + + def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' } + + + if (mustRecover) { + // attributes are defined over the mustRecover authorization + session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover') + + def recoveryVerification = userDto.'**'.find { node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-AccountStatus,mustRecover' }?.value?.text() + idVerification = getUserIdVerificationForRecovery(maxLoi ?: 'level100') ?: idVerification + + agovAqValidFrom = getUserMustRecoverValidFrom() + + maxLoi = maxLoiRecoveryStepupMap[maxLoi ?: 'level100'] ?: 'level100' + + } + + LOG.debug("Recovery: MaxLoi is '${maxLoi}'") + LOG.debug("Recovery: IdVerification is ${idVerification}") + LOG.debug("Recovery: agovAqValidFrom is ${agovAqValidFrom}") + LOG.debug("Recovery: hasRecoveryRole is '${hasRecoveryRole}'") + + if (maxLoi != null) { + if (maxLoiRoleToCtxClssConvertorMap.containsKey(maxLoi)) { + LOG.debug("Recovery: MaxLoiMapping is " + maxLoiRoleToCtxClssConvertorMap[maxLoi]) + response.setSessionAttribute('agov.recovery.currentAgovAq', '' + maxLoiRoleToCtxClssConvertorMap[maxLoi]) + response.setSessionAttribute('agov.recovery.currentIdVerification', '' + idVerification) + response.setSessionAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + agovAqValidFrom) + + if ((maxLoi == 'level100') && (mustRecover == null)) { + // mustRecover role not set, so code needs to be checked + LOG.debug("Recovery: emailAndCode") + response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:emailAndCode') + response.setResult('needCode') + return + } else { + LOG.debug("Recovery: email") + response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:email') + response.setResult('ok') + return + } + + } else { + LOG.error("Recovery: Failed to convert '${maxLoi}' to AGOVaq") + response.setResult('error') + return + } + } else { + // maxLoi is null + LOG.debug("Recovery: no 'AGOV-Loi'-role assigned to user ${user}") + if ((hasRecoveryRole != null) && (mustRecover == null)) { + response.setResult('notFullyRegistered') + return + } else { + LOG.error("Recovery: no 'AGOV-Loi'-role assigned to user ${user} and no recovery role ") + response.setResult('error') + return + } + } + } else { + // state != ACTIVE and no lasterror should not happen + LOG.error("Recovery: state='${userState}' but not lasterror set") + response.setNote('lasterror', '9909') + response.setNote('lasterrorinfo', 'internal error') + response.setResult('error') + return + } + } catch (Exception e) { + e = StackTraceUtils.sanitize(e) + def affectedLines = e.stackTrace.findAll { it.className.startsWith('Script') }.collect { "${it.methodName}:${it.lineNumber}" } + LOG.error("FATAL: Recovery processing failed (at lines: ${affectedLines})", e) + response.setNote('lasterror', '9909') + response.setNote('lasterrorinfo', 'internal error') + response.setResult('error') + return + } +} + +LOG.error("Recovery: userDto missing or failure before (lasterror='${notes.getProperty('lasterror', '-')}')") +response.setNote('lasterror', '9909') +response.setNote('lasterrorinfo', 'internal error') +response.setResult('error') +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy new file mode 100644 index 0000000..8a31795 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy @@ -0,0 +1,38 @@ +//import ch.nevis.esauth.util.httpclient.api.HttpClients +//import ch.nevis.esauth.util.httpclient.api.Http +import groovy.json.JsonSlurper + +def url = parameters.get('url') + +try { + def jsonSlurper = new JsonSlurper() + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.get().url(url).build().send(httpClient) + LOG.info('Response Message: ' + httpResponse.reasonPhrase()) + LOG.info('Response Status Code: ' + httpResponse.code()) + LOG.info('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + def json = jsonSlurper.parseText(httpResponse.bodyAsString()) + response.setSessionAttribute('agov.recovery.json.accountUrl', json.accountUrl) + response.setSessionAttribute('agov.recovery.json.registrationUrl', json.registrationUrl) + response.setSessionAttribute('agov.recovery.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled)) + response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey) + response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey) + if (session.get('agov.recovery.X-ReCAPTCHA-Integration') == null) { + response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'INVISIBLE') + } else { + response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE') + } + response.setResult('ok') + } else { + LOG.error('Unexcpected HTTP response code: ' + httpResponse.code()) + response.setResult('error') + response.setError(1, 'Unexpected HTTP reponse') + } +} catch (all) { + // Handle exception and set the transition + LOG.error('error: ' + all, all) + response.setResult('error') + response.setError(1, 'Exception during HTTP call') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy new file mode 100644 index 0000000..b5c3c7a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy @@ -0,0 +1,52 @@ +//import ch.nevis.esauth.util.httpclient.api.HttpClients +//import ch.nevis.esauth.util.httpclient.api.Http + +def url = parameters.get('url') +def email = inargs['email'] +def payload = '{ "email": "' + inargs['email'] + '", "action": "LOGIN", "userIp": "' + session.get('agov.recovery.ip') + '", "userAgent": "' + session.get('agov.recovery.userAgent') + '"}' + +LOG.info('Token: ' + inargs['recaptcha_response']) +LOG.info('Integration: ' + session['agov.recovery.X-ReCAPTCHA-Integration']) +LOG.info('Payload: ' + payload) + +try { + + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.post() + .url(url) + .header("Accept", "application/json") + .header("X-ReCAPTCHA-Token", inargs['recaptcha_response']) + .header("X-ReCAPTCHA-Integration", session['agov.recovery.X-ReCAPTCHA-Integration']) + .entity(Http.entity() + .content(payload) + .contentType("application/json") + // .charSet("utf-8") + .build()) + .build() + .send(httpClient) + + LOG.info('Response Message: ' + httpResponse.reasonPhrase()) + LOG.info('Response Status Code: ' + httpResponse.code()) + LOG.info('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + if (httpResponse.bodyAsString().contains('SUCCESSFUL')) { + response.setResult('ok') + return + } else { + + response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE') + response.setResult('exit.1') + return + } + } else { + LOG.error('Unexcpected HTTP response code: ' + httpResponse.code()) + response.setResult('error') + response.setError(1, 'Unexpected HTTP reponse') + } +} catch (all) { + // Handle exception and set the transition + LOG.error('error: ' + all, all) + response.setResult('error') + response.setError(1, 'Exception during HTTP call') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fido2_auth.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fido2_auth.groovy new file mode 100644 index 0000000..188ab89 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fido2_auth.groovy @@ -0,0 +1,151 @@ +import groovy.json.JsonBuilder +import groovy.json.JsonSlurper + +if (inargs.containsKey('cancel_fido2')) { + response.setResult('cancel') + return +} + +def showGui() { + response.setGuiName('recovery_fidokey_auth') // name is the trigger for including the JS + //response.setGuiName('fido2_auth') // name is the trigger for including the JS + response.setGuiLabel('title.login.fido2') + response.addInfoGuiField('info', 'info.login.fido2', null) + response.addHiddenGuiField('authRequestId', 'not used', session['ch.nevis.auth.saml.request.id']) + response.addHiddenGuiField('securityKey', 'not used', session['agov.recovery.securityKey']) + response.addTextGuiField('email', 'email', session['ch.nevis.idm.User.email']) + if (notes.containsKey('lasterrorinfo') || notes.containsKey('lasterror')) { + response.addErrorGuiField('lasterror', notes['lasterrorinfo'], notes['lasterror']) + } + if (parameters.containsKey('cancel')) { + // TODO koenig 20221021: replace with specific label + response.addButtonGuiField('cancel_fido2', 'cancel.login.fido2.button.label', 'true') + } +} + +def getPath() { + if (inargs.containsKey('path')) { // form POST + return inargs['path'] + } + if (inargs.containsKey('o.path.v')) { // AJAX POST + return inargs['o.path.v'] + } + return null +} + +def post(connection, json) { + connection.setRequestMethod("POST") + connection.setRequestProperty("Content-Type", "application/json") + connection.setDoOutput(true) // required to write body + String body = json.toString() + LOG.info("==> Request: ${body}") + connection.getOutputStream().write(body.getBytes()) +} + +String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId'] ?: request.getUserId() ?: notes['userid'] +if (userExtId == null) { + LOG.error("missing extId of nevisIDM user. check your authentication flow.") +} +// without the user extId this script won't work and we can fail with a System Error +Objects.requireNonNull(userExtId) + +def path = getPath() +if (path == null) { + showGui() // POST from JavaScript not received + return +} + +def connection = new URL("https://${parameters.get('fido')}${path}").openConnection() +def json = new JsonBuilder() + +if (path == '/nevisfido/fido2/attestation/options') { + json { + "username" userExtId + "userVerification" "required" + } + post(connection, json) + def responseCode = connection.responseCode +// account without FIDO2 case + if (responseCode == 400) { + def responseText = '''{"status": "ok", + "errorMessage": "", + "fido2SessionId": "270312ae-8d74-4ded-ad89-5310da2d2e6f", + "challenge": "tKCqUM6URnykri1ZFz-3ww", + "timeout": 300000, + "rpId": "agov-d.azure.adnovum.net", + "allowCredentials": [ + { + "type": "public-key", + "id": "WVzzUwxOf-1doTGkrdRHWPDbETTawkULLPsEiwiQwA2AFC4_YgL5OVmJJOT2OulAZSq_tvOfNlMSRKRXyXH2kw", + "transports": [] + } + ], + "userVerification": "preferred"}''' + LOG.info("<== Response: ${responseCode}") + response.setContent(responseText) // return response from nevisFIDO "as-is" + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + return + } + + def responseText = connection.inputStream.text + LOG.info("<== Response: ${responseCode} : ${responseText}") + response.setContent(responseText) // return response from nevisFIDO "as-is" + response.setContentType('application/json') + response.setHttpStatusCode(200) + response.setIsDirectResponse(true) + return +} + +if (path == '/nevisfido/fido2/assertion/result') { + + if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) { + // wrong request, "force" a timeout + LOG.info('authentication timeout enforced, due to concurrent requests') + + response.setIsDirectResponse(true) + response.setContentType('text/html; charset=UTF-8') + response.setContent('Timeout') + response.setHttpStatusCode(205) + response.setHeader('IDP-AUTH', 'Timeout') + + // CONTINUE to keep the other request beeing processed + response.setStatus(AuthResponse.AUTH_CONTINUE) + return + } + + def userHandleValue = userExtId.getBytes().encodeBase64Url().toString() + LOG.info("encoded userHandle: ${userHandleValue}") + json { + "id" inargs['id'] + "type" inargs['type'] + response { + "clientDataJSON" inargs['response.clientDataJSON'] + "authenticatorData" inargs['response.authenticatorData'] + "signature" inargs['response.signature'] + "userHandle" userHandleValue + } + } + post(connection, json) + def responseCode = connection.responseCode + // test if credentials exist + if (responseCode != 400) { + def responseText = connection.inputStream.text + LOG.info("<== Response: ${responseCode} : ${responseText}") + if (responseCode == 200 && new JsonSlurper().parseText(responseText).status == 'ok') { + response.setResult('ok') + return + } + } + //response.setHttpStatusCode(400) + //response.setIsDirectResponse(true) + // DEFINE how to handel error + notes.setProperty('lasterror', '1') + notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed') + response.setResult('error') + return +} + +response.setError(1, "FIDO2 authentication failed") +showGui() \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy new file mode 100644 index 0000000..286500b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy @@ -0,0 +1,23 @@ +import ch.nevis.esauth.auth.engine.AuthResponse +if (inargs['cancel'] == 'cancel') { + //cleanSession() + response.setStatus(AuthResponse.AUTH_ERROR) + response.setTransferDestination('/SAML2/SSO/') + response.setIsRedirectTransfer(true) + return + } +if (inargs['cd'] == null && session['agov.recovery.code'] == null) { + response.setNote('lasterror', '9901') + response.setNote('lasterrorinfo', 'valid on-boarding link required')} +if (inargs['cd'] != null) { + //cleanSession() + response.setSessionAttribute('agov.recovery.code', inargs['cd']) + response.setStatus(AuthResponse.AUTH_CONTINUE) + response.setTransferDestination('/AUTH/RECOVERY/') + response.setIsRedirectTransfer(true) + return + } +if (inargs['cd'] == null && session['agov.recovery.code'] != null) { + response.setResult('exit.1') + return +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy new file mode 100644 index 0000000..f1ad8b2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy @@ -0,0 +1,4 @@ +if (inargs['recovery'] != null && inargs['recovery'] == 'recovery' ) { + response.setResult('ok') + return +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy new file mode 100644 index 0000000..5b5ed6e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy @@ -0,0 +1,41 @@ +//import ch.nevis.esauth.util.httpclient.api.HttpClient; +//import ch.nevis.esauth.util.httpclient.api.HttpClients; +//import ch.nevis.esauth.util.httpclient.api.Http; + +def url = parameters.get('url') +//def payload = parameters.get('json') +//def url = "https://me.agov-d.azure.adnovum.net:48081/utility/api/v1/email/031" +def email = inargs['email'] +def language = session['ch.nevis.session.user.language'] ?: 'en' +def payload = '{ "email": "' + email + '", "language": "' + language + '"}' + +try { + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.post() + .url(url) + .header("Accept", "application/json") + .entity(Http.entity() + .content(payload) + .contentType("application/json") + // .charSet("utf-8") + .build()) + .build() + .send(httpClient) + + LOG.info('Response Message: ' + httpResponse.reasonPhrase()) + LOG.info('Response Status Code: ' + httpResponse.code()) + LOG.info('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + response.setResult('ok') + } else { + LOG.error('Unexcpected HTTP response code: ' + httpResponse.code()) + response.setResult('error') + response.setError(1, 'Unexpected HTTP reponse') + } +} catch (all) { + // Handle exception and set the transition + LOG.error('error: ' + all, all) + response.setResult('error') + response.setError(1, 'Exception during HTTP call') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy new file mode 100644 index 0000000..edc4fe7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy @@ -0,0 +1,129 @@ +import groovy.xml.XmlSlurper +import groovy.json.JsonSlurper +//import ch.nevis.esauth.util.httpclient.api.HttpClients +//import ch.nevis.esauth.util.httpclient.api.Http + + +int getRequestedLevel(String authnContextClassRef, def roleList){ + if (!authnContextClassRef) { + return 100 + } + if (authnContextClassRef && authnContextClassRef.startsWith('urn:qa.agov.ch:names:tc:ac:classes:')) { + def requestedLevel = authnContextClassRef.substring(35) + LOG.debug('authnContextClassRef agov found: ' + requestedLevel) + if (requestedLevel.isNumber()) { + int requestedLevelNumber = Integer.parseInt(requestedLevel) + LOG.debug('contains ' + roleList.contains(requestedLevelNumber)) + if (requestedLevel.isNumber() && roleList.contains(requestedLevelNumber)) { + LOG.debug('Requested role number: ' + requestedLevel) + return requestedLevelNumber + } + } + else return 0 + } + else { + return 0 + } +} + +def session = request.getAuthSession(true) +def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef') +def roleLevels = [100,200,300,400] +def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels) + +//set attribute Requested Role Level +session.setAttribute('agov.requestedRoleLevel', '' + requestedRoleLevelNumber) +LOG.debug('Requested role level (agov) '+ requestedRoleLevelNumber) + +// SAML finisherstate is now available, we can backup it +session.setAttribute('agov.backup.finishers', '' + session.getAttribute('ch.nevis.session.finishers')) + +// Accounting +def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' +def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' +def replacedRequestId = session['agov.replacedRequestId'] ?: '-' +def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown' +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + +def appAddressRequiredWhitelist = ',' + (parameters.get('appAddressRequired.whitelist') ?: '').replaceAll('\\s','') + ',' +def appIsOnappAddressRequiredWhitelist = appAddressRequiredWhitelist.contains(','+requester+',') + +if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) { + response.setResult('error'); + return +} + +try { + def jsonSlurper = new JsonSlurper() + def url = parameters.get('url') + '?entity-id=' + session.get('ch.nevis.auth.saml.request.scoping.requesterId') + LOG.debug('Request url: ' + url) + def httpClient = HttpClients.create(parameters) + def httpResponse = Http.get().url(url).build().send(httpClient) + LOG.debug('Response Message: ' + httpResponse.reasonPhrase()) + LOG.debug('Response Status Code: ' + httpResponse.code()) + LOG.debug('Response: ' + httpResponse.bodyAsString()) + + if (httpResponse.code() == 200) { + def json = jsonSlurper.parseText(httpResponse.bodyAsString()) + LOG.debug('AdressRequired: ' + json.addrRequired) + LOG.debug('SvnrAllowed: ' + json.svnrAllowed) + LOG.debug('appAddressRequiredWhitelist applies: ' + appIsOnappAddressRequiredWhitelist) + + // address will be returned to the application if allowed by connect (json.addrRequired) + // and the authRequest was done with at least AGOVaq 200 + // BITBKAGOVSUP-362: or whitelisted to receive the address + session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appIsOnappAddressRequiredWhitelist))) + + // address will be returned to the application if allowed by connect (json.svnrAllowed) + // and the authRequest was done with at least AGOVaq 300 + session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && requestedRoleLevelNumber >= 300)) + + session.setAttribute('agov.appDisplayNameDE', '' + json.displayNameDe) + session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr) + session.setAttribute('agov.appDisplayNameIT', '' + json.displayNameIt) + session.setAttribute('agov.appDisplayNameEN', '' + json.displayNameEn) + response.setResult('ok') + return + } else { + LOG.warn("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'") + LOG.warn('Unexcpected HTTP response code: ' + httpResponse.code()) + + if ( requestedRoleLevelNumber == 100) { + session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist) + session.setAttribute('agov.appSvnrAllowed', 'false') + response.setResult('ok') + } + else if ( requestedRoleLevelNumber == 200) { + session.setAttribute('agov.appAddressRequired', 'true') + session.setAttribute('agov.appSvnrAllowed', 'false') + response.setResult('ok') + } + else { + response.setResult('error') + response.setError(9071, "Missing meta data for relying party, can't process request") + } + return + } + +} catch (Exception e) { + LOG.error("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'", e) + if ( requestedRoleLevelNumber == 100) { + session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist) + session.setAttribute('agov.appSvnrAllowed', 'false') + response.setResult('ok') + } + else if ( requestedRoleLevelNumber == 200) { + session.setAttribute('agov.appAddressRequired', 'true') + session.setAttribute('agov.appSvnrAllowed', 'false') + response.setResult('ok') + } + else { + response.setResult('error') + response.setError(9072, "Failure while processing meta data for relying party, can't continue processing request") + } + return +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy new file mode 100644 index 0000000..ccb8519 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy @@ -0,0 +1,11 @@ +import ch.nevis.esauth.auth.engine.AuthResponse + +response.setIsDirectResponse(true) +response.setContentType('text/html; charset=UTF-8') +response.setContent('Timeout') +response.setHttpStatusCode(205) +response.setHeader('IDP-AUTH', 'Timeout') + +// CONTINUE to keep the other request beeing processed +response.setStatus(AuthResponse.AUTH_CONTINUE) +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy new file mode 100644 index 0000000..8c2bc9d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_authorization.groovy @@ -0,0 +1,179 @@ +boolean isEnabled() { + def paths = parameters.get("paths") + if (paths && !paths.isEmpty()) { + for (path in paths.split(',')) { + String url = request.currentResource + if (url.matches(path)) { + return true + } + } + } + return false +} + +boolean isLevel(String role) { + if (role != null && role.isNumber()) { + def number = Integer.parseInt(role) + if (number > 0 && number <= 9) { + return true + } + } + return false +} + +int getCurrentLevel() { + int level = 1 // level 1 is reached by definition on successful authentication + // levels are stored as roles once the authentication is done + for (String role : response.getActualRoles()) { + if (isLevel(role)) { + Integer number = Integer.parseInt(role) + if (number > level) { + level = number + } + } + } + LOG.debug("current level: $level") + return level +} + +Integer getRequestedLevel() { + // try to determine required level based on SAML request (SP-initiated) + def context = session['ch.nevis.auth.saml.request.authnContextClassRef'] + if (context == null) { + // this is expected for non-Nevis SAML partners + LOG.debug("unable to determine required authentication level: no AuthnContext") + return null + } + String prefix = 'urn:nevis:level:' + Integer level = null + if (context.contains(prefix)) { + def start = context.indexOf(prefix) // the prefix can appear anywhere in the context but only once + def remainder = context.substring(start + prefix.length()) + for (String candidate : remainder.split(',')) { + if (!candidate.isNumber()) { + continue // must be an actual role + } + def number = Integer.parseInt(candidate) + if (level == null || number < level) { + level = number + } + } + } + if (level == null) { + // an AuthnContext has been sent but it does not contain the required authentication level + LOG.debug("unable to determine required authentication level from request: $context") + } + else { + LOG.info("extracted required authentication level from request: $context -> $level") + } + return level +} + +Integer getRequiredLevel(levels, String issuer) { + // try to determine required level based on request + def level = getRequestedLevel() + if (level != null) { + LOG.info("required authentication level from request: $level") + return level + } + // else determine required level based on configuration (IDP-initiated or no authnContextClassRef sent) + if (issuer != null && levels.containsKey(issuer)) { + level = levels[issuer] + LOG.debug("required authentication level for issuer $issuer defined as $level") + return level + } + // else return null + LOG.debug("required authentication level for issuer $issuer is not defined") + return null +} + +void setAuthnContext() { + def parts = [] as Set + def authLevel = response.getAuthLevel() + if (authLevel != null) { + if (isLevel(authLevel)) { + parts.add("urn:nevis:level:$authLevel") + } + else { // might be legacy auth.weak / auth.strong + parts.add(authLevel) + } + } + for (String role : response.getActualRoles()) { + if (isLevel(role)) { // previous authLevels might have been added to the roles already + parts.add("urn:nevis:level:$role") + } + // levels can also be normal roles so we add them always + parts.add(role) + } + def value = parts.sort().join(",") + LOG.debug("calculated AuthnContextClassRef for SAML Response: $value") + session['saml.idp.response.authncontext'] = value +} + +boolean stepupRequired(levels, String issuer) { + + Integer requiredLevel = getRequiredLevel(levels, issuer) + if (requiredLevel == null) { + LOG.info("unable to determine required authentication level for request from issuer $issuer") + setAuthnContext() + return false + } + + Integer currentLevel = getCurrentLevel() + if (currentLevel >= requiredLevel) { + LOG.info("required authentication level $requiredLevel has been reached (current level $currentLevel)") + setAuthnContext() + return false + } + + LOG.info("required authentication level $requiredLevel has not been reached (current level $currentLevel) - session upgrade needed") + request.setRequiredRoles("$requiredLevel") + return true +} + +boolean hasAnyRequiredRole(i2r, issuer) { + if (issuer != null && i2r.containsKey(issuer)) { + def roles = i2r[issuer] + for (role in response.getActualRoles()) { + if (roles.contains(role)) { + return true + } + } + } +} + +if (!isEnabled()) { + LOG.info("skipping SAML authorization checks.") + response.setResult('ok') // skip execution + return +} + +// issuer set by IdentityProviderState (SP-initiated) +def issuer = session['ch.nevis.auth.saml.request.issuer'] + +// issuer to minimum required authentication level +def i2l = [:] + + +if (stepupRequired(i2l, issuer)) { + LOG.info("authentication level stepup required.") + response.setResult("stepup") + return // we are done for now +} + +// issuer to list of required roles +def i2r = [:] + + +// issuer to ResultCond name +def i2e = [:] +i2e.put('https://trustbroker.agov-d.azure.adnovum.net', 'forbidden_0') + + +if (!i2r.isEmpty() && !hasAnyRequiredRole(i2r, issuer)) { + LOG.info("required roles check failed.") + response.setResult(i2e[issuer]) + return // we are done +} + +response.setResult('ok') \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy new file mode 100644 index 0000000..a380a77 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy @@ -0,0 +1,127 @@ +import groovy.xml.XmlSlurper +import groovy.xml.slurpersupport.GPathResult +import groovy.xml.slurpersupport.NodeChild + +import java.util.zip.Inflater +import java.util.zip.InflaterInputStream + +/** + * Gets the value of the Referer header. + * If the header is missing the fallback is returned + * + * This method is used when SAML IDP / Dispatch Error Redirect is not set + * + * @param fallback - value to return if the Referer header is missing + * @return value of header or fallback + */ +def getReferer(String fallback) { + return request.getHttpHeader('Referer') ?: fallback +} + +def redirect(String url) { + outargs.put('nevis.transfer.type', 'redirect') + outargs.put('nevis.transfer.destination', url) +} + +/** + * Extracts the content of the Issuer element from a parsed SAML message. + * The Issuer is optional according to SAML specification but we need it for dispatching. + * + * @param xml - as parsed by Groovy XmlSlurper + * @return text content of Issuer element converted or null + */ +String getIssuer(GPathResult xml) { + return (xml.depthFirst().find { GPathResult node -> "Issuer".equalsIgnoreCase(node.name()) } as NodeChild)?.text() +} + +String getIssuer(String value) { + def parser = new XmlSlurper() + byte[] decoded = value.decodeBase64() + String text = new String(decoded) + if (text.startsWith("<")) { + LOG.debug("assuming POST binding") + // plain String (POST parameter) + def xml = parser.parseText(text) + return getIssuer(xml) + } + else { + LOG.debug("assuming redirect binding") + // should be deflate encoded (query parameter) + def is = new InflaterInputStream(new ByteArrayInputStream(decoded), new Inflater(true)) + def xml = parser.parse(is) + return getIssuer(xml) + } +} + +def dispatchIssuer(i2s, String issuer) { + def result = i2s.get(issuer) + if (result == null) { + LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.") + } + response.setResult(result) + session.put("saml.inbound.issuer", issuer) + session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message +} + +def dispatchMessage(i2s, String message) { + def issuer = getIssuer(message) + if (issuer == null) { + LOG.info("No issuer found in incoming SAML message. Giving up.") + } + session.put("saml.inbound.issuer", issuer) + dispatchIssuer(i2s, issuer) +} + +if (parameters.get('logoutConfirmation') == 'true' && "stepup" == request.getMethod()) { + String url = request.currentResource + def path = new URL(url).getPath() + if (path.endsWith("/logout")) { + // next AuthState will show a logout confirmation GUI + response.setResult('confirm') + return + } +} + +// ensure session exists +if (request.getSession(false) == null) { + session = request.getSession(true).getData() +} + +// issuer (any case) -> ResultCond name +def i2s = new TreeMap(String.CASE_INSENSITIVE_ORDER) + + +i2s.put('https://trustbroker.agov-d.azure.adnovum.net', 'state0') + +if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication + LOG.debug("found SAMLRequest parameter for SP-initiated authentication") + String message = inargs.get('SAMLRequest') + dispatchMessage(i2s, message) + return +} + +if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logout + LOG.debug("found SAMLResponse parameter") + String message = inargs.get('SAMLResponse') + dispatchMessage(i2s, message) + return +} + +String issuer = inargs['Issuer'] ?: inargs['issuer'] +if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication + LOG.debug("found Issuer parameter for IDP-initiated authentication") + dispatchIssuer(i2s, issuer) + return +} + +// used as fallback in case of ?logout (we need an IdentityProviderState) +if (inargs.containsKey("logout") && session.containsKey('saml.idp.result')) { + def result = session.get('saml.idp.result') + LOG.debug("dispatching to last used ResultCond: $result") + response.setResult(result) + return +} + +def location = getReferer('/') +LOG.info("Unable to dispatch request. Giving up and redirecting (back) to $location") +redirect(location) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_logout_confirm.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_logout_confirm.groovy new file mode 100644 index 0000000..8f7202b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_logout_confirm.groovy @@ -0,0 +1,64 @@ +def redirect(location) { + outargs.put('nevis.transfer.type', 'redirect') + outargs.put('nevis.transfer.destination', location) +} + +def getReturnURL() { + if (inargs.containsKey('return')) { + return inargs.get('return') + } + // determine returnURL based on Referer header (if present and not pointing to this page) + def referer = request.getHttpHeader('Referer') + if (referer == null) { + LOG.debug('no Referer header found') + return null + } + // strip query String for comparison + String previous = referer.contains('?') ? referer.substring(0, referer.indexOf("?")) : referer + def current = request.getCurrentResource() + if (current.startsWith(previous)) { + LOG.debug("Referer header $referer cannot be used as return URL - cyclic redirect") + return null + } + return referer +} + +if (inargs.containsKey('logout-confirm')) { + def current = request.getCurrentResource() + // user has confirmed logout -> replace /logout with /?logout + String location + if (current.contains('?')) { + location = current.replace("/logout?", "/?logout&") + } + else { + location = current.replace("/logout", "/?logout") + } + redirect(location) + return +} + +if (inargs.containsKey('logout-abort')) { + // user has aborted logout -> redirect to stored return URL + def location = session.get('logout-abort-url') + redirect(location) + return +} + +// user has not clicked any button -> render GUI +response.setGuiName('saml_logout_confirm') +response.setGuiLabel('title.logout.confirmation') +// not setting a target as the API has been removed +response.addInfoGuiField('info', 'info.logout.confirmation', null) +response.addButtonGuiField('logout-confirm', 'continue.button.label', 'true') + +def returnURL = getReturnURL() + +if (returnURL != null) { + // store return URL in session + session.put('logout-abort-url', returnURL) +} + +if (session.containsKey('logout-abort-url')) { + // add cancel button to go back + response.addButtonGuiField('logout-abort', 'cancel.button.label', 'true') +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy new file mode 100644 index 0000000..9e7ba1f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy @@ -0,0 +1,31 @@ +def EMAIL_REGEXP = '^(([^<>()\\[\\]\\\\\\.,;:\\s@"]+(\\.[^<>()\\[\\]\\\\\\.,;:\\s@"]+)*)|(\\.\\+))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$' + + +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + + +if ( inargs['cancelFido2'] && inargs['cancelFido2'] == 'cancelFido2') { + response.setResult('cancel') + return +} + +if ( inargs['authRequestId'] && inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'] ) { + response.setResult('timeout') + return +} + +if ( inargs['submit'] && inargs['submit'] == 'submit' ) { + if (inargs['userInputValue_prompt.email'] && inargs['userInputValue_prompt.email'].matches(EMAIL_REGEXP)) { + response.setResult('verifyEmail') + return + } else { + LOG.warn("User attempted to bypass frontend emailvalidation with inavlid email: '${inargs['userInputValue_prompt.email']}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + request.getInArgs().setProperty('userInputValue_prompt.email', 'inavalid@email.org') + response.setResult('stay') + return + } +} + +response.setResult('stay') +return diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchRecoveryEmailInput.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchRecoveryEmailInput.groovy new file mode 100644 index 0000000..dfa418a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/sanitizeAndDispatchRecoveryEmailInput.groovy @@ -0,0 +1,25 @@ +def EMAIL_REGEXP = '^(([^<>()\\[\\]\\\\\\.,;:\\s@"]+(\\.[^<>()\\[\\]\\\\\\.,;:\\s@"]+)*)|(\\.\\+))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$' + + +def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' +def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' + +if (inargs['cancel'] && inargs['cancel'] == 'cancel') { + response.setResult('cancel') + return +} + +if ( inargs['continue'] && inargs['continue'] == 'continue' ) { + if (inargs['email'] && inargs['email'].matches(EMAIL_REGEXP)) { + response.setResult('verifyEmail') + return + } else { + LOG.warn("User attempted to bypass frontend emailvalidation with inavlid email: '${inargs['email']}', SourceIp=${sourceIp}, UserAgent='${userAgent}'") + request.getInArgs().setProperty('email', 'inavalid@email.org') + response.setResult('stay') + return + } +} + +response.setResult('stay') +return \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/log/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/plugin/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/plugin/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/run/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/run/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/status.sh b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/status.sh new file mode 100755 index 0000000..0569031 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/status.sh @@ -0,0 +1,79 @@ +#!/bin/bash +# +# NAME +# status.sh - Checks the status of the nevisAuth instance. +# +# SYNOPSIS +# status.sh +# +# DESCRIPTION +# Performs periodic checks until the instance is up or broken or timeout is reached. +# The script terminates when the process of the instance stops running. +# There are no arguments for this script. +# +# EXIT CODES +# 0 Instance is up. +# 1 Instance process is not running. +# 2 Instance is broken. +# 3 Timeout reached. + +# Defines how much we should sleep between checking if the instance is up. +interval=1 +# Defines how much we should wait the instance to start up until we give up and exit. +timeout=70 +((end_time=${SECONDS}+$timeout)) + +# Checks if the process of the instance is still running. +# Arguments: +# None +# Returns: +# In case it is running, returns 0, otherwise non-zero (exit code of systemctl). +isProcessRunning() { + systemctl is-active --quiet nevisauth@default + IS_RUNNING=$? + return $IS_RUNNING +} + +# Checks if the instance is up. (Attempts connecting to the instance) +# Arguments: +# None +# Returns: +# If the connection was successful and the instance up (is not broken), returns 0. +# If the connection was not successful, returns 1. +checkInstance() { + lsof -i :8991 -sTCP:LISTEN + EXIT_CODE=$? + return $EXIT_CODE +} + +# This function encapsulates the logic of checking if the process is running and if the instance is up. +# In case the process is not running, exits with exit code 1. +# Arguments: +# None +# Returns: +# If the instance process is running, returns the result of the instance check function. +check() { + if isProcessRunning + then + checkInstance + CS=$? + return $CS + else + echo "Process is not running." + exit 1 + fi +} + +# Check the status of the instance periodically. +while ((${SECONDS} < ${end_time})) +do + sleep ${interval} + if check + then + echo "Instance is up." + exit 0 + fi +done + +echo "Exceeded check timeout (70s). Instance is down." +exit 3 \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/tmp/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-client-identity-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-client-identity-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..8f87775 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-client-identity-ca92034f995b39fde562293c.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "fido-uaf-default-client-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + cn: "fido-uaf" + usage: "" + san: + dns: + - "fido-uaf" + - "fido-uaf.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-identity-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-identity-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..a67fdc0 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-identity-ca92034f995b39fde562293c.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "fido-uaf-default-server-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + cn: "fido-uaf" + usage: "" + san: + dns: + - "fido-uaf" + - "fido-uaf.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-trust-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-trust-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..0369e08 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-default-server-trust-ca92034f995b39fde562293c.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido-uaf-default-server-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + keystores: + - name: "idm-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-fido-uaf-extended-frontent-truststore-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-fido-uaf-extended-frontent-truststore-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..3812173 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-fido-uaf-extended-frontent-truststore-ca92034f995b39fde562293c.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido-uaf-fido-uaf-extended-frontent-truststore" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + keystores: [] + extraCerts: + - "- Swiss Goverment Root CA II\n-----BEGIN CERTIFICATE-----\nMIIIODCCBiCgAwIBAgIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG9w0BAQsFADCB\npzELMAkGA1UEBhMCQ0gxOzA5BgNVBAoTMlRoZSBGZWRlcmFsIEF1dGhvcml0aWVz\nIG9mIHRoZSBTd2lzcyBDb25mZWRlcmF0aW9uMREwDwYDVQQLEwhTZXJ2aWNlczEi\nMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEkMCIGA1UEAxMbU3dp\nc3MgR292ZXJubWVudCBSb290IENBIElJMB4XDTExMDIxNjA5MDAwMFoXDTM1MDIx\nNjA4NTk1OVowgacxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBB\ndXRob3JpdGllcyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMI\nU2VydmljZXMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAi\nBgNVBAMTG1N3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJSTCCAiIwDQYJKoZIhvcN\nAQEBBQADggIPADCCAgoCggIBAKksEu2/wCLphugcN4KDm2gFbxbjiKgBD8txnn9H\nkEvMJXfI8NdpLpFoVyGysgchM+5MpDclmEy0RjJO1vlri1GK7yw38pjV9dS0t+cA\nyu/BE16Uq267nL36a4+r+B42Vmk4ZjrQ9DMNADkCqMUcCyG3XCAMYdCtrs6OXtk6\n6d7/R3x4Vw4ccfRgHN3bmhgpr9mAo5+FhGMzke+9dO7dA3rI+uCE5tm9Tn76bk92\n0V0+qOiHRZB5862u9cJdEU0p94gTydWTcwGr3e39r3f7aU7vj1Icz/UsWmzs/oKb\n23w5q3UjfjiQT5SOLWJYnvfncvyUW3JWxZ2jrqu1tsDXdlAAPD9HiJJaYNS/Mhum\nlEANdnnpPM7ksx3HjPXohjG52CtQSoASidcsUIDmZy+2k5ytrAVSIlMgmQ69l8bh\n2nOpHYnyxFnmh+ZWKw6VAhqHxnn+mWrpdOzwEvkUKCCVljovXVe1b/+TvLYoaiyk\nKHhGYa9BJKTz+gSO8YoZopFz4nePtKf5nP9uUey9H5YT6GORXodob+vYfC4QT1AY\nkMe3dO8zwIHfM+MakytVBCx80iu3Ywz+rXu9tjqXuT0DI3RzA6YsWQBs1dXo7K9C\nzNN/cItgYOeyoLaKUkz+CpbLzzqwWAjuHELJhndCbj+0rJAAWEIcQMRuuEXIvDM2\n370nAgMBAAGjggJcMIICWDAPBgNVHRMBAf8EBTADAQH/MIGdBgNVHSAEgZUwgZIw\ngY8GCGCFdAERAxUBMIGCMEQGCCsGAQUFBwIBFjhodHRwOi8vd3d3LnBraS5hZG1p\nbi5jaC9jcHMvQ1BTXzJfMTZfNzU2XzFfMTdfM18yMV8xLnBkZjA6BggrBgEFBQcC\nAjAuGixUaGlzIGlzIHRoZSBTd2lzcyBHb3Zlcm5tZW50IFJvb3QgQ0EgSUkgQ1BT\nLjCBjwYDVR0fBIGHMIGEMIGBoH+gfYZ7bGRhcDovL2FkbWluZGlyLmFkbWluLmNo\nOjM4OS9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBSb290JTIwQ0ElMjBJSSxvdT1D\nZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9U2VydmljZXMsbz1BZG1pbixj\nPUNIMB0GA1UdDgQWBBTlhG+JaT12ABd/wau9rl/BfbrhYjAOBgNVHQ8BAf8EBAMC\nAQYwgeMGA1UdIwSB2zCB2IAU5YRviWk9dgAXf8Grva5fwX264WKhga2kgaowgacx\nCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBBdXRob3JpdGllcyBv\nZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMIU2VydmljZXMxIjAg\nBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAiBgNVBAMTG1N3aXNz\nIEdvdmVybm1lbnQgUm9vdCBDQSBJSYIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG\n9w0BAQsFAAOCAgEAgzdXdck4UL9BBpZwwtnH17BaAM2jQE/T0vmKh5GyictdpLxv\nTz5U9so8s8RMi8c+9NnEYt3HVZ7R+dJE5x5Pz+juKxyoAfAzB/vhOxTTz1CRXtjq\nQsZ5WIWq+9zbcMqV+fQOYgJwaUQtaE/RcOooUma3cd4l6KGnb7ChJsfXyiBk3MBz\nPBCiFB70rcE+FJA5NmOIbyjgYKWR92Lkms/StXGeXTv2mSztkToInLSEhUnj4bqm\ntmiztrZPS1xTCldsoQeS9mKeqPqK1vNrpw+yK2a9r0JHCE/o13yfhg/6WoO+LW8A\nBLV2hxav3U86lrQ0V7fi/0H/3kIcZsWF68JyH7gcTu4X8mLvCgSsm6uh8u7uokAk\nHEfeQosYtKlXs088YjIcrWxErbzVHGM4Pckzpvu8KDdERuN6YvqASDXinhuIGUyz\nQf3ud+BZgBphHjWkQXqzwY1E6cUhWems00TKdoU2FEYKHhY0psQ0d8OCOEghAv4S\nbNrX6rDs9s0szPObCmOA0/ULfQQthA3C2Uwrl/HVVPePswrivVg8mfKvORuQ+Tvn\nt0XnWmp9wZ8UbzBXmBmgB0Pr7tEIhtdJnBIKADsPp0GxSquQs9S9CeeID54kDiv7\nYT1VmdNY5LjHffQVTWUOGHlBybvpmsFZGEQ0YtXoOHvKhRiYhnnNfbpH25U=\n-----END CERTIFICATE-----\n" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..7eb820e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml @@ -0,0 +1,63 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "fido-uaf" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + type: "NevisFIDO" + replicas: 1 + version: "7.2402.1" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + rest: 9443 + management: 9089 + resources: + limits: + cpu: "1000m" + memory: "1000Mi" + requests: + cpu: "100m" + memory: "700Mi" + livenessProbe: + management: + httpGet: + path: "/nevisfido/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + readinessProbe: + management: + httpGet: + path: "/nevisfido/health" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf" + credentials: "git-credentials" + database: + name: "fido-uaf" + requiredVersion: "7.2402.1" + keystores: + - "fido-uaf-default-server-identity" + - "fido-uaf-default-client-identity" + truststores: + - "fido-uaf-default-server-trust" + - "fido-uaf-fido-uaf-extended-frontent-truststore" + - "fido-uaf-internal-idp-auth-signer-trust" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" + secrets: + inv-res-secret: + - "a78926e06a159811ee15c224-bdd107d2" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml new file mode 100644 index 0000000..debd70c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido-uaf-internal-idp-auth-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" + - name: "auth-sts-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml new file mode 100644 index 0000000..ee0ade3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml @@ -0,0 +1,26 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisDatabase" +metadata: + name: "fido-uaf" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido-uaf" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "9385d1b33aefe975fb1c5914" +spec: + type: "NevisFIDO" + databaseType: "MariaDB" + version: "7.2402.1" + url: "mariadb-agov-dev-gp.mariadb.database.azure.com" + port: 3306 + database: "nevisfido_uaf" + bootstrap: true + migrate: true + rootCredentials: + name: "root-adn-agov-nevisidm-01-dev-idm" + namespace: "adn-agov-nevisidm-01-dev-idm" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/nevisfido_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/nevisfido_default.yml new file mode 100644 index 0000000..8374fb5 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/nevisfido_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisfido" + name: "default" + directory: "/var/opt/nevisfido/default" + pid: "systemctl show nevisfido@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/ca92034f995b39fde562293c" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "ca92034f995b39fde562293c" + patternClass: "ch.nevis.admin.v4.plugin.nevisfido.deployable.patterns.NevisFIDODeployable" + resources: + ports: + - "0.0.0.0:9443" + control: + start: "systemctl restart nevisfido@default" + stop: "systemctl stop nevisfido@default" + status: "systemctl status nevisfido@default" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json new file mode 100644 index 0000000..645ac78 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/agov-test-f666836d3cb4.json @@ -0,0 +1,12 @@ +{ + "type": "service_account", + "project_id": "agov-test", + "private_key_id": "f666836d3cb492a4522c0a8643f8c66453711213", + "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJLoawpXjS/iL8\nSZxu6O1nsBfOb640eCzD76hKNf37WfBnwbbUkHAONQHfNqSWzeSLXU+JPiOpNERG\nl8OtmV5/j5gZACCeE+dt283QR3was6rvwi97lmgwkfazs+J7ZLnOm2EGPXVWPgTf\nyr6joyufNZsrIgKuBLmviQ9FSt82yj5CeTxjBNyI41xwusZjDR0ftg7Fr1M8ySDy\nizup9/nMX24ALPmwcbJ6FK0Mdj2XmW1POD2BkojHEsYimq4NqaJM8xs3eW+U0NbW\nOVzKpOjuQ/agt0TIm3+nYp7YQMGehp23Efz2gLIYYgkGgT1mTgfAGwVRMLlzLqGe\nTa5fevWhAgMBAAECggEAErVKRmk+1v0Vxwj33Hr537lo/1QUmrG9tPNHfq4uagYr\nNFTX4gSz/Og6PjX8QH9RRFH3LFusUIbpHfjtNAql9l4FrnZ78gNHE0jcRuTs4iVI\nzS6tQHSESBb8vmmJE0Eyw6cgksZaj9xo0uBNUdWBwBaJsU1Ce0j6dPu9gSu1Heiu\npiimccnQVi8fuarA3ixagIU9ONjbzx2H+pgz0fs5Uir38fzU4+JtGqMZbIyUhfND\nTCgn9lL8QVHFDOwmfsCZpWysO6W/jtlQpXcjm4cTZs3Fsc7I+XrezRAGfEXfkz78\nGFDpPHmQs0X3bprjLNXNrY/F/vZl7n3GY+eEv6mTSQKBgQD0c2Zvmn6bzlaL6JRZ\njgk3k6TRJa+yChKgxLvzk5WE8otPgcKRFYw0UTvRH1gdra742/ozXSU5/LCYqxEN\ngXCE6VRwrtn2bt2o1hYU/U/1KkyOs102pEl7YZA8KEzVzsqg3El36fzcKEz4fNl1\nddztxG4skKvfhVBNrMxp+hlzuQKBgQDSr8rtvVMBbluxQw50OmyNaH/KSe4jXXid\n4eMHKNbPi9kfopOO/qME1U3ytqbLENEsMrPAQ+GSWCW0e1NRIQvSJnNzf2ie3umm\nWKdClhohj/H8vYi7pZWeY9+1uc3L7zcby4z1Vehf9IR0q/CY2LGPH1MT2uB7MHyJ\nrAU7oVNVKQKBgQCwChsO7BeZZLL29ns/MwZ4O59J7vXkJVTc6lDgTLw0jea9Txkr\nGnVph8aoBwaR+O400VYRf1a7t7oFd8xECZ9aWB4zN/hHe/etCt/EJdhbGicf7ROH\nsjAo5k3UxMDwiIdr6LgP3zX15h/oIyEHceW0ZO1ispzTz1HRXkunVjDWIQKBgG7K\ncJ0KJP8oqGET0SL/ohvOavzWWbsRKR9lLLyUFjn34YqINK5KazFcdev/bsB0LHrg\ngrPFPnZ1kgZRn+OWzB+LhsSiqEJ7GEUYc4RJaJ5jkq4EgUWj8oTjIj3u4jCur70X\nEh3lOhhTfd/YluHZea24nDhhrhA51BOVeP79e9PZAoGAQHLGk70NNgH3QlmQHQD9\n/ohxOuPYPkD9PNYtSJalpjLbGyOSv05BNCvIsNgA3Oj5qnfHt8R38GChGywIKi65\nHPjVWAd88X2w5zHtTiVpLFCoAzQyLFFbe1FZJHkUZaJ6LXt0Q2ewz7/IyDpdFx1Y\nRh2CJlCcL8bTdWHLjwIreHk=\n-----END PRIVATE KEY-----\n", + "client_email": "agov-dev@agov-test.iam.gserviceaccount.com", + "client_id": "115473580705560962155", + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/agov-dev%40agov-test.iam.gserviceaccount.com" +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf new file mode 100644 index 0000000..6986fb2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf @@ -0,0 +1,11 @@ +RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml" + +JAVA_OPTS=( + "-XX:+UseContainerSupport" + "-XX:MaxRAMPercentage=80.0" + "-Dignore.me" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" +) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml new file mode 100644 index 0000000..20aafc8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml @@ -0,0 +1,27 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[nevisfido.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisfido/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "ch.nevis.auth.fido.application.Application" + level: "INFO" + - name: "ch.nevis.auth.fido.api.uaf" + level: "DEBUG" + - name: "jcan.Op" + level: "DEBUG" + - name: "org.springframework.web.filter.CommonsRequestLoggingFilter" + level: "DEBUG" + Root: + level: "INFO" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json new file mode 100644 index 0000000..eedb085 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json @@ -0,0 +1,186 @@ +[ + { + "aaid" : "F1D0#0001", + "description" : "Android NEVIS Mobile Authentication PIN Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 4 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 9, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 1, + "matcherProtection" : 1, + "publicKeyAlgAndEncoding" : 256, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#0002", + "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 2 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 9, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 4, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 256, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#0003", + "description" : "Android NEVIS Mobile Authentication Biometric Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 346 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 9, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 4, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 256, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#0004", + "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 132 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 9, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 4, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 259, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#1001", + "description" : "iOS NEVIS Mobile Authentication PIN Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 4 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 2, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 1, + "matcherProtection" : 1, + "publicKeyAlgAndEncoding" : 257, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#1002", + "description" : "iOS NEVIS Mobile Authentication Fingerprint Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 2 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 2, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 6, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 257, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#1003", + "description" : "iOS NEVIS Mobile Authentication Face Recognition Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 16 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 2, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 6, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 257, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + }, + { + "aaid" : "F1D0#1004", + "description" : "iOS NEVIS Mobile Authentication Device Passcode Authenticator", + "assertionScheme" : "UAFV1TLV", + "attestationRootCertificates" : [], + "attestationTypes" : [ 15880 ], + "upv" : [ { + "major" : 1, + "minor" : 1 + } ], + "userVerificationDetails" : [ [ { + "userVerification" : 4 + } ] ], + "attachmentHint" : 1, + "authenticationAlgorithm" : 2, + "authenticatorVersion" : 1, + "isSecondFactorOnly" : false, + "keyProtection" : 6, + "matcherProtection" : 2, + "publicKeyAlgAndEncoding" : 257, + "tcDisplay" : 1, + "tcDisplayContentType" : "text/plain" + } +] \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml new file mode 100644 index 0000000..478f2ac --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml @@ -0,0 +1,116 @@ +server: + port: 9443 + host: 0.0.0.0 + protocol: https + tls: + keystore: /var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12 + keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass} + keystore-type: pkcs12 + truststore: /var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass} + truststore-type: pkcs12 + +management: + server: + port: 9089 + healthchecks: + enabled: true + +credential-repository: + type: nevisidm + rest-url: https://idm:8989/nevisidm + administration-url: https://idm:8989/nevisidm/services/v1_46/AdminService + keystore: /var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12 + keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass} + keystore-type: pkcs12 + truststore: /var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass} + truststore-type: pkcs12 + admin-service-version: v1_46 + client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720 + user-attribute: extId + +session-repository: + type: sql + jdbc-url: jdbc:mariadb://mariadb-agov-dev-gp.mariadb.database.azure.com:3306/nevisfido_uaf?sslMode=disable&autocommit=true + max-connection-lifetime: 10m + user: ${exec:/var/opt/nevisfido/default/conf/credentials/dbUser} + password: ${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword} + schema-user: + schema-user-password: + automatic-db-schema-setup: false + +fido-uaf: + enabled: true + app-id: https://auth.agov-d.azure.adnovum.net/nevisfido/uaf/1.1/facets + facets: + - android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI + - ios:bundle-id:ch.agov.accessapp.t + - android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE + - ios:bundle-id:ch.agov.accessapp + - android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk + - android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg + metadata: + path: conf/metadata/metadata.json + policy: + path: conf/policy/ + timeout: + registration: 600s + authentication: 600s + token-registration: 180s + token-authentication: 180s + token-deregistration: 600s + transaction-confirmation: + max-text-length: 2000 + authorization: + registration: + type: sectoken + truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass} + truststore-type: pkcs12 + username-attribute-names: + - loginId + - userid + authentication: + type: none + deregistration: + type: sectoken + truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass} + truststore-type: pkcs12 + username-attribute-names: + - loginId + - userid + create-dispatch-target: + type: sectoken + truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass} + truststore-type: pkcs12 + username-attribute-names: + - loginId + - userid + query-dispatch-target: + type: none + delete-dispatch-target: + type: sectoken + truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass} + truststore-type: pkcs12 + username-attribute-names: + - userid + dispatchers: + - type: "firebase-cloud-messaging" + dry-run: false + service-account-json: "inv-res-secret://a78926e06a159811ee15c224-bdd107d2" + registration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/registration" + authentication-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/authentication" + deregistration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/deregistration" + - type: "png-qr-code" + registration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/registration" + authentication-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/authentication" + deregistration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/deregistration" + - type: "link" + registration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/registration" + authentication-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/authentication" + deregistration-redeem-url: "https://auth.agov-d.azure.adnovum.net/nevisfido/token/redeem/deregistration" + base-url: "ch.agov.access-t://x-callback-url/authenticate" \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties new file mode 100644 index 0000000..3fd0432 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name=fido-uaf +otel.traces.exporter=none +otel.metrics.exporter=none +otel.logs.exporter=none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json new file mode 100644 index 0000000..940439f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/biometrics_only.json @@ -0,0 +1,24 @@ +{ + "accepted": [ + [ + { + "aaid": ["F1D0#0002"] + } + ], + [ + { + "aaid": ["F1D0#0003"] + } + ], + [ + { + "aaid": ["F1D0#1002"] + } + ], + [ + { + "aaid": ["F1D0#1003"] + } + ] + ] +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/default.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/default.json new file mode 100644 index 0000000..3e043e9 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/default.json @@ -0,0 +1,44 @@ +{ + "accepted": [ + [ + { + "aaid": ["F1D0#0001"] + } + ], + [ + { + "aaid": ["F1D0#0002"] + } + ], + [ + { + "aaid": ["F1D0#0003"] + } + ], + [ + { + "aaid": ["F1D0#0004"] + } + ], + [ + { + "aaid": ["F1D0#1001"] + } + ], + [ + { + "aaid": ["F1D0#1002"] + } + ], + [ + { + "aaid": ["F1D0#1003"] + } + ], + [ + { + "aaid": ["F1D0#1004"] + } + ] + ] +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json new file mode 100644 index 0000000..9f56c78 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/policy/pin_only.json @@ -0,0 +1,14 @@ +{ + "accepted": [ + [ + { + "aaid": ["F1D0#0001"] + } + ], + [ + { + "aaid": ["F1D0#1001"] + } + ] + ] +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/status.py b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/status.py new file mode 100644 index 0000000..a5c9bae --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/status.py @@ -0,0 +1,47 @@ +import sys +import time +import urllib.request, urllib.error, urllib.parse + +health_endpoint = 'http://localhost:9089/nevisfido/health' +log_file_path = '/var/opt/nevisfido/default/log/nevisfido.log' + +# Calls nevisFIDO's health check endpoint repeatedly to determine whether it is up and running +# Returns True if the service is available or False otherwise +def is_nevisfido_healthy(): + for timeout in [0.1, 2, 4, 8, 16, 30]: + try: + time.sleep(timeout) + response = urllib.request.urlopen(health_endpoint) + if response.getcode() == 200: + return True + except urllib.error.URLError: + continue + return False + +# Parses the nevisFIDO logs for the last error registered and raises and exception about it. +def raise_last_error_in_log(): + event_buffer = [] + for line in reversed(open(log_file_path).readlines()): + stripped_line = line.rstrip() + event_buffer.append(stripped_line) + if '[main] ERROR' in stripped_line: + raise Exception('\n'.join(reversed(event_buffer))) + break + # Log events (by default) starts with logging the time in the following format: '2019-11-04 12:44:45,071 21512 [main]' + # but these events can be multi-lined. + # We check here whether the current line is a start of a new event - in which case we flush the buffer. + if is_year(stripped_line[:4]): + event_buffer = [] + +# This method returns True if the provided string can be parsed to a year (4 digit int), or False otherwise. +def is_year(str): + try: + return int(str) > 999 and int(str) < 10000 + except ValueError: + return False + +if is_nevisfido_healthy(): + sys.exit(0) +else: + raise_last_error_in_log() + sys.exit(1) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/log/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/tmp/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-client-identity-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-client-identity-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..b18a58a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-client-identity-087f275433f3973a1421318f.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "fido2-default-client-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + cn: "fido2" + usage: "" + san: + dns: + - "fido2" + - "fido2.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-identity-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-identity-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..d7bb8e5 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-identity-087f275433f3973a1421318f.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "fido2-default-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + cn: "fido2" + usage: "" + san: + dns: + - "fido2" + - "fido2.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-server-trust-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-server-trust-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..210aef1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-server-trust-087f275433f3973a1421318f.yaml @@ -0,0 +1,12 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido2-default-server-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + keystores: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..83e5c5c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml @@ -0,0 +1,12 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido2-default-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + keystores: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-tls-client-trust-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-tls-client-trust-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..39a7285 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-tls-client-trust-087f275433f3973a1421318f.yaml @@ -0,0 +1,12 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "fido2-default-tls-client-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + keystores: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido-fido2-database-3e9b024326987a3fad17a38f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido-fido2-database-3e9b024326987a3fad17a38f.yaml new file mode 100644 index 0000000..f0daec3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido-fido2-database-3e9b024326987a3fad17a38f.yaml @@ -0,0 +1,26 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisDatabase" +metadata: + name: "fido2" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "3e9b024326987a3fad17a38f" +spec: + type: "NevisFIDO" + databaseType: "MariaDB" + version: "7.2402.1" + url: "mariadb-agov-dev-gp.mariadb.database.azure.com" + port: 3306 + database: "nevisfido_fido2" + bootstrap: true + migrate: true + rootCredentials: + name: "root-adn-agov-nevisidm-01-dev-idm" + namespace: "adn-agov-nevisidm-01-dev-idm" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml new file mode 100644 index 0000000..a40489a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml @@ -0,0 +1,60 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "fido2" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "fido2" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" +spec: + type: "NevisFIDO" + replicas: 1 + version: "7.2402.1" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 9089 + https: 9443 + resources: + limits: + cpu: "1000m" + memory: "1000Mi" + requests: + cpu: "100m" + memory: "700Mi" + livenessProbe: + management: + httpGet: + path: "/nevisfido/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + readinessProbe: + management: + httpGet: + path: "/nevisfido/health" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2" + credentials: "git-credentials" + database: + name: "fido2" + requiredVersion: "7.2402.1" + keystores: + - "fido2-default-identity" + - "fido2-default-client-identity" + truststores: + - "fido2-default-tls-client-trust" + - "fido2-default-signer-trust" + - "fido2-default-server-trust" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/nevisfido_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/nevisfido_default.yml new file mode 100644 index 0000000..b5144a1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/nevisfido_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisfido" + name: "default" + directory: "/var/opt/nevisfido/default" + pid: "systemctl show nevisfido@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/087f275433f3973a1421318f" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "087f275433f3973a1421318f" + patternClass: "ch.nevis.admin.v4.plugin.fido2.patterns.NevisFIDODeployable" + resources: + ports: + - "0.0.0.0:9443" + control: + start: "systemctl restart nevisfido@default" + stop: "systemctl stop nevisfido@default" + status: "systemctl status nevisfido@default" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf new file mode 100644 index 0000000..38a74f2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf @@ -0,0 +1,10 @@ +RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml" + +JAVA_OPTS=( + "-XX:+UseContainerSupport" + "-XX:MaxRAMPercentage=80.0" + "-javaagent:/opt/agent/opentelemetry-javaagent.jar" + "-Dotel.javaagent.logging=application" + "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" + "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME" +) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml new file mode 100644 index 0000000..b4c5bce --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml @@ -0,0 +1,21 @@ +Configuration: + monitorInterval: 60 + Appenders: + Console: + - name: "SERVER" + target: "SYSTEM_OUT" + PatternLayout: + pattern: "[nevisfido.log] %d{ISO8601} %-15.15t %mdc{trace_id} %mdc{span_id} %-40.40c %-5.5p %m%n" + RegexFilter: + regex: ".*GET /nevisfido/liveness.*" + onMatch: "DENY" + onMismatch: "ACCEPT" + Loggers: + Logger: + - name: "ch.nevis.auth.fido.application.Application" + level: "INFO" + Root: + level: "DEBUG" + additivity: "false" + AppenderRef: + - ref: "SERVER" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml new file mode 100644 index 0000000..1e99cf1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml @@ -0,0 +1,51 @@ +server: + port: 9443 + protocol: https + tls: + keystore: /var/opt/keys/own/fido2-default-identity/keystore.p12 + keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-identity/keypass} + keystore-type: pkcs12 + +management: + server: + port: 9089 + healthchecks: + enabled: true + +credential-repository: + type: nevisidm + client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720 + rest-url: https://idm:8989/nevisidm + keystore: /var/opt/keys/own/fido2-default-client-identity/keystore.p12 + keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-client-identity/keypass} + truststore: /var/opt/keys/trust/fido2-default-server-trust/truststore.p12 + truststore-passphrase: ${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass} + user-attribute: extId + +session-repository: + type: sql + jdbc-url: jdbc:mariadb://mariadb-agov-dev-gp.mariadb.database.azure.com:3306/nevisfido_fido2?sslMode=disable&autocommit=true + max-connection-lifetime: 10m + user: ${exec:/var/opt/nevisfido/default/conf/credentials/dbUser} + password: ${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword} + schema-user: + schema-user-password: + automatic-db-schema-setup: false + +fido2: + enabled: true + rp-name: AGOV-RelPartName + rp-id: adnovum.net + origins: + - https://me.agov-d.azure.adnovum.net + - https://nevisidm.agov-d.azure.adnovum.net + - https://auth.agov-d.azure.adnovum.net + signature-algorithms: + - RS1 + - RS256 + - RS384 + - RS512 + - ES256 + - ES384 + - ES512 + display-name-source: loginId \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties new file mode 100644 index 0000000..4c09cf3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/otel.properties @@ -0,0 +1,4 @@ +otel.service.name=fido2 +otel.traces.exporter=none +otel.metrics.exporter=none +otel.logs.exporter=none diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/status.py b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/status.py new file mode 100644 index 0000000..a5c9bae --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/status.py @@ -0,0 +1,47 @@ +import sys +import time +import urllib.request, urllib.error, urllib.parse + +health_endpoint = 'http://localhost:9089/nevisfido/health' +log_file_path = '/var/opt/nevisfido/default/log/nevisfido.log' + +# Calls nevisFIDO's health check endpoint repeatedly to determine whether it is up and running +# Returns True if the service is available or False otherwise +def is_nevisfido_healthy(): + for timeout in [0.1, 2, 4, 8, 16, 30]: + try: + time.sleep(timeout) + response = urllib.request.urlopen(health_endpoint) + if response.getcode() == 200: + return True + except urllib.error.URLError: + continue + return False + +# Parses the nevisFIDO logs for the last error registered and raises and exception about it. +def raise_last_error_in_log(): + event_buffer = [] + for line in reversed(open(log_file_path).readlines()): + stripped_line = line.rstrip() + event_buffer.append(stripped_line) + if '[main] ERROR' in stripped_line: + raise Exception('\n'.join(reversed(event_buffer))) + break + # Log events (by default) starts with logging the time in the following format: '2019-11-04 12:44:45,071 21512 [main]' + # but these events can be multi-lined. + # We check here whether the current line is a start of a new event - in which case we flush the buffer. + if is_year(stripped_line[:4]): + event_buffer = [] + +# This method returns True if the provided string can be parsed to a year (4 digit int), or False otherwise. +def is_year(str): + try: + return int(str) > 999 and int(str) < 10000 + except ValueError: + return False + +if is_nevisfido_healthy(): + sys.exit(0) +else: + raise_last_error_in_log() + sys.exit(1) \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/log/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/tmp/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-default-identity-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-default-identity-b8a36646f81c3247cdb5d90b.yaml new file mode 100644 index 0000000..2c81284 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-default-identity-b8a36646f81c3247cdb5d90b.yaml @@ -0,0 +1,20 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "idm-default-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "idm" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b8a36646f81c3247cdb5d90b" +spec: + cn: "idm" + usage: "" + san: + dns: + - "idm" + - "idm.adn-agov-nevisidm-01-uat" + - "idm-web" + - "idm-web.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-internal-idp-auth-signer-trust-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-internal-idp-auth-signer-trust-b8a36646f81c3247cdb5d90b.yaml new file mode 100644 index 0000000..e9c6308 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-internal-idp-auth-signer-trust-b8a36646f81c3247cdb5d90b.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "idm-internal-idp-auth-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "idm" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b8a36646f81c3247cdb5d90b" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" + - name: "auth-sts-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-technical-trust-store-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-technical-trust-store-b8a36646f81c3247cdb5d90b.yaml new file mode 100644 index 0000000..1b87d55 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-technical-trust-store-b8a36646f81c3247cdb5d90b.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "idm-technical-trust-store" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "idm" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b8a36646f81c3247cdb5d90b" +spec: + keystores: + - name: "fido-uaf-default-client-identity" + namespace: "adn-agov-nevisidm-01-uat" + - name: "fido2-default-client-identity" + namespace: "adn-agov-nevisidm-01-uat" + extraCerts: + - "-----BEGIN CERTIFICATE-----\nMIIDsDCCApgCCQDu0TbPT3tIYDANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMC\nY2gxEDAOBgNVBAoMB2Fkbm92dW0xDTALBgNVBAsMBGFnb3YxLjAsBgNVBAMMJW5l\ndmlzYWRtaW4tZC5hZ292LWQuYXp1cmUuYWRub3Z1bS5uZXQxOTA3BgkqhkiG9w0B\nCQEWKmluZm9AbmV2aXNhZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDAe\nFw0yMzAzMTQwODU3MjJaFw0yODAzMTIwODU3MjJaMIGZMQswCQYDVQQGEwJjaDEQ\nMA4GA1UECgwHYWRub3Z1bTENMAsGA1UECwwEYWdvdjEuMCwGA1UEAwwlbmV2aXNh\nZG1pbi1kLmFnb3YtZC5henVyZS5hZG5vdnVtLm5ldDE5MDcGCSqGSIb3DQEJARYq\naW5mb0BuZXZpc2FkbWluLWQuYWdvdi1kLmF6dXJlLmFkbm92dW0ubmV0MIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXmkdxlckq2BCEqSqFJ5GF3pe09R\n1fXZgqYw1C9a0/GpMLCZW6SppmNcLaxa6wy8iglfP3ftX7BWJUOoslXZztrVjrCb\nKYLI2THXWG+9+Xbq+X+BfTDyngClMLen0dNjT04n975r08C/LwuBwJHYGBGGT/W7\nUVbp8ZpBTne/tJ4bukwv2RQ3HcjSh7+cHZccDyCLxrhsQxxfrGWObwYO3pQ59EzK\nhDRpvAyP2OWTY2G+rauVZST16RKeyLGTG+yJTE321bka292RWx9NZKXALXEFN6LL\nshAYsVcoyjm//Rq2iZp+CVNClQoin6ME6gWwqqfOm2Ic6M6A+PTEcGZU8wIDAQAB\nMA0GCSqGSIb3DQEBCwUAA4IBAQBtzXVhHBcHEJWjIk1xgYtxWcp7A2cfextycrgi\nW091PagQSDPxvhXEu/53bAsVlRg6mlTEr2qtllzNGn/nF/3j3V99ISJuwu/YWOez\nTKEfascA7jmrNUXBqpp2ArYYuCYjd0bHIcmU4UXYHKW4U3F1JDsfZuHs0tur/xmU\nJ/7BRXOWm3njfwTS6VFyN9iFJxhh+54hE+fls7lsrXX92VHwby3lK6Q8Qki6hQoD\nH2DFEgRdVPwCKtDXWiXNPEZYDhnnNYKtBwulU+3Hp/J3wGaCpWHjJTlCxxm7DcTO\nkkoKfz+mVAF2sIOpguua8dGx23alkCmJ8r8/WWZMut259IZg\n-----END CERTIFICATE-----\n" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml new file mode 100644 index 0000000..8c4d323 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml @@ -0,0 +1,58 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "idm" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "idm" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b8a36646f81c3247cdb5d90b" +spec: + type: "NevisIDM" + replicas: 1 + version: "7.2402.2" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 8998 + soap: 8989 + resources: + limits: + cpu: "1000m" + memory: "2200Mi" + requests: + cpu: "10m" + memory: "500Mi" + livenessProbe: + management: + httpGet: + path: "/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + readinessProbe: + management: + httpGet: + path: "/health" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" + credentials: "git-credentials" + keystores: + - "idm-default-identity" + truststores: + - "idm-technical-trust-store" + - "idm-internal-idp-auth-signer-trust" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" + secrets: + secret: + - "0eb37a5f44023ef0ad1013b6-89ec31e5" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/nevisidm_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/nevisidm_default.yml new file mode 100644 index 0000000..667a627 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/nevisidm_default.yml @@ -0,0 +1,18 @@ +schemaVersion: 1.0 +instance: + type: "nevisidm" + name: "default" + directory: "/var/opt/nevisidm/default" + pid: "systemctl show nevisidm@default -p MainPID | cut -d '=' -f2" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/b8a36646f81c3247cdb5d90b" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "b8a36646f81c3247cdb5d90b" + patternClass: "ch.nevis.admin.v4.plugin.nevisidm.patterns.NevisIDMDeployable" + resources: + ports: + - "0.0.0.0:8989" + control: + start: "systemctl restart nevisidm@default" + stop: "systemctl stop nevisidm@default" + status: "systemctl status nevisidm@default" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/keypass b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/keypass new file mode 100755 index 0000000..5b0d317 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/keypass @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'password' \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks new file mode 100644 index 0000000000000000000000000000000000000000..d019a308daa15698591b6b17f464021c1ae99ad6 GIT binary patch literal 1935 zcmezO_TO6u1_mZL7Ej4c&rD7&Dp5$!$xlkmQ7FpK2eOSA7#RB!?wj~Autw;a8dx$g zFi$dQV(v3&Vk%p}%*4pVB*1L-@!4|0l?!%jq->Ps{Pom;myJ`a&7Z^hdacLK_EA}8yU!n^BNi(SQr=@8W{jVlsK<3h+_)n(!&W&j7rEJXJlny zZerwTFlb`rVrpV!WY}$f*5pog_Q_2d6V`f_{&(A@$i>n7RWjt{?~dD_*L||;oM=<^ zY&Dxy_W3osFXA{=Ty`bRs=Ky$McsptQU%sE0o&&!OXV2cxg{^T@w(i-zt&-`#4ROMCT}>OWbzW3APdnM<~*zMP%SkT5CXzrUiV#P{?Gs}tGg^ncp*a?8s} zM%i0GhrfuGKHDR^dMe9Q&(Eg1(;j=~-YtLp+tYi?no#zY{Zlt@QQqy7>-yo_%1u)Z zw*2)8?NRp%7pZBQd$xGeWic-{o}Pe<{c@c9#1}qOJoUHvslcA*rCdkSHNF*#h}gQ7 z9c~xtR5bBj&+p2!%yZ$c-E)p^G;Y>xWnyMzU|j5E;9$THj7(W!M#ldvtOm?L%770f zzz-5&0j8)n16dHCk420{#7`+iL1OB&$9d2AfBo7i^p;J$-x4{LfyoOP%8U#N=^9h= z`8<+e8{U1DE^)Q9*5+upSN+RvwQ0m zg@-fagWW`LXUzWa+2E?3;iKM`d5^np-I``+D!erQ!_R_%0(VEja7n)d{p;9{OcfT_ zmsXu$`e|d|%!T>F8yyS(b!eUN7f=Yj{#nHJ=>wN9uiB>?P3HR-?Dk7%?*DG3o!&P& zU6*;DJWFP>_g?FLTP+}j#@=aLpB{oB%UOX#)5YsI+-9JLvPsyoUr%k&@LwXjorjn^||%c>nqIb;#%zD|BJrO-1F1Ytf=&Sd64htlM{4y+CDw09BePIGD9(j zeWvE#V^(jT=e1d7PcKO}-kTv|_@Sb=Z2zBmeX&|?%Y7%@QJ1oWRa=<%eoy(Ud)?si5&`kow=^}kRoa(*lN46oA;9%BV#$@ng1sz>SwdanSGo2c z-D6O5?In+DZ<~Yvn=^~+ERLBA`oF!KVc6$$X)|NVyM3i`>>g6}1^>ljS`JjU?qK~} zzb{pAG5-OkEkAbOBQC9M>iqorP%a!{l YJ3A)+bN;aBK}hfsh6^tuCdS(W0Jcrqy8r+H literal 0 HcmV?d00001 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.p12 b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f1e6ce20cc61a664150fd32629a058f1f7ff14f9 GIT binary patch literal 2358 zcmV-63CZ>_f(bGL0Ru3C2;2q;r7$uNQl#V~>h!3GH`hDe6@ z4FLxRpn?dpFoFoK0s#Opf(WMu2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q3Gg)5b2<2FC_Gbvd%c{>XrW2r%;CbE>x1!)_#5EN`ycf(1D+ z4VliRp-b_me{;-W()2g?r-Y5|_yY5{TSF+(0erB{#=1OnvlsBsgg^r`#E`C@L>o}| z3NVIr1D((@PEoaqs7C8y@9BSgv_ZURmPUz>Tq@1Xw3^@>VYM_=G7939;Hq6jt%@=c z))noYft7vzPqI*DHOrP3SF%s6Y2RPS03TGk@{sujZwEYsUbf?P#a5+J?wE-?&G>(; zSW=8;*UAi|F4W5u;t3?c(Y7C(#3hx4SHHiu1YoYs+lO$fjdvwFIh9~fr=>D8#UnIM z*qaKWc+!>^)eXA3Ew8MPy%Yu=)WC`xMYiJaHMW+IAA&VTYa0DA_V33IBedPWOYTW> z5$n~~{$}Qwo9$HXKU39itwZ6#%R}%DH82{i=ZL}m`|fxY$jStB`Ey4q?__df+MTl@ zMzalE{5#meK|xha*{eE^w8kG|7?bzAvS~k(UPrfGY-5UF^DuX|$ZqxHJa({!S9p() z5j6VV6h6dn?x#*8cFR+j$`s2c>YB1%v{)<)xoj`6n7qNm>6LB3XE57O(MTQo@dHcVWg@5L0oPgk` z0H%%AIViZ?l@Ldxbf*@Lj(tUpqdaLMcxzuNTJ)aaCZw(Ejt`A~DtZd{1wDUj zX>ohYMF&c@bZukw;o76_*)f^!mYr7VRT-@C6$y-jhcVcLeQTf_(%4=I@D9cG!KHDol=2CihTf9vMCW^WVDevkI>lri z*+H>=K_=@yQT@wzOe!vJd0~wmUt0jz3oKruX$fV&8b2aXG#ldwBPrNl#A)rvEijxG zDg&UZ)mj^Chd!83wQ2DLZzQ#SmZAHcO$03eUcru2j-DW$4b5g@B;z!7t{%3|B2h{v ziU*5Us84V64PF_fL^IV(W_I(`~q`cSP&N57+Td^@Q}e}9x?;fZ?RvsOEJ%43H77Eb-`uO`Q`nNn5ct- z3jUvrKf+mo2*!qL+Q|S-hLtp2z(=RaWBk~2-v!jAP$=r*C^RZm$j>gHuOvwlMtgp- zd(?P{=PpeLuNMcOdm^siCT9&Hg$4CYn7V&#WzX$QUco&21F9GC2F_X_3kW}e`=FjV)6%ryLzcTFE$rsn-qxgrAHYkNkh2)$9pBO+U z*Q?(DlEwEn__wYe#8^+bx_#(9O-;ye;kfh2M^f94kzO^sCT)(#$z>?5BTRyIG&5G^ zzFp{L(Rf^D+PtGk_lqyqGYU+4KAqeDvM{H`kdpiJ4niONBV z+z&cL9*^LKoMEWCz4J*Q9#4y&>~|H~o=u09xYbI~K8V*>lcD z#<7Cw8g*&p{$?B2XX;1{7nP+XG9Qrjcq znmMF1mxCc_c3FccFY2Uc5IsaM<^CW%&xLqJ#*F`2;z#6eX5pPkzdZ2Dd*q@34QvP% z+(9;v$HE%Qpl3UX>~&WmsO6v>qxE|~fN&9S{nTo|Yx6l)KWHVhHL+F}pdLjHBVRU4?eBDcq+T#(5M$zG>QD=ojBLI}?{7!x-}Hi3TMD?{ zua6#wrCqp=bH1kz0-+pYILBIx61z=HL>U!Dt1`Cmm+oHci$1P@JsnOlG<2nDbKD{r zY|mj(mH_0S*Fw7Rc>!%lbxUa zIS(r^CJl8D;dL^t_NLfV+DqUbW5b|hFMcN@k@*QQ&=sY*5p!<1xMBhC2lm5=E1fV+ zFflL<1_@w>NC9O71OfpC00bZpNiCryF=^{sjzk$!@T$8(h++7od&&})m3G=+HVf|r c6uQi;iz2c+92J$g%I}*@rwe#6Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties new file mode 100644 index 0000000..80625e6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties @@ -0,0 +1,210 @@ + +button.submit=Senden +darkModeSwitch.aria.label=Dark-Mode-Schalter +error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein. +error_1=Bitte überprüfen Sie Ihre Eingaben. +error_10=Bitte wählen Sie das richtige Benutzerkonto aus. +error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk. +error_101=Die eingegebene E-Mail-Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort. +error_5=Fehler bei der Passwortbestätigung. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortänderung erforderlich. +error_7=Änderung der Login-ID erforderlich. +error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt. +error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert. +error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten. +error_9=Übernahme der Sitzung fehlgeschlagen. +error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen. +error_98=Ihr Konto wurde gesperrt. +error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal. +error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen. +error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an. +error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an. +error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht. +error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support. +error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link. +errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft. +fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist. +fido2_auth.instruction1=Klicken Sie auf "Weiter" +fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen +fido2_auth.instruction3=Folgen Sie den Anweisungen +fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen +fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT +footer.link=https://agov.ch/?c=contact&l=de +footer.link.label=Kontakt +footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. - +general.AGOVAccessApp=AGOV access App +general.accessApp=AGOV access App +general.authenticate=Authentifizieren +general.back=Zurück +general.cancel=Abbrechen +general.confirm=Bestätigen +general.contactSupport=Support kontaktieren +general.continue=Weiter +general.edit=Ändern +general.email=E-Mail +general.email.address=E-Mailadresse +general.entryCode=Code-Eingabe +general.getStarted=Get started +general.goAGOVHelp=Weiter zur AGOV help +general.goAccessApp=Login mit AGOV access +general.help=Hilfe +general.help.link=https://agov.ch/pages/help_de.html +general.login=Login +general.loginSecurityKey=Sicherheitsschlüssel-Login starten +general.or=ODER +general.otherOptions=WEITERE OPTIONEN +general.recovery=Wiederherstellung +general.recoveryOngoing=Wiederherstellung nicht abgeschlossen +general.register=Registrieren +general.registerNow=Jetzt registrieren! +general.registration=Registrierung +general.securityKey=Sicherheitsschlüssel +general.skip.content=Direkt zum Hauptteil +generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran. +generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht. +generic.auth.error.subtitle=Etwas ist schiefgegangen +generic.auth.error.title=Fehler +info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sprache wählen +loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern. +loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen. +loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben. +loainfo.helper=Ihre persönlichen Daten müssen überprüft werden! +loainfo.later=Später +loainfo.startNow=Möchten Sie den Prozess jetzt starten? +loainfo.startVerification=Verifikation starten +loainfo.title=Verifizieren Sie Ihre Daten +mauth_usernameless.EID=Mit Schweizer E-ID fortfahren +mauth_usernameless.banner.error=Authentifizierung unterbrochen.
Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde. +mauth_usernameless.banner.info=Scan erfolgreich.
Bitte fahren Sie in der AGOV access App fort. +mauth_usernameless.banner.success=Authentifizierung erfolgreich!
Bitte warten Sie, bis Sie eingeloggt werden. +mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren? +mauth_usernameless.hideQR=QR-Code ausblenden +mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen +mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login? +mauth_usernameless.showQR=QR-Code anzeigen +mauth_usernameless.startRecovery=Kontowiederherstellung starten +mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden +mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden. +op-admin.login=AGOV-op-Admin +op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort +op-admin.login.loginid=LoginID +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV-op-Admin +op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Passwortänderung erforderlich +op-admin.pwchange.newpassword=Neues Passwort +op-admin.pwchange.newpassword2=Neues Passwort wiederholen +op-admin.pwchange.password=Aktuelles Passwort +op-admin.pwchange.title=Änderung des Passworts +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung) +op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...) +op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...) +op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb) +op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus... +op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden. +op-idmlogin.select.title=Profilauswahl +op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen. +op-onboarding.done.title=FERTIG +op-onboarding.failed.title=FEHLER +op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto. +op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet. +op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV-op-Onboarding +op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an. +prompt.client=Mandant +prompt.newpassword=Neues Passwort +prompt.newpassword.confirm=Passwort bestätigen +prompt.password=Passwort +prompt.userid=Benutzer-ID +pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen. +pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen.. +pwreset.info.linktext=Passwort vergessen +pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen. +recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert +recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren. +recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut. +recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben +recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten. +recovery_check_code.invalid.code=Code ist ungültig +recovery_check_code.invalid.code.required=Code erforderlich +recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang +recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen +recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können? +recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen. +recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben. +recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können. +recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf. +recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode +recovery_code.validUntil=Gültig bis: +recovery_fidokey_auth.button=Schlüsselauthentifizierung starten +recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten" +recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren. +recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert +recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten. +recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten. +recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an +recovery_intro_email.important=Wichtig: +recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.). +recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA geschützt, und es gelten die Datenschutzerklärung sowie die Nutzungsbedingungen von Google. +recovery_intro_email_sent.banner.button=Keine E-Mail erhalten? +recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten. +recovery_on_going.finishRecovery=Wiederherstellung abschliessen +recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen. +recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab. +recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen. +recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm. +recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen +recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos) +recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort. +recovery_questionnaire_loginfactor.no=Nein +recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert? +recovery_questionnaire_loginfactor.yes=Ja +recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein. +recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte www.agov.ch/help für Support-Artikel. +recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte www.agov.ch/me und testen Sie, ob Sie sich erfolgreich anmelden können. +recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte www.agov.ch/me, um den verlorenen Loginfaktor zu entfernen. +recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe +recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel) +recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen +recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt +recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren +recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen +recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen +recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen +recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren +recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN) +recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus. +recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: +recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist. +recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen. +recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Passwort ändern +title.pwreset=Passwort Vergesssen +user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein +user_input.invalid.email.required=Erforderliches Feld +user_input.invalid.email.tooLong=Eingabe zu lang diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_en.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties new file mode 100644 index 0000000..155329b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_fr.properties @@ -0,0 +1,210 @@ + +button.submit=Envoyer +darkModeSwitch.aria.label=Activer l'apparence sombre +error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_1=Veuillez vérifier votre saisie. +error_10=Veuillez sélectionner le compte d’utilisateur correct. +error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance. +error_101=L’adresse e-mail saisie n’est pas valable. +error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification. +error_2=Veuillez sélectionner un autre nom d’utilisateur. +error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue. +error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe. +error_5=Erreur de confirmation du mot de passe +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit être différent des précédents. +error_6=Changement de mot de passe requis. +error_7=Changement d’identifiant de connexion requis. +error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification. +error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé. +error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès. +error_9=La reprise de session a échoué. +error_97=Vous n’êtes pas autorisé à accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problèmes de système. Veuillez réessayer plus tard. +error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page. +error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement. +error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance. +error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste. +error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance. +error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance. +errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations. +fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous. +fido2_auth.instruction1=Cliquez sur "Continuer" +fido2_auth.instruction2=Une fenêtre d'authentification s'affichera +fido2_auth.instruction3=Suivez les instructions +fido2_auth.skipInstructions=Passer les instructions la fois suivante +fido2_auth.switchLogin=S'AUTHENTIFIER AVEC +footer.link=https://agov.ch/?c=contact&l=fr +footer.link.label=Contact +footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. - +general.AGOVAccessApp=Application AGOV access +general.accessApp=Application AGOV access +general.authenticate=Authentification +general.back=Retour +general.cancel=Annuler +general.confirm=Confirmer +general.contactSupport=Contacter le service d'assistance +general.continue=Continuer +general.edit=Editer +general.email=E-mail +general.email.address=Adresse e-mail +general.entryCode=Entrer le code +general.getStarted=Démarrer +general.goAGOVHelp=Rendez-vous sur AGOV help +general.goAccessApp=Login avec AGOV access +general.help=Aide +general.help.link=https://agov.ch/pages/help_fr.html +general.login=Login +general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité +general.or=OU +general.otherOptions=AUTRES OPTIONS +general.recovery=Récupération +general.recoveryOngoing=Récupération en cours +general.register=Créer un compte +general.registerNow=Enregistrez-vous dès maintenant! +general.registration=Enregistrement +general.securityKey=Clé de sécurité +general.skip.content=Passer au contenu principal +generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème. +generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste. +generic.auth.error.subtitle=Un problème s’est produit +generic.auth.error.title=Erreur +info.login=Veuillez entrer vos éléments de sécurité ci-après. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sélectionner la langue +loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours. +loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante. +loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS. +loainfo.helper=Vos données doivent être vérifiées! +loainfo.later=Plus tard +loainfo.startNow=Voulez-vous commencer le processus maintenant? +loainfo.startVerification=Démarrer la vérification +loainfo.title=Vérifiez vos données +mauth_usernameless.EID=Continuer avec l'e-ID suisse +mauth_usernameless.banner.error=Authentification interrompue.
Veuillez réessayer lorsque la page sera rechargée. +mauth_usernameless.banner.info=Scan réussi!
Veuillez continuer dans l'application AGOV access. +mauth_usernameless.banner.success=Authentification réussie!
Veuillez attendre d'être connecté. +mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ? +mauth_usernameless.hideQR=Cacher le code QR +mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access +mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ? +mauth_usernameless.showQR=Afficher le code QR +mauth_usernameless.startRecovery=Commencer la récupération du compte +mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter +mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone. +op-admin.login=Administration de l’accès à AGOV op +op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe +op-admin.login.loginid=Identifiant de connexion +op-admin.login.password=Mot de passe +op-admin.login.title=Connexion +op-admin.logout=Administration de l’accès à AGOV op +op-admin.logout.message=Vous vous êtes déconnecté avec succès. +op-admin.logout.title=Déconnexion +op-admin.pwchange.intro.message=Changement de mot de passe requis +op-admin.pwchange.newpassword=Nouveau mot de passe +op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe +op-admin.pwchange.password=Mot de passe actuel +op-admin.pwchange.title=Changer de mot de passe +op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès +op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM +op-idmlogin.role.readonly-access=Accès par défaut (lecture seule) +op-idmlogin.role.support-basic=Cas de support (récupération, ...) +op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription) +op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations) +op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous... +op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production. +op-idmlogin.select.title=Séléction du profil +op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations. +op-onboarding.done.title=TERMINÉ +op-onboarding.failed.title=ERREUR +op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN. +op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification. +op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre. +op-onboarding.intro.title=DÉMARRER +op-onboarding.onboarding=Enregistrement de l’accès à AGOV op +op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement. +prompt.client=Client +prompt.newpassword=Nouveau mot de passe +prompt.newpassword.confirm=Confirmez le mot de passe +prompt.password=Mot de passe +prompt.userid=ID de l'utilisateur +pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter. +pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe. +pwreset.info.linktext=Mot de passe oublié +pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau. +recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée +recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération. +recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier. +recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer. +recovery_check_code.enterRecoveryCode=Saisir le code de récupération +recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me. +recovery_check_code.invalid.code=Le code est invalide +recovery_check_code.invalid.code.required=Code requis +recovery_check_code.invalid.code.tooLong=Le code est trop long +recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération +recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ? +recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération. +recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération. +recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois. +recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération. +recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer. +recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr. +recovery_code.newRecoveryCode=Introduction du code de récupération +recovery_code.validUntil=Valable jusqu'au: +recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité +recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé" +recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération. +recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier. +recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée +recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien. +recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération. +recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha +recovery_intro_email.important=Important: +recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=Ce site est protégé par reCAPTCHA: les règles de confidentialité et conditions d’utilisation de Google s’appliquent. +recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email? +recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions. +recovery_on_going.finishRecovery=Terminer la récupération +recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité. +recovery_on_going.title=Veuillez terminer le processus de récupération. +recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie. +recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran. +recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération +recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte) +recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse. +recovery_questionnaire_loginfactor.no=Non +recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ? +recovery_questionnaire_loginfactor.yes=Oui +recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant. +recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter www.agov.ch/help pour obtenir des articles de soutien. +recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez www.agov.ch/me et vérifiez si vous pouvez vous connecter avec succès. +recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter www.agov.ch/me pour supprimer celui auquel vous avez perdu l'accès. +recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité +recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité) +recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription +recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access +recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité +recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access +recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access +recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter +recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access +recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié) +recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif. +recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération : +recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé. +recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération. +recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Changer mot de passe +title.pwreset=Mot de Passe Oublié +user_input.invalid.email=Veuillez saisir un e-mail valable. +user_input.invalid.email.required=Champ requis +user_input.invalid.email.tooLong=La saisie est trop longue diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties new file mode 100644 index 0000000..3535726 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_it.properties @@ -0,0 +1,210 @@ + +button.submit=Continua +darkModeSwitch.aria.label=Attivare la modalità scura +error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_1=Verificare i dati inseriti. +error_10=Scegliere l’account utente corretto. +error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk. +error_101=L’e-mail inserita non è valida. +error_11=Utilizzare un altro certificato o accedere con altre credenziali. +error_2=Selezionare un altro nome di accesso. +error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato. +error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password. +error_5=Errore nella conferma della password. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve differire da quelle precedenti. +error_6=È richiesta la modifica della password. +error_7=È richiesta la modifica dell’ID di accesso. +error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato. +error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato. +error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile. +error_9=Takeover di sessione fallito. +error_97=Accesso non autorizzato a questa risorsa. +error_98=L’account è stato bloccato. +error_99=Ci sono problemi di sistema. Riprovare più tardi. +error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido. +error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione. +error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione. +error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link. +error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto. +error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione. +errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo. +fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni. +fido2_auth.instruction1=Cliccare su "Continua" +fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione. +fido2_auth.instruction3=Seguire le istruzioni. +fido2_auth.skipInstructions=Non mostrare più le istruzioni +fido2_auth.switchLogin=ACCEDERE CON +footer.link=https://agov.ch/?c=contact&l=it +footer.link.label=Contatto +footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. - +general.AGOVAccessApp=App AGOV access +general.accessApp=App AGOV access +general.authenticate=Autentifica +general.back=Indietro +general.cancel=Annullare +general.confirm=Confermare +general.contactSupport=Contattare il supporto +general.continue=Continuare +general.edit=Modificare +general.email=e-mail +general.email.address=Indirizzo e-mail +general.entryCode=Codice +general.getStarted=Iniziare +general.goAGOVHelp=Vai ad AGOV help +general.goAccessApp=Login con AGOV access +general.help=Aiuto +general.help.link=https://agov.ch/pages/help_it.html +general.login=Accedere +general.loginSecurityKey=Iniziare il login con la chiave di sicurezza +general.or=O +general.otherOptions=ALTRE OPZIONI +general.recovery=Ripristino +general.recoveryOngoing=Ripristino in corso +general.register=Registrarsi +general.registerNow=Si registri ora! +general.registration=Registrazione +general.securityKey=Chiave di sicurezza +general.skip.content=Vai al contenuto principale +generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio. +generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help. +generic.auth.error.subtitle=Qualcosa non ha funzionato. +generic.auth.error.title=Errore +info.login=Per favore inserisca i suoi dati di accesso. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Selezionare la lingua +loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi. +loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata. +loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS. +loainfo.helper=I dati devono essere verificati! +loainfo.later=Più tardi +loainfo.startNow=Iniziare la procedura? +loainfo.startVerification=Iniziare la verifica +loainfo.title=Verificare i dati. +mauth_usernameless.EID=Continuare con CH e-ID +mauth_usernameless.banner.error=Autenticazione interrotta.
Riprovare dopo che la pagina si sarà ricaricata. +mauth_usernameless.banner.info=La scansione è stata eseguita.
Continuare nell'app AGOV access. +mauth_usernameless.banner.success=Autenticazione riuscita!
Aspettare di essere connessi. +mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza? +mauth_usernameless.hideQR=Nascondi il codice QR +mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access. +mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ? +mauth_usernameless.showQR=Visualizza il codice QR +mauth_usernameless.startRecovery=Inizia il recupero dell'account +mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza. +mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Accedere con nome utente e password +op-admin.login.loginid=ID di accesso +op-admin.login.password=Password +op-admin.login.title=Accedere +op-admin.logout=AGOV op admin +op-admin.logout.message=La sessione è terminata. +op-admin.logout.title=Disconnessione +op-admin.pwchange.intro.message=È richiesta la modifica della password. +op-admin.pwchange.newpassword=Nuova password +op-admin.pwchange.newpassword2=Ripetere la nuova password +op-admin.pwchange.password=Password attuale +op-admin.pwchange.title=Modificare password +op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso +op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM +op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura) +op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...) +op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding) +op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni) +op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili... +op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche. +op-idmlogin.select.title=Selezione del profilo +op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser. +op-onboarding.done.title=FINITO +op-onboarding.failed.title=ERRORE +op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN. +op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione. +op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta. +op-onboarding.intro.title=INIZIARE +op-onboarding.onboarding=Registrazione AGOV op +op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione. +prompt.client=Mandator +prompt.newpassword=Nuova Password +prompt.newpassword.confirm=Conferma password +prompt.password=Password +prompt.userid=Nome utente +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata +recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. +recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare. +recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero +recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me. +recovery_check_code.invalid.code=Il codice non è valido +recovery_check_code.invalid.code.required=Codice richiesto +recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo +recovery_check_code.noAccess=Non ho il mio codice. +recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino? +recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino. +recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto +recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte. +recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero. +recovery_code.banner.error=Per procedere, inserire il nuovo codice. +recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro. +recovery_code.newRecoveryCode=Introduzione del codice di ripristino +recovery_code.validUntil=Valido fino a: +recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave +recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave" +recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti. +recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata +recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail. +recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail. +recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha +recovery_intro_email.important=Importante: +recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.). +recovery_intro_email.siteProtectedWithRecaptcha=Questo sito è protetto da reCAPTCHA. Si applicano le norme sulla privacy e i termini di servizio di Google. +recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail? +recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni. +recovery_on_going.finishRecovery=Completare il ripristino +recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità. +recovery_on_going.title=Completare il processo di ripristino. +recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito. +recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo. +recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero +recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account) +recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account? +recovery_questionnaire_loginfactor.yes=Si +recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento. +recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti www.agov.ch/help per articoli di supporto. +recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti www.agov.ch/me e verifichi se può accedere con successo. +recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit www.agov.ch/me per rimuovere quello a cui ha perso l'accesso. +recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza +recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza) +recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione +recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza +recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV +recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere +recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV +recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato) +recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo. +recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero: +recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso. +recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino. +recovery_start_info.title=Il processo di ripristino sta per iniziare. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Cambiare Password +title.pwreset=Password Forgotten +user_input.invalid.email=Inserire un'e-mail valida. +user_input.invalid.email.required=Campo obbligatorio +user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_login.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_login.js new file mode 100644 index 0000000..eed68c4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_login.js @@ -0,0 +1,165 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +function messageCheckPhone() { + const text = document.getElementsByName('info.check.phone')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + const authenticationType = document.getElementsByName('authenticationType')[0].value; + if (authenticationType == 'push') { + messageCheckPhone(); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function authenticateUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud login done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud login failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud login failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_login'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + authenticateUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_onboard.js new file mode 100644 index 0000000..5332d9f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/authcloud_onboard.js @@ -0,0 +1,154 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function onboardUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud onboarding done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud onboarding failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud onboarding failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_onboard'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + onboardUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/base64.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/base64.js new file mode 100644 index 0000000..24ecf9e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/base64.js @@ -0,0 +1,87 @@ +/* + * Base64URL-ArrayBuffer + * https://github.com/herrjemand/Base64URL-ArrayBuffer + * + * Copyright (c) 2017 Yuriy Ackermann + * Copyright (c) 2012 Niklas von Hertzen + * Licensed under the MIT license. + * + */ +(function() { + "use strict"; + + var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + // Use a lookup table to find the index. + var lookup = new Uint8Array(256); + for (var i = 0; i < chars.length; i++) { + lookup[chars.charCodeAt(i)] = i; + } + + var encode = function(arraybuffer) { + var bytes = new Uint8Array(arraybuffer), + i, len = bytes.length, base64 = ""; + + for (i = 0; i < len; i+=3) { + base64 += chars[bytes[i] >> 2]; + base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)]; + base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)]; + base64 += chars[bytes[i + 2] & 63]; + } + + if ((len % 3) === 2) { + base64 = base64.substring(0, base64.length - 1); + } else if (len % 3 === 1) { + base64 = base64.substring(0, base64.length - 2); + } + + return base64; + }; + + var decode = function(base64) { + var bufferLength = base64.length * 0.75, + len = base64.length, i, p = 0, + encoded1, encoded2, encoded3, encoded4; + + var arraybuffer = new ArrayBuffer(bufferLength), + bytes = new Uint8Array(arraybuffer); + + for (i = 0; i < len; i+=4) { + encoded1 = lookup[base64.charCodeAt(i)]; + encoded2 = lookup[base64.charCodeAt(i+1)]; + encoded3 = lookup[base64.charCodeAt(i+2)]; + encoded4 = lookup[base64.charCodeAt(i+3)]; + + bytes[p++] = (encoded1 << 2) | (encoded2 >> 4); + bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2); + bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63); + } + + return arraybuffer; + }; + + /** + * Exporting and stuff + */ + if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { + module.exports = { + 'encode': encode, + 'decode': decode + } + + } else { + if (typeof define === 'function' && define.amd) { + define([], function() { + return { + 'encode': encode, + 'decode': decode + } + }); + } else { + window.base64url = { + 'encode': encode, + 'decode': decode + } + } + } +})(); \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap-theme.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap-theme.min.css new file mode 100644 index 0000000..4aaa13e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap-theme.min.css @@ -0,0 +1,9 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * The Nevis @btn-default-color: #6ebabd + * Bootstrap v3.4.1 (https://getbootstrap.com/) + */ + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-success.active,.btn-info.active,.btn-warning.active,.btn-danger.active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-default.disabled,.btn-primary.disabled,.btn-success.disabled,.btn-info.disabled,.btn-warning.disabled,.btn-danger.disabled,.btn-default[disabled],.btn-primary[disabled],.btn-success[disabled],.btn-info[disabled],.btn-warning[disabled],.btn-danger[disabled],fieldset[disabled] .btn-default,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-info,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-danger{-webkit-box-shadow:none;box-shadow:none}.btn-default .badge,.btn-primary .badge,.btn-success .badge,.btn-info .badge,.btn-warning .badge,.btn-danger .badge{text-shadow:none}.btn:active,.btn.active{background-image:none}.btn-default{background-image:-webkit-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-o-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#e0e0e0));background-image:linear-gradient(to bottom, #fff 0, #e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#dbdbdb;text-shadow:0 1px 0 #fff;border-color:#ccc}.btn-default:hover,.btn-default:focus{background-color:#e0e0e0;background-position:0 -15px}.btn-default:active,.btn-default.active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-primary:hover,.btn-primary:focus{background-color:#6ebabd;background-position:0 -15px}.btn-primary:active,.btn-primary.active{background-color:#6ebabd;border-color:#67b7ba}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#6ebabd;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-success:hover,.btn-success:focus{background-color:#6ebabd;background-position:0 -15px}.btn-success:active,.btn-success.active{background-color:#6ebabd;border-color:#67b7ba}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#6ebabd;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#2aabd2));background-image:linear-gradient(to bottom, #5bc0de 0, #2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:hover,.btn-info:focus{background-color:#2aabd2;background-position:0 -15px}.btn-info:active,.btn-info.active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-warning:hover,.btn-warning:focus{background-color:#be2331;background-position:0 -15px}.btn-warning:active,.btn-warning.active{background-color:#be2331;border-color:#b5222f}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#be2331;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-danger:hover,.btn-danger:focus{background-color:#be2331;background-position:0 -15px}.btn-danger:active,.btn-danger.active{background-color:#be2331;border-color:#b5222f}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#be2331;background-image:none}.thumbnail,.img-thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{background-image:-webkit-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-o-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #65b6b9), to(#53aeb1));background-image:linear-gradient(to bottom, #65b6b9 0, #53aeb1 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff65b6b9', endColorstr='#ff53aeb1', GradientType=0);background-repeat:repeat-x;background-color:#53aeb1}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x;background-color:#006e73}.navbar-default{background-image:-webkit-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-o-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#f8f8f8));background-image:linear-gradient(to bottom, #fff 0, #f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075)}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-o-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dbdbdb), to(#e2e2e2));background-image:linear-gradient(to bottom, #dbdbdb 0, #e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.075);box-shadow:inset 0 3px 9px rgba(0,0,0,0.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,0.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-o-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #3c3c3c), to(#222));background-image:linear-gradient(to bottom, #3c3c3c 0, #222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-o-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #080808), to(#0f0f0f));background-image:linear-gradient(to bottom, #080808 0, #0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.25);box-shadow:inset 0 3px 9px rgba(0,0,0,0.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-static-top,.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05)}.alert-success{background-image:-webkit-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#c8e5bc));background-image:linear-gradient(to bottom, #dff0d8 0, #c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#b9def0));background-image:linear-gradient(to bottom, #d9edf7 0, #b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#f8efc0));background-image:linear-gradient(to bottom, #fcf8e3 0, #f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-o-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#e7c3c3));background-image:linear-gradient(to bottom, #f2dede 0, #e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #ebebeb), to(#f5f5f5));background-image:linear-gradient(to bottom, #ebebeb 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top, #00868c 0, #005559 100%);background-image:-o-linear-gradient(top, #00868c 0, #005559 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#005559));background-image:linear-gradient(to bottom, #00868c 0, #005559 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff005559', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-o-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#75bdc0));background-image:linear-gradient(to bottom, #98ced0 0, #75bdc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff75bdc0', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#31b0d5));background-image:linear-gradient(to bottom, #5bc0de 0, #31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.list-group{border-radius:3px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{text-shadow:0 -1px 0 #005559;background-image:-webkit-linear-gradient(top, #00868c 0, #006166 100%);background-image:-o-linear-gradient(top, #00868c 0, #006166 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006166));background-image:linear-gradient(to bottom, #00868c 0, #006166 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006166', GradientType=0);background-repeat:repeat-x;border-color:#006166}.list-group-item.active .badge,.list-group-item.active:hover .badge,.list-group-item.active:focus .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-o-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f5f5f5), to(#e8e8e8));background-image:linear-gradient(to bottom, #f5f5f5 0, #e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#d0e9c6));background-image:linear-gradient(to bottom, #dff0d8 0, #d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#c4e3f3));background-image:linear-gradient(to bottom, #d9edf7 0, #c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#faf2cc));background-image:linear-gradient(to bottom, #fcf8e3 0, #faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-o-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#ebcccc));background-image:linear-gradient(to bottom, #f2dede 0, #ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e8e8e8), to(#f5f5f5));background-image:linear-gradient(to bottom, #e8e8e8 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1)} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.css new file mode 100644 index 0000000..af8b6ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.css @@ -0,0 +1,11 @@ +/*! + * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=a17c489ffbed8c6e46fcf0d72d0d80db) + * Config saved to config.json and https://gist.github.com/a17c489ffbed8c6e46fcf0d72d0d80db + *//*! +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{color:#000 !important;text-shadow:none !important;background:transparent !important;-webkit-box-shadow:none !important;box-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}@font-face{font-family:"Glyphicons Halflings";src:url("../fonts/glyphicons-halflings-regular.eot");src:url("../fonts/glyphicons-halflings-regular.eot?#iefix") format("embedded-opentype"),url("../fonts/glyphicons-halflings-regular.woff2") format("woff2"),url("../fonts/glyphicons-halflings-regular.woff") format("woff"),url("../fonts/glyphicons-halflings-regular.ttf") format("truetype"),url("../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") format("svg")}.glyphicon{position:relative;top:1px;display:inline-block;font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-euro:before,.glyphicon-eur:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:hover,a:focus{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:28px}h2,.h2{font-size:26px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#00868c}a.text-primary:hover,a.text-primary:focus{color:#286090}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:hover,a.bg-primary:focus{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:"\2014 \00A0"}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:""}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:"\00A0 \2014"}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.row-no-gutters{margin-right:0;margin-left:0}.row-no-gutters [class*="col-"]{padding-right:0;padding-left:0}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}table col[class*="col-"]{position:static;display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{position:static;display:table-cell;float:none}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-appearance:none;appearance:none}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-top:4px \9;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:13px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);opacity:.65;-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;background-image:none;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#98ced0;border-color:#98ced0}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;background-image:none;border-color:#204d74}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;background-image:none;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;background-image:none;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;background-image:none;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;background-image:none;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid \9;border-right:4px solid transparent;border-left:4px solid transparent}.dropup,.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#777}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid \9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-right:15px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-right:-15px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-right:auto;margin-left:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-left,.media-right,.media-body{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item.disabled:hover,.list-group-item.disabled:focus{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>.small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#c7ddef}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,button.list-group-item:hover,a.list-group-item:focus,button.list-group-item:focus{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,button.list-group-item-success:hover,a.list-group-item-success:focus,button.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,button.list-group-item-success.active,a.list-group-item-success.active:hover,button.list-group-item-success.active:hover,a.list-group-item-success.active:focus,button.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,button.list-group-item-info:hover,a.list-group-item-info:focus,button.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,button.list-group-item-info.active,a.list-group-item-info.active:hover,button.list-group-item-info.active:hover,a.list-group-item-info.active:focus,button.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,button.list-group-item-warning:hover,a.list-group-item-warning:focus,button.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,button.list-group-item-warning.active,a.list-group-item-warning.active:hover,button.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus,button.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,button.list-group-item-danger:hover,a.list-group-item-danger:focus,button.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,button.list-group-item-danger.active,a.list-group-item-danger.active:hover,button.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus,button.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-right:15px;padding-left:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:12px;filter:alpha(opacity=0);opacity:0}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:14px;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2)}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover>.arrow{border-width:11px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,0.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform 0.6s ease-in-out;-o-transition:-o-transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.next,.carousel-inner>.item.active.right{-webkit-transform:translate3d(100%, 0, 0);transform:translate3d(100%, 0, 0);left:0}.carousel-inner>.item.prev,.carousel-inner>.item.active.left{-webkit-transform:translate3d(-100%, 0, 0);transform:translate3d(-100%, 0, 0);left:0}.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right,.carousel-inner>.item.active{-webkit-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0);left:0}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.5)), to(rgba(0,0,0,0.0001)));background-image:linear-gradient(to right, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.0001)), to(rgba(0,0,0,0.5)));background-image:linear-gradient(to right, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;outline:0;filter:alpha(opacity=90);opacity:.9}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%;margin-left:-10px}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%;margin-right:-10px}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:"\2039"}.carousel-control .icon-next:before{content:"\203a"}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{display:table;content:" "}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.js new file mode 100644 index 0000000..853b70d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/bootstrap.min.js @@ -0,0 +1,12 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + */ + +/*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2021 Twitter, Inc. + * Licensed under the MIT license + */ + +if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),n=i.data("bs.alert");n||i.data("bs.alert",n=new o(this)),"string"==typeof e&&n[e].call(i)})}var i='[data-dismiss="alert"]',o=function(e){t(e).on("click",i,this.close)};o.VERSION="3.4.1",o.TRANSITION_DURATION=150,o.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove()}var n=t(this),s=n.attr("data-target");s||(s=n.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,"")),s="#"===s?[]:s;var a=t(document).find(s);e&&e.preventDefault(),a.length||(a=n.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(o.TRANSITION_DURATION):i())};var n=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=o,t.fn.alert.noConflict=function(){return t.fn.alert=n,this},t(document).on("click.bs.alert.data-api",i,o.prototype.close)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.button"),s="object"==typeof e&&e;n||o.data("bs.button",n=new i(this,s)),"toggle"==e?n.toggle():e&&n.setState(e)})}var i=function(e,o){this.$element=t(e),this.options=t.extend({},i.DEFAULTS,o),this.isLoading=!1};i.VERSION="3.4.1",i.DEFAULTS={loadingText:"loading..."},i.prototype.setState=function(e){var i="disabled",o=this.$element,n=o.is("input")?"val":"html",s=o.data();e+="Text",null==s.resetText&&o.data("resetText",o[n]()),setTimeout(t.proxy(function(){o[n](null==s[e]?this.options[e]:s[e]),"loadingText"==e?(this.isLoading=!0,o.addClass(i).attr(i,i).prop(i,!0)):this.isLoading&&(this.isLoading=!1,o.removeClass(i).removeAttr(i).prop(i,!1))},this),0)},i.prototype.toggle=function(){var t=!0,e=this.$element.closest('[data-toggle="buttons"]');if(e.length){var i=this.$element.find("input");"radio"==i.prop("type")?(i.prop("checked")&&(t=!1),e.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==i.prop("type")&&(i.prop("checked")!==this.$element.hasClass("active")&&(t=!1),this.$element.toggleClass("active")),i.prop("checked",this.$element.hasClass("active")),t&&i.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var o=t.fn.button;t.fn.button=e,t.fn.button.Constructor=i,t.fn.button.noConflict=function(){return t.fn.button=o,this},t(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(i){var o=t(i.target).closest(".btn");e.call(o,"toggle"),t(i.target).is('input[type="radio"], input[type="checkbox"]')||(i.preventDefault(),o.is("input,button")?o.trigger("focus"):o.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(e){t(e.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(e.type))})}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.carousel"),s=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e),a="string"==typeof e?e:s.slide;n||o.data("bs.carousel",n=new i(this,s)),"number"==typeof e?n.to(e):a?n[a]():s.interval&&n.pause().cycle()})}var i=function(e,i){this.$element=t(e),this.$indicators=this.$element.find(".carousel-indicators"),this.options=i,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",t.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",t.proxy(this.pause,this)).on("mouseleave.bs.carousel",t.proxy(this.cycle,this))};i.VERSION="3.4.1",i.TRANSITION_DURATION=600,i.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},i.prototype.keydown=function(t){if(!/input|textarea/i.test(t.target.tagName)){switch(t.which){case 37:this.prev();break;case 39:this.next();break;default:return}t.preventDefault()}},i.prototype.cycle=function(e){return e||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(t.proxy(this.next,this),this.options.interval)),this},i.prototype.getItemIndex=function(t){return this.$items=t.parent().children(".item"),this.$items.index(t||this.$active)},i.prototype.getItemForDirection=function(t,e){var i=this.getItemIndex(e),o="prev"==t&&0===i||"next"==t&&i==this.$items.length-1;if(o&&!this.options.wrap)return e;var n="prev"==t?-1:1,s=(i+n)%this.$items.length;return this.$items.eq(s)},i.prototype.to=function(t){var e=this,i=this.getItemIndex(this.$active=this.$element.find(".item.active"));return t>this.$items.length-1||0>t?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){e.to(t)}):i==t?this.pause().cycle():this.slide(t>i?"next":"prev",this.$items.eq(t))},i.prototype.pause=function(e){return e||(this.paused=!0),this.$element.find(".next, .prev").length&&t.support.transition&&(this.$element.trigger(t.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},i.prototype.next=function(){return this.sliding?void 0:this.slide("next")},i.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},i.prototype.slide=function(e,o){var n=this.$element.find(".item.active"),s=o||this.getItemForDirection(e,n),a=this.interval,r="next"==e?"left":"right",l=this;if(s.hasClass("active"))return this.sliding=!1;var h=s[0],d=t.Event("slide.bs.carousel",{relatedTarget:h,direction:r});if(this.$element.trigger(d),!d.isDefaultPrevented()){if(this.sliding=!0,a&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var p=t(this.$indicators.children()[this.getItemIndex(s)]);p&&p.addClass("active")}var c=t.Event("slid.bs.carousel",{relatedTarget:h,direction:r});return t.support.transition&&this.$element.hasClass("slide")?(s.addClass(e),"object"==typeof s&&s.length&&s[0].offsetWidth,n.addClass(r),s.addClass(r),n.one("bsTransitionEnd",function(){s.removeClass([e,r].join(" ")).addClass("active"),n.removeClass(["active",r].join(" ")),l.sliding=!1,setTimeout(function(){l.$element.trigger(c)},0)}).emulateTransitionEnd(i.TRANSITION_DURATION)):(n.removeClass("active"),s.addClass("active"),this.sliding=!1,this.$element.trigger(c)),a&&this.cycle(),this}};var o=t.fn.carousel;t.fn.carousel=e,t.fn.carousel.Constructor=i,t.fn.carousel.noConflict=function(){return t.fn.carousel=o,this};var n=function(i){var o=t(this),n=o.attr("href");n&&(n=n.replace(/.*(?=#[^\s]+$)/,""));var s=o.attr("data-target")||n,a=t(document).find(s);if(a.hasClass("carousel")){var r=t.extend({},a.data(),o.data()),l=o.attr("data-slide-to");l&&(r.interval=!1),e.call(a,r),l&&a.data("bs.carousel").to(l),i.preventDefault()}};t(document).on("click.bs.carousel.data-api","[data-slide]",n).on("click.bs.carousel.data-api","[data-slide-to]",n),t(window).on("load",function(){t('[data-ride="carousel"]').each(function(){var i=t(this);e.call(i,i.data())})})}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var o="#"!==i?t(document).find(i):null;return o&&o.length?o:e.parent()}function i(i){i&&3===i.which||(t(n).remove(),t(s).each(function(){var o=t(this),n=e(o),s={relatedTarget:this};n.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(n[0],i.target)||(n.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(o.attr("aria-expanded","false"),n.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))))}))}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.dropdown");o||i.data("bs.dropdown",o=new a(this)),"string"==typeof e&&o[e].call(i)})}var n=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle)};a.VERSION="3.4.1",a.prototype.toggle=function(o){var n=t(this);if(!n.is(".disabled, :disabled")){var s=e(n),a=s.hasClass("open");if(i(),!a){"ontouchstart"in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(o=t.Event("show.bs.dropdown",r)),o.isDefaultPrevented())return;n.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r))}return!1}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var o=t(this);if(i.preventDefault(),i.stopPropagation(),!o.is(".disabled, :disabled")){var n=e(o),a=n.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&n.find(s).trigger("focus"),o.trigger("click");var r=" li:not(.disabled):visible a",l=n.find(".dropdown-menu"+r);if(l.length){var h=l.index(i.target);38==i.which&&h>0&&h--,40==i.which&&hdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""})},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left)}this.bodyIsOverflowing=document.body.clientWidtha;a++)if(o.match(n[a]))return!0;return!1}function i(i,o,n){if(0===i.length)return i;if(n&&"function"==typeof n)return n(i);if(!document.implementation||!document.implementation.createHTMLDocument)return i;var s=document.implementation.createHTMLDocument("sanitization");s.body.innerHTML=i;for(var a=t.map(o,function(t,e){return e}),r=t(s.body).find("*"),l=0,h=r.length;h>l;l++){var d=r[l],p=d.nodeName.toLowerCase();if(-1!==t.inArray(p,a))for(var c=t.map(d.attributes,function(t){return t}),f=[].concat(o["*"]||[],o[p]||[]),u=0,g=c.length;g>u;u++)e(c[u],f)||d.removeAttribute(c[u].nodeName);else d.parentNode.removeChild(d)}return s.body.innerHTML}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.tooltip"),n="object"==typeof e&&e;!o&&/destroy|hide/.test(e)||(o||i.data("bs.tooltip",o=new d(this,n)),"string"==typeof e&&o[e]())})}var n=["sanitize","whiteList","sanitizeFn"],s=["background","cite","href","itemtype","longdesc","poster","src","xlink:href"],a=/^aria-[\w-]*$/i,r={"*":["class","dir","id","lang","role",a],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width","height"],li:[],ol:[],p:[],pre:[],s:[],small:[],span:[],sub:[],sup:[],strong:[],u:[],ul:[]},l=/^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi,h=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i,d=function(t,e){this.type=null,this.options=null,this.enabled=null,this.timeout=null,this.hoverState=null,this.$element=null,this.inState=null,this.init("tooltip",t,e)};d.VERSION="3.4.1",d.TRANSITION_DURATION=150,d.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0},sanitize:!0,sanitizeFn:null,whiteList:r},d.prototype.init=function(e,i,o){if(this.enabled=!0,this.type=e,this.$element=t(i),this.options=this.getOptions(o),this.$viewport=this.options.viewport&&t(document).find(t.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var n=this.options.trigger.split(" "),s=n.length;s--;){var a=n[s];if("click"==a)this.$element.on("click."+this.type,this.options.selector,t.proxy(this.toggle,this));else if("manual"!=a){var r="hover"==a?"mouseenter":"focusin",l="hover"==a?"mouseleave":"focusout";this.$element.on(r+"."+this.type,this.options.selector,t.proxy(this.enter,this)),this.$element.on(l+"."+this.type,this.options.selector,t.proxy(this.leave,this))}}this.options.selector?this._options=t.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},d.prototype.getDefaults=function(){return d.DEFAULTS},d.prototype.getOptions=function(e){var o=this.$element.data();for(var s in o)o.hasOwnProperty(s)&&-1!==t.inArray(s,n)&&delete o[s];return e=t.extend({},this.getDefaults(),o,e),e.delay&&"number"==typeof e.delay&&(e.delay={show:e.delay,hide:e.delay}),e.sanitize&&(e.template=i(e.template,e.whiteList,e.sanitizeFn)),e},d.prototype.getDelegateOptions=function(){var e={},i=this.getDefaults();return this._options&&t.each(this._options,function(t,o){i[t]!=o&&(e[t]=o)}),e},d.prototype.enter=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusin"==e.type?"focus":"hover"]=!0),i.tip().hasClass("in")||"in"==i.hoverState?void(i.hoverState="in"):(clearTimeout(i.timeout),i.hoverState="in",i.options.delay&&i.options.delay.show?void(i.timeout=setTimeout(function(){"in"==i.hoverState&&i.show()},i.options.delay.show)):i.show())},d.prototype.isInStateTrue=function(){for(var t in this.inState)if(this.inState[t])return!0;return!1},d.prototype.leave=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusout"==e.type?"focus":"hover"]=!1),i.isInStateTrue()?void 0:(clearTimeout(i.timeout),i.hoverState="out",i.options.delay&&i.options.delay.hide?void(i.timeout=setTimeout(function(){"out"==i.hoverState&&i.hide()},i.options.delay.hide)):i.hide())},d.prototype.show=function(){var e=t.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(e);var i=t.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(e.isDefaultPrevented()||!i)return;var o=this,n=this.tip(),s=this.getUID(this.type);this.setContent(),n.attr("id",s),this.$element.attr("aria-describedby",s),this.options.animation&&n.addClass("fade");var a="function"==typeof this.options.placement?this.options.placement.call(this,n[0],this.$element[0]):this.options.placement,r=/\s?auto?\s?/i,l=r.test(a);l&&(a=a.replace(r,"")||"top"),n.detach().css({top:0,left:0,display:"block"}).addClass(a).data("bs."+this.type,this),this.options.container?n.appendTo(t(document).find(this.options.container)):n.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var h=this.getPosition(),p=n[0].offsetWidth,c=n[0].offsetHeight;if(l){var f=a,u=this.getPosition(this.$viewport);a="bottom"==a&&h.bottom+c>u.bottom?"top":"top"==a&&h.top-cu.width?"left":"left"==a&&h.left-pa.top+a.height&&(n.top=a.top+a.height-l)}else{var h=e.left-s,d=e.left+s+i;ha.right&&(n.left=a.left+a.width-d)}return n},d.prototype.getTitle=function(){var t,e=this.$element,i=this.options;return t=e.attr("data-original-title")||("function"==typeof i.title?i.title.call(e[0]):i.title)},d.prototype.getUID=function(t){do t+=~~(1e6*Math.random());while(document.getElementById(t));return t},d.prototype.tip=function(){if(!this.$tip&&(this.$tip=t(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},d.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},d.prototype.enable=function(){this.enabled=!0},d.prototype.disable=function(){this.enabled=!1},d.prototype.toggleEnabled=function(){this.enabled=!this.enabled},d.prototype.toggle=function(e){var i=this;e&&(i=t(e.currentTarget).data("bs."+this.type),i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i))),e?(i.inState.click=!i.inState.click,i.isInStateTrue()?i.enter(i):i.leave(i)):i.tip().hasClass("in")?i.leave(i):i.enter(i)},d.prototype.destroy=function(){var t=this;clearTimeout(this.timeout),this.hide(function(){t.$element.off("."+t.type).removeData("bs."+t.type),t.$tip&&t.$tip.detach(),t.$tip=null,t.$arrow=null,t.$viewport=null,t.$element=null})},d.prototype.sanitizeHtml=function(t){return i(t,this.options.whiteList,this.options.sanitizeFn)};var p=t.fn.tooltip;t.fn.tooltip=o,t.fn.tooltip.Constructor=d,t.fn.tooltip.noConflict=function(){return t.fn.tooltip=p,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.popover"),s="object"==typeof e&&e;!n&&/destroy|hide/.test(e)||(n||o.data("bs.popover",n=new i(this,s)),"string"==typeof e&&n[e]())})}var i=function(t,e){this.init("popover",t,e)};if(!t.fn.tooltip)throw new Error("Popover requires tooltip.js");i.VERSION="3.4.1",i.DEFAULTS=t.extend({},t.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),i.prototype=t.extend({},t.fn.tooltip.Constructor.prototype),i.prototype.constructor=i,i.prototype.getDefaults=function(){return i.DEFAULTS},i.prototype.setContent=function(){var t=this.tip(),e=this.getTitle(),i=this.getContent();if(this.options.html){var o=typeof i;this.options.sanitize&&(e=this.sanitizeHtml(e),"string"===o&&(i=this.sanitizeHtml(i))),t.find(".popover-title").html(e),t.find(".popover-content").children().detach().end()["string"===o?"html":"append"](i)}else t.find(".popover-title").text(e),t.find(".popover-content").children().detach().end().text(i);t.removeClass("fade top bottom left right in"),t.find(".popover-title").html()||t.find(".popover-title").hide()},i.prototype.hasContent=function(){return this.getTitle()||this.getContent()},i.prototype.getContent=function(){var t=this.$element,e=this.options;return t.attr("data-content")||("function"==typeof e.content?e.content.call(t[0]):e.content)},i.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var o=t.fn.popover;t.fn.popover=e,t.fn.popover.Constructor=i,t.fn.popover.noConflict=function(){return t.fn.popover=o,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.tab");n||o.data("bs.tab",n=new i(this)),"string"==typeof e&&n[e]()})}var i=function(e){this.element=t(e)};i.VERSION="3.4.1",i.TRANSITION_DURATION=150,i.prototype.show=function(){var e=this.element,i=e.closest("ul:not(.dropdown-menu)"),o=e.data("target");if(o||(o=e.attr("href"),o=o&&o.replace(/.*(?=#[^\s]*$)/,"")),!e.parent("li").hasClass("active")){var n=i.find(".active:last a"),s=t.Event("hide.bs.tab",{relatedTarget:e[0]}),a=t.Event("show.bs.tab",{relatedTarget:n[0]});if(n.trigger(s),e.trigger(a),!a.isDefaultPrevented()&&!s.isDefaultPrevented()){var r=t(document).find(o);this.activate(e.closest("li"),i),this.activate(r,r.parent(),function(){n.trigger({type:"hidden.bs.tab",relatedTarget:e[0]}),e.trigger({type:"shown.bs.tab",relatedTarget:n[0]})})}}},i.prototype.activate=function(e,o,n){function s(){a.removeClass("active").find("> .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),e.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),r?(e[0].offsetWidth,e.addClass("in")):e.removeClass("fade"),e.parent(".dropdown-menu").length&&e.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),n&&n()}var a=o.find("> .active"),r=n&&t.support.transition&&(a.length&&a.hasClass("fade")||!!o.find("> .fade").length);a.length&&r?a.one("bsTransitionEnd",s).emulateTransitionEnd(i.TRANSITION_DURATION):s(),a.removeClass("in")};var o=t.fn.tab;t.fn.tab=e,t.fn.tab.Constructor=i,t.fn.tab.noConflict=function(){return t.fn.tab=o,this};var n=function(i){i.preventDefault(),e.call(t(this),"show")};t(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',n).on("click.bs.tab.data-api",'[data-toggle="pill"]',n)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.affix"),s="object"==typeof e&&e;n||o.data("bs.affix",n=new i(this,s)),"string"==typeof e&&n[e]()})}var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o);var n=this.options.target===i.DEFAULTS.target?t(this.options.target):t(document).find(this.options.target);this.$target=n.on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};i.VERSION="3.4.1",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,e,i,o){var n=this.$target.scrollTop(),s=this.$element.offset(),a=this.$target.height();if(null!=i&&"top"==this.affixed)return i>n?"top":!1;if("bottom"==this.affixed)return null!=i?n+this.unpin<=s.top?!1:"bottom":t-o>=n+a?!1:"bottom";var r=null==this.affixed,l=r?n:s.top,h=r?a:e;return null!=i&&i>=n?"top":null!=o&&l+h>=t-o?"bottom":!1},i.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(i.RESET).addClass("affix");var t=this.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){ + if(this.$element.is(":visible")){var e=this.$element.height(),o=this.options.offset,n=o.top,s=o.bottom,a=Math.max(t(document).height(),t(document.body).height());"object"!=typeof o&&(s=n=o),"function"==typeof n&&(n=o.top(this.$element)),"function"==typeof s&&(s=o.bottom(this.$element));var r=this.getState(a,e,n,s);if(this.affixed!=r){null!=this.unpin&&this.$element.css("top","");var l="affix"+(r?"-"+r:""),h=t.Event(l+".bs.affix");if(this.$element.trigger(h),h.isDefaultPrevented())return;this.affixed=r,this.unpin="bottom"==r?this.getPinnedOffset():null,this.$element.removeClass(i.RESET).addClass(l).trigger(l.replace("affix","affixed")+".bs.affix")}"bottom"==r&&this.$element.offset({top:a-e-s})}};var o=t.fn.affix;t.fn.affix=e,t.fn.affix.Constructor=i,t.fn.affix.noConflict=function(){return t.fn.affix=o,this},t(window).on("load",function(){t('[data-spy="affix"]').each(function(){var i=t(this),o=i.data();o.offset=o.offset||{},null!=o.offsetBottom&&(o.offset.bottom=o.offsetBottom),null!=o.offsetTop&&(o.offset.top=o.offsetTop),e.call(i,o)})})}(jQuery),+function(t){"use strict";function e(e){var i,o=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(document).find(o)}function i(e){return this.each(function(){var i=t(this),n=i.data("bs.collapse"),s=t.extend({},o.DEFAULTS,i.data(),"object"==typeof e&&e);!n&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),n||i.data("bs.collapse",n=new o(this,s)),"string"==typeof e&&n[e]()})}var o=function(e,i){this.$element=t(e),this.options=t.extend({},o.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};o.VERSION="3.4.1",o.TRANSITION_DURATION=350,o.DEFAULTS={toggle:!0},o.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height"},o.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,n=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(n&&n.length&&(e=n.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){n&&n.length&&(i.call(n,"hide"),e||n.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!t.support.transition)return r.call(this);var l=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(o.TRANSITION_DURATION)[a](this.$element[0][l])}}}},o.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var n=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(n,this)).emulateTransitionEnd(o.TRANSITION_DURATION):n.call(this)}}},o.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},o.prototype.getParent=function(){return t(document).find(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,o){var n=t(o);this.addAriaAndCollapsedClass(e(n),n)},this)).end()},o.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i)};var n=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=o,t.fn.collapse.noConflict=function(){return t.fn.collapse=n,this},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(o){var n=t(this);n.attr("data-target")||o.preventDefault();var s=e(n),a=s.data("bs.collapse"),r=a?"toggle":n.data();i.call(s,r)})}(jQuery),+function(t){"use strict";function e(i,o){this.$body=t(document.body),this.$scrollElement=t(t(i).is(document.body)?window:i),this.options=t.extend({},e.DEFAULTS,o),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",t.proxy(this.process,this)),this.refresh(),this.process()}function i(i){return this.each(function(){var o=t(this),n=o.data("bs.scrollspy"),s="object"==typeof i&&i;n||o.data("bs.scrollspy",n=new e(this,s)),"string"==typeof i&&n[i]()})}e.VERSION="3.4.1",e.DEFAULTS={offset:10},e.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},e.prototype.refresh=function(){var e=this,i="offset",o=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),t.isWindow(this.$scrollElement[0])||(i="position",o=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var e=t(this),n=e.data("target")||e.attr("href"),s=/^#./.test(n)&&t(n);return s&&s.length&&s.is(":visible")&&[[s[i]().top+o,n]]||null}).sort(function(t,e){return t[0]-e[0]}).each(function(){e.offsets.push(this[0]),e.targets.push(this[1])})},e.prototype.process=function(){var t,e=this.$scrollElement.scrollTop()+this.options.offset,i=this.getScrollHeight(),o=this.options.offset+i-this.$scrollElement.height(),n=this.offsets,s=this.targets,a=this.activeTarget;if(this.scrollHeight!=i&&this.refresh(),e>=o)return a!=(t=s[s.length-1])&&this.activate(t);if(a&&e=n[t]&&(void 0===n[t+1]||e 36px */ +} + +.container { + min-width: 260px; + max-width: 700px; +} + +h1 { + margin-bottom: 50px; +} + +footer { + width: 100%; + position: absolute; + bottom: 0; + padding: 0 36px; +} + +img { + width: 100%; +} + +/******************************************************** + * Header + ********************************************************/ + +header .logo { + /* width: 20%;*/ + /*max-width: 600px;*/ + max-height: 150px; + width: auto; +} + +/******************************************************** + * Dropdown + ********************************************************/ +a.dropdown-toggle { + text-decoration: none; +} + +a.dropdown-toggle:hover { + color: #168CA9; + border-bottom: 3px solid #168CA9; +} + +.dropdown-menu { + padding: 5px 0; +} + +.dropdown-menu li > a { + padding: 6px 28px; +} + +.dropdown-menu a > .prefix { + display: inline-block; + min-width: 22px; + margin-right: 28px; + text-align: right; +} + +/******************************************************** + * Form + ********************************************************/ + +/* Labels should not be bold */ +label { + font-weight: normal; +} + +/* Make error messages bold */ +.has-error .help-block { + font-weight: bold; +} + +/* Change button size, by default 116px in width */ +.btn { + min-width: 116px; + padding: 3px 12px; +} + +/* Disable gradient in buttons, ughhhh */ +.btn.btn-primary { + border-color: transparent; + background-image: none; + text-shadow: none; + box-shadow: none; + -webkit-box-shadow: none; +} + +.help-block a, .help-block a:visited { + color: #168CA9; + font-weight: bold; + text-decoration: none; +} + +.help-block a:hover { + color: #168CA9; + text-decoration: underline; +} + +/******************************************************** + * Footer + ********************************************************/ +footer .row { + margin: 36px 0 0 0; + height: 40px; + padding-top: 14px; + line-height: 26px; /* to center text: height - padding-top = 26px */ + border-top: 1px solid #168CA9; +} + +footer .row > div { /* Fix alignment between border + text on Bootstrap grid */ + padding: 0; +} + +footer .logo-round-container { + position: relative; +} + +footer .logo-round { + position: absolute; + left: 0; + right: 0; + top: -33px; /* found visually with Chrome Dev Tools */ + height: 36px; + width: 36px; + border: 1px solid #00868c; + border-radius: 18px; + background: #fff; + padding: 8px; +} + +footer .logo-round > img { + display: block; +} + +#dispatchTargets { + margin-top: 20px; +} + +/******************************************************** + * Social login + ********************************************************/ +.btn.line { + background-color: transparent; + display: block; + width: 100%; + padding: 0; + margin: 1.5em 0 1em; + border: 0.5px solid #ccc; + pointer-events: none; +} + +.btn.socialLogin { + background-color: #fff; + border: thin solid #ccc; + color: #000; + font-weight: 600; + position: relative; + margin: 5px; + min-width: 140px; + width: 210px; + border-radius: 8px; + padding: 8px 12px; + text-align: left; +} + +.socialLogin img { + width: 1.5em; + height: 108%; + margin-right: 0.5em; +} + +.btn.apple img { + width: 1.2em; +} + +/******************************************************** + * Show password + ********************************************************/ +.icon-inside { + position: relative; +} + +.icon-inside input { + padding-right: calc(0.75rem + 1.25rem + 0.75rem); +} + +.icon-inside button { + position: absolute; + right: 0; + top: 0; + margin-top: 0.45rem; + margin-right: 0.45rem; + background: #FFFFFF; + border: #FFFFFF; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/dropdown.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/dropdown.js new file mode 100644 index 0000000..cdd301c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/dropdown.js @@ -0,0 +1,36 @@ +(function() { + var closeDropdownTimeout; + + function closeDropdown(event) { + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) { + dropdownMenu.style.display = 'none'; + } + } + + // remove event listener till we have a new dropdown menu open + if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) { + document.removeEventListener('click', closeDropdown); + } + } + + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'none'; // ensure menu is initially hidden + + dropdowns[i].addEventListener('click', function(e) { + // show dropdown menu + var dropdownMenu = this.querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'block'; + + // handle clicking away + clearTimeout(closeDropdownTimeout); + closeDropdownTimeout = setTimeout(function() { + document.addEventListener('click', closeDropdown); + }, 10); + }); + } +}()); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/e2eenc.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/e2eenc.js new file mode 100644 index 0000000..932c0c6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/e2eenc.js @@ -0,0 +1,98 @@ +var e2eenc = function() { + + this.encryptForm = function(algoString, formId) { + // TODO: in case of an error we should return false, to prevent the for to be submitted + // or replace the fields with dummy values, just to prevent the the transmission + // of unencrypted values + + + // create the array of input fields to encrypt (needs to be done before setting the form + // invisible + var fieldsToEncrypt = new Array(); + $.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));}); + + // hide the form, and display the splash screen + $('#loginform').css('display','none'); + $('#e2eeSplashScreen').css('display','block'); + + // encryption logic + var pubKey = $("input[name='e2eenc.publicKey']").val(); + + var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey) + var iv = forge.random.getBytesSync(16); + keyB64 = forge.util.encode64(kemSessionKey.key); + encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation); + ivB64 = forge.util.encode64(iv); + + //console.log("Encrypting form " + formId + " (" + algoString + ")"); + var fields = ""; + $.each(fieldsToEncrypt, function(index, _inputField) { + var inputField = $(_inputField); + if (inputField.attr("type") == "text" || inputField.attr("type") == "password") { + //console.log("Encrypting field " + JSON.stringify(inputField)); + var plainValue = inputField.val(); + + var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue); + //console.log("Setting encrypted value in b64: " + encryptedValueB64); + inputField.val(encryptedValueB64); + if (fields.length > 0) { + fields = fields + "," + } + fields = fields + inputField.attr("name"); + } + }); + $("input[name='e2eenc.iv']").val(ivB64); + $("input[name='e2eenc.encapsulation']").val(encapsulationB64); + $("input[name='e2eenc.fields']").val(fields); + } + + function getRSApublicKey(pem) { + //console.log("PEM: " + pem); + + var msg = forge.pem.decode(pem)[0]; + + //console.log("msg type: " + msg.type); + + if(msg.procType && msg.procType.type === 'ENCRYPTED') { + throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.'); + } + + // convert DER to ASN.1 object + var asn1obj = forge.asn1.fromDer(msg.body); + //console.log("ASN.1 obj: " + JSON.stringify(asn1obj)) + + var pubKey = forge.pki.publicKeyFromAsn1(asn1obj) + //console.log("PubKey: " + JSON.stringify(pubKey)) + return pubKey; + } + + function generateKEMSessionKey(rsaPublicKey) { + // generate key-derivation-function and initializes it with sha1 + var kdf1 = new forge.kem.kdf1(forge.md.sha1.create()); + // creates a KEM function based on the key-derivation-function created above + var kem = forge.kem.rsa.create(kdf1); + // generate and encapsulate a 16-byte secret key. + // The secret key is generated using the kdf defined above. + var kemSessionKey = kem.encrypt(rsaPublicKey, 16); + // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key) + return kemSessionKey; + } + + function readPublicKeyAndGenerateSessionKey(pem) { + var rsaPublicKey = getRSApublicKey(pem); + //console.log("PubKey: " + JSON.stringify(rsaPublicKey)) + var kemSessionKey = generateKEMSessionKey(rsaPublicKey); + //console.log("KEM session key: " + JSON.stringify(kemSessionKey)) + return kemSessionKey; + } + + function encrypt(kemSessionKey, iv, msg) { + var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key); + cipher.start({iv: iv}); + cipher.update(forge.util.createBuffer(msg, 'utf-8')); + cipher.finish(); + var encrypted = cipher.output.getBytes(); + encryptedB64 = forge.util.encode64(encrypted); + return encryptedB64; + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye-off.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye-off.svg new file mode 100644 index 0000000..c29471a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye-off.svg @@ -0,0 +1,3 @@ + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye.svg new file mode 100644 index 0000000..6c23ec8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/eye.svg @@ -0,0 +1,4 @@ + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth.js new file mode 100644 index 0000000..aa6372a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth.js @@ -0,0 +1,61 @@ +(function() { + 'use strict' + + async function assertion(options) { + let credential; + try { + credential = await navigator.credentials.get({ "publicKey": options }); + } + // Cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to get WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/assertion/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData)); + addInput(form, "response.signature", base64url.encode(credential.response.signature)); + document.body.appendChild(form); + form.submit(); + } + + function authenticate() { + // WebAuthn feature detection + if (!isWebAuthnSupportedByTheBrowser()) { + cancelFido2(); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.challenge = base64url.decode(options.challenge); + options.allowCredentials = options.allowCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + return assertion(options); + }).catch((error) => { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + }); + } + + authenticate(); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth_std.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth_std.js new file mode 100644 index 0000000..0296291 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_auth_std.js @@ -0,0 +1,175 @@ +(function() { + 'use strict' + + async function authenticate(username, params) { + + try { + const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params; + const { startAuthentication } = SimpleWebAuthnBrowser; + + // fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use + const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint); + const fido2SessionId = authOptRespJson.fido2SessionId; + + // do the client side authentication using the SimpleWebAuthn JS library + const authRespJson = await startAuthentication(authOptRespJson); + + // in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests) + // then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it + if (!authRespJson.response.userHandle) { + const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint); + + if (statusRespJson && statusRespJson.userId) { + console.log("adding userHandle: " + statusRespJson.userId); + authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle + } + else { + throw new Error('userHandle is missing and could not determine it using the status service'); + } + } + else { + console.log("userHandle already set: " + authRespJson.response.userHandle); + } + + // send the assertion response created by the authenticator to nevisFIDO + const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint); + + // checking the server response of nevisFIDO + if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) { + let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error'; + throw new Error('authentication failed: ' + errorMessage); + } + + // send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the + // nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE + await updateNevisAuth(fido2SessionId, nevisAuthEndpoint); + + console.log('authentication was successful'); + + console.log('reloading page...'); + window.location.reload(); + } + catch (error) { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + } + }; + + async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) { + + const authOptReqJson = { + 'username': username, + 'userVerification': userVerification, + }; + + const authOptReq = JSON.stringify(authOptReqJson); + console.log('authOptReq ==> ' + authOptReq); + + const authOptResp = await fetch(authenticationOptionsEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authOptReq, + }); + + if (!authOptResp.ok) { + throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText); + } + + const authOptRespJson = await authOptResp.json() + console.log('authOptResp <== ' + JSON.stringify(authOptRespJson)); + + return authOptRespJson; + }; + + async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) { + + const statusReqJson = { + 'fido2SessionId': fido2SessionId, + }; + + const statusReq = JSON.stringify(statusReqJson); + console.log('statusReq ==> ' + statusReq); + + const statusResp = await fetch(statusServiceEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: statusReq, + }); + + if (!statusResp.ok) { + throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText); + } + + const statusRespJson = await statusResp.json(); + console.log('statusResp <== ' + JSON.stringify(statusRespJson)); + + return statusRespJson; + } + + async function submitAssertion(authRespJson, authenticationEndpoint) { + + console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle); + + // TODO koenig 20230504: read btoa once nevisFIDO is adapted + let encodedAuthResp = { + "id": authRespJson.id, + "response": { + "authenticatorData": authRespJson.response.authenticatorData, + "signature": authRespJson.response.signature, + "userHandle": authRespJson.response.userHandle, + "clientDataJSON": authRespJson.response.clientDataJSON + }, + "type": authRespJson.type + } + + const authResp = JSON.stringify(encodedAuthResp); + console.log('authResp ==> ' + authResp); + + const serverResp = await fetch(authenticationEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authResp, + }); + + if (!serverResp.ok) { + throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText); + } + + const serverRespJson = await serverResp.json(); + console.log('serverResp <== ' + JSON.stringify(serverRespJson)); + + return serverRespJson; + }; + + async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) { + + console.log('updateNevisAuth ==> ' + fido2SessionId); + + const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, { + method: 'GET', + credentials: 'same-origin', + headers: { + 'nevis-fido2-session-id': fido2SessionId, + } + }); + + if (!updateNevisAuthResponse.ok) { + throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText); + } + + console.log('updateNevisAuth <== OK'); + + return; + }; + + // TODO koenig 20230206: we don't generate IDs into the HTML yet + let username = document.getElementsByName("username")[0].value; + params.nevisAuthEndpoint = window.location.href; + authenticate(username, params); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_onboard.js new file mode 100644 index 0000000..9d92a57 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_onboard.js @@ -0,0 +1,70 @@ +function dispatch(name) { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, name, "true"); + document.body.appendChild(form); + form.submit(); +} + +async function attestation(options) { + let credential; + try { + credential = await navigator.credentials.create({ "publicKey": options }); + } + // cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to create WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/attestation/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject)); + document.body.appendChild(form); + form.submit(); +} + +function start() { + + if (!isWebAuthnSupportedByTheBrowser()) { + dispatch("unsupported"); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.user.id = base64url.decode(options.user.id); + options.challenge = base64url.decode(options.challenge); + if (options.excludeCredentials != null) { + options.excludeCredentials = options.excludeCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + } + if (options.authenticatorSelection.authenticatorAttachment === null) { + options.authenticatorSelection.authenticatorAttachment = undefined; + } + return attestation(options); + }).catch((error) => { + console.log('Error during FIDO2 onboarding: ' + error); + dispatch("failed"); + }); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_utils.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_utils.js new file mode 100644 index 0000000..dc6056c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/fido2_utils.js @@ -0,0 +1,40 @@ +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +/** + * Checks whether WebAuthn is supported by the browser or not. + * @return true if supported, false if it is not supported or not in secure context + */ +function isWebAuthnSupportedByTheBrowser() { + if (window.isSecureContext) { + // This feature is available only in secure contexts in some or all supporting browsers. + if ('credentials' in navigator) { + return true; + } + console.warn('Oh no! This browser does not support WebAuthn.'); + return false; + } + console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".'); + return false; +} + +/** + * Trigger on cancel pattern of the FIDO2 authentication step. + * + * Provides an alternative when the user decides to + * cancel the fido2 credential operation(create or fetch) or + * the operation fails and the error cannot be handled. + */ +function cancelFido2() { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "cancel_fido2", "true"); + document.body.appendChild(form); + form.submit(); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/forge.bundle.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/forge.bundle.js new file mode 100644 index 0000000..58cb6a8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/resources/forge.bundle.js @@ -0,0 +1,28767 @@ +(function(root, factory) { + if(typeof define === 'function' && define.amd) { + define([], factory); + } else { + root.forge = factory(); + } +})(this, function() { +/** + * @license almond 0.2.9 Copyright (c) 2011-2014, The Dojo Foundation All Rights Reserved. + * Available via the MIT or new BSD license. + * see: http://github.com/jrburke/almond for details + */ +//Going sloppy to avoid 'use strict' string cost, but strict practices should +//be followed. +/*jslint sloppy: true */ +/*global setTimeout: false */ + +var requirejs, require, define; +(function (undef) { + var main, req, makeMap, handlers, + defined = {}, + waiting = {}, + config = {}, + defining = {}, + hasOwn = Object.prototype.hasOwnProperty, + aps = [].slice, + jsSuffixRegExp = /\.js$/; + + function hasProp(obj, prop) { + return hasOwn.call(obj, prop); + } + + /** + * Given a relative module name, like ./something, normalize it to + * a real name that can be mapped to a path. + * @param {String} name the relative name + * @param {String} baseName a real name that the name arg is relative + * to. + * @returns {String} normalized name + */ + function normalize(name, baseName) { + var nameParts, nameSegment, mapValue, foundMap, lastIndex, + foundI, foundStarMap, starI, i, j, part, + baseParts = baseName && baseName.split("/"), + map = config.map, + starMap = (map && map['*']) || {}; + + //Adjust any relative paths. + if (name && name.charAt(0) === ".") { + //If have a base name, try to normalize against it, + //otherwise, assume it is a top-level require that will + //be relative to baseUrl in the end. + if (baseName) { + //Convert baseName to array, and lop off the last part, + //so that . matches that "directory" and not name of the baseName's + //module. For instance, baseName of "one/two/three", maps to + //"one/two/three.js", but we want the directory, "one/two" for + //this normalization. + baseParts = baseParts.slice(0, baseParts.length - 1); + name = name.split('/'); + lastIndex = name.length - 1; + + // Node .js allowance: + if (config.nodeIdCompat && jsSuffixRegExp.test(name[lastIndex])) { + name[lastIndex] = name[lastIndex].replace(jsSuffixRegExp, ''); + } + + name = baseParts.concat(name); + + //start trimDots + for (i = 0; i < name.length; i += 1) { + part = name[i]; + if (part === ".") { + name.splice(i, 1); + i -= 1; + } else if (part === "..") { + if (i === 1 && (name[2] === '..' || name[0] === '..')) { + //End of the line. Keep at least one non-dot + //path segment at the front so it can be mapped + //correctly to disk. Otherwise, there is likely + //no path mapping for a path starting with '..'. + //This can still fail, but catches the most reasonable + //uses of .. + break; + } else if (i > 0) { + name.splice(i - 1, 2); + i -= 2; + } + } + } + //end trimDots + + name = name.join("/"); + } else if (name.indexOf('./') === 0) { + // No baseName, so this is ID is resolved relative + // to baseUrl, pull off the leading dot. + name = name.substring(2); + } + } + + //Apply map config if available. + if ((baseParts || starMap) && map) { + nameParts = name.split('/'); + + for (i = nameParts.length; i > 0; i -= 1) { + nameSegment = nameParts.slice(0, i).join("/"); + + if (baseParts) { + //Find the longest baseName segment match in the config. + //So, do joins on the biggest to smallest lengths of baseParts. + for (j = baseParts.length; j > 0; j -= 1) { + mapValue = map[baseParts.slice(0, j).join('/')]; + + //baseName segment has config, find if it has one for + //this name. + if (mapValue) { + mapValue = mapValue[nameSegment]; + if (mapValue) { + //Match, update name to the new value. + foundMap = mapValue; + foundI = i; + break; + } + } + } + } + + if (foundMap) { + break; + } + + //Check for a star map match, but just hold on to it, + //if there is a shorter segment match later in a matching + //config, then favor over this star map. + if (!foundStarMap && starMap && starMap[nameSegment]) { + foundStarMap = starMap[nameSegment]; + starI = i; + } + } + + if (!foundMap && foundStarMap) { + foundMap = foundStarMap; + foundI = starI; + } + + if (foundMap) { + nameParts.splice(0, foundI, foundMap); + name = nameParts.join('/'); + } + } + + return name; + } + + function makeRequire(relName, forceSync) { + return function () { + //A version of a require function that passes a moduleName + //value for items that may need to + //look up paths relative to the moduleName + return req.apply(undef, aps.call(arguments, 0).concat([relName, forceSync])); + }; + } + + function makeNormalize(relName) { + return function (name) { + return normalize(name, relName); + }; + } + + function makeLoad(depName) { + return function (value) { + defined[depName] = value; + }; + } + + function callDep(name) { + if (hasProp(waiting, name)) { + var args = waiting[name]; + delete waiting[name]; + defining[name] = true; + main.apply(undef, args); + } + + if (!hasProp(defined, name) && !hasProp(defining, name)) { + throw new Error('No ' + name); + } + return defined[name]; + } + + //Turns a plugin!resource to [plugin, resource] + //with the plugin being undefined if the name + //did not have a plugin prefix. + function splitPrefix(name) { + var prefix, + index = name ? name.indexOf('!') : -1; + if (index > -1) { + prefix = name.substring(0, index); + name = name.substring(index + 1, name.length); + } + return [prefix, name]; + } + + /** + * Makes a name map, normalizing the name, and using a plugin + * for normalization if necessary. Grabs a ref to plugin + * too, as an optimization. + */ + makeMap = function (name, relName) { + var plugin, + parts = splitPrefix(name), + prefix = parts[0]; + + name = parts[1]; + + if (prefix) { + prefix = normalize(prefix, relName); + plugin = callDep(prefix); + } + + //Normalize according + if (prefix) { + if (plugin && plugin.normalize) { + name = plugin.normalize(name, makeNormalize(relName)); + } else { + name = normalize(name, relName); + } + } else { + name = normalize(name, relName); + parts = splitPrefix(name); + prefix = parts[0]; + name = parts[1]; + if (prefix) { + plugin = callDep(prefix); + } + } + + //Using ridiculous property names for space reasons + return { + f: prefix ? prefix + '!' + name : name, //fullName + n: name, + pr: prefix, + p: plugin + }; + }; + + function makeConfig(name) { + return function () { + return (config && config.config && config.config[name]) || {}; + }; + } + + handlers = { + require: function (name) { + return makeRequire(name); + }, + exports: function (name) { + var e = defined[name]; + if (typeof e !== 'undefined') { + return e; + } else { + return (defined[name] = {}); + } + }, + module: function (name) { + return { + id: name, + uri: '', + exports: defined[name], + config: makeConfig(name) + }; + } + }; + + main = function (name, deps, callback, relName) { + var cjsModule, depName, ret, map, i, + args = [], + callbackType = typeof callback, + usingExports; + + //Use name if no relName + relName = relName || name; + + //Call the callback to define the module, if necessary. + if (callbackType === 'undefined' || callbackType === 'function') { + //Pull out the defined dependencies and pass the ordered + //values to the callback. + //Default to [require, exports, module] if no deps + deps = !deps.length && callback.length ? ['require', 'exports', 'module'] : deps; + for (i = 0; i < deps.length; i += 1) { + map = makeMap(deps[i], relName); + depName = map.f; + + //Fast path CommonJS standard dependencies. + if (depName === "require") { + args[i] = handlers.require(name); + } else if (depName === "exports") { + //CommonJS module spec 1.1 + args[i] = handlers.exports(name); + usingExports = true; + } else if (depName === "module") { + //CommonJS module spec 1.1 + cjsModule = args[i] = handlers.module(name); + } else if (hasProp(defined, depName) || + hasProp(waiting, depName) || + hasProp(defining, depName)) { + args[i] = callDep(depName); + } else if (map.p) { + map.p.load(map.n, makeRequire(relName, true), makeLoad(depName), {}); + args[i] = defined[depName]; + } else { + throw new Error(name + ' missing ' + depName); + } + } + + ret = callback ? callback.apply(defined[name], args) : undefined; + + if (name) { + //If setting exports via "module" is in play, + //favor that over return value and exports. After that, + //favor a non-undefined return value over exports use. + if (cjsModule && cjsModule.exports !== undef && + cjsModule.exports !== defined[name]) { + defined[name] = cjsModule.exports; + } else if (ret !== undef || !usingExports) { + //Use the return value from the function. + defined[name] = ret; + } + } + } else if (name) { + //May just be an object definition for the module. Only + //worry about defining if have a module name. + defined[name] = callback; + } + }; + + requirejs = require = req = function (deps, callback, relName, forceSync, alt) { + if (typeof deps === "string") { + if (handlers[deps]) { + //callback in this case is really relName + return handlers[deps](callback); + } + //Just return the module wanted. In this scenario, the + //deps arg is the module name, and second arg (if passed) + //is just the relName. + //Normalize module name, if it contains . or .. + return callDep(makeMap(deps, callback).f); + } else if (!deps.splice) { + //deps is a config object, not an array. + config = deps; + if (config.deps) { + req(config.deps, config.callback); + } + if (!callback) { + return; + } + + if (callback.splice) { + //callback is an array, which means it is a dependency list. + //Adjust args if there are dependencies + deps = callback; + callback = relName; + relName = null; + } else { + deps = undef; + } + } + + //Support require(['a']) + callback = callback || function () {}; + + //If relName is a function, it is an errback handler, + //so remove it. + if (typeof relName === 'function') { + relName = forceSync; + forceSync = alt; + } + + //Simulate async callback; + if (forceSync) { + main(undef, deps, callback, relName); + } else { + //Using a non-zero value because of concern for what old browsers + //do, and latest browsers "upgrade" to 4 if lower value is used: + //http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-windowtimers-settimeout: + //If want a value immediately, use require('id') instead -- something + //that works in almond on the global level, but not guaranteed and + //unlikely to work in other AMD implementations. + setTimeout(function () { + main(undef, deps, callback, relName); + }, 4); + } + + return req; + }; + + /** + * Just drops the config on the floor, but returns req in case + * the config return value is used. + */ + req.config = function (cfg) { + return req(cfg); + }; + + /** + * Expose module registry for debugging and tooling + */ + requirejs._defined = defined; + + define = function (name, deps, callback) { + + //This module may not have dependencies + if (!deps.splice) { + //deps is not an array, so probably means + //an object literal or factory function for + //the value. Adjust args. + callback = deps; + deps = []; + } + + if (!hasProp(defined, name) && !hasProp(waiting, name)) { + waiting[name] = [name, deps, callback]; + } + }; + + define.amd = { + jQuery: true + }; +}()); + +define("node_modules/almond/almond", function(){}); + +/** + * Utility functions for web applications. + * + * @author Dave Longley + * + * Copyright (c) 2010-2014 Digital Bazaar, Inc. + */ +(function() { +/* ########## Begin module implementation ########## */ +function initModule(forge) { + +/* Utilities API */ +var util = forge.util = forge.util || {}; + +// define setImmediate and nextTick +if(typeof process === 'undefined' || !process.nextTick) { + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + util.nextTick = function(callback) { + return setImmediate(callback); + }; + } else { + util.setImmediate = function(callback) { + setTimeout(callback, 0); + }; + util.nextTick = util.setImmediate; + } +} else { + util.nextTick = process.nextTick; + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + } else { + util.setImmediate = util.nextTick; + } +} + +// define isArray +util.isArray = Array.isArray || function(x) { + return Object.prototype.toString.call(x) === '[object Array]'; +}; + +// define isArrayBuffer +util.isArrayBuffer = function(x) { + return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; +}; + +// define isArrayBufferView +var _arrayBufferViews = []; +if(typeof DataView !== 'undefined') { + _arrayBufferViews.push(DataView); +} +if(typeof Int8Array !== 'undefined') { + _arrayBufferViews.push(Int8Array); +} +if(typeof Uint8Array !== 'undefined') { + _arrayBufferViews.push(Uint8Array); +} +if(typeof Uint8ClampedArray !== 'undefined') { + _arrayBufferViews.push(Uint8ClampedArray); +} +if(typeof Int16Array !== 'undefined') { + _arrayBufferViews.push(Int16Array); +} +if(typeof Uint16Array !== 'undefined') { + _arrayBufferViews.push(Uint16Array); +} +if(typeof Int32Array !== 'undefined') { + _arrayBufferViews.push(Int32Array); +} +if(typeof Uint32Array !== 'undefined') { + _arrayBufferViews.push(Uint32Array); +} +if(typeof Float32Array !== 'undefined') { + _arrayBufferViews.push(Float32Array); +} +if(typeof Float64Array !== 'undefined') { + _arrayBufferViews.push(Float64Array); +} +util.isArrayBufferView = function(x) { + for(var i = 0; i < _arrayBufferViews.length; ++i) { + if(x instanceof _arrayBufferViews[i]) { + return true; + } + } + return false; +}; + +// TODO: set ByteBuffer to best available backing +util.ByteBuffer = ByteStringBuffer; + +/** Buffer w/BinaryString backing */ + +/** + * Constructor for a binary string backed byte buffer. + * + * @param [b] the bytes to wrap (either encoded as string, one byte per + * character, or as an ArrayBuffer or Typed Array). + */ +function ByteStringBuffer(b) { + // TODO: update to match DataBuffer API + + // the data in this buffer + this.data = ''; + // the pointer for reading from this buffer + this.read = 0; + + if(typeof b === 'string') { + this.data = b; + } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { + // convert native buffer to forge buffer + // FIXME: support native buffers internally instead + var arr = new Uint8Array(b); + try { + this.data = String.fromCharCode.apply(null, arr); + } catch(e) { + for(var i = 0; i < arr.length; ++i) { + this.putByte(arr[i]); + } + } + } else if(b instanceof ByteStringBuffer || + (typeof b === 'object' && typeof b.data === 'string' && + typeof b.read === 'number')) { + // copy existing buffer + this.data = b.data; + this.read = b.read; + } + + // used for v8 optimization + this._constructedStringLength = 0; +} +util.ByteStringBuffer = ByteStringBuffer; + +/* Note: This is an optimization for V8-based browsers. When V8 concatenates + a string, the strings are only joined logically using a "cons string" or + "constructed/concatenated string". These containers keep references to one + another and can result in very large memory usage. For example, if a 2MB + string is constructed by concatenating 4 bytes together at a time, the + memory usage will be ~44MB; so ~22x increase. The strings are only joined + together when an operation requiring their joining takes place, such as + substr(). This function is called when adding data to this buffer to ensure + these types of strings are periodically joined to reduce the memory + footprint. */ +var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; +util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { + this._constructedStringLength += x; + if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { + // this substr() should cause the constructed string to join + this.data.substr(0, 1); + this._constructedStringLength = 0; + } +}; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.ByteStringBuffer.prototype.length = function() { + return this.data.length - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.ByteStringBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putByte = function(b) { + return this.putBytes(String.fromCharCode(b)); +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { + b = String.fromCharCode(b); + var d = this.data; + while(n > 0) { + if(n & 1) { + d += b; + } + n >>>= 1; + if(n > 0) { + b += b; + } + } + this.data = d; + this._optimizeConstructedString(n); + return this; +}; + +/** + * Puts bytes in this buffer. + * + * @param bytes the bytes (as a UTF-8 encoded string) to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBytes = function(bytes) { + this.data += bytes; + this._optimizeConstructedString(bytes.length); + return this; +}; + +/** + * Puts a UTF-16 encoded string into this buffer. + * + * @param str the string to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putString = function(str) { + return this.putBytes(util.encodeUtf8(str)); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 24 & 0xFF)); +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt = function(i, n) { + var bytes = ''; + do { + n -= 8; + bytes += String.fromCharCode((i >> n) & 0xFF); + } while(n > 0); + return this.putBytes(bytes); +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBuffer = function(buffer) { + return this.putBytes(buffer.getBytes()); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.getByte = function() { + return this.data.charCodeAt(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 8 ^ + this.data.charCodeAt(this.read + 1)); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 16 ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 24 ^ + this.data.charCodeAt(this.read + 1) << 16 ^ + this.data.charCodeAt(this.read + 2) << 8 ^ + this.data.charCodeAt(this.read + 3)); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16 ^ + this.data.charCodeAt(this.read + 3) << 24); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.charCodeAt(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.ByteStringBuffer.prototype.getBytes = function(count) { + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.ByteStringBuffer.prototype.bytes = function(count) { + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.at = function(i) { + return this.data.charCodeAt(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.setAt = function(i, b) { + this.data = this.data.substr(0, this.read + i) + + String.fromCharCode(b) + + this.data.substr(this.read + i + 1); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.ByteStringBuffer.prototype.last = function() { + return this.data.charCodeAt(this.data.length - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.ByteStringBuffer.prototype.copy = function() { + var c = util.createBuffer(this.data); + c.read = this.read; + return c; +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.compact = function() { + if(this.read > 0) { + this.data = this.data.slice(this.read); + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.clear = function() { + this.data = ''; + this.read = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.truncate = function(count) { + var len = Math.max(0, this.length() - count); + this.data = this.data.substr(this.read, len); + this.read = 0; + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.ByteStringBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.length; ++i) { + var b = this.data.charCodeAt(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a UTF-16 string (standard JavaScript string). + * + * @return a UTF-16 string. + */ +util.ByteStringBuffer.prototype.toString = function() { + return util.decodeUtf8(this.bytes()); +}; + +/** End Buffer w/BinaryString backing */ + + +/** Buffer w/UInt8Array backing */ + +/** + * FIXME: Experimental. Do not use yet. + * + * Constructor for an ArrayBuffer-backed byte buffer. + * + * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a + * TypedArray. + * + * If a string is given, its encoding should be provided as an option, + * otherwise it will default to 'binary'. A 'binary' string is encoded such + * that each character is one byte in length and size. + * + * If an ArrayBuffer, DataView, or TypedArray is given, it will be used + * *directly* without any copying. Note that, if a write to the buffer requires + * more space, the buffer will allocate a new backing ArrayBuffer to + * accommodate. The starting read and write offsets for the buffer may be + * given as options. + * + * @param [b] the initial bytes for this buffer. + * @param options the options to use: + * [readOffset] the starting read offset to use (default: 0). + * [writeOffset] the starting write offset to use (default: the + * length of the first parameter). + * [growSize] the minimum amount, in bytes, to grow the buffer by to + * accommodate writes (default: 1024). + * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the + * first parameter, if it is a string (default: 'binary'). + */ +function DataBuffer(b, options) { + // default options + options = options || {}; + + // pointers for read from/write to buffer + this.read = options.readOffset || 0; + this.growSize = options.growSize || 1024; + + var isArrayBuffer = util.isArrayBuffer(b); + var isArrayBufferView = util.isArrayBufferView(b); + if(isArrayBuffer || isArrayBufferView) { + // use ArrayBuffer directly + if(isArrayBuffer) { + this.data = new DataView(b); + } else { + // TODO: adjust read/write offset based on the type of view + // or specify that this must be done in the options ... that the + // offsets are byte-based + this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); + } + this.write = ('writeOffset' in options ? + options.writeOffset : this.data.byteLength); + return; + } + + // initialize to empty array buffer and add any given bytes using putBytes + this.data = new DataView(new ArrayBuffer(0)); + this.write = 0; + + if(b !== null && b !== undefined) { + this.putBytes(b); + } + + if('writeOffset' in options) { + this.write = options.writeOffset; + } +} +util.DataBuffer = DataBuffer; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.DataBuffer.prototype.length = function() { + return this.write - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.DataBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Ensures this buffer has enough empty space to accommodate the given number + * of bytes. An optional parameter may be given that indicates a minimum + * amount to grow the buffer if necessary. If the parameter is not given, + * the buffer will be grown by some previously-specified default amount + * or heuristic. + * + * @param amount the number of bytes to accommodate. + * @param [growSize] the minimum amount, in bytes, to grow the buffer by if + * necessary. + */ +util.DataBuffer.prototype.accommodate = function(amount, growSize) { + if(this.length() >= amount) { + return this; + } + growSize = Math.max(growSize || this.growSize, amount); + + // grow buffer + var src = new Uint8Array( + this.data.buffer, this.data.byteOffset, this.data.byteLength); + var dst = new Uint8Array(this.length() + growSize); + dst.set(src); + this.data = new DataView(dst.buffer); + + return this; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putByte = function(b) { + this.accommodate(1); + this.data.setUint8(this.write++, b); + return this; +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.fillWithByte = function(b, n) { + this.accommodate(n); + for(var i = 0; i < n; ++i) { + this.data.setUint8(b); + } + return this; +}; + +/** + * Puts bytes in this buffer. The bytes may be given as a string, an + * ArrayBuffer, a DataView, or a TypedArray. + * + * @param bytes the bytes to put. + * @param [encoding] the encoding for the first parameter ('binary', 'utf8', + * 'utf16', 'hex'), if it is a string (default: 'binary'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBytes = function(bytes, encoding) { + if(util.isArrayBufferView(bytes)) { + var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); + var len = src.byteLength - src.byteOffset; + this.accommodate(len); + var dst = new Uint8Array(this.data.buffer, this.write); + dst.set(src); + this.write += len; + return this; + } + + if(util.isArrayBuffer(bytes)) { + var src = new Uint8Array(bytes); + this.accommodate(src.byteLength); + var dst = new Uint8Array(this.data.buffer); + dst.set(src, this.write); + this.write += src.byteLength; + return this; + } + + // bytes is a util.DataBuffer or equivalent + if(bytes instanceof util.DataBuffer || + (typeof bytes === 'object' && + typeof bytes.read === 'number' && typeof bytes.write === 'number' && + util.isArrayBufferView(bytes.data))) { + var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); + this.accommodate(src.byteLength); + var dst = new Uint8Array(bytes.data.byteLength, this.write); + dst.set(src); + this.write += src.byteLength; + return this; + } + + if(bytes instanceof util.ByteStringBuffer) { + // copy binary string and process as the same as a string parameter below + bytes = bytes.data; + encoding = 'binary'; + } + + // string conversion + encoding = encoding || 'binary'; + if(typeof bytes === 'string') { + var view; + + // decode from string + if(encoding === 'hex') { + this.accommodate(Math.ceil(bytes.length / 2)); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.hex.decode(bytes, view, this.write); + return this; + } + if(encoding === 'base64') { + this.accommodate(Math.ceil(bytes.length / 4) * 3); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.base64.decode(bytes, view, this.write); + return this; + } + + // encode text as UTF-8 bytes + if(encoding === 'utf8') { + // encode as UTF-8 then decode string as raw binary + bytes = util.encodeUtf8(bytes); + encoding = 'binary'; + } + + // decode string as raw binary + if(encoding === 'binary' || encoding === 'raw') { + // one byte per character + this.accommodate(bytes.length); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.raw.decode(view); + return this; + } + + // encode text as UTF-16 bytes + if(encoding === 'utf16') { + // two bytes per character + this.accommodate(bytes.length * 2); + view = new Uint16Array(this.data.buffer, this.write); + this.write += util.text.utf16.encode(view); + return this; + } + + throw new Error('Invalid encoding: ' + encoding); + } + + throw Error('Invalid parameter: ' + bytes); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBuffer = function(buffer) { + this.putBytes(buffer); + buffer.clear(); + return this; +}; + +/** + * Puts a string into this buffer. + * + * @param str the string to put. + * @param [encoding] the encoding for the string (default: 'utf16'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putString = function(str) { + return this.putBytes(str, 'utf16'); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16 = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24 = function(i) { + this.accommodate(3); + this.data.setInt16(this.write, i >> 8 & 0xFFFF); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32 = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i); + this.write += 4; + return this; +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16Le = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i, true); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24Le = function(i) { + this.accommodate(3); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.data.setInt16(this.write, i >> 8 & 0xFFFF, true); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32Le = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i, true); + this.write += 4; + return this; +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt = function(i, n) { + this.accommodate(n / 8); + do { + n -= 8; + this.data.setInt8(this.write++, (i >> n) & 0xFF); + } while(n > 0); + return this; +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putSignedInt = function(i, n) { + this.accommodate(n / 8); + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.DataBuffer.prototype.getByte = function() { + return this.data.getInt8(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16 = function() { + var rval = this.data.getInt16(this.read); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.getInt16(this.read) << 8 ^ + this.data.getInt8(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32 = function() { + var rval = this.data.getInt32(this.read); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16Le = function() { + var rval = this.data.getInt16(this.read, true); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.getInt8(this.read) ^ + this.data.getInt16(this.read + 1, true) << 8); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32Le = function() { + var rval = this.data.getInt32(this.read, true); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.getInt8(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.DataBuffer.prototype.getBytes = function(count) { + // TODO: deprecate this method, it is poorly named and + // this.toString('binary') replaces it + // add a toTypedArray()/toArrayBuffer() function + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.DataBuffer.prototype.bytes = function(count) { + // TODO: deprecate this method, it is poorly named, add "getString()" + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.DataBuffer.prototype.at = function(i) { + return this.data.getUint8(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.setAt = function(i, b) { + this.data.setUint8(i, b); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.DataBuffer.prototype.last = function() { + return this.data.getUint8(this.write - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.DataBuffer.prototype.copy = function() { + return new util.DataBuffer(this); +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.compact = function() { + if(this.read > 0) { + var src = new Uint8Array(this.data.buffer, this.read); + var dst = new Uint8Array(src.byteLength); + dst.set(src); + this.data = new DataView(dst); + this.write -= this.read; + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.clear = function() { + this.data = new DataView(new ArrayBuffer(0)); + this.read = this.write = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.DataBuffer.prototype.truncate = function(count) { + this.write = Math.max(0, this.length() - count); + this.read = Math.min(this.read, this.write); + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.DataBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.byteLength; ++i) { + var b = this.data.getUint8(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a string, using the given encoding. If no + * encoding is given, 'utf8' (UTF-8) is used. + * + * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex', + * 'base64' (default: 'utf8'). + * + * @return a string representation of the bytes in this buffer. + */ +util.DataBuffer.prototype.toString = function(encoding) { + var view = new Uint8Array(this.data, this.read, this.length()); + encoding = encoding || 'utf8'; + + // encode to string + if(encoding === 'binary' || encoding === 'raw') { + return util.binary.raw.encode(view); + } + if(encoding === 'hex') { + return util.binary.hex.encode(view); + } + if(encoding === 'base64') { + return util.binary.base64.encode(view); + } + + // decode to text + if(encoding === 'utf8') { + return util.text.utf8.decode(view); + } + if(encoding === 'utf16') { + return util.text.utf16.decode(view); + } + + throw new Error('Invalid encoding: ' + encoding); +}; + +/** End Buffer w/UInt8Array backing */ + + +/** + * Creates a buffer that stores bytes. A value may be given to put into the + * buffer that is either a string of bytes or a UTF-16 string that will + * be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding). + * + * @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode + * as UTF-8. + * @param [encoding] (default: 'raw', other: 'utf8'). + */ +util.createBuffer = function(input, encoding) { + // TODO: deprecate, use new ByteBuffer() instead + encoding = encoding || 'raw'; + if(input !== undefined && encoding === 'utf8') { + input = util.encodeUtf8(input); + } + return new util.ByteBuffer(input); +}; + +/** + * Fills a string with a particular value. If you want the string to be a byte + * string, pass in String.fromCharCode(theByte). + * + * @param c the character to fill the string with, use String.fromCharCode + * to fill the string with a byte value. + * @param n the number of characters of value c to fill with. + * + * @return the filled string. + */ +util.fillString = function(c, n) { + var s = ''; + while(n > 0) { + if(n & 1) { + s += c; + } + n >>>= 1; + if(n > 0) { + c += c; + } + } + return s; +}; + +/** + * Performs a per byte XOR between two byte strings and returns the result as a + * string of bytes. + * + * @param s1 first string of bytes. + * @param s2 second string of bytes. + * @param n the number of bytes to XOR. + * + * @return the XOR'd result. + */ +util.xorBytes = function(s1, s2, n) { + var s3 = ''; + var b = ''; + var t = ''; + var i = 0; + var c = 0; + for(; n > 0; --n, ++i) { + b = s1.charCodeAt(i) ^ s2.charCodeAt(i); + if(c >= 10) { + s3 += t; + t = ''; + c = 0; + } + t += String.fromCharCode(b); + ++c; + } + s3 += t; + return s3; +}; + +/** + * Converts a hex string into a 'binary' encoded string of bytes. + * + * @param hex the hexadecimal string to convert. + * + * @return the binary-encoded string of bytes. + */ +util.hexToBytes = function(hex) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead." + var rval = ''; + var i = 0; + if(hex.length & 1 == 1) { + // odd number of characters, convert first character alone + i = 1; + rval += String.fromCharCode(parseInt(hex[0], 16)); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + } + return rval; +}; + +/** + * Converts a 'binary' encoded string of bytes to hex. + * + * @param bytes the byte string to convert. + * + * @return the string of hexadecimal characters. + */ +util.bytesToHex = function(bytes) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead." + return util.createBuffer(bytes).toHex(); +}; + +/** + * Converts an 32-bit integer to 4-big-endian byte string. + * + * @param i the integer. + * + * @return the byte string. + */ +util.int32ToBytes = function(i) { + return ( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +// base64 characters, reverse mapping +var _base64 = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; +var _base64Idx = [ +/*43 -43 = 0*/ +/*'+', 1, 2, 3,'/' */ + 62, -1, -1, -1, 63, + +/*'0','1','2','3','4','5','6','7','8','9' */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, + +/*15, 16, 17,'=', 19, 20, 21 */ + -1, -1, -1, 64, -1, -1, -1, + +/*65 - 43 = 22*/ +/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + +/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ + 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, + +/*91 - 43 = 48 */ +/*48, 49, 50, 51, 52, 53 */ + -1, -1, -1, -1, -1, -1, + +/*97 - 43 = 54*/ +/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ + 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + +/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 +]; + +/** + * Base64 encodes a 'binary' encoded string of bytes. + * + * @param input the binary encoded string of bytes to base64-encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output. + */ +util.encode64 = function(input, maxline) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead." + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Base64 decodes a string into a 'binary' encoded string of bytes. + * + * @param input the base64-encoded input. + * + * @return the binary encoded string. + */ +util.decode64 = function(input) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead." + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + var output = ''; + var enc1, enc2, enc3, enc4; + var i = 0; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); + if(enc3 !== 64) { + // decoded at least 2 bytes + output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); + if(enc4 !== 64) { + // decoded 3 bytes + output += String.fromCharCode(((enc3 & 3) << 6) | enc4); + } + } + } + + return output; +}; + +/** + * UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript + * string). Non-ASCII characters will be encoded as multiple bytes according + * to UTF-8. + * + * @param str the string to encode. + * + * @return the UTF-8 encoded string. + */ +util.encodeUtf8 = function(str) { + return unescape(encodeURIComponent(str)); +}; + +/** + * Decodes a UTF-8 encoded string into a UTF-16 string. + * + * @param str the string to decode. + * + * @return the UTF-16 encoded string (standard JavaScript string). + */ +util.decodeUtf8 = function(str) { + return decodeURIComponent(escape(str)); +}; + +// binary encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.binary = { + raw: {}, + hex: {}, + base64: {} +}; + +/** + * Encodes a Uint8Array as a binary-encoded string. This encoding uses + * a value between 0 and 255 for each character. + * + * @param bytes the Uint8Array to encode. + * + * @return the binary-encoded string. + */ +util.binary.raw.encode = function(bytes) { + return String.fromCharCode.apply(null, bytes); +}; + +/** + * Decodes a binary-encoded string to a Uint8Array. This encoding uses + * a value between 0 and 255 for each character. + * + * @param str the binary-encoded string to decode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.raw.decode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or + * ByteBuffer as a string of hexadecimal characters. + * + * @param bytes the bytes to convert. + * + * @return the string of hexadecimal characters. + */ +util.binary.hex.encode = util.bytesToHex; + +/** + * Decodes a hex-encoded string to a Uint8Array. + * + * @param hex the hexadecimal string to convert. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.hex.decode = function(hex, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(hex.length / 2)); + } + offset = offset || 0; + var i = 0, j = offset; + if(hex.length & 1) { + // odd number of characters, convert first character alone + i = 1; + out[j++] = parseInt(hex[0], 16); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + out[j++] = parseInt(hex.substr(i, 2), 16); + } + return output ? (j - offset) : out; +}; + +/** + * Base64-encodes a Uint8Array. + * + * @param input the Uint8Array to encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output string. + */ +util.binary.base64.encode = function(input, maxline) { + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.byteLength) { + chr1 = input[i++]; + chr2 = input[i++]; + chr3 = input[i++]; + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Decodes a base64-encoded string to a Uint8Array. + * + * @param input the base64-encoded input string. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.base64.decode = function(input, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(input.length / 4) * 3); + } + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + offset = offset || 0; + var enc1, enc2, enc3, enc4; + var i = 0, j = offset; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + out[j++] = (enc1 << 2) | (enc2 >> 4); + if(enc3 !== 64) { + // decoded at least 2 bytes + out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2); + if(enc4 !== 64) { + // decoded 3 bytes + out[j++] = ((enc3 & 3) << 6) | enc4; + } + } + } + + // make sure result is the exact decoded length + return output ? + (j - offset) : + out.subarray(0, j); +}; + +// text encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.text = { + utf8: {}, + utf16: {} +}; + +/** + * Encodes the given string as UTF-8 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf8.encode = function(str, output, offset) { + str = util.encodeUtf8(str); + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-8 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf8.decode = function(bytes) { + return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); +}; + +/** + * Encodes the given string as UTF-16 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf16.encode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + var view = new Uint16Array(out); + offset = offset || 0; + var j = offset; + var k = offset; + for(var i = 0; i < str.length; ++i) { + view[k++] = str.charCodeAt(i); + j += 2; + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-16 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf16.decode = function(bytes) { + return String.fromCharCode.apply(null, new Uint16Array(bytes)); +}; + +/** + * Deflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true to return only raw deflate data, false to include zlib + * header and trailer. + * + * @return the deflated data as a string. + */ +util.deflate = function(api, bytes, raw) { + bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); + + // strip zlib header and trailer if necessary + if(raw) { + // zlib header is 2 bytes (CMF,FLG) where FLG indicates that + // there is a 4-byte DICT (alder-32) block before the data if + // its 5th bit is set + var start = 2; + var flg = bytes.charCodeAt(1); + if(flg & 0x20) { + start = 6; + } + // zlib trailer is 4 bytes of adler-32 + bytes = bytes.substring(start, bytes.length - 4); + } + + return bytes; +}; + +/** + * Inflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true if the incoming data has no zlib header or trailer and is + * raw DEFLATE data. + * + * @return the inflated data as a string, null on error. + */ +util.inflate = function(api, bytes, raw) { + // TODO: add zlib header and trailer if necessary/possible + var rval = api.inflate(util.encode64(bytes)).rval; + return (rval === null) ? null : util.decode64(rval); +}; + +/** + * Sets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param obj the storage object, null to remove. + */ +var _setStorageObject = function(api, id, obj) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + var rval; + if(obj === null) { + rval = api.removeItem(id); + } else { + // json-encode and base64-encode object + obj = util.encode64(JSON.stringify(obj)); + rval = api.setItem(id, obj); + } + + // handle potential flash error + if(typeof(rval) !== 'undefined' && rval.rval !== true) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } +}; + +/** + * Gets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * + * @return the storage object entry or null if none exists. + */ +var _getStorageObject = function(api, id) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + // get the existing entry + var rval = api.getItem(id); + + /* Note: We check api.init because we can't do (api == localStorage) + on IE because of "Class doesn't support Automation" exception. Only + the flash api has an init method so this works too, but we need a + better solution in the future. */ + + // flash returns item wrapped in an object, handle special case + if(api.init) { + if(rval.rval === null) { + if(rval.error) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } + // no error, but also no item + rval = null; + } else { + rval = rval.rval; + } + } + + // handle decoding + if(rval !== null) { + // base64-decode and json-decode data + rval = JSON.parse(util.decode64(rval)); + } + + return rval; +}; + +/** + * Stores an item in local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + */ +var _setItem = function(api, id, key, data) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj === null) { + // create a new storage object + obj = {}; + } + // update key + obj[key] = data; + + // set storage object + _setStorageObject(api, id, obj); +}; + +/** + * Gets an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * + * @return the item. + */ +var _getItem = function(api, id, key) { + // get storage object + var rval = _getStorageObject(api, id); + if(rval !== null) { + // return data at key + rval = (key in rval) ? rval[key] : null; + } + + return rval; +}; + +/** + * Removes an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + */ +var _removeItem = function(api, id, key) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj !== null && key in obj) { + // remove key + delete obj[key]; + + // see if entry has no keys remaining + var empty = true; + for(var prop in obj) { + empty = false; + break; + } + if(empty) { + // remove entry entirely if no keys are left + obj = null; + } + + // set storage object + _setStorageObject(api, id, obj); + } +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * @param api the storage interface. + * @param id the storage ID to use. + */ +var _clearItems = function(api, id) { + _setStorageObject(api, id, null); +}; + +/** + * Calls a storage function. + * + * @param func the function to call. + * @param args the arguments for the function. + * @param location the location argument. + * + * @return the return value from the function. + */ +var _callStorageFunction = function(func, args, location) { + var rval = null; + + // default storage types + if(typeof(location) === 'undefined') { + location = ['web', 'flash']; + } + + // apply storage types in order of preference + var type; + var done = false; + var exception = null; + for(var idx in location) { + type = location[idx]; + try { + if(type === 'flash' || type === 'both') { + if(args[0] === null) { + throw new Error('Flash local storage not available.'); + } + rval = func.apply(this, args); + done = (type === 'flash'); + } + if(type === 'web' || type === 'both') { + args[0] = localStorage; + rval = func.apply(this, args); + done = true; + } + } catch(ex) { + exception = ex; + } + if(done) { + break; + } + } + + if(!done) { + throw exception; + } + + return rval; +}; + +/** + * Stores an item on local disk. + * + * The available types of local storage include 'flash', 'web', and 'both'. + * + * The type 'flash' refers to flash local storage (SharedObject). In order + * to use flash local storage, the 'api' parameter must be valid. The type + * 'web' refers to WebStorage, if supported by the browser. The type 'both' + * refers to storing using both 'flash' and 'web', not just one or the + * other. + * + * The location array should list the storage types to use in order of + * preference: + * + * ['flash']: flash only storage + * ['web']: web only storage + * ['both']: try to store in both + * ['flash','web']: store in flash first, but if not available, 'web' + * ['web','flash']: store in web first, but if not available, 'flash' + * + * The location array defaults to: ['web', 'flash'] + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + * @param location an array with the preferred types of storage to use. + */ +util.setItem = function(api, id, key, data, location) { + _callStorageFunction(_setItem, arguments, location); +}; + +/** + * Gets an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + * + * @return the item. + */ +util.getItem = function(api, id, key, location) { + return _callStorageFunction(_getItem, arguments, location); +}; + +/** + * Removes an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + */ +util.removeItem = function(api, id, key, location) { + _callStorageFunction(_removeItem, arguments, location); +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface if flash is available. + * @param id the storage ID to use. + * @param location an array with the preferred types of storage to use. + */ +util.clearItems = function(api, id, location) { + _callStorageFunction(_clearItems, arguments, location); +}; + +/** + * Parses the scheme, host, and port from an http(s) url. + * + * @param str the url string. + * + * @return the parsed url object or null if the url is invalid. + */ +util.parseUrl = function(str) { + // FIXME: this regex looks a bit broken + var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g; + regex.lastIndex = 0; + var m = regex.exec(str); + var url = (m === null) ? null : { + full: str, + scheme: m[1], + host: m[2], + port: m[3], + path: m[4] + }; + if(url) { + url.fullHost = url.host; + if(url.port) { + if(url.port !== 80 && url.scheme === 'http') { + url.fullHost += ':' + url.port; + } else if(url.port !== 443 && url.scheme === 'https') { + url.fullHost += ':' + url.port; + } + } else if(url.scheme === 'http') { + url.port = 80; + } else if(url.scheme === 'https') { + url.port = 443; + } + url.full = url.scheme + '://' + url.fullHost; + } + return url; +}; + +/* Storage for query variables */ +var _queryVariables = null; + +/** + * Returns the window location query variables. Query is parsed on the first + * call and the same object is returned on subsequent calls. The mapping + * is from keys to an array of values. Parameters without values will have + * an object key set but no value added to the value array. Values are + * unescaped. + * + * ...?k1=v1&k2=v2: + * { + * "k1": ["v1"], + * "k2": ["v2"] + * } + * + * ...?k1=v1&k1=v2: + * { + * "k1": ["v1", "v2"] + * } + * + * ...?k1=v1&k2: + * { + * "k1": ["v1"], + * "k2": [] + * } + * + * ...?k1=v1&k1: + * { + * "k1": ["v1"] + * } + * + * ...?k1&k1: + * { + * "k1": [] + * } + * + * @param query the query string to parse (optional, default to cached + * results from parsing window location search query). + * + * @return object mapping keys to variables. + */ +util.getQueryVariables = function(query) { + var parse = function(q) { + var rval = {}; + var kvpairs = q.split('&'); + for(var i = 0; i < kvpairs.length; i++) { + var pos = kvpairs[i].indexOf('='); + var key; + var val; + if(pos > 0) { + key = kvpairs[i].substring(0, pos); + val = kvpairs[i].substring(pos + 1); + } else { + key = kvpairs[i]; + val = null; + } + if(!(key in rval)) { + rval[key] = []; + } + // disallow overriding object prototype keys + if(!(key in Object.prototype) && val !== null) { + rval[key].push(unescape(val)); + } + } + return rval; + }; + + var rval; + if(typeof(query) === 'undefined') { + // set cached variables if needed + if(_queryVariables === null) { + if(typeof(window) !== 'undefined' && window.location && window.location.search) { + // parse window search query + _queryVariables = parse(window.location.search.substring(1)); + } else { + // no query variables available + _queryVariables = {}; + } + } + rval = _queryVariables; + } else { + // parse given query + rval = parse(query); + } + return rval; +}; + +/** + * Parses a fragment into a path and query. This method will take a URI + * fragment and break it up as if it were the main URI. For example: + * /bar/baz?a=1&b=2 + * results in: + * { + * path: ["bar", "baz"], + * query: {"k1": ["v1"], "k2": ["v2"]} + * } + * + * @return object with a path array and query object. + */ +util.parseFragment = function(fragment) { + // default to whole fragment + var fp = fragment; + var fq = ''; + // split into path and query if possible at the first '?' + var pos = fragment.indexOf('?'); + if(pos > 0) { + fp = fragment.substring(0, pos); + fq = fragment.substring(pos + 1); + } + // split path based on '/' and ignore first element if empty + var path = fp.split('/'); + if(path.length > 0 && path[0] === '') { + path.shift(); + } + // convert query into object + var query = (fq === '') ? {} : util.getQueryVariables(fq); + + return { + pathString: fp, + queryString: fq, + path: path, + query: query + }; +}; + +/** + * Makes a request out of a URI-like request string. This is intended to + * be used where a fragment id (after a URI '#') is parsed as a URI with + * path and query parts. The string should have a path beginning and + * delimited by '/' and optional query parameters following a '?'. The + * query should be a standard URL set of key value pairs delimited by + * '&'. For backwards compatibility the initial '/' on the path is not + * required. The request object has the following API, (fully described + * in the method code): + * { + * path: . + * query: , + * getPath(i): get part or all of the split path array, + * getQuery(k, i): get part or all of a query key array, + * getQueryLast(k, _default): get last element of a query key array. + * } + * + * @return object with request parameters. + */ +util.makeRequest = function(reqString) { + var frag = util.parseFragment(reqString); + var req = { + // full path string + path: frag.pathString, + // full query string + query: frag.queryString, + /** + * Get path or element in path. + * + * @param i optional path index. + * + * @return path or part of path if i provided. + */ + getPath: function(i) { + return (typeof(i) === 'undefined') ? frag.path : frag.path[i]; + }, + /** + * Get query, values for a key, or value for a key index. + * + * @param k optional query key. + * @param i optional query key index. + * + * @return query, values for a key, or value for a key index. + */ + getQuery: function(k, i) { + var rval; + if(typeof(k) === 'undefined') { + rval = frag.query; + } else { + rval = frag.query[k]; + if(rval && typeof(i) !== 'undefined') { + rval = rval[i]; + } + } + return rval; + }, + getQueryLast: function(k, _default) { + var rval; + var vals = req.getQuery(k); + if(vals) { + rval = vals[vals.length - 1]; + } else { + rval = _default; + } + return rval; + } + }; + return req; +}; + +/** + * Makes a URI out of a path, an object with query parameters, and a + * fragment. Uses jquery internally for query string creation. + * If the path is an array, it will be joined with '/'. + * + * @param path string path or array of strings. + * @param query object with query parameters. (optional) + * @param fragment fragment string. (optional) + * + * @return string object with request parameters. + */ +util.makeLink = function(path, query, fragment) { + // join path parts if needed + path = jQuery.isArray(path) ? path.join('/') : path; + + var qstr = jQuery.param(query || {}); + fragment = fragment || ''; + return path + + ((qstr.length > 0) ? ('?' + qstr) : '') + + ((fragment.length > 0) ? ('#' + fragment) : ''); +}; + +/** + * Follows a path of keys deep into an object hierarchy and set a value. + * If a key does not exist or it's value is not an object, create an + * object in it's place. This can be destructive to a object tree if + * leaf nodes are given as non-final path keys. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param value the value to set. + */ +util.setPath = function(object, keys, value) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + object[next] = value; + } else { + // more + var hasNext = (next in object); + if(!hasNext || + (hasNext && typeof(object[next]) !== 'object') || + (hasNext && object[next] === null)) { + object[next] = {}; + } + object = object[next]; + } + } + } +}; + +/** + * Follows a path of keys deep into an object hierarchy and return a value. + * If a key does not exist, create an object in it's place. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param _default value to return if path not found. + * + * @return the value at the path if found, else default if given, else + * undefined. + */ +util.getPath = function(object, keys, _default) { + var i = 0; + var len = keys.length; + var hasNext = true; + while(hasNext && i < len && + typeof(object) === 'object' && object !== null) { + var next = keys[i++]; + hasNext = next in object; + if(hasNext) { + object = object[next]; + } + } + return (hasNext ? object : _default); +}; + +/** + * Follow a path of keys deep into an object hierarchy and delete the + * last one. If a key does not exist, do nothing. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + */ +util.deletePath = function(object, keys) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + delete object[next]; + } else { + // more + if(!(next in object) || + (typeof(object[next]) !== 'object') || + (object[next] === null)) { + break; + } + object = object[next]; + } + } + } +}; + +/** + * Check if an object is empty. + * + * Taken from: + * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937 + * + * @param object the object to check. + */ +util.isEmpty = function(obj) { + for(var prop in obj) { + if(obj.hasOwnProperty(prop)) { + return false; + } + } + return true; +}; + +/** + * Format with simple printf-style interpolation. + * + * %%: literal '%' + * %s,%o: convert next argument into a string. + * + * @param format the string to format. + * @param ... arguments to interpolate into the format string. + */ +util.format = function(format) { + var re = /%./g; + // current match + var match; + // current part + var part; + // current arg index + var argi = 0; + // collected parts to recombine later + var parts = []; + // last index found + var last = 0; + // loop while matches remain + while((match = re.exec(format))) { + part = format.substring(last, re.lastIndex - 2); + // don't add empty strings (ie, parts between %s%s) + if(part.length > 0) { + parts.push(part); + } + last = re.lastIndex; + // switch on % code + var code = match[0][1]; + switch(code) { + case 's': + case 'o': + // check if enough arguments were given + if(argi < arguments.length) { + parts.push(arguments[argi++ + 1]); + } else { + parts.push(''); + } + break; + // FIXME: do proper formating for numbers, etc + //case 'f': + //case 'd': + case '%': + parts.push('%'); + break; + default: + parts.push('<%' + code + '?>'); + } + } + // add trailing part of format string + parts.push(format.substring(last)); + return parts.join(''); +}; + +/** + * Formats a number. + * + * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/ + */ +util.formatNumber = function(number, decimals, dec_point, thousands_sep) { + // http://kevin.vanzonneveld.net + // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // + bugfix by: Michael White (http://crestidg.com) + // + bugfix by: Benjamin Lupton + // + bugfix by: Allan Jensen (http://www.winternet.no) + // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // * example 1: number_format(1234.5678, 2, '.', ''); + // * returns 1: 1234.57 + + var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; + var d = dec_point === undefined ? ',' : dec_point; + var t = thousands_sep === undefined ? + '.' : thousands_sep, s = n < 0 ? '-' : ''; + var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + ''; + var j = (i.length > 3) ? i.length % 3 : 0; + return s + (j ? i.substr(0, j) + t : '') + + i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) + + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ''); +}; + +/** + * Formats a byte size. + * + * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/ + */ +util.formatSize = function(size) { + if(size >= 1073741824) { + size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB'; + } else if(size >= 1048576) { + size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB'; + } else if(size >= 1024) { + size = util.formatNumber(size / 1024, 0) + ' KiB'; + } else { + size = util.formatNumber(size, 0) + ' bytes'; + } + return size; +}; + +/** + * Converts an IPv4 or IPv6 string representation into bytes (in network order). + * + * @param ip the IPv4 or IPv6 address to convert. + * + * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't + * be parsed. + */ +util.bytesFromIP = function(ip) { + if(ip.indexOf('.') !== -1) { + return util.bytesFromIPv4(ip); + } + if(ip.indexOf(':') !== -1) { + return util.bytesFromIPv6(ip); + } + return null; +}; + +/** + * Converts an IPv4 string representation into bytes (in network order). + * + * @param ip the IPv4 address to convert. + * + * @return the 4-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv4 = function(ip) { + ip = ip.split('.'); + if(ip.length !== 4) { + return null; + } + var b = util.createBuffer(); + for(var i = 0; i < ip.length; ++i) { + var num = parseInt(ip[i], 10); + if(isNaN(num)) { + return null; + } + b.putByte(num); + } + return b.getBytes(); +}; + +/** + * Converts an IPv6 string representation into bytes (in network order). + * + * @param ip the IPv6 address to convert. + * + * @return the 16-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv6 = function(ip) { + var blanks = 0; + ip = ip.split(':').filter(function(e) { + if(e.length === 0) ++blanks; + return true; + }); + var zeros = (8 - ip.length + blanks) * 2; + var b = util.createBuffer(); + for(var i = 0; i < 8; ++i) { + if(!ip[i] || ip[i].length === 0) { + b.fillWithByte(0, zeros); + zeros = 0; + continue; + } + var bytes = util.hexToBytes(ip[i]); + if(bytes.length < 2) { + b.putByte(0); + } + b.putBytes(bytes); + } + return b.getBytes(); +}; + +/** + * Converts 4-bytes into an IPv4 string representation or 16-bytes into + * an IPv6 string representation. The bytes must be in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 or IPv6 string representation if 4 or 16 bytes, + * respectively, are given, otherwise null. + */ +util.bytesToIP = function(bytes) { + if(bytes.length === 4) { + return util.bytesToIPv4(bytes); + } + if(bytes.length === 16) { + return util.bytesToIPv6(bytes); + } + return null; +}; + +/** + * Converts 4-bytes into an IPv4 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv4 = function(bytes) { + if(bytes.length !== 4) { + return null; + } + var ip = []; + for(var i = 0; i < bytes.length; ++i) { + ip.push(bytes.charCodeAt(i)); + } + return ip.join('.'); +}; + +/** + * Converts 16-bytes into an IPv16 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv16 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv6 = function(bytes) { + if(bytes.length !== 16) { + return null; + } + var ip = []; + var zeroGroups = []; + var zeroMaxGroup = 0; + for(var i = 0; i < bytes.length; i += 2) { + var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); + // canonicalize zero representation + while(hex[0] === '0' && hex !== '0') { + hex = hex.substr(1); + } + if(hex === '0') { + var last = zeroGroups[zeroGroups.length - 1]; + var idx = ip.length; + if(!last || idx !== last.end + 1) { + zeroGroups.push({start: idx, end: idx}); + } else { + last.end = idx; + if((last.end - last.start) > + (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) { + zeroMaxGroup = zeroGroups.length - 1; + } + } + } + ip.push(hex); + } + if(zeroGroups.length > 0) { + var group = zeroGroups[zeroMaxGroup]; + // only shorten group of length > 0 + if(group.end - group.start > 0) { + ip.splice(group.start, group.end - group.start + 1, ''); + if(group.start === 0) { + ip.unshift(''); + } + if(group.end === 7) { + ip.push(''); + } + } + } + return ip.join(':'); +}; + +/** + * Estimates the number of processes that can be run concurrently. If + * creating Web Workers, keep in mind that the main JavaScript process needs + * its own core. + * + * @param options the options to use: + * update true to force an update (not use the cached value). + * @param callback(err, max) called once the operation completes. + */ +util.estimateCores = function(options, callback) { + if(typeof options === 'function') { + callback = options; + options = {}; + } + options = options || {}; + if('cores' in util && !options.update) { + return callback(null, util.cores); + } + if(typeof navigator !== 'undefined' && + 'hardwareConcurrency' in navigator && + navigator.hardwareConcurrency > 0) { + util.cores = navigator.hardwareConcurrency; + return callback(null, util.cores); + } + if(typeof Worker === 'undefined') { + // workers not available + util.cores = 1; + return callback(null, util.cores); + } + if(typeof Blob === 'undefined') { + // can't estimate, default to 2 + util.cores = 2; + return callback(null, util.cores); + } + + // create worker concurrency estimation code as blob + var blobUrl = URL.createObjectURL(new Blob(['(', + function() { + self.addEventListener('message', function(e) { + // run worker for 4 ms + var st = Date.now(); + var et = st + 4; + while(Date.now() < et); + self.postMessage({st: st, et: et}); + }); + }.toString(), + ')()'], {type: 'application/javascript'})); + + // take 5 samples using 16 workers + sample([], 5, 16); + + function sample(max, samples, numWorkers) { + if(samples === 0) { + // get overlap average + var avg = Math.floor(max.reduce(function(avg, x) { + return avg + x; + }, 0) / max.length); + util.cores = Math.max(1, avg); + URL.revokeObjectURL(blobUrl); + return callback(null, util.cores); + } + map(numWorkers, function(err, results) { + max.push(reduce(numWorkers, results)); + sample(max, samples - 1, numWorkers); + }); + } + + function map(numWorkers, callback) { + var workers = []; + var results = []; + for(var i = 0; i < numWorkers; ++i) { + var worker = new Worker(blobUrl); + worker.addEventListener('message', function(e) { + results.push(e.data); + if(results.length === numWorkers) { + for(var i = 0; i < numWorkers; ++i) { + workers[i].terminate(); + } + callback(null, results); + } + }); + workers.push(worker); + } + for(var i = 0; i < numWorkers; ++i) { + workers[i].postMessage(i); + } + } + + function reduce(numWorkers, results) { + // find overlapping time windows + var overlaps = []; + for(var n = 0; n < numWorkers; ++n) { + var r1 = results[n]; + var overlap = overlaps[n] = []; + for(var i = 0; i < numWorkers; ++i) { + if(n === i) { + continue; + } + var r2 = results[i]; + if((r1.st > r2.st && r1.st < r2.et) || + (r2.st > r1.st && r2.st < r1.et)) { + overlap.push(i); + } + } + } + // get maximum overlaps ... don't include overlapping worker itself + // as the main JS process was also being scheduled during the work and + // would have to be subtracted from the estimate anyway + return overlaps.reduce(function(max, overlap) { + return Math.max(max, overlap.length); + }, 0); + } +}; + +} // end module implementation + +/* ########## Begin module wrapper ########## */ +var name = 'util'; +if(typeof define !== 'function') { + // NodeJS -> AMD + if(typeof module === 'object' && module.exports) { + var nodeJS = true; + define = function(ids, factory) { + factory(require, module); + }; + } else { + // + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm new file mode 100644 index 0000000..160a871 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm @@ -0,0 +1,10 @@ + + + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/form.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/form.vm new file mode 100644 index 0000000..cc4fa1a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/form.vm @@ -0,0 +1,127 @@ +## if only form, then we include javascript here (start of body) +#if ($isFormRequest) + #parse("${templatePath}/js_start.vm") +#end + +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + +#if ($useFormEncryption) + +#end + +
+ +
+ +

$gui.label

+ + #set ($tabindex = 0) + #set ($policyFailureOpen = false) + #set ($policyInfoOpen = false) + + #foreach ($guiElem in $gui.getGuiElems()) + #set ($tabindex = $tabindex+1) + #if ($guiElem.name.startsWith("policyInfo") && $guiElem.label && $guiElem.label.length() > 0) + #if (!$policyInfoOpen) +
+
+ #set ($policyInfoOpen = true) + #end + $guiElem.label + #elseif ($guiElem.name.startsWith("policyFailure") && $guiElem.label && $guiElem.label.length() > 0) + #if (!$policyFailureOpen) +
+
+ #set ($policyFailureOpen = true) + #end + $guiElem.label + #else + #if (!$guiElem.name.startsWith("policyInfo") && $policyInfoOpen) ## close +
+
+ #set ($policyInfoOpen = false) + #end + #if (!$guiElem.name.startsWith("policyFailure") && $policyFailureOpen) ## close +
+
+ #set ($policyFailureOpen = false) + #end + #renderFormField($guiElem, $gui, $tabindex) + #end + #end + + ## this block applies when Channel is set to Push / Link + #if ($gui.name == "mauth_link_qr" || $gui.name == "mauth_onboard") + +
+ +

+

$text.get("mobile_auth.scan")

+ + + +
+ #end + + ## this block applies when Channel is set to Push / QR-code (in-app) + #if ($gui.name == "mauth_push_qr") + + + + + #end + + ## this block applies for usernameless mobile authentication + #if ($gui.name == "mauth_usernameless") + + #end + + #if ($useFormEncryption) + + + + #end + + #renderFormControls($gui) + #renderFormLinks($gui) +
+ + + + + ## if only form, then we include javascript here (end of body) + #if ($isFormRequest) + #parse("${templatePath}/js_end.vm") + #end +
\ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/generic_auth_error.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/generic_auth_error.vm new file mode 100644 index 0000000..e84bac6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/generic_auth_error.vm @@ -0,0 +1,38 @@ +## used for default nevisAuth GUIs, which are only renderred in case of +## system errors, etc. + + +
+
+
+ +
+

$text.get("generic.auth.error.title")

+

$text.get("generic.auth.error.subtitle")

+
+ +
+ +

+ $text.get("generic.auth.error.message") +

+
+ +

+ $text.get("generic.auth.error.next.steps") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + + +
+
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/header.vm new file mode 100644 index 0000000..bf2a53f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/header.vm @@ -0,0 +1,84 @@ + + ## svh -> Small View Height. It's not taking the height of the search bar on mobile into account + + + AGOV + + + + + + + + +
+ +
+ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/html.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/html.vm new file mode 100644 index 0000000..2f02835 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/html.vm @@ -0,0 +1,32 @@ + + + + + $text.get('title') + + + + + + + + + + + #parse("${templatePath}/js_start.vm") + + + + #parse("${templatePath}/lang.vm") + + #parse("${templatePath}/header.vm") + +
+ #parse("${templatePath}/form.vm") +
+ + #parse("${templatePath}/footer.vm") + + #parse("${templatePath}/js_end.vm") + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_end.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_end.vm new file mode 100644 index 0000000..f34431f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_end.vm @@ -0,0 +1,76 @@ + + + +#if ($gui.name == "oauth_consent") + +#end + +#if ($gui.name == "authcloud") + + +#end + +#if ($gui.name == "authcloud_onboard") + + +#end + +#if ($gui.name == "authcloud_login") + + +#end + +#if ($gui.name == "mauth_onboard") + + +#end + +#if ($gui.name == "mauth_link_qr") + + +#end + +#if ($gui.name == "mauth_push_qr") + + +#end + +#if ($gui.name == "mauth_usernameless") + + +#end + +#if ($gui.name == "fido2_auth") + + + +#end + +#if ($gui.name == "fido2_auth_std") + #set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"]) + #set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"]) + #set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"]) + #set ($userVerification = $login.requestHeaders["fido2UserVerification"]) + + + + +#end + +#if ($gui.name == "fido2_onboard") + + + +#end + +#if ($useFormEncryption) + + +#end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_start.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_start.vm new file mode 100644 index 0000000..ddc8437 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/js_start.vm @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/json.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/json.vm new file mode 100644 index 0000000..e9c3ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/json.vm @@ -0,0 +1,88 @@ +## This template is used to respond with a JSON format +## In this case, the client is supposed to parse and show the data +## The JSON data is close to the XML format of the GuiDesc + +#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +{ + "name" : "$gui.name" , + "target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if + +#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if + +#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.language) +#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.domain) + +#if ($gui.getGuiElems().size() > 0) + "elements" : [ +#set ($i = 0) +#foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #end ## if ($guiElem['validation-failed']) + + #if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + + #if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + + #if ($guiElem.format) "format" : "$guiElem.format" + #end + + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + +#end ## loop + ] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end +#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0) +#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0) + "groups" : [ + #set ($j = 0) + #foreach ($guiGroup in $gui.getGuiGroup()) + "name" : "$guiGroup.name", + "type" : "$guiGroup.type", + "label" : "$guiGroup.label", + "multiple" : "$guiGroup.multiple", + "format" : "$guiGroup.format", + "optional" : "$guiGroup.optional", + "validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end + #if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0) + "elements" : [ + #set ($i = 0) + #foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "validation-failed" : "$guiGroup.validationFailed", + "label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem.value) + "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + #if ($guiElem.length) + "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + #if ($guiElem.format) + "format" : "$guiElem.format" + #end ## if ($guiElem.format) + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + + #end ## loop + ] #if ($foreach.hasNext), #end + #set ($j = $j + 1) + #if ($j < ($gui.getGuiGroup().size())), #end + #end ## foreach ($guiGroup in $gui.getGuiGroup()) + #end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0) + ] + #end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0) +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/lang.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/lang.vm new file mode 100644 index 0000000..0e85f80 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/lang.vm @@ -0,0 +1,32 @@ +## Nav ================================================================= + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.vm new file mode 100644 index 0000000..aa19ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/loainfo.vm @@ -0,0 +1,58 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+

+ $text.get("loainfo.title") +

+
+ $text.get("loainfo.helper") +
+

+ $text.get("loainfo.description.$gui.getGuiElem('loainfo').value") +

+

+ $text.get("loainfo.startNow") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + + + +
+
+ +
+
+ + + +
+
+ +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/macros.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/macros.vm new file mode 100644 index 0000000..f1e4f2c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/macros.vm @@ -0,0 +1,295 @@ + +#macro(renderFormField $guiElem, $gui, $tabindex) + +#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link") +## do nothing, will be rendered in renderFormControls nd renderFormLinks + + +#elseif ($guiElem.type == "info" || $guiElem.type == "error") + #if ($guiElem.label && $guiElem.label.length() > 0) + ## special fields: display some text only + #set ($class = "form-group") + #if ($guiElem.type == "error") + #set ($class = "$class has-error") + #end +
+
+ + $guiElem.label + +
+
+ #end + +#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs") + + +#elseif ($guiElem.type == "hidden") + + + +#else ## not info, error, button, submit, reset or hidden -> normal visual element + +## define CSS class of representation in form +#set ($class = "form-group") +#if ($guiElem.optional) +#set ($class = "$class optional") +#else +#set ($class = "$class required") +#end + +## highlight failed input validation, if flagged + +#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0) +#set ($class = "$class has-error") +#end + +#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0)) +#set ($class = "$class has-error") +#end + + +## the form field's container, a label, and optionally a validation-related message + +
+ ## Special handling required for radios + checkboxes + #if ($guiElem.type != "radio" && $guiElem.type != "checkbox") + + + +
+ #if ($guiElem.type == "text") + + + #elseif ($guiElem.type == "pw-text") +
+ + +
+ + #elseif ($guiElem.type == "select") + #set ($scrollSize = $guiElem.getGuiElems().size()) + #set ($scrollSize = $math.min($scrollSize,4)) + #if ($guiElem.multiple) + + #end + #foreach ($option in $guiElem.getGuiElems()) + #if ($option.selected) + + #else + + #end + #end ## foreach option + + + #elseif ($guiElem.type == "image" ) + $guiElem.label + #end + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #else + ## Special handling for checkboxes and radios +
+ + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #end +
+#end + +#end ## end macro + + + + +#macro(renderElementValidation $guiElem, $gui) +#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0)) + + + + +#end +#end ## macro + + +#macro(renderFormLinks $gui) +#set ($noLinks = true) +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "link") + #if ($noLinks) +
+ #set ($noLinks = false) + #end + ${utils.escapeHtml($guiElem.label)} + #end +#end + #if (!$noLinks) +
+ #end +#end + +#macro(renderFormControls $gui) +
+#set ($buttonClass = "btn") +#if ($isFormRequest) + #set ($buttonClass = "$buttonClass btn-default") +#else + #set ($buttonClass = "$buttonClass btn-primary") +#end +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset") + + #end +#end ## foreach +
+ +#end ## end macro \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm new file mode 100644 index 0000000..8bcb58e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm @@ -0,0 +1,375 @@ +#parse("${templatePath}/header.vm") +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + + +
+
+ + + +
+
+
+

$text.get("general.registration")

+ +

+ $text.get("mauth_usernameless.noAccount") +

+ +
+ + + +
+
+ + +
+ +
+ +
+

$text.get("general.login")

+
+ + + + + + +
+ +
+ + + + + +
+ +
+
+
+ + + + + +
+ +
+
+ + + +
+ + + +
+ +

+ $text.get("mauth_usernameless.instructions") +

+
+
+ +
+ + + +
+
+
+ + +
+
+ +
+ +
+ + + +

+ $text.get("mauth_usernameless.cannotLogin") +

+ + + +
+
+ +
+
+
+ +
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mock-defaults.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mock-defaults.js new file mode 100644 index 0000000..2f856ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mock-defaults.js @@ -0,0 +1,12 @@ +module.exports = { + text: { + get: key => key + }, + templatePath: '.', + login: { + appDataPath: '' + }, + gui: { + getGuiElem: key => ({ label: key, value: key }) + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_header.vm new file mode 100644 index 0000000..0cd08d3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_header.vm @@ -0,0 +1,81 @@ + +## svh -> Small View Height. It's not taking the height of the search bar on mobile into account + + + AGOV Operations + + + + + + + + +
+ +
+ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.vm new file mode 100644 index 0000000..c36dc39 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_idmlogin_select_profile.vm @@ -0,0 +1,89 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-idmlogin.select")

+

$text.get("op-idmlogin.select.title")

+
+ +

+ $text.get("op-idmlogin.select.intro") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $lasterror.value) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+ +
+

+ $text.get("op-idmlogin.select.note") +

+
+
+ +
+ #set ($i=1) + #foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "radio") + +
+ + +

$text.get($guiElem.label)

+
+ + #end ## if + #set ($i= $i + 1) + #end ## foreach +
+ +
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.vm new file mode 100644 index 0000000..59a16eb --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_error.vm @@ -0,0 +1,48 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.failed.title")

+
+ +

+ $text.get("op-onboarding.process.message") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $errorValue) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #set ($errorMsg = $text.get($lasterror.value.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.vm new file mode 100644 index 0000000..7077c44 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_intro.vm @@ -0,0 +1,70 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.intro.title")

+
+ +

+ $text.get("op-onboarding.intro.message1") +

+ +

+ $text.get("op-onboarding.intro.message2") +

+ +

+ $text.get("op-onboarding.intro.message3") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $errorValue) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #set ($errorMsg = $text.get($lasterror.value.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.vm new file mode 100644 index 0000000..9e1d42a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/op_onbrdng_success.vm @@ -0,0 +1,38 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.done.title")

+
+ +
+ +
+

+ $text.get("op-onboarding.done.message") +

+
+
+ + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm new file mode 100644 index 0000000..87ba230 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_accessapp_auth.vm @@ -0,0 +1,194 @@ +#parse("${templatePath}/header.vm") + + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.authenticate")

+
+ +

$text.get( + "recovery_accessapp_auth.accessAppRegistered")

+ +

+ ${text.get("recovery_accessapp_auth.instruction1").replaceAll( + "!!!ACCESS_APP_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('accessApp').value)")} +

+ +

+ ${text.get("recovery_accessapp_auth.instruction2").replaceAll( + "!!!ACCESS_APP_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('accessApp').value)")} +

+ +
+
+ + + + + +
+ +
+
+
+ + + + + +
+ +
+
+ + + +
+ + + +
+ +

+ $text.get("mauth_usernameless.instructions") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + + +
+
+
+
+ + + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm new file mode 100644 index 0000000..22610c3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm @@ -0,0 +1,138 @@ +#parse("${templatePath}/header.vm") + + + + +
+ +
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.entryCode")

+
+ + #set($error = $gui.getGuiElem("lasterror")) + #if (($error.value && $error.value != "")) +
+ +

+ $text.get("recovery_check_code.codeIncorrect") +

+
+ #end + +

+ $text.get("recovery_check_code.instruction") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + +
+
+ + + + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.vm new file mode 100644 index 0000000..0c331db --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_noCode.vm @@ -0,0 +1,50 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.contactSupport")

+
+ +
+ +

+ $text.get("recovery_check_noCode.banner.error") +

+
+ +

+ $text.get("recovery_check_noCode.instruction1") +

+ +

+ $text.get("recovery_check_noCode.instruction2") +

+ +
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.vm new file mode 100644 index 0000000..4986d26 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.vm @@ -0,0 +1,106 @@ +#parse("${templatePath}/header.vm") +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +#set ($PDFRecoveryTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','').replaceAll( + '^(https:\/\/[^\/]+\/).*$', '$1'))) +#set ($concat = "recovery/pdf?authToken=") +#set ($PDFLink = "$PDFRecoveryTarget$concat$gui.getGuiElem('pdfAuthToken').value") + + +
+ +
+
+ +
+

$text.get("general.login")

+

$text.get( + "recovery_code.newRecoveryCode")

+
+ + + +

+ $text.get("recovery_code.instruction") +

+ +
+
+
+

$gui.getGuiElem('isiwebpasswd').value

+

+ $text.get("recovery_code.validUntil") + $gui.getGuiElem('validTil').value +

+ +
+ + +
+ + + + + + + +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.vm new file mode 100644 index 0000000..c7a3b1f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.vm @@ -0,0 +1,83 @@ +#parse("${templatePath}/header.vm") + + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.authenticate")

+
+ +

$text.get( + "recovery_fidokey_auth.keyRegistered")

+ +

+ ${text.get("recovery_fidokey_auth.instruction1").replaceAll( + "!!!SECURITY_KEY_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('securityKey').value)")} +

+ +

+ ${text.get("recovery_fidokey_auth.instruction2").replaceAll( + "!!!SECURITY_KEY_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('securityKey').value)")} +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + + +
+
+ 1 +

$text.get( + "recovery_fidokey_auth.fidoInstruction")

+
+ +
+ 2 +

$text.get( + "fido2_auth.instruction2")

+
+ +
+ 3 +

$text.get( + "fido2_auth.instruction3")

+
+
+ +
+ + +
+
+ + + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.vm new file mode 100644 index 0000000..4a0dbcc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.vm @@ -0,0 +1,192 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +
+ +

+ $text.get("recovery_intro_email.banner.info") +

+
+ + #set($error = $gui.getGuiElem("lasterror")) + #if (($error.value && $error.value != "")) +
+ +

+ $text.get("recovery_intro_email.banner.error") +

+
+ #end + + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ #set ($emailInput = $gui.getGuiElem('email')) + 0) + data-value="$utils.escapeHtmlAttribute($emailInput.value)" + #else + data-value="" + #end + data-type="text" + data-autofocus="true" + data-left_icon="fa-envelope" + data-email_invalid="$text.get("user_input.invalid.email")" + data-email_too_long="$text.get("user_input.invalid.email.tooLong")" + data-email_required="$text.get("user_input.invalid.email.required")"> + + +

+ $text.get("recovery_intro_email.important") + $text.get("recovery_intro_email.process") +

+ #if ($utils.escapeHtmlAttribute($gui.getGuiElem("X-ReCAPTCHA-Integration").value) == "INVISIBLE") + #set ($isCaptchaVisible = true) + #else + #set ($isCaptchaVisible = false) + #end + + #if ($isCaptchaVisible) + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaInvisibleSiteKey")) + + + + + + #else + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaVisibleSiteKey")) + + + + + + #end + +
+ #if ($isCaptchaVisible) +
+ $text.get("recovery_intro_email.siteProtectedWithRecaptcha") +
+ #else +
+ #end + +
+ +
+
+ #if ($isCaptchaVisible) + + + #else + + + #end + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.vm new file mode 100644 index 0000000..f0e7be1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email_sent.vm @@ -0,0 +1,55 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +
+ +
+

+ $text.get("recovery_intro_email_sent.banner.success") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.vm new file mode 100644 index 0000000..317b925 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_on_going.vm @@ -0,0 +1,50 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recoveryOngoing")

+
+ +

+ $text.get("recovery_on_going.title") +

+ +

+ $text.get("recovery_on_going.instruction") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.vm new file mode 100644 index 0000000..0a2bafe --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_instructions.vm @@ -0,0 +1,80 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_instructions.explanation") +

+ +
+
+
+ + +
+

$text.get( + "recovery_questionnaire_instructions.instruction1")

+
+ +
+
+ + +
+

$text.get( + "recovery_questionnaire_instructions.instruction2")

+
+
+ +

+ $text.get("recovery_questionnaire_instructions.banner.info") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + + + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm new file mode 100644 index 0000000..f47fcfe --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm @@ -0,0 +1,75 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_loginfactor.question") +

+ + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + + + +
+
+ + + + +
+
+ +
+
+ + +
+
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.vm new file mode 100644 index 0000000..207e571 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_no_recovery.vm @@ -0,0 +1,68 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_no_recovery.explanation1") +

+ +
+
+
+ + +
+

$text.get( + "recovery_questionnaire_no_recovery.instruction1")

+
+ +
+
+ + +
+

$text.get( + "recovery_questionnaire_no_recovery.instruction2")

+
+

+ $text.get("recovery_questionnaire_no_recovery.explanation2") +

+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm new file mode 100644 index 0000000..624b554 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm @@ -0,0 +1,94 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_reason_selection.instruction") +

+ + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + #set ($previousAnswer = $gui.getGuiElem("question")) + #if ($previousAnswer.value == "yes") + #set ($answers = ["answer7", "answer8", "answer9", "answer10"]) + #elseif ($previousAnswer.value == "no") + #set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"]) + #else + #set ($answers = []) + #end + + #if ($answers.size() > 0) + #foreach ($answer in $answers) + #set ($isYes = "yes") + #set ($isNo = "no") + #set ($dataValue = "") + + #if ($answer == "answer2" || $answer == "answer3" || $answer == + "answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8") + #set ($dataValue = $isYes) + #elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10") + #set ($dataValue = $isNo) + #end + + + #end + #end + +
+
+ + + + + +
+
+ +
+
+ + +
+
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.vm new file mode 100644 index 0000000..fb38111 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_start_info.vm @@ -0,0 +1,61 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.getStarted")

+
+ +

+ $text.get("recovery_start_info.title") +

+ +

+ $text.get("recovery_start_info.instruction") +

+
+ +
+

+ $text.get("recovery_start_info.banner.warning") +

+
+
+ + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.vm new file mode 100644 index 0000000..9b4b1fc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/sandbox.vm @@ -0,0 +1,212 @@ +#parse("${templatePath}/header.vm") + +
+ +
+
+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+
+ + + + +

space-blue

+

text-indigo

+

violet

+

electric-indigo

+

lilac

+

indigo-light

+

violet

+

lavender-blush

+ +

true-blue

+

sky-blue

+

royal-blue

+

light-blue

+ +

teal

+

turquoise

+

mint

+

aquamarine

+ +

ash

+

silver

+

platinum

+

smoke

+ +

success

+

error

+

warning

+

info

+ +

H1 Title

+

H2 Title

+

H3 Title

+

H4 Title

+
H5 Title
+
H6 Title
+ +

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+
+ +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.vm new file mode 100644 index 0000000..a1a2e59 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.vm @@ -0,0 +1,165 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.login")

+

$text.get("general.securityKey")

+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ #set ($emailInput = $gui.getGuiElem('email')) + 0) + data-value="$utils.escapeHtmlAttribute($emailInput.value)" + #else + data-value="" + #end + data-type="text" + data-autofocus="true" + data-left_icon="fa-envelope" + data-email_invalid="$text.get("user_input.invalid.email")" + data-email_too_long="$text.get("user_input.invalid.email.tooLong")" + data-email_required="$text.get("user_input.invalid.email.required")"> + + + #if ($gui.getGuiElem("X-ReCAPTCHA-Integration").value == "INVISIBLE") + #set ($isCaptchaVisible = true) + #else + #set ($isCaptchaVisible = false) + #end + + #if ($isCaptchaVisible) + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaInvisibleSiteKey")) + + + + + + #else + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaVisibleSiteKey")) + + + + + + #end + +
+ #if ($isCaptchaVisible) +
+ $text.get("recovery_intro_email.siteProtectedWithRecaptcha") +
+ #else +
+ #end + +
+ +
+
+ #if ($isCaptchaVisible) + + + #else + + + #end + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/default.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/default.properties new file mode 100644 index 0000000..7dfd269 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/default.properties @@ -0,0 +1,26 @@ +# source: pattern://cb8c63274fe346280de0ffd5 +application.countries.default=CH +# source: pattern://cb8c63274fe346280de0ffd5 +cache.file.exempt= +# source: pattern://cb8c63274fe346280de0ffd5 +cache.filefolder.exempt= +# source: pattern://cb8c63274fe346280de0ffd5 +application.language.source.1=param:language +# source: pattern://cb8c63274fe346280de0ffd5 +application.language.source.2=cookie:LANG +# source: pattern://cb8c63274fe346280de0ffd5 +application.language.source.3=gui +# source: pattern://cb8c63274fe346280de0ffd5 +application.language.source.4=browser +# source: pattern://cb8c63274fe346280de0ffd5 +application.languages=en,de,fr,it +# source: pattern://cb8c63274fe346280de0ffd5 +application.languages.default=en +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.en=LANG:en +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.de=LANG:de +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.fr=LANG:fr +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.it=LANG:it diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties new file mode 100644 index 0000000..80625e6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_de.properties @@ -0,0 +1,210 @@ + +button.submit=Senden +darkModeSwitch.aria.label=Dark-Mode-Schalter +error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein. +error_1=Bitte überprüfen Sie Ihre Eingaben. +error_10=Bitte wählen Sie das richtige Benutzerkonto aus. +error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk. +error_101=Die eingegebene E-Mail-Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort. +error_5=Fehler bei der Passwortbestätigung. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortänderung erforderlich. +error_7=Änderung der Login-ID erforderlich. +error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt. +error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert. +error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten. +error_9=Übernahme der Sitzung fehlgeschlagen. +error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen. +error_98=Ihr Konto wurde gesperrt. +error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal. +error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen. +error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an. +error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an. +error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht. +error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support. +error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link. +errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft. +fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist. +fido2_auth.instruction1=Klicken Sie auf "Weiter" +fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen +fido2_auth.instruction3=Folgen Sie den Anweisungen +fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen +fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT +footer.link=https://agov.ch/?c=contact&l=de +footer.link.label=Kontakt +footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. - +general.AGOVAccessApp=AGOV access App +general.accessApp=AGOV access App +general.authenticate=Authentifizieren +general.back=Zurück +general.cancel=Abbrechen +general.confirm=Bestätigen +general.contactSupport=Support kontaktieren +general.continue=Weiter +general.edit=Ändern +general.email=E-Mail +general.email.address=E-Mailadresse +general.entryCode=Code-Eingabe +general.getStarted=Get started +general.goAGOVHelp=Weiter zur AGOV help +general.goAccessApp=Login mit AGOV access +general.help=Hilfe +general.help.link=https://agov.ch/pages/help_de.html +general.login=Login +general.loginSecurityKey=Sicherheitsschlüssel-Login starten +general.or=ODER +general.otherOptions=WEITERE OPTIONEN +general.recovery=Wiederherstellung +general.recoveryOngoing=Wiederherstellung nicht abgeschlossen +general.register=Registrieren +general.registerNow=Jetzt registrieren! +general.registration=Registrierung +general.securityKey=Sicherheitsschlüssel +general.skip.content=Direkt zum Hauptteil +generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran. +generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht. +generic.auth.error.subtitle=Etwas ist schiefgegangen +generic.auth.error.title=Fehler +info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sprache wählen +loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern. +loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen. +loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben. +loainfo.helper=Ihre persönlichen Daten müssen überprüft werden! +loainfo.later=Später +loainfo.startNow=Möchten Sie den Prozess jetzt starten? +loainfo.startVerification=Verifikation starten +loainfo.title=Verifizieren Sie Ihre Daten +mauth_usernameless.EID=Mit Schweizer E-ID fortfahren +mauth_usernameless.banner.error=Authentifizierung unterbrochen.
Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde. +mauth_usernameless.banner.info=Scan erfolgreich.
Bitte fahren Sie in der AGOV access App fort. +mauth_usernameless.banner.success=Authentifizierung erfolgreich!
Bitte warten Sie, bis Sie eingeloggt werden. +mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren? +mauth_usernameless.hideQR=QR-Code ausblenden +mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen +mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login? +mauth_usernameless.showQR=QR-Code anzeigen +mauth_usernameless.startRecovery=Kontowiederherstellung starten +mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden +mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden. +op-admin.login=AGOV-op-Admin +op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort +op-admin.login.loginid=LoginID +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV-op-Admin +op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Passwortänderung erforderlich +op-admin.pwchange.newpassword=Neues Passwort +op-admin.pwchange.newpassword2=Neues Passwort wiederholen +op-admin.pwchange.password=Aktuelles Passwort +op-admin.pwchange.title=Änderung des Passworts +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung) +op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...) +op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...) +op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb) +op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus... +op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden. +op-idmlogin.select.title=Profilauswahl +op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen. +op-onboarding.done.title=FERTIG +op-onboarding.failed.title=FEHLER +op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto. +op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet. +op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV-op-Onboarding +op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an. +prompt.client=Mandant +prompt.newpassword=Neues Passwort +prompt.newpassword.confirm=Passwort bestätigen +prompt.password=Passwort +prompt.userid=Benutzer-ID +pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen. +pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen.. +pwreset.info.linktext=Passwort vergessen +pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen. +recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert +recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren. +recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut. +recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben +recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten. +recovery_check_code.invalid.code=Code ist ungültig +recovery_check_code.invalid.code.required=Code erforderlich +recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang +recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen +recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können? +recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen. +recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben. +recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können. +recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf. +recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode +recovery_code.validUntil=Gültig bis: +recovery_fidokey_auth.button=Schlüsselauthentifizierung starten +recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten" +recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren. +recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert +recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten. +recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten. +recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an +recovery_intro_email.important=Wichtig: +recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.). +recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA geschützt, und es gelten die Datenschutzerklärung sowie die Nutzungsbedingungen von Google. +recovery_intro_email_sent.banner.button=Keine E-Mail erhalten? +recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten. +recovery_on_going.finishRecovery=Wiederherstellung abschliessen +recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen. +recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab. +recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen. +recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm. +recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen +recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos) +recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort. +recovery_questionnaire_loginfactor.no=Nein +recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert? +recovery_questionnaire_loginfactor.yes=Ja +recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein. +recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte www.agov.ch/help für Support-Artikel. +recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte www.agov.ch/me und testen Sie, ob Sie sich erfolgreich anmelden können. +recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte www.agov.ch/me, um den verlorenen Loginfaktor zu entfernen. +recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe +recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel) +recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen +recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt +recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren +recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen +recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen +recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen +recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren +recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN) +recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus. +recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: +recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist. +recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen. +recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Passwort ändern +title.pwreset=Passwort Vergesssen +user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein +user_input.invalid.email.required=Erforderliches Feld +user_input.invalid.email.tooLong=Eingabe zu lang diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_en.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties new file mode 100644 index 0000000..155329b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_fr.properties @@ -0,0 +1,210 @@ + +button.submit=Envoyer +darkModeSwitch.aria.label=Activer l'apparence sombre +error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_1=Veuillez vérifier votre saisie. +error_10=Veuillez sélectionner le compte d’utilisateur correct. +error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance. +error_101=L’adresse e-mail saisie n’est pas valable. +error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification. +error_2=Veuillez sélectionner un autre nom d’utilisateur. +error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue. +error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe. +error_5=Erreur de confirmation du mot de passe +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit être différent des précédents. +error_6=Changement de mot de passe requis. +error_7=Changement d’identifiant de connexion requis. +error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification. +error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé. +error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès. +error_9=La reprise de session a échoué. +error_97=Vous n’êtes pas autorisé à accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problèmes de système. Veuillez réessayer plus tard. +error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page. +error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement. +error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance. +error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste. +error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance. +error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance. +errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations. +fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous. +fido2_auth.instruction1=Cliquez sur "Continuer" +fido2_auth.instruction2=Une fenêtre d'authentification s'affichera +fido2_auth.instruction3=Suivez les instructions +fido2_auth.skipInstructions=Passer les instructions la fois suivante +fido2_auth.switchLogin=S'AUTHENTIFIER AVEC +footer.link=https://agov.ch/?c=contact&l=fr +footer.link.label=Contact +footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. - +general.AGOVAccessApp=Application AGOV access +general.accessApp=Application AGOV access +general.authenticate=Authentification +general.back=Retour +general.cancel=Annuler +general.confirm=Confirmer +general.contactSupport=Contacter le service d'assistance +general.continue=Continuer +general.edit=Editer +general.email=E-mail +general.email.address=Adresse e-mail +general.entryCode=Entrer le code +general.getStarted=Démarrer +general.goAGOVHelp=Rendez-vous sur AGOV help +general.goAccessApp=Login avec AGOV access +general.help=Aide +general.help.link=https://agov.ch/pages/help_fr.html +general.login=Login +general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité +general.or=OU +general.otherOptions=AUTRES OPTIONS +general.recovery=Récupération +general.recoveryOngoing=Récupération en cours +general.register=Créer un compte +general.registerNow=Enregistrez-vous dès maintenant! +general.registration=Enregistrement +general.securityKey=Clé de sécurité +general.skip.content=Passer au contenu principal +generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème. +generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste. +generic.auth.error.subtitle=Un problème s’est produit +generic.auth.error.title=Erreur +info.login=Veuillez entrer vos éléments de sécurité ci-après. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sélectionner la langue +loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours. +loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante. +loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS. +loainfo.helper=Vos données doivent être vérifiées! +loainfo.later=Plus tard +loainfo.startNow=Voulez-vous commencer le processus maintenant? +loainfo.startVerification=Démarrer la vérification +loainfo.title=Vérifiez vos données +mauth_usernameless.EID=Continuer avec l'e-ID suisse +mauth_usernameless.banner.error=Authentification interrompue.
Veuillez réessayer lorsque la page sera rechargée. +mauth_usernameless.banner.info=Scan réussi!
Veuillez continuer dans l'application AGOV access. +mauth_usernameless.banner.success=Authentification réussie!
Veuillez attendre d'être connecté. +mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ? +mauth_usernameless.hideQR=Cacher le code QR +mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access +mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ? +mauth_usernameless.showQR=Afficher le code QR +mauth_usernameless.startRecovery=Commencer la récupération du compte +mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter +mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone. +op-admin.login=Administration de l’accès à AGOV op +op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe +op-admin.login.loginid=Identifiant de connexion +op-admin.login.password=Mot de passe +op-admin.login.title=Connexion +op-admin.logout=Administration de l’accès à AGOV op +op-admin.logout.message=Vous vous êtes déconnecté avec succès. +op-admin.logout.title=Déconnexion +op-admin.pwchange.intro.message=Changement de mot de passe requis +op-admin.pwchange.newpassword=Nouveau mot de passe +op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe +op-admin.pwchange.password=Mot de passe actuel +op-admin.pwchange.title=Changer de mot de passe +op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès +op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM +op-idmlogin.role.readonly-access=Accès par défaut (lecture seule) +op-idmlogin.role.support-basic=Cas de support (récupération, ...) +op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription) +op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations) +op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous... +op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production. +op-idmlogin.select.title=Séléction du profil +op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations. +op-onboarding.done.title=TERMINÉ +op-onboarding.failed.title=ERREUR +op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN. +op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification. +op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre. +op-onboarding.intro.title=DÉMARRER +op-onboarding.onboarding=Enregistrement de l’accès à AGOV op +op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement. +prompt.client=Client +prompt.newpassword=Nouveau mot de passe +prompt.newpassword.confirm=Confirmez le mot de passe +prompt.password=Mot de passe +prompt.userid=ID de l'utilisateur +pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter. +pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe. +pwreset.info.linktext=Mot de passe oublié +pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau. +recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée +recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération. +recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier. +recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer. +recovery_check_code.enterRecoveryCode=Saisir le code de récupération +recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me. +recovery_check_code.invalid.code=Le code est invalide +recovery_check_code.invalid.code.required=Code requis +recovery_check_code.invalid.code.tooLong=Le code est trop long +recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération +recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ? +recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération. +recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération. +recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois. +recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération. +recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer. +recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr. +recovery_code.newRecoveryCode=Introduction du code de récupération +recovery_code.validUntil=Valable jusqu'au: +recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité +recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé" +recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération. +recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier. +recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée +recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien. +recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération. +recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha +recovery_intro_email.important=Important: +recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=Ce site est protégé par reCAPTCHA: les règles de confidentialité et conditions d’utilisation de Google s’appliquent. +recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email? +recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions. +recovery_on_going.finishRecovery=Terminer la récupération +recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité. +recovery_on_going.title=Veuillez terminer le processus de récupération. +recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie. +recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran. +recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération +recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte) +recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse. +recovery_questionnaire_loginfactor.no=Non +recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ? +recovery_questionnaire_loginfactor.yes=Oui +recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant. +recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter www.agov.ch/help pour obtenir des articles de soutien. +recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez www.agov.ch/me et vérifiez si vous pouvez vous connecter avec succès. +recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter www.agov.ch/me pour supprimer celui auquel vous avez perdu l'accès. +recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité +recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité) +recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription +recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access +recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité +recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access +recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access +recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter +recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access +recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié) +recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif. +recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération : +recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé. +recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération. +recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Changer mot de passe +title.pwreset=Mot de Passe Oublié +user_input.invalid.email=Veuillez saisir un e-mail valable. +user_input.invalid.email.required=Champ requis +user_input.invalid.email.tooLong=La saisie est trop longue diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties new file mode 100644 index 0000000..3535726 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/resources/conf/text_it.properties @@ -0,0 +1,210 @@ + +button.submit=Continua +darkModeSwitch.aria.label=Attivare la modalità scura +error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_1=Verificare i dati inseriti. +error_10=Scegliere l’account utente corretto. +error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk. +error_101=L’e-mail inserita non è valida. +error_11=Utilizzare un altro certificato o accedere con altre credenziali. +error_2=Selezionare un altro nome di accesso. +error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato. +error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password. +error_5=Errore nella conferma della password. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve differire da quelle precedenti. +error_6=È richiesta la modifica della password. +error_7=È richiesta la modifica dell’ID di accesso. +error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato. +error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato. +error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile. +error_9=Takeover di sessione fallito. +error_97=Accesso non autorizzato a questa risorsa. +error_98=L’account è stato bloccato. +error_99=Ci sono problemi di sistema. Riprovare più tardi. +error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido. +error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione. +error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione. +error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link. +error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto. +error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione. +errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo. +fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni. +fido2_auth.instruction1=Cliccare su "Continua" +fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione. +fido2_auth.instruction3=Seguire le istruzioni. +fido2_auth.skipInstructions=Non mostrare più le istruzioni +fido2_auth.switchLogin=ACCEDERE CON +footer.link=https://agov.ch/?c=contact&l=it +footer.link.label=Contatto +footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. - +general.AGOVAccessApp=App AGOV access +general.accessApp=App AGOV access +general.authenticate=Autentifica +general.back=Indietro +general.cancel=Annullare +general.confirm=Confermare +general.contactSupport=Contattare il supporto +general.continue=Continuare +general.edit=Modificare +general.email=e-mail +general.email.address=Indirizzo e-mail +general.entryCode=Codice +general.getStarted=Iniziare +general.goAGOVHelp=Vai ad AGOV help +general.goAccessApp=Login con AGOV access +general.help=Aiuto +general.help.link=https://agov.ch/pages/help_it.html +general.login=Accedere +general.loginSecurityKey=Iniziare il login con la chiave di sicurezza +general.or=O +general.otherOptions=ALTRE OPZIONI +general.recovery=Ripristino +general.recoveryOngoing=Ripristino in corso +general.register=Registrarsi +general.registerNow=Si registri ora! +general.registration=Registrazione +general.securityKey=Chiave di sicurezza +general.skip.content=Vai al contenuto principale +generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio. +generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help. +generic.auth.error.subtitle=Qualcosa non ha funzionato. +generic.auth.error.title=Errore +info.login=Per favore inserisca i suoi dati di accesso. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Selezionare la lingua +loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi. +loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata. +loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS. +loainfo.helper=I dati devono essere verificati! +loainfo.later=Più tardi +loainfo.startNow=Iniziare la procedura? +loainfo.startVerification=Iniziare la verifica +loainfo.title=Verificare i dati. +mauth_usernameless.EID=Continuare con CH e-ID +mauth_usernameless.banner.error=Autenticazione interrotta.
Riprovare dopo che la pagina si sarà ricaricata. +mauth_usernameless.banner.info=La scansione è stata eseguita.
Continuare nell'app AGOV access. +mauth_usernameless.banner.success=Autenticazione riuscita!
Aspettare di essere connessi. +mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza? +mauth_usernameless.hideQR=Nascondi il codice QR +mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access. +mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ? +mauth_usernameless.showQR=Visualizza il codice QR +mauth_usernameless.startRecovery=Inizia il recupero dell'account +mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza. +mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Accedere con nome utente e password +op-admin.login.loginid=ID di accesso +op-admin.login.password=Password +op-admin.login.title=Accedere +op-admin.logout=AGOV op admin +op-admin.logout.message=La sessione è terminata. +op-admin.logout.title=Disconnessione +op-admin.pwchange.intro.message=È richiesta la modifica della password. +op-admin.pwchange.newpassword=Nuova password +op-admin.pwchange.newpassword2=Ripetere la nuova password +op-admin.pwchange.password=Password attuale +op-admin.pwchange.title=Modificare password +op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso +op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM +op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura) +op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...) +op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding) +op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni) +op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili... +op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche. +op-idmlogin.select.title=Selezione del profilo +op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser. +op-onboarding.done.title=FINITO +op-onboarding.failed.title=ERRORE +op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN. +op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione. +op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta. +op-onboarding.intro.title=INIZIARE +op-onboarding.onboarding=Registrazione AGOV op +op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione. +prompt.client=Mandator +prompt.newpassword=Nuova Password +prompt.newpassword.confirm=Conferma password +prompt.password=Password +prompt.userid=Nome utente +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata +recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. +recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare. +recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero +recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me. +recovery_check_code.invalid.code=Il codice non è valido +recovery_check_code.invalid.code.required=Codice richiesto +recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo +recovery_check_code.noAccess=Non ho il mio codice. +recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino? +recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino. +recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto +recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte. +recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero. +recovery_code.banner.error=Per procedere, inserire il nuovo codice. +recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro. +recovery_code.newRecoveryCode=Introduzione del codice di ripristino +recovery_code.validUntil=Valido fino a: +recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave +recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave" +recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti. +recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata +recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail. +recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail. +recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha +recovery_intro_email.important=Importante: +recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.). +recovery_intro_email.siteProtectedWithRecaptcha=Questo sito è protetto da reCAPTCHA. Si applicano le norme sulla privacy e i termini di servizio di Google. +recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail? +recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni. +recovery_on_going.finishRecovery=Completare il ripristino +recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità. +recovery_on_going.title=Completare il processo di ripristino. +recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito. +recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo. +recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero +recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account) +recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account? +recovery_questionnaire_loginfactor.yes=Si +recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento. +recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti www.agov.ch/help per articoli di supporto. +recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti www.agov.ch/me e verifichi se può accedere con successo. +recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit www.agov.ch/me per rimuovere quello a cui ha perso l'accesso. +recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza +recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza) +recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione +recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza +recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV +recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere +recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV +recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato) +recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo. +recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero: +recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso. +recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino. +recovery_start_info.title=Il processo di ripristino sta per iniziare. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Cambiare Password +title.pwreset=Password Forgotten +user_input.invalid.email=Inserire un'e-mail valida. +user_input.invalid.email.required=Campo obbligatorio +user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_login.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_login.js new file mode 100644 index 0000000..eed68c4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_login.js @@ -0,0 +1,165 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +function messageCheckPhone() { + const text = document.getElementsByName('info.check.phone')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + const authenticationType = document.getElementsByName('authenticationType')[0].value; + if (authenticationType == 'push') { + messageCheckPhone(); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function authenticateUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud login done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud login failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud login failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_login'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + authenticateUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_onboard.js new file mode 100644 index 0000000..5332d9f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/authcloud_onboard.js @@ -0,0 +1,154 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function onboardUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud onboarding done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud onboarding failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud onboarding failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_onboard'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + onboardUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/base64.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/base64.js new file mode 100644 index 0000000..24ecf9e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/base64.js @@ -0,0 +1,87 @@ +/* + * Base64URL-ArrayBuffer + * https://github.com/herrjemand/Base64URL-ArrayBuffer + * + * Copyright (c) 2017 Yuriy Ackermann + * Copyright (c) 2012 Niklas von Hertzen + * Licensed under the MIT license. + * + */ +(function() { + "use strict"; + + var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + // Use a lookup table to find the index. + var lookup = new Uint8Array(256); + for (var i = 0; i < chars.length; i++) { + lookup[chars.charCodeAt(i)] = i; + } + + var encode = function(arraybuffer) { + var bytes = new Uint8Array(arraybuffer), + i, len = bytes.length, base64 = ""; + + for (i = 0; i < len; i+=3) { + base64 += chars[bytes[i] >> 2]; + base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)]; + base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)]; + base64 += chars[bytes[i + 2] & 63]; + } + + if ((len % 3) === 2) { + base64 = base64.substring(0, base64.length - 1); + } else if (len % 3 === 1) { + base64 = base64.substring(0, base64.length - 2); + } + + return base64; + }; + + var decode = function(base64) { + var bufferLength = base64.length * 0.75, + len = base64.length, i, p = 0, + encoded1, encoded2, encoded3, encoded4; + + var arraybuffer = new ArrayBuffer(bufferLength), + bytes = new Uint8Array(arraybuffer); + + for (i = 0; i < len; i+=4) { + encoded1 = lookup[base64.charCodeAt(i)]; + encoded2 = lookup[base64.charCodeAt(i+1)]; + encoded3 = lookup[base64.charCodeAt(i+2)]; + encoded4 = lookup[base64.charCodeAt(i+3)]; + + bytes[p++] = (encoded1 << 2) | (encoded2 >> 4); + bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2); + bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63); + } + + return arraybuffer; + }; + + /** + * Exporting and stuff + */ + if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { + module.exports = { + 'encode': encode, + 'decode': decode + } + + } else { + if (typeof define === 'function' && define.amd) { + define([], function() { + return { + 'encode': encode, + 'decode': decode + } + }); + } else { + window.base64url = { + 'encode': encode, + 'decode': decode + } + } + } +})(); \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap-theme.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap-theme.min.css new file mode 100644 index 0000000..4aaa13e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap-theme.min.css @@ -0,0 +1,9 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * The Nevis @btn-default-color: #6ebabd + * Bootstrap v3.4.1 (https://getbootstrap.com/) + */ + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-success.active,.btn-info.active,.btn-warning.active,.btn-danger.active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-default.disabled,.btn-primary.disabled,.btn-success.disabled,.btn-info.disabled,.btn-warning.disabled,.btn-danger.disabled,.btn-default[disabled],.btn-primary[disabled],.btn-success[disabled],.btn-info[disabled],.btn-warning[disabled],.btn-danger[disabled],fieldset[disabled] .btn-default,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-info,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-danger{-webkit-box-shadow:none;box-shadow:none}.btn-default .badge,.btn-primary .badge,.btn-success .badge,.btn-info .badge,.btn-warning .badge,.btn-danger .badge{text-shadow:none}.btn:active,.btn.active{background-image:none}.btn-default{background-image:-webkit-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-o-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#e0e0e0));background-image:linear-gradient(to bottom, #fff 0, #e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#dbdbdb;text-shadow:0 1px 0 #fff;border-color:#ccc}.btn-default:hover,.btn-default:focus{background-color:#e0e0e0;background-position:0 -15px}.btn-default:active,.btn-default.active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-primary:hover,.btn-primary:focus{background-color:#6ebabd;background-position:0 -15px}.btn-primary:active,.btn-primary.active{background-color:#6ebabd;border-color:#67b7ba}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#6ebabd;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-success:hover,.btn-success:focus{background-color:#6ebabd;background-position:0 -15px}.btn-success:active,.btn-success.active{background-color:#6ebabd;border-color:#67b7ba}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#6ebabd;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#2aabd2));background-image:linear-gradient(to bottom, #5bc0de 0, #2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:hover,.btn-info:focus{background-color:#2aabd2;background-position:0 -15px}.btn-info:active,.btn-info.active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-warning:hover,.btn-warning:focus{background-color:#be2331;background-position:0 -15px}.btn-warning:active,.btn-warning.active{background-color:#be2331;border-color:#b5222f}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#be2331;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-danger:hover,.btn-danger:focus{background-color:#be2331;background-position:0 -15px}.btn-danger:active,.btn-danger.active{background-color:#be2331;border-color:#b5222f}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#be2331;background-image:none}.thumbnail,.img-thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{background-image:-webkit-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-o-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #65b6b9), to(#53aeb1));background-image:linear-gradient(to bottom, #65b6b9 0, #53aeb1 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff65b6b9', endColorstr='#ff53aeb1', GradientType=0);background-repeat:repeat-x;background-color:#53aeb1}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x;background-color:#006e73}.navbar-default{background-image:-webkit-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-o-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#f8f8f8));background-image:linear-gradient(to bottom, #fff 0, #f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075)}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-o-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dbdbdb), to(#e2e2e2));background-image:linear-gradient(to bottom, #dbdbdb 0, #e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.075);box-shadow:inset 0 3px 9px rgba(0,0,0,0.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,0.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-o-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #3c3c3c), to(#222));background-image:linear-gradient(to bottom, #3c3c3c 0, #222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-o-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #080808), to(#0f0f0f));background-image:linear-gradient(to bottom, #080808 0, #0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.25);box-shadow:inset 0 3px 9px rgba(0,0,0,0.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-static-top,.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05)}.alert-success{background-image:-webkit-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#c8e5bc));background-image:linear-gradient(to bottom, #dff0d8 0, #c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#b9def0));background-image:linear-gradient(to bottom, #d9edf7 0, #b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#f8efc0));background-image:linear-gradient(to bottom, #fcf8e3 0, #f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-o-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#e7c3c3));background-image:linear-gradient(to bottom, #f2dede 0, #e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #ebebeb), to(#f5f5f5));background-image:linear-gradient(to bottom, #ebebeb 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top, #00868c 0, #005559 100%);background-image:-o-linear-gradient(top, #00868c 0, #005559 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#005559));background-image:linear-gradient(to bottom, #00868c 0, #005559 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff005559', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-o-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#75bdc0));background-image:linear-gradient(to bottom, #98ced0 0, #75bdc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff75bdc0', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#31b0d5));background-image:linear-gradient(to bottom, #5bc0de 0, #31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.list-group{border-radius:3px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{text-shadow:0 -1px 0 #005559;background-image:-webkit-linear-gradient(top, #00868c 0, #006166 100%);background-image:-o-linear-gradient(top, #00868c 0, #006166 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006166));background-image:linear-gradient(to bottom, #00868c 0, #006166 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006166', GradientType=0);background-repeat:repeat-x;border-color:#006166}.list-group-item.active .badge,.list-group-item.active:hover .badge,.list-group-item.active:focus .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-o-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f5f5f5), to(#e8e8e8));background-image:linear-gradient(to bottom, #f5f5f5 0, #e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#d0e9c6));background-image:linear-gradient(to bottom, #dff0d8 0, #d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#c4e3f3));background-image:linear-gradient(to bottom, #d9edf7 0, #c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#faf2cc));background-image:linear-gradient(to bottom, #fcf8e3 0, #faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-o-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#ebcccc));background-image:linear-gradient(to bottom, #f2dede 0, #ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e8e8e8), to(#f5f5f5));background-image:linear-gradient(to bottom, #e8e8e8 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1)} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.css new file mode 100644 index 0000000..af8b6ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.css @@ -0,0 +1,11 @@ +/*! + * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=a17c489ffbed8c6e46fcf0d72d0d80db) + * Config saved to config.json and https://gist.github.com/a17c489ffbed8c6e46fcf0d72d0d80db + *//*! +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{color:#000 !important;text-shadow:none !important;background:transparent !important;-webkit-box-shadow:none !important;box-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}@font-face{font-family:"Glyphicons Halflings";src:url("../fonts/glyphicons-halflings-regular.eot");src:url("../fonts/glyphicons-halflings-regular.eot?#iefix") format("embedded-opentype"),url("../fonts/glyphicons-halflings-regular.woff2") format("woff2"),url("../fonts/glyphicons-halflings-regular.woff") format("woff"),url("../fonts/glyphicons-halflings-regular.ttf") format("truetype"),url("../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") format("svg")}.glyphicon{position:relative;top:1px;display:inline-block;font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-euro:before,.glyphicon-eur:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:hover,a:focus{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:28px}h2,.h2{font-size:26px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#00868c}a.text-primary:hover,a.text-primary:focus{color:#286090}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:hover,a.bg-primary:focus{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:"\2014 \00A0"}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:""}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:"\00A0 \2014"}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.row-no-gutters{margin-right:0;margin-left:0}.row-no-gutters [class*="col-"]{padding-right:0;padding-left:0}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}table col[class*="col-"]{position:static;display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{position:static;display:table-cell;float:none}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-appearance:none;appearance:none}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-top:4px \9;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:13px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);opacity:.65;-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;background-image:none;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#98ced0;border-color:#98ced0}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;background-image:none;border-color:#204d74}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;background-image:none;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;background-image:none;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;background-image:none;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;background-image:none;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid \9;border-right:4px solid transparent;border-left:4px solid transparent}.dropup,.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#777}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid \9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-right:15px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-right:-15px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-right:auto;margin-left:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-left,.media-right,.media-body{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item.disabled:hover,.list-group-item.disabled:focus{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>.small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#c7ddef}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,button.list-group-item:hover,a.list-group-item:focus,button.list-group-item:focus{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,button.list-group-item-success:hover,a.list-group-item-success:focus,button.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,button.list-group-item-success.active,a.list-group-item-success.active:hover,button.list-group-item-success.active:hover,a.list-group-item-success.active:focus,button.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,button.list-group-item-info:hover,a.list-group-item-info:focus,button.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,button.list-group-item-info.active,a.list-group-item-info.active:hover,button.list-group-item-info.active:hover,a.list-group-item-info.active:focus,button.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,button.list-group-item-warning:hover,a.list-group-item-warning:focus,button.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,button.list-group-item-warning.active,a.list-group-item-warning.active:hover,button.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus,button.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,button.list-group-item-danger:hover,a.list-group-item-danger:focus,button.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,button.list-group-item-danger.active,a.list-group-item-danger.active:hover,button.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus,button.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-right:15px;padding-left:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:12px;filter:alpha(opacity=0);opacity:0}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:14px;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2)}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover>.arrow{border-width:11px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,0.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform 0.6s ease-in-out;-o-transition:-o-transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.next,.carousel-inner>.item.active.right{-webkit-transform:translate3d(100%, 0, 0);transform:translate3d(100%, 0, 0);left:0}.carousel-inner>.item.prev,.carousel-inner>.item.active.left{-webkit-transform:translate3d(-100%, 0, 0);transform:translate3d(-100%, 0, 0);left:0}.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right,.carousel-inner>.item.active{-webkit-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0);left:0}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.5)), to(rgba(0,0,0,0.0001)));background-image:linear-gradient(to right, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.0001)), to(rgba(0,0,0,0.5)));background-image:linear-gradient(to right, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;outline:0;filter:alpha(opacity=90);opacity:.9}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%;margin-left:-10px}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%;margin-right:-10px}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:"\2039"}.carousel-control .icon-next:before{content:"\203a"}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{display:table;content:" "}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.js new file mode 100644 index 0000000..853b70d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/bootstrap.min.js @@ -0,0 +1,12 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + */ + +/*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2021 Twitter, Inc. + * Licensed under the MIT license + */ + +if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),n=i.data("bs.alert");n||i.data("bs.alert",n=new o(this)),"string"==typeof e&&n[e].call(i)})}var i='[data-dismiss="alert"]',o=function(e){t(e).on("click",i,this.close)};o.VERSION="3.4.1",o.TRANSITION_DURATION=150,o.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove()}var n=t(this),s=n.attr("data-target");s||(s=n.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,"")),s="#"===s?[]:s;var a=t(document).find(s);e&&e.preventDefault(),a.length||(a=n.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(o.TRANSITION_DURATION):i())};var n=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=o,t.fn.alert.noConflict=function(){return t.fn.alert=n,this},t(document).on("click.bs.alert.data-api",i,o.prototype.close)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.button"),s="object"==typeof e&&e;n||o.data("bs.button",n=new i(this,s)),"toggle"==e?n.toggle():e&&n.setState(e)})}var i=function(e,o){this.$element=t(e),this.options=t.extend({},i.DEFAULTS,o),this.isLoading=!1};i.VERSION="3.4.1",i.DEFAULTS={loadingText:"loading..."},i.prototype.setState=function(e){var i="disabled",o=this.$element,n=o.is("input")?"val":"html",s=o.data();e+="Text",null==s.resetText&&o.data("resetText",o[n]()),setTimeout(t.proxy(function(){o[n](null==s[e]?this.options[e]:s[e]),"loadingText"==e?(this.isLoading=!0,o.addClass(i).attr(i,i).prop(i,!0)):this.isLoading&&(this.isLoading=!1,o.removeClass(i).removeAttr(i).prop(i,!1))},this),0)},i.prototype.toggle=function(){var t=!0,e=this.$element.closest('[data-toggle="buttons"]');if(e.length){var i=this.$element.find("input");"radio"==i.prop("type")?(i.prop("checked")&&(t=!1),e.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==i.prop("type")&&(i.prop("checked")!==this.$element.hasClass("active")&&(t=!1),this.$element.toggleClass("active")),i.prop("checked",this.$element.hasClass("active")),t&&i.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var o=t.fn.button;t.fn.button=e,t.fn.button.Constructor=i,t.fn.button.noConflict=function(){return t.fn.button=o,this},t(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(i){var o=t(i.target).closest(".btn");e.call(o,"toggle"),t(i.target).is('input[type="radio"], input[type="checkbox"]')||(i.preventDefault(),o.is("input,button")?o.trigger("focus"):o.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(e){t(e.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(e.type))})}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.carousel"),s=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e),a="string"==typeof e?e:s.slide;n||o.data("bs.carousel",n=new i(this,s)),"number"==typeof e?n.to(e):a?n[a]():s.interval&&n.pause().cycle()})}var i=function(e,i){this.$element=t(e),this.$indicators=this.$element.find(".carousel-indicators"),this.options=i,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",t.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",t.proxy(this.pause,this)).on("mouseleave.bs.carousel",t.proxy(this.cycle,this))};i.VERSION="3.4.1",i.TRANSITION_DURATION=600,i.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},i.prototype.keydown=function(t){if(!/input|textarea/i.test(t.target.tagName)){switch(t.which){case 37:this.prev();break;case 39:this.next();break;default:return}t.preventDefault()}},i.prototype.cycle=function(e){return e||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(t.proxy(this.next,this),this.options.interval)),this},i.prototype.getItemIndex=function(t){return this.$items=t.parent().children(".item"),this.$items.index(t||this.$active)},i.prototype.getItemForDirection=function(t,e){var i=this.getItemIndex(e),o="prev"==t&&0===i||"next"==t&&i==this.$items.length-1;if(o&&!this.options.wrap)return e;var n="prev"==t?-1:1,s=(i+n)%this.$items.length;return this.$items.eq(s)},i.prototype.to=function(t){var e=this,i=this.getItemIndex(this.$active=this.$element.find(".item.active"));return t>this.$items.length-1||0>t?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){e.to(t)}):i==t?this.pause().cycle():this.slide(t>i?"next":"prev",this.$items.eq(t))},i.prototype.pause=function(e){return e||(this.paused=!0),this.$element.find(".next, .prev").length&&t.support.transition&&(this.$element.trigger(t.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},i.prototype.next=function(){return this.sliding?void 0:this.slide("next")},i.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},i.prototype.slide=function(e,o){var n=this.$element.find(".item.active"),s=o||this.getItemForDirection(e,n),a=this.interval,r="next"==e?"left":"right",l=this;if(s.hasClass("active"))return this.sliding=!1;var h=s[0],d=t.Event("slide.bs.carousel",{relatedTarget:h,direction:r});if(this.$element.trigger(d),!d.isDefaultPrevented()){if(this.sliding=!0,a&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var p=t(this.$indicators.children()[this.getItemIndex(s)]);p&&p.addClass("active")}var c=t.Event("slid.bs.carousel",{relatedTarget:h,direction:r});return t.support.transition&&this.$element.hasClass("slide")?(s.addClass(e),"object"==typeof s&&s.length&&s[0].offsetWidth,n.addClass(r),s.addClass(r),n.one("bsTransitionEnd",function(){s.removeClass([e,r].join(" ")).addClass("active"),n.removeClass(["active",r].join(" ")),l.sliding=!1,setTimeout(function(){l.$element.trigger(c)},0)}).emulateTransitionEnd(i.TRANSITION_DURATION)):(n.removeClass("active"),s.addClass("active"),this.sliding=!1,this.$element.trigger(c)),a&&this.cycle(),this}};var o=t.fn.carousel;t.fn.carousel=e,t.fn.carousel.Constructor=i,t.fn.carousel.noConflict=function(){return t.fn.carousel=o,this};var n=function(i){var o=t(this),n=o.attr("href");n&&(n=n.replace(/.*(?=#[^\s]+$)/,""));var s=o.attr("data-target")||n,a=t(document).find(s);if(a.hasClass("carousel")){var r=t.extend({},a.data(),o.data()),l=o.attr("data-slide-to");l&&(r.interval=!1),e.call(a,r),l&&a.data("bs.carousel").to(l),i.preventDefault()}};t(document).on("click.bs.carousel.data-api","[data-slide]",n).on("click.bs.carousel.data-api","[data-slide-to]",n),t(window).on("load",function(){t('[data-ride="carousel"]').each(function(){var i=t(this);e.call(i,i.data())})})}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var o="#"!==i?t(document).find(i):null;return o&&o.length?o:e.parent()}function i(i){i&&3===i.which||(t(n).remove(),t(s).each(function(){var o=t(this),n=e(o),s={relatedTarget:this};n.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(n[0],i.target)||(n.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(o.attr("aria-expanded","false"),n.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))))}))}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.dropdown");o||i.data("bs.dropdown",o=new a(this)),"string"==typeof e&&o[e].call(i)})}var n=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle)};a.VERSION="3.4.1",a.prototype.toggle=function(o){var n=t(this);if(!n.is(".disabled, :disabled")){var s=e(n),a=s.hasClass("open");if(i(),!a){"ontouchstart"in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(o=t.Event("show.bs.dropdown",r)),o.isDefaultPrevented())return;n.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r))}return!1}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var o=t(this);if(i.preventDefault(),i.stopPropagation(),!o.is(".disabled, :disabled")){var n=e(o),a=n.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&n.find(s).trigger("focus"),o.trigger("click");var r=" li:not(.disabled):visible a",l=n.find(".dropdown-menu"+r);if(l.length){var h=l.index(i.target);38==i.which&&h>0&&h--,40==i.which&&hdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""})},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left)}this.bodyIsOverflowing=document.body.clientWidtha;a++)if(o.match(n[a]))return!0;return!1}function i(i,o,n){if(0===i.length)return i;if(n&&"function"==typeof n)return n(i);if(!document.implementation||!document.implementation.createHTMLDocument)return i;var s=document.implementation.createHTMLDocument("sanitization");s.body.innerHTML=i;for(var a=t.map(o,function(t,e){return e}),r=t(s.body).find("*"),l=0,h=r.length;h>l;l++){var d=r[l],p=d.nodeName.toLowerCase();if(-1!==t.inArray(p,a))for(var c=t.map(d.attributes,function(t){return t}),f=[].concat(o["*"]||[],o[p]||[]),u=0,g=c.length;g>u;u++)e(c[u],f)||d.removeAttribute(c[u].nodeName);else d.parentNode.removeChild(d)}return s.body.innerHTML}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.tooltip"),n="object"==typeof e&&e;!o&&/destroy|hide/.test(e)||(o||i.data("bs.tooltip",o=new d(this,n)),"string"==typeof e&&o[e]())})}var n=["sanitize","whiteList","sanitizeFn"],s=["background","cite","href","itemtype","longdesc","poster","src","xlink:href"],a=/^aria-[\w-]*$/i,r={"*":["class","dir","id","lang","role",a],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width","height"],li:[],ol:[],p:[],pre:[],s:[],small:[],span:[],sub:[],sup:[],strong:[],u:[],ul:[]},l=/^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi,h=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i,d=function(t,e){this.type=null,this.options=null,this.enabled=null,this.timeout=null,this.hoverState=null,this.$element=null,this.inState=null,this.init("tooltip",t,e)};d.VERSION="3.4.1",d.TRANSITION_DURATION=150,d.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0},sanitize:!0,sanitizeFn:null,whiteList:r},d.prototype.init=function(e,i,o){if(this.enabled=!0,this.type=e,this.$element=t(i),this.options=this.getOptions(o),this.$viewport=this.options.viewport&&t(document).find(t.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var n=this.options.trigger.split(" "),s=n.length;s--;){var a=n[s];if("click"==a)this.$element.on("click."+this.type,this.options.selector,t.proxy(this.toggle,this));else if("manual"!=a){var r="hover"==a?"mouseenter":"focusin",l="hover"==a?"mouseleave":"focusout";this.$element.on(r+"."+this.type,this.options.selector,t.proxy(this.enter,this)),this.$element.on(l+"."+this.type,this.options.selector,t.proxy(this.leave,this))}}this.options.selector?this._options=t.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},d.prototype.getDefaults=function(){return d.DEFAULTS},d.prototype.getOptions=function(e){var o=this.$element.data();for(var s in o)o.hasOwnProperty(s)&&-1!==t.inArray(s,n)&&delete o[s];return e=t.extend({},this.getDefaults(),o,e),e.delay&&"number"==typeof e.delay&&(e.delay={show:e.delay,hide:e.delay}),e.sanitize&&(e.template=i(e.template,e.whiteList,e.sanitizeFn)),e},d.prototype.getDelegateOptions=function(){var e={},i=this.getDefaults();return this._options&&t.each(this._options,function(t,o){i[t]!=o&&(e[t]=o)}),e},d.prototype.enter=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusin"==e.type?"focus":"hover"]=!0),i.tip().hasClass("in")||"in"==i.hoverState?void(i.hoverState="in"):(clearTimeout(i.timeout),i.hoverState="in",i.options.delay&&i.options.delay.show?void(i.timeout=setTimeout(function(){"in"==i.hoverState&&i.show()},i.options.delay.show)):i.show())},d.prototype.isInStateTrue=function(){for(var t in this.inState)if(this.inState[t])return!0;return!1},d.prototype.leave=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusout"==e.type?"focus":"hover"]=!1),i.isInStateTrue()?void 0:(clearTimeout(i.timeout),i.hoverState="out",i.options.delay&&i.options.delay.hide?void(i.timeout=setTimeout(function(){"out"==i.hoverState&&i.hide()},i.options.delay.hide)):i.hide())},d.prototype.show=function(){var e=t.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(e);var i=t.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(e.isDefaultPrevented()||!i)return;var o=this,n=this.tip(),s=this.getUID(this.type);this.setContent(),n.attr("id",s),this.$element.attr("aria-describedby",s),this.options.animation&&n.addClass("fade");var a="function"==typeof this.options.placement?this.options.placement.call(this,n[0],this.$element[0]):this.options.placement,r=/\s?auto?\s?/i,l=r.test(a);l&&(a=a.replace(r,"")||"top"),n.detach().css({top:0,left:0,display:"block"}).addClass(a).data("bs."+this.type,this),this.options.container?n.appendTo(t(document).find(this.options.container)):n.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var h=this.getPosition(),p=n[0].offsetWidth,c=n[0].offsetHeight;if(l){var f=a,u=this.getPosition(this.$viewport);a="bottom"==a&&h.bottom+c>u.bottom?"top":"top"==a&&h.top-cu.width?"left":"left"==a&&h.left-pa.top+a.height&&(n.top=a.top+a.height-l)}else{var h=e.left-s,d=e.left+s+i;ha.right&&(n.left=a.left+a.width-d)}return n},d.prototype.getTitle=function(){var t,e=this.$element,i=this.options;return t=e.attr("data-original-title")||("function"==typeof i.title?i.title.call(e[0]):i.title)},d.prototype.getUID=function(t){do t+=~~(1e6*Math.random());while(document.getElementById(t));return t},d.prototype.tip=function(){if(!this.$tip&&(this.$tip=t(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},d.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},d.prototype.enable=function(){this.enabled=!0},d.prototype.disable=function(){this.enabled=!1},d.prototype.toggleEnabled=function(){this.enabled=!this.enabled},d.prototype.toggle=function(e){var i=this;e&&(i=t(e.currentTarget).data("bs."+this.type),i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i))),e?(i.inState.click=!i.inState.click,i.isInStateTrue()?i.enter(i):i.leave(i)):i.tip().hasClass("in")?i.leave(i):i.enter(i)},d.prototype.destroy=function(){var t=this;clearTimeout(this.timeout),this.hide(function(){t.$element.off("."+t.type).removeData("bs."+t.type),t.$tip&&t.$tip.detach(),t.$tip=null,t.$arrow=null,t.$viewport=null,t.$element=null})},d.prototype.sanitizeHtml=function(t){return i(t,this.options.whiteList,this.options.sanitizeFn)};var p=t.fn.tooltip;t.fn.tooltip=o,t.fn.tooltip.Constructor=d,t.fn.tooltip.noConflict=function(){return t.fn.tooltip=p,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.popover"),s="object"==typeof e&&e;!n&&/destroy|hide/.test(e)||(n||o.data("bs.popover",n=new i(this,s)),"string"==typeof e&&n[e]())})}var i=function(t,e){this.init("popover",t,e)};if(!t.fn.tooltip)throw new Error("Popover requires tooltip.js");i.VERSION="3.4.1",i.DEFAULTS=t.extend({},t.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),i.prototype=t.extend({},t.fn.tooltip.Constructor.prototype),i.prototype.constructor=i,i.prototype.getDefaults=function(){return i.DEFAULTS},i.prototype.setContent=function(){var t=this.tip(),e=this.getTitle(),i=this.getContent();if(this.options.html){var o=typeof i;this.options.sanitize&&(e=this.sanitizeHtml(e),"string"===o&&(i=this.sanitizeHtml(i))),t.find(".popover-title").html(e),t.find(".popover-content").children().detach().end()["string"===o?"html":"append"](i)}else t.find(".popover-title").text(e),t.find(".popover-content").children().detach().end().text(i);t.removeClass("fade top bottom left right in"),t.find(".popover-title").html()||t.find(".popover-title").hide()},i.prototype.hasContent=function(){return this.getTitle()||this.getContent()},i.prototype.getContent=function(){var t=this.$element,e=this.options;return t.attr("data-content")||("function"==typeof e.content?e.content.call(t[0]):e.content)},i.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var o=t.fn.popover;t.fn.popover=e,t.fn.popover.Constructor=i,t.fn.popover.noConflict=function(){return t.fn.popover=o,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.tab");n||o.data("bs.tab",n=new i(this)),"string"==typeof e&&n[e]()})}var i=function(e){this.element=t(e)};i.VERSION="3.4.1",i.TRANSITION_DURATION=150,i.prototype.show=function(){var e=this.element,i=e.closest("ul:not(.dropdown-menu)"),o=e.data("target");if(o||(o=e.attr("href"),o=o&&o.replace(/.*(?=#[^\s]*$)/,"")),!e.parent("li").hasClass("active")){var n=i.find(".active:last a"),s=t.Event("hide.bs.tab",{relatedTarget:e[0]}),a=t.Event("show.bs.tab",{relatedTarget:n[0]});if(n.trigger(s),e.trigger(a),!a.isDefaultPrevented()&&!s.isDefaultPrevented()){var r=t(document).find(o);this.activate(e.closest("li"),i),this.activate(r,r.parent(),function(){n.trigger({type:"hidden.bs.tab",relatedTarget:e[0]}),e.trigger({type:"shown.bs.tab",relatedTarget:n[0]})})}}},i.prototype.activate=function(e,o,n){function s(){a.removeClass("active").find("> .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),e.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),r?(e[0].offsetWidth,e.addClass("in")):e.removeClass("fade"),e.parent(".dropdown-menu").length&&e.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),n&&n()}var a=o.find("> .active"),r=n&&t.support.transition&&(a.length&&a.hasClass("fade")||!!o.find("> .fade").length);a.length&&r?a.one("bsTransitionEnd",s).emulateTransitionEnd(i.TRANSITION_DURATION):s(),a.removeClass("in")};var o=t.fn.tab;t.fn.tab=e,t.fn.tab.Constructor=i,t.fn.tab.noConflict=function(){return t.fn.tab=o,this};var n=function(i){i.preventDefault(),e.call(t(this),"show")};t(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',n).on("click.bs.tab.data-api",'[data-toggle="pill"]',n)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.affix"),s="object"==typeof e&&e;n||o.data("bs.affix",n=new i(this,s)),"string"==typeof e&&n[e]()})}var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o);var n=this.options.target===i.DEFAULTS.target?t(this.options.target):t(document).find(this.options.target);this.$target=n.on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};i.VERSION="3.4.1",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,e,i,o){var n=this.$target.scrollTop(),s=this.$element.offset(),a=this.$target.height();if(null!=i&&"top"==this.affixed)return i>n?"top":!1;if("bottom"==this.affixed)return null!=i?n+this.unpin<=s.top?!1:"bottom":t-o>=n+a?!1:"bottom";var r=null==this.affixed,l=r?n:s.top,h=r?a:e;return null!=i&&i>=n?"top":null!=o&&l+h>=t-o?"bottom":!1},i.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(i.RESET).addClass("affix");var t=this.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){ + if(this.$element.is(":visible")){var e=this.$element.height(),o=this.options.offset,n=o.top,s=o.bottom,a=Math.max(t(document).height(),t(document.body).height());"object"!=typeof o&&(s=n=o),"function"==typeof n&&(n=o.top(this.$element)),"function"==typeof s&&(s=o.bottom(this.$element));var r=this.getState(a,e,n,s);if(this.affixed!=r){null!=this.unpin&&this.$element.css("top","");var l="affix"+(r?"-"+r:""),h=t.Event(l+".bs.affix");if(this.$element.trigger(h),h.isDefaultPrevented())return;this.affixed=r,this.unpin="bottom"==r?this.getPinnedOffset():null,this.$element.removeClass(i.RESET).addClass(l).trigger(l.replace("affix","affixed")+".bs.affix")}"bottom"==r&&this.$element.offset({top:a-e-s})}};var o=t.fn.affix;t.fn.affix=e,t.fn.affix.Constructor=i,t.fn.affix.noConflict=function(){return t.fn.affix=o,this},t(window).on("load",function(){t('[data-spy="affix"]').each(function(){var i=t(this),o=i.data();o.offset=o.offset||{},null!=o.offsetBottom&&(o.offset.bottom=o.offsetBottom),null!=o.offsetTop&&(o.offset.top=o.offsetTop),e.call(i,o)})})}(jQuery),+function(t){"use strict";function e(e){var i,o=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(document).find(o)}function i(e){return this.each(function(){var i=t(this),n=i.data("bs.collapse"),s=t.extend({},o.DEFAULTS,i.data(),"object"==typeof e&&e);!n&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),n||i.data("bs.collapse",n=new o(this,s)),"string"==typeof e&&n[e]()})}var o=function(e,i){this.$element=t(e),this.options=t.extend({},o.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};o.VERSION="3.4.1",o.TRANSITION_DURATION=350,o.DEFAULTS={toggle:!0},o.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height"},o.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,n=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(n&&n.length&&(e=n.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){n&&n.length&&(i.call(n,"hide"),e||n.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!t.support.transition)return r.call(this);var l=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(o.TRANSITION_DURATION)[a](this.$element[0][l])}}}},o.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var n=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(n,this)).emulateTransitionEnd(o.TRANSITION_DURATION):n.call(this)}}},o.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},o.prototype.getParent=function(){return t(document).find(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,o){var n=t(o);this.addAriaAndCollapsedClass(e(n),n)},this)).end()},o.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i)};var n=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=o,t.fn.collapse.noConflict=function(){return t.fn.collapse=n,this},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(o){var n=t(this);n.attr("data-target")||o.preventDefault();var s=e(n),a=s.data("bs.collapse"),r=a?"toggle":n.data();i.call(s,r)})}(jQuery),+function(t){"use strict";function e(i,o){this.$body=t(document.body),this.$scrollElement=t(t(i).is(document.body)?window:i),this.options=t.extend({},e.DEFAULTS,o),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",t.proxy(this.process,this)),this.refresh(),this.process()}function i(i){return this.each(function(){var o=t(this),n=o.data("bs.scrollspy"),s="object"==typeof i&&i;n||o.data("bs.scrollspy",n=new e(this,s)),"string"==typeof i&&n[i]()})}e.VERSION="3.4.1",e.DEFAULTS={offset:10},e.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},e.prototype.refresh=function(){var e=this,i="offset",o=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),t.isWindow(this.$scrollElement[0])||(i="position",o=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var e=t(this),n=e.data("target")||e.attr("href"),s=/^#./.test(n)&&t(n);return s&&s.length&&s.is(":visible")&&[[s[i]().top+o,n]]||null}).sort(function(t,e){return t[0]-e[0]}).each(function(){e.offsets.push(this[0]),e.targets.push(this[1])})},e.prototype.process=function(){var t,e=this.$scrollElement.scrollTop()+this.options.offset,i=this.getScrollHeight(),o=this.options.offset+i-this.$scrollElement.height(),n=this.offsets,s=this.targets,a=this.activeTarget;if(this.scrollHeight!=i&&this.refresh(),e>=o)return a!=(t=s[s.length-1])&&this.activate(t);if(a&&e=n[t]&&(void 0===n[t+1]||e 36px */ +} + +.container { + min-width: 260px; + max-width: 700px; +} + +h1 { + margin-bottom: 50px; +} + +footer { + width: 100%; + position: absolute; + bottom: 0; + padding: 0 36px; +} + +img { + width: 100%; +} + +/******************************************************** + * Header + ********************************************************/ + +header .logo { + /* width: 20%;*/ + /*max-width: 600px;*/ + max-height: 150px; + width: auto; +} + +/******************************************************** + * Dropdown + ********************************************************/ +a.dropdown-toggle { + text-decoration: none; +} + +a.dropdown-toggle:hover { + color: #168CA9; + border-bottom: 3px solid #168CA9; +} + +.dropdown-menu { + padding: 5px 0; +} + +.dropdown-menu li > a { + padding: 6px 28px; +} + +.dropdown-menu a > .prefix { + display: inline-block; + min-width: 22px; + margin-right: 28px; + text-align: right; +} + +/******************************************************** + * Form + ********************************************************/ + +/* Labels should not be bold */ +label { + font-weight: normal; +} + +/* Make error messages bold */ +.has-error .help-block { + font-weight: bold; +} + +/* Change button size, by default 116px in width */ +.btn { + min-width: 116px; + padding: 3px 12px; +} + +/* Disable gradient in buttons, ughhhh */ +.btn.btn-primary { + border-color: transparent; + background-image: none; + text-shadow: none; + box-shadow: none; + -webkit-box-shadow: none; +} + +.help-block a, .help-block a:visited { + color: #168CA9; + font-weight: bold; + text-decoration: none; +} + +.help-block a:hover { + color: #168CA9; + text-decoration: underline; +} + +/******************************************************** + * Footer + ********************************************************/ +footer .row { + margin: 36px 0 0 0; + height: 40px; + padding-top: 14px; + line-height: 26px; /* to center text: height - padding-top = 26px */ + border-top: 1px solid #168CA9; +} + +footer .row > div { /* Fix alignment between border + text on Bootstrap grid */ + padding: 0; +} + +footer .logo-round-container { + position: relative; +} + +footer .logo-round { + position: absolute; + left: 0; + right: 0; + top: -33px; /* found visually with Chrome Dev Tools */ + height: 36px; + width: 36px; + border: 1px solid #00868c; + border-radius: 18px; + background: #fff; + padding: 8px; +} + +footer .logo-round > img { + display: block; +} + +#dispatchTargets { + margin-top: 20px; +} + +/******************************************************** + * Social login + ********************************************************/ +.btn.line { + background-color: transparent; + display: block; + width: 100%; + padding: 0; + margin: 1.5em 0 1em; + border: 0.5px solid #ccc; + pointer-events: none; +} + +.btn.socialLogin { + background-color: #fff; + border: thin solid #ccc; + color: #000; + font-weight: 600; + position: relative; + margin: 5px; + min-width: 140px; + width: 210px; + border-radius: 8px; + padding: 8px 12px; + text-align: left; +} + +.socialLogin img { + width: 1.5em; + height: 108%; + margin-right: 0.5em; +} + +.btn.apple img { + width: 1.2em; +} + +/******************************************************** + * Show password + ********************************************************/ +.icon-inside { + position: relative; +} + +.icon-inside input { + padding-right: calc(0.75rem + 1.25rem + 0.75rem); +} + +.icon-inside button { + position: absolute; + right: 0; + top: 0; + margin-top: 0.45rem; + margin-right: 0.45rem; + background: #FFFFFF; + border: #FFFFFF; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/dropdown.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/dropdown.js new file mode 100644 index 0000000..cdd301c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/dropdown.js @@ -0,0 +1,36 @@ +(function() { + var closeDropdownTimeout; + + function closeDropdown(event) { + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) { + dropdownMenu.style.display = 'none'; + } + } + + // remove event listener till we have a new dropdown menu open + if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) { + document.removeEventListener('click', closeDropdown); + } + } + + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'none'; // ensure menu is initially hidden + + dropdowns[i].addEventListener('click', function(e) { + // show dropdown menu + var dropdownMenu = this.querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'block'; + + // handle clicking away + clearTimeout(closeDropdownTimeout); + closeDropdownTimeout = setTimeout(function() { + document.addEventListener('click', closeDropdown); + }, 10); + }); + } +}()); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/e2eenc.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/e2eenc.js new file mode 100644 index 0000000..932c0c6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/e2eenc.js @@ -0,0 +1,98 @@ +var e2eenc = function() { + + this.encryptForm = function(algoString, formId) { + // TODO: in case of an error we should return false, to prevent the for to be submitted + // or replace the fields with dummy values, just to prevent the the transmission + // of unencrypted values + + + // create the array of input fields to encrypt (needs to be done before setting the form + // invisible + var fieldsToEncrypt = new Array(); + $.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));}); + + // hide the form, and display the splash screen + $('#loginform').css('display','none'); + $('#e2eeSplashScreen').css('display','block'); + + // encryption logic + var pubKey = $("input[name='e2eenc.publicKey']").val(); + + var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey) + var iv = forge.random.getBytesSync(16); + keyB64 = forge.util.encode64(kemSessionKey.key); + encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation); + ivB64 = forge.util.encode64(iv); + + //console.log("Encrypting form " + formId + " (" + algoString + ")"); + var fields = ""; + $.each(fieldsToEncrypt, function(index, _inputField) { + var inputField = $(_inputField); + if (inputField.attr("type") == "text" || inputField.attr("type") == "password") { + //console.log("Encrypting field " + JSON.stringify(inputField)); + var plainValue = inputField.val(); + + var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue); + //console.log("Setting encrypted value in b64: " + encryptedValueB64); + inputField.val(encryptedValueB64); + if (fields.length > 0) { + fields = fields + "," + } + fields = fields + inputField.attr("name"); + } + }); + $("input[name='e2eenc.iv']").val(ivB64); + $("input[name='e2eenc.encapsulation']").val(encapsulationB64); + $("input[name='e2eenc.fields']").val(fields); + } + + function getRSApublicKey(pem) { + //console.log("PEM: " + pem); + + var msg = forge.pem.decode(pem)[0]; + + //console.log("msg type: " + msg.type); + + if(msg.procType && msg.procType.type === 'ENCRYPTED') { + throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.'); + } + + // convert DER to ASN.1 object + var asn1obj = forge.asn1.fromDer(msg.body); + //console.log("ASN.1 obj: " + JSON.stringify(asn1obj)) + + var pubKey = forge.pki.publicKeyFromAsn1(asn1obj) + //console.log("PubKey: " + JSON.stringify(pubKey)) + return pubKey; + } + + function generateKEMSessionKey(rsaPublicKey) { + // generate key-derivation-function and initializes it with sha1 + var kdf1 = new forge.kem.kdf1(forge.md.sha1.create()); + // creates a KEM function based on the key-derivation-function created above + var kem = forge.kem.rsa.create(kdf1); + // generate and encapsulate a 16-byte secret key. + // The secret key is generated using the kdf defined above. + var kemSessionKey = kem.encrypt(rsaPublicKey, 16); + // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key) + return kemSessionKey; + } + + function readPublicKeyAndGenerateSessionKey(pem) { + var rsaPublicKey = getRSApublicKey(pem); + //console.log("PubKey: " + JSON.stringify(rsaPublicKey)) + var kemSessionKey = generateKEMSessionKey(rsaPublicKey); + //console.log("KEM session key: " + JSON.stringify(kemSessionKey)) + return kemSessionKey; + } + + function encrypt(kemSessionKey, iv, msg) { + var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key); + cipher.start({iv: iv}); + cipher.update(forge.util.createBuffer(msg, 'utf-8')); + cipher.finish(); + var encrypted = cipher.output.getBytes(); + encryptedB64 = forge.util.encode64(encrypted); + return encryptedB64; + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye-off.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye-off.svg new file mode 100644 index 0000000..c29471a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye-off.svg @@ -0,0 +1,3 @@ + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye.svg new file mode 100644 index 0000000..6c23ec8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/eye.svg @@ -0,0 +1,4 @@ + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth.js new file mode 100644 index 0000000..aa6372a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth.js @@ -0,0 +1,61 @@ +(function() { + 'use strict' + + async function assertion(options) { + let credential; + try { + credential = await navigator.credentials.get({ "publicKey": options }); + } + // Cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to get WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/assertion/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData)); + addInput(form, "response.signature", base64url.encode(credential.response.signature)); + document.body.appendChild(form); + form.submit(); + } + + function authenticate() { + // WebAuthn feature detection + if (!isWebAuthnSupportedByTheBrowser()) { + cancelFido2(); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.challenge = base64url.decode(options.challenge); + options.allowCredentials = options.allowCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + return assertion(options); + }).catch((error) => { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + }); + } + + authenticate(); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth_std.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth_std.js new file mode 100644 index 0000000..0296291 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_auth_std.js @@ -0,0 +1,175 @@ +(function() { + 'use strict' + + async function authenticate(username, params) { + + try { + const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params; + const { startAuthentication } = SimpleWebAuthnBrowser; + + // fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use + const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint); + const fido2SessionId = authOptRespJson.fido2SessionId; + + // do the client side authentication using the SimpleWebAuthn JS library + const authRespJson = await startAuthentication(authOptRespJson); + + // in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests) + // then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it + if (!authRespJson.response.userHandle) { + const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint); + + if (statusRespJson && statusRespJson.userId) { + console.log("adding userHandle: " + statusRespJson.userId); + authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle + } + else { + throw new Error('userHandle is missing and could not determine it using the status service'); + } + } + else { + console.log("userHandle already set: " + authRespJson.response.userHandle); + } + + // send the assertion response created by the authenticator to nevisFIDO + const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint); + + // checking the server response of nevisFIDO + if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) { + let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error'; + throw new Error('authentication failed: ' + errorMessage); + } + + // send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the + // nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE + await updateNevisAuth(fido2SessionId, nevisAuthEndpoint); + + console.log('authentication was successful'); + + console.log('reloading page...'); + window.location.reload(); + } + catch (error) { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + } + }; + + async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) { + + const authOptReqJson = { + 'username': username, + 'userVerification': userVerification, + }; + + const authOptReq = JSON.stringify(authOptReqJson); + console.log('authOptReq ==> ' + authOptReq); + + const authOptResp = await fetch(authenticationOptionsEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authOptReq, + }); + + if (!authOptResp.ok) { + throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText); + } + + const authOptRespJson = await authOptResp.json() + console.log('authOptResp <== ' + JSON.stringify(authOptRespJson)); + + return authOptRespJson; + }; + + async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) { + + const statusReqJson = { + 'fido2SessionId': fido2SessionId, + }; + + const statusReq = JSON.stringify(statusReqJson); + console.log('statusReq ==> ' + statusReq); + + const statusResp = await fetch(statusServiceEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: statusReq, + }); + + if (!statusResp.ok) { + throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText); + } + + const statusRespJson = await statusResp.json(); + console.log('statusResp <== ' + JSON.stringify(statusRespJson)); + + return statusRespJson; + } + + async function submitAssertion(authRespJson, authenticationEndpoint) { + + console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle); + + // TODO koenig 20230504: read btoa once nevisFIDO is adapted + let encodedAuthResp = { + "id": authRespJson.id, + "response": { + "authenticatorData": authRespJson.response.authenticatorData, + "signature": authRespJson.response.signature, + "userHandle": authRespJson.response.userHandle, + "clientDataJSON": authRespJson.response.clientDataJSON + }, + "type": authRespJson.type + } + + const authResp = JSON.stringify(encodedAuthResp); + console.log('authResp ==> ' + authResp); + + const serverResp = await fetch(authenticationEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authResp, + }); + + if (!serverResp.ok) { + throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText); + } + + const serverRespJson = await serverResp.json(); + console.log('serverResp <== ' + JSON.stringify(serverRespJson)); + + return serverRespJson; + }; + + async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) { + + console.log('updateNevisAuth ==> ' + fido2SessionId); + + const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, { + method: 'GET', + credentials: 'same-origin', + headers: { + 'nevis-fido2-session-id': fido2SessionId, + } + }); + + if (!updateNevisAuthResponse.ok) { + throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText); + } + + console.log('updateNevisAuth <== OK'); + + return; + }; + + // TODO koenig 20230206: we don't generate IDs into the HTML yet + let username = document.getElementsByName("username")[0].value; + params.nevisAuthEndpoint = window.location.href; + authenticate(username, params); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_onboard.js new file mode 100644 index 0000000..9d92a57 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_onboard.js @@ -0,0 +1,70 @@ +function dispatch(name) { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, name, "true"); + document.body.appendChild(form); + form.submit(); +} + +async function attestation(options) { + let credential; + try { + credential = await navigator.credentials.create({ "publicKey": options }); + } + // cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to create WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/attestation/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject)); + document.body.appendChild(form); + form.submit(); +} + +function start() { + + if (!isWebAuthnSupportedByTheBrowser()) { + dispatch("unsupported"); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.user.id = base64url.decode(options.user.id); + options.challenge = base64url.decode(options.challenge); + if (options.excludeCredentials != null) { + options.excludeCredentials = options.excludeCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + } + if (options.authenticatorSelection.authenticatorAttachment === null) { + options.authenticatorSelection.authenticatorAttachment = undefined; + } + return attestation(options); + }).catch((error) => { + console.log('Error during FIDO2 onboarding: ' + error); + dispatch("failed"); + }); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_utils.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_utils.js new file mode 100644 index 0000000..dc6056c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/fido2_utils.js @@ -0,0 +1,40 @@ +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +/** + * Checks whether WebAuthn is supported by the browser or not. + * @return true if supported, false if it is not supported or not in secure context + */ +function isWebAuthnSupportedByTheBrowser() { + if (window.isSecureContext) { + // This feature is available only in secure contexts in some or all supporting browsers. + if ('credentials' in navigator) { + return true; + } + console.warn('Oh no! This browser does not support WebAuthn.'); + return false; + } + console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".'); + return false; +} + +/** + * Trigger on cancel pattern of the FIDO2 authentication step. + * + * Provides an alternative when the user decides to + * cancel the fido2 credential operation(create or fetch) or + * the operation fails and the error cannot be handled. + */ +function cancelFido2() { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "cancel_fido2", "true"); + document.body.appendChild(form); + form.submit(); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/forge.bundle.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/forge.bundle.js new file mode 100644 index 0000000..58cb6a8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/resources/forge.bundle.js @@ -0,0 +1,28767 @@ +(function(root, factory) { + if(typeof define === 'function' && define.amd) { + define([], factory); + } else { + root.forge = factory(); + } +})(this, function() { +/** + * @license almond 0.2.9 Copyright (c) 2011-2014, The Dojo Foundation All Rights Reserved. + * Available via the MIT or new BSD license. + * see: http://github.com/jrburke/almond for details + */ +//Going sloppy to avoid 'use strict' string cost, but strict practices should +//be followed. +/*jslint sloppy: true */ +/*global setTimeout: false */ + +var requirejs, require, define; +(function (undef) { + var main, req, makeMap, handlers, + defined = {}, + waiting = {}, + config = {}, + defining = {}, + hasOwn = Object.prototype.hasOwnProperty, + aps = [].slice, + jsSuffixRegExp = /\.js$/; + + function hasProp(obj, prop) { + return hasOwn.call(obj, prop); + } + + /** + * Given a relative module name, like ./something, normalize it to + * a real name that can be mapped to a path. + * @param {String} name the relative name + * @param {String} baseName a real name that the name arg is relative + * to. + * @returns {String} normalized name + */ + function normalize(name, baseName) { + var nameParts, nameSegment, mapValue, foundMap, lastIndex, + foundI, foundStarMap, starI, i, j, part, + baseParts = baseName && baseName.split("/"), + map = config.map, + starMap = (map && map['*']) || {}; + + //Adjust any relative paths. + if (name && name.charAt(0) === ".") { + //If have a base name, try to normalize against it, + //otherwise, assume it is a top-level require that will + //be relative to baseUrl in the end. + if (baseName) { + //Convert baseName to array, and lop off the last part, + //so that . matches that "directory" and not name of the baseName's + //module. For instance, baseName of "one/two/three", maps to + //"one/two/three.js", but we want the directory, "one/two" for + //this normalization. + baseParts = baseParts.slice(0, baseParts.length - 1); + name = name.split('/'); + lastIndex = name.length - 1; + + // Node .js allowance: + if (config.nodeIdCompat && jsSuffixRegExp.test(name[lastIndex])) { + name[lastIndex] = name[lastIndex].replace(jsSuffixRegExp, ''); + } + + name = baseParts.concat(name); + + //start trimDots + for (i = 0; i < name.length; i += 1) { + part = name[i]; + if (part === ".") { + name.splice(i, 1); + i -= 1; + } else if (part === "..") { + if (i === 1 && (name[2] === '..' || name[0] === '..')) { + //End of the line. Keep at least one non-dot + //path segment at the front so it can be mapped + //correctly to disk. Otherwise, there is likely + //no path mapping for a path starting with '..'. + //This can still fail, but catches the most reasonable + //uses of .. + break; + } else if (i > 0) { + name.splice(i - 1, 2); + i -= 2; + } + } + } + //end trimDots + + name = name.join("/"); + } else if (name.indexOf('./') === 0) { + // No baseName, so this is ID is resolved relative + // to baseUrl, pull off the leading dot. + name = name.substring(2); + } + } + + //Apply map config if available. + if ((baseParts || starMap) && map) { + nameParts = name.split('/'); + + for (i = nameParts.length; i > 0; i -= 1) { + nameSegment = nameParts.slice(0, i).join("/"); + + if (baseParts) { + //Find the longest baseName segment match in the config. + //So, do joins on the biggest to smallest lengths of baseParts. + for (j = baseParts.length; j > 0; j -= 1) { + mapValue = map[baseParts.slice(0, j).join('/')]; + + //baseName segment has config, find if it has one for + //this name. + if (mapValue) { + mapValue = mapValue[nameSegment]; + if (mapValue) { + //Match, update name to the new value. + foundMap = mapValue; + foundI = i; + break; + } + } + } + } + + if (foundMap) { + break; + } + + //Check for a star map match, but just hold on to it, + //if there is a shorter segment match later in a matching + //config, then favor over this star map. + if (!foundStarMap && starMap && starMap[nameSegment]) { + foundStarMap = starMap[nameSegment]; + starI = i; + } + } + + if (!foundMap && foundStarMap) { + foundMap = foundStarMap; + foundI = starI; + } + + if (foundMap) { + nameParts.splice(0, foundI, foundMap); + name = nameParts.join('/'); + } + } + + return name; + } + + function makeRequire(relName, forceSync) { + return function () { + //A version of a require function that passes a moduleName + //value for items that may need to + //look up paths relative to the moduleName + return req.apply(undef, aps.call(arguments, 0).concat([relName, forceSync])); + }; + } + + function makeNormalize(relName) { + return function (name) { + return normalize(name, relName); + }; + } + + function makeLoad(depName) { + return function (value) { + defined[depName] = value; + }; + } + + function callDep(name) { + if (hasProp(waiting, name)) { + var args = waiting[name]; + delete waiting[name]; + defining[name] = true; + main.apply(undef, args); + } + + if (!hasProp(defined, name) && !hasProp(defining, name)) { + throw new Error('No ' + name); + } + return defined[name]; + } + + //Turns a plugin!resource to [plugin, resource] + //with the plugin being undefined if the name + //did not have a plugin prefix. + function splitPrefix(name) { + var prefix, + index = name ? name.indexOf('!') : -1; + if (index > -1) { + prefix = name.substring(0, index); + name = name.substring(index + 1, name.length); + } + return [prefix, name]; + } + + /** + * Makes a name map, normalizing the name, and using a plugin + * for normalization if necessary. Grabs a ref to plugin + * too, as an optimization. + */ + makeMap = function (name, relName) { + var plugin, + parts = splitPrefix(name), + prefix = parts[0]; + + name = parts[1]; + + if (prefix) { + prefix = normalize(prefix, relName); + plugin = callDep(prefix); + } + + //Normalize according + if (prefix) { + if (plugin && plugin.normalize) { + name = plugin.normalize(name, makeNormalize(relName)); + } else { + name = normalize(name, relName); + } + } else { + name = normalize(name, relName); + parts = splitPrefix(name); + prefix = parts[0]; + name = parts[1]; + if (prefix) { + plugin = callDep(prefix); + } + } + + //Using ridiculous property names for space reasons + return { + f: prefix ? prefix + '!' + name : name, //fullName + n: name, + pr: prefix, + p: plugin + }; + }; + + function makeConfig(name) { + return function () { + return (config && config.config && config.config[name]) || {}; + }; + } + + handlers = { + require: function (name) { + return makeRequire(name); + }, + exports: function (name) { + var e = defined[name]; + if (typeof e !== 'undefined') { + return e; + } else { + return (defined[name] = {}); + } + }, + module: function (name) { + return { + id: name, + uri: '', + exports: defined[name], + config: makeConfig(name) + }; + } + }; + + main = function (name, deps, callback, relName) { + var cjsModule, depName, ret, map, i, + args = [], + callbackType = typeof callback, + usingExports; + + //Use name if no relName + relName = relName || name; + + //Call the callback to define the module, if necessary. + if (callbackType === 'undefined' || callbackType === 'function') { + //Pull out the defined dependencies and pass the ordered + //values to the callback. + //Default to [require, exports, module] if no deps + deps = !deps.length && callback.length ? ['require', 'exports', 'module'] : deps; + for (i = 0; i < deps.length; i += 1) { + map = makeMap(deps[i], relName); + depName = map.f; + + //Fast path CommonJS standard dependencies. + if (depName === "require") { + args[i] = handlers.require(name); + } else if (depName === "exports") { + //CommonJS module spec 1.1 + args[i] = handlers.exports(name); + usingExports = true; + } else if (depName === "module") { + //CommonJS module spec 1.1 + cjsModule = args[i] = handlers.module(name); + } else if (hasProp(defined, depName) || + hasProp(waiting, depName) || + hasProp(defining, depName)) { + args[i] = callDep(depName); + } else if (map.p) { + map.p.load(map.n, makeRequire(relName, true), makeLoad(depName), {}); + args[i] = defined[depName]; + } else { + throw new Error(name + ' missing ' + depName); + } + } + + ret = callback ? callback.apply(defined[name], args) : undefined; + + if (name) { + //If setting exports via "module" is in play, + //favor that over return value and exports. After that, + //favor a non-undefined return value over exports use. + if (cjsModule && cjsModule.exports !== undef && + cjsModule.exports !== defined[name]) { + defined[name] = cjsModule.exports; + } else if (ret !== undef || !usingExports) { + //Use the return value from the function. + defined[name] = ret; + } + } + } else if (name) { + //May just be an object definition for the module. Only + //worry about defining if have a module name. + defined[name] = callback; + } + }; + + requirejs = require = req = function (deps, callback, relName, forceSync, alt) { + if (typeof deps === "string") { + if (handlers[deps]) { + //callback in this case is really relName + return handlers[deps](callback); + } + //Just return the module wanted. In this scenario, the + //deps arg is the module name, and second arg (if passed) + //is just the relName. + //Normalize module name, if it contains . or .. + return callDep(makeMap(deps, callback).f); + } else if (!deps.splice) { + //deps is a config object, not an array. + config = deps; + if (config.deps) { + req(config.deps, config.callback); + } + if (!callback) { + return; + } + + if (callback.splice) { + //callback is an array, which means it is a dependency list. + //Adjust args if there are dependencies + deps = callback; + callback = relName; + relName = null; + } else { + deps = undef; + } + } + + //Support require(['a']) + callback = callback || function () {}; + + //If relName is a function, it is an errback handler, + //so remove it. + if (typeof relName === 'function') { + relName = forceSync; + forceSync = alt; + } + + //Simulate async callback; + if (forceSync) { + main(undef, deps, callback, relName); + } else { + //Using a non-zero value because of concern for what old browsers + //do, and latest browsers "upgrade" to 4 if lower value is used: + //http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-windowtimers-settimeout: + //If want a value immediately, use require('id') instead -- something + //that works in almond on the global level, but not guaranteed and + //unlikely to work in other AMD implementations. + setTimeout(function () { + main(undef, deps, callback, relName); + }, 4); + } + + return req; + }; + + /** + * Just drops the config on the floor, but returns req in case + * the config return value is used. + */ + req.config = function (cfg) { + return req(cfg); + }; + + /** + * Expose module registry for debugging and tooling + */ + requirejs._defined = defined; + + define = function (name, deps, callback) { + + //This module may not have dependencies + if (!deps.splice) { + //deps is not an array, so probably means + //an object literal or factory function for + //the value. Adjust args. + callback = deps; + deps = []; + } + + if (!hasProp(defined, name) && !hasProp(waiting, name)) { + waiting[name] = [name, deps, callback]; + } + }; + + define.amd = { + jQuery: true + }; +}()); + +define("node_modules/almond/almond", function(){}); + +/** + * Utility functions for web applications. + * + * @author Dave Longley + * + * Copyright (c) 2010-2014 Digital Bazaar, Inc. + */ +(function() { +/* ########## Begin module implementation ########## */ +function initModule(forge) { + +/* Utilities API */ +var util = forge.util = forge.util || {}; + +// define setImmediate and nextTick +if(typeof process === 'undefined' || !process.nextTick) { + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + util.nextTick = function(callback) { + return setImmediate(callback); + }; + } else { + util.setImmediate = function(callback) { + setTimeout(callback, 0); + }; + util.nextTick = util.setImmediate; + } +} else { + util.nextTick = process.nextTick; + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + } else { + util.setImmediate = util.nextTick; + } +} + +// define isArray +util.isArray = Array.isArray || function(x) { + return Object.prototype.toString.call(x) === '[object Array]'; +}; + +// define isArrayBuffer +util.isArrayBuffer = function(x) { + return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; +}; + +// define isArrayBufferView +var _arrayBufferViews = []; +if(typeof DataView !== 'undefined') { + _arrayBufferViews.push(DataView); +} +if(typeof Int8Array !== 'undefined') { + _arrayBufferViews.push(Int8Array); +} +if(typeof Uint8Array !== 'undefined') { + _arrayBufferViews.push(Uint8Array); +} +if(typeof Uint8ClampedArray !== 'undefined') { + _arrayBufferViews.push(Uint8ClampedArray); +} +if(typeof Int16Array !== 'undefined') { + _arrayBufferViews.push(Int16Array); +} +if(typeof Uint16Array !== 'undefined') { + _arrayBufferViews.push(Uint16Array); +} +if(typeof Int32Array !== 'undefined') { + _arrayBufferViews.push(Int32Array); +} +if(typeof Uint32Array !== 'undefined') { + _arrayBufferViews.push(Uint32Array); +} +if(typeof Float32Array !== 'undefined') { + _arrayBufferViews.push(Float32Array); +} +if(typeof Float64Array !== 'undefined') { + _arrayBufferViews.push(Float64Array); +} +util.isArrayBufferView = function(x) { + for(var i = 0; i < _arrayBufferViews.length; ++i) { + if(x instanceof _arrayBufferViews[i]) { + return true; + } + } + return false; +}; + +// TODO: set ByteBuffer to best available backing +util.ByteBuffer = ByteStringBuffer; + +/** Buffer w/BinaryString backing */ + +/** + * Constructor for a binary string backed byte buffer. + * + * @param [b] the bytes to wrap (either encoded as string, one byte per + * character, or as an ArrayBuffer or Typed Array). + */ +function ByteStringBuffer(b) { + // TODO: update to match DataBuffer API + + // the data in this buffer + this.data = ''; + // the pointer for reading from this buffer + this.read = 0; + + if(typeof b === 'string') { + this.data = b; + } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { + // convert native buffer to forge buffer + // FIXME: support native buffers internally instead + var arr = new Uint8Array(b); + try { + this.data = String.fromCharCode.apply(null, arr); + } catch(e) { + for(var i = 0; i < arr.length; ++i) { + this.putByte(arr[i]); + } + } + } else if(b instanceof ByteStringBuffer || + (typeof b === 'object' && typeof b.data === 'string' && + typeof b.read === 'number')) { + // copy existing buffer + this.data = b.data; + this.read = b.read; + } + + // used for v8 optimization + this._constructedStringLength = 0; +} +util.ByteStringBuffer = ByteStringBuffer; + +/* Note: This is an optimization for V8-based browsers. When V8 concatenates + a string, the strings are only joined logically using a "cons string" or + "constructed/concatenated string". These containers keep references to one + another and can result in very large memory usage. For example, if a 2MB + string is constructed by concatenating 4 bytes together at a time, the + memory usage will be ~44MB; so ~22x increase. The strings are only joined + together when an operation requiring their joining takes place, such as + substr(). This function is called when adding data to this buffer to ensure + these types of strings are periodically joined to reduce the memory + footprint. */ +var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; +util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { + this._constructedStringLength += x; + if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { + // this substr() should cause the constructed string to join + this.data.substr(0, 1); + this._constructedStringLength = 0; + } +}; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.ByteStringBuffer.prototype.length = function() { + return this.data.length - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.ByteStringBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putByte = function(b) { + return this.putBytes(String.fromCharCode(b)); +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { + b = String.fromCharCode(b); + var d = this.data; + while(n > 0) { + if(n & 1) { + d += b; + } + n >>>= 1; + if(n > 0) { + b += b; + } + } + this.data = d; + this._optimizeConstructedString(n); + return this; +}; + +/** + * Puts bytes in this buffer. + * + * @param bytes the bytes (as a UTF-8 encoded string) to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBytes = function(bytes) { + this.data += bytes; + this._optimizeConstructedString(bytes.length); + return this; +}; + +/** + * Puts a UTF-16 encoded string into this buffer. + * + * @param str the string to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putString = function(str) { + return this.putBytes(util.encodeUtf8(str)); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 24 & 0xFF)); +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt = function(i, n) { + var bytes = ''; + do { + n -= 8; + bytes += String.fromCharCode((i >> n) & 0xFF); + } while(n > 0); + return this.putBytes(bytes); +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBuffer = function(buffer) { + return this.putBytes(buffer.getBytes()); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.getByte = function() { + return this.data.charCodeAt(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 8 ^ + this.data.charCodeAt(this.read + 1)); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 16 ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 24 ^ + this.data.charCodeAt(this.read + 1) << 16 ^ + this.data.charCodeAt(this.read + 2) << 8 ^ + this.data.charCodeAt(this.read + 3)); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16 ^ + this.data.charCodeAt(this.read + 3) << 24); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.charCodeAt(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.ByteStringBuffer.prototype.getBytes = function(count) { + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.ByteStringBuffer.prototype.bytes = function(count) { + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.at = function(i) { + return this.data.charCodeAt(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.setAt = function(i, b) { + this.data = this.data.substr(0, this.read + i) + + String.fromCharCode(b) + + this.data.substr(this.read + i + 1); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.ByteStringBuffer.prototype.last = function() { + return this.data.charCodeAt(this.data.length - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.ByteStringBuffer.prototype.copy = function() { + var c = util.createBuffer(this.data); + c.read = this.read; + return c; +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.compact = function() { + if(this.read > 0) { + this.data = this.data.slice(this.read); + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.clear = function() { + this.data = ''; + this.read = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.truncate = function(count) { + var len = Math.max(0, this.length() - count); + this.data = this.data.substr(this.read, len); + this.read = 0; + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.ByteStringBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.length; ++i) { + var b = this.data.charCodeAt(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a UTF-16 string (standard JavaScript string). + * + * @return a UTF-16 string. + */ +util.ByteStringBuffer.prototype.toString = function() { + return util.decodeUtf8(this.bytes()); +}; + +/** End Buffer w/BinaryString backing */ + + +/** Buffer w/UInt8Array backing */ + +/** + * FIXME: Experimental. Do not use yet. + * + * Constructor for an ArrayBuffer-backed byte buffer. + * + * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a + * TypedArray. + * + * If a string is given, its encoding should be provided as an option, + * otherwise it will default to 'binary'. A 'binary' string is encoded such + * that each character is one byte in length and size. + * + * If an ArrayBuffer, DataView, or TypedArray is given, it will be used + * *directly* without any copying. Note that, if a write to the buffer requires + * more space, the buffer will allocate a new backing ArrayBuffer to + * accommodate. The starting read and write offsets for the buffer may be + * given as options. + * + * @param [b] the initial bytes for this buffer. + * @param options the options to use: + * [readOffset] the starting read offset to use (default: 0). + * [writeOffset] the starting write offset to use (default: the + * length of the first parameter). + * [growSize] the minimum amount, in bytes, to grow the buffer by to + * accommodate writes (default: 1024). + * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the + * first parameter, if it is a string (default: 'binary'). + */ +function DataBuffer(b, options) { + // default options + options = options || {}; + + // pointers for read from/write to buffer + this.read = options.readOffset || 0; + this.growSize = options.growSize || 1024; + + var isArrayBuffer = util.isArrayBuffer(b); + var isArrayBufferView = util.isArrayBufferView(b); + if(isArrayBuffer || isArrayBufferView) { + // use ArrayBuffer directly + if(isArrayBuffer) { + this.data = new DataView(b); + } else { + // TODO: adjust read/write offset based on the type of view + // or specify that this must be done in the options ... that the + // offsets are byte-based + this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); + } + this.write = ('writeOffset' in options ? + options.writeOffset : this.data.byteLength); + return; + } + + // initialize to empty array buffer and add any given bytes using putBytes + this.data = new DataView(new ArrayBuffer(0)); + this.write = 0; + + if(b !== null && b !== undefined) { + this.putBytes(b); + } + + if('writeOffset' in options) { + this.write = options.writeOffset; + } +} +util.DataBuffer = DataBuffer; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.DataBuffer.prototype.length = function() { + return this.write - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.DataBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Ensures this buffer has enough empty space to accommodate the given number + * of bytes. An optional parameter may be given that indicates a minimum + * amount to grow the buffer if necessary. If the parameter is not given, + * the buffer will be grown by some previously-specified default amount + * or heuristic. + * + * @param amount the number of bytes to accommodate. + * @param [growSize] the minimum amount, in bytes, to grow the buffer by if + * necessary. + */ +util.DataBuffer.prototype.accommodate = function(amount, growSize) { + if(this.length() >= amount) { + return this; + } + growSize = Math.max(growSize || this.growSize, amount); + + // grow buffer + var src = new Uint8Array( + this.data.buffer, this.data.byteOffset, this.data.byteLength); + var dst = new Uint8Array(this.length() + growSize); + dst.set(src); + this.data = new DataView(dst.buffer); + + return this; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putByte = function(b) { + this.accommodate(1); + this.data.setUint8(this.write++, b); + return this; +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.fillWithByte = function(b, n) { + this.accommodate(n); + for(var i = 0; i < n; ++i) { + this.data.setUint8(b); + } + return this; +}; + +/** + * Puts bytes in this buffer. The bytes may be given as a string, an + * ArrayBuffer, a DataView, or a TypedArray. + * + * @param bytes the bytes to put. + * @param [encoding] the encoding for the first parameter ('binary', 'utf8', + * 'utf16', 'hex'), if it is a string (default: 'binary'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBytes = function(bytes, encoding) { + if(util.isArrayBufferView(bytes)) { + var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); + var len = src.byteLength - src.byteOffset; + this.accommodate(len); + var dst = new Uint8Array(this.data.buffer, this.write); + dst.set(src); + this.write += len; + return this; + } + + if(util.isArrayBuffer(bytes)) { + var src = new Uint8Array(bytes); + this.accommodate(src.byteLength); + var dst = new Uint8Array(this.data.buffer); + dst.set(src, this.write); + this.write += src.byteLength; + return this; + } + + // bytes is a util.DataBuffer or equivalent + if(bytes instanceof util.DataBuffer || + (typeof bytes === 'object' && + typeof bytes.read === 'number' && typeof bytes.write === 'number' && + util.isArrayBufferView(bytes.data))) { + var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); + this.accommodate(src.byteLength); + var dst = new Uint8Array(bytes.data.byteLength, this.write); + dst.set(src); + this.write += src.byteLength; + return this; + } + + if(bytes instanceof util.ByteStringBuffer) { + // copy binary string and process as the same as a string parameter below + bytes = bytes.data; + encoding = 'binary'; + } + + // string conversion + encoding = encoding || 'binary'; + if(typeof bytes === 'string') { + var view; + + // decode from string + if(encoding === 'hex') { + this.accommodate(Math.ceil(bytes.length / 2)); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.hex.decode(bytes, view, this.write); + return this; + } + if(encoding === 'base64') { + this.accommodate(Math.ceil(bytes.length / 4) * 3); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.base64.decode(bytes, view, this.write); + return this; + } + + // encode text as UTF-8 bytes + if(encoding === 'utf8') { + // encode as UTF-8 then decode string as raw binary + bytes = util.encodeUtf8(bytes); + encoding = 'binary'; + } + + // decode string as raw binary + if(encoding === 'binary' || encoding === 'raw') { + // one byte per character + this.accommodate(bytes.length); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.raw.decode(view); + return this; + } + + // encode text as UTF-16 bytes + if(encoding === 'utf16') { + // two bytes per character + this.accommodate(bytes.length * 2); + view = new Uint16Array(this.data.buffer, this.write); + this.write += util.text.utf16.encode(view); + return this; + } + + throw new Error('Invalid encoding: ' + encoding); + } + + throw Error('Invalid parameter: ' + bytes); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBuffer = function(buffer) { + this.putBytes(buffer); + buffer.clear(); + return this; +}; + +/** + * Puts a string into this buffer. + * + * @param str the string to put. + * @param [encoding] the encoding for the string (default: 'utf16'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putString = function(str) { + return this.putBytes(str, 'utf16'); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16 = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24 = function(i) { + this.accommodate(3); + this.data.setInt16(this.write, i >> 8 & 0xFFFF); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32 = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i); + this.write += 4; + return this; +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16Le = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i, true); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24Le = function(i) { + this.accommodate(3); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.data.setInt16(this.write, i >> 8 & 0xFFFF, true); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32Le = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i, true); + this.write += 4; + return this; +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt = function(i, n) { + this.accommodate(n / 8); + do { + n -= 8; + this.data.setInt8(this.write++, (i >> n) & 0xFF); + } while(n > 0); + return this; +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putSignedInt = function(i, n) { + this.accommodate(n / 8); + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.DataBuffer.prototype.getByte = function() { + return this.data.getInt8(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16 = function() { + var rval = this.data.getInt16(this.read); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.getInt16(this.read) << 8 ^ + this.data.getInt8(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32 = function() { + var rval = this.data.getInt32(this.read); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16Le = function() { + var rval = this.data.getInt16(this.read, true); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.getInt8(this.read) ^ + this.data.getInt16(this.read + 1, true) << 8); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32Le = function() { + var rval = this.data.getInt32(this.read, true); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.getInt8(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.DataBuffer.prototype.getBytes = function(count) { + // TODO: deprecate this method, it is poorly named and + // this.toString('binary') replaces it + // add a toTypedArray()/toArrayBuffer() function + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.DataBuffer.prototype.bytes = function(count) { + // TODO: deprecate this method, it is poorly named, add "getString()" + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.DataBuffer.prototype.at = function(i) { + return this.data.getUint8(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.setAt = function(i, b) { + this.data.setUint8(i, b); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.DataBuffer.prototype.last = function() { + return this.data.getUint8(this.write - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.DataBuffer.prototype.copy = function() { + return new util.DataBuffer(this); +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.compact = function() { + if(this.read > 0) { + var src = new Uint8Array(this.data.buffer, this.read); + var dst = new Uint8Array(src.byteLength); + dst.set(src); + this.data = new DataView(dst); + this.write -= this.read; + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.clear = function() { + this.data = new DataView(new ArrayBuffer(0)); + this.read = this.write = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.DataBuffer.prototype.truncate = function(count) { + this.write = Math.max(0, this.length() - count); + this.read = Math.min(this.read, this.write); + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.DataBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.byteLength; ++i) { + var b = this.data.getUint8(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a string, using the given encoding. If no + * encoding is given, 'utf8' (UTF-8) is used. + * + * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex', + * 'base64' (default: 'utf8'). + * + * @return a string representation of the bytes in this buffer. + */ +util.DataBuffer.prototype.toString = function(encoding) { + var view = new Uint8Array(this.data, this.read, this.length()); + encoding = encoding || 'utf8'; + + // encode to string + if(encoding === 'binary' || encoding === 'raw') { + return util.binary.raw.encode(view); + } + if(encoding === 'hex') { + return util.binary.hex.encode(view); + } + if(encoding === 'base64') { + return util.binary.base64.encode(view); + } + + // decode to text + if(encoding === 'utf8') { + return util.text.utf8.decode(view); + } + if(encoding === 'utf16') { + return util.text.utf16.decode(view); + } + + throw new Error('Invalid encoding: ' + encoding); +}; + +/** End Buffer w/UInt8Array backing */ + + +/** + * Creates a buffer that stores bytes. A value may be given to put into the + * buffer that is either a string of bytes or a UTF-16 string that will + * be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding). + * + * @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode + * as UTF-8. + * @param [encoding] (default: 'raw', other: 'utf8'). + */ +util.createBuffer = function(input, encoding) { + // TODO: deprecate, use new ByteBuffer() instead + encoding = encoding || 'raw'; + if(input !== undefined && encoding === 'utf8') { + input = util.encodeUtf8(input); + } + return new util.ByteBuffer(input); +}; + +/** + * Fills a string with a particular value. If you want the string to be a byte + * string, pass in String.fromCharCode(theByte). + * + * @param c the character to fill the string with, use String.fromCharCode + * to fill the string with a byte value. + * @param n the number of characters of value c to fill with. + * + * @return the filled string. + */ +util.fillString = function(c, n) { + var s = ''; + while(n > 0) { + if(n & 1) { + s += c; + } + n >>>= 1; + if(n > 0) { + c += c; + } + } + return s; +}; + +/** + * Performs a per byte XOR between two byte strings and returns the result as a + * string of bytes. + * + * @param s1 first string of bytes. + * @param s2 second string of bytes. + * @param n the number of bytes to XOR. + * + * @return the XOR'd result. + */ +util.xorBytes = function(s1, s2, n) { + var s3 = ''; + var b = ''; + var t = ''; + var i = 0; + var c = 0; + for(; n > 0; --n, ++i) { + b = s1.charCodeAt(i) ^ s2.charCodeAt(i); + if(c >= 10) { + s3 += t; + t = ''; + c = 0; + } + t += String.fromCharCode(b); + ++c; + } + s3 += t; + return s3; +}; + +/** + * Converts a hex string into a 'binary' encoded string of bytes. + * + * @param hex the hexadecimal string to convert. + * + * @return the binary-encoded string of bytes. + */ +util.hexToBytes = function(hex) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead." + var rval = ''; + var i = 0; + if(hex.length & 1 == 1) { + // odd number of characters, convert first character alone + i = 1; + rval += String.fromCharCode(parseInt(hex[0], 16)); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + } + return rval; +}; + +/** + * Converts a 'binary' encoded string of bytes to hex. + * + * @param bytes the byte string to convert. + * + * @return the string of hexadecimal characters. + */ +util.bytesToHex = function(bytes) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead." + return util.createBuffer(bytes).toHex(); +}; + +/** + * Converts an 32-bit integer to 4-big-endian byte string. + * + * @param i the integer. + * + * @return the byte string. + */ +util.int32ToBytes = function(i) { + return ( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +// base64 characters, reverse mapping +var _base64 = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; +var _base64Idx = [ +/*43 -43 = 0*/ +/*'+', 1, 2, 3,'/' */ + 62, -1, -1, -1, 63, + +/*'0','1','2','3','4','5','6','7','8','9' */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, + +/*15, 16, 17,'=', 19, 20, 21 */ + -1, -1, -1, 64, -1, -1, -1, + +/*65 - 43 = 22*/ +/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + +/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ + 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, + +/*91 - 43 = 48 */ +/*48, 49, 50, 51, 52, 53 */ + -1, -1, -1, -1, -1, -1, + +/*97 - 43 = 54*/ +/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ + 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + +/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 +]; + +/** + * Base64 encodes a 'binary' encoded string of bytes. + * + * @param input the binary encoded string of bytes to base64-encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output. + */ +util.encode64 = function(input, maxline) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead." + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Base64 decodes a string into a 'binary' encoded string of bytes. + * + * @param input the base64-encoded input. + * + * @return the binary encoded string. + */ +util.decode64 = function(input) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead." + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + var output = ''; + var enc1, enc2, enc3, enc4; + var i = 0; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); + if(enc3 !== 64) { + // decoded at least 2 bytes + output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); + if(enc4 !== 64) { + // decoded 3 bytes + output += String.fromCharCode(((enc3 & 3) << 6) | enc4); + } + } + } + + return output; +}; + +/** + * UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript + * string). Non-ASCII characters will be encoded as multiple bytes according + * to UTF-8. + * + * @param str the string to encode. + * + * @return the UTF-8 encoded string. + */ +util.encodeUtf8 = function(str) { + return unescape(encodeURIComponent(str)); +}; + +/** + * Decodes a UTF-8 encoded string into a UTF-16 string. + * + * @param str the string to decode. + * + * @return the UTF-16 encoded string (standard JavaScript string). + */ +util.decodeUtf8 = function(str) { + return decodeURIComponent(escape(str)); +}; + +// binary encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.binary = { + raw: {}, + hex: {}, + base64: {} +}; + +/** + * Encodes a Uint8Array as a binary-encoded string. This encoding uses + * a value between 0 and 255 for each character. + * + * @param bytes the Uint8Array to encode. + * + * @return the binary-encoded string. + */ +util.binary.raw.encode = function(bytes) { + return String.fromCharCode.apply(null, bytes); +}; + +/** + * Decodes a binary-encoded string to a Uint8Array. This encoding uses + * a value between 0 and 255 for each character. + * + * @param str the binary-encoded string to decode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.raw.decode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or + * ByteBuffer as a string of hexadecimal characters. + * + * @param bytes the bytes to convert. + * + * @return the string of hexadecimal characters. + */ +util.binary.hex.encode = util.bytesToHex; + +/** + * Decodes a hex-encoded string to a Uint8Array. + * + * @param hex the hexadecimal string to convert. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.hex.decode = function(hex, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(hex.length / 2)); + } + offset = offset || 0; + var i = 0, j = offset; + if(hex.length & 1) { + // odd number of characters, convert first character alone + i = 1; + out[j++] = parseInt(hex[0], 16); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + out[j++] = parseInt(hex.substr(i, 2), 16); + } + return output ? (j - offset) : out; +}; + +/** + * Base64-encodes a Uint8Array. + * + * @param input the Uint8Array to encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output string. + */ +util.binary.base64.encode = function(input, maxline) { + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.byteLength) { + chr1 = input[i++]; + chr2 = input[i++]; + chr3 = input[i++]; + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Decodes a base64-encoded string to a Uint8Array. + * + * @param input the base64-encoded input string. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.base64.decode = function(input, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(input.length / 4) * 3); + } + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + offset = offset || 0; + var enc1, enc2, enc3, enc4; + var i = 0, j = offset; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + out[j++] = (enc1 << 2) | (enc2 >> 4); + if(enc3 !== 64) { + // decoded at least 2 bytes + out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2); + if(enc4 !== 64) { + // decoded 3 bytes + out[j++] = ((enc3 & 3) << 6) | enc4; + } + } + } + + // make sure result is the exact decoded length + return output ? + (j - offset) : + out.subarray(0, j); +}; + +// text encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.text = { + utf8: {}, + utf16: {} +}; + +/** + * Encodes the given string as UTF-8 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf8.encode = function(str, output, offset) { + str = util.encodeUtf8(str); + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-8 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf8.decode = function(bytes) { + return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); +}; + +/** + * Encodes the given string as UTF-16 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf16.encode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + var view = new Uint16Array(out); + offset = offset || 0; + var j = offset; + var k = offset; + for(var i = 0; i < str.length; ++i) { + view[k++] = str.charCodeAt(i); + j += 2; + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-16 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf16.decode = function(bytes) { + return String.fromCharCode.apply(null, new Uint16Array(bytes)); +}; + +/** + * Deflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true to return only raw deflate data, false to include zlib + * header and trailer. + * + * @return the deflated data as a string. + */ +util.deflate = function(api, bytes, raw) { + bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); + + // strip zlib header and trailer if necessary + if(raw) { + // zlib header is 2 bytes (CMF,FLG) where FLG indicates that + // there is a 4-byte DICT (alder-32) block before the data if + // its 5th bit is set + var start = 2; + var flg = bytes.charCodeAt(1); + if(flg & 0x20) { + start = 6; + } + // zlib trailer is 4 bytes of adler-32 + bytes = bytes.substring(start, bytes.length - 4); + } + + return bytes; +}; + +/** + * Inflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true if the incoming data has no zlib header or trailer and is + * raw DEFLATE data. + * + * @return the inflated data as a string, null on error. + */ +util.inflate = function(api, bytes, raw) { + // TODO: add zlib header and trailer if necessary/possible + var rval = api.inflate(util.encode64(bytes)).rval; + return (rval === null) ? null : util.decode64(rval); +}; + +/** + * Sets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param obj the storage object, null to remove. + */ +var _setStorageObject = function(api, id, obj) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + var rval; + if(obj === null) { + rval = api.removeItem(id); + } else { + // json-encode and base64-encode object + obj = util.encode64(JSON.stringify(obj)); + rval = api.setItem(id, obj); + } + + // handle potential flash error + if(typeof(rval) !== 'undefined' && rval.rval !== true) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } +}; + +/** + * Gets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * + * @return the storage object entry or null if none exists. + */ +var _getStorageObject = function(api, id) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + // get the existing entry + var rval = api.getItem(id); + + /* Note: We check api.init because we can't do (api == localStorage) + on IE because of "Class doesn't support Automation" exception. Only + the flash api has an init method so this works too, but we need a + better solution in the future. */ + + // flash returns item wrapped in an object, handle special case + if(api.init) { + if(rval.rval === null) { + if(rval.error) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } + // no error, but also no item + rval = null; + } else { + rval = rval.rval; + } + } + + // handle decoding + if(rval !== null) { + // base64-decode and json-decode data + rval = JSON.parse(util.decode64(rval)); + } + + return rval; +}; + +/** + * Stores an item in local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + */ +var _setItem = function(api, id, key, data) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj === null) { + // create a new storage object + obj = {}; + } + // update key + obj[key] = data; + + // set storage object + _setStorageObject(api, id, obj); +}; + +/** + * Gets an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * + * @return the item. + */ +var _getItem = function(api, id, key) { + // get storage object + var rval = _getStorageObject(api, id); + if(rval !== null) { + // return data at key + rval = (key in rval) ? rval[key] : null; + } + + return rval; +}; + +/** + * Removes an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + */ +var _removeItem = function(api, id, key) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj !== null && key in obj) { + // remove key + delete obj[key]; + + // see if entry has no keys remaining + var empty = true; + for(var prop in obj) { + empty = false; + break; + } + if(empty) { + // remove entry entirely if no keys are left + obj = null; + } + + // set storage object + _setStorageObject(api, id, obj); + } +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * @param api the storage interface. + * @param id the storage ID to use. + */ +var _clearItems = function(api, id) { + _setStorageObject(api, id, null); +}; + +/** + * Calls a storage function. + * + * @param func the function to call. + * @param args the arguments for the function. + * @param location the location argument. + * + * @return the return value from the function. + */ +var _callStorageFunction = function(func, args, location) { + var rval = null; + + // default storage types + if(typeof(location) === 'undefined') { + location = ['web', 'flash']; + } + + // apply storage types in order of preference + var type; + var done = false; + var exception = null; + for(var idx in location) { + type = location[idx]; + try { + if(type === 'flash' || type === 'both') { + if(args[0] === null) { + throw new Error('Flash local storage not available.'); + } + rval = func.apply(this, args); + done = (type === 'flash'); + } + if(type === 'web' || type === 'both') { + args[0] = localStorage; + rval = func.apply(this, args); + done = true; + } + } catch(ex) { + exception = ex; + } + if(done) { + break; + } + } + + if(!done) { + throw exception; + } + + return rval; +}; + +/** + * Stores an item on local disk. + * + * The available types of local storage include 'flash', 'web', and 'both'. + * + * The type 'flash' refers to flash local storage (SharedObject). In order + * to use flash local storage, the 'api' parameter must be valid. The type + * 'web' refers to WebStorage, if supported by the browser. The type 'both' + * refers to storing using both 'flash' and 'web', not just one or the + * other. + * + * The location array should list the storage types to use in order of + * preference: + * + * ['flash']: flash only storage + * ['web']: web only storage + * ['both']: try to store in both + * ['flash','web']: store in flash first, but if not available, 'web' + * ['web','flash']: store in web first, but if not available, 'flash' + * + * The location array defaults to: ['web', 'flash'] + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + * @param location an array with the preferred types of storage to use. + */ +util.setItem = function(api, id, key, data, location) { + _callStorageFunction(_setItem, arguments, location); +}; + +/** + * Gets an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + * + * @return the item. + */ +util.getItem = function(api, id, key, location) { + return _callStorageFunction(_getItem, arguments, location); +}; + +/** + * Removes an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + */ +util.removeItem = function(api, id, key, location) { + _callStorageFunction(_removeItem, arguments, location); +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface if flash is available. + * @param id the storage ID to use. + * @param location an array with the preferred types of storage to use. + */ +util.clearItems = function(api, id, location) { + _callStorageFunction(_clearItems, arguments, location); +}; + +/** + * Parses the scheme, host, and port from an http(s) url. + * + * @param str the url string. + * + * @return the parsed url object or null if the url is invalid. + */ +util.parseUrl = function(str) { + // FIXME: this regex looks a bit broken + var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g; + regex.lastIndex = 0; + var m = regex.exec(str); + var url = (m === null) ? null : { + full: str, + scheme: m[1], + host: m[2], + port: m[3], + path: m[4] + }; + if(url) { + url.fullHost = url.host; + if(url.port) { + if(url.port !== 80 && url.scheme === 'http') { + url.fullHost += ':' + url.port; + } else if(url.port !== 443 && url.scheme === 'https') { + url.fullHost += ':' + url.port; + } + } else if(url.scheme === 'http') { + url.port = 80; + } else if(url.scheme === 'https') { + url.port = 443; + } + url.full = url.scheme + '://' + url.fullHost; + } + return url; +}; + +/* Storage for query variables */ +var _queryVariables = null; + +/** + * Returns the window location query variables. Query is parsed on the first + * call and the same object is returned on subsequent calls. The mapping + * is from keys to an array of values. Parameters without values will have + * an object key set but no value added to the value array. Values are + * unescaped. + * + * ...?k1=v1&k2=v2: + * { + * "k1": ["v1"], + * "k2": ["v2"] + * } + * + * ...?k1=v1&k1=v2: + * { + * "k1": ["v1", "v2"] + * } + * + * ...?k1=v1&k2: + * { + * "k1": ["v1"], + * "k2": [] + * } + * + * ...?k1=v1&k1: + * { + * "k1": ["v1"] + * } + * + * ...?k1&k1: + * { + * "k1": [] + * } + * + * @param query the query string to parse (optional, default to cached + * results from parsing window location search query). + * + * @return object mapping keys to variables. + */ +util.getQueryVariables = function(query) { + var parse = function(q) { + var rval = {}; + var kvpairs = q.split('&'); + for(var i = 0; i < kvpairs.length; i++) { + var pos = kvpairs[i].indexOf('='); + var key; + var val; + if(pos > 0) { + key = kvpairs[i].substring(0, pos); + val = kvpairs[i].substring(pos + 1); + } else { + key = kvpairs[i]; + val = null; + } + if(!(key in rval)) { + rval[key] = []; + } + // disallow overriding object prototype keys + if(!(key in Object.prototype) && val !== null) { + rval[key].push(unescape(val)); + } + } + return rval; + }; + + var rval; + if(typeof(query) === 'undefined') { + // set cached variables if needed + if(_queryVariables === null) { + if(typeof(window) !== 'undefined' && window.location && window.location.search) { + // parse window search query + _queryVariables = parse(window.location.search.substring(1)); + } else { + // no query variables available + _queryVariables = {}; + } + } + rval = _queryVariables; + } else { + // parse given query + rval = parse(query); + } + return rval; +}; + +/** + * Parses a fragment into a path and query. This method will take a URI + * fragment and break it up as if it were the main URI. For example: + * /bar/baz?a=1&b=2 + * results in: + * { + * path: ["bar", "baz"], + * query: {"k1": ["v1"], "k2": ["v2"]} + * } + * + * @return object with a path array and query object. + */ +util.parseFragment = function(fragment) { + // default to whole fragment + var fp = fragment; + var fq = ''; + // split into path and query if possible at the first '?' + var pos = fragment.indexOf('?'); + if(pos > 0) { + fp = fragment.substring(0, pos); + fq = fragment.substring(pos + 1); + } + // split path based on '/' and ignore first element if empty + var path = fp.split('/'); + if(path.length > 0 && path[0] === '') { + path.shift(); + } + // convert query into object + var query = (fq === '') ? {} : util.getQueryVariables(fq); + + return { + pathString: fp, + queryString: fq, + path: path, + query: query + }; +}; + +/** + * Makes a request out of a URI-like request string. This is intended to + * be used where a fragment id (after a URI '#') is parsed as a URI with + * path and query parts. The string should have a path beginning and + * delimited by '/' and optional query parameters following a '?'. The + * query should be a standard URL set of key value pairs delimited by + * '&'. For backwards compatibility the initial '/' on the path is not + * required. The request object has the following API, (fully described + * in the method code): + * { + * path: . + * query: , + * getPath(i): get part or all of the split path array, + * getQuery(k, i): get part or all of a query key array, + * getQueryLast(k, _default): get last element of a query key array. + * } + * + * @return object with request parameters. + */ +util.makeRequest = function(reqString) { + var frag = util.parseFragment(reqString); + var req = { + // full path string + path: frag.pathString, + // full query string + query: frag.queryString, + /** + * Get path or element in path. + * + * @param i optional path index. + * + * @return path or part of path if i provided. + */ + getPath: function(i) { + return (typeof(i) === 'undefined') ? frag.path : frag.path[i]; + }, + /** + * Get query, values for a key, or value for a key index. + * + * @param k optional query key. + * @param i optional query key index. + * + * @return query, values for a key, or value for a key index. + */ + getQuery: function(k, i) { + var rval; + if(typeof(k) === 'undefined') { + rval = frag.query; + } else { + rval = frag.query[k]; + if(rval && typeof(i) !== 'undefined') { + rval = rval[i]; + } + } + return rval; + }, + getQueryLast: function(k, _default) { + var rval; + var vals = req.getQuery(k); + if(vals) { + rval = vals[vals.length - 1]; + } else { + rval = _default; + } + return rval; + } + }; + return req; +}; + +/** + * Makes a URI out of a path, an object with query parameters, and a + * fragment. Uses jquery internally for query string creation. + * If the path is an array, it will be joined with '/'. + * + * @param path string path or array of strings. + * @param query object with query parameters. (optional) + * @param fragment fragment string. (optional) + * + * @return string object with request parameters. + */ +util.makeLink = function(path, query, fragment) { + // join path parts if needed + path = jQuery.isArray(path) ? path.join('/') : path; + + var qstr = jQuery.param(query || {}); + fragment = fragment || ''; + return path + + ((qstr.length > 0) ? ('?' + qstr) : '') + + ((fragment.length > 0) ? ('#' + fragment) : ''); +}; + +/** + * Follows a path of keys deep into an object hierarchy and set a value. + * If a key does not exist or it's value is not an object, create an + * object in it's place. This can be destructive to a object tree if + * leaf nodes are given as non-final path keys. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param value the value to set. + */ +util.setPath = function(object, keys, value) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + object[next] = value; + } else { + // more + var hasNext = (next in object); + if(!hasNext || + (hasNext && typeof(object[next]) !== 'object') || + (hasNext && object[next] === null)) { + object[next] = {}; + } + object = object[next]; + } + } + } +}; + +/** + * Follows a path of keys deep into an object hierarchy and return a value. + * If a key does not exist, create an object in it's place. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param _default value to return if path not found. + * + * @return the value at the path if found, else default if given, else + * undefined. + */ +util.getPath = function(object, keys, _default) { + var i = 0; + var len = keys.length; + var hasNext = true; + while(hasNext && i < len && + typeof(object) === 'object' && object !== null) { + var next = keys[i++]; + hasNext = next in object; + if(hasNext) { + object = object[next]; + } + } + return (hasNext ? object : _default); +}; + +/** + * Follow a path of keys deep into an object hierarchy and delete the + * last one. If a key does not exist, do nothing. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + */ +util.deletePath = function(object, keys) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + delete object[next]; + } else { + // more + if(!(next in object) || + (typeof(object[next]) !== 'object') || + (object[next] === null)) { + break; + } + object = object[next]; + } + } + } +}; + +/** + * Check if an object is empty. + * + * Taken from: + * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937 + * + * @param object the object to check. + */ +util.isEmpty = function(obj) { + for(var prop in obj) { + if(obj.hasOwnProperty(prop)) { + return false; + } + } + return true; +}; + +/** + * Format with simple printf-style interpolation. + * + * %%: literal '%' + * %s,%o: convert next argument into a string. + * + * @param format the string to format. + * @param ... arguments to interpolate into the format string. + */ +util.format = function(format) { + var re = /%./g; + // current match + var match; + // current part + var part; + // current arg index + var argi = 0; + // collected parts to recombine later + var parts = []; + // last index found + var last = 0; + // loop while matches remain + while((match = re.exec(format))) { + part = format.substring(last, re.lastIndex - 2); + // don't add empty strings (ie, parts between %s%s) + if(part.length > 0) { + parts.push(part); + } + last = re.lastIndex; + // switch on % code + var code = match[0][1]; + switch(code) { + case 's': + case 'o': + // check if enough arguments were given + if(argi < arguments.length) { + parts.push(arguments[argi++ + 1]); + } else { + parts.push(''); + } + break; + // FIXME: do proper formating for numbers, etc + //case 'f': + //case 'd': + case '%': + parts.push('%'); + break; + default: + parts.push('<%' + code + '?>'); + } + } + // add trailing part of format string + parts.push(format.substring(last)); + return parts.join(''); +}; + +/** + * Formats a number. + * + * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/ + */ +util.formatNumber = function(number, decimals, dec_point, thousands_sep) { + // http://kevin.vanzonneveld.net + // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // + bugfix by: Michael White (http://crestidg.com) + // + bugfix by: Benjamin Lupton + // + bugfix by: Allan Jensen (http://www.winternet.no) + // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // * example 1: number_format(1234.5678, 2, '.', ''); + // * returns 1: 1234.57 + + var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; + var d = dec_point === undefined ? ',' : dec_point; + var t = thousands_sep === undefined ? + '.' : thousands_sep, s = n < 0 ? '-' : ''; + var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + ''; + var j = (i.length > 3) ? i.length % 3 : 0; + return s + (j ? i.substr(0, j) + t : '') + + i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) + + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ''); +}; + +/** + * Formats a byte size. + * + * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/ + */ +util.formatSize = function(size) { + if(size >= 1073741824) { + size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB'; + } else if(size >= 1048576) { + size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB'; + } else if(size >= 1024) { + size = util.formatNumber(size / 1024, 0) + ' KiB'; + } else { + size = util.formatNumber(size, 0) + ' bytes'; + } + return size; +}; + +/** + * Converts an IPv4 or IPv6 string representation into bytes (in network order). + * + * @param ip the IPv4 or IPv6 address to convert. + * + * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't + * be parsed. + */ +util.bytesFromIP = function(ip) { + if(ip.indexOf('.') !== -1) { + return util.bytesFromIPv4(ip); + } + if(ip.indexOf(':') !== -1) { + return util.bytesFromIPv6(ip); + } + return null; +}; + +/** + * Converts an IPv4 string representation into bytes (in network order). + * + * @param ip the IPv4 address to convert. + * + * @return the 4-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv4 = function(ip) { + ip = ip.split('.'); + if(ip.length !== 4) { + return null; + } + var b = util.createBuffer(); + for(var i = 0; i < ip.length; ++i) { + var num = parseInt(ip[i], 10); + if(isNaN(num)) { + return null; + } + b.putByte(num); + } + return b.getBytes(); +}; + +/** + * Converts an IPv6 string representation into bytes (in network order). + * + * @param ip the IPv6 address to convert. + * + * @return the 16-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv6 = function(ip) { + var blanks = 0; + ip = ip.split(':').filter(function(e) { + if(e.length === 0) ++blanks; + return true; + }); + var zeros = (8 - ip.length + blanks) * 2; + var b = util.createBuffer(); + for(var i = 0; i < 8; ++i) { + if(!ip[i] || ip[i].length === 0) { + b.fillWithByte(0, zeros); + zeros = 0; + continue; + } + var bytes = util.hexToBytes(ip[i]); + if(bytes.length < 2) { + b.putByte(0); + } + b.putBytes(bytes); + } + return b.getBytes(); +}; + +/** + * Converts 4-bytes into an IPv4 string representation or 16-bytes into + * an IPv6 string representation. The bytes must be in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 or IPv6 string representation if 4 or 16 bytes, + * respectively, are given, otherwise null. + */ +util.bytesToIP = function(bytes) { + if(bytes.length === 4) { + return util.bytesToIPv4(bytes); + } + if(bytes.length === 16) { + return util.bytesToIPv6(bytes); + } + return null; +}; + +/** + * Converts 4-bytes into an IPv4 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv4 = function(bytes) { + if(bytes.length !== 4) { + return null; + } + var ip = []; + for(var i = 0; i < bytes.length; ++i) { + ip.push(bytes.charCodeAt(i)); + } + return ip.join('.'); +}; + +/** + * Converts 16-bytes into an IPv16 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv16 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv6 = function(bytes) { + if(bytes.length !== 16) { + return null; + } + var ip = []; + var zeroGroups = []; + var zeroMaxGroup = 0; + for(var i = 0; i < bytes.length; i += 2) { + var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); + // canonicalize zero representation + while(hex[0] === '0' && hex !== '0') { + hex = hex.substr(1); + } + if(hex === '0') { + var last = zeroGroups[zeroGroups.length - 1]; + var idx = ip.length; + if(!last || idx !== last.end + 1) { + zeroGroups.push({start: idx, end: idx}); + } else { + last.end = idx; + if((last.end - last.start) > + (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) { + zeroMaxGroup = zeroGroups.length - 1; + } + } + } + ip.push(hex); + } + if(zeroGroups.length > 0) { + var group = zeroGroups[zeroMaxGroup]; + // only shorten group of length > 0 + if(group.end - group.start > 0) { + ip.splice(group.start, group.end - group.start + 1, ''); + if(group.start === 0) { + ip.unshift(''); + } + if(group.end === 7) { + ip.push(''); + } + } + } + return ip.join(':'); +}; + +/** + * Estimates the number of processes that can be run concurrently. If + * creating Web Workers, keep in mind that the main JavaScript process needs + * its own core. + * + * @param options the options to use: + * update true to force an update (not use the cached value). + * @param callback(err, max) called once the operation completes. + */ +util.estimateCores = function(options, callback) { + if(typeof options === 'function') { + callback = options; + options = {}; + } + options = options || {}; + if('cores' in util && !options.update) { + return callback(null, util.cores); + } + if(typeof navigator !== 'undefined' && + 'hardwareConcurrency' in navigator && + navigator.hardwareConcurrency > 0) { + util.cores = navigator.hardwareConcurrency; + return callback(null, util.cores); + } + if(typeof Worker === 'undefined') { + // workers not available + util.cores = 1; + return callback(null, util.cores); + } + if(typeof Blob === 'undefined') { + // can't estimate, default to 2 + util.cores = 2; + return callback(null, util.cores); + } + + // create worker concurrency estimation code as blob + var blobUrl = URL.createObjectURL(new Blob(['(', + function() { + self.addEventListener('message', function(e) { + // run worker for 4 ms + var st = Date.now(); + var et = st + 4; + while(Date.now() < et); + self.postMessage({st: st, et: et}); + }); + }.toString(), + ')()'], {type: 'application/javascript'})); + + // take 5 samples using 16 workers + sample([], 5, 16); + + function sample(max, samples, numWorkers) { + if(samples === 0) { + // get overlap average + var avg = Math.floor(max.reduce(function(avg, x) { + return avg + x; + }, 0) / max.length); + util.cores = Math.max(1, avg); + URL.revokeObjectURL(blobUrl); + return callback(null, util.cores); + } + map(numWorkers, function(err, results) { + max.push(reduce(numWorkers, results)); + sample(max, samples - 1, numWorkers); + }); + } + + function map(numWorkers, callback) { + var workers = []; + var results = []; + for(var i = 0; i < numWorkers; ++i) { + var worker = new Worker(blobUrl); + worker.addEventListener('message', function(e) { + results.push(e.data); + if(results.length === numWorkers) { + for(var i = 0; i < numWorkers; ++i) { + workers[i].terminate(); + } + callback(null, results); + } + }); + workers.push(worker); + } + for(var i = 0; i < numWorkers; ++i) { + workers[i].postMessage(i); + } + } + + function reduce(numWorkers, results) { + // find overlapping time windows + var overlaps = []; + for(var n = 0; n < numWorkers; ++n) { + var r1 = results[n]; + var overlap = overlaps[n] = []; + for(var i = 0; i < numWorkers; ++i) { + if(n === i) { + continue; + } + var r2 = results[i]; + if((r1.st > r2.st && r1.st < r2.et) || + (r2.st > r1.st && r2.st < r1.et)) { + overlap.push(i); + } + } + } + // get maximum overlaps ... don't include overlapping worker itself + // as the main JS process was also being scheduled during the work and + // would have to be subtracted from the estimate anyway + return overlaps.reduce(function(max, overlap) { + return Math.max(max, overlap.length); + }, 0); + } +}; + +} // end module implementation + +/* ########## Begin module wrapper ########## */ +var name = 'util'; +if(typeof define !== 'function') { + // NodeJS -> AMD + if(typeof module === 'object' && module.exports) { + var nodeJS = true; + define = function(ids, factory) { + factory(require, module); + }; + } else { + // + + ## if only form, then we include javascript here (end of body) + #if ($isFormRequest) + #parse("${templatePath}/js_end.vm") + #end + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/header.vm new file mode 100644 index 0000000..b8a5038 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/header.vm @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/html.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/html.vm new file mode 100644 index 0000000..2f02835 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/html.vm @@ -0,0 +1,32 @@ + + + + + $text.get('title') + + + + + + + + + + + #parse("${templatePath}/js_start.vm") + + + + #parse("${templatePath}/lang.vm") + + #parse("${templatePath}/header.vm") + +
+ #parse("${templatePath}/form.vm") +
+ + #parse("${templatePath}/footer.vm") + + #parse("${templatePath}/js_end.vm") + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_end.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_end.vm new file mode 100644 index 0000000..f34431f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_end.vm @@ -0,0 +1,76 @@ + + + +#if ($gui.name == "oauth_consent") + +#end + +#if ($gui.name == "authcloud") + + +#end + +#if ($gui.name == "authcloud_onboard") + + +#end + +#if ($gui.name == "authcloud_login") + + +#end + +#if ($gui.name == "mauth_onboard") + + +#end + +#if ($gui.name == "mauth_link_qr") + + +#end + +#if ($gui.name == "mauth_push_qr") + + +#end + +#if ($gui.name == "mauth_usernameless") + + +#end + +#if ($gui.name == "fido2_auth") + + + +#end + +#if ($gui.name == "fido2_auth_std") + #set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"]) + #set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"]) + #set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"]) + #set ($userVerification = $login.requestHeaders["fido2UserVerification"]) + + + + +#end + +#if ($gui.name == "fido2_onboard") + + + +#end + +#if ($useFormEncryption) + + +#end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_start.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_start.vm new file mode 100644 index 0000000..ddc8437 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/js_start.vm @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/json.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/json.vm new file mode 100644 index 0000000..e9c3ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/json.vm @@ -0,0 +1,88 @@ +## This template is used to respond with a JSON format +## In this case, the client is supposed to parse and show the data +## The JSON data is close to the XML format of the GuiDesc + +#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +{ + "name" : "$gui.name" , + "target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if + +#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if + +#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.language) +#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.domain) + +#if ($gui.getGuiElems().size() > 0) + "elements" : [ +#set ($i = 0) +#foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #end ## if ($guiElem['validation-failed']) + + #if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + + #if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + + #if ($guiElem.format) "format" : "$guiElem.format" + #end + + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + +#end ## loop + ] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end +#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0) +#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0) + "groups" : [ + #set ($j = 0) + #foreach ($guiGroup in $gui.getGuiGroup()) + "name" : "$guiGroup.name", + "type" : "$guiGroup.type", + "label" : "$guiGroup.label", + "multiple" : "$guiGroup.multiple", + "format" : "$guiGroup.format", + "optional" : "$guiGroup.optional", + "validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end + #if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0) + "elements" : [ + #set ($i = 0) + #foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "validation-failed" : "$guiGroup.validationFailed", + "label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem.value) + "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + #if ($guiElem.length) + "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + #if ($guiElem.format) + "format" : "$guiElem.format" + #end ## if ($guiElem.format) + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + + #end ## loop + ] #if ($foreach.hasNext), #end + #set ($j = $j + 1) + #if ($j < ($gui.getGuiGroup().size())), #end + #end ## foreach ($guiGroup in $gui.getGuiGroup()) + #end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0) + ] + #end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0) +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/lang.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/lang.vm new file mode 100644 index 0000000..0e85f80 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/lang.vm @@ -0,0 +1,32 @@ +## Nav ================================================================= + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/macros.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/macros.vm new file mode 100644 index 0000000..f1e4f2c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Mobile_FIDO_UAF/webdata/template/macros.vm @@ -0,0 +1,295 @@ + +#macro(renderFormField $guiElem, $gui, $tabindex) + +#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link") +## do nothing, will be rendered in renderFormControls nd renderFormLinks + + +#elseif ($guiElem.type == "info" || $guiElem.type == "error") + #if ($guiElem.label && $guiElem.label.length() > 0) + ## special fields: display some text only + #set ($class = "form-group") + #if ($guiElem.type == "error") + #set ($class = "$class has-error") + #end +
+
+ + $guiElem.label + +
+
+ #end + +#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs") + + +#elseif ($guiElem.type == "hidden") + + + +#else ## not info, error, button, submit, reset or hidden -> normal visual element + +## define CSS class of representation in form +#set ($class = "form-group") +#if ($guiElem.optional) +#set ($class = "$class optional") +#else +#set ($class = "$class required") +#end + +## highlight failed input validation, if flagged + +#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0) +#set ($class = "$class has-error") +#end + +#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0)) +#set ($class = "$class has-error") +#end + + +## the form field's container, a label, and optionally a validation-related message + +
+ ## Special handling required for radios + checkboxes + #if ($guiElem.type != "radio" && $guiElem.type != "checkbox") + + + +
+ #if ($guiElem.type == "text") + + + #elseif ($guiElem.type == "pw-text") +
+ + +
+ + #elseif ($guiElem.type == "select") + #set ($scrollSize = $guiElem.getGuiElems().size()) + #set ($scrollSize = $math.min($scrollSize,4)) + #if ($guiElem.multiple) + + #end + #foreach ($option in $guiElem.getGuiElems()) + #if ($option.selected) + + #else + + #end + #end ## foreach option + + + #elseif ($guiElem.type == "image" ) + $guiElem.label + #end + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #else + ## Special handling for checkboxes and radios +
+ + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #end +
+#end + +#end ## end macro + + + + +#macro(renderElementValidation $guiElem, $gui) +#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0)) + + + + +#end +#end ## macro + + +#macro(renderFormLinks $gui) +#set ($noLinks = true) +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "link") + #if ($noLinks) +
+ #set ($noLinks = false) + #end + ${utils.escapeHtml($guiElem.label)} + #end +#end + #if (!$noLinks) +
+ #end +#end + +#macro(renderFormControls $gui) +
+#set ($buttonClass = "btn") +#if ($isFormRequest) + #set ($buttonClass = "$buttonClass btn-default") +#else + #set ($buttonClass = "$buttonClass btn-primary") +#end +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset") + + #end +#end ## foreach +
+ +#end ## end macro \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/default.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/default.properties new file mode 100644 index 0000000..62a8a09 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/default.properties @@ -0,0 +1,26 @@ +# source: pattern://204c22beaccdfd22727af378 +application.countries.default=CH +# source: pattern://204c22beaccdfd22727af378 +cache.file.exempt= +# source: pattern://204c22beaccdfd22727af378 +cache.filefolder.exempt= +# source: pattern://204c22beaccdfd22727af378 +application.language.source.1=param:language +# source: pattern://204c22beaccdfd22727af378 +application.language.source.2=cookie:LANG +# source: pattern://204c22beaccdfd22727af378 +application.language.source.3=gui +# source: pattern://204c22beaccdfd22727af378 +application.language.source.4=browser +# source: pattern://204c22beaccdfd22727af378 +application.languages=en,de,fr,it +# source: pattern://204c22beaccdfd22727af378 +application.languages.default=en +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.de=LANG:de:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.fr=LANG:fr:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties new file mode 100644 index 0000000..80625e6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_de.properties @@ -0,0 +1,210 @@ + +button.submit=Senden +darkModeSwitch.aria.label=Dark-Mode-Schalter +error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein. +error_1=Bitte überprüfen Sie Ihre Eingaben. +error_10=Bitte wählen Sie das richtige Benutzerkonto aus. +error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk. +error_101=Die eingegebene E-Mail-Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort. +error_5=Fehler bei der Passwortbestätigung. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortänderung erforderlich. +error_7=Änderung der Login-ID erforderlich. +error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt. +error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert. +error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten. +error_9=Übernahme der Sitzung fehlgeschlagen. +error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen. +error_98=Ihr Konto wurde gesperrt. +error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal. +error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen. +error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an. +error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an. +error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht. +error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support. +error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link. +errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft. +fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist. +fido2_auth.instruction1=Klicken Sie auf "Weiter" +fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen +fido2_auth.instruction3=Folgen Sie den Anweisungen +fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen +fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT +footer.link=https://agov.ch/?c=contact&l=de +footer.link.label=Kontakt +footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. - +general.AGOVAccessApp=AGOV access App +general.accessApp=AGOV access App +general.authenticate=Authentifizieren +general.back=Zurück +general.cancel=Abbrechen +general.confirm=Bestätigen +general.contactSupport=Support kontaktieren +general.continue=Weiter +general.edit=Ändern +general.email=E-Mail +general.email.address=E-Mailadresse +general.entryCode=Code-Eingabe +general.getStarted=Get started +general.goAGOVHelp=Weiter zur AGOV help +general.goAccessApp=Login mit AGOV access +general.help=Hilfe +general.help.link=https://agov.ch/pages/help_de.html +general.login=Login +general.loginSecurityKey=Sicherheitsschlüssel-Login starten +general.or=ODER +general.otherOptions=WEITERE OPTIONEN +general.recovery=Wiederherstellung +general.recoveryOngoing=Wiederherstellung nicht abgeschlossen +general.register=Registrieren +general.registerNow=Jetzt registrieren! +general.registration=Registrierung +general.securityKey=Sicherheitsschlüssel +general.skip.content=Direkt zum Hauptteil +generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran. +generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht. +generic.auth.error.subtitle=Etwas ist schiefgegangen +generic.auth.error.title=Fehler +info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sprache wählen +loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern. +loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen. +loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben. +loainfo.helper=Ihre persönlichen Daten müssen überprüft werden! +loainfo.later=Später +loainfo.startNow=Möchten Sie den Prozess jetzt starten? +loainfo.startVerification=Verifikation starten +loainfo.title=Verifizieren Sie Ihre Daten +mauth_usernameless.EID=Mit Schweizer E-ID fortfahren +mauth_usernameless.banner.error=Authentifizierung unterbrochen.
Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde. +mauth_usernameless.banner.info=Scan erfolgreich.
Bitte fahren Sie in der AGOV access App fort. +mauth_usernameless.banner.success=Authentifizierung erfolgreich!
Bitte warten Sie, bis Sie eingeloggt werden. +mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren? +mauth_usernameless.hideQR=QR-Code ausblenden +mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen +mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login? +mauth_usernameless.showQR=QR-Code anzeigen +mauth_usernameless.startRecovery=Kontowiederherstellung starten +mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden +mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden. +op-admin.login=AGOV-op-Admin +op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort +op-admin.login.loginid=LoginID +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV-op-Admin +op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Passwortänderung erforderlich +op-admin.pwchange.newpassword=Neues Passwort +op-admin.pwchange.newpassword2=Neues Passwort wiederholen +op-admin.pwchange.password=Aktuelles Passwort +op-admin.pwchange.title=Änderung des Passworts +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung) +op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...) +op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...) +op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb) +op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus... +op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden. +op-idmlogin.select.title=Profilauswahl +op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen. +op-onboarding.done.title=FERTIG +op-onboarding.failed.title=FEHLER +op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto. +op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet. +op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV-op-Onboarding +op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an. +prompt.client=Mandant +prompt.newpassword=Neues Passwort +prompt.newpassword.confirm=Passwort bestätigen +prompt.password=Passwort +prompt.userid=Benutzer-ID +pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen. +pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen.. +pwreset.info.linktext=Passwort vergessen +pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen. +recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert +recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren. +recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut. +recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben +recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten. +recovery_check_code.invalid.code=Code ist ungültig +recovery_check_code.invalid.code.required=Code erforderlich +recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang +recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen +recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können? +recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen. +recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben. +recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können. +recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf. +recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode +recovery_code.validUntil=Gültig bis: +recovery_fidokey_auth.button=Schlüsselauthentifizierung starten +recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten" +recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren. +recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert +recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten. +recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten. +recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an +recovery_intro_email.important=Wichtig: +recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.). +recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA geschützt, und es gelten die Datenschutzerklärung sowie die Nutzungsbedingungen von Google. +recovery_intro_email_sent.banner.button=Keine E-Mail erhalten? +recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten. +recovery_on_going.finishRecovery=Wiederherstellung abschliessen +recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen. +recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab. +recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen. +recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm. +recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen +recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos) +recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort. +recovery_questionnaire_loginfactor.no=Nein +recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert? +recovery_questionnaire_loginfactor.yes=Ja +recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein. +recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte www.agov.ch/help für Support-Artikel. +recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte www.agov.ch/me und testen Sie, ob Sie sich erfolgreich anmelden können. +recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte www.agov.ch/me, um den verlorenen Loginfaktor zu entfernen. +recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe +recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel) +recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen +recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt +recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren +recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen +recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen +recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen +recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren +recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN) +recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus. +recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: +recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist. +recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen. +recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Passwort ändern +title.pwreset=Passwort Vergesssen +user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein +user_input.invalid.email.required=Erforderliches Feld +user_input.invalid.email.tooLong=Eingabe zu lang diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_en.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties new file mode 100644 index 0000000..155329b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_fr.properties @@ -0,0 +1,210 @@ + +button.submit=Envoyer +darkModeSwitch.aria.label=Activer l'apparence sombre +error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_1=Veuillez vérifier votre saisie. +error_10=Veuillez sélectionner le compte d’utilisateur correct. +error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance. +error_101=L’adresse e-mail saisie n’est pas valable. +error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification. +error_2=Veuillez sélectionner un autre nom d’utilisateur. +error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue. +error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe. +error_5=Erreur de confirmation du mot de passe +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit être différent des précédents. +error_6=Changement de mot de passe requis. +error_7=Changement d’identifiant de connexion requis. +error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification. +error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé. +error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès. +error_9=La reprise de session a échoué. +error_97=Vous n’êtes pas autorisé à accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problèmes de système. Veuillez réessayer plus tard. +error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page. +error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement. +error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance. +error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste. +error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance. +error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance. +errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations. +fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous. +fido2_auth.instruction1=Cliquez sur "Continuer" +fido2_auth.instruction2=Une fenêtre d'authentification s'affichera +fido2_auth.instruction3=Suivez les instructions +fido2_auth.skipInstructions=Passer les instructions la fois suivante +fido2_auth.switchLogin=S'AUTHENTIFIER AVEC +footer.link=https://agov.ch/?c=contact&l=fr +footer.link.label=Contact +footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. - +general.AGOVAccessApp=Application AGOV access +general.accessApp=Application AGOV access +general.authenticate=Authentification +general.back=Retour +general.cancel=Annuler +general.confirm=Confirmer +general.contactSupport=Contacter le service d'assistance +general.continue=Continuer +general.edit=Editer +general.email=E-mail +general.email.address=Adresse e-mail +general.entryCode=Entrer le code +general.getStarted=Démarrer +general.goAGOVHelp=Rendez-vous sur AGOV help +general.goAccessApp=Login avec AGOV access +general.help=Aide +general.help.link=https://agov.ch/pages/help_fr.html +general.login=Login +general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité +general.or=OU +general.otherOptions=AUTRES OPTIONS +general.recovery=Récupération +general.recoveryOngoing=Récupération en cours +general.register=Créer un compte +general.registerNow=Enregistrez-vous dès maintenant! +general.registration=Enregistrement +general.securityKey=Clé de sécurité +general.skip.content=Passer au contenu principal +generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème. +generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste. +generic.auth.error.subtitle=Un problème s’est produit +generic.auth.error.title=Erreur +info.login=Veuillez entrer vos éléments de sécurité ci-après. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sélectionner la langue +loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours. +loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante. +loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS. +loainfo.helper=Vos données doivent être vérifiées! +loainfo.later=Plus tard +loainfo.startNow=Voulez-vous commencer le processus maintenant? +loainfo.startVerification=Démarrer la vérification +loainfo.title=Vérifiez vos données +mauth_usernameless.EID=Continuer avec l'e-ID suisse +mauth_usernameless.banner.error=Authentification interrompue.
Veuillez réessayer lorsque la page sera rechargée. +mauth_usernameless.banner.info=Scan réussi!
Veuillez continuer dans l'application AGOV access. +mauth_usernameless.banner.success=Authentification réussie!
Veuillez attendre d'être connecté. +mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ? +mauth_usernameless.hideQR=Cacher le code QR +mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access +mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ? +mauth_usernameless.showQR=Afficher le code QR +mauth_usernameless.startRecovery=Commencer la récupération du compte +mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter +mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone. +op-admin.login=Administration de l’accès à AGOV op +op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe +op-admin.login.loginid=Identifiant de connexion +op-admin.login.password=Mot de passe +op-admin.login.title=Connexion +op-admin.logout=Administration de l’accès à AGOV op +op-admin.logout.message=Vous vous êtes déconnecté avec succès. +op-admin.logout.title=Déconnexion +op-admin.pwchange.intro.message=Changement de mot de passe requis +op-admin.pwchange.newpassword=Nouveau mot de passe +op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe +op-admin.pwchange.password=Mot de passe actuel +op-admin.pwchange.title=Changer de mot de passe +op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès +op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM +op-idmlogin.role.readonly-access=Accès par défaut (lecture seule) +op-idmlogin.role.support-basic=Cas de support (récupération, ...) +op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription) +op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations) +op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous... +op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production. +op-idmlogin.select.title=Séléction du profil +op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations. +op-onboarding.done.title=TERMINÉ +op-onboarding.failed.title=ERREUR +op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN. +op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification. +op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre. +op-onboarding.intro.title=DÉMARRER +op-onboarding.onboarding=Enregistrement de l’accès à AGOV op +op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement. +prompt.client=Client +prompt.newpassword=Nouveau mot de passe +prompt.newpassword.confirm=Confirmez le mot de passe +prompt.password=Mot de passe +prompt.userid=ID de l'utilisateur +pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter. +pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe. +pwreset.info.linktext=Mot de passe oublié +pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau. +recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée +recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération. +recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier. +recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer. +recovery_check_code.enterRecoveryCode=Saisir le code de récupération +recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me. +recovery_check_code.invalid.code=Le code est invalide +recovery_check_code.invalid.code.required=Code requis +recovery_check_code.invalid.code.tooLong=Le code est trop long +recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération +recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ? +recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération. +recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération. +recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois. +recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération. +recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer. +recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr. +recovery_code.newRecoveryCode=Introduction du code de récupération +recovery_code.validUntil=Valable jusqu'au: +recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité +recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé" +recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération. +recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier. +recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée +recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien. +recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération. +recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha +recovery_intro_email.important=Important: +recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=Ce site est protégé par reCAPTCHA: les règles de confidentialité et conditions d’utilisation de Google s’appliquent. +recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email? +recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions. +recovery_on_going.finishRecovery=Terminer la récupération +recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité. +recovery_on_going.title=Veuillez terminer le processus de récupération. +recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie. +recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran. +recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération +recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte) +recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse. +recovery_questionnaire_loginfactor.no=Non +recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ? +recovery_questionnaire_loginfactor.yes=Oui +recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant. +recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter www.agov.ch/help pour obtenir des articles de soutien. +recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez www.agov.ch/me et vérifiez si vous pouvez vous connecter avec succès. +recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter www.agov.ch/me pour supprimer celui auquel vous avez perdu l'accès. +recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité +recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité) +recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription +recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access +recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité +recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access +recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access +recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter +recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access +recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié) +recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif. +recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération : +recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé. +recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération. +recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Changer mot de passe +title.pwreset=Mot de Passe Oublié +user_input.invalid.email=Veuillez saisir un e-mail valable. +user_input.invalid.email.required=Champ requis +user_input.invalid.email.tooLong=La saisie est trop longue diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties new file mode 100644 index 0000000..3535726 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/resources/conf/text_it.properties @@ -0,0 +1,210 @@ + +button.submit=Continua +darkModeSwitch.aria.label=Attivare la modalità scura +error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_1=Verificare i dati inseriti. +error_10=Scegliere l’account utente corretto. +error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk. +error_101=L’e-mail inserita non è valida. +error_11=Utilizzare un altro certificato o accedere con altre credenziali. +error_2=Selezionare un altro nome di accesso. +error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato. +error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password. +error_5=Errore nella conferma della password. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve differire da quelle precedenti. +error_6=È richiesta la modifica della password. +error_7=È richiesta la modifica dell’ID di accesso. +error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato. +error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato. +error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile. +error_9=Takeover di sessione fallito. +error_97=Accesso non autorizzato a questa risorsa. +error_98=L’account è stato bloccato. +error_99=Ci sono problemi di sistema. Riprovare più tardi. +error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido. +error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione. +error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione. +error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link. +error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto. +error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione. +errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo. +fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni. +fido2_auth.instruction1=Cliccare su "Continua" +fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione. +fido2_auth.instruction3=Seguire le istruzioni. +fido2_auth.skipInstructions=Non mostrare più le istruzioni +fido2_auth.switchLogin=ACCEDERE CON +footer.link=https://agov.ch/?c=contact&l=it +footer.link.label=Contatto +footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. - +general.AGOVAccessApp=App AGOV access +general.accessApp=App AGOV access +general.authenticate=Autentifica +general.back=Indietro +general.cancel=Annullare +general.confirm=Confermare +general.contactSupport=Contattare il supporto +general.continue=Continuare +general.edit=Modificare +general.email=e-mail +general.email.address=Indirizzo e-mail +general.entryCode=Codice +general.getStarted=Iniziare +general.goAGOVHelp=Vai ad AGOV help +general.goAccessApp=Login con AGOV access +general.help=Aiuto +general.help.link=https://agov.ch/pages/help_it.html +general.login=Accedere +general.loginSecurityKey=Iniziare il login con la chiave di sicurezza +general.or=O +general.otherOptions=ALTRE OPZIONI +general.recovery=Ripristino +general.recoveryOngoing=Ripristino in corso +general.register=Registrarsi +general.registerNow=Si registri ora! +general.registration=Registrazione +general.securityKey=Chiave di sicurezza +general.skip.content=Vai al contenuto principale +generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio. +generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help. +generic.auth.error.subtitle=Qualcosa non ha funzionato. +generic.auth.error.title=Errore +info.login=Per favore inserisca i suoi dati di accesso. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Selezionare la lingua +loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi. +loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata. +loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS. +loainfo.helper=I dati devono essere verificati! +loainfo.later=Più tardi +loainfo.startNow=Iniziare la procedura? +loainfo.startVerification=Iniziare la verifica +loainfo.title=Verificare i dati. +mauth_usernameless.EID=Continuare con CH e-ID +mauth_usernameless.banner.error=Autenticazione interrotta.
Riprovare dopo che la pagina si sarà ricaricata. +mauth_usernameless.banner.info=La scansione è stata eseguita.
Continuare nell'app AGOV access. +mauth_usernameless.banner.success=Autenticazione riuscita!
Aspettare di essere connessi. +mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza? +mauth_usernameless.hideQR=Nascondi il codice QR +mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access. +mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ? +mauth_usernameless.showQR=Visualizza il codice QR +mauth_usernameless.startRecovery=Inizia il recupero dell'account +mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza. +mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Accedere con nome utente e password +op-admin.login.loginid=ID di accesso +op-admin.login.password=Password +op-admin.login.title=Accedere +op-admin.logout=AGOV op admin +op-admin.logout.message=La sessione è terminata. +op-admin.logout.title=Disconnessione +op-admin.pwchange.intro.message=È richiesta la modifica della password. +op-admin.pwchange.newpassword=Nuova password +op-admin.pwchange.newpassword2=Ripetere la nuova password +op-admin.pwchange.password=Password attuale +op-admin.pwchange.title=Modificare password +op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso +op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM +op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura) +op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...) +op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding) +op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni) +op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili... +op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche. +op-idmlogin.select.title=Selezione del profilo +op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser. +op-onboarding.done.title=FINITO +op-onboarding.failed.title=ERRORE +op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN. +op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione. +op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta. +op-onboarding.intro.title=INIZIARE +op-onboarding.onboarding=Registrazione AGOV op +op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione. +prompt.client=Mandator +prompt.newpassword=Nuova Password +prompt.newpassword.confirm=Conferma password +prompt.password=Password +prompt.userid=Nome utente +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata +recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. +recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare. +recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero +recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me. +recovery_check_code.invalid.code=Il codice non è valido +recovery_check_code.invalid.code.required=Codice richiesto +recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo +recovery_check_code.noAccess=Non ho il mio codice. +recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino? +recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino. +recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto +recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte. +recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero. +recovery_code.banner.error=Per procedere, inserire il nuovo codice. +recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro. +recovery_code.newRecoveryCode=Introduzione del codice di ripristino +recovery_code.validUntil=Valido fino a: +recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave +recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave" +recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti. +recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata +recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail. +recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail. +recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha +recovery_intro_email.important=Importante: +recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.). +recovery_intro_email.siteProtectedWithRecaptcha=Questo sito è protetto da reCAPTCHA. Si applicano le norme sulla privacy e i termini di servizio di Google. +recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail? +recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni. +recovery_on_going.finishRecovery=Completare il ripristino +recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità. +recovery_on_going.title=Completare il processo di ripristino. +recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito. +recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo. +recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero +recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account) +recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account? +recovery_questionnaire_loginfactor.yes=Si +recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento. +recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti www.agov.ch/help per articoli di supporto. +recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti www.agov.ch/me e verifichi se può accedere con successo. +recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit www.agov.ch/me per rimuovere quello a cui ha perso l'accesso. +recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza +recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza) +recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione +recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza +recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV +recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere +recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV +recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato) +recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo. +recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero: +recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso. +recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino. +recovery_start_info.title=Il processo di ripristino sta per iniziare. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Cambiare Password +title.pwreset=Password Forgotten +user_input.invalid.email=Inserire un'e-mail valida. +user_input.invalid.email.required=Campo obbligatorio +user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_login.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_login.js new file mode 100644 index 0000000..eed68c4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_login.js @@ -0,0 +1,165 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +function messageCheckPhone() { + const text = document.getElementsByName('info.check.phone')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + const authenticationType = document.getElementsByName('authenticationType')[0].value; + if (authenticationType == 'push') { + messageCheckPhone(); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function authenticateUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud login done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud login failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud login failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_login'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + authenticateUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_onboard.js new file mode 100644 index 0000000..5332d9f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/authcloud_onboard.js @@ -0,0 +1,154 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function onboardUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud onboarding done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud onboarding failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud onboarding failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_onboard'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + onboardUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/base64.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/base64.js new file mode 100644 index 0000000..24ecf9e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/base64.js @@ -0,0 +1,87 @@ +/* + * Base64URL-ArrayBuffer + * https://github.com/herrjemand/Base64URL-ArrayBuffer + * + * Copyright (c) 2017 Yuriy Ackermann + * Copyright (c) 2012 Niklas von Hertzen + * Licensed under the MIT license. + * + */ +(function() { + "use strict"; + + var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + // Use a lookup table to find the index. + var lookup = new Uint8Array(256); + for (var i = 0; i < chars.length; i++) { + lookup[chars.charCodeAt(i)] = i; + } + + var encode = function(arraybuffer) { + var bytes = new Uint8Array(arraybuffer), + i, len = bytes.length, base64 = ""; + + for (i = 0; i < len; i+=3) { + base64 += chars[bytes[i] >> 2]; + base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)]; + base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)]; + base64 += chars[bytes[i + 2] & 63]; + } + + if ((len % 3) === 2) { + base64 = base64.substring(0, base64.length - 1); + } else if (len % 3 === 1) { + base64 = base64.substring(0, base64.length - 2); + } + + return base64; + }; + + var decode = function(base64) { + var bufferLength = base64.length * 0.75, + len = base64.length, i, p = 0, + encoded1, encoded2, encoded3, encoded4; + + var arraybuffer = new ArrayBuffer(bufferLength), + bytes = new Uint8Array(arraybuffer); + + for (i = 0; i < len; i+=4) { + encoded1 = lookup[base64.charCodeAt(i)]; + encoded2 = lookup[base64.charCodeAt(i+1)]; + encoded3 = lookup[base64.charCodeAt(i+2)]; + encoded4 = lookup[base64.charCodeAt(i+3)]; + + bytes[p++] = (encoded1 << 2) | (encoded2 >> 4); + bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2); + bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63); + } + + return arraybuffer; + }; + + /** + * Exporting and stuff + */ + if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { + module.exports = { + 'encode': encode, + 'decode': decode + } + + } else { + if (typeof define === 'function' && define.amd) { + define([], function() { + return { + 'encode': encode, + 'decode': decode + } + }); + } else { + window.base64url = { + 'encode': encode, + 'decode': decode + } + } + } +})(); \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap-theme.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap-theme.min.css new file mode 100644 index 0000000..4aaa13e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap-theme.min.css @@ -0,0 +1,9 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * The Nevis @btn-default-color: #6ebabd + * Bootstrap v3.4.1 (https://getbootstrap.com/) + */ + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-success.active,.btn-info.active,.btn-warning.active,.btn-danger.active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-default.disabled,.btn-primary.disabled,.btn-success.disabled,.btn-info.disabled,.btn-warning.disabled,.btn-danger.disabled,.btn-default[disabled],.btn-primary[disabled],.btn-success[disabled],.btn-info[disabled],.btn-warning[disabled],.btn-danger[disabled],fieldset[disabled] .btn-default,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-info,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-danger{-webkit-box-shadow:none;box-shadow:none}.btn-default .badge,.btn-primary .badge,.btn-success .badge,.btn-info .badge,.btn-warning .badge,.btn-danger .badge{text-shadow:none}.btn:active,.btn.active{background-image:none}.btn-default{background-image:-webkit-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-o-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#e0e0e0));background-image:linear-gradient(to bottom, #fff 0, #e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#dbdbdb;text-shadow:0 1px 0 #fff;border-color:#ccc}.btn-default:hover,.btn-default:focus{background-color:#e0e0e0;background-position:0 -15px}.btn-default:active,.btn-default.active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-primary:hover,.btn-primary:focus{background-color:#6ebabd;background-position:0 -15px}.btn-primary:active,.btn-primary.active{background-color:#6ebabd;border-color:#67b7ba}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#6ebabd;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-success:hover,.btn-success:focus{background-color:#6ebabd;background-position:0 -15px}.btn-success:active,.btn-success.active{background-color:#6ebabd;border-color:#67b7ba}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#6ebabd;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#2aabd2));background-image:linear-gradient(to bottom, #5bc0de 0, #2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:hover,.btn-info:focus{background-color:#2aabd2;background-position:0 -15px}.btn-info:active,.btn-info.active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-warning:hover,.btn-warning:focus{background-color:#be2331;background-position:0 -15px}.btn-warning:active,.btn-warning.active{background-color:#be2331;border-color:#b5222f}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#be2331;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-danger:hover,.btn-danger:focus{background-color:#be2331;background-position:0 -15px}.btn-danger:active,.btn-danger.active{background-color:#be2331;border-color:#b5222f}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#be2331;background-image:none}.thumbnail,.img-thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{background-image:-webkit-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-o-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #65b6b9), to(#53aeb1));background-image:linear-gradient(to bottom, #65b6b9 0, #53aeb1 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff65b6b9', endColorstr='#ff53aeb1', GradientType=0);background-repeat:repeat-x;background-color:#53aeb1}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x;background-color:#006e73}.navbar-default{background-image:-webkit-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-o-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#f8f8f8));background-image:linear-gradient(to bottom, #fff 0, #f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075)}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-o-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dbdbdb), to(#e2e2e2));background-image:linear-gradient(to bottom, #dbdbdb 0, #e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.075);box-shadow:inset 0 3px 9px rgba(0,0,0,0.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,0.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-o-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #3c3c3c), to(#222));background-image:linear-gradient(to bottom, #3c3c3c 0, #222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-o-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #080808), to(#0f0f0f));background-image:linear-gradient(to bottom, #080808 0, #0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.25);box-shadow:inset 0 3px 9px rgba(0,0,0,0.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-static-top,.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05)}.alert-success{background-image:-webkit-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#c8e5bc));background-image:linear-gradient(to bottom, #dff0d8 0, #c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#b9def0));background-image:linear-gradient(to bottom, #d9edf7 0, #b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#f8efc0));background-image:linear-gradient(to bottom, #fcf8e3 0, #f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-o-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#e7c3c3));background-image:linear-gradient(to bottom, #f2dede 0, #e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #ebebeb), to(#f5f5f5));background-image:linear-gradient(to bottom, #ebebeb 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top, #00868c 0, #005559 100%);background-image:-o-linear-gradient(top, #00868c 0, #005559 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#005559));background-image:linear-gradient(to bottom, #00868c 0, #005559 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff005559', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-o-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#75bdc0));background-image:linear-gradient(to bottom, #98ced0 0, #75bdc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff75bdc0', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#31b0d5));background-image:linear-gradient(to bottom, #5bc0de 0, #31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.list-group{border-radius:3px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{text-shadow:0 -1px 0 #005559;background-image:-webkit-linear-gradient(top, #00868c 0, #006166 100%);background-image:-o-linear-gradient(top, #00868c 0, #006166 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006166));background-image:linear-gradient(to bottom, #00868c 0, #006166 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006166', GradientType=0);background-repeat:repeat-x;border-color:#006166}.list-group-item.active .badge,.list-group-item.active:hover .badge,.list-group-item.active:focus .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-o-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f5f5f5), to(#e8e8e8));background-image:linear-gradient(to bottom, #f5f5f5 0, #e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#d0e9c6));background-image:linear-gradient(to bottom, #dff0d8 0, #d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#c4e3f3));background-image:linear-gradient(to bottom, #d9edf7 0, #c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#faf2cc));background-image:linear-gradient(to bottom, #fcf8e3 0, #faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-o-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#ebcccc));background-image:linear-gradient(to bottom, #f2dede 0, #ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e8e8e8), to(#f5f5f5));background-image:linear-gradient(to bottom, #e8e8e8 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1)} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.css new file mode 100644 index 0000000..af8b6ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.css @@ -0,0 +1,11 @@ +/*! + * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=a17c489ffbed8c6e46fcf0d72d0d80db) + * Config saved to config.json and https://gist.github.com/a17c489ffbed8c6e46fcf0d72d0d80db + *//*! +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{color:#000 !important;text-shadow:none !important;background:transparent !important;-webkit-box-shadow:none !important;box-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}@font-face{font-family:"Glyphicons Halflings";src:url("../fonts/glyphicons-halflings-regular.eot");src:url("../fonts/glyphicons-halflings-regular.eot?#iefix") format("embedded-opentype"),url("../fonts/glyphicons-halflings-regular.woff2") format("woff2"),url("../fonts/glyphicons-halflings-regular.woff") format("woff"),url("../fonts/glyphicons-halflings-regular.ttf") format("truetype"),url("../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") format("svg")}.glyphicon{position:relative;top:1px;display:inline-block;font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-euro:before,.glyphicon-eur:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:hover,a:focus{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:28px}h2,.h2{font-size:26px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#00868c}a.text-primary:hover,a.text-primary:focus{color:#286090}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:hover,a.bg-primary:focus{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:"\2014 \00A0"}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:""}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:"\00A0 \2014"}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.row-no-gutters{margin-right:0;margin-left:0}.row-no-gutters [class*="col-"]{padding-right:0;padding-left:0}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}table col[class*="col-"]{position:static;display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{position:static;display:table-cell;float:none}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-appearance:none;appearance:none}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-top:4px \9;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:13px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);opacity:.65;-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;background-image:none;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#98ced0;border-color:#98ced0}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;background-image:none;border-color:#204d74}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;background-image:none;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;background-image:none;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;background-image:none;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;background-image:none;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid \9;border-right:4px solid transparent;border-left:4px solid transparent}.dropup,.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#777}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid \9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-right:15px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-right:-15px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-right:auto;margin-left:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-left,.media-right,.media-body{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item.disabled:hover,.list-group-item.disabled:focus{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>.small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#c7ddef}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,button.list-group-item:hover,a.list-group-item:focus,button.list-group-item:focus{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,button.list-group-item-success:hover,a.list-group-item-success:focus,button.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,button.list-group-item-success.active,a.list-group-item-success.active:hover,button.list-group-item-success.active:hover,a.list-group-item-success.active:focus,button.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,button.list-group-item-info:hover,a.list-group-item-info:focus,button.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,button.list-group-item-info.active,a.list-group-item-info.active:hover,button.list-group-item-info.active:hover,a.list-group-item-info.active:focus,button.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,button.list-group-item-warning:hover,a.list-group-item-warning:focus,button.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,button.list-group-item-warning.active,a.list-group-item-warning.active:hover,button.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus,button.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,button.list-group-item-danger:hover,a.list-group-item-danger:focus,button.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,button.list-group-item-danger.active,a.list-group-item-danger.active:hover,button.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus,button.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-right:15px;padding-left:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:12px;filter:alpha(opacity=0);opacity:0}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:14px;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2)}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover>.arrow{border-width:11px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,0.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform 0.6s ease-in-out;-o-transition:-o-transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.next,.carousel-inner>.item.active.right{-webkit-transform:translate3d(100%, 0, 0);transform:translate3d(100%, 0, 0);left:0}.carousel-inner>.item.prev,.carousel-inner>.item.active.left{-webkit-transform:translate3d(-100%, 0, 0);transform:translate3d(-100%, 0, 0);left:0}.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right,.carousel-inner>.item.active{-webkit-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0);left:0}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.5)), to(rgba(0,0,0,0.0001)));background-image:linear-gradient(to right, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.0001)), to(rgba(0,0,0,0.5)));background-image:linear-gradient(to right, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;outline:0;filter:alpha(opacity=90);opacity:.9}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%;margin-left:-10px}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%;margin-right:-10px}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:"\2039"}.carousel-control .icon-next:before{content:"\203a"}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{display:table;content:" "}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.js new file mode 100644 index 0000000..853b70d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/bootstrap.min.js @@ -0,0 +1,12 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + */ + +/*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2021 Twitter, Inc. + * Licensed under the MIT license + */ + +if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),n=i.data("bs.alert");n||i.data("bs.alert",n=new o(this)),"string"==typeof e&&n[e].call(i)})}var i='[data-dismiss="alert"]',o=function(e){t(e).on("click",i,this.close)};o.VERSION="3.4.1",o.TRANSITION_DURATION=150,o.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove()}var n=t(this),s=n.attr("data-target");s||(s=n.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,"")),s="#"===s?[]:s;var a=t(document).find(s);e&&e.preventDefault(),a.length||(a=n.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(o.TRANSITION_DURATION):i())};var n=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=o,t.fn.alert.noConflict=function(){return t.fn.alert=n,this},t(document).on("click.bs.alert.data-api",i,o.prototype.close)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.button"),s="object"==typeof e&&e;n||o.data("bs.button",n=new i(this,s)),"toggle"==e?n.toggle():e&&n.setState(e)})}var i=function(e,o){this.$element=t(e),this.options=t.extend({},i.DEFAULTS,o),this.isLoading=!1};i.VERSION="3.4.1",i.DEFAULTS={loadingText:"loading..."},i.prototype.setState=function(e){var i="disabled",o=this.$element,n=o.is("input")?"val":"html",s=o.data();e+="Text",null==s.resetText&&o.data("resetText",o[n]()),setTimeout(t.proxy(function(){o[n](null==s[e]?this.options[e]:s[e]),"loadingText"==e?(this.isLoading=!0,o.addClass(i).attr(i,i).prop(i,!0)):this.isLoading&&(this.isLoading=!1,o.removeClass(i).removeAttr(i).prop(i,!1))},this),0)},i.prototype.toggle=function(){var t=!0,e=this.$element.closest('[data-toggle="buttons"]');if(e.length){var i=this.$element.find("input");"radio"==i.prop("type")?(i.prop("checked")&&(t=!1),e.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==i.prop("type")&&(i.prop("checked")!==this.$element.hasClass("active")&&(t=!1),this.$element.toggleClass("active")),i.prop("checked",this.$element.hasClass("active")),t&&i.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var o=t.fn.button;t.fn.button=e,t.fn.button.Constructor=i,t.fn.button.noConflict=function(){return t.fn.button=o,this},t(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(i){var o=t(i.target).closest(".btn");e.call(o,"toggle"),t(i.target).is('input[type="radio"], input[type="checkbox"]')||(i.preventDefault(),o.is("input,button")?o.trigger("focus"):o.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(e){t(e.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(e.type))})}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.carousel"),s=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e),a="string"==typeof e?e:s.slide;n||o.data("bs.carousel",n=new i(this,s)),"number"==typeof e?n.to(e):a?n[a]():s.interval&&n.pause().cycle()})}var i=function(e,i){this.$element=t(e),this.$indicators=this.$element.find(".carousel-indicators"),this.options=i,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",t.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",t.proxy(this.pause,this)).on("mouseleave.bs.carousel",t.proxy(this.cycle,this))};i.VERSION="3.4.1",i.TRANSITION_DURATION=600,i.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},i.prototype.keydown=function(t){if(!/input|textarea/i.test(t.target.tagName)){switch(t.which){case 37:this.prev();break;case 39:this.next();break;default:return}t.preventDefault()}},i.prototype.cycle=function(e){return e||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(t.proxy(this.next,this),this.options.interval)),this},i.prototype.getItemIndex=function(t){return this.$items=t.parent().children(".item"),this.$items.index(t||this.$active)},i.prototype.getItemForDirection=function(t,e){var i=this.getItemIndex(e),o="prev"==t&&0===i||"next"==t&&i==this.$items.length-1;if(o&&!this.options.wrap)return e;var n="prev"==t?-1:1,s=(i+n)%this.$items.length;return this.$items.eq(s)},i.prototype.to=function(t){var e=this,i=this.getItemIndex(this.$active=this.$element.find(".item.active"));return t>this.$items.length-1||0>t?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){e.to(t)}):i==t?this.pause().cycle():this.slide(t>i?"next":"prev",this.$items.eq(t))},i.prototype.pause=function(e){return e||(this.paused=!0),this.$element.find(".next, .prev").length&&t.support.transition&&(this.$element.trigger(t.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},i.prototype.next=function(){return this.sliding?void 0:this.slide("next")},i.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},i.prototype.slide=function(e,o){var n=this.$element.find(".item.active"),s=o||this.getItemForDirection(e,n),a=this.interval,r="next"==e?"left":"right",l=this;if(s.hasClass("active"))return this.sliding=!1;var h=s[0],d=t.Event("slide.bs.carousel",{relatedTarget:h,direction:r});if(this.$element.trigger(d),!d.isDefaultPrevented()){if(this.sliding=!0,a&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var p=t(this.$indicators.children()[this.getItemIndex(s)]);p&&p.addClass("active")}var c=t.Event("slid.bs.carousel",{relatedTarget:h,direction:r});return t.support.transition&&this.$element.hasClass("slide")?(s.addClass(e),"object"==typeof s&&s.length&&s[0].offsetWidth,n.addClass(r),s.addClass(r),n.one("bsTransitionEnd",function(){s.removeClass([e,r].join(" ")).addClass("active"),n.removeClass(["active",r].join(" ")),l.sliding=!1,setTimeout(function(){l.$element.trigger(c)},0)}).emulateTransitionEnd(i.TRANSITION_DURATION)):(n.removeClass("active"),s.addClass("active"),this.sliding=!1,this.$element.trigger(c)),a&&this.cycle(),this}};var o=t.fn.carousel;t.fn.carousel=e,t.fn.carousel.Constructor=i,t.fn.carousel.noConflict=function(){return t.fn.carousel=o,this};var n=function(i){var o=t(this),n=o.attr("href");n&&(n=n.replace(/.*(?=#[^\s]+$)/,""));var s=o.attr("data-target")||n,a=t(document).find(s);if(a.hasClass("carousel")){var r=t.extend({},a.data(),o.data()),l=o.attr("data-slide-to");l&&(r.interval=!1),e.call(a,r),l&&a.data("bs.carousel").to(l),i.preventDefault()}};t(document).on("click.bs.carousel.data-api","[data-slide]",n).on("click.bs.carousel.data-api","[data-slide-to]",n),t(window).on("load",function(){t('[data-ride="carousel"]').each(function(){var i=t(this);e.call(i,i.data())})})}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var o="#"!==i?t(document).find(i):null;return o&&o.length?o:e.parent()}function i(i){i&&3===i.which||(t(n).remove(),t(s).each(function(){var o=t(this),n=e(o),s={relatedTarget:this};n.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(n[0],i.target)||(n.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(o.attr("aria-expanded","false"),n.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))))}))}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.dropdown");o||i.data("bs.dropdown",o=new a(this)),"string"==typeof e&&o[e].call(i)})}var n=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle)};a.VERSION="3.4.1",a.prototype.toggle=function(o){var n=t(this);if(!n.is(".disabled, :disabled")){var s=e(n),a=s.hasClass("open");if(i(),!a){"ontouchstart"in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(o=t.Event("show.bs.dropdown",r)),o.isDefaultPrevented())return;n.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r))}return!1}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var o=t(this);if(i.preventDefault(),i.stopPropagation(),!o.is(".disabled, :disabled")){var n=e(o),a=n.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&n.find(s).trigger("focus"),o.trigger("click");var r=" li:not(.disabled):visible a",l=n.find(".dropdown-menu"+r);if(l.length){var h=l.index(i.target);38==i.which&&h>0&&h--,40==i.which&&hdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""})},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left)}this.bodyIsOverflowing=document.body.clientWidtha;a++)if(o.match(n[a]))return!0;return!1}function i(i,o,n){if(0===i.length)return i;if(n&&"function"==typeof n)return n(i);if(!document.implementation||!document.implementation.createHTMLDocument)return i;var s=document.implementation.createHTMLDocument("sanitization");s.body.innerHTML=i;for(var a=t.map(o,function(t,e){return e}),r=t(s.body).find("*"),l=0,h=r.length;h>l;l++){var d=r[l],p=d.nodeName.toLowerCase();if(-1!==t.inArray(p,a))for(var c=t.map(d.attributes,function(t){return t}),f=[].concat(o["*"]||[],o[p]||[]),u=0,g=c.length;g>u;u++)e(c[u],f)||d.removeAttribute(c[u].nodeName);else d.parentNode.removeChild(d)}return s.body.innerHTML}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.tooltip"),n="object"==typeof e&&e;!o&&/destroy|hide/.test(e)||(o||i.data("bs.tooltip",o=new d(this,n)),"string"==typeof e&&o[e]())})}var n=["sanitize","whiteList","sanitizeFn"],s=["background","cite","href","itemtype","longdesc","poster","src","xlink:href"],a=/^aria-[\w-]*$/i,r={"*":["class","dir","id","lang","role",a],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width","height"],li:[],ol:[],p:[],pre:[],s:[],small:[],span:[],sub:[],sup:[],strong:[],u:[],ul:[]},l=/^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi,h=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i,d=function(t,e){this.type=null,this.options=null,this.enabled=null,this.timeout=null,this.hoverState=null,this.$element=null,this.inState=null,this.init("tooltip",t,e)};d.VERSION="3.4.1",d.TRANSITION_DURATION=150,d.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0},sanitize:!0,sanitizeFn:null,whiteList:r},d.prototype.init=function(e,i,o){if(this.enabled=!0,this.type=e,this.$element=t(i),this.options=this.getOptions(o),this.$viewport=this.options.viewport&&t(document).find(t.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var n=this.options.trigger.split(" "),s=n.length;s--;){var a=n[s];if("click"==a)this.$element.on("click."+this.type,this.options.selector,t.proxy(this.toggle,this));else if("manual"!=a){var r="hover"==a?"mouseenter":"focusin",l="hover"==a?"mouseleave":"focusout";this.$element.on(r+"."+this.type,this.options.selector,t.proxy(this.enter,this)),this.$element.on(l+"."+this.type,this.options.selector,t.proxy(this.leave,this))}}this.options.selector?this._options=t.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},d.prototype.getDefaults=function(){return d.DEFAULTS},d.prototype.getOptions=function(e){var o=this.$element.data();for(var s in o)o.hasOwnProperty(s)&&-1!==t.inArray(s,n)&&delete o[s];return e=t.extend({},this.getDefaults(),o,e),e.delay&&"number"==typeof e.delay&&(e.delay={show:e.delay,hide:e.delay}),e.sanitize&&(e.template=i(e.template,e.whiteList,e.sanitizeFn)),e},d.prototype.getDelegateOptions=function(){var e={},i=this.getDefaults();return this._options&&t.each(this._options,function(t,o){i[t]!=o&&(e[t]=o)}),e},d.prototype.enter=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusin"==e.type?"focus":"hover"]=!0),i.tip().hasClass("in")||"in"==i.hoverState?void(i.hoverState="in"):(clearTimeout(i.timeout),i.hoverState="in",i.options.delay&&i.options.delay.show?void(i.timeout=setTimeout(function(){"in"==i.hoverState&&i.show()},i.options.delay.show)):i.show())},d.prototype.isInStateTrue=function(){for(var t in this.inState)if(this.inState[t])return!0;return!1},d.prototype.leave=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusout"==e.type?"focus":"hover"]=!1),i.isInStateTrue()?void 0:(clearTimeout(i.timeout),i.hoverState="out",i.options.delay&&i.options.delay.hide?void(i.timeout=setTimeout(function(){"out"==i.hoverState&&i.hide()},i.options.delay.hide)):i.hide())},d.prototype.show=function(){var e=t.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(e);var i=t.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(e.isDefaultPrevented()||!i)return;var o=this,n=this.tip(),s=this.getUID(this.type);this.setContent(),n.attr("id",s),this.$element.attr("aria-describedby",s),this.options.animation&&n.addClass("fade");var a="function"==typeof this.options.placement?this.options.placement.call(this,n[0],this.$element[0]):this.options.placement,r=/\s?auto?\s?/i,l=r.test(a);l&&(a=a.replace(r,"")||"top"),n.detach().css({top:0,left:0,display:"block"}).addClass(a).data("bs."+this.type,this),this.options.container?n.appendTo(t(document).find(this.options.container)):n.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var h=this.getPosition(),p=n[0].offsetWidth,c=n[0].offsetHeight;if(l){var f=a,u=this.getPosition(this.$viewport);a="bottom"==a&&h.bottom+c>u.bottom?"top":"top"==a&&h.top-cu.width?"left":"left"==a&&h.left-pa.top+a.height&&(n.top=a.top+a.height-l)}else{var h=e.left-s,d=e.left+s+i;ha.right&&(n.left=a.left+a.width-d)}return n},d.prototype.getTitle=function(){var t,e=this.$element,i=this.options;return t=e.attr("data-original-title")||("function"==typeof i.title?i.title.call(e[0]):i.title)},d.prototype.getUID=function(t){do t+=~~(1e6*Math.random());while(document.getElementById(t));return t},d.prototype.tip=function(){if(!this.$tip&&(this.$tip=t(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},d.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},d.prototype.enable=function(){this.enabled=!0},d.prototype.disable=function(){this.enabled=!1},d.prototype.toggleEnabled=function(){this.enabled=!this.enabled},d.prototype.toggle=function(e){var i=this;e&&(i=t(e.currentTarget).data("bs."+this.type),i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i))),e?(i.inState.click=!i.inState.click,i.isInStateTrue()?i.enter(i):i.leave(i)):i.tip().hasClass("in")?i.leave(i):i.enter(i)},d.prototype.destroy=function(){var t=this;clearTimeout(this.timeout),this.hide(function(){t.$element.off("."+t.type).removeData("bs."+t.type),t.$tip&&t.$tip.detach(),t.$tip=null,t.$arrow=null,t.$viewport=null,t.$element=null})},d.prototype.sanitizeHtml=function(t){return i(t,this.options.whiteList,this.options.sanitizeFn)};var p=t.fn.tooltip;t.fn.tooltip=o,t.fn.tooltip.Constructor=d,t.fn.tooltip.noConflict=function(){return t.fn.tooltip=p,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.popover"),s="object"==typeof e&&e;!n&&/destroy|hide/.test(e)||(n||o.data("bs.popover",n=new i(this,s)),"string"==typeof e&&n[e]())})}var i=function(t,e){this.init("popover",t,e)};if(!t.fn.tooltip)throw new Error("Popover requires tooltip.js");i.VERSION="3.4.1",i.DEFAULTS=t.extend({},t.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),i.prototype=t.extend({},t.fn.tooltip.Constructor.prototype),i.prototype.constructor=i,i.prototype.getDefaults=function(){return i.DEFAULTS},i.prototype.setContent=function(){var t=this.tip(),e=this.getTitle(),i=this.getContent();if(this.options.html){var o=typeof i;this.options.sanitize&&(e=this.sanitizeHtml(e),"string"===o&&(i=this.sanitizeHtml(i))),t.find(".popover-title").html(e),t.find(".popover-content").children().detach().end()["string"===o?"html":"append"](i)}else t.find(".popover-title").text(e),t.find(".popover-content").children().detach().end().text(i);t.removeClass("fade top bottom left right in"),t.find(".popover-title").html()||t.find(".popover-title").hide()},i.prototype.hasContent=function(){return this.getTitle()||this.getContent()},i.prototype.getContent=function(){var t=this.$element,e=this.options;return t.attr("data-content")||("function"==typeof e.content?e.content.call(t[0]):e.content)},i.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var o=t.fn.popover;t.fn.popover=e,t.fn.popover.Constructor=i,t.fn.popover.noConflict=function(){return t.fn.popover=o,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.tab");n||o.data("bs.tab",n=new i(this)),"string"==typeof e&&n[e]()})}var i=function(e){this.element=t(e)};i.VERSION="3.4.1",i.TRANSITION_DURATION=150,i.prototype.show=function(){var e=this.element,i=e.closest("ul:not(.dropdown-menu)"),o=e.data("target");if(o||(o=e.attr("href"),o=o&&o.replace(/.*(?=#[^\s]*$)/,"")),!e.parent("li").hasClass("active")){var n=i.find(".active:last a"),s=t.Event("hide.bs.tab",{relatedTarget:e[0]}),a=t.Event("show.bs.tab",{relatedTarget:n[0]});if(n.trigger(s),e.trigger(a),!a.isDefaultPrevented()&&!s.isDefaultPrevented()){var r=t(document).find(o);this.activate(e.closest("li"),i),this.activate(r,r.parent(),function(){n.trigger({type:"hidden.bs.tab",relatedTarget:e[0]}),e.trigger({type:"shown.bs.tab",relatedTarget:n[0]})})}}},i.prototype.activate=function(e,o,n){function s(){a.removeClass("active").find("> .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),e.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),r?(e[0].offsetWidth,e.addClass("in")):e.removeClass("fade"),e.parent(".dropdown-menu").length&&e.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),n&&n()}var a=o.find("> .active"),r=n&&t.support.transition&&(a.length&&a.hasClass("fade")||!!o.find("> .fade").length);a.length&&r?a.one("bsTransitionEnd",s).emulateTransitionEnd(i.TRANSITION_DURATION):s(),a.removeClass("in")};var o=t.fn.tab;t.fn.tab=e,t.fn.tab.Constructor=i,t.fn.tab.noConflict=function(){return t.fn.tab=o,this};var n=function(i){i.preventDefault(),e.call(t(this),"show")};t(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',n).on("click.bs.tab.data-api",'[data-toggle="pill"]',n)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.affix"),s="object"==typeof e&&e;n||o.data("bs.affix",n=new i(this,s)),"string"==typeof e&&n[e]()})}var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o);var n=this.options.target===i.DEFAULTS.target?t(this.options.target):t(document).find(this.options.target);this.$target=n.on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};i.VERSION="3.4.1",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,e,i,o){var n=this.$target.scrollTop(),s=this.$element.offset(),a=this.$target.height();if(null!=i&&"top"==this.affixed)return i>n?"top":!1;if("bottom"==this.affixed)return null!=i?n+this.unpin<=s.top?!1:"bottom":t-o>=n+a?!1:"bottom";var r=null==this.affixed,l=r?n:s.top,h=r?a:e;return null!=i&&i>=n?"top":null!=o&&l+h>=t-o?"bottom":!1},i.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(i.RESET).addClass("affix");var t=this.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){ + if(this.$element.is(":visible")){var e=this.$element.height(),o=this.options.offset,n=o.top,s=o.bottom,a=Math.max(t(document).height(),t(document.body).height());"object"!=typeof o&&(s=n=o),"function"==typeof n&&(n=o.top(this.$element)),"function"==typeof s&&(s=o.bottom(this.$element));var r=this.getState(a,e,n,s);if(this.affixed!=r){null!=this.unpin&&this.$element.css("top","");var l="affix"+(r?"-"+r:""),h=t.Event(l+".bs.affix");if(this.$element.trigger(h),h.isDefaultPrevented())return;this.affixed=r,this.unpin="bottom"==r?this.getPinnedOffset():null,this.$element.removeClass(i.RESET).addClass(l).trigger(l.replace("affix","affixed")+".bs.affix")}"bottom"==r&&this.$element.offset({top:a-e-s})}};var o=t.fn.affix;t.fn.affix=e,t.fn.affix.Constructor=i,t.fn.affix.noConflict=function(){return t.fn.affix=o,this},t(window).on("load",function(){t('[data-spy="affix"]').each(function(){var i=t(this),o=i.data();o.offset=o.offset||{},null!=o.offsetBottom&&(o.offset.bottom=o.offsetBottom),null!=o.offsetTop&&(o.offset.top=o.offsetTop),e.call(i,o)})})}(jQuery),+function(t){"use strict";function e(e){var i,o=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(document).find(o)}function i(e){return this.each(function(){var i=t(this),n=i.data("bs.collapse"),s=t.extend({},o.DEFAULTS,i.data(),"object"==typeof e&&e);!n&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),n||i.data("bs.collapse",n=new o(this,s)),"string"==typeof e&&n[e]()})}var o=function(e,i){this.$element=t(e),this.options=t.extend({},o.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};o.VERSION="3.4.1",o.TRANSITION_DURATION=350,o.DEFAULTS={toggle:!0},o.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height"},o.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,n=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(n&&n.length&&(e=n.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){n&&n.length&&(i.call(n,"hide"),e||n.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!t.support.transition)return r.call(this);var l=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(o.TRANSITION_DURATION)[a](this.$element[0][l])}}}},o.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var n=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(n,this)).emulateTransitionEnd(o.TRANSITION_DURATION):n.call(this)}}},o.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},o.prototype.getParent=function(){return t(document).find(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,o){var n=t(o);this.addAriaAndCollapsedClass(e(n),n)},this)).end()},o.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i)};var n=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=o,t.fn.collapse.noConflict=function(){return t.fn.collapse=n,this},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(o){var n=t(this);n.attr("data-target")||o.preventDefault();var s=e(n),a=s.data("bs.collapse"),r=a?"toggle":n.data();i.call(s,r)})}(jQuery),+function(t){"use strict";function e(i,o){this.$body=t(document.body),this.$scrollElement=t(t(i).is(document.body)?window:i),this.options=t.extend({},e.DEFAULTS,o),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",t.proxy(this.process,this)),this.refresh(),this.process()}function i(i){return this.each(function(){var o=t(this),n=o.data("bs.scrollspy"),s="object"==typeof i&&i;n||o.data("bs.scrollspy",n=new e(this,s)),"string"==typeof i&&n[i]()})}e.VERSION="3.4.1",e.DEFAULTS={offset:10},e.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},e.prototype.refresh=function(){var e=this,i="offset",o=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),t.isWindow(this.$scrollElement[0])||(i="position",o=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var e=t(this),n=e.data("target")||e.attr("href"),s=/^#./.test(n)&&t(n);return s&&s.length&&s.is(":visible")&&[[s[i]().top+o,n]]||null}).sort(function(t,e){return t[0]-e[0]}).each(function(){e.offsets.push(this[0]),e.targets.push(this[1])})},e.prototype.process=function(){var t,e=this.$scrollElement.scrollTop()+this.options.offset,i=this.getScrollHeight(),o=this.options.offset+i-this.$scrollElement.height(),n=this.offsets,s=this.targets,a=this.activeTarget;if(this.scrollHeight!=i&&this.refresh(),e>=o)return a!=(t=s[s.length-1])&&this.activate(t);if(a&&e=n[t]&&(void 0===n[t+1]||e 36px */ +} + +.container { + min-width: 260px; + max-width: 700px; +} + +h1 { + margin-bottom: 50px; +} + +footer { + width: 100%; + position: absolute; + bottom: 0; + padding: 0 36px; +} + +img { + width: 100%; +} + +/******************************************************** + * Header + ********************************************************/ + +header .logo { + /* width: 20%;*/ + /*max-width: 600px;*/ + max-height: 150px; + width: auto; +} + +/******************************************************** + * Dropdown + ********************************************************/ +a.dropdown-toggle { + text-decoration: none; +} + +a.dropdown-toggle:hover { + color: #168CA9; + border-bottom: 3px solid #168CA9; +} + +.dropdown-menu { + padding: 5px 0; +} + +.dropdown-menu li > a { + padding: 6px 28px; +} + +.dropdown-menu a > .prefix { + display: inline-block; + min-width: 22px; + margin-right: 28px; + text-align: right; +} + +/******************************************************** + * Form + ********************************************************/ + +/* Labels should not be bold */ +label { + font-weight: normal; +} + +/* Make error messages bold */ +.has-error .help-block { + font-weight: bold; +} + +/* Change button size, by default 116px in width */ +.btn { + min-width: 116px; + padding: 3px 12px; +} + +/* Disable gradient in buttons, ughhhh */ +.btn.btn-primary { + border-color: transparent; + background-image: none; + text-shadow: none; + box-shadow: none; + -webkit-box-shadow: none; +} + +.help-block a, .help-block a:visited { + color: #168CA9; + font-weight: bold; + text-decoration: none; +} + +.help-block a:hover { + color: #168CA9; + text-decoration: underline; +} + +/******************************************************** + * Footer + ********************************************************/ +footer .row { + margin: 36px 0 0 0; + height: 40px; + padding-top: 14px; + line-height: 26px; /* to center text: height - padding-top = 26px */ + border-top: 1px solid #168CA9; +} + +footer .row > div { /* Fix alignment between border + text on Bootstrap grid */ + padding: 0; +} + +footer .logo-round-container { + position: relative; +} + +footer .logo-round { + position: absolute; + left: 0; + right: 0; + top: -33px; /* found visually with Chrome Dev Tools */ + height: 36px; + width: 36px; + border: 1px solid #00868c; + border-radius: 18px; + background: #fff; + padding: 8px; +} + +footer .logo-round > img { + display: block; +} + +#dispatchTargets { + margin-top: 20px; +} + +/******************************************************** + * Social login + ********************************************************/ +.btn.line { + background-color: transparent; + display: block; + width: 100%; + padding: 0; + margin: 1.5em 0 1em; + border: 0.5px solid #ccc; + pointer-events: none; +} + +.btn.socialLogin { + background-color: #fff; + border: thin solid #ccc; + color: #000; + font-weight: 600; + position: relative; + margin: 5px; + min-width: 140px; + width: 210px; + border-radius: 8px; + padding: 8px 12px; + text-align: left; +} + +.socialLogin img { + width: 1.5em; + height: 108%; + margin-right: 0.5em; +} + +.btn.apple img { + width: 1.2em; +} + +/******************************************************** + * Show password + ********************************************************/ +.icon-inside { + position: relative; +} + +.icon-inside input { + padding-right: calc(0.75rem + 1.25rem + 0.75rem); +} + +.icon-inside button { + position: absolute; + right: 0; + top: 0; + margin-top: 0.45rem; + margin-right: 0.45rem; + background: #FFFFFF; + border: #FFFFFF; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/dropdown.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/dropdown.js new file mode 100644 index 0000000..cdd301c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/dropdown.js @@ -0,0 +1,36 @@ +(function() { + var closeDropdownTimeout; + + function closeDropdown(event) { + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) { + dropdownMenu.style.display = 'none'; + } + } + + // remove event listener till we have a new dropdown menu open + if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) { + document.removeEventListener('click', closeDropdown); + } + } + + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'none'; // ensure menu is initially hidden + + dropdowns[i].addEventListener('click', function(e) { + // show dropdown menu + var dropdownMenu = this.querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'block'; + + // handle clicking away + clearTimeout(closeDropdownTimeout); + closeDropdownTimeout = setTimeout(function() { + document.addEventListener('click', closeDropdown); + }, 10); + }); + } +}()); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/e2eenc.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/e2eenc.js new file mode 100644 index 0000000..932c0c6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/e2eenc.js @@ -0,0 +1,98 @@ +var e2eenc = function() { + + this.encryptForm = function(algoString, formId) { + // TODO: in case of an error we should return false, to prevent the for to be submitted + // or replace the fields with dummy values, just to prevent the the transmission + // of unencrypted values + + + // create the array of input fields to encrypt (needs to be done before setting the form + // invisible + var fieldsToEncrypt = new Array(); + $.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));}); + + // hide the form, and display the splash screen + $('#loginform').css('display','none'); + $('#e2eeSplashScreen').css('display','block'); + + // encryption logic + var pubKey = $("input[name='e2eenc.publicKey']").val(); + + var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey) + var iv = forge.random.getBytesSync(16); + keyB64 = forge.util.encode64(kemSessionKey.key); + encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation); + ivB64 = forge.util.encode64(iv); + + //console.log("Encrypting form " + formId + " (" + algoString + ")"); + var fields = ""; + $.each(fieldsToEncrypt, function(index, _inputField) { + var inputField = $(_inputField); + if (inputField.attr("type") == "text" || inputField.attr("type") == "password") { + //console.log("Encrypting field " + JSON.stringify(inputField)); + var plainValue = inputField.val(); + + var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue); + //console.log("Setting encrypted value in b64: " + encryptedValueB64); + inputField.val(encryptedValueB64); + if (fields.length > 0) { + fields = fields + "," + } + fields = fields + inputField.attr("name"); + } + }); + $("input[name='e2eenc.iv']").val(ivB64); + $("input[name='e2eenc.encapsulation']").val(encapsulationB64); + $("input[name='e2eenc.fields']").val(fields); + } + + function getRSApublicKey(pem) { + //console.log("PEM: " + pem); + + var msg = forge.pem.decode(pem)[0]; + + //console.log("msg type: " + msg.type); + + if(msg.procType && msg.procType.type === 'ENCRYPTED') { + throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.'); + } + + // convert DER to ASN.1 object + var asn1obj = forge.asn1.fromDer(msg.body); + //console.log("ASN.1 obj: " + JSON.stringify(asn1obj)) + + var pubKey = forge.pki.publicKeyFromAsn1(asn1obj) + //console.log("PubKey: " + JSON.stringify(pubKey)) + return pubKey; + } + + function generateKEMSessionKey(rsaPublicKey) { + // generate key-derivation-function and initializes it with sha1 + var kdf1 = new forge.kem.kdf1(forge.md.sha1.create()); + // creates a KEM function based on the key-derivation-function created above + var kem = forge.kem.rsa.create(kdf1); + // generate and encapsulate a 16-byte secret key. + // The secret key is generated using the kdf defined above. + var kemSessionKey = kem.encrypt(rsaPublicKey, 16); + // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key) + return kemSessionKey; + } + + function readPublicKeyAndGenerateSessionKey(pem) { + var rsaPublicKey = getRSApublicKey(pem); + //console.log("PubKey: " + JSON.stringify(rsaPublicKey)) + var kemSessionKey = generateKEMSessionKey(rsaPublicKey); + //console.log("KEM session key: " + JSON.stringify(kemSessionKey)) + return kemSessionKey; + } + + function encrypt(kemSessionKey, iv, msg) { + var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key); + cipher.start({iv: iv}); + cipher.update(forge.util.createBuffer(msg, 'utf-8')); + cipher.finish(); + var encrypted = cipher.output.getBytes(); + encryptedB64 = forge.util.encode64(encrypted); + return encryptedB64; + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye-off.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye-off.svg new file mode 100644 index 0000000..c29471a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye-off.svg @@ -0,0 +1,3 @@ + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye.svg new file mode 100644 index 0000000..6c23ec8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/eye.svg @@ -0,0 +1,4 @@ + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth.js new file mode 100644 index 0000000..aa6372a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth.js @@ -0,0 +1,61 @@ +(function() { + 'use strict' + + async function assertion(options) { + let credential; + try { + credential = await navigator.credentials.get({ "publicKey": options }); + } + // Cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to get WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/assertion/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData)); + addInput(form, "response.signature", base64url.encode(credential.response.signature)); + document.body.appendChild(form); + form.submit(); + } + + function authenticate() { + // WebAuthn feature detection + if (!isWebAuthnSupportedByTheBrowser()) { + cancelFido2(); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.challenge = base64url.decode(options.challenge); + options.allowCredentials = options.allowCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + return assertion(options); + }).catch((error) => { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + }); + } + + authenticate(); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth_std.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth_std.js new file mode 100644 index 0000000..0296291 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_auth_std.js @@ -0,0 +1,175 @@ +(function() { + 'use strict' + + async function authenticate(username, params) { + + try { + const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params; + const { startAuthentication } = SimpleWebAuthnBrowser; + + // fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use + const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint); + const fido2SessionId = authOptRespJson.fido2SessionId; + + // do the client side authentication using the SimpleWebAuthn JS library + const authRespJson = await startAuthentication(authOptRespJson); + + // in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests) + // then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it + if (!authRespJson.response.userHandle) { + const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint); + + if (statusRespJson && statusRespJson.userId) { + console.log("adding userHandle: " + statusRespJson.userId); + authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle + } + else { + throw new Error('userHandle is missing and could not determine it using the status service'); + } + } + else { + console.log("userHandle already set: " + authRespJson.response.userHandle); + } + + // send the assertion response created by the authenticator to nevisFIDO + const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint); + + // checking the server response of nevisFIDO + if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) { + let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error'; + throw new Error('authentication failed: ' + errorMessage); + } + + // send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the + // nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE + await updateNevisAuth(fido2SessionId, nevisAuthEndpoint); + + console.log('authentication was successful'); + + console.log('reloading page...'); + window.location.reload(); + } + catch (error) { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + } + }; + + async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) { + + const authOptReqJson = { + 'username': username, + 'userVerification': userVerification, + }; + + const authOptReq = JSON.stringify(authOptReqJson); + console.log('authOptReq ==> ' + authOptReq); + + const authOptResp = await fetch(authenticationOptionsEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authOptReq, + }); + + if (!authOptResp.ok) { + throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText); + } + + const authOptRespJson = await authOptResp.json() + console.log('authOptResp <== ' + JSON.stringify(authOptRespJson)); + + return authOptRespJson; + }; + + async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) { + + const statusReqJson = { + 'fido2SessionId': fido2SessionId, + }; + + const statusReq = JSON.stringify(statusReqJson); + console.log('statusReq ==> ' + statusReq); + + const statusResp = await fetch(statusServiceEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: statusReq, + }); + + if (!statusResp.ok) { + throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText); + } + + const statusRespJson = await statusResp.json(); + console.log('statusResp <== ' + JSON.stringify(statusRespJson)); + + return statusRespJson; + } + + async function submitAssertion(authRespJson, authenticationEndpoint) { + + console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle); + + // TODO koenig 20230504: read btoa once nevisFIDO is adapted + let encodedAuthResp = { + "id": authRespJson.id, + "response": { + "authenticatorData": authRespJson.response.authenticatorData, + "signature": authRespJson.response.signature, + "userHandle": authRespJson.response.userHandle, + "clientDataJSON": authRespJson.response.clientDataJSON + }, + "type": authRespJson.type + } + + const authResp = JSON.stringify(encodedAuthResp); + console.log('authResp ==> ' + authResp); + + const serverResp = await fetch(authenticationEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authResp, + }); + + if (!serverResp.ok) { + throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText); + } + + const serverRespJson = await serverResp.json(); + console.log('serverResp <== ' + JSON.stringify(serverRespJson)); + + return serverRespJson; + }; + + async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) { + + console.log('updateNevisAuth ==> ' + fido2SessionId); + + const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, { + method: 'GET', + credentials: 'same-origin', + headers: { + 'nevis-fido2-session-id': fido2SessionId, + } + }); + + if (!updateNevisAuthResponse.ok) { + throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText); + } + + console.log('updateNevisAuth <== OK'); + + return; + }; + + // TODO koenig 20230206: we don't generate IDs into the HTML yet + let username = document.getElementsByName("username")[0].value; + params.nevisAuthEndpoint = window.location.href; + authenticate(username, params); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_onboard.js new file mode 100644 index 0000000..9d92a57 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_onboard.js @@ -0,0 +1,70 @@ +function dispatch(name) { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, name, "true"); + document.body.appendChild(form); + form.submit(); +} + +async function attestation(options) { + let credential; + try { + credential = await navigator.credentials.create({ "publicKey": options }); + } + // cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to create WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/attestation/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject)); + document.body.appendChild(form); + form.submit(); +} + +function start() { + + if (!isWebAuthnSupportedByTheBrowser()) { + dispatch("unsupported"); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.user.id = base64url.decode(options.user.id); + options.challenge = base64url.decode(options.challenge); + if (options.excludeCredentials != null) { + options.excludeCredentials = options.excludeCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + } + if (options.authenticatorSelection.authenticatorAttachment === null) { + options.authenticatorSelection.authenticatorAttachment = undefined; + } + return attestation(options); + }).catch((error) => { + console.log('Error during FIDO2 onboarding: ' + error); + dispatch("failed"); + }); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_utils.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_utils.js new file mode 100644 index 0000000..dc6056c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/fido2_utils.js @@ -0,0 +1,40 @@ +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +/** + * Checks whether WebAuthn is supported by the browser or not. + * @return true if supported, false if it is not supported or not in secure context + */ +function isWebAuthnSupportedByTheBrowser() { + if (window.isSecureContext) { + // This feature is available only in secure contexts in some or all supporting browsers. + if ('credentials' in navigator) { + return true; + } + console.warn('Oh no! This browser does not support WebAuthn.'); + return false; + } + console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".'); + return false; +} + +/** + * Trigger on cancel pattern of the FIDO2 authentication step. + * + * Provides an alternative when the user decides to + * cancel the fido2 credential operation(create or fetch) or + * the operation fails and the error cannot be handled. + */ +function cancelFido2() { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "cancel_fido2", "true"); + document.body.appendChild(form); + form.submit(); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/forge.bundle.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/forge.bundle.js new file mode 100644 index 0000000..58cb6a8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/resources/forge.bundle.js @@ -0,0 +1,28767 @@ +(function(root, factory) { + if(typeof define === 'function' && define.amd) { + define([], factory); + } else { + root.forge = factory(); + } +})(this, function() { +/** + * @license almond 0.2.9 Copyright (c) 2011-2014, The Dojo Foundation All Rights Reserved. + * Available via the MIT or new BSD license. + * see: http://github.com/jrburke/almond for details + */ +//Going sloppy to avoid 'use strict' string cost, but strict practices should +//be followed. +/*jslint sloppy: true */ +/*global setTimeout: false */ + +var requirejs, require, define; +(function (undef) { + var main, req, makeMap, handlers, + defined = {}, + waiting = {}, + config = {}, + defining = {}, + hasOwn = Object.prototype.hasOwnProperty, + aps = [].slice, + jsSuffixRegExp = /\.js$/; + + function hasProp(obj, prop) { + return hasOwn.call(obj, prop); + } + + /** + * Given a relative module name, like ./something, normalize it to + * a real name that can be mapped to a path. + * @param {String} name the relative name + * @param {String} baseName a real name that the name arg is relative + * to. + * @returns {String} normalized name + */ + function normalize(name, baseName) { + var nameParts, nameSegment, mapValue, foundMap, lastIndex, + foundI, foundStarMap, starI, i, j, part, + baseParts = baseName && baseName.split("/"), + map = config.map, + starMap = (map && map['*']) || {}; + + //Adjust any relative paths. + if (name && name.charAt(0) === ".") { + //If have a base name, try to normalize against it, + //otherwise, assume it is a top-level require that will + //be relative to baseUrl in the end. + if (baseName) { + //Convert baseName to array, and lop off the last part, + //so that . matches that "directory" and not name of the baseName's + //module. For instance, baseName of "one/two/three", maps to + //"one/two/three.js", but we want the directory, "one/two" for + //this normalization. + baseParts = baseParts.slice(0, baseParts.length - 1); + name = name.split('/'); + lastIndex = name.length - 1; + + // Node .js allowance: + if (config.nodeIdCompat && jsSuffixRegExp.test(name[lastIndex])) { + name[lastIndex] = name[lastIndex].replace(jsSuffixRegExp, ''); + } + + name = baseParts.concat(name); + + //start trimDots + for (i = 0; i < name.length; i += 1) { + part = name[i]; + if (part === ".") { + name.splice(i, 1); + i -= 1; + } else if (part === "..") { + if (i === 1 && (name[2] === '..' || name[0] === '..')) { + //End of the line. Keep at least one non-dot + //path segment at the front so it can be mapped + //correctly to disk. Otherwise, there is likely + //no path mapping for a path starting with '..'. + //This can still fail, but catches the most reasonable + //uses of .. + break; + } else if (i > 0) { + name.splice(i - 1, 2); + i -= 2; + } + } + } + //end trimDots + + name = name.join("/"); + } else if (name.indexOf('./') === 0) { + // No baseName, so this is ID is resolved relative + // to baseUrl, pull off the leading dot. + name = name.substring(2); + } + } + + //Apply map config if available. + if ((baseParts || starMap) && map) { + nameParts = name.split('/'); + + for (i = nameParts.length; i > 0; i -= 1) { + nameSegment = nameParts.slice(0, i).join("/"); + + if (baseParts) { + //Find the longest baseName segment match in the config. + //So, do joins on the biggest to smallest lengths of baseParts. + for (j = baseParts.length; j > 0; j -= 1) { + mapValue = map[baseParts.slice(0, j).join('/')]; + + //baseName segment has config, find if it has one for + //this name. + if (mapValue) { + mapValue = mapValue[nameSegment]; + if (mapValue) { + //Match, update name to the new value. + foundMap = mapValue; + foundI = i; + break; + } + } + } + } + + if (foundMap) { + break; + } + + //Check for a star map match, but just hold on to it, + //if there is a shorter segment match later in a matching + //config, then favor over this star map. + if (!foundStarMap && starMap && starMap[nameSegment]) { + foundStarMap = starMap[nameSegment]; + starI = i; + } + } + + if (!foundMap && foundStarMap) { + foundMap = foundStarMap; + foundI = starI; + } + + if (foundMap) { + nameParts.splice(0, foundI, foundMap); + name = nameParts.join('/'); + } + } + + return name; + } + + function makeRequire(relName, forceSync) { + return function () { + //A version of a require function that passes a moduleName + //value for items that may need to + //look up paths relative to the moduleName + return req.apply(undef, aps.call(arguments, 0).concat([relName, forceSync])); + }; + } + + function makeNormalize(relName) { + return function (name) { + return normalize(name, relName); + }; + } + + function makeLoad(depName) { + return function (value) { + defined[depName] = value; + }; + } + + function callDep(name) { + if (hasProp(waiting, name)) { + var args = waiting[name]; + delete waiting[name]; + defining[name] = true; + main.apply(undef, args); + } + + if (!hasProp(defined, name) && !hasProp(defining, name)) { + throw new Error('No ' + name); + } + return defined[name]; + } + + //Turns a plugin!resource to [plugin, resource] + //with the plugin being undefined if the name + //did not have a plugin prefix. + function splitPrefix(name) { + var prefix, + index = name ? name.indexOf('!') : -1; + if (index > -1) { + prefix = name.substring(0, index); + name = name.substring(index + 1, name.length); + } + return [prefix, name]; + } + + /** + * Makes a name map, normalizing the name, and using a plugin + * for normalization if necessary. Grabs a ref to plugin + * too, as an optimization. + */ + makeMap = function (name, relName) { + var plugin, + parts = splitPrefix(name), + prefix = parts[0]; + + name = parts[1]; + + if (prefix) { + prefix = normalize(prefix, relName); + plugin = callDep(prefix); + } + + //Normalize according + if (prefix) { + if (plugin && plugin.normalize) { + name = plugin.normalize(name, makeNormalize(relName)); + } else { + name = normalize(name, relName); + } + } else { + name = normalize(name, relName); + parts = splitPrefix(name); + prefix = parts[0]; + name = parts[1]; + if (prefix) { + plugin = callDep(prefix); + } + } + + //Using ridiculous property names for space reasons + return { + f: prefix ? prefix + '!' + name : name, //fullName + n: name, + pr: prefix, + p: plugin + }; + }; + + function makeConfig(name) { + return function () { + return (config && config.config && config.config[name]) || {}; + }; + } + + handlers = { + require: function (name) { + return makeRequire(name); + }, + exports: function (name) { + var e = defined[name]; + if (typeof e !== 'undefined') { + return e; + } else { + return (defined[name] = {}); + } + }, + module: function (name) { + return { + id: name, + uri: '', + exports: defined[name], + config: makeConfig(name) + }; + } + }; + + main = function (name, deps, callback, relName) { + var cjsModule, depName, ret, map, i, + args = [], + callbackType = typeof callback, + usingExports; + + //Use name if no relName + relName = relName || name; + + //Call the callback to define the module, if necessary. + if (callbackType === 'undefined' || callbackType === 'function') { + //Pull out the defined dependencies and pass the ordered + //values to the callback. + //Default to [require, exports, module] if no deps + deps = !deps.length && callback.length ? ['require', 'exports', 'module'] : deps; + for (i = 0; i < deps.length; i += 1) { + map = makeMap(deps[i], relName); + depName = map.f; + + //Fast path CommonJS standard dependencies. + if (depName === "require") { + args[i] = handlers.require(name); + } else if (depName === "exports") { + //CommonJS module spec 1.1 + args[i] = handlers.exports(name); + usingExports = true; + } else if (depName === "module") { + //CommonJS module spec 1.1 + cjsModule = args[i] = handlers.module(name); + } else if (hasProp(defined, depName) || + hasProp(waiting, depName) || + hasProp(defining, depName)) { + args[i] = callDep(depName); + } else if (map.p) { + map.p.load(map.n, makeRequire(relName, true), makeLoad(depName), {}); + args[i] = defined[depName]; + } else { + throw new Error(name + ' missing ' + depName); + } + } + + ret = callback ? callback.apply(defined[name], args) : undefined; + + if (name) { + //If setting exports via "module" is in play, + //favor that over return value and exports. After that, + //favor a non-undefined return value over exports use. + if (cjsModule && cjsModule.exports !== undef && + cjsModule.exports !== defined[name]) { + defined[name] = cjsModule.exports; + } else if (ret !== undef || !usingExports) { + //Use the return value from the function. + defined[name] = ret; + } + } + } else if (name) { + //May just be an object definition for the module. Only + //worry about defining if have a module name. + defined[name] = callback; + } + }; + + requirejs = require = req = function (deps, callback, relName, forceSync, alt) { + if (typeof deps === "string") { + if (handlers[deps]) { + //callback in this case is really relName + return handlers[deps](callback); + } + //Just return the module wanted. In this scenario, the + //deps arg is the module name, and second arg (if passed) + //is just the relName. + //Normalize module name, if it contains . or .. + return callDep(makeMap(deps, callback).f); + } else if (!deps.splice) { + //deps is a config object, not an array. + config = deps; + if (config.deps) { + req(config.deps, config.callback); + } + if (!callback) { + return; + } + + if (callback.splice) { + //callback is an array, which means it is a dependency list. + //Adjust args if there are dependencies + deps = callback; + callback = relName; + relName = null; + } else { + deps = undef; + } + } + + //Support require(['a']) + callback = callback || function () {}; + + //If relName is a function, it is an errback handler, + //so remove it. + if (typeof relName === 'function') { + relName = forceSync; + forceSync = alt; + } + + //Simulate async callback; + if (forceSync) { + main(undef, deps, callback, relName); + } else { + //Using a non-zero value because of concern for what old browsers + //do, and latest browsers "upgrade" to 4 if lower value is used: + //http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-windowtimers-settimeout: + //If want a value immediately, use require('id') instead -- something + //that works in almond on the global level, but not guaranteed and + //unlikely to work in other AMD implementations. + setTimeout(function () { + main(undef, deps, callback, relName); + }, 4); + } + + return req; + }; + + /** + * Just drops the config on the floor, but returns req in case + * the config return value is used. + */ + req.config = function (cfg) { + return req(cfg); + }; + + /** + * Expose module registry for debugging and tooling + */ + requirejs._defined = defined; + + define = function (name, deps, callback) { + + //This module may not have dependencies + if (!deps.splice) { + //deps is not an array, so probably means + //an object literal or factory function for + //the value. Adjust args. + callback = deps; + deps = []; + } + + if (!hasProp(defined, name) && !hasProp(waiting, name)) { + waiting[name] = [name, deps, callback]; + } + }; + + define.amd = { + jQuery: true + }; +}()); + +define("node_modules/almond/almond", function(){}); + +/** + * Utility functions for web applications. + * + * @author Dave Longley + * + * Copyright (c) 2010-2014 Digital Bazaar, Inc. + */ +(function() { +/* ########## Begin module implementation ########## */ +function initModule(forge) { + +/* Utilities API */ +var util = forge.util = forge.util || {}; + +// define setImmediate and nextTick +if(typeof process === 'undefined' || !process.nextTick) { + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + util.nextTick = function(callback) { + return setImmediate(callback); + }; + } else { + util.setImmediate = function(callback) { + setTimeout(callback, 0); + }; + util.nextTick = util.setImmediate; + } +} else { + util.nextTick = process.nextTick; + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + } else { + util.setImmediate = util.nextTick; + } +} + +// define isArray +util.isArray = Array.isArray || function(x) { + return Object.prototype.toString.call(x) === '[object Array]'; +}; + +// define isArrayBuffer +util.isArrayBuffer = function(x) { + return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; +}; + +// define isArrayBufferView +var _arrayBufferViews = []; +if(typeof DataView !== 'undefined') { + _arrayBufferViews.push(DataView); +} +if(typeof Int8Array !== 'undefined') { + _arrayBufferViews.push(Int8Array); +} +if(typeof Uint8Array !== 'undefined') { + _arrayBufferViews.push(Uint8Array); +} +if(typeof Uint8ClampedArray !== 'undefined') { + _arrayBufferViews.push(Uint8ClampedArray); +} +if(typeof Int16Array !== 'undefined') { + _arrayBufferViews.push(Int16Array); +} +if(typeof Uint16Array !== 'undefined') { + _arrayBufferViews.push(Uint16Array); +} +if(typeof Int32Array !== 'undefined') { + _arrayBufferViews.push(Int32Array); +} +if(typeof Uint32Array !== 'undefined') { + _arrayBufferViews.push(Uint32Array); +} +if(typeof Float32Array !== 'undefined') { + _arrayBufferViews.push(Float32Array); +} +if(typeof Float64Array !== 'undefined') { + _arrayBufferViews.push(Float64Array); +} +util.isArrayBufferView = function(x) { + for(var i = 0; i < _arrayBufferViews.length; ++i) { + if(x instanceof _arrayBufferViews[i]) { + return true; + } + } + return false; +}; + +// TODO: set ByteBuffer to best available backing +util.ByteBuffer = ByteStringBuffer; + +/** Buffer w/BinaryString backing */ + +/** + * Constructor for a binary string backed byte buffer. + * + * @param [b] the bytes to wrap (either encoded as string, one byte per + * character, or as an ArrayBuffer or Typed Array). + */ +function ByteStringBuffer(b) { + // TODO: update to match DataBuffer API + + // the data in this buffer + this.data = ''; + // the pointer for reading from this buffer + this.read = 0; + + if(typeof b === 'string') { + this.data = b; + } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { + // convert native buffer to forge buffer + // FIXME: support native buffers internally instead + var arr = new Uint8Array(b); + try { + this.data = String.fromCharCode.apply(null, arr); + } catch(e) { + for(var i = 0; i < arr.length; ++i) { + this.putByte(arr[i]); + } + } + } else if(b instanceof ByteStringBuffer || + (typeof b === 'object' && typeof b.data === 'string' && + typeof b.read === 'number')) { + // copy existing buffer + this.data = b.data; + this.read = b.read; + } + + // used for v8 optimization + this._constructedStringLength = 0; +} +util.ByteStringBuffer = ByteStringBuffer; + +/* Note: This is an optimization for V8-based browsers. When V8 concatenates + a string, the strings are only joined logically using a "cons string" or + "constructed/concatenated string". These containers keep references to one + another and can result in very large memory usage. For example, if a 2MB + string is constructed by concatenating 4 bytes together at a time, the + memory usage will be ~44MB; so ~22x increase. The strings are only joined + together when an operation requiring their joining takes place, such as + substr(). This function is called when adding data to this buffer to ensure + these types of strings are periodically joined to reduce the memory + footprint. */ +var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; +util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { + this._constructedStringLength += x; + if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { + // this substr() should cause the constructed string to join + this.data.substr(0, 1); + this._constructedStringLength = 0; + } +}; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.ByteStringBuffer.prototype.length = function() { + return this.data.length - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.ByteStringBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putByte = function(b) { + return this.putBytes(String.fromCharCode(b)); +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { + b = String.fromCharCode(b); + var d = this.data; + while(n > 0) { + if(n & 1) { + d += b; + } + n >>>= 1; + if(n > 0) { + b += b; + } + } + this.data = d; + this._optimizeConstructedString(n); + return this; +}; + +/** + * Puts bytes in this buffer. + * + * @param bytes the bytes (as a UTF-8 encoded string) to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBytes = function(bytes) { + this.data += bytes; + this._optimizeConstructedString(bytes.length); + return this; +}; + +/** + * Puts a UTF-16 encoded string into this buffer. + * + * @param str the string to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putString = function(str) { + return this.putBytes(util.encodeUtf8(str)); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 24 & 0xFF)); +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt = function(i, n) { + var bytes = ''; + do { + n -= 8; + bytes += String.fromCharCode((i >> n) & 0xFF); + } while(n > 0); + return this.putBytes(bytes); +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBuffer = function(buffer) { + return this.putBytes(buffer.getBytes()); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.getByte = function() { + return this.data.charCodeAt(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 8 ^ + this.data.charCodeAt(this.read + 1)); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 16 ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 24 ^ + this.data.charCodeAt(this.read + 1) << 16 ^ + this.data.charCodeAt(this.read + 2) << 8 ^ + this.data.charCodeAt(this.read + 3)); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16 ^ + this.data.charCodeAt(this.read + 3) << 24); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.charCodeAt(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.ByteStringBuffer.prototype.getBytes = function(count) { + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.ByteStringBuffer.prototype.bytes = function(count) { + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.at = function(i) { + return this.data.charCodeAt(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.setAt = function(i, b) { + this.data = this.data.substr(0, this.read + i) + + String.fromCharCode(b) + + this.data.substr(this.read + i + 1); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.ByteStringBuffer.prototype.last = function() { + return this.data.charCodeAt(this.data.length - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.ByteStringBuffer.prototype.copy = function() { + var c = util.createBuffer(this.data); + c.read = this.read; + return c; +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.compact = function() { + if(this.read > 0) { + this.data = this.data.slice(this.read); + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.clear = function() { + this.data = ''; + this.read = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.truncate = function(count) { + var len = Math.max(0, this.length() - count); + this.data = this.data.substr(this.read, len); + this.read = 0; + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.ByteStringBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.length; ++i) { + var b = this.data.charCodeAt(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a UTF-16 string (standard JavaScript string). + * + * @return a UTF-16 string. + */ +util.ByteStringBuffer.prototype.toString = function() { + return util.decodeUtf8(this.bytes()); +}; + +/** End Buffer w/BinaryString backing */ + + +/** Buffer w/UInt8Array backing */ + +/** + * FIXME: Experimental. Do not use yet. + * + * Constructor for an ArrayBuffer-backed byte buffer. + * + * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a + * TypedArray. + * + * If a string is given, its encoding should be provided as an option, + * otherwise it will default to 'binary'. A 'binary' string is encoded such + * that each character is one byte in length and size. + * + * If an ArrayBuffer, DataView, or TypedArray is given, it will be used + * *directly* without any copying. Note that, if a write to the buffer requires + * more space, the buffer will allocate a new backing ArrayBuffer to + * accommodate. The starting read and write offsets for the buffer may be + * given as options. + * + * @param [b] the initial bytes for this buffer. + * @param options the options to use: + * [readOffset] the starting read offset to use (default: 0). + * [writeOffset] the starting write offset to use (default: the + * length of the first parameter). + * [growSize] the minimum amount, in bytes, to grow the buffer by to + * accommodate writes (default: 1024). + * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the + * first parameter, if it is a string (default: 'binary'). + */ +function DataBuffer(b, options) { + // default options + options = options || {}; + + // pointers for read from/write to buffer + this.read = options.readOffset || 0; + this.growSize = options.growSize || 1024; + + var isArrayBuffer = util.isArrayBuffer(b); + var isArrayBufferView = util.isArrayBufferView(b); + if(isArrayBuffer || isArrayBufferView) { + // use ArrayBuffer directly + if(isArrayBuffer) { + this.data = new DataView(b); + } else { + // TODO: adjust read/write offset based on the type of view + // or specify that this must be done in the options ... that the + // offsets are byte-based + this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); + } + this.write = ('writeOffset' in options ? + options.writeOffset : this.data.byteLength); + return; + } + + // initialize to empty array buffer and add any given bytes using putBytes + this.data = new DataView(new ArrayBuffer(0)); + this.write = 0; + + if(b !== null && b !== undefined) { + this.putBytes(b); + } + + if('writeOffset' in options) { + this.write = options.writeOffset; + } +} +util.DataBuffer = DataBuffer; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.DataBuffer.prototype.length = function() { + return this.write - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.DataBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Ensures this buffer has enough empty space to accommodate the given number + * of bytes. An optional parameter may be given that indicates a minimum + * amount to grow the buffer if necessary. If the parameter is not given, + * the buffer will be grown by some previously-specified default amount + * or heuristic. + * + * @param amount the number of bytes to accommodate. + * @param [growSize] the minimum amount, in bytes, to grow the buffer by if + * necessary. + */ +util.DataBuffer.prototype.accommodate = function(amount, growSize) { + if(this.length() >= amount) { + return this; + } + growSize = Math.max(growSize || this.growSize, amount); + + // grow buffer + var src = new Uint8Array( + this.data.buffer, this.data.byteOffset, this.data.byteLength); + var dst = new Uint8Array(this.length() + growSize); + dst.set(src); + this.data = new DataView(dst.buffer); + + return this; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putByte = function(b) { + this.accommodate(1); + this.data.setUint8(this.write++, b); + return this; +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.fillWithByte = function(b, n) { + this.accommodate(n); + for(var i = 0; i < n; ++i) { + this.data.setUint8(b); + } + return this; +}; + +/** + * Puts bytes in this buffer. The bytes may be given as a string, an + * ArrayBuffer, a DataView, or a TypedArray. + * + * @param bytes the bytes to put. + * @param [encoding] the encoding for the first parameter ('binary', 'utf8', + * 'utf16', 'hex'), if it is a string (default: 'binary'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBytes = function(bytes, encoding) { + if(util.isArrayBufferView(bytes)) { + var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); + var len = src.byteLength - src.byteOffset; + this.accommodate(len); + var dst = new Uint8Array(this.data.buffer, this.write); + dst.set(src); + this.write += len; + return this; + } + + if(util.isArrayBuffer(bytes)) { + var src = new Uint8Array(bytes); + this.accommodate(src.byteLength); + var dst = new Uint8Array(this.data.buffer); + dst.set(src, this.write); + this.write += src.byteLength; + return this; + } + + // bytes is a util.DataBuffer or equivalent + if(bytes instanceof util.DataBuffer || + (typeof bytes === 'object' && + typeof bytes.read === 'number' && typeof bytes.write === 'number' && + util.isArrayBufferView(bytes.data))) { + var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); + this.accommodate(src.byteLength); + var dst = new Uint8Array(bytes.data.byteLength, this.write); + dst.set(src); + this.write += src.byteLength; + return this; + } + + if(bytes instanceof util.ByteStringBuffer) { + // copy binary string and process as the same as a string parameter below + bytes = bytes.data; + encoding = 'binary'; + } + + // string conversion + encoding = encoding || 'binary'; + if(typeof bytes === 'string') { + var view; + + // decode from string + if(encoding === 'hex') { + this.accommodate(Math.ceil(bytes.length / 2)); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.hex.decode(bytes, view, this.write); + return this; + } + if(encoding === 'base64') { + this.accommodate(Math.ceil(bytes.length / 4) * 3); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.base64.decode(bytes, view, this.write); + return this; + } + + // encode text as UTF-8 bytes + if(encoding === 'utf8') { + // encode as UTF-8 then decode string as raw binary + bytes = util.encodeUtf8(bytes); + encoding = 'binary'; + } + + // decode string as raw binary + if(encoding === 'binary' || encoding === 'raw') { + // one byte per character + this.accommodate(bytes.length); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.raw.decode(view); + return this; + } + + // encode text as UTF-16 bytes + if(encoding === 'utf16') { + // two bytes per character + this.accommodate(bytes.length * 2); + view = new Uint16Array(this.data.buffer, this.write); + this.write += util.text.utf16.encode(view); + return this; + } + + throw new Error('Invalid encoding: ' + encoding); + } + + throw Error('Invalid parameter: ' + bytes); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBuffer = function(buffer) { + this.putBytes(buffer); + buffer.clear(); + return this; +}; + +/** + * Puts a string into this buffer. + * + * @param str the string to put. + * @param [encoding] the encoding for the string (default: 'utf16'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putString = function(str) { + return this.putBytes(str, 'utf16'); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16 = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24 = function(i) { + this.accommodate(3); + this.data.setInt16(this.write, i >> 8 & 0xFFFF); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32 = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i); + this.write += 4; + return this; +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16Le = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i, true); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24Le = function(i) { + this.accommodate(3); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.data.setInt16(this.write, i >> 8 & 0xFFFF, true); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32Le = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i, true); + this.write += 4; + return this; +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt = function(i, n) { + this.accommodate(n / 8); + do { + n -= 8; + this.data.setInt8(this.write++, (i >> n) & 0xFF); + } while(n > 0); + return this; +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putSignedInt = function(i, n) { + this.accommodate(n / 8); + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.DataBuffer.prototype.getByte = function() { + return this.data.getInt8(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16 = function() { + var rval = this.data.getInt16(this.read); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.getInt16(this.read) << 8 ^ + this.data.getInt8(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32 = function() { + var rval = this.data.getInt32(this.read); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16Le = function() { + var rval = this.data.getInt16(this.read, true); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.getInt8(this.read) ^ + this.data.getInt16(this.read + 1, true) << 8); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32Le = function() { + var rval = this.data.getInt32(this.read, true); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.getInt8(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.DataBuffer.prototype.getBytes = function(count) { + // TODO: deprecate this method, it is poorly named and + // this.toString('binary') replaces it + // add a toTypedArray()/toArrayBuffer() function + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.DataBuffer.prototype.bytes = function(count) { + // TODO: deprecate this method, it is poorly named, add "getString()" + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.DataBuffer.prototype.at = function(i) { + return this.data.getUint8(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.setAt = function(i, b) { + this.data.setUint8(i, b); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.DataBuffer.prototype.last = function() { + return this.data.getUint8(this.write - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.DataBuffer.prototype.copy = function() { + return new util.DataBuffer(this); +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.compact = function() { + if(this.read > 0) { + var src = new Uint8Array(this.data.buffer, this.read); + var dst = new Uint8Array(src.byteLength); + dst.set(src); + this.data = new DataView(dst); + this.write -= this.read; + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.clear = function() { + this.data = new DataView(new ArrayBuffer(0)); + this.read = this.write = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.DataBuffer.prototype.truncate = function(count) { + this.write = Math.max(0, this.length() - count); + this.read = Math.min(this.read, this.write); + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.DataBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.byteLength; ++i) { + var b = this.data.getUint8(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a string, using the given encoding. If no + * encoding is given, 'utf8' (UTF-8) is used. + * + * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex', + * 'base64' (default: 'utf8'). + * + * @return a string representation of the bytes in this buffer. + */ +util.DataBuffer.prototype.toString = function(encoding) { + var view = new Uint8Array(this.data, this.read, this.length()); + encoding = encoding || 'utf8'; + + // encode to string + if(encoding === 'binary' || encoding === 'raw') { + return util.binary.raw.encode(view); + } + if(encoding === 'hex') { + return util.binary.hex.encode(view); + } + if(encoding === 'base64') { + return util.binary.base64.encode(view); + } + + // decode to text + if(encoding === 'utf8') { + return util.text.utf8.decode(view); + } + if(encoding === 'utf16') { + return util.text.utf16.decode(view); + } + + throw new Error('Invalid encoding: ' + encoding); +}; + +/** End Buffer w/UInt8Array backing */ + + +/** + * Creates a buffer that stores bytes. A value may be given to put into the + * buffer that is either a string of bytes or a UTF-16 string that will + * be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding). + * + * @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode + * as UTF-8. + * @param [encoding] (default: 'raw', other: 'utf8'). + */ +util.createBuffer = function(input, encoding) { + // TODO: deprecate, use new ByteBuffer() instead + encoding = encoding || 'raw'; + if(input !== undefined && encoding === 'utf8') { + input = util.encodeUtf8(input); + } + return new util.ByteBuffer(input); +}; + +/** + * Fills a string with a particular value. If you want the string to be a byte + * string, pass in String.fromCharCode(theByte). + * + * @param c the character to fill the string with, use String.fromCharCode + * to fill the string with a byte value. + * @param n the number of characters of value c to fill with. + * + * @return the filled string. + */ +util.fillString = function(c, n) { + var s = ''; + while(n > 0) { + if(n & 1) { + s += c; + } + n >>>= 1; + if(n > 0) { + c += c; + } + } + return s; +}; + +/** + * Performs a per byte XOR between two byte strings and returns the result as a + * string of bytes. + * + * @param s1 first string of bytes. + * @param s2 second string of bytes. + * @param n the number of bytes to XOR. + * + * @return the XOR'd result. + */ +util.xorBytes = function(s1, s2, n) { + var s3 = ''; + var b = ''; + var t = ''; + var i = 0; + var c = 0; + for(; n > 0; --n, ++i) { + b = s1.charCodeAt(i) ^ s2.charCodeAt(i); + if(c >= 10) { + s3 += t; + t = ''; + c = 0; + } + t += String.fromCharCode(b); + ++c; + } + s3 += t; + return s3; +}; + +/** + * Converts a hex string into a 'binary' encoded string of bytes. + * + * @param hex the hexadecimal string to convert. + * + * @return the binary-encoded string of bytes. + */ +util.hexToBytes = function(hex) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead." + var rval = ''; + var i = 0; + if(hex.length & 1 == 1) { + // odd number of characters, convert first character alone + i = 1; + rval += String.fromCharCode(parseInt(hex[0], 16)); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + } + return rval; +}; + +/** + * Converts a 'binary' encoded string of bytes to hex. + * + * @param bytes the byte string to convert. + * + * @return the string of hexadecimal characters. + */ +util.bytesToHex = function(bytes) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead." + return util.createBuffer(bytes).toHex(); +}; + +/** + * Converts an 32-bit integer to 4-big-endian byte string. + * + * @param i the integer. + * + * @return the byte string. + */ +util.int32ToBytes = function(i) { + return ( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +// base64 characters, reverse mapping +var _base64 = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; +var _base64Idx = [ +/*43 -43 = 0*/ +/*'+', 1, 2, 3,'/' */ + 62, -1, -1, -1, 63, + +/*'0','1','2','3','4','5','6','7','8','9' */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, + +/*15, 16, 17,'=', 19, 20, 21 */ + -1, -1, -1, 64, -1, -1, -1, + +/*65 - 43 = 22*/ +/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + +/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ + 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, + +/*91 - 43 = 48 */ +/*48, 49, 50, 51, 52, 53 */ + -1, -1, -1, -1, -1, -1, + +/*97 - 43 = 54*/ +/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ + 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + +/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 +]; + +/** + * Base64 encodes a 'binary' encoded string of bytes. + * + * @param input the binary encoded string of bytes to base64-encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output. + */ +util.encode64 = function(input, maxline) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead." + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Base64 decodes a string into a 'binary' encoded string of bytes. + * + * @param input the base64-encoded input. + * + * @return the binary encoded string. + */ +util.decode64 = function(input) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead." + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + var output = ''; + var enc1, enc2, enc3, enc4; + var i = 0; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); + if(enc3 !== 64) { + // decoded at least 2 bytes + output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); + if(enc4 !== 64) { + // decoded 3 bytes + output += String.fromCharCode(((enc3 & 3) << 6) | enc4); + } + } + } + + return output; +}; + +/** + * UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript + * string). Non-ASCII characters will be encoded as multiple bytes according + * to UTF-8. + * + * @param str the string to encode. + * + * @return the UTF-8 encoded string. + */ +util.encodeUtf8 = function(str) { + return unescape(encodeURIComponent(str)); +}; + +/** + * Decodes a UTF-8 encoded string into a UTF-16 string. + * + * @param str the string to decode. + * + * @return the UTF-16 encoded string (standard JavaScript string). + */ +util.decodeUtf8 = function(str) { + return decodeURIComponent(escape(str)); +}; + +// binary encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.binary = { + raw: {}, + hex: {}, + base64: {} +}; + +/** + * Encodes a Uint8Array as a binary-encoded string. This encoding uses + * a value between 0 and 255 for each character. + * + * @param bytes the Uint8Array to encode. + * + * @return the binary-encoded string. + */ +util.binary.raw.encode = function(bytes) { + return String.fromCharCode.apply(null, bytes); +}; + +/** + * Decodes a binary-encoded string to a Uint8Array. This encoding uses + * a value between 0 and 255 for each character. + * + * @param str the binary-encoded string to decode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.raw.decode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or + * ByteBuffer as a string of hexadecimal characters. + * + * @param bytes the bytes to convert. + * + * @return the string of hexadecimal characters. + */ +util.binary.hex.encode = util.bytesToHex; + +/** + * Decodes a hex-encoded string to a Uint8Array. + * + * @param hex the hexadecimal string to convert. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.hex.decode = function(hex, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(hex.length / 2)); + } + offset = offset || 0; + var i = 0, j = offset; + if(hex.length & 1) { + // odd number of characters, convert first character alone + i = 1; + out[j++] = parseInt(hex[0], 16); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + out[j++] = parseInt(hex.substr(i, 2), 16); + } + return output ? (j - offset) : out; +}; + +/** + * Base64-encodes a Uint8Array. + * + * @param input the Uint8Array to encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output string. + */ +util.binary.base64.encode = function(input, maxline) { + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.byteLength) { + chr1 = input[i++]; + chr2 = input[i++]; + chr3 = input[i++]; + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Decodes a base64-encoded string to a Uint8Array. + * + * @param input the base64-encoded input string. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.base64.decode = function(input, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(input.length / 4) * 3); + } + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + offset = offset || 0; + var enc1, enc2, enc3, enc4; + var i = 0, j = offset; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + out[j++] = (enc1 << 2) | (enc2 >> 4); + if(enc3 !== 64) { + // decoded at least 2 bytes + out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2); + if(enc4 !== 64) { + // decoded 3 bytes + out[j++] = ((enc3 & 3) << 6) | enc4; + } + } + } + + // make sure result is the exact decoded length + return output ? + (j - offset) : + out.subarray(0, j); +}; + +// text encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.text = { + utf8: {}, + utf16: {} +}; + +/** + * Encodes the given string as UTF-8 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf8.encode = function(str, output, offset) { + str = util.encodeUtf8(str); + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-8 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf8.decode = function(bytes) { + return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); +}; + +/** + * Encodes the given string as UTF-16 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf16.encode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + var view = new Uint16Array(out); + offset = offset || 0; + var j = offset; + var k = offset; + for(var i = 0; i < str.length; ++i) { + view[k++] = str.charCodeAt(i); + j += 2; + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-16 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf16.decode = function(bytes) { + return String.fromCharCode.apply(null, new Uint16Array(bytes)); +}; + +/** + * Deflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true to return only raw deflate data, false to include zlib + * header and trailer. + * + * @return the deflated data as a string. + */ +util.deflate = function(api, bytes, raw) { + bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); + + // strip zlib header and trailer if necessary + if(raw) { + // zlib header is 2 bytes (CMF,FLG) where FLG indicates that + // there is a 4-byte DICT (alder-32) block before the data if + // its 5th bit is set + var start = 2; + var flg = bytes.charCodeAt(1); + if(flg & 0x20) { + start = 6; + } + // zlib trailer is 4 bytes of adler-32 + bytes = bytes.substring(start, bytes.length - 4); + } + + return bytes; +}; + +/** + * Inflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true if the incoming data has no zlib header or trailer and is + * raw DEFLATE data. + * + * @return the inflated data as a string, null on error. + */ +util.inflate = function(api, bytes, raw) { + // TODO: add zlib header and trailer if necessary/possible + var rval = api.inflate(util.encode64(bytes)).rval; + return (rval === null) ? null : util.decode64(rval); +}; + +/** + * Sets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param obj the storage object, null to remove. + */ +var _setStorageObject = function(api, id, obj) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + var rval; + if(obj === null) { + rval = api.removeItem(id); + } else { + // json-encode and base64-encode object + obj = util.encode64(JSON.stringify(obj)); + rval = api.setItem(id, obj); + } + + // handle potential flash error + if(typeof(rval) !== 'undefined' && rval.rval !== true) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } +}; + +/** + * Gets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * + * @return the storage object entry or null if none exists. + */ +var _getStorageObject = function(api, id) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + // get the existing entry + var rval = api.getItem(id); + + /* Note: We check api.init because we can't do (api == localStorage) + on IE because of "Class doesn't support Automation" exception. Only + the flash api has an init method so this works too, but we need a + better solution in the future. */ + + // flash returns item wrapped in an object, handle special case + if(api.init) { + if(rval.rval === null) { + if(rval.error) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } + // no error, but also no item + rval = null; + } else { + rval = rval.rval; + } + } + + // handle decoding + if(rval !== null) { + // base64-decode and json-decode data + rval = JSON.parse(util.decode64(rval)); + } + + return rval; +}; + +/** + * Stores an item in local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + */ +var _setItem = function(api, id, key, data) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj === null) { + // create a new storage object + obj = {}; + } + // update key + obj[key] = data; + + // set storage object + _setStorageObject(api, id, obj); +}; + +/** + * Gets an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * + * @return the item. + */ +var _getItem = function(api, id, key) { + // get storage object + var rval = _getStorageObject(api, id); + if(rval !== null) { + // return data at key + rval = (key in rval) ? rval[key] : null; + } + + return rval; +}; + +/** + * Removes an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + */ +var _removeItem = function(api, id, key) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj !== null && key in obj) { + // remove key + delete obj[key]; + + // see if entry has no keys remaining + var empty = true; + for(var prop in obj) { + empty = false; + break; + } + if(empty) { + // remove entry entirely if no keys are left + obj = null; + } + + // set storage object + _setStorageObject(api, id, obj); + } +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * @param api the storage interface. + * @param id the storage ID to use. + */ +var _clearItems = function(api, id) { + _setStorageObject(api, id, null); +}; + +/** + * Calls a storage function. + * + * @param func the function to call. + * @param args the arguments for the function. + * @param location the location argument. + * + * @return the return value from the function. + */ +var _callStorageFunction = function(func, args, location) { + var rval = null; + + // default storage types + if(typeof(location) === 'undefined') { + location = ['web', 'flash']; + } + + // apply storage types in order of preference + var type; + var done = false; + var exception = null; + for(var idx in location) { + type = location[idx]; + try { + if(type === 'flash' || type === 'both') { + if(args[0] === null) { + throw new Error('Flash local storage not available.'); + } + rval = func.apply(this, args); + done = (type === 'flash'); + } + if(type === 'web' || type === 'both') { + args[0] = localStorage; + rval = func.apply(this, args); + done = true; + } + } catch(ex) { + exception = ex; + } + if(done) { + break; + } + } + + if(!done) { + throw exception; + } + + return rval; +}; + +/** + * Stores an item on local disk. + * + * The available types of local storage include 'flash', 'web', and 'both'. + * + * The type 'flash' refers to flash local storage (SharedObject). In order + * to use flash local storage, the 'api' parameter must be valid. The type + * 'web' refers to WebStorage, if supported by the browser. The type 'both' + * refers to storing using both 'flash' and 'web', not just one or the + * other. + * + * The location array should list the storage types to use in order of + * preference: + * + * ['flash']: flash only storage + * ['web']: web only storage + * ['both']: try to store in both + * ['flash','web']: store in flash first, but if not available, 'web' + * ['web','flash']: store in web first, but if not available, 'flash' + * + * The location array defaults to: ['web', 'flash'] + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + * @param location an array with the preferred types of storage to use. + */ +util.setItem = function(api, id, key, data, location) { + _callStorageFunction(_setItem, arguments, location); +}; + +/** + * Gets an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + * + * @return the item. + */ +util.getItem = function(api, id, key, location) { + return _callStorageFunction(_getItem, arguments, location); +}; + +/** + * Removes an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + */ +util.removeItem = function(api, id, key, location) { + _callStorageFunction(_removeItem, arguments, location); +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface if flash is available. + * @param id the storage ID to use. + * @param location an array with the preferred types of storage to use. + */ +util.clearItems = function(api, id, location) { + _callStorageFunction(_clearItems, arguments, location); +}; + +/** + * Parses the scheme, host, and port from an http(s) url. + * + * @param str the url string. + * + * @return the parsed url object or null if the url is invalid. + */ +util.parseUrl = function(str) { + // FIXME: this regex looks a bit broken + var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g; + regex.lastIndex = 0; + var m = regex.exec(str); + var url = (m === null) ? null : { + full: str, + scheme: m[1], + host: m[2], + port: m[3], + path: m[4] + }; + if(url) { + url.fullHost = url.host; + if(url.port) { + if(url.port !== 80 && url.scheme === 'http') { + url.fullHost += ':' + url.port; + } else if(url.port !== 443 && url.scheme === 'https') { + url.fullHost += ':' + url.port; + } + } else if(url.scheme === 'http') { + url.port = 80; + } else if(url.scheme === 'https') { + url.port = 443; + } + url.full = url.scheme + '://' + url.fullHost; + } + return url; +}; + +/* Storage for query variables */ +var _queryVariables = null; + +/** + * Returns the window location query variables. Query is parsed on the first + * call and the same object is returned on subsequent calls. The mapping + * is from keys to an array of values. Parameters without values will have + * an object key set but no value added to the value array. Values are + * unescaped. + * + * ...?k1=v1&k2=v2: + * { + * "k1": ["v1"], + * "k2": ["v2"] + * } + * + * ...?k1=v1&k1=v2: + * { + * "k1": ["v1", "v2"] + * } + * + * ...?k1=v1&k2: + * { + * "k1": ["v1"], + * "k2": [] + * } + * + * ...?k1=v1&k1: + * { + * "k1": ["v1"] + * } + * + * ...?k1&k1: + * { + * "k1": [] + * } + * + * @param query the query string to parse (optional, default to cached + * results from parsing window location search query). + * + * @return object mapping keys to variables. + */ +util.getQueryVariables = function(query) { + var parse = function(q) { + var rval = {}; + var kvpairs = q.split('&'); + for(var i = 0; i < kvpairs.length; i++) { + var pos = kvpairs[i].indexOf('='); + var key; + var val; + if(pos > 0) { + key = kvpairs[i].substring(0, pos); + val = kvpairs[i].substring(pos + 1); + } else { + key = kvpairs[i]; + val = null; + } + if(!(key in rval)) { + rval[key] = []; + } + // disallow overriding object prototype keys + if(!(key in Object.prototype) && val !== null) { + rval[key].push(unescape(val)); + } + } + return rval; + }; + + var rval; + if(typeof(query) === 'undefined') { + // set cached variables if needed + if(_queryVariables === null) { + if(typeof(window) !== 'undefined' && window.location && window.location.search) { + // parse window search query + _queryVariables = parse(window.location.search.substring(1)); + } else { + // no query variables available + _queryVariables = {}; + } + } + rval = _queryVariables; + } else { + // parse given query + rval = parse(query); + } + return rval; +}; + +/** + * Parses a fragment into a path and query. This method will take a URI + * fragment and break it up as if it were the main URI. For example: + * /bar/baz?a=1&b=2 + * results in: + * { + * path: ["bar", "baz"], + * query: {"k1": ["v1"], "k2": ["v2"]} + * } + * + * @return object with a path array and query object. + */ +util.parseFragment = function(fragment) { + // default to whole fragment + var fp = fragment; + var fq = ''; + // split into path and query if possible at the first '?' + var pos = fragment.indexOf('?'); + if(pos > 0) { + fp = fragment.substring(0, pos); + fq = fragment.substring(pos + 1); + } + // split path based on '/' and ignore first element if empty + var path = fp.split('/'); + if(path.length > 0 && path[0] === '') { + path.shift(); + } + // convert query into object + var query = (fq === '') ? {} : util.getQueryVariables(fq); + + return { + pathString: fp, + queryString: fq, + path: path, + query: query + }; +}; + +/** + * Makes a request out of a URI-like request string. This is intended to + * be used where a fragment id (after a URI '#') is parsed as a URI with + * path and query parts. The string should have a path beginning and + * delimited by '/' and optional query parameters following a '?'. The + * query should be a standard URL set of key value pairs delimited by + * '&'. For backwards compatibility the initial '/' on the path is not + * required. The request object has the following API, (fully described + * in the method code): + * { + * path: . + * query: , + * getPath(i): get part or all of the split path array, + * getQuery(k, i): get part or all of a query key array, + * getQueryLast(k, _default): get last element of a query key array. + * } + * + * @return object with request parameters. + */ +util.makeRequest = function(reqString) { + var frag = util.parseFragment(reqString); + var req = { + // full path string + path: frag.pathString, + // full query string + query: frag.queryString, + /** + * Get path or element in path. + * + * @param i optional path index. + * + * @return path or part of path if i provided. + */ + getPath: function(i) { + return (typeof(i) === 'undefined') ? frag.path : frag.path[i]; + }, + /** + * Get query, values for a key, or value for a key index. + * + * @param k optional query key. + * @param i optional query key index. + * + * @return query, values for a key, or value for a key index. + */ + getQuery: function(k, i) { + var rval; + if(typeof(k) === 'undefined') { + rval = frag.query; + } else { + rval = frag.query[k]; + if(rval && typeof(i) !== 'undefined') { + rval = rval[i]; + } + } + return rval; + }, + getQueryLast: function(k, _default) { + var rval; + var vals = req.getQuery(k); + if(vals) { + rval = vals[vals.length - 1]; + } else { + rval = _default; + } + return rval; + } + }; + return req; +}; + +/** + * Makes a URI out of a path, an object with query parameters, and a + * fragment. Uses jquery internally for query string creation. + * If the path is an array, it will be joined with '/'. + * + * @param path string path or array of strings. + * @param query object with query parameters. (optional) + * @param fragment fragment string. (optional) + * + * @return string object with request parameters. + */ +util.makeLink = function(path, query, fragment) { + // join path parts if needed + path = jQuery.isArray(path) ? path.join('/') : path; + + var qstr = jQuery.param(query || {}); + fragment = fragment || ''; + return path + + ((qstr.length > 0) ? ('?' + qstr) : '') + + ((fragment.length > 0) ? ('#' + fragment) : ''); +}; + +/** + * Follows a path of keys deep into an object hierarchy and set a value. + * If a key does not exist or it's value is not an object, create an + * object in it's place. This can be destructive to a object tree if + * leaf nodes are given as non-final path keys. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param value the value to set. + */ +util.setPath = function(object, keys, value) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + object[next] = value; + } else { + // more + var hasNext = (next in object); + if(!hasNext || + (hasNext && typeof(object[next]) !== 'object') || + (hasNext && object[next] === null)) { + object[next] = {}; + } + object = object[next]; + } + } + } +}; + +/** + * Follows a path of keys deep into an object hierarchy and return a value. + * If a key does not exist, create an object in it's place. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param _default value to return if path not found. + * + * @return the value at the path if found, else default if given, else + * undefined. + */ +util.getPath = function(object, keys, _default) { + var i = 0; + var len = keys.length; + var hasNext = true; + while(hasNext && i < len && + typeof(object) === 'object' && object !== null) { + var next = keys[i++]; + hasNext = next in object; + if(hasNext) { + object = object[next]; + } + } + return (hasNext ? object : _default); +}; + +/** + * Follow a path of keys deep into an object hierarchy and delete the + * last one. If a key does not exist, do nothing. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + */ +util.deletePath = function(object, keys) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + delete object[next]; + } else { + // more + if(!(next in object) || + (typeof(object[next]) !== 'object') || + (object[next] === null)) { + break; + } + object = object[next]; + } + } + } +}; + +/** + * Check if an object is empty. + * + * Taken from: + * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937 + * + * @param object the object to check. + */ +util.isEmpty = function(obj) { + for(var prop in obj) { + if(obj.hasOwnProperty(prop)) { + return false; + } + } + return true; +}; + +/** + * Format with simple printf-style interpolation. + * + * %%: literal '%' + * %s,%o: convert next argument into a string. + * + * @param format the string to format. + * @param ... arguments to interpolate into the format string. + */ +util.format = function(format) { + var re = /%./g; + // current match + var match; + // current part + var part; + // current arg index + var argi = 0; + // collected parts to recombine later + var parts = []; + // last index found + var last = 0; + // loop while matches remain + while((match = re.exec(format))) { + part = format.substring(last, re.lastIndex - 2); + // don't add empty strings (ie, parts between %s%s) + if(part.length > 0) { + parts.push(part); + } + last = re.lastIndex; + // switch on % code + var code = match[0][1]; + switch(code) { + case 's': + case 'o': + // check if enough arguments were given + if(argi < arguments.length) { + parts.push(arguments[argi++ + 1]); + } else { + parts.push(''); + } + break; + // FIXME: do proper formating for numbers, etc + //case 'f': + //case 'd': + case '%': + parts.push('%'); + break; + default: + parts.push('<%' + code + '?>'); + } + } + // add trailing part of format string + parts.push(format.substring(last)); + return parts.join(''); +}; + +/** + * Formats a number. + * + * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/ + */ +util.formatNumber = function(number, decimals, dec_point, thousands_sep) { + // http://kevin.vanzonneveld.net + // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // + bugfix by: Michael White (http://crestidg.com) + // + bugfix by: Benjamin Lupton + // + bugfix by: Allan Jensen (http://www.winternet.no) + // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // * example 1: number_format(1234.5678, 2, '.', ''); + // * returns 1: 1234.57 + + var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; + var d = dec_point === undefined ? ',' : dec_point; + var t = thousands_sep === undefined ? + '.' : thousands_sep, s = n < 0 ? '-' : ''; + var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + ''; + var j = (i.length > 3) ? i.length % 3 : 0; + return s + (j ? i.substr(0, j) + t : '') + + i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) + + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ''); +}; + +/** + * Formats a byte size. + * + * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/ + */ +util.formatSize = function(size) { + if(size >= 1073741824) { + size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB'; + } else if(size >= 1048576) { + size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB'; + } else if(size >= 1024) { + size = util.formatNumber(size / 1024, 0) + ' KiB'; + } else { + size = util.formatNumber(size, 0) + ' bytes'; + } + return size; +}; + +/** + * Converts an IPv4 or IPv6 string representation into bytes (in network order). + * + * @param ip the IPv4 or IPv6 address to convert. + * + * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't + * be parsed. + */ +util.bytesFromIP = function(ip) { + if(ip.indexOf('.') !== -1) { + return util.bytesFromIPv4(ip); + } + if(ip.indexOf(':') !== -1) { + return util.bytesFromIPv6(ip); + } + return null; +}; + +/** + * Converts an IPv4 string representation into bytes (in network order). + * + * @param ip the IPv4 address to convert. + * + * @return the 4-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv4 = function(ip) { + ip = ip.split('.'); + if(ip.length !== 4) { + return null; + } + var b = util.createBuffer(); + for(var i = 0; i < ip.length; ++i) { + var num = parseInt(ip[i], 10); + if(isNaN(num)) { + return null; + } + b.putByte(num); + } + return b.getBytes(); +}; + +/** + * Converts an IPv6 string representation into bytes (in network order). + * + * @param ip the IPv6 address to convert. + * + * @return the 16-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv6 = function(ip) { + var blanks = 0; + ip = ip.split(':').filter(function(e) { + if(e.length === 0) ++blanks; + return true; + }); + var zeros = (8 - ip.length + blanks) * 2; + var b = util.createBuffer(); + for(var i = 0; i < 8; ++i) { + if(!ip[i] || ip[i].length === 0) { + b.fillWithByte(0, zeros); + zeros = 0; + continue; + } + var bytes = util.hexToBytes(ip[i]); + if(bytes.length < 2) { + b.putByte(0); + } + b.putBytes(bytes); + } + return b.getBytes(); +}; + +/** + * Converts 4-bytes into an IPv4 string representation or 16-bytes into + * an IPv6 string representation. The bytes must be in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 or IPv6 string representation if 4 or 16 bytes, + * respectively, are given, otherwise null. + */ +util.bytesToIP = function(bytes) { + if(bytes.length === 4) { + return util.bytesToIPv4(bytes); + } + if(bytes.length === 16) { + return util.bytesToIPv6(bytes); + } + return null; +}; + +/** + * Converts 4-bytes into an IPv4 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv4 = function(bytes) { + if(bytes.length !== 4) { + return null; + } + var ip = []; + for(var i = 0; i < bytes.length; ++i) { + ip.push(bytes.charCodeAt(i)); + } + return ip.join('.'); +}; + +/** + * Converts 16-bytes into an IPv16 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv16 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv6 = function(bytes) { + if(bytes.length !== 16) { + return null; + } + var ip = []; + var zeroGroups = []; + var zeroMaxGroup = 0; + for(var i = 0; i < bytes.length; i += 2) { + var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); + // canonicalize zero representation + while(hex[0] === '0' && hex !== '0') { + hex = hex.substr(1); + } + if(hex === '0') { + var last = zeroGroups[zeroGroups.length - 1]; + var idx = ip.length; + if(!last || idx !== last.end + 1) { + zeroGroups.push({start: idx, end: idx}); + } else { + last.end = idx; + if((last.end - last.start) > + (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) { + zeroMaxGroup = zeroGroups.length - 1; + } + } + } + ip.push(hex); + } + if(zeroGroups.length > 0) { + var group = zeroGroups[zeroMaxGroup]; + // only shorten group of length > 0 + if(group.end - group.start > 0) { + ip.splice(group.start, group.end - group.start + 1, ''); + if(group.start === 0) { + ip.unshift(''); + } + if(group.end === 7) { + ip.push(''); + } + } + } + return ip.join(':'); +}; + +/** + * Estimates the number of processes that can be run concurrently. If + * creating Web Workers, keep in mind that the main JavaScript process needs + * its own core. + * + * @param options the options to use: + * update true to force an update (not use the cached value). + * @param callback(err, max) called once the operation completes. + */ +util.estimateCores = function(options, callback) { + if(typeof options === 'function') { + callback = options; + options = {}; + } + options = options || {}; + if('cores' in util && !options.update) { + return callback(null, util.cores); + } + if(typeof navigator !== 'undefined' && + 'hardwareConcurrency' in navigator && + navigator.hardwareConcurrency > 0) { + util.cores = navigator.hardwareConcurrency; + return callback(null, util.cores); + } + if(typeof Worker === 'undefined') { + // workers not available + util.cores = 1; + return callback(null, util.cores); + } + if(typeof Blob === 'undefined') { + // can't estimate, default to 2 + util.cores = 2; + return callback(null, util.cores); + } + + // create worker concurrency estimation code as blob + var blobUrl = URL.createObjectURL(new Blob(['(', + function() { + self.addEventListener('message', function(e) { + // run worker for 4 ms + var st = Date.now(); + var et = st + 4; + while(Date.now() < et); + self.postMessage({st: st, et: et}); + }); + }.toString(), + ')()'], {type: 'application/javascript'})); + + // take 5 samples using 16 workers + sample([], 5, 16); + + function sample(max, samples, numWorkers) { + if(samples === 0) { + // get overlap average + var avg = Math.floor(max.reduce(function(avg, x) { + return avg + x; + }, 0) / max.length); + util.cores = Math.max(1, avg); + URL.revokeObjectURL(blobUrl); + return callback(null, util.cores); + } + map(numWorkers, function(err, results) { + max.push(reduce(numWorkers, results)); + sample(max, samples - 1, numWorkers); + }); + } + + function map(numWorkers, callback) { + var workers = []; + var results = []; + for(var i = 0; i < numWorkers; ++i) { + var worker = new Worker(blobUrl); + worker.addEventListener('message', function(e) { + results.push(e.data); + if(results.length === numWorkers) { + for(var i = 0; i < numWorkers; ++i) { + workers[i].terminate(); + } + callback(null, results); + } + }); + workers.push(worker); + } + for(var i = 0; i < numWorkers; ++i) { + workers[i].postMessage(i); + } + } + + function reduce(numWorkers, results) { + // find overlapping time windows + var overlaps = []; + for(var n = 0; n < numWorkers; ++n) { + var r1 = results[n]; + var overlap = overlaps[n] = []; + for(var i = 0; i < numWorkers; ++i) { + if(n === i) { + continue; + } + var r2 = results[i]; + if((r1.st > r2.st && r1.st < r2.et) || + (r2.st > r1.st && r2.st < r1.et)) { + overlap.push(i); + } + } + } + // get maximum overlaps ... don't include overlapping worker itself + // as the main JS process was also being scheduled during the work and + // would have to be subtracted from the estimate anyway + return overlaps.reduce(function(max, overlap) { + return Math.max(max, overlap.length); + }, 0); + } +}; + +} // end module implementation + +/* ########## Begin module wrapper ########## */ +var name = 'util'; +if(typeof define !== 'function') { + // NodeJS -> AMD + if(typeof module === 'object' && module.exports) { + var nodeJS = true; + define = function(ids, factory) { + factory(require, module); + }; + } else { + // + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm new file mode 100644 index 0000000..160a871 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm @@ -0,0 +1,10 @@ + + + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/form.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/form.vm new file mode 100644 index 0000000..cc4fa1a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/form.vm @@ -0,0 +1,127 @@ +## if only form, then we include javascript here (start of body) +#if ($isFormRequest) + #parse("${templatePath}/js_start.vm") +#end + +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + +#if ($useFormEncryption) + +#end + +
+ +
+ +

$gui.label

+ + #set ($tabindex = 0) + #set ($policyFailureOpen = false) + #set ($policyInfoOpen = false) + + #foreach ($guiElem in $gui.getGuiElems()) + #set ($tabindex = $tabindex+1) + #if ($guiElem.name.startsWith("policyInfo") && $guiElem.label && $guiElem.label.length() > 0) + #if (!$policyInfoOpen) +
+
+ #set ($policyInfoOpen = true) + #end + $guiElem.label + #elseif ($guiElem.name.startsWith("policyFailure") && $guiElem.label && $guiElem.label.length() > 0) + #if (!$policyFailureOpen) +
+
+ #set ($policyFailureOpen = true) + #end + $guiElem.label + #else + #if (!$guiElem.name.startsWith("policyInfo") && $policyInfoOpen) ## close +
+
+ #set ($policyInfoOpen = false) + #end + #if (!$guiElem.name.startsWith("policyFailure") && $policyFailureOpen) ## close +
+
+ #set ($policyFailureOpen = false) + #end + #renderFormField($guiElem, $gui, $tabindex) + #end + #end + + ## this block applies when Channel is set to Push / Link + #if ($gui.name == "mauth_link_qr" || $gui.name == "mauth_onboard") + +
+ +

+

$text.get("mobile_auth.scan")

+ + + +
+ #end + + ## this block applies when Channel is set to Push / QR-code (in-app) + #if ($gui.name == "mauth_push_qr") + + + + + #end + + ## this block applies for usernameless mobile authentication + #if ($gui.name == "mauth_usernameless") + + #end + + #if ($useFormEncryption) + + + + #end + + #renderFormControls($gui) + #renderFormLinks($gui) +
+ + + + + ## if only form, then we include javascript here (end of body) + #if ($isFormRequest) + #parse("${templatePath}/js_end.vm") + #end +
\ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/generic_auth_error.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/generic_auth_error.vm new file mode 100644 index 0000000..e84bac6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/generic_auth_error.vm @@ -0,0 +1,38 @@ +## used for default nevisAuth GUIs, which are only renderred in case of +## system errors, etc. + + +
+
+
+ +
+

$text.get("generic.auth.error.title")

+

$text.get("generic.auth.error.subtitle")

+
+ +
+ +

+ $text.get("generic.auth.error.message") +

+
+ +

+ $text.get("generic.auth.error.next.steps") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + + +
+
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/header.vm new file mode 100644 index 0000000..bf2a53f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/header.vm @@ -0,0 +1,84 @@ + + ## svh -> Small View Height. It's not taking the height of the search bar on mobile into account + + + AGOV + + + + + + + + +
+ +
+ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/html.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/html.vm new file mode 100644 index 0000000..2f02835 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/html.vm @@ -0,0 +1,32 @@ + + + + + $text.get('title') + + + + + + + + + + + #parse("${templatePath}/js_start.vm") + + + + #parse("${templatePath}/lang.vm") + + #parse("${templatePath}/header.vm") + +
+ #parse("${templatePath}/form.vm") +
+ + #parse("${templatePath}/footer.vm") + + #parse("${templatePath}/js_end.vm") + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_end.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_end.vm new file mode 100644 index 0000000..f34431f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_end.vm @@ -0,0 +1,76 @@ + + + +#if ($gui.name == "oauth_consent") + +#end + +#if ($gui.name == "authcloud") + + +#end + +#if ($gui.name == "authcloud_onboard") + + +#end + +#if ($gui.name == "authcloud_login") + + +#end + +#if ($gui.name == "mauth_onboard") + + +#end + +#if ($gui.name == "mauth_link_qr") + + +#end + +#if ($gui.name == "mauth_push_qr") + + +#end + +#if ($gui.name == "mauth_usernameless") + + +#end + +#if ($gui.name == "fido2_auth") + + + +#end + +#if ($gui.name == "fido2_auth_std") + #set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"]) + #set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"]) + #set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"]) + #set ($userVerification = $login.requestHeaders["fido2UserVerification"]) + + + + +#end + +#if ($gui.name == "fido2_onboard") + + + +#end + +#if ($useFormEncryption) + + +#end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_start.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_start.vm new file mode 100644 index 0000000..ddc8437 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/js_start.vm @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/json.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/json.vm new file mode 100644 index 0000000..e9c3ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/json.vm @@ -0,0 +1,88 @@ +## This template is used to respond with a JSON format +## In this case, the client is supposed to parse and show the data +## The JSON data is close to the XML format of the GuiDesc + +#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +{ + "name" : "$gui.name" , + "target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if + +#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if + +#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.language) +#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.domain) + +#if ($gui.getGuiElems().size() > 0) + "elements" : [ +#set ($i = 0) +#foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #end ## if ($guiElem['validation-failed']) + + #if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + + #if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + + #if ($guiElem.format) "format" : "$guiElem.format" + #end + + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + +#end ## loop + ] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end +#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0) +#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0) + "groups" : [ + #set ($j = 0) + #foreach ($guiGroup in $gui.getGuiGroup()) + "name" : "$guiGroup.name", + "type" : "$guiGroup.type", + "label" : "$guiGroup.label", + "multiple" : "$guiGroup.multiple", + "format" : "$guiGroup.format", + "optional" : "$guiGroup.optional", + "validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end + #if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0) + "elements" : [ + #set ($i = 0) + #foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "validation-failed" : "$guiGroup.validationFailed", + "label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem.value) + "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + #if ($guiElem.length) + "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + #if ($guiElem.format) + "format" : "$guiElem.format" + #end ## if ($guiElem.format) + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + + #end ## loop + ] #if ($foreach.hasNext), #end + #set ($j = $j + 1) + #if ($j < ($gui.getGuiGroup().size())), #end + #end ## foreach ($guiGroup in $gui.getGuiGroup()) + #end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0) + ] + #end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0) +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/lang.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/lang.vm new file mode 100644 index 0000000..0e85f80 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/lang.vm @@ -0,0 +1,32 @@ +## Nav ================================================================= + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.vm new file mode 100644 index 0000000..aa19ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/loainfo.vm @@ -0,0 +1,58 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+

+ $text.get("loainfo.title") +

+
+ $text.get("loainfo.helper") +
+

+ $text.get("loainfo.description.$gui.getGuiElem('loainfo').value") +

+

+ $text.get("loainfo.startNow") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + + + +
+
+ +
+
+ + + +
+
+ +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/macros.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/macros.vm new file mode 100644 index 0000000..f1e4f2c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/macros.vm @@ -0,0 +1,295 @@ + +#macro(renderFormField $guiElem, $gui, $tabindex) + +#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link") +## do nothing, will be rendered in renderFormControls nd renderFormLinks + + +#elseif ($guiElem.type == "info" || $guiElem.type == "error") + #if ($guiElem.label && $guiElem.label.length() > 0) + ## special fields: display some text only + #set ($class = "form-group") + #if ($guiElem.type == "error") + #set ($class = "$class has-error") + #end +
+
+ + $guiElem.label + +
+
+ #end + +#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs") + + +#elseif ($guiElem.type == "hidden") + + + +#else ## not info, error, button, submit, reset or hidden -> normal visual element + +## define CSS class of representation in form +#set ($class = "form-group") +#if ($guiElem.optional) +#set ($class = "$class optional") +#else +#set ($class = "$class required") +#end + +## highlight failed input validation, if flagged + +#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0) +#set ($class = "$class has-error") +#end + +#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0)) +#set ($class = "$class has-error") +#end + + +## the form field's container, a label, and optionally a validation-related message + +
+ ## Special handling required for radios + checkboxes + #if ($guiElem.type != "radio" && $guiElem.type != "checkbox") + + + +
+ #if ($guiElem.type == "text") + + + #elseif ($guiElem.type == "pw-text") +
+ + +
+ + #elseif ($guiElem.type == "select") + #set ($scrollSize = $guiElem.getGuiElems().size()) + #set ($scrollSize = $math.min($scrollSize,4)) + #if ($guiElem.multiple) + + #end + #foreach ($option in $guiElem.getGuiElems()) + #if ($option.selected) + + #else + + #end + #end ## foreach option + + + #elseif ($guiElem.type == "image" ) + $guiElem.label + #end + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #else + ## Special handling for checkboxes and radios +
+ + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #end +
+#end + +#end ## end macro + + + + +#macro(renderElementValidation $guiElem, $gui) +#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0)) + + + + +#end +#end ## macro + + +#macro(renderFormLinks $gui) +#set ($noLinks = true) +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "link") + #if ($noLinks) +
+ #set ($noLinks = false) + #end + ${utils.escapeHtml($guiElem.label)} + #end +#end + #if (!$noLinks) +
+ #end +#end + +#macro(renderFormControls $gui) +
+#set ($buttonClass = "btn") +#if ($isFormRequest) + #set ($buttonClass = "$buttonClass btn-default") +#else + #set ($buttonClass = "$buttonClass btn-primary") +#end +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset") + + #end +#end ## foreach +
+ +#end ## end macro \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.vm new file mode 100644 index 0000000..8bcb58e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.vm @@ -0,0 +1,375 @@ +#parse("${templatePath}/header.vm") +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + + +
+
+ + + +
+
+
+

$text.get("general.registration")

+ +

+ $text.get("mauth_usernameless.noAccount") +

+ +
+ + + +
+
+ + +
+ +
+ +
+

$text.get("general.login")

+
+ + + + + + +
+ +
+ + + + + +
+ +
+
+
+ + + + + +
+ +
+
+ + + +
+ + + +
+ +

+ $text.get("mauth_usernameless.instructions") +

+
+
+ +
+ + + +
+
+
+ + +
+
+ +
+ +
+ + + +

+ $text.get("mauth_usernameless.cannotLogin") +

+ + + +
+
+ +
+
+
+ +
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mock-defaults.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mock-defaults.js new file mode 100644 index 0000000..2f856ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mock-defaults.js @@ -0,0 +1,12 @@ +module.exports = { + text: { + get: key => key + }, + templatePath: '.', + login: { + appDataPath: '' + }, + gui: { + getGuiElem: key => ({ label: key, value: key }) + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_header.vm new file mode 100644 index 0000000..0cd08d3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_header.vm @@ -0,0 +1,81 @@ + +## svh -> Small View Height. It's not taking the height of the search bar on mobile into account + + + AGOV Operations + + + + + + + + +
+ +
+ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.vm new file mode 100644 index 0000000..c36dc39 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_idmlogin_select_profile.vm @@ -0,0 +1,89 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-idmlogin.select")

+

$text.get("op-idmlogin.select.title")

+
+ +

+ $text.get("op-idmlogin.select.intro") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $lasterror.value) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+ +
+

+ $text.get("op-idmlogin.select.note") +

+
+
+ +
+ #set ($i=1) + #foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "radio") + +
+ + +

$text.get($guiElem.label)

+
+ + #end ## if + #set ($i= $i + 1) + #end ## foreach +
+ +
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.vm new file mode 100644 index 0000000..59a16eb --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_error.vm @@ -0,0 +1,48 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.failed.title")

+
+ +

+ $text.get("op-onboarding.process.message") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $errorValue) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #set ($errorMsg = $text.get($lasterror.value.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.vm new file mode 100644 index 0000000..7077c44 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_intro.vm @@ -0,0 +1,70 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.intro.title")

+
+ +

+ $text.get("op-onboarding.intro.message1") +

+ +

+ $text.get("op-onboarding.intro.message2") +

+ +

+ $text.get("op-onboarding.intro.message3") +

+ + #set ($lasterror = $gui.getGuiElem("lasterror")) + #if ($lasterror && $lasterror.value && $lasterror.value.length() > 0) + #set ($errorValue = $utils.escapeHtmlAttribute($lasterror.value)) + #set ($errorMsg = $text.get($errorValue)) + #if ($errorMsg == $errorValue) + #set ($errorMsg = $text.get($errorValue.replaceAll("^(.*)$", "error_$1"))) + #set ($errorMsg = $text.get($lasterror.value.replaceAll("^(.*)$", "error_$1"))) + #end +
+ +

+ $errorMsg +

+
+ #end + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.vm new file mode 100644 index 0000000..9e1d42a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/op_onbrdng_success.vm @@ -0,0 +1,38 @@ +#parse("${templatePath}/op_header.vm") + + +
+
+
+ +
+

$text.get("op-onboarding.onboarding")

+

$text.get("op-onboarding.done.title")

+
+ +
+ +
+

+ $text.get("op-onboarding.done.message") +

+
+
+ + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.vm new file mode 100644 index 0000000..87ba230 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_accessapp_auth.vm @@ -0,0 +1,194 @@ +#parse("${templatePath}/header.vm") + + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.authenticate")

+
+ +

$text.get( + "recovery_accessapp_auth.accessAppRegistered")

+ +

+ ${text.get("recovery_accessapp_auth.instruction1").replaceAll( + "!!!ACCESS_APP_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('accessApp').value)")} +

+ +

+ ${text.get("recovery_accessapp_auth.instruction2").replaceAll( + "!!!ACCESS_APP_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('accessApp').value)")} +

+ +
+
+ + + + + +
+ +
+
+
+ + + + + +
+ +
+
+ + + +
+ + + +
+ +

+ $text.get("mauth_usernameless.instructions") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + + +
+
+
+
+ + + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.vm new file mode 100644 index 0000000..22610c3 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.vm @@ -0,0 +1,138 @@ +#parse("${templatePath}/header.vm") + + + + +
+ +
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.entryCode")

+
+ + #set($error = $gui.getGuiElem("lasterror")) + #if (($error.value && $error.value != "")) +
+ +

+ $text.get("recovery_check_code.codeIncorrect") +

+
+ #end + +

+ $text.get("recovery_check_code.instruction") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + +
+
+ + + + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.vm new file mode 100644 index 0000000..0c331db --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_noCode.vm @@ -0,0 +1,50 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.contactSupport")

+
+ +
+ +

+ $text.get("recovery_check_noCode.banner.error") +

+
+ +

+ $text.get("recovery_check_noCode.instruction1") +

+ +

+ $text.get("recovery_check_noCode.instruction2") +

+ +
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.vm new file mode 100644 index 0000000..4986d26 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.vm @@ -0,0 +1,106 @@ +#parse("${templatePath}/header.vm") +#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +#set ($PDFRecoveryTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','').replaceAll( + '^(https:\/\/[^\/]+\/).*$', '$1'))) +#set ($concat = "recovery/pdf?authToken=") +#set ($PDFLink = "$PDFRecoveryTarget$concat$gui.getGuiElem('pdfAuthToken').value") + + +
+ +
+
+ +
+

$text.get("general.login")

+

$text.get( + "recovery_code.newRecoveryCode")

+
+ + + +

+ $text.get("recovery_code.instruction") +

+ +
+
+
+

$gui.getGuiElem('isiwebpasswd').value

+

+ $text.get("recovery_code.validUntil") + $gui.getGuiElem('validTil').value +

+ +
+ + +
+ + + + + + + +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.vm new file mode 100644 index 0000000..c7a3b1f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.vm @@ -0,0 +1,83 @@ +#parse("${templatePath}/header.vm") + + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.authenticate")

+
+ +

$text.get( + "recovery_fidokey_auth.keyRegistered")

+ +

+ ${text.get("recovery_fidokey_auth.instruction1").replaceAll( + "!!!SECURITY_KEY_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('securityKey').value)")} +

+ +

+ ${text.get("recovery_fidokey_auth.instruction2").replaceAll( + "!!!SECURITY_KEY_NAME!!!", "$utils.escapeHtmlAttribute($gui.getGuiElem('securityKey').value)")} +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) + + +
+
+ 1 +

$text.get( + "recovery_fidokey_auth.fidoInstruction")

+
+ +
+ 2 +

$text.get( + "fido2_auth.instruction2")

+
+ +
+ 3 +

$text.get( + "fido2_auth.instruction3")

+
+
+ +
+ + +
+
+ + + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.vm new file mode 100644 index 0000000..4a0dbcc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.vm @@ -0,0 +1,192 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +
+ +

+ $text.get("recovery_intro_email.banner.info") +

+
+ + #set($error = $gui.getGuiElem("lasterror")) + #if (($error.value && $error.value != "")) +
+ +

+ $text.get("recovery_intro_email.banner.error") +

+
+ #end + + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ #set ($emailInput = $gui.getGuiElem('email')) + 0) + data-value="$utils.escapeHtmlAttribute($emailInput.value)" + #else + data-value="" + #end + data-type="text" + data-autofocus="true" + data-left_icon="fa-envelope" + data-email_invalid="$text.get("user_input.invalid.email")" + data-email_too_long="$text.get("user_input.invalid.email.tooLong")" + data-email_required="$text.get("user_input.invalid.email.required")"> + + +

+ $text.get("recovery_intro_email.important") + $text.get("recovery_intro_email.process") +

+ #if ($utils.escapeHtmlAttribute($gui.getGuiElem("X-ReCAPTCHA-Integration").value) == "INVISIBLE") + #set ($isCaptchaVisible = true) + #else + #set ($isCaptchaVisible = false) + #end + + #if ($isCaptchaVisible) + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaInvisibleSiteKey")) + + + + + + #else + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaVisibleSiteKey")) + + + + + + #end + +
+ #if ($isCaptchaVisible) +
+ $text.get("recovery_intro_email.siteProtectedWithRecaptcha") +
+ #else +
+ #end + +
+ +
+
+ #if ($isCaptchaVisible) + + + #else + + + #end + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.vm new file mode 100644 index 0000000..f0e7be1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email_sent.vm @@ -0,0 +1,55 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +
+ +
+

+ $text.get("recovery_intro_email_sent.banner.success") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.vm new file mode 100644 index 0000000..317b925 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_on_going.vm @@ -0,0 +1,50 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recoveryOngoing")

+
+ +

+ $text.get("recovery_on_going.title") +

+ +

+ $text.get("recovery_on_going.instruction") +

+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.vm new file mode 100644 index 0000000..0a2bafe --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_instructions.vm @@ -0,0 +1,80 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_instructions.explanation") +

+ +
+
+
+ + +
+

$text.get( + "recovery_questionnaire_instructions.instruction1")

+
+ +
+
+ + +
+

$text.get( + "recovery_questionnaire_instructions.instruction2")

+
+
+ +

+ $text.get("recovery_questionnaire_instructions.banner.info") +

+
+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + + + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.vm new file mode 100644 index 0000000..f47fcfe --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.vm @@ -0,0 +1,75 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_loginfactor.question") +

+ + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + + + + +
+
+ + + + +
+
+ +
+
+ + +
+
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.vm new file mode 100644 index 0000000..207e571 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_no_recovery.vm @@ -0,0 +1,68 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_no_recovery.explanation1") +

+ +
+
+
+ + +
+

$text.get( + "recovery_questionnaire_no_recovery.instruction1")

+
+ +
+
+ + +
+

$text.get( + "recovery_questionnaire_no_recovery.instruction2")

+
+

+ $text.get("recovery_questionnaire_no_recovery.explanation2") +

+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+
+
+ + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.vm new file mode 100644 index 0000000..624b554 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.vm @@ -0,0 +1,94 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+
+ +

+ $text.get("recovery_questionnaire_reason_selection.instruction") +

+ + + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ + #set ($previousAnswer = $gui.getGuiElem("question")) + #if ($previousAnswer.value == "yes") + #set ($answers = ["answer7", "answer8", "answer9", "answer10"]) + #elseif ($previousAnswer.value == "no") + #set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"]) + #else + #set ($answers = []) + #end + + #if ($answers.size() > 0) + #foreach ($answer in $answers) + #set ($isYes = "yes") + #set ($isNo = "no") + #set ($dataValue = "") + + #if ($answer == "answer2" || $answer == "answer3" || $answer == + "answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8") + #set ($dataValue = $isYes) + #elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10") + #set ($dataValue = $isNo) + #end + + + #end + #end + +
+
+ + + + + +
+
+ +
+
+ + +
+
+ + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.vm new file mode 100644 index 0000000..fb38111 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_start_info.vm @@ -0,0 +1,61 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.recovery")

+

$text.get("general.getStarted")

+
+ +

+ $text.get("recovery_start_info.title") +

+ +

+ $text.get("recovery_start_info.instruction") +

+
+ +
+

+ $text.get("recovery_start_info.banner.warning") +

+
+
+ + + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ +
+
+ + + +
+
+ +
+
+ + +
+
+ + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.vm new file mode 100644 index 0000000..9b4b1fc --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/sandbox.vm @@ -0,0 +1,212 @@ +#parse("${templatePath}/header.vm") + +
+ +
+
+ + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+
+ + + + +

space-blue

+

text-indigo

+

violet

+

electric-indigo

+

lilac

+

indigo-light

+

violet

+

lavender-blush

+ +

true-blue

+

sky-blue

+

royal-blue

+

light-blue

+ +

teal

+

turquoise

+

mint

+

aquamarine

+ +

ash

+

silver

+

platinum

+

smoke

+ +

success

+

error

+

warning

+

info

+ +

H1 Title

+

H2 Title

+

H3 Title

+

H4 Title

+
H5 Title
+
H6 Title
+ +

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+

Whereas recognition of the inherent dignity

+
+ +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.mock.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.mock.js new file mode 100644 index 0000000..1e7aa83 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.mock.js @@ -0,0 +1,3 @@ +module.exports = { + ...require('./mock-defaults') +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.vm new file mode 100644 index 0000000..a1a2e59 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.vm @@ -0,0 +1,165 @@ +#parse("${templatePath}/header.vm") + + +
+
+
+ +
+

$text.get("general.login")

+

$text.get("general.securityKey")

+
+ + #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +
+ #set ($emailInput = $gui.getGuiElem('email')) + 0) + data-value="$utils.escapeHtmlAttribute($emailInput.value)" + #else + data-value="" + #end + data-type="text" + data-autofocus="true" + data-left_icon="fa-envelope" + data-email_invalid="$text.get("user_input.invalid.email")" + data-email_too_long="$text.get("user_input.invalid.email.tooLong")" + data-email_required="$text.get("user_input.invalid.email.required")"> + + + #if ($gui.getGuiElem("X-ReCAPTCHA-Integration").value == "INVISIBLE") + #set ($isCaptchaVisible = true) + #else + #set ($isCaptchaVisible = false) + #end + + #if ($isCaptchaVisible) + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaInvisibleSiteKey")) + + + + + + #else + #set ($captcha = $gui.getGuiElem("captchaSettings.reCaptchaVisibleSiteKey")) + + + + + + #end + +
+ #if ($isCaptchaVisible) +
+ $text.get("recovery_intro_email.siteProtectedWithRecaptcha") +
+ #else +
+ #end + +
+ +
+
+ #if ($isCaptchaVisible) + + + #else + + + #end + + +
+
+ +
+
+ + +
+
+ + + + +#parse("${templatePath}/footer.vm") \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/default.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/default.properties new file mode 100644 index 0000000..a17b963 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/default.properties @@ -0,0 +1,26 @@ +# source: pattern://06aeae2d799e492f5580d03b +application.countries.default=CH +# source: pattern://06aeae2d799e492f5580d03b +cache.file.exempt= +# source: pattern://06aeae2d799e492f5580d03b +cache.filefolder.exempt= +# source: pattern://06aeae2d799e492f5580d03b +application.language.source.1=param:language +# source: pattern://06aeae2d799e492f5580d03b +application.language.source.2=cookie:LANG +# source: pattern://06aeae2d799e492f5580d03b +application.language.source.3=gui +# source: pattern://06aeae2d799e492f5580d03b +application.language.source.4=browser +# source: pattern://06aeae2d799e492f5580d03b +application.languages=en,de,fr,it +# source: pattern://06aeae2d799e492f5580d03b +application.languages.default=en +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.de=LANG:de:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.fr=LANG:fr:.agov-d.azure.adnovum.net +# source: pattern://097929211988398a87bcbb0c +application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_de.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_de.properties new file mode 100644 index 0000000..80625e6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_de.properties @@ -0,0 +1,210 @@ + +button.submit=Senden +darkModeSwitch.aria.label=Dark-Mode-Schalter +error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein. +error_1=Bitte überprüfen Sie Ihre Eingaben. +error_10=Bitte wählen Sie das richtige Benutzerkonto aus. +error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk. +error_101=Die eingegebene E-Mail-Adresse ist ungültig. +error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an. +error_2=Bitte wählen Sie einen anderen Login-Namen. +error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt. +error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort. +error_5=Fehler bei der Passwortbestätigung. +error_50=Das neue Passwort ist zu kurz. +error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden. +error_6=Passwortänderung erforderlich. +error_7=Änderung der Login-ID erforderlich. +error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt. +error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert. +error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten. +error_9=Übernahme der Sitzung fehlgeschlagen. +error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen. +error_98=Ihr Konto wurde gesperrt. +error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal. +error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen. +error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an. +error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an. +error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht. +error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support. +error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link. +errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft. +fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist. +fido2_auth.instruction1=Klicken Sie auf "Weiter" +fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen +fido2_auth.instruction3=Folgen Sie den Anweisungen +fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen +fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT +footer.link=https://agov.ch/?c=contact&l=de +footer.link.label=Kontakt +footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. - +general.AGOVAccessApp=AGOV access App +general.accessApp=AGOV access App +general.authenticate=Authentifizieren +general.back=Zurück +general.cancel=Abbrechen +general.confirm=Bestätigen +general.contactSupport=Support kontaktieren +general.continue=Weiter +general.edit=Ändern +general.email=E-Mail +general.email.address=E-Mailadresse +general.entryCode=Code-Eingabe +general.getStarted=Get started +general.goAGOVHelp=Weiter zur AGOV help +general.goAccessApp=Login mit AGOV access +general.help=Hilfe +general.help.link=https://agov.ch/pages/help_de.html +general.login=Login +general.loginSecurityKey=Sicherheitsschlüssel-Login starten +general.or=ODER +general.otherOptions=WEITERE OPTIONEN +general.recovery=Wiederherstellung +general.recoveryOngoing=Wiederherstellung nicht abgeschlossen +general.register=Registrieren +general.registerNow=Jetzt registrieren! +general.registration=Registrierung +general.securityKey=Sicherheitsschlüssel +general.skip.content=Direkt zum Hauptteil +generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran. +generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht. +generic.auth.error.subtitle=Etwas ist schiefgegangen +generic.auth.error.title=Fehler +info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sprache wählen +loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern. +loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen. +loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben. +loainfo.helper=Ihre persönlichen Daten müssen überprüft werden! +loainfo.later=Später +loainfo.startNow=Möchten Sie den Prozess jetzt starten? +loainfo.startVerification=Verifikation starten +loainfo.title=Verifizieren Sie Ihre Daten +mauth_usernameless.EID=Mit Schweizer E-ID fortfahren +mauth_usernameless.banner.error=Authentifizierung unterbrochen.
Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde. +mauth_usernameless.banner.info=Scan erfolgreich.
Bitte fahren Sie in der AGOV access App fort. +mauth_usernameless.banner.success=Authentifizierung erfolgreich!
Bitte warten Sie, bis Sie eingeloggt werden. +mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschlüssel verloren? +mauth_usernameless.hideQR=QR-Code ausblenden +mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen +mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login? +mauth_usernameless.showQR=QR-Code anzeigen +mauth_usernameless.startRecovery=Kontowiederherstellung starten +mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschlüssel, um sich anzumelden +mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschlüssel bietet eine sichere Möglichkeit, sich ohne Telefon anzumelden. +op-admin.login=AGOV-op-Admin +op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort +op-admin.login.loginid=LoginID +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV-op-Admin +op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Passwortänderung erforderlich +op-admin.pwchange.newpassword=Neues Passwort +op-admin.pwchange.newpassword2=Neues Passwort wiederholen +op-admin.pwchange.password=Aktuelles Passwort +op-admin.pwchange.title=Änderung des Passworts +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung) +op-idmlogin.role.support-basic=Supportfälle (Wiederherstellung, ...) +op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...) +op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb) +op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Bitte wählen Sie ein Profil aus... +op-idmlogin.select.note=Mit * markierte Profile sollten nur für bestimmte Support oder Release Aufgaben genutzt werden. +op-idmlogin.select.title=Profilauswahl +op-onboarding.done.message=Das Onboarding war erfolgreich. Sie können nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen. +op-onboarding.done.title=FERTIG +op-onboarding.failed.title=FEHLER +op-onboarding.intro.message1=Um das Onboarding für Ihren AGOV-Operations-Zugang abzuschliessen, benötigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto. +op-onboarding.intro.message2=Wenn Sie auf «Weiter» klicken, werden Sie zur Authentifizierung weitergeleitet. +op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die Möglichkeit, die erforderliche Identitätsprüfung zu starten. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV-op-Onboarding +op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn nötig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an. +prompt.client=Mandant +prompt.newpassword=Neues Passwort +prompt.newpassword.confirm=Passwort bestätigen +prompt.password=Passwort +prompt.userid=Benutzer-ID +pwreset.done.info=Ihr Passwort wurde erfolgreich geändert. Bitte klicken Sie auf Weiter, um sich einzuloggen. +pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen.. +pwreset.info.linktext=Passwort vergessen +pwreset.noticket=Ihr Link ist nicht mehr gültig. Bitte generieren Sie ein Neuen. +recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert +recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren. +recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut. +recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben +recovery_check_code.instruction=Bitte geben Sie unten Ihren persönlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten. +recovery_check_code.invalid.code=Code ist ungültig +recovery_check_code.invalid.code.required=Code erforderlich +recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang +recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen +recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen können? +recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen können, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen. +recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist möglicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben. +recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterstützen. +recovery_code.banner.error=Bitte enthüllen Sie den Code, um fortfahren zu können. +recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf. +recovery_code.newRecoveryCode=Einführung von Wiederherstellungscode +recovery_code.validUntil=Gültig bis: +recovery_fidokey_auth.button=Schlüsselauthentifizierung starten +recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schlüsselauthentifizierung starten" +recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschlüssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert. +recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren. +recovery_fidokey_auth.keyRegistered=Sicherheitsschlüssel schon registriert +recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten. +recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken können, mit dem Sie den Wiederherstellungsprozess starten. +recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an +recovery_intro_email.important=Wichtig: +recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gelöschte AGOV access App, verlorener Sicherheitsschlüssel, verlorenes Telefon usw.). +recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA geschützt, und es gelten die Datenschutzerklärung sowie die Nutzungsbedingungen von Google. +recovery_intro_email_sent.banner.button=Keine E-Mail erhalten? +recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in Kürze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten. +recovery_on_going.finishRecovery=Wiederherstellung abschliessen +recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identitätsprüfung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu können, müssen Sie auch die Identitätsprüfung abschliessen. +recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab. +recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten Fällen für eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode benötigen. +recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm. +recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden können, um den Wiederherstellungsprozess zu beginnen +recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos) +recovery_questionnaire_loginfactor.banner.error=Bitte wählen Sie eine Antwort. +recovery_questionnaire_loginfactor.no=Nein +recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschlüssel) für Ihren AGOV-Login registriert? +recovery_questionnaire_loginfactor.yes=Ja +recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein. +recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen benötigen, besuchen Sie bitte www.agov.ch/help für Support-Artikel. +recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte www.agov.ch/me und testen Sie, ob Sie sich erfolgreich anmelden können. +recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte www.agov.ch/me, um den verlorenen Loginfaktor zu entfernen. +recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschlüssel habe +recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschlüssel) +recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen +recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gelöscht oder zurückgesetzt +recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschlüssel verloren +recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu übertragen +recovery_questionnaire_reason_selection.answer6=Ich habe die PIN für meine AGOV access App vergessen +recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschlüssel oder AGOV access Apps, hatte aber Probleme beim Einloggen +recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschlüssel und Apps verloren +recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gelöscht, zurückgesetzt, vergessene PIN) +recovery_questionnaire_reason_selection.banner.error=Bitte wählen Sie einen Grund aus. +recovery_questionnaire_reason_selection.instruction=Bitte wählen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: +recovery_start_info.banner.warning=Sie können Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist. +recovery_start_info.instruction=Während des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enthält, müssen Sie zum Abschluss des Wiederherstellungsprozesses möglicherweise auch einen Verifikationsprozess durchlaufen. +recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Passwort ändern +title.pwreset=Passwort Vergesssen +user_input.invalid.email=Bitte geben Sie eine gültige E-Mail ein +user_input.invalid.email.required=Erforderliches Feld +user_input.invalid.email.tooLong=Eingabe zu lang diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_en.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_en.properties new file mode 100644 index 0000000..9cbdaf2 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_en.properties @@ -0,0 +1,210 @@ + +button.submit=Submit +darkModeSwitch.aria.label=Dark mode toggle +error.policy.failed=The new password does not comply with the policy. +error_1=Please check your input. +error_10=Please select the correct user account. +error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk. +error_101=The entered email address is not valid. +error_11=Please use another certficate or login with another credential type. +error_2=Please select another login name. +error_3=Your account will be locked if next authentication fails. +error_4=Your new password does not comply with the security policy. Please choose a different password. +error_5=Error in password confirmation. +error_50=The new password is too short. +error_55=The new password has to differ from old passwords. +error_6=Password change required. +error_7=Change of login ID required. +error_8=Your account has been locked due to repeated authentication failures. +error_81=No access card found, access from internet denied. +error_83=Your access card is no longer valid. Please contact your advisor to get a new access card. +error_9=Session take over failed. +error_97=You are not authorized to access this resource. +error_98=Your account has been locked. +error_99=System problems. Please try later. +error_9901=You need a valid on-boarding link to access this page. +error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link. +error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link. +error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists. +error_9905=There is a problem with your operations account. Please contact the support. +error_9909=An internal error occured. Please ask the support for a new on-boarding link. +errors.duplicateValue=Your account is already linked with another operations access. +fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below. +fido2_auth.instruction1=Click on "Continue" +fido2_auth.instruction2=An authentication window will appear +fido2_auth.instruction3=Follow the instructions +fido2_auth.skipInstructions=Skip instructions next time +fido2_auth.switchLogin=SWITCH TO LOGIN WITH +footer.link=https://agov.ch/?c=contact&l=en +footer.link.label=Contact +footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. - +general.AGOVAccessApp=AGOV access app +general.accessApp=AGOV access app +general.authenticate=Authenticate +general.back=Back +general.cancel=Cancel +general.confirm=Confirm +general.contactSupport=Contact Support +general.continue=Continue +general.edit=Edit +general.email=Email +general.email.address=Email address +general.entryCode=Code entry +general.getStarted=Get started +general.goAGOVHelp=Go to AGOV help +general.goAccessApp=Login with AGOV access +general.help=Help +general.help.link=https://agov.ch/pages/help_en.html +general.login=Login +general.loginSecurityKey=Start Security key login +general.or=OR +general.otherOptions=OTHER OPTIONS +general.recovery=Recovery +general.recoveryOngoing=Ongoing recovery +general.register=Register +general.registerNow=Register now! +general.registration=Registration +general.securityKey=Security key +general.skip.content=Skip to main content +generic.auth.error.message=There was a service interruption. We are working on it. +generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists. +generic.auth.error.subtitle=Something went wrong +generic.auth.error.title=Error +info.login=Please enter your authentication information. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Select language +loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days. +loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step. +loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number). +loainfo.helper=Your data needs to be verified! +loainfo.later=Later +loainfo.startNow=Do you want to start the process now? +loainfo.startVerification=Start verification +loainfo.title=Verify your data +mauth_usernameless.EID=Continue with CH E-ID +mauth_usernameless.banner.error=Authentication interrupted.
Please try again when the page reloads. +mauth_usernameless.banner.info=Scan successful.
Please continue in the AGOV access app. +mauth_usernameless.banner.success=Authentication successful!
Please wait to be logged in. +mauth_usernameless.cannotLogin=Lost access to your app / security key? +mauth_usernameless.hideQR=Hide QR code +mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app +mauth_usernameless.noAccount=Don't have an AGOV-Login yet? +mauth_usernameless.showQR=Show QR code +mauth_usernameless.startRecovery=Start account recovery +mauth_usernameless.useSecurityKey=Use a security key to log in +mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Login with your username and password +op-admin.login.loginid=LoginId +op-admin.login.password=Passwort +op-admin.login.title=Login +op-admin.logout=AGOV op admin +op-admin.logout.message=You have successfully logged out. +op-admin.logout.title=Logout +op-admin.pwchange.intro.message=Password change required +op-admin.pwchange.newpassword=New password +op-admin.pwchange.newpassword2=Repeat new password +op-admin.pwchange.password=Current password +op-admin.pwchange.title=Password Change +op-idmlogin.role.accs-mgmt-idm=IDM accessrights management +op-idmlogin.role.accs-mgmt-nonidm=Accessrights management +op-idmlogin.role.idmcfg-mgmt=IDM set-up +op-idmlogin.role.readonly-access=Default access (readonly) +op-idmlogin.role.support-basic=Support cases (recovery, ...) +op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding) +op-idmlogin.role.usr-mgmt=User management (operations) +op-idmlogin.role.usr-unit-mgmt=User and organization management (operations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Please select one of the profiles below... +op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks. +op-idmlogin.select.title=Profile selection +op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application. +op-onboarding.done.title=DONE +op-onboarding.failed.title=ERROR +op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account. +op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication. +op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification. +op-onboarding.intro.title=START +op-onboarding.onboarding=AGOV op on-boarding +op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link. +prompt.client=Client +prompt.newpassword=New Password +prompt.newpassword.confirm=Confirm Password +prompt.password=Password +prompt.userid=User-ID +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset link is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered +recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process. +recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you. +recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again. +recovery_check_code.enterRecoveryCode=Enter recovery code +recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me. +recovery_check_code.invalid.code=The code is invalid +recovery_check_code.invalid.code.required=Code required +recovery_check_code.invalid.code.tooLong=The code is too long +recovery_check_code.noAccess=I do not have access to my code +recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code? +recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process. +recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired. +recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times. +recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process. +recovery_code.banner.error=Please reveal your new code to be able to continue. +recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place. +recovery_code.newRecoveryCode=Introducing Recovery Code +recovery_code.validUntil=Valid until: +recovery_fidokey_auth.button=Start key authentication +recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication" +recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process. +recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you. +recovery_fidokey_auth.keyRegistered=Security key already registered +recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link. +recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process. +recovery_intro_email.captchaUnchecked=Please tick the captcha field +recovery_intro_email.important=Important: +recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. +recovery_intro_email_sent.banner.button=Didn't receive the email? +recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly. +recovery_on_going.finishRecovery=Finish recovery +recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well. +recovery_on_going.title=Please finish your recovery process. +recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery. +recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen. +recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process +recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level) +recovery_questionnaire_loginfactor.banner.error=Please select an answer. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account? +recovery_questionnaire_loginfactor.yes=Yes +recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now. +recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit www.agov.ch/help for support articles. +recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit www.agov.ch/me and test if you can log in successfully. +recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit www.agov.ch/me to remove the one you have lost access to. +recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key +recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key) +recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration +recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app +recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key +recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app +recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app +recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in +recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps +recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN) +recovery_questionnaire_reason_selection.banner.error=Please select a reason. +recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process: +recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded. +recovery_start_info.instruction=During the recovery process you will register a new login factor. If your account contains any verified information you might also have to go through a verification process to finish the recovery. +recovery_start_info.title=You are about to start the recovery process +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Password Change +title.pwreset=Password Forgotten +user_input.invalid.email=Please enter a valid email address +user_input.invalid.email.required=Field required +user_input.invalid.email.tooLong=Input is too long diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_fr.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_fr.properties new file mode 100644 index 0000000..155329b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_fr.properties @@ -0,0 +1,210 @@ + +button.submit=Envoyer +darkModeSwitch.aria.label=Activer l'apparence sombre +error.policy.failed=Votre nouveau mot de passe ne conforme pas aux mesures de sécurité +error_1=Veuillez vérifier votre saisie. +error_10=Veuillez sélectionner le compte d’utilisateur correct. +error_100=Le téléchargement du certificat est impossible. Le certificat existe déjà. Veuillez contacter votre service d’assistance. +error_101=L’adresse e-mail saisie n’est pas valable. +error_11=Veuillez utiliser un autre certificat ou vous connecter au moyen d’un autre type de facteur d’authentification. +error_2=Veuillez sélectionner un autre nom d’utilisateur. +error_3=Votre compte sera bloqué si la prochaine tentative d’authentification échoue. +error_4=Votre nouveau mot de passe n’est pas conforme à la politique de sécurité. Veuillez choisir un autre mot de passe. +error_5=Erreur de confirmation du mot de passe +error_50=Le nouveau mot de passe est trop court. +error_55=Le nouveau mot de passe doit être différent des précédents. +error_6=Changement de mot de passe requis. +error_7=Changement d’identifiant de connexion requis. +error_8=Votre compte a été bloqué en raison de plusieurs échecs d’authentification. +error_81=Aucune carte d’accès n’a été trouvée, l’accès depuis Internet est refusé. +error_83=Votre carte d’accès n’est plus valable. Veuillez contacter votre conseiller pour obtenir une nouvelle carte d’accès. +error_9=La reprise de session a échoué. +error_97=Vous n’êtes pas autorisé à accéder à cette ressource. +error_98=Votre compte a été bloqué. +error_99=Problèmes de système. Veuillez réessayer plus tard. +error_9901=Vous devez disposer d’un lien d’enregistrement valable pour accéder à cette page. +error_9902=L’adresse e-mail utilisée pour l’authentification ne correspond pas à celle qui est renseignée dans AGOV operations. Veuillez demander un nouveau lien d’enregistrement. +error_9903=Le fournisseur d’identité utilisé ne nous a pas envoyé d’assertion valide. Assurez-vous d’utiliser le bon fournisseur d’identité. Demandez un nouveau lien d’enregistrement au service d’assistance. +error_9904=Le lien que vous avez suivi n’est plus valable. Veuillez vous assurer que vous utilisez le dernier lien que vous avez reçu d’AGOV operations. Demandez un nouveau lien si le problème persiste. +error_9905=Il y a un problème avec votre compte AGOV operations. Veuillez contacter le service d’assistance. +error_9909=Un problème interne s’est produit. Veuillez demander un nouveau lien d’enregistrement au service d’assistance. +errors.duplicateValue=Votre compte est déjà lié à un autre accès à AGOV operations. +fido2_auth.cancel.fido=L'authentification avec la clé de sécurité a été interrompue. Veuillez vous assurer que votre clé FIDO est enregistrée et que votre adresse e-mail est correcte, puis suivez les étapes ci-dessous. +fido2_auth.instruction1=Cliquez sur "Continuer" +fido2_auth.instruction2=Une fenêtre d'authentification s'affichera +fido2_auth.instruction3=Suivez les instructions +fido2_auth.skipInstructions=Passer les instructions la fois suivante +fido2_auth.switchLogin=S'AUTHENTIFIER AVEC +footer.link=https://agov.ch/?c=contact&l=fr +footer.link.label=Contact +footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. - +general.AGOVAccessApp=Application AGOV access +general.accessApp=Application AGOV access +general.authenticate=Authentification +general.back=Retour +general.cancel=Annuler +general.confirm=Confirmer +general.contactSupport=Contacter le service d'assistance +general.continue=Continuer +general.edit=Editer +general.email=E-mail +general.email.address=Adresse e-mail +general.entryCode=Entrer le code +general.getStarted=Démarrer +general.goAGOVHelp=Rendez-vous sur AGOV help +general.goAccessApp=Login avec AGOV access +general.help=Aide +general.help.link=https://agov.ch/pages/help_fr.html +general.login=Login +general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité +general.or=OU +general.otherOptions=AUTRES OPTIONS +general.recovery=Récupération +general.recoveryOngoing=Récupération en cours +general.register=Créer un compte +general.registerNow=Enregistrez-vous dès maintenant! +general.registration=Enregistrement +general.securityKey=Clé de sécurité +general.skip.content=Passer au contenu principal +generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème. +generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste. +generic.auth.error.subtitle=Un problème s’est produit +generic.auth.error.title=Erreur +info.login=Veuillez entrer vos éléments de sécurité ci-après. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Sélectionner la langue +loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours. +loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante. +loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS. +loainfo.helper=Vos données doivent être vérifiées! +loainfo.later=Plus tard +loainfo.startNow=Voulez-vous commencer le processus maintenant? +loainfo.startVerification=Démarrer la vérification +loainfo.title=Vérifiez vos données +mauth_usernameless.EID=Continuer avec l'e-ID suisse +mauth_usernameless.banner.error=Authentification interrompue.
Veuillez réessayer lorsque la page sera rechargée. +mauth_usernameless.banner.info=Scan réussi!
Veuillez continuer dans l'application AGOV access. +mauth_usernameless.banner.success=Authentification réussie!
Veuillez attendre d'être connecté. +mauth_usernameless.cannotLogin=Avez-vous perdu l'accès à votre application / votre clé de sécurité ? +mauth_usernameless.hideQR=Cacher le code QR +mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access +mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ? +mauth_usernameless.showQR=Afficher le code QR +mauth_usernameless.startRecovery=Commencer la récupération du compte +mauth_usernameless.useSecurityKey=Utiliser une clé de sécurité pour se connecter +mauth_usernameless.useSecurityKeyInfo=Une clé de sécurité physique offre un moyen sûr de se connecter sans devoir utiliser son téléphone. +op-admin.login=Administration de l’accès à AGOV op +op-admin.login.intro.message=Connectez-vous avec votre nom d’utilisateur et votre mot de passe +op-admin.login.loginid=Identifiant de connexion +op-admin.login.password=Mot de passe +op-admin.login.title=Connexion +op-admin.logout=Administration de l’accès à AGOV op +op-admin.logout.message=Vous vous êtes déconnecté avec succès. +op-admin.logout.title=Déconnexion +op-admin.pwchange.intro.message=Changement de mot de passe requis +op-admin.pwchange.newpassword=Nouveau mot de passe +op-admin.pwchange.newpassword2=Répéter le nouveau mot de passe +op-admin.pwchange.password=Mot de passe actuel +op-admin.pwchange.title=Changer de mot de passe +op-idmlogin.role.accs-mgmt-idm=Gestion des droits d'accès IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestion des droits d'accès +op-idmlogin.role.idmcfg-mgmt=Mise en place de l'IDM +op-idmlogin.role.readonly-access=Accès par défaut (lecture seule) +op-idmlogin.role.support-basic=Cas de support (récupération, ...) +op-idmlogin.role.support-priv=Support de 3ème niveau (archivage, désinscription) +op-idmlogin.role.usr-mgmt=Gestion des utilisateurs (opérations) +op-idmlogin.role.usr-unit-mgmt=Gestion des utilisateurs et des organisations (opérations) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Veuillez sélectionner l’un des profils ci-dessous... +op-idmlogin.select.note=Les profils marqués d'un * ne doivent être utilisés que s'ils sont nécessaires pour des tâches spécifiques de support ou de mise en production. +op-idmlogin.select.title=Séléction du profil +op-onboarding.done.message=L’enregistrement a été effectué avec succès. Vous disposez maintenant d’un accès à AGOV operations. Veuillez fermer le navigateur avant d’accéder à AGOV operations. +op-onboarding.done.title=TERMINÉ +op-onboarding.failed.title=ERREUR +op-onboarding.intro.message1=Pour terminer l’enregistrement de votre accès à AGOV operations, vous devez disposer d’un compte AGOV ou d’un compte FED-LOGIN. +op-onboarding.intro.message2=Après avoir cliqué sur "Continuer", vous serez redirigé vers l’authentification. +op-onboarding.intro.message3=Si vous utilisez AGOV et que votre compte n’a pas encore atteint le niveau de qualité d’authentification requis, vous aurez la possibilité de démarrer la vérification d’identité nécessaire pour l’atteindre. +op-onboarding.intro.title=DÉMARRER +op-onboarding.onboarding=Enregistrement de l’accès à AGOV op +op-onboarding.process.message=Un problème s’est produit. Veuillez contacter le service d’assistance AGOV afin de demander un nouveau lien d’enregistrement. +prompt.client=Client +prompt.newpassword=Nouveau mot de passe +prompt.newpassword.confirm=Confirmez le mot de passe +prompt.password=Mot de passe +prompt.userid=ID de l'utilisateur +pwreset.done.info=Votre mot de passe a été changé avec succès. Veuillez cliquer sur continuer pour vous connecter. +pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe. +pwreset.info.linktext=Mot de passe oublié +pwreset.noticket=Votre lien n'est plus valide. Veuillez en générer un nouveau. +recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est déjà enregistrée +recovery_accessapp_auth.instruction1=Vous avez déjà enregistré une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de récupération. +recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier. +recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez réessayer. +recovery_check_code.enterRecoveryCode=Saisir le code de récupération +recovery_check_code.instruction=Veuillez saisir votre code de récupération à douze chiffres. Lors de votre inscription, vous avez reçu le code de récupération sous la forme d’un fichier PDF ou dans AGOV me. +recovery_check_code.invalid.code=Le code est invalide +recovery_check_code.invalid.code.required=Code requis +recovery_check_code.invalid.code.tooLong=Le code est trop long +recovery_check_code.noAccess=Je n’ai pas accès à mon code de récupération +recovery_check_code.noCodeAccess=Êtes-vous sûr de ne pas avoir accès à votre code de récupération ? +recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de récupération, veuillez vous rendre sur AGOV help et contacter le service d’assistance AGOV. Un agent pourra vous aider dans le processus de récupération. +recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de récupération. +recovery_check_noCode.instruction1=Le code de récupération que vous avez saisi a peut-être expiré ou vous avez peut-être essayé de le saisir trop de fois. +recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d’assistance. Un agent pourra vous aider dans le processus de récupération. +recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer. +recovery_code.instruction=Les codes de récupération vous permettent d'accéder à votre compte au cas où vous auriez perdu tous vos identifiants. Conservez le code de récupération en lieu sûr. +recovery_code.newRecoveryCode=Introduction du code de récupération +recovery_code.validUntil=Valable jusqu'au: +recovery_fidokey_auth.button=Démarrer l'authentification par clé de sécurité +recovery_fidokey_auth.fidoInstruction=Cliquez sur "Démarrer l'enregistrement de la clé" +recovery_fidokey_auth.instruction1=Vous avez déjà enregistré une nouvelle clé de sécurité !!!SECURITY_KEY_NAME!!! dans le cadre du processus de récupération. +recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pour suivre les étapes ci-dessous afin de vous identifier. +recovery_fidokey_auth.keyRegistered=Clé de sécurité déjà enregistrée +recovery_intro_email.banner.error=Le lien que vous avez utilisé a expiré. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien. +recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de démarrer le processus de récupération. +recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha +recovery_intro_email.important=Important: +recovery_intro_email.process=Le processus de récupération ne doit être utilisé que si vous avez perdu l'accès à vos facteurs de connexion (application AGOV access supprimée, clé de sécurité perdue, téléphone perdu, etc.). +recovery_intro_email.siteProtectedWithRecaptcha=Ce site est protégé par reCAPTCHA: les règles de confidentialité et conditions d’utilisation de Google s’appliquent. +recovery_intro_email_sent.banner.button=Vous n’avez pas reçu l'email? +recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de récupération et des instructions. +recovery_on_going.finishRecovery=Terminer la récupération +recovery_on_going.instruction=Vous n’avez pas encore terminé le processus de récupération. Dans le cadre du processus de récupération, votre identité peut faire l’objet d’une vérification. Pour accéder à des applications au moyen de votre identifiant AGOV, vous devez terminer la vérification d’identité. +recovery_on_going.title=Veuillez terminer le processus de récupération. +recovery_questionnaire_instructions.banner.info=Veuillez noter que dans certains cas, vous devez avoir accès à votre code de récupération pour que la récupération soit réussie. +recovery_questionnaire_instructions.explanation=D'après vos réponses, une récupération de l'identifiant AGOV-Login semble nécessaire. Veuillez cliquer sur continuer et suivre les instructions à l'écran. +recovery_questionnaire_instructions.instruction1=Fournissez l'adresse électronique de votre compte afin que nous puissions vous envoyer un lien pour commencer le processus de récupération +recovery_questionnaire_instructions.instruction2=Suivez les étapes pour récupérer votre compte (les étapes varient en fonction du niveau de vérification de votre compte) +recovery_questionnaire_loginfactor.banner.error=Veuillez choisir une réponse. +recovery_questionnaire_loginfactor.no=Non +recovery_questionnaire_loginfactor.question=Avez-vous enregistré plus d'un facteur d'authentification (application AGOV access ou clé de sécurité) sur votre compte ? +recovery_questionnaire_loginfactor.yes=Oui +recovery_questionnaire_no_recovery.explanation1=D'après vos réponses, l'option de récupération d'AGOV ne semble pas nécessaire pour l'instant. +recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter www.agov.ch/help pour obtenir des articles de soutien. +recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficultés pour vous connecter à une application, visitez www.agov.ch/me et vérifiez si vous pouvez vous connecter avec succès. +recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistré plusieurs facteurs de connexion mais que vous avez perdu l'accès à l'un d'entre eux, veuillez consulter www.agov.ch/me pour supprimer celui auquel vous avez perdu l'accès. +recovery_questionnaire_reason_selection.answer1=Je n'arrive pas à me connecter, même si j'ai mon application / ma clé de sécurité +recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou clé de sécurité) +recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription +recovery_questionnaire_reason_selection.answer3=J'ai supprimé ou réinitialisé mon application AGOV access +recovery_questionnaire_reason_selection.answer4=J'ai perdu mon téléphone / clé de sécurité +recovery_questionnaire_reason_selection.answer5=J'ai un nouveau téléphone et j'ai oublié de transférer mon application AGOV access +recovery_questionnaire_reason_selection.answer6=J'ai oublié mon PIN pour l'application AGOV access +recovery_questionnaire_reason_selection.answer7=J'ai mes clés de sécurité ou mes applications, mais j'ai du mal à me connecter +recovery_questionnaire_reason_selection.answer8=J'ai perdu l'accès à toutes mes clés de sécurité et aux applications AGOV access +recovery_questionnaire_reason_selection.answer9=J'ai des problèmes avec l'un de mes facteurs d'authentification (effacé, réinitialisé, PIN oublié) +recovery_questionnaire_reason_selection.banner.error=Veuillez sélectionner un motif. +recovery_questionnaire_reason_selection.instruction=Veuillez sélectionner la raison pour laquelle vous entamez le processus de récupération : +recovery_start_info.banner.warning=Vous ne pourrez pas utiliser votre compte tant que le processus de récupération n'aura pas été terminé. +recovery_start_info.instruction=Le processus de récupération nécessitera l’enregistrement d’un nouveau facteur d’authentification. Si votre compte contient des informations ayant déjà été vérifiées, il se peut que vous deviez les faire vérifier à nouveau pour terminer la récupération. +recovery_start_info.title=Vous êtes sur le point de démarrer le processus de récupération. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Changer mot de passe +title.pwreset=Mot de Passe Oublié +user_input.invalid.email=Veuillez saisir un e-mail valable. +user_input.invalid.email.required=Champ requis +user_input.invalid.email.tooLong=La saisie est trop longue diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties new file mode 100644 index 0000000..3535726 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/resources/conf/text_it.properties @@ -0,0 +1,210 @@ + +button.submit=Continua +darkModeSwitch.aria.label=Attivare la modalità scura +error.policy.failed=La nuova password non è stata accettata. Scegliere una password che sia conforme ai criteri di password. +error_1=Verificare i dati inseriti. +error_10=Scegliere l’account utente corretto. +error_100=Impossibile caricare il certificato. Il certificato esiste già. Contattare l’help desk. +error_101=L’e-mail inserita non è valida. +error_11=Utilizzare un altro certificato o accedere con altre credenziali. +error_2=Selezionare un altro nome di accesso. +error_3=Se la prossima autenticazione fallisce, l’account sarà bloccato. +error_4=La nuova password non rispetta le norme di sicurezza. Scegliere un’altra password. +error_5=Errore nella conferma della password. +error_50=La nuova password è troppo corta. +error_55=La nuova password deve differire da quelle precedenti. +error_6=È richiesta la modifica della password. +error_7=È richiesta la modifica dell’ID di accesso. +error_8=A causa dei ripetuti tentativi di autenticazione falliti, l’account è stato bloccato. +error_81=Non è stata trovata alcuna carta di accesso; l’accesso da Internet è negato. +error_83=La carta di accesso non è più valida. Per richiedere una nuova carta di accesso, contattare il responsabile. +error_9=Takeover di sessione fallito. +error_97=Accesso non autorizzato a questa risorsa. +error_98=L’account è stato bloccato. +error_99=Ci sono problemi di sistema. Riprovare più tardi. +error_9901=Per accedere a questa pagina, è necessario un link di registrazione valido. +error_9902=L’e-mail utilizzata per l’autenticazione non corrisponde a quella di AGOV operations. Richiedere un nuovo link di registrazione. +error_9903=L’IdP utilizzato non ha inviato un’asserzione valida. Assicurarsi di utilizzare l’IdP corretto. Richiedere al supporto un nuovo link di registrazione. +error_9904=Il link non è più valido. Assicurarsi di utilizzare il link più recente ricevuto in AGOV operations. Se il problema persiste, richiedere un nuovo link. +error_9905=Si è verificato un problema con l’account AGOV operations. Contattare il supporto. +error_9909=Si è verificato un errore interno. Richiedere al supporto un nuovo link di registrazione. +errors.duplicateValue=Il suo account è già collegato ad un altro accesso operativo. +fido2_auth.cancel.fido=L'autenticazione con la chiave di sicurezza è stata interrotta. Assicurarsi che la chiave FIDO sia registrata e che l'indirizzo e-mail sia corretto, poi seguire le istruzioni. +fido2_auth.instruction1=Cliccare su "Continua" +fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazione. +fido2_auth.instruction3=Seguire le istruzioni. +fido2_auth.skipInstructions=Non mostrare più le istruzioni +fido2_auth.switchLogin=ACCEDERE CON +footer.link=https://agov.ch/?c=contact&l=it +footer.link.label=Contatto +footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. - +general.AGOVAccessApp=App AGOV access +general.accessApp=App AGOV access +general.authenticate=Autentifica +general.back=Indietro +general.cancel=Annullare +general.confirm=Confermare +general.contactSupport=Contattare il supporto +general.continue=Continuare +general.edit=Modificare +general.email=e-mail +general.email.address=Indirizzo e-mail +general.entryCode=Codice +general.getStarted=Iniziare +general.goAGOVHelp=Vai ad AGOV help +general.goAccessApp=Login con AGOV access +general.help=Aiuto +general.help.link=https://agov.ch/pages/help_it.html +general.login=Accedere +general.loginSecurityKey=Iniziare il login con la chiave di sicurezza +general.or=O +general.otherOptions=ALTRE OPZIONI +general.recovery=Ripristino +general.recoveryOngoing=Ripristino in corso +general.register=Registrarsi +general.registerNow=Si registri ora! +general.registration=Registrazione +general.securityKey=Chiave di sicurezza +general.skip.content=Vai al contenuto principale +generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio. +generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help. +generic.auth.error.subtitle=Qualcosa non ha funzionato. +generic.auth.error.title=Errore +info.login=Per favore inserisca i suoi dati di accesso. +language.de=Deutsch +language.en=English +language.fr=Français +language.it=Italiano +languageDropdown.aria.label=Selezionare la lingua +loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi. +loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata. +loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS. +loainfo.helper=I dati devono essere verificati! +loainfo.later=Più tardi +loainfo.startNow=Iniziare la procedura? +loainfo.startVerification=Iniziare la verifica +loainfo.title=Verificare i dati. +mauth_usernameless.EID=Continuare con CH e-ID +mauth_usernameless.banner.error=Autenticazione interrotta.
Riprovare dopo che la pagina si sarà ricaricata. +mauth_usernameless.banner.info=La scansione è stata eseguita.
Continuare nell'app AGOV access. +mauth_usernameless.banner.success=Autenticazione riuscita!
Aspettare di essere connessi. +mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza? +mauth_usernameless.hideQR=Nascondi il codice QR +mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access. +mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ? +mauth_usernameless.showQR=Visualizza il codice QR +mauth_usernameless.startRecovery=Inizia il recupero dell'account +mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza. +mauth_usernameless.useSecurityKeyInfo=Una chiave di sicurezza fisica permette di accedere in modo sicuro senza utilizzare un telefono. +op-admin.login=AGOV op admin +op-admin.login.intro.message=Accedere con nome utente e password +op-admin.login.loginid=ID di accesso +op-admin.login.password=Password +op-admin.login.title=Accedere +op-admin.logout=AGOV op admin +op-admin.logout.message=La sessione è terminata. +op-admin.logout.title=Disconnessione +op-admin.pwchange.intro.message=È richiesta la modifica della password. +op-admin.pwchange.newpassword=Nuova password +op-admin.pwchange.newpassword2=Ripetere la nuova password +op-admin.pwchange.password=Password attuale +op-admin.pwchange.title=Modificare password +op-idmlogin.role.accs-mgmt-idm=Gestione dei diritti di accesso IDM +op-idmlogin.role.accs-mgmt-nonidm=Gestione dei diritti di accesso +op-idmlogin.role.idmcfg-mgmt=Configurazione dell'IDM +op-idmlogin.role.readonly-access=Accesso predefinito (sola lettura) +op-idmlogin.role.support-basic=Casi di supporto (ripristino, ...) +op-idmlogin.role.support-priv=Supporto di terzo livello (archiviazione, off-boarding) +op-idmlogin.role.usr-mgmt=Gestione utenti (operazioni) +op-idmlogin.role.usr-unit-mgmt=Gestione utenti e organizzazione (operazioni) +op-idmlogin.select=AGOV idm +op-idmlogin.select.intro=Si prega di selezionare uno dei seguenti profili... +op-idmlogin.select.note=I profili contrassegnati con * devono essere utilizzati solo se richiesti per attività di supporto o rilascio specifiche. +op-idmlogin.select.title=Selezione del profilo +op-onboarding.done.message=La registrazione è riuscita. Ora l’accesso AGOV operations è pronto. Prima di accedere ad AGOV operations, chiudere il browser. +op-onboarding.done.title=FINITO +op-onboarding.failed.title=ERRORE +op-onboarding.intro.message1=Per completare la registrazione per l'accesso AGOV operations, è necessario avere un account AGOV o FED-LOGIN. +op-onboarding.intro.message2=Dopo aver cliccato su "Continua", si è reindirizzati al servizio di autenticazione. +op-onboarding.intro.message3=Se utilizza AGOV e l’account non soddisfa ancora il livello richiesto AGOVaq, potrà avviare la verifica dell’identità richiesta. +op-onboarding.intro.title=INIZIARE +op-onboarding.onboarding=Registrazione AGOV op +op-onboarding.process.message=Qualcosa non ha funzionato. Contattare il supporto AGOV e, se necessario, richiedere un nuovo link di registrazione. +prompt.client=Mandator +prompt.newpassword=Nuova Password +prompt.newpassword.confirm=Conferma password +prompt.password=Password +prompt.userid=Nome utente +pwreset.done.info=Your password was successfully changed. Please click on continue to log in. +pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password. +pwreset.info.linktext=Password forgotten +pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one. +recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV già registrata +recovery_accessapp_auth.instruction1=Ha già registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione. +recovery_check_code.codeIncorrect=Il codice inserito non è corretto. Riprovare. +recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero +recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me. +recovery_check_code.invalid.code=Il codice non è valido +recovery_check_code.invalid.code.required=Codice richiesto +recovery_check_code.invalid.code.tooLong=Il codice è troppo lungo +recovery_check_code.noAccess=Non ho il mio codice. +recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino? +recovery_check_code.noCodeAccessInstructions=Se non ha più il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assisterà nel processo di ripristino. +recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto +recovery_check_noCode.instruction1=Il codice di ripristino inserito può essere scaduto o è stato inserito troppe volte. +recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero. +recovery_code.banner.error=Per procedere, inserire il nuovo codice. +recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro. +recovery_code.newRecoveryCode=Introduzione del codice di ripristino +recovery_code.validUntil=Valido fino a: +recovery_fidokey_auth.button=Iniziare l'authenticazione della chiave +recovery_fidokey_auth.fidoInstruction=Cliccare su "Iniziare l'authenticazione della chiave" +recovery_fidokey_auth.instruction1=Ha già registrato una nuova chiave di sicurezza !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. +recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per poter seguire i passaggi seguenti per identificarti. +recovery_fidokey_auth.keyRegistered=Chiave di sicurezza già registrata +recovery_intro_email.banner.error=Il link utilizzato è scaduto. Per ricevere un nuovo link, inserire l’indirizzo e-mail. +recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l’indirizzo e-mail. +recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha +recovery_intro_email.important=Importante: +recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.). +recovery_intro_email.siteProtectedWithRecaptcha=Questo sito è protetto da reCAPTCHA. Si applicano le norme sulla privacy e i termini di servizio di Google. +recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail? +recovery_intro_email_sent.banner.success=Grazie! È stata inviata un’e-mail contenente il codice di ripristino e le istruzioni. +recovery_on_going.finishRecovery=Completare il ripristino +recovery_on_going.instruction=È in corso un processo di ripristino. Il processo di ripristino può includere una verifica dell’identità. Per accedere alle applicazioni con il proprio AGOV-Login, è necessario completare la verifica dell’identità. +recovery_on_going.title=Completare il processo di ripristino. +recovery_questionnaire_instructions.banner.info=Tenga presente che in alcuni casi è necessario utilizzare il codice di ripristino per un ripristino riuscito. +recovery_questionnaire_instructions.explanation=In base alle sue risposte sembra essere necessario un ripristino AGOV-Login. Fare clic su Continua e seguire le istruzioni visualizzate sullo schermo. +recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo email del suo account in modo di poter inviarle un link per iniziare il processo di recupero +recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account) +recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta. +recovery_questionnaire_loginfactor.no=No +recovery_questionnaire_loginfactor.question=Ha registrato più di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account? +recovery_questionnaire_loginfactor.yes=Si +recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento. +recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti www.agov.ch/help per articoli di supporto. +recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti www.agov.ch/me e verifichi se può accedere con successo. +recovery_questionnaire_no_recovery.instruction2=Se ha registrato più fattori di accesso ma ha perso l'accesso a uno di essi, visit www.agov.ch/me per rimuovere quello a cui ha perso l'accesso. +recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza +recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza) +recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione +recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza +recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV +recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV +recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere +recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV +recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato) +recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo. +recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero: +recovery_start_info.banner.warning=Non è possibile utilizzare l’account finché il processo di ripristino non sarà concluso. +recovery_start_info.instruction=Durante il processo di ripristino sarà registrato un nuovo fattore di accesso. Se l’account contiene informazioni verificate, potrebbe essere necessario avviare un processo di verifica per completare il ripristino. +recovery_start_info.title=Il processo di ripristino sta per iniziare. +title=NEVIS SSO Portal +title.login=Login +title.pwchange.label=Cambiare Password +title.pwreset=Password Forgotten +user_input.invalid.email=Inserire un'e-mail valida. +user_input.invalid.email.required=Campo obbligatorio +user_input.invalid.email.tooLong=Il testo inserito è troppo lungo. diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_login.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_login.js new file mode 100644 index 0000000..eed68c4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_login.js @@ -0,0 +1,165 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +function messageCheckPhone() { + const text = document.getElementsByName('info.check.phone')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + const authenticationType = document.getElementsByName('authenticationType')[0].value; + if (authenticationType == 'push') { + messageCheckPhone(); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function authenticateUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud login done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud login failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud login failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_login'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + authenticateUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_onboard.js new file mode 100644 index 0000000..5332d9f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/authcloud_onboard.js @@ -0,0 +1,154 @@ +let baseURL; // base URL +let statusToken; // used to check progress +let dispatcherElement; // to display link or QR code +let infoElement; // to display info text +let errorElement; // to display error text + +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +function submitStatus(status) { + // we have to do a form POST instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "status", status); + document.body.appendChild(form); + form.submit(); +} + +const Status = { + _pollInterval: 2 * 1000, // Check every 2 seconds + latest: null, + + startPolling: function (token, uiCallback) { + let interval = setInterval(async () => { + await this._check(token).then(function (resp) { + console.log("Polling status: %o", resp); + uiCallback && uiCallback(resp, false); + return Status.latest = resp; + }) + .catch(function (err) { + console.error("Error during polling: %o", err); + return false; + }); + if (Status.latest && (Status.latest.status === 'succeeded' || Status.latest.status === 'failed' || Status.latest.status === 'unknown')) { + // Done! + console.log('Latest status is: %o', this.latest); + uiCallback && uiCallback(this.latest, true); + clearInterval(interval); + } + }, this._pollInterval); + }, + + _check: async function (token) { + const payload = { statusToken: token }; + const response = await fetch(baseURL + 'api/v1/status', { + method: 'POST', + mode: 'cors', + cache: 'no-cache', + credentials: 'omit', + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json;charset=utf-8' + }, + body: JSON.stringify(payload), + redirect: 'follow', + referrerPolicy: 'no-referrer' + }); + + return await response.json(); + } +}; + +function setDeepLinkLabel(button) { + const text = document.getElementsByName('info.deeplink')[0].value; + button.innerHTML = text; +} + +function messageScanQR() { + const text = document.getElementsByName('info.qrcode')[0].value; + infoElement.innerHTML = text; +} + +const Element = { + + _elem: null, // QR code or deep link depending on device + + show: function (appLink) { + const userAgent = navigator.userAgent || navigator.vendor || window.opera; + const isIphone = 'iPhone' === navigator.platform; + const isAndroid = /android/i.test(userAgent) && /mobile/i.test(userAgent); + if (isAndroid || isIphone) { + this._elem = document.createElement('a'); + this._elem.setAttribute('href', appLink); + this._elem.setAttribute('class', 'btn btn-primary'); + this._elem.setAttribute('target', '_blank'); + dispatcherElement.appendChild(this._elem); + setDeepLinkLabel(this._elem); + } + else { + messageScanQR(); + this._elem = document.createElement('canvas'); + dispatcherElement.appendChild(this._elem); + var qrcode = new QRious({ + element: this._elem, + foreground: "#168CA9", + level: "M", + size: 280, + value: appLink + }); + } + }, + + hide: function() { + // hide the element which was shown + if (this._elem != null) { + this._elem.style.display = "none"; + } + } +}; + +function onboardUser(appLink) { + Element.show(appLink); + console.log('Starting Authentication Cloud status polling...'); + Status.startPolling(statusToken, (st, done) => { + if (st.status === 'succeeded') { + console.log('Authentication Cloud onboarding done.'); + submitStatus('succeeded') + } + else if (st.status === 'failed') { + // failed: The transaction failed, either by timeout or because the user did not accept. + console.warn('Authentication Cloud onboarding failed. User abort or timeout.'); + submitStatus('failed') + } + else if (st.status === 'unknown') { + console.error('Authentication Cloud onboarding failed. Unknown status.'); + submitStatus('unknown') + } + }); +} + +function init() { + + const form = document.getElementById('authcloud_onboard'); + + baseURL = form.url.value; + statusToken = form.statusToken.value; + + infoElement = document.getElementById('authcloud_info'); + errorElement = document.getElementById('authcloud_error'); + + dispatcherElement = document.getElementById('authcloud_dispatch'); + + const appLink = form.appLink.value; + onboardUser(appLink); +} + +window.onload = function() { + init(); +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/base64.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/base64.js new file mode 100644 index 0000000..24ecf9e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/base64.js @@ -0,0 +1,87 @@ +/* + * Base64URL-ArrayBuffer + * https://github.com/herrjemand/Base64URL-ArrayBuffer + * + * Copyright (c) 2017 Yuriy Ackermann + * Copyright (c) 2012 Niklas von Hertzen + * Licensed under the MIT license. + * + */ +(function() { + "use strict"; + + var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + + // Use a lookup table to find the index. + var lookup = new Uint8Array(256); + for (var i = 0; i < chars.length; i++) { + lookup[chars.charCodeAt(i)] = i; + } + + var encode = function(arraybuffer) { + var bytes = new Uint8Array(arraybuffer), + i, len = bytes.length, base64 = ""; + + for (i = 0; i < len; i+=3) { + base64 += chars[bytes[i] >> 2]; + base64 += chars[((bytes[i] & 3) << 4) | (bytes[i + 1] >> 4)]; + base64 += chars[((bytes[i + 1] & 15) << 2) | (bytes[i + 2] >> 6)]; + base64 += chars[bytes[i + 2] & 63]; + } + + if ((len % 3) === 2) { + base64 = base64.substring(0, base64.length - 1); + } else if (len % 3 === 1) { + base64 = base64.substring(0, base64.length - 2); + } + + return base64; + }; + + var decode = function(base64) { + var bufferLength = base64.length * 0.75, + len = base64.length, i, p = 0, + encoded1, encoded2, encoded3, encoded4; + + var arraybuffer = new ArrayBuffer(bufferLength), + bytes = new Uint8Array(arraybuffer); + + for (i = 0; i < len; i+=4) { + encoded1 = lookup[base64.charCodeAt(i)]; + encoded2 = lookup[base64.charCodeAt(i+1)]; + encoded3 = lookup[base64.charCodeAt(i+2)]; + encoded4 = lookup[base64.charCodeAt(i+3)]; + + bytes[p++] = (encoded1 << 2) | (encoded2 >> 4); + bytes[p++] = ((encoded2 & 15) << 4) | (encoded3 >> 2); + bytes[p++] = ((encoded3 & 3) << 6) | (encoded4 & 63); + } + + return arraybuffer; + }; + + /** + * Exporting and stuff + */ + if (typeof module !== 'undefined' && typeof module.exports !== 'undefined') { + module.exports = { + 'encode': encode, + 'decode': decode + } + + } else { + if (typeof define === 'function' && define.amd) { + define([], function() { + return { + 'encode': encode, + 'decode': decode + } + }); + } else { + window.base64url = { + 'encode': encode, + 'decode': decode + } + } + } +})(); \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap-theme.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap-theme.min.css new file mode 100644 index 0000000..4aaa13e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap-theme.min.css @@ -0,0 +1,9 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * The Nevis @btn-default-color: #6ebabd + * Bootstrap v3.4.1 (https://getbootstrap.com/) + */ + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */.btn-default,.btn-primary,.btn-success,.btn-info,.btn-warning,.btn-danger{text-shadow:0 -1px 0 rgba(0,0,0,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 1px rgba(0,0,0,0.075)}.btn-default:active,.btn-primary:active,.btn-success:active,.btn-info:active,.btn-warning:active,.btn-danger:active,.btn-default.active,.btn-primary.active,.btn-success.active,.btn-info.active,.btn-warning.active,.btn-danger.active{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-default.disabled,.btn-primary.disabled,.btn-success.disabled,.btn-info.disabled,.btn-warning.disabled,.btn-danger.disabled,.btn-default[disabled],.btn-primary[disabled],.btn-success[disabled],.btn-info[disabled],.btn-warning[disabled],.btn-danger[disabled],fieldset[disabled] .btn-default,fieldset[disabled] .btn-primary,fieldset[disabled] .btn-success,fieldset[disabled] .btn-info,fieldset[disabled] .btn-warning,fieldset[disabled] .btn-danger{-webkit-box-shadow:none;box-shadow:none}.btn-default .badge,.btn-primary .badge,.btn-success .badge,.btn-info .badge,.btn-warning .badge,.btn-danger .badge{text-shadow:none}.btn:active,.btn.active{background-image:none}.btn-default{background-image:-webkit-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-o-linear-gradient(top, #fff 0, #e0e0e0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#e0e0e0));background-image:linear-gradient(to bottom, #fff 0, #e0e0e0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#dbdbdb;text-shadow:0 1px 0 #fff;border-color:#ccc}.btn-default:hover,.btn-default:focus{background-color:#e0e0e0;background-position:0 -15px}.btn-default:active,.btn-default.active{background-color:#e0e0e0;border-color:#dbdbdb}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#e0e0e0;background-image:none}.btn-primary{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-primary:hover,.btn-primary:focus{background-color:#6ebabd;background-position:0 -15px}.btn-primary:active,.btn-primary.active{background-color:#6ebabd;border-color:#67b7ba}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#6ebabd;background-image:none}.btn-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-o-linear-gradient(top, #98ced0 0, #6ebabd 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#6ebabd));background-image:linear-gradient(to bottom, #98ced0 0, #6ebabd 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff6ebabd', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#67b7ba}.btn-success:hover,.btn-success:focus{background-color:#6ebabd;background-position:0 -15px}.btn-success:active,.btn-success.active{background-color:#6ebabd;border-color:#67b7ba}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#6ebabd;background-image:none}.btn-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #2aabd2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#2aabd2));background-image:linear-gradient(to bottom, #5bc0de 0, #2aabd2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#28a4c9}.btn-info:hover,.btn-info:focus{background-color:#2aabd2;background-position:0 -15px}.btn-info:active,.btn-info.active{background-color:#2aabd2;border-color:#28a4c9}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#2aabd2;background-image:none}.btn-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-warning:hover,.btn-warning:focus{background-color:#be2331;background-position:0 -15px}.btn-warning:active,.btn-warning.active{background-color:#be2331;border-color:#b5222f}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#be2331;background-image:none}.btn-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-o-linear-gradient(top, #dc4250 0, #be2331 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#be2331));background-image:linear-gradient(to bottom, #dc4250 0, #be2331 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffbe2331', GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);background-repeat:repeat-x;border-color:#b5222f}.btn-danger:hover,.btn-danger:focus{background-color:#be2331;background-position:0 -15px}.btn-danger:active,.btn-danger.active{background-color:#be2331;border-color:#b5222f}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#be2331;background-image:none}.thumbnail,.img-thumbnail{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{background-image:-webkit-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-o-linear-gradient(top, #65b6b9 0, #53aeb1 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #65b6b9), to(#53aeb1));background-image:linear-gradient(to bottom, #65b6b9 0, #53aeb1 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff65b6b9', endColorstr='#ff53aeb1', GradientType=0);background-repeat:repeat-x;background-color:#53aeb1}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x;background-color:#006e73}.navbar-default{background-image:-webkit-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-o-linear-gradient(top, #fff 0, #f8f8f8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fff), to(#f8f8f8));background-image:linear-gradient(to bottom, #fff 0, #f8f8f8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.15),0 1px 5px rgba(0,0,0,0.075)}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-o-linear-gradient(top, #dbdbdb 0, #e2e2e2 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dbdbdb), to(#e2e2e2));background-image:linear-gradient(to bottom, #dbdbdb 0, #e2e2e2 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdbdbdb', endColorstr='#ffe2e2e2', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.075);box-shadow:inset 0 3px 9px rgba(0,0,0,0.075)}.navbar-brand,.navbar-nav>li>a{text-shadow:0 1px 0 rgba(255,255,255,0.25)}.navbar-inverse{background-image:-webkit-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-o-linear-gradient(top, #3c3c3c 0, #222 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #3c3c3c), to(#222));background-image:linear-gradient(to bottom, #3c3c3c 0, #222 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);border-radius:3px}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.active>a{background-image:-webkit-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-o-linear-gradient(top, #080808 0, #0f0f0f 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #080808), to(#0f0f0f));background-image:linear-gradient(to bottom, #080808 0, #0f0f0f 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff080808', endColorstr='#ff0f0f0f', GradientType=0);background-repeat:repeat-x;-webkit-box-shadow:inset 0 3px 9px rgba(0,0,0,0.25);box-shadow:inset 0 3px 9px rgba(0,0,0,0.25)}.navbar-inverse .navbar-brand,.navbar-inverse .navbar-nav>li>a{text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-static-top,.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}@media (max-width:767px){.navbar .navbar-nav .open .dropdown-menu>.active>a,.navbar .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}}.alert{text-shadow:0 1px 0 rgba(255,255,255,0.2);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.25),0 1px 2px rgba(0,0,0,0.05)}.alert-success{background-image:-webkit-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #c8e5bc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#c8e5bc));background-image:linear-gradient(to bottom, #dff0d8 0, #c8e5bc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);background-repeat:repeat-x;border-color:#b2dba1}.alert-info{background-image:-webkit-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #b9def0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#b9def0));background-image:linear-gradient(to bottom, #d9edf7 0, #b9def0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);background-repeat:repeat-x;border-color:#9acfea}.alert-warning{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #f8efc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#f8efc0));background-image:linear-gradient(to bottom, #fcf8e3 0, #f8efc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);background-repeat:repeat-x;border-color:#f5e79e}.alert-danger{background-image:-webkit-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-o-linear-gradient(top, #f2dede 0, #e7c3c3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#e7c3c3));background-image:linear-gradient(to bottom, #f2dede 0, #e7c3c3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);background-repeat:repeat-x;border-color:#dca7a7}.progress{background-image:-webkit-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #ebebeb 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #ebebeb), to(#f5f5f5));background-image:linear-gradient(to bottom, #ebebeb 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x}.progress-bar{background-image:-webkit-linear-gradient(top, #00868c 0, #005559 100%);background-image:-o-linear-gradient(top, #00868c 0, #005559 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#005559));background-image:linear-gradient(to bottom, #00868c 0, #005559 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff005559', GradientType=0);background-repeat:repeat-x}.progress-bar-success{background-image:-webkit-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-o-linear-gradient(top, #98ced0 0, #75bdc0 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #98ced0), to(#75bdc0));background-image:linear-gradient(to bottom, #98ced0 0, #75bdc0 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff98ced0', endColorstr='#ff75bdc0', GradientType=0);background-repeat:repeat-x}.progress-bar-info{background-image:-webkit-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-o-linear-gradient(top, #5bc0de 0, #31b0d5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #5bc0de), to(#31b0d5));background-image:linear-gradient(to bottom, #5bc0de 0, #31b0d5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);background-repeat:repeat-x}.progress-bar-warning{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-danger{background-image:-webkit-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-o-linear-gradient(top, #dc4250 0, #c62533 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dc4250), to(#c62533));background-image:linear-gradient(to bottom, #dc4250 0, #c62533 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdc4250', endColorstr='#ffc62533', GradientType=0);background-repeat:repeat-x}.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.list-group{border-radius:3px;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.075);box-shadow:0 1px 2px rgba(0,0,0,0.075)}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{text-shadow:0 -1px 0 #005559;background-image:-webkit-linear-gradient(top, #00868c 0, #006166 100%);background-image:-o-linear-gradient(top, #00868c 0, #006166 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006166));background-image:linear-gradient(to bottom, #00868c 0, #006166 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006166', GradientType=0);background-repeat:repeat-x;border-color:#006166}.list-group-item.active .badge,.list-group-item.active:hover .badge,.list-group-item.active:focus .badge{text-shadow:none}.panel{-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.panel-default>.panel-heading{background-image:-webkit-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-o-linear-gradient(top, #f5f5f5 0, #e8e8e8 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f5f5f5), to(#e8e8e8));background-image:linear-gradient(to bottom, #f5f5f5 0, #e8e8e8 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);background-repeat:repeat-x}.panel-primary>.panel-heading{background-image:-webkit-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-o-linear-gradient(top, #00868c 0, #006e73 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #00868c), to(#006e73));background-image:linear-gradient(to bottom, #00868c 0, #006e73 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff00868c', endColorstr='#ff006e73', GradientType=0);background-repeat:repeat-x}.panel-success>.panel-heading{background-image:-webkit-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-o-linear-gradient(top, #dff0d8 0, #d0e9c6 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #dff0d8), to(#d0e9c6));background-image:linear-gradient(to bottom, #dff0d8 0, #d0e9c6 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);background-repeat:repeat-x}.panel-info>.panel-heading{background-image:-webkit-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-o-linear-gradient(top, #d9edf7 0, #c4e3f3 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #d9edf7), to(#c4e3f3));background-image:linear-gradient(to bottom, #d9edf7 0, #c4e3f3 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);background-repeat:repeat-x}.panel-warning>.panel-heading{background-image:-webkit-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-o-linear-gradient(top, #fcf8e3 0, #faf2cc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #fcf8e3), to(#faf2cc));background-image:linear-gradient(to bottom, #fcf8e3 0, #faf2cc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);background-repeat:repeat-x}.panel-danger>.panel-heading{background-image:-webkit-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-o-linear-gradient(top, #f2dede 0, #ebcccc 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #f2dede), to(#ebcccc));background-image:linear-gradient(to bottom, #f2dede 0, #ebcccc 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);background-repeat:repeat-x}.well{background-image:-webkit-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-o-linear-gradient(top, #e8e8e8 0, #f5f5f5 100%);background-image:-webkit-gradient(linear, left top, left bottom, color-stop(0, #e8e8e8), to(#f5f5f5));background-image:linear-gradient(to bottom, #e8e8e8 0, #f5f5f5 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);background-repeat:repeat-x;border-color:#dcdcdc;-webkit-box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 3px rgba(0,0,0,0.05),0 1px 0 rgba(255,255,255,0.1)} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.css b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.css new file mode 100644 index 0000000..af8b6ed --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.css @@ -0,0 +1,11 @@ +/*! + * Generated using the Bootstrap Customizer (http://getbootstrap.com/customize/?id=a17c489ffbed8c6e46fcf0d72d0d80db) + * Config saved to config.json and https://gist.github.com/a17c489ffbed8c6e46fcf0d72d0d80db + *//*! +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + *//*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2019 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:none;text-decoration:underline;text-decoration:underline dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,*:before,*:after{color:#000 !important;text-shadow:none !important;background:transparent !important;-webkit-box-shadow:none !important;box-shadow:none !important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000 !important}.label{border:1px solid #000}.table{border-collapse:collapse !important}.table td,.table th{background-color:#fff !important}.table-bordered th,.table-bordered td{border:1px solid #ddd !important}}@font-face{font-family:"Glyphicons Halflings";src:url("../fonts/glyphicons-halflings-regular.eot");src:url("../fonts/glyphicons-halflings-regular.eot?#iefix") format("embedded-opentype"),url("../fonts/glyphicons-halflings-regular.woff2") format("woff2"),url("../fonts/glyphicons-halflings-regular.woff") format("woff"),url("../fonts/glyphicons-halflings-regular.ttf") format("truetype"),url("../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") format("svg")}.glyphicon{position:relative;top:1px;display:inline-block;font-family:"Glyphicons Halflings";font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\002a"}.glyphicon-plus:before{content:"\002b"}.glyphicon-euro:before,.glyphicon-eur:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.glyphicon-cd:before{content:"\e201"}.glyphicon-save-file:before{content:"\e202"}.glyphicon-open-file:before{content:"\e203"}.glyphicon-level-up:before{content:"\e204"}.glyphicon-copy:before{content:"\e205"}.glyphicon-paste:before{content:"\e206"}.glyphicon-alert:before{content:"\e209"}.glyphicon-equalizer:before{content:"\e210"}.glyphicon-king:before{content:"\e211"}.glyphicon-queen:before{content:"\e212"}.glyphicon-pawn:before{content:"\e213"}.glyphicon-bishop:before{content:"\e214"}.glyphicon-knight:before{content:"\e215"}.glyphicon-baby-formula:before{content:"\e216"}.glyphicon-tent:before{content:"\26fa"}.glyphicon-blackboard:before{content:"\e218"}.glyphicon-bed:before{content:"\e219"}.glyphicon-apple:before{content:"\f8ff"}.glyphicon-erase:before{content:"\e221"}.glyphicon-hourglass:before{content:"\231b"}.glyphicon-lamp:before{content:"\e223"}.glyphicon-duplicate:before{content:"\e224"}.glyphicon-piggy-bank:before{content:"\e225"}.glyphicon-scissors:before{content:"\e226"}.glyphicon-bitcoin:before{content:"\e227"}.glyphicon-btc:before{content:"\e227"}.glyphicon-xbt:before{content:"\e227"}.glyphicon-yen:before{content:"\00a5"}.glyphicon-jpy:before{content:"\00a5"}.glyphicon-ruble:before{content:"\20bd"}.glyphicon-rub:before{content:"\20bd"}.glyphicon-scale:before{content:"\e230"}.glyphicon-ice-lolly:before{content:"\e231"}.glyphicon-ice-lolly-tasted:before{content:"\e232"}.glyphicon-education:before{content:"\e233"}.glyphicon-option-horizontal:before{content:"\e234"}.glyphicon-option-vertical:before{content:"\e235"}.glyphicon-menu-hamburger:before{content:"\e236"}.glyphicon-modal-window:before{content:"\e237"}.glyphicon-oil:before{content:"\e238"}.glyphicon-grain:before{content:"\e239"}.glyphicon-sunglasses:before{content:"\e240"}.glyphicon-text-size:before{content:"\e241"}.glyphicon-text-color:before{content:"\e242"}.glyphicon-text-background:before{content:"\e243"}.glyphicon-object-align-top:before{content:"\e244"}.glyphicon-object-align-bottom:before{content:"\e245"}.glyphicon-object-align-horizontal:before{content:"\e246"}.glyphicon-object-align-left:before{content:"\e247"}.glyphicon-object-align-vertical:before{content:"\e248"}.glyphicon-object-align-right:before{content:"\e249"}.glyphicon-triangle-right:before{content:"\e250"}.glyphicon-triangle-left:before{content:"\e251"}.glyphicon-triangle-bottom:before{content:"\e252"}.glyphicon-triangle-top:before{content:"\e253"}.glyphicon-console:before{content:"\e254"}.glyphicon-superscript:before{content:"\e255"}.glyphicon-subscript:before{content:"\e256"}.glyphicon-menu-left:before{content:"\e257"}.glyphicon-menu-right:before{content:"\e258"}.glyphicon-menu-down:before{content:"\e259"}.glyphicon-menu-up:before{content:"\e260"}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:10px;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#337ab7;text-decoration:none}a:hover,a:focus{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0, 0, 0, 0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}[role="button"]{cursor:pointer}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#777}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:28px}h2,.h2{font-size:26px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:300;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}mark,.mark{padding:.2em;background-color:#fcf8e3}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-nowrap{white-space:nowrap}.text-lowercase{text-transform:lowercase}.text-uppercase{text-transform:uppercase}.text-capitalize{text-transform:capitalize}.text-muted{color:#777}.text-primary{color:#00868c}a.text-primary:hover,a.text-primary:focus{color:#286090}.text-success{color:#3c763d}a.text-success:hover,a.text-success:focus{color:#2b542c}.text-info{color:#31708f}a.text-info:hover,a.text-info:focus{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover,a.text-warning:focus{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover,a.text-danger:focus{color:#843534}.bg-primary{color:#fff;background-color:#337ab7}a.bg-primary:hover,a.bg-primary:focus{background-color:#286090}.bg-success{background-color:#dff0d8}a.bg-success:hover,a.bg-success:focus{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover,a.bg-info:focus{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover,a.bg-warning:focus{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover,a.bg-danger:focus{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#777}blockquote footer:before,blockquote small:before,blockquote .small:before{content:"\2014 \00A0"}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;text-align:right;border-right:5px solid #eee;border-left:0}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:""}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:"\00A0 \2014"}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.25)}kbd kbd{padding:0;font-size:100%;font-weight:700;-webkit-box-shadow:none;box-shadow:none}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;color:#333;word-break:break-all;word-wrap:break-word;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}.row{margin-right:-15px;margin-left:-15px}.row-no-gutters{margin-right:0;margin-left:0}.row-no-gutters [class*="col-"]{padding-right:0;padding-left:0}.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:auto}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:auto}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:auto}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:auto}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:auto}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:auto}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:auto}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:auto}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{background-color:transparent}table col[class*="col-"]{position:static;display:table-column;float:none}table td[class*="col-"],table th[class*="col-"]{position:static;display:table-cell;float:none}caption{padding-top:8px;padding-bottom:8px;color:#777;text-align:left}th{text-align:left}.table{width:100%;max-width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-of-type(odd){background-color:#f9f9f9}.table-hover>tbody>tr:hover{background-color:#f5f5f5}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr:hover>.active,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr:hover>.success,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr:hover>.info,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr:hover>.warning,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr:hover>.danger,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}.table-responsive{min-height:.01%;overflow-x:auto}@media screen and (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{min-width:0;padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;max-width:100%;margin-bottom:5px;font-weight:700}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-appearance:none;appearance:none}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"].disabled,input[type="checkbox"].disabled,fieldset[disabled] input[type="radio"],fieldset[disabled] input[type="checkbox"]{cursor:not-allowed}input[type="file"]{display:block}input[type="range"]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border-color ease-in-out .15s, -webkit-box-shadow ease-in-out .15s;-o-transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s, box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6);box-shadow:inset 0 1px 1px rgba(0, 0, 0, .075), 0 0 8px rgba(102, 175, 233, 0.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control::-ms-expand{background-color:transparent;border:0}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{background-color:#eee;opacity:1}.form-control[disabled],fieldset[disabled] .form-control{cursor:not-allowed}textarea.form-control{height:auto}@media screen and (-webkit-min-device-pixel-ratio:0){input[type="date"].form-control,input[type="time"].form-control,input[type="datetime-local"].form-control,input[type="month"].form-control{line-height:34px}input[type="date"].input-sm,input[type="time"].input-sm,input[type="datetime-local"].input-sm,input[type="month"].input-sm,.input-group-sm input[type="date"],.input-group-sm input[type="time"],.input-group-sm input[type="datetime-local"],.input-group-sm input[type="month"]{line-height:30px}input[type="date"].input-lg,input[type="time"].input-lg,input[type="datetime-local"].input-lg,input[type="month"].input-lg,.input-group-lg input[type="date"],.input-group-lg input[type="time"],.input-group-lg input[type="datetime-local"],.input-group-lg input[type="month"]{line-height:46px}}.form-group{margin-bottom:15px}.radio,.checkbox{position:relative;display:block;margin-top:10px;margin-bottom:10px}.radio.disabled label,.checkbox.disabled label,fieldset[disabled] .radio label,fieldset[disabled] .checkbox label{cursor:not-allowed}.radio label,.checkbox label{min-height:20px;padding-left:20px;margin-bottom:0;font-weight:400;cursor:pointer}.radio input[type="radio"],.radio-inline input[type="radio"],.checkbox input[type="checkbox"],.checkbox-inline input[type="checkbox"]{position:absolute;margin-top:4px \9;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{position:relative;display:inline-block;padding-left:20px;margin-bottom:0;font-weight:400;vertical-align:middle;cursor:pointer}.radio-inline.disabled,.checkbox-inline.disabled,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}.form-control-static{min-height:34px;padding-top:7px;padding-bottom:7px;margin-bottom:0}.form-control-static.input-lg,.form-control-static.input-sm{padding-right:0;padding-left:0}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.form-group-sm .form-control{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.form-group-sm select.form-control{height:30px;line-height:30px}.form-group-sm textarea.form-control,.form-group-sm select[multiple].form-control{height:auto}.form-group-sm .form-control-static{height:30px;min-height:32px;padding:6px 10px;font-size:12px;line-height:1.5}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.form-group-lg .form-control{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.form-group-lg select.form-control{height:46px;line-height:46px}.form-group-lg textarea.form-control,.form-group-lg select[multiple].form-control{height:auto}.form-group-lg .form-control-static{height:46px;min-height:38px;padding:11px 16px;font-size:18px;line-height:1.3333333}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.form-control-feedback{position:absolute;top:0;right:0;z-index:2;display:block;width:34px;height:34px;line-height:34px;text-align:center;pointer-events:none}.input-lg+.form-control-feedback,.input-group-lg+.form-control-feedback,.form-group-lg .form-control+.form-control-feedback{width:46px;height:46px;line-height:46px}.input-sm+.form-control-feedback,.input-group-sm+.form-control-feedback,.form-group-sm .form-control+.form-control-feedback{width:30px;height:30px;line-height:30px}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline,.has-success.radio label,.has-success.checkbox label,.has-success.radio-inline label,.has-success.checkbox-inline label{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;background-color:#dff0d8;border-color:#3c763d}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline,.has-warning.radio label,.has-warning.checkbox label,.has-warning.radio-inline label,.has-warning.checkbox-inline label{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;background-color:#fcf8e3;border-color:#8a6d3b}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline,.has-error.radio label,.has-error.checkbox label,.has-error.radio-inline label,.has-error.checkbox-inline label{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;background-color:#f2dede;border-color:#a94442}.has-error .form-control-feedback{color:#a94442}.has-feedback label~.form-control-feedback{top:25px}.has-feedback label.sr-only~.form-control-feedback{top:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .form-control-static{display:inline-block}.form-inline .input-group{display:inline-table;vertical-align:middle}.form-inline .input-group .input-group-addon,.form-inline .input-group .input-group-btn,.form-inline .input-group .form-control{width:auto}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.form-inline .radio label,.form-inline .checkbox label{padding-left:0}.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{position:relative;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{padding-top:7px;margin-top:0;margin-bottom:0}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.form-horizontal .control-label{padding-top:7px;margin-bottom:0;text-align:right}}.form-horizontal .has-feedback .form-control-feedback{right:15px}@media (min-width:768px){.form-horizontal .form-group-lg .control-label{padding-top:11px;font-size:18px}}@media (min-width:768px){.form-horizontal .form-group-sm .control-label{padding-top:6px;font-size:12px}}.btn{display:inline-block;margin-bottom:0;font-weight:normal;text-align:center;white-space:nowrap;vertical-align:middle;-ms-touch-action:manipulation;touch-action:manipulation;cursor:pointer;background-image:none;border:1px solid transparent;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:13px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus,.btn.focus,.btn:active.focus,.btn.active.focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus,.btn.focus{color:#333;text-decoration:none}.btn:active,.btn.active{background-image:none;outline:0;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;filter:alpha(opacity=65);opacity:.65;-webkit-box-shadow:none;box-shadow:none}a.btn.disabled,fieldset[disabled] a.btn{pointer-events:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:focus,.btn-default.focus{color:#333;background-color:#e6e6e6;border-color:#8c8c8c}.btn-default:hover{color:#333;background-color:#e6e6e6;border-color:#adadad}.btn-default:active,.btn-default.active,.open>.dropdown-toggle.btn-default{color:#333;background-color:#e6e6e6;background-image:none;border-color:#adadad}.btn-default:active:hover,.btn-default.active:hover,.open>.dropdown-toggle.btn-default:hover,.btn-default:active:focus,.btn-default.active:focus,.open>.dropdown-toggle.btn-default:focus,.btn-default:active.focus,.btn-default.active.focus,.open>.dropdown-toggle.btn-default.focus{color:#333;background-color:#d4d4d4;border-color:#8c8c8c}.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled.focus,.btn-default[disabled].focus,fieldset[disabled] .btn-default.focus{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#98ced0;border-color:#98ced0}.btn-primary:focus,.btn-primary.focus{color:#fff;background-color:#286090;border-color:#122b40}.btn-primary:hover{color:#fff;background-color:#286090;border-color:#204d74}.btn-primary:active,.btn-primary.active,.open>.dropdown-toggle.btn-primary{color:#fff;background-color:#286090;background-image:none;border-color:#204d74}.btn-primary:active:hover,.btn-primary.active:hover,.open>.dropdown-toggle.btn-primary:hover,.btn-primary:active:focus,.btn-primary.active:focus,.open>.dropdown-toggle.btn-primary:focus,.btn-primary:active.focus,.btn-primary.active.focus,.open>.dropdown-toggle.btn-primary.focus{color:#fff;background-color:#204d74;border-color:#122b40}.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled.focus,.btn-primary[disabled].focus,fieldset[disabled] .btn-primary.focus{background-color:#337ab7;border-color:#2e6da4}.btn-primary .badge{color:#337ab7;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:focus,.btn-success.focus{color:#fff;background-color:#449d44;border-color:#255625}.btn-success:hover{color:#fff;background-color:#449d44;border-color:#398439}.btn-success:active,.btn-success.active,.open>.dropdown-toggle.btn-success{color:#fff;background-color:#449d44;background-image:none;border-color:#398439}.btn-success:active:hover,.btn-success.active:hover,.open>.dropdown-toggle.btn-success:hover,.btn-success:active:focus,.btn-success.active:focus,.open>.dropdown-toggle.btn-success:focus,.btn-success:active.focus,.btn-success.active.focus,.open>.dropdown-toggle.btn-success.focus{color:#fff;background-color:#398439;border-color:#255625}.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled.focus,.btn-success[disabled].focus,fieldset[disabled] .btn-success.focus{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:focus,.btn-info.focus{color:#fff;background-color:#31b0d5;border-color:#1b6d85}.btn-info:hover{color:#fff;background-color:#31b0d5;border-color:#269abc}.btn-info:active,.btn-info.active,.open>.dropdown-toggle.btn-info{color:#fff;background-color:#31b0d5;background-image:none;border-color:#269abc}.btn-info:active:hover,.btn-info.active:hover,.open>.dropdown-toggle.btn-info:hover,.btn-info:active:focus,.btn-info.active:focus,.open>.dropdown-toggle.btn-info:focus,.btn-info:active.focus,.btn-info.active.focus,.open>.dropdown-toggle.btn-info.focus{color:#fff;background-color:#269abc;border-color:#1b6d85}.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled.focus,.btn-info[disabled].focus,fieldset[disabled] .btn-info.focus{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:focus,.btn-warning.focus{color:#fff;background-color:#ec971f;border-color:#985f0d}.btn-warning:hover{color:#fff;background-color:#ec971f;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open>.dropdown-toggle.btn-warning{color:#fff;background-color:#ec971f;background-image:none;border-color:#d58512}.btn-warning:active:hover,.btn-warning.active:hover,.open>.dropdown-toggle.btn-warning:hover,.btn-warning:active:focus,.btn-warning.active:focus,.open>.dropdown-toggle.btn-warning:focus,.btn-warning:active.focus,.btn-warning.active.focus,.open>.dropdown-toggle.btn-warning.focus{color:#fff;background-color:#d58512;border-color:#985f0d}.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled.focus,.btn-warning[disabled].focus,fieldset[disabled] .btn-warning.focus{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:focus,.btn-danger.focus{color:#fff;background-color:#c9302c;border-color:#761c19}.btn-danger:hover{color:#fff;background-color:#c9302c;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open>.dropdown-toggle.btn-danger{color:#fff;background-color:#c9302c;background-image:none;border-color:#ac2925}.btn-danger:active:hover,.btn-danger.active:hover,.open>.dropdown-toggle.btn-danger:hover,.btn-danger:active:focus,.btn-danger.active:focus,.open>.dropdown-toggle.btn-danger:focus,.btn-danger:active.focus,.btn-danger.active.focus,.open>.dropdown-toggle.btn-danger.focus{color:#fff;background-color:#ac2925;border-color:#761c19}.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled.focus,.btn-danger[disabled].focus,fieldset[disabled] .btn-danger.focus{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{font-weight:400;color:#337ab7;border-radius:0}.btn-link,.btn-link:active,.btn-link.active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#23527c;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#777;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}tr.collapse.in{display:table-row}tbody.collapse.in{display:table-row-group}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition-property:height, visibility;-o-transition-property:height, visibility;transition-property:height, visibility;-webkit-transition-duration:.35s;-o-transition-duration:.35s;transition-duration:.35s;-webkit-transition-timing-function:ease;-o-transition-timing-function:ease;transition-timing-function:ease}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px dashed;border-top:4px solid \9;border-right:4px solid transparent;border-left:4px solid transparent}.dropup,.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;font-size:14px;text-align:left;list-style:none;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,0.175);box-shadow:0 6px 12px rgba(0,0,0,0.175)}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{color:#262626;text-decoration:none;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#337ab7;outline:0}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#777}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:not-allowed;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false)}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{right:0;left:auto}.dropdown-menu-left{right:auto;left:0}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#777;white-space:nowrap}.dropdown-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{content:"";border-top:0;border-bottom:4px dashed;border-bottom:4px solid \9}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:2px}@media (min-width:768px){.navbar-right .dropdown-menu{right:0;left:auto}.navbar-right .dropdown-menu-left{right:auto;left:0}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn,.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-bottom-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-right:8px;padding-left:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-right:12px;padding-left:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,0.125);box-shadow:inset 0 3px 5px rgba(0,0,0,0.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-top-left-radius:0;border-top-right-radius:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-left-radius:0;border-top-right-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{display:table-cell;float:none;width:1%}.btn-group-justified>.btn-group .btn{width:100%}.btn-group-justified>.btn-group .dropdown-menu{left:auto}[data-toggle="buttons"]>.btn input[type="radio"],[data-toggle="buttons"]>.btn-group>.btn input[type="radio"],[data-toggle="buttons"]>.btn input[type="checkbox"],[data-toggle="buttons"]>.btn-group>.btn input[type="checkbox"]{position:absolute;clip:rect(0, 0, 0, 0);pointer-events:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*="col-"]{float:none;padding-right:0;padding-left:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group .form-control:focus{z-index:3}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.3333333;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type="radio"],.input-group-addon input[type="checkbox"]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-top-right-radius:0;border-bottom-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-top-left-radius:0;border-bottom-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{z-index:2;margin-left:-1px}.nav{padding-left:0;margin-bottom:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#777}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#777;text-decoration:none;cursor:not-allowed;background-color:transparent}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#337ab7}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#337ab7}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{margin-bottom:5px;text-align:center}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-left-radius:0;border-top-right-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{padding-right:15px;padding-left:15px;overflow-x:visible;border-top:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;-webkit-box-shadow:none;box-shadow:none}.navbar-collapse.collapse{display:block !important;height:auto !important;padding-bottom:0;overflow:visible !important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-right:0;padding-left:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:340px}@media (max-device-width:480px) and (orientation:landscape){.navbar-fixed-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{max-height:200px}}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-brand{float:left;height:50px;padding:15px 15px;font-size:18px;line-height:20px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}.navbar-brand>img{display:block}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;padding:9px 10px;margin-right:15px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}}.navbar-form{padding:10px 15px;margin-right:-15px;margin-left:-15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .form-control-static{display:inline-block}.navbar-form .input-group{display:inline-table;vertical-align:middle}.navbar-form .input-group .input-group-addon,.navbar-form .input-group .input-group-btn,.navbar-form .input-group .form-control{width:auto}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;vertical-align:middle}.navbar-form .radio label,.navbar-form .checkbox label{padding-left:0}.navbar-form .radio input[type="radio"],.navbar-form .checkbox input[type="checkbox"]{position:relative;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}.navbar-form .form-group:last-child{margin-bottom:0}}@media (min-width:768px){.navbar-form{width:auto;padding-top:0;padding-bottom:0;margin-right:0;margin-left:0;border:0;-webkit-box-shadow:none;box-shadow:none}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-left-radius:0;border-top-right-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{margin-bottom:0;border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-right:15px;margin-left:15px}}@media (min-width:768px){.navbar-left{float:left !important}.navbar-right{float:right !important;margin-right:-15px}.navbar-right~.navbar-right{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{color:#555;background-color:#e7e7e7}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-default .btn-link{color:#777}.navbar-default .btn-link:hover,.navbar-default .btn-link:focus{color:#333}.navbar-default .btn-link[disabled]:hover,fieldset[disabled] .navbar-default .btn-link:hover,.navbar-default .btn-link[disabled]:focus,fieldset[disabled] .navbar-default .btn-link:focus{color:#ccc}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#9d9d9d}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{color:#fff;background-color:#080808}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#9d9d9d}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-link{color:#9d9d9d}.navbar-inverse .navbar-link:hover{color:#fff}.navbar-inverse .btn-link{color:#9d9d9d}.navbar-inverse .btn-link:hover,.navbar-inverse .btn-link:focus{color:#fff}.navbar-inverse .btn-link[disabled]:hover,fieldset[disabled] .navbar-inverse .btn-link:hover,.navbar-inverse .btn-link[disabled]:focus,fieldset[disabled] .navbar-inverse .btn-link:focus{color:#444}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{padding:0 5px;color:#ccc;content:"/\00a0"}.breadcrumb>.active{color:#777}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;margin-left:-1px;line-height:1.42857143;color:#337ab7;text-decoration:none;background-color:#fff;border:1px solid #ddd}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{z-index:2;color:#23527c;background-color:#eee;border-color:#ddd}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-top-left-radius:4px;border-bottom-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-top-right-radius:4px;border-bottom-right-radius:4px}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:3;color:#fff;cursor:default;background-color:#337ab7;border-color:#337ab7}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#777;cursor:not-allowed;background-color:#fff;border-color:#ddd}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px;line-height:1.3333333}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-top-left-radius:6px;border-bottom-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-top-right-radius:6px;border-bottom-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px;line-height:1.5}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-top-left-radius:3px;border-bottom-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-top-right-radius:3px;border-bottom-right-radius:3px}.pager{padding-left:0;margin:20px 0;text-align:center;list-style:none}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#777;cursor:not-allowed;background-color:#fff}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}a.label:hover,a.label:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#777}.label-default[href]:hover,.label-default[href]:focus{background-color:#5e5e5e}.label-primary{background-color:#337ab7}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#286090}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:bold;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:middle;background-color:#777;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge,.btn-group-xs>.btn .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#337ab7;background-color:#fff}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding-top:30px;padding-bottom:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.jumbotron>hr{border-top-color:#d5d5d5}.container .jumbotron,.container-fluid .jumbotron{padding-right:15px;padding-left:15px;border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron,.container-fluid .jumbotron{padding-right:60px;padding-left:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:border .2s ease-in-out;-o-transition:border .2s ease-in-out;transition:border .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-right:auto;margin-left:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#337ab7}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:bold}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable,.alert-dismissible{padding-right:35px}.alert-dismissable .close,.alert-dismissible .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:20px;margin-bottom:20px;overflow:hidden;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress-bar{float:left;width:0%;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#337ab7;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar,.progress-bar-striped{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);-webkit-background-size:40px 40px;background-size:40px 40px}.progress.active .progress-bar,.progress-bar.active{-webkit-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:-o-linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent);background-image:linear-gradient(45deg, rgba(255,255,255,0.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,0.15) 50%, rgba(255,255,255,0.15) 75%, transparent 75%, transparent)}.media{margin-top:15px}.media:first-child{margin-top:0}.media,.media-body{overflow:hidden;zoom:1}.media-body{width:10000px}.media-object{display:block}.media-object.img-thumbnail{max-width:none}.media-right,.media>.pull-right{padding-left:10px}.media-left,.media>.pull-left{padding-right:10px}.media-left,.media-right,.media-body{display:table-cell;vertical-align:top}.media-middle{vertical-align:middle}.media-bottom{vertical-align:bottom}.media-heading{margin-top:0;margin-bottom:5px}.media-list{padding-left:0;list-style:none}.list-group{padding-left:0;margin-bottom:20px}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-left-radius:4px;border-top-right-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item.disabled,.list-group-item.disabled:hover,.list-group-item.disabled:focus{color:#777;cursor:not-allowed;background-color:#eee}.list-group-item.disabled .list-group-item-heading,.list-group-item.disabled:hover .list-group-item-heading,.list-group-item.disabled:focus .list-group-item-heading{color:inherit}.list-group-item.disabled .list-group-item-text,.list-group-item.disabled:hover .list-group-item-text,.list-group-item.disabled:focus .list-group-item-text{color:#777}.list-group-item.active,.list-group-item.active:hover,.list-group-item.active:focus{z-index:2;color:#fff;background-color:#337ab7;border-color:#337ab7}.list-group-item.active .list-group-item-heading,.list-group-item.active:hover .list-group-item-heading,.list-group-item.active:focus .list-group-item-heading,.list-group-item.active .list-group-item-heading>small,.list-group-item.active:hover .list-group-item-heading>small,.list-group-item.active:focus .list-group-item-heading>small,.list-group-item.active .list-group-item-heading>.small,.list-group-item.active:hover .list-group-item-heading>.small,.list-group-item.active:focus .list-group-item-heading>.small{color:inherit}.list-group-item.active .list-group-item-text,.list-group-item.active:hover .list-group-item-text,.list-group-item.active:focus .list-group-item-text{color:#c7ddef}a.list-group-item,button.list-group-item{color:#555}a.list-group-item .list-group-item-heading,button.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,button.list-group-item:hover,a.list-group-item:focus,button.list-group-item:focus{color:#555;text-decoration:none;background-color:#f5f5f5}button.list-group-item{width:100%;text-align:left}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success,button.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading,button.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,button.list-group-item-success:hover,a.list-group-item-success:focus,button.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,button.list-group-item-success.active,a.list-group-item-success.active:hover,button.list-group-item-success.active:hover,a.list-group-item-success.active:focus,button.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info,button.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading,button.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,button.list-group-item-info:hover,a.list-group-item-info:focus,button.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,button.list-group-item-info.active,a.list-group-item-info.active:hover,button.list-group-item-info.active:hover,a.list-group-item-info.active:focus,button.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning,button.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading,button.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,button.list-group-item-warning:hover,a.list-group-item-warning:focus,button.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,button.list-group-item-warning.active,a.list-group-item-warning.active:hover,button.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus,button.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger,button.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading,button.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,button.list-group-item-danger:hover,a.list-group-item-danger:focus,button.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,button.list-group-item-danger.active,a.list-group-item-danger.active:hover,button.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus,button.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,0.05);box-shadow:0 1px 1px rgba(0,0,0,0.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-left-radius:3px;border-top-right-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a,.panel-title>small,.panel-title>.small,.panel-title>small>a,.panel-title>.small>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group,.panel>.panel-collapse>.list-group{margin-bottom:0}.panel>.list-group .list-group-item,.panel>.panel-collapse>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child,.panel>.panel-collapse>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-left-radius:3px;border-top-right-radius:3px}.panel>.list-group:last-child .list-group-item:last-child,.panel>.panel-collapse>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.panel-heading+.panel-collapse>.list-group .list-group-item:first-child{border-top-left-radius:0;border-top-right-radius:0}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.list-group+.panel-footer{border-top-width:0}.panel>.table,.panel>.table-responsive>.table,.panel>.panel-collapse>.table{margin-bottom:0}.panel>.table caption,.panel>.table-responsive>.table caption,.panel>.panel-collapse>.table caption{padding-right:15px;padding-left:15px}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child{border-top-left-radius:3px;border-top-right-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive,.panel>.table+.panel-body,.panel>.table-responsive+.panel-body{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{margin-bottom:0;border:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse>.panel-body,.panel-group .panel-heading+.panel-collapse>.list-group{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ddd}.panel-default>.panel-heading .badge{color:#f5f5f5;background-color:#333}.panel-default>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#337ab7}.panel-primary>.panel-heading{color:#fff;background-color:#337ab7;border-color:#337ab7}.panel-primary>.panel-heading+.panel-collapse>.panel-body{border-top-color:#337ab7}.panel-primary>.panel-heading .badge{color:#337ab7;background-color:#fff}.panel-primary>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#337ab7}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse>.panel-body{border-top-color:#d6e9c6}.panel-success>.panel-heading .badge{color:#dff0d8;background-color:#3c763d}.panel-success>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse>.panel-body{border-top-color:#bce8f1}.panel-info>.panel-heading .badge{color:#d9edf7;background-color:#31708f}.panel-info>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse>.panel-body{border-top-color:#faebcc}.panel-warning>.panel-heading .badge{color:#fcf8e3;background-color:#8a6d3b}.panel-warning>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse>.panel-body{border-top-color:#ebccd1}.panel-danger>.panel-heading .badge{color:#f2dede;background-color:#a94442}.panel-danger>.panel-footer+.panel-collapse>.panel-body{border-bottom-color:#ebccd1}.embed-responsive{position:relative;display:block;height:0;padding:0;overflow:hidden}.embed-responsive .embed-responsive-item,.embed-responsive iframe,.embed-responsive embed,.embed-responsive object,.embed-responsive video{position:absolute;top:0;bottom:0;left:0;width:100%;height:100%;border:0}.embed-responsive-16by9{padding-bottom:56.25%}.embed-responsive-4by3{padding-bottom:75%}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:bold;line-height:1;color:#000;text-shadow:0 1px 0 #fff;filter:alpha(opacity=20);opacity:.2}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;filter:alpha(opacity=50);opacity:.5}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none;appearance:none}.modal-open{overflow:hidden}.modal{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;display:none;overflow:hidden;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0, -25%);-ms-transform:translate(0, -25%);-o-transform:translate(0, -25%);transform:translate(0, -25%);-webkit-transition:-webkit-transform 0.3s ease-out;-o-transition:-o-transform 0.3s ease-out;transition:transform 0.3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0, 0);-ms-transform:translate(0, 0);-o-transform:translate(0, 0);transform:translate(0, 0)}.modal-open .modal{overflow-x:hidden;overflow-y:auto}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #999;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,0.5);box-shadow:0 3px 9px rgba(0,0,0,0.5);outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{filter:alpha(opacity=0);opacity:0}.modal-backdrop.in{filter:alpha(opacity=50);opacity:.5}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:15px}.modal-footer{padding:15px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.modal-scrollbar-measure{position:absolute;top:-9999px;width:50px;height:50px;overflow:scroll}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,0.5);box-shadow:0 5px 15px rgba(0,0,0,0.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1070;display:block;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:12px;filter:alpha(opacity=0);opacity:0}.tooltip.in{filter:alpha(opacity=90);opacity:.9}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{right:5px;bottom:0;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;left:5px;margin-bottom:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;right:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;left:5px;margin-top:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.popover{position:absolute;top:0;left:0;z-index:1060;display:none;max-width:276px;padding:1px;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-style:normal;font-weight:400;line-height:1.42857143;line-break:auto;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;word-spacing:normal;word-wrap:normal;white-space:normal;font-size:14px;background-color:#fff;-webkit-background-clip:padding-box;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2)}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover>.arrow{border-width:11px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow:after{content:"";border-width:10px}.popover.top>.arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top>.arrow:after{bottom:1px;margin-left:-10px;content:" ";border-top-color:#fff;border-bottom-width:0}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right>.arrow:after{bottom:-10px;left:1px;content:" ";border-right-color:#fff;border-left-width:0}.popover.bottom>.arrow{top:-11px;left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25)}.popover.bottom>.arrow:after{top:1px;margin-left:-10px;content:" ";border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,0.25)}.popover.left>.arrow:after{right:1px;bottom:-10px;content:" ";border-right-width:0;border-left-color:#fff}.popover-title{padding:8px 14px;margin:0;font-size:14px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.carousel{position:relative}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}@media all and (transform-3d),(-webkit-transform-3d){.carousel-inner>.item{-webkit-transition:-webkit-transform 0.6s ease-in-out;-o-transition:-o-transform 0.6s ease-in-out;transition:transform 0.6s ease-in-out;-webkit-backface-visibility:hidden;backface-visibility:hidden;-webkit-perspective:1000px;perspective:1000px}.carousel-inner>.item.next,.carousel-inner>.item.active.right{-webkit-transform:translate3d(100%, 0, 0);transform:translate3d(100%, 0, 0);left:0}.carousel-inner>.item.prev,.carousel-inner>.item.active.left{-webkit-transform:translate3d(-100%, 0, 0);transform:translate3d(-100%, 0, 0);left:0}.carousel-inner>.item.next.left,.carousel-inner>.item.prev.right,.carousel-inner>.item.active{-webkit-transform:translate3d(0, 0, 0);transform:translate3d(0, 0, 0);left:0}}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;bottom:0;left:0;width:15%;font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6);background-color:rgba(0,0,0,0);filter:alpha(opacity=50);opacity:.5}.carousel-control.left{background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.5)), to(rgba(0,0,0,0.0001)));background-image:linear-gradient(to right, rgba(0,0,0,0.5) 0, rgba(0,0,0,0.0001) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1);background-repeat:repeat-x}.carousel-control.right{right:0;left:auto;background-image:-webkit-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-o-linear-gradient(left, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);background-image:-webkit-gradient(linear, left top, right top, color-stop(0, rgba(0,0,0,0.0001)), to(rgba(0,0,0,0.5)));background-image:linear-gradient(to right, rgba(0,0,0,0.0001) 0, rgba(0,0,0,0.5) 100%);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1);background-repeat:repeat-x}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;outline:0;filter:alpha(opacity=90);opacity:.9}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block;margin-top:-10px}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%;margin-left:-10px}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%;margin-right:-10px}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;font-family:serif;line-height:1}.carousel-control .icon-prev:before{content:"\2039"}.carousel-control .icon-next:before{content:"\203a"}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;padding-left:0;margin-left:-30%;text-align:center;list-style:none}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0);border:1px solid #fff;border-radius:10px}.carousel-indicators .active{width:12px;height:12px;margin:0;background-color:#fff}.carousel-caption{position:absolute;right:15%;bottom:20px;left:15%;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,0.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-10px;font-size:30px}.carousel-control .glyphicon-chevron-left,.carousel-control .icon-prev{margin-left:-10px}.carousel-control .glyphicon-chevron-right,.carousel-control .icon-next{margin-right:-10px}.carousel-caption{right:20%;left:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.dl-horizontal dd:before,.dl-horizontal dd:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-header:before,.modal-header:after,.modal-footer:before,.modal-footer:after{display:table;content:" "}.clearfix:after,.dl-horizontal dd:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-header:after,.modal-footer:after{clear:both}.center-block{display:block;margin-right:auto;margin-left:auto}.pull-right{float:right !important}.pull-left{float:left !important}.hide{display:none !important}.show{display:block !important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none !important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none !important}.visible-xs-block,.visible-xs-inline,.visible-xs-inline-block,.visible-sm-block,.visible-sm-inline,.visible-sm-inline-block,.visible-md-block,.visible-md-inline,.visible-md-inline-block,.visible-lg-block,.visible-lg-inline,.visible-lg-inline-block{display:none !important}@media (max-width:767px){.visible-xs{display:block !important}table.visible-xs{display:table !important}tr.visible-xs{display:table-row !important}th.visible-xs,td.visible-xs{display:table-cell !important}}@media (max-width:767px){.visible-xs-block{display:block !important}}@media (max-width:767px){.visible-xs-inline{display:inline !important}}@media (max-width:767px){.visible-xs-inline-block{display:inline-block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block !important}table.visible-sm{display:table !important}tr.visible-sm{display:table-row !important}th.visible-sm,td.visible-sm{display:table-cell !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-block{display:block !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline{display:inline !important}}@media (min-width:768px) and (max-width:991px){.visible-sm-inline-block{display:inline-block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block !important}table.visible-md{display:table !important}tr.visible-md{display:table-row !important}th.visible-md,td.visible-md{display:table-cell !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-block{display:block !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline{display:inline !important}}@media (min-width:992px) and (max-width:1199px){.visible-md-inline-block{display:inline-block !important}}@media (min-width:1200px){.visible-lg{display:block !important}table.visible-lg{display:table !important}tr.visible-lg{display:table-row !important}th.visible-lg,td.visible-lg{display:table-cell !important}}@media (min-width:1200px){.visible-lg-block{display:block !important}}@media (min-width:1200px){.visible-lg-inline{display:inline !important}}@media (min-width:1200px){.visible-lg-inline-block{display:inline-block !important}}@media (max-width:767px){.hidden-xs{display:none !important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none !important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none !important}}@media (min-width:1200px){.hidden-lg{display:none !important}}.visible-print{display:none !important}@media print{.visible-print{display:block !important}table.visible-print{display:table !important}tr.visible-print{display:table-row !important}th.visible-print,td.visible-print{display:table-cell !important}}.visible-print-block{display:none !important}@media print{.visible-print-block{display:block !important}}.visible-print-inline{display:none !important}@media print{.visible-print-inline{display:inline !important}}.visible-print-inline-block{display:none !important}@media print{.visible-print-inline-block{display:inline-block !important}}@media print{.hidden-print{display:none !important}} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.js new file mode 100644 index 0000000..853b70d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/bootstrap.min.js @@ -0,0 +1,12 @@ +/*! + * Generated using the Bootstrap Customizer (https://getbootstrap.com/docs/3.4/customize/) + */ + +/*! + * Bootstrap v3.4.1 (https://getbootstrap.com/) + * Copyright 2011-2021 Twitter, Inc. + * Licensed under the MIT license + */ + +if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(t){"use strict";var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1==e[0]&&9==e[1]&&e[2]<1||e[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var i=t(this),n=i.data("bs.alert");n||i.data("bs.alert",n=new o(this)),"string"==typeof e&&n[e].call(i)})}var i='[data-dismiss="alert"]',o=function(e){t(e).on("click",i,this.close)};o.VERSION="3.4.1",o.TRANSITION_DURATION=150,o.prototype.close=function(e){function i(){a.detach().trigger("closed.bs.alert").remove()}var n=t(this),s=n.attr("data-target");s||(s=n.attr("href"),s=s&&s.replace(/.*(?=#[^\s]*$)/,"")),s="#"===s?[]:s;var a=t(document).find(s);e&&e.preventDefault(),a.length||(a=n.closest(".alert")),a.trigger(e=t.Event("close.bs.alert")),e.isDefaultPrevented()||(a.removeClass("in"),t.support.transition&&a.hasClass("fade")?a.one("bsTransitionEnd",i).emulateTransitionEnd(o.TRANSITION_DURATION):i())};var n=t.fn.alert;t.fn.alert=e,t.fn.alert.Constructor=o,t.fn.alert.noConflict=function(){return t.fn.alert=n,this},t(document).on("click.bs.alert.data-api",i,o.prototype.close)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.button"),s="object"==typeof e&&e;n||o.data("bs.button",n=new i(this,s)),"toggle"==e?n.toggle():e&&n.setState(e)})}var i=function(e,o){this.$element=t(e),this.options=t.extend({},i.DEFAULTS,o),this.isLoading=!1};i.VERSION="3.4.1",i.DEFAULTS={loadingText:"loading..."},i.prototype.setState=function(e){var i="disabled",o=this.$element,n=o.is("input")?"val":"html",s=o.data();e+="Text",null==s.resetText&&o.data("resetText",o[n]()),setTimeout(t.proxy(function(){o[n](null==s[e]?this.options[e]:s[e]),"loadingText"==e?(this.isLoading=!0,o.addClass(i).attr(i,i).prop(i,!0)):this.isLoading&&(this.isLoading=!1,o.removeClass(i).removeAttr(i).prop(i,!1))},this),0)},i.prototype.toggle=function(){var t=!0,e=this.$element.closest('[data-toggle="buttons"]');if(e.length){var i=this.$element.find("input");"radio"==i.prop("type")?(i.prop("checked")&&(t=!1),e.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==i.prop("type")&&(i.prop("checked")!==this.$element.hasClass("active")&&(t=!1),this.$element.toggleClass("active")),i.prop("checked",this.$element.hasClass("active")),t&&i.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var o=t.fn.button;t.fn.button=e,t.fn.button.Constructor=i,t.fn.button.noConflict=function(){return t.fn.button=o,this},t(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(i){var o=t(i.target).closest(".btn");e.call(o,"toggle"),t(i.target).is('input[type="radio"], input[type="checkbox"]')||(i.preventDefault(),o.is("input,button")?o.trigger("focus"):o.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(e){t(e.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(e.type))})}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.carousel"),s=t.extend({},i.DEFAULTS,o.data(),"object"==typeof e&&e),a="string"==typeof e?e:s.slide;n||o.data("bs.carousel",n=new i(this,s)),"number"==typeof e?n.to(e):a?n[a]():s.interval&&n.pause().cycle()})}var i=function(e,i){this.$element=t(e),this.$indicators=this.$element.find(".carousel-indicators"),this.options=i,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",t.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",t.proxy(this.pause,this)).on("mouseleave.bs.carousel",t.proxy(this.cycle,this))};i.VERSION="3.4.1",i.TRANSITION_DURATION=600,i.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},i.prototype.keydown=function(t){if(!/input|textarea/i.test(t.target.tagName)){switch(t.which){case 37:this.prev();break;case 39:this.next();break;default:return}t.preventDefault()}},i.prototype.cycle=function(e){return e||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(t.proxy(this.next,this),this.options.interval)),this},i.prototype.getItemIndex=function(t){return this.$items=t.parent().children(".item"),this.$items.index(t||this.$active)},i.prototype.getItemForDirection=function(t,e){var i=this.getItemIndex(e),o="prev"==t&&0===i||"next"==t&&i==this.$items.length-1;if(o&&!this.options.wrap)return e;var n="prev"==t?-1:1,s=(i+n)%this.$items.length;return this.$items.eq(s)},i.prototype.to=function(t){var e=this,i=this.getItemIndex(this.$active=this.$element.find(".item.active"));return t>this.$items.length-1||0>t?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){e.to(t)}):i==t?this.pause().cycle():this.slide(t>i?"next":"prev",this.$items.eq(t))},i.prototype.pause=function(e){return e||(this.paused=!0),this.$element.find(".next, .prev").length&&t.support.transition&&(this.$element.trigger(t.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},i.prototype.next=function(){return this.sliding?void 0:this.slide("next")},i.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},i.prototype.slide=function(e,o){var n=this.$element.find(".item.active"),s=o||this.getItemForDirection(e,n),a=this.interval,r="next"==e?"left":"right",l=this;if(s.hasClass("active"))return this.sliding=!1;var h=s[0],d=t.Event("slide.bs.carousel",{relatedTarget:h,direction:r});if(this.$element.trigger(d),!d.isDefaultPrevented()){if(this.sliding=!0,a&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var p=t(this.$indicators.children()[this.getItemIndex(s)]);p&&p.addClass("active")}var c=t.Event("slid.bs.carousel",{relatedTarget:h,direction:r});return t.support.transition&&this.$element.hasClass("slide")?(s.addClass(e),"object"==typeof s&&s.length&&s[0].offsetWidth,n.addClass(r),s.addClass(r),n.one("bsTransitionEnd",function(){s.removeClass([e,r].join(" ")).addClass("active"),n.removeClass(["active",r].join(" ")),l.sliding=!1,setTimeout(function(){l.$element.trigger(c)},0)}).emulateTransitionEnd(i.TRANSITION_DURATION)):(n.removeClass("active"),s.addClass("active"),this.sliding=!1,this.$element.trigger(c)),a&&this.cycle(),this}};var o=t.fn.carousel;t.fn.carousel=e,t.fn.carousel.Constructor=i,t.fn.carousel.noConflict=function(){return t.fn.carousel=o,this};var n=function(i){var o=t(this),n=o.attr("href");n&&(n=n.replace(/.*(?=#[^\s]+$)/,""));var s=o.attr("data-target")||n,a=t(document).find(s);if(a.hasClass("carousel")){var r=t.extend({},a.data(),o.data()),l=o.attr("data-slide-to");l&&(r.interval=!1),e.call(a,r),l&&a.data("bs.carousel").to(l),i.preventDefault()}};t(document).on("click.bs.carousel.data-api","[data-slide]",n).on("click.bs.carousel.data-api","[data-slide-to]",n),t(window).on("load",function(){t('[data-ride="carousel"]').each(function(){var i=t(this);e.call(i,i.data())})})}(jQuery),+function(t){"use strict";function e(e){var i=e.attr("data-target");i||(i=e.attr("href"),i=i&&/#[A-Za-z]/.test(i)&&i.replace(/.*(?=#[^\s]*$)/,""));var o="#"!==i?t(document).find(i):null;return o&&o.length?o:e.parent()}function i(i){i&&3===i.which||(t(n).remove(),t(s).each(function(){var o=t(this),n=e(o),s={relatedTarget:this};n.hasClass("open")&&(i&&"click"==i.type&&/input|textarea/i.test(i.target.tagName)&&t.contains(n[0],i.target)||(n.trigger(i=t.Event("hide.bs.dropdown",s)),i.isDefaultPrevented()||(o.attr("aria-expanded","false"),n.removeClass("open").trigger(t.Event("hidden.bs.dropdown",s)))))}))}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.dropdown");o||i.data("bs.dropdown",o=new a(this)),"string"==typeof e&&o[e].call(i)})}var n=".dropdown-backdrop",s='[data-toggle="dropdown"]',a=function(e){t(e).on("click.bs.dropdown",this.toggle)};a.VERSION="3.4.1",a.prototype.toggle=function(o){var n=t(this);if(!n.is(".disabled, :disabled")){var s=e(n),a=s.hasClass("open");if(i(),!a){"ontouchstart"in document.documentElement&&!s.closest(".navbar-nav").length&&t(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(t(this)).on("click",i);var r={relatedTarget:this};if(s.trigger(o=t.Event("show.bs.dropdown",r)),o.isDefaultPrevented())return;n.trigger("focus").attr("aria-expanded","true"),s.toggleClass("open").trigger(t.Event("shown.bs.dropdown",r))}return!1}},a.prototype.keydown=function(i){if(/(38|40|27|32)/.test(i.which)&&!/input|textarea/i.test(i.target.tagName)){var o=t(this);if(i.preventDefault(),i.stopPropagation(),!o.is(".disabled, :disabled")){var n=e(o),a=n.hasClass("open");if(!a&&27!=i.which||a&&27==i.which)return 27==i.which&&n.find(s).trigger("focus"),o.trigger("click");var r=" li:not(.disabled):visible a",l=n.find(".dropdown-menu"+r);if(l.length){var h=l.index(i.target);38==i.which&&h>0&&h--,40==i.which&&hdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&t?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!t?this.scrollbarWidth:""})},i.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},i.prototype.checkScrollbar=function(){var t=window.innerWidth;if(!t){var e=document.documentElement.getBoundingClientRect();t=e.right-Math.abs(e.left)}this.bodyIsOverflowing=document.body.clientWidtha;a++)if(o.match(n[a]))return!0;return!1}function i(i,o,n){if(0===i.length)return i;if(n&&"function"==typeof n)return n(i);if(!document.implementation||!document.implementation.createHTMLDocument)return i;var s=document.implementation.createHTMLDocument("sanitization");s.body.innerHTML=i;for(var a=t.map(o,function(t,e){return e}),r=t(s.body).find("*"),l=0,h=r.length;h>l;l++){var d=r[l],p=d.nodeName.toLowerCase();if(-1!==t.inArray(p,a))for(var c=t.map(d.attributes,function(t){return t}),f=[].concat(o["*"]||[],o[p]||[]),u=0,g=c.length;g>u;u++)e(c[u],f)||d.removeAttribute(c[u].nodeName);else d.parentNode.removeChild(d)}return s.body.innerHTML}function o(e){return this.each(function(){var i=t(this),o=i.data("bs.tooltip"),n="object"==typeof e&&e;!o&&/destroy|hide/.test(e)||(o||i.data("bs.tooltip",o=new d(this,n)),"string"==typeof e&&o[e]())})}var n=["sanitize","whiteList","sanitizeFn"],s=["background","cite","href","itemtype","longdesc","poster","src","xlink:href"],a=/^aria-[\w-]*$/i,r={"*":["class","dir","id","lang","role",a],a:["target","href","title","rel"],area:[],b:[],br:[],col:[],code:[],div:[],em:[],hr:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],i:[],img:["src","alt","title","width","height"],li:[],ol:[],p:[],pre:[],s:[],small:[],span:[],sub:[],sup:[],strong:[],u:[],ul:[]},l=/^(?:(?:https?|mailto|ftp|tel|file):|[^&:/?#]*(?:[/?#]|$))/gi,h=/^data:(?:image\/(?:bmp|gif|jpeg|jpg|png|tiff|webp)|video\/(?:mpeg|mp4|ogg|webm)|audio\/(?:mp3|oga|ogg|opus));base64,[a-z0-9+/]+=*$/i,d=function(t,e){this.type=null,this.options=null,this.enabled=null,this.timeout=null,this.hoverState=null,this.$element=null,this.inState=null,this.init("tooltip",t,e)};d.VERSION="3.4.1",d.TRANSITION_DURATION=150,d.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0},sanitize:!0,sanitizeFn:null,whiteList:r},d.prototype.init=function(e,i,o){if(this.enabled=!0,this.type=e,this.$element=t(i),this.options=this.getOptions(o),this.$viewport=this.options.viewport&&t(document).find(t.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var n=this.options.trigger.split(" "),s=n.length;s--;){var a=n[s];if("click"==a)this.$element.on("click."+this.type,this.options.selector,t.proxy(this.toggle,this));else if("manual"!=a){var r="hover"==a?"mouseenter":"focusin",l="hover"==a?"mouseleave":"focusout";this.$element.on(r+"."+this.type,this.options.selector,t.proxy(this.enter,this)),this.$element.on(l+"."+this.type,this.options.selector,t.proxy(this.leave,this))}}this.options.selector?this._options=t.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},d.prototype.getDefaults=function(){return d.DEFAULTS},d.prototype.getOptions=function(e){var o=this.$element.data();for(var s in o)o.hasOwnProperty(s)&&-1!==t.inArray(s,n)&&delete o[s];return e=t.extend({},this.getDefaults(),o,e),e.delay&&"number"==typeof e.delay&&(e.delay={show:e.delay,hide:e.delay}),e.sanitize&&(e.template=i(e.template,e.whiteList,e.sanitizeFn)),e},d.prototype.getDelegateOptions=function(){var e={},i=this.getDefaults();return this._options&&t.each(this._options,function(t,o){i[t]!=o&&(e[t]=o)}),e},d.prototype.enter=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusin"==e.type?"focus":"hover"]=!0),i.tip().hasClass("in")||"in"==i.hoverState?void(i.hoverState="in"):(clearTimeout(i.timeout),i.hoverState="in",i.options.delay&&i.options.delay.show?void(i.timeout=setTimeout(function(){"in"==i.hoverState&&i.show()},i.options.delay.show)):i.show())},d.prototype.isInStateTrue=function(){for(var t in this.inState)if(this.inState[t])return!0;return!1},d.prototype.leave=function(e){var i=e instanceof this.constructor?e:t(e.currentTarget).data("bs."+this.type);return i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i)),e instanceof t.Event&&(i.inState["focusout"==e.type?"focus":"hover"]=!1),i.isInStateTrue()?void 0:(clearTimeout(i.timeout),i.hoverState="out",i.options.delay&&i.options.delay.hide?void(i.timeout=setTimeout(function(){"out"==i.hoverState&&i.hide()},i.options.delay.hide)):i.hide())},d.prototype.show=function(){var e=t.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(e);var i=t.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(e.isDefaultPrevented()||!i)return;var o=this,n=this.tip(),s=this.getUID(this.type);this.setContent(),n.attr("id",s),this.$element.attr("aria-describedby",s),this.options.animation&&n.addClass("fade");var a="function"==typeof this.options.placement?this.options.placement.call(this,n[0],this.$element[0]):this.options.placement,r=/\s?auto?\s?/i,l=r.test(a);l&&(a=a.replace(r,"")||"top"),n.detach().css({top:0,left:0,display:"block"}).addClass(a).data("bs."+this.type,this),this.options.container?n.appendTo(t(document).find(this.options.container)):n.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var h=this.getPosition(),p=n[0].offsetWidth,c=n[0].offsetHeight;if(l){var f=a,u=this.getPosition(this.$viewport);a="bottom"==a&&h.bottom+c>u.bottom?"top":"top"==a&&h.top-cu.width?"left":"left"==a&&h.left-pa.top+a.height&&(n.top=a.top+a.height-l)}else{var h=e.left-s,d=e.left+s+i;ha.right&&(n.left=a.left+a.width-d)}return n},d.prototype.getTitle=function(){var t,e=this.$element,i=this.options;return t=e.attr("data-original-title")||("function"==typeof i.title?i.title.call(e[0]):i.title)},d.prototype.getUID=function(t){do t+=~~(1e6*Math.random());while(document.getElementById(t));return t},d.prototype.tip=function(){if(!this.$tip&&(this.$tip=t(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},d.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},d.prototype.enable=function(){this.enabled=!0},d.prototype.disable=function(){this.enabled=!1},d.prototype.toggleEnabled=function(){this.enabled=!this.enabled},d.prototype.toggle=function(e){var i=this;e&&(i=t(e.currentTarget).data("bs."+this.type),i||(i=new this.constructor(e.currentTarget,this.getDelegateOptions()),t(e.currentTarget).data("bs."+this.type,i))),e?(i.inState.click=!i.inState.click,i.isInStateTrue()?i.enter(i):i.leave(i)):i.tip().hasClass("in")?i.leave(i):i.enter(i)},d.prototype.destroy=function(){var t=this;clearTimeout(this.timeout),this.hide(function(){t.$element.off("."+t.type).removeData("bs."+t.type),t.$tip&&t.$tip.detach(),t.$tip=null,t.$arrow=null,t.$viewport=null,t.$element=null})},d.prototype.sanitizeHtml=function(t){return i(t,this.options.whiteList,this.options.sanitizeFn)};var p=t.fn.tooltip;t.fn.tooltip=o,t.fn.tooltip.Constructor=d,t.fn.tooltip.noConflict=function(){return t.fn.tooltip=p,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.popover"),s="object"==typeof e&&e;!n&&/destroy|hide/.test(e)||(n||o.data("bs.popover",n=new i(this,s)),"string"==typeof e&&n[e]())})}var i=function(t,e){this.init("popover",t,e)};if(!t.fn.tooltip)throw new Error("Popover requires tooltip.js");i.VERSION="3.4.1",i.DEFAULTS=t.extend({},t.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),i.prototype=t.extend({},t.fn.tooltip.Constructor.prototype),i.prototype.constructor=i,i.prototype.getDefaults=function(){return i.DEFAULTS},i.prototype.setContent=function(){var t=this.tip(),e=this.getTitle(),i=this.getContent();if(this.options.html){var o=typeof i;this.options.sanitize&&(e=this.sanitizeHtml(e),"string"===o&&(i=this.sanitizeHtml(i))),t.find(".popover-title").html(e),t.find(".popover-content").children().detach().end()["string"===o?"html":"append"](i)}else t.find(".popover-title").text(e),t.find(".popover-content").children().detach().end().text(i);t.removeClass("fade top bottom left right in"),t.find(".popover-title").html()||t.find(".popover-title").hide()},i.prototype.hasContent=function(){return this.getTitle()||this.getContent()},i.prototype.getContent=function(){var t=this.$element,e=this.options;return t.attr("data-content")||("function"==typeof e.content?e.content.call(t[0]):e.content)},i.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var o=t.fn.popover;t.fn.popover=e,t.fn.popover.Constructor=i,t.fn.popover.noConflict=function(){return t.fn.popover=o,this}}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.tab");n||o.data("bs.tab",n=new i(this)),"string"==typeof e&&n[e]()})}var i=function(e){this.element=t(e)};i.VERSION="3.4.1",i.TRANSITION_DURATION=150,i.prototype.show=function(){var e=this.element,i=e.closest("ul:not(.dropdown-menu)"),o=e.data("target");if(o||(o=e.attr("href"),o=o&&o.replace(/.*(?=#[^\s]*$)/,"")),!e.parent("li").hasClass("active")){var n=i.find(".active:last a"),s=t.Event("hide.bs.tab",{relatedTarget:e[0]}),a=t.Event("show.bs.tab",{relatedTarget:n[0]});if(n.trigger(s),e.trigger(a),!a.isDefaultPrevented()&&!s.isDefaultPrevented()){var r=t(document).find(o);this.activate(e.closest("li"),i),this.activate(r,r.parent(),function(){n.trigger({type:"hidden.bs.tab",relatedTarget:e[0]}),e.trigger({type:"shown.bs.tab",relatedTarget:n[0]})})}}},i.prototype.activate=function(e,o,n){function s(){a.removeClass("active").find("> .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),e.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),r?(e[0].offsetWidth,e.addClass("in")):e.removeClass("fade"),e.parent(".dropdown-menu").length&&e.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),n&&n()}var a=o.find("> .active"),r=n&&t.support.transition&&(a.length&&a.hasClass("fade")||!!o.find("> .fade").length);a.length&&r?a.one("bsTransitionEnd",s).emulateTransitionEnd(i.TRANSITION_DURATION):s(),a.removeClass("in")};var o=t.fn.tab;t.fn.tab=e,t.fn.tab.Constructor=i,t.fn.tab.noConflict=function(){return t.fn.tab=o,this};var n=function(i){i.preventDefault(),e.call(t(this),"show")};t(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',n).on("click.bs.tab.data-api",'[data-toggle="pill"]',n)}(jQuery),+function(t){"use strict";function e(e){return this.each(function(){var o=t(this),n=o.data("bs.affix"),s="object"==typeof e&&e;n||o.data("bs.affix",n=new i(this,s)),"string"==typeof e&&n[e]()})}var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o);var n=this.options.target===i.DEFAULTS.target?t(this.options.target):t(document).find(this.options.target);this.$target=n.on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};i.VERSION="3.4.1",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,e,i,o){var n=this.$target.scrollTop(),s=this.$element.offset(),a=this.$target.height();if(null!=i&&"top"==this.affixed)return i>n?"top":!1;if("bottom"==this.affixed)return null!=i?n+this.unpin<=s.top?!1:"bottom":t-o>=n+a?!1:"bottom";var r=null==this.affixed,l=r?n:s.top,h=r?a:e;return null!=i&&i>=n?"top":null!=o&&l+h>=t-o?"bottom":!1},i.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(i.RESET).addClass("affix");var t=this.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){ + if(this.$element.is(":visible")){var e=this.$element.height(),o=this.options.offset,n=o.top,s=o.bottom,a=Math.max(t(document).height(),t(document.body).height());"object"!=typeof o&&(s=n=o),"function"==typeof n&&(n=o.top(this.$element)),"function"==typeof s&&(s=o.bottom(this.$element));var r=this.getState(a,e,n,s);if(this.affixed!=r){null!=this.unpin&&this.$element.css("top","");var l="affix"+(r?"-"+r:""),h=t.Event(l+".bs.affix");if(this.$element.trigger(h),h.isDefaultPrevented())return;this.affixed=r,this.unpin="bottom"==r?this.getPinnedOffset():null,this.$element.removeClass(i.RESET).addClass(l).trigger(l.replace("affix","affixed")+".bs.affix")}"bottom"==r&&this.$element.offset({top:a-e-s})}};var o=t.fn.affix;t.fn.affix=e,t.fn.affix.Constructor=i,t.fn.affix.noConflict=function(){return t.fn.affix=o,this},t(window).on("load",function(){t('[data-spy="affix"]').each(function(){var i=t(this),o=i.data();o.offset=o.offset||{},null!=o.offsetBottom&&(o.offset.bottom=o.offsetBottom),null!=o.offsetTop&&(o.offset.top=o.offsetTop),e.call(i,o)})})}(jQuery),+function(t){"use strict";function e(e){var i,o=e.attr("data-target")||(i=e.attr("href"))&&i.replace(/.*(?=#[^\s]+$)/,"");return t(document).find(o)}function i(e){return this.each(function(){var i=t(this),n=i.data("bs.collapse"),s=t.extend({},o.DEFAULTS,i.data(),"object"==typeof e&&e);!n&&s.toggle&&/show|hide/.test(e)&&(s.toggle=!1),n||i.data("bs.collapse",n=new o(this,s)),"string"==typeof e&&n[e]()})}var o=function(e,i){this.$element=t(e),this.options=t.extend({},o.DEFAULTS,i),this.$trigger=t('[data-toggle="collapse"][href="#'+e.id+'"],[data-toggle="collapse"][data-target="#'+e.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};o.VERSION="3.4.1",o.TRANSITION_DURATION=350,o.DEFAULTS={toggle:!0},o.prototype.dimension=function(){var t=this.$element.hasClass("width");return t?"width":"height"},o.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var e,n=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(n&&n.length&&(e=n.data("bs.collapse"),e&&e.transitioning))){var s=t.Event("show.bs.collapse");if(this.$element.trigger(s),!s.isDefaultPrevented()){n&&n.length&&(i.call(n,"hide"),e||n.data("bs.collapse",null));var a=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[a](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var r=function(){this.$element.removeClass("collapsing").addClass("collapse in")[a](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!t.support.transition)return r.call(this);var l=t.camelCase(["scroll",a].join("-"));this.$element.one("bsTransitionEnd",t.proxy(r,this)).emulateTransitionEnd(o.TRANSITION_DURATION)[a](this.$element[0][l])}}}},o.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var e=t.Event("hide.bs.collapse");if(this.$element.trigger(e),!e.isDefaultPrevented()){var i=this.dimension();this.$element[i](this.$element[i]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var n=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return t.support.transition?void this.$element[i](0).one("bsTransitionEnd",t.proxy(n,this)).emulateTransitionEnd(o.TRANSITION_DURATION):n.call(this)}}},o.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},o.prototype.getParent=function(){return t(document).find(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(t.proxy(function(i,o){var n=t(o);this.addAriaAndCollapsedClass(e(n),n)},this)).end()},o.prototype.addAriaAndCollapsedClass=function(t,e){var i=t.hasClass("in");t.attr("aria-expanded",i),e.toggleClass("collapsed",!i).attr("aria-expanded",i)};var n=t.fn.collapse;t.fn.collapse=i,t.fn.collapse.Constructor=o,t.fn.collapse.noConflict=function(){return t.fn.collapse=n,this},t(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(o){var n=t(this);n.attr("data-target")||o.preventDefault();var s=e(n),a=s.data("bs.collapse"),r=a?"toggle":n.data();i.call(s,r)})}(jQuery),+function(t){"use strict";function e(i,o){this.$body=t(document.body),this.$scrollElement=t(t(i).is(document.body)?window:i),this.options=t.extend({},e.DEFAULTS,o),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",t.proxy(this.process,this)),this.refresh(),this.process()}function i(i){return this.each(function(){var o=t(this),n=o.data("bs.scrollspy"),s="object"==typeof i&&i;n||o.data("bs.scrollspy",n=new e(this,s)),"string"==typeof i&&n[i]()})}e.VERSION="3.4.1",e.DEFAULTS={offset:10},e.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},e.prototype.refresh=function(){var e=this,i="offset",o=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),t.isWindow(this.$scrollElement[0])||(i="position",o=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var e=t(this),n=e.data("target")||e.attr("href"),s=/^#./.test(n)&&t(n);return s&&s.length&&s.is(":visible")&&[[s[i]().top+o,n]]||null}).sort(function(t,e){return t[0]-e[0]}).each(function(){e.offsets.push(this[0]),e.targets.push(this[1])})},e.prototype.process=function(){var t,e=this.$scrollElement.scrollTop()+this.options.offset,i=this.getScrollHeight(),o=this.options.offset+i-this.$scrollElement.height(),n=this.offsets,s=this.targets,a=this.activeTarget;if(this.scrollHeight!=i&&this.refresh(),e>=o)return a!=(t=s[s.length-1])&&this.activate(t);if(a&&e=n[t]&&(void 0===n[t+1]||e 36px */ +} + +.container { + min-width: 260px; + max-width: 700px; +} + +h1 { + margin-bottom: 50px; +} + +footer { + width: 100%; + position: absolute; + bottom: 0; + padding: 0 36px; +} + +img { + width: 100%; +} + +/******************************************************** + * Header + ********************************************************/ + +header .logo { + /* width: 20%;*/ + /*max-width: 600px;*/ + max-height: 150px; + width: auto; +} + +/******************************************************** + * Dropdown + ********************************************************/ +a.dropdown-toggle { + text-decoration: none; +} + +a.dropdown-toggle:hover { + color: #168CA9; + border-bottom: 3px solid #168CA9; +} + +.dropdown-menu { + padding: 5px 0; +} + +.dropdown-menu li > a { + padding: 6px 28px; +} + +.dropdown-menu a > .prefix { + display: inline-block; + min-width: 22px; + margin-right: 28px; + text-align: right; +} + +/******************************************************** + * Form + ********************************************************/ + +/* Labels should not be bold */ +label { + font-weight: normal; +} + +/* Make error messages bold */ +.has-error .help-block { + font-weight: bold; +} + +/* Change button size, by default 116px in width */ +.btn { + min-width: 116px; + padding: 3px 12px; +} + +/* Disable gradient in buttons, ughhhh */ +.btn.btn-primary { + border-color: transparent; + background-image: none; + text-shadow: none; + box-shadow: none; + -webkit-box-shadow: none; +} + +.help-block a, .help-block a:visited { + color: #168CA9; + font-weight: bold; + text-decoration: none; +} + +.help-block a:hover { + color: #168CA9; + text-decoration: underline; +} + +/******************************************************** + * Footer + ********************************************************/ +footer .row { + margin: 36px 0 0 0; + height: 40px; + padding-top: 14px; + line-height: 26px; /* to center text: height - padding-top = 26px */ + border-top: 1px solid #168CA9; +} + +footer .row > div { /* Fix alignment between border + text on Bootstrap grid */ + padding: 0; +} + +footer .logo-round-container { + position: relative; +} + +footer .logo-round { + position: absolute; + left: 0; + right: 0; + top: -33px; /* found visually with Chrome Dev Tools */ + height: 36px; + width: 36px; + border: 1px solid #00868c; + border-radius: 18px; + background: #fff; + padding: 8px; +} + +footer .logo-round > img { + display: block; +} + +#dispatchTargets { + margin-top: 20px; +} + +/******************************************************** + * Social login + ********************************************************/ +.btn.line { + background-color: transparent; + display: block; + width: 100%; + padding: 0; + margin: 1.5em 0 1em; + border: 0.5px solid #ccc; + pointer-events: none; +} + +.btn.socialLogin { + background-color: #fff; + border: thin solid #ccc; + color: #000; + font-weight: 600; + position: relative; + margin: 5px; + min-width: 140px; + width: 210px; + border-radius: 8px; + padding: 8px 12px; + text-align: left; +} + +.socialLogin img { + width: 1.5em; + height: 108%; + margin-right: 0.5em; +} + +.btn.apple img { + width: 1.2em; +} + +/******************************************************** + * Show password + ********************************************************/ +.icon-inside { + position: relative; +} + +.icon-inside input { + padding-right: calc(0.75rem + 1.25rem + 0.75rem); +} + +.icon-inside button { + position: absolute; + right: 0; + top: 0; + margin-top: 0.45rem; + margin-right: 0.45rem; + background: #FFFFFF; + border: #FFFFFF; +} \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/dropdown.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/dropdown.js new file mode 100644 index 0000000..cdd301c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/dropdown.js @@ -0,0 +1,36 @@ +(function() { + var closeDropdownTimeout; + + function closeDropdown(event) { + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + if (dropdownMenu.style.display !== 'none' && !dropdowns[i].contains(event.target)) { + dropdownMenu.style.display = 'none'; + } + } + + // remove event listener till we have a new dropdown menu open + if (document.querySelector('.dropdown-menu:not([style*="display: none"])') === null) { + document.removeEventListener('click', closeDropdown); + } + } + + var dropdowns = document.querySelectorAll('.dropdown'); + for (var i = 0; i < dropdowns.length; i++) { + var dropdownMenu = dropdowns[i].querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'none'; // ensure menu is initially hidden + + dropdowns[i].addEventListener('click', function(e) { + // show dropdown menu + var dropdownMenu = this.querySelector('.dropdown-menu'); + dropdownMenu.style.display = 'block'; + + // handle clicking away + clearTimeout(closeDropdownTimeout); + closeDropdownTimeout = setTimeout(function() { + document.addEventListener('click', closeDropdown); + }, 10); + }); + } +}()); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/e2eenc.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/e2eenc.js new file mode 100644 index 0000000..932c0c6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/e2eenc.js @@ -0,0 +1,98 @@ +var e2eenc = function() { + + this.encryptForm = function(algoString, formId) { + // TODO: in case of an error we should return false, to prevent the for to be submitted + // or replace the fields with dummy values, just to prevent the the transmission + // of unencrypted values + + + // create the array of input fields to encrypt (needs to be done before setting the form + // invisible + var fieldsToEncrypt = new Array(); + $.each($("form input:visible"), function(index, _inputField) { fieldsToEncrypt.push($(_inputField));}); + + // hide the form, and display the splash screen + $('#loginform').css('display','none'); + $('#e2eeSplashScreen').css('display','block'); + + // encryption logic + var pubKey = $("input[name='e2eenc.publicKey']").val(); + + var kemSessionKey = readPublicKeyAndGenerateSessionKey(pubKey) + var iv = forge.random.getBytesSync(16); + keyB64 = forge.util.encode64(kemSessionKey.key); + encapsulationB64 = forge.util.encode64(kemSessionKey.encapsulation); + ivB64 = forge.util.encode64(iv); + + //console.log("Encrypting form " + formId + " (" + algoString + ")"); + var fields = ""; + $.each(fieldsToEncrypt, function(index, _inputField) { + var inputField = $(_inputField); + if (inputField.attr("type") == "text" || inputField.attr("type") == "password") { + //console.log("Encrypting field " + JSON.stringify(inputField)); + var plainValue = inputField.val(); + + var encryptedValueB64 = encrypt(kemSessionKey, iv, plainValue); + //console.log("Setting encrypted value in b64: " + encryptedValueB64); + inputField.val(encryptedValueB64); + if (fields.length > 0) { + fields = fields + "," + } + fields = fields + inputField.attr("name"); + } + }); + $("input[name='e2eenc.iv']").val(ivB64); + $("input[name='e2eenc.encapsulation']").val(encapsulationB64); + $("input[name='e2eenc.fields']").val(fields); + } + + function getRSApublicKey(pem) { + //console.log("PEM: " + pem); + + var msg = forge.pem.decode(pem)[0]; + + //console.log("msg type: " + msg.type); + + if(msg.procType && msg.procType.type === 'ENCRYPTED') { + throw new Error('Could not retrieve RSA public key from PEM; PEM is encrypted.'); + } + + // convert DER to ASN.1 object + var asn1obj = forge.asn1.fromDer(msg.body); + //console.log("ASN.1 obj: " + JSON.stringify(asn1obj)) + + var pubKey = forge.pki.publicKeyFromAsn1(asn1obj) + //console.log("PubKey: " + JSON.stringify(pubKey)) + return pubKey; + } + + function generateKEMSessionKey(rsaPublicKey) { + // generate key-derivation-function and initializes it with sha1 + var kdf1 = new forge.kem.kdf1(forge.md.sha1.create()); + // creates a KEM function based on the key-derivation-function created above + var kem = forge.kem.rsa.create(kdf1); + // generate and encapsulate a 16-byte secret key. + // The secret key is generated using the kdf defined above. + var kemSessionKey = kem.encrypt(rsaPublicKey, 16); + // kemSessionKey has 'encapsulation' (= pub key) and 'key' (= generated secret key) + return kemSessionKey; + } + + function readPublicKeyAndGenerateSessionKey(pem) { + var rsaPublicKey = getRSApublicKey(pem); + //console.log("PubKey: " + JSON.stringify(rsaPublicKey)) + var kemSessionKey = generateKEMSessionKey(rsaPublicKey); + //console.log("KEM session key: " + JSON.stringify(kemSessionKey)) + return kemSessionKey; + } + + function encrypt(kemSessionKey, iv, msg) { + var cipher = forge.cipher.createCipher('AES-CBC', kemSessionKey.key); + cipher.start({iv: iv}); + cipher.update(forge.util.createBuffer(msg, 'utf-8')); + cipher.finish(); + var encrypted = cipher.output.getBytes(); + encryptedB64 = forge.util.encode64(encrypted); + return encryptedB64; + } +}; diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye-off.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye-off.svg new file mode 100644 index 0000000..c29471a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye-off.svg @@ -0,0 +1,3 @@ + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye.svg b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye.svg new file mode 100644 index 0000000..6c23ec8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/eye.svg @@ -0,0 +1,4 @@ + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth.js new file mode 100644 index 0000000..aa6372a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth.js @@ -0,0 +1,61 @@ +(function() { + 'use strict' + + async function assertion(options) { + let credential; + try { + credential = await navigator.credentials.get({ "publicKey": options }); + } + // Cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to get WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/assertion/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.authenticatorData", base64url.encode(credential.response.authenticatorData)); + addInput(form, "response.signature", base64url.encode(credential.response.signature)); + document.body.appendChild(form); + form.submit(); + } + + function authenticate() { + // WebAuthn feature detection + if (!isWebAuthnSupportedByTheBrowser()) { + cancelFido2(); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.challenge = base64url.decode(options.challenge); + options.allowCredentials = options.allowCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + return assertion(options); + }).catch((error) => { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + }); + } + + authenticate(); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth_std.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth_std.js new file mode 100644 index 0000000..0296291 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_auth_std.js @@ -0,0 +1,175 @@ +(function() { + 'use strict' + + async function authenticate(username, params) { + + try { + const { authenticationOptionsEndpoint, authenticationEndpoint, statusServiceEndpoint, userVerification, originalResource, nevisAuthEndpoint } = params; + const { startAuthentication } = SimpleWebAuthnBrowser; + + // fetch authentication options from nevisFIDO and save the returned fido2SessionId for later use + const authOptRespJson = await getAuthenticationOptions(username, userVerification, nevisAuthEndpoint); + const fido2SessionId = authOptRespJson.fido2SessionId; + + // do the client side authentication using the SimpleWebAuthn JS library + const authRespJson = await startAuthentication(authOptRespJson); + + // in case the authentication response does not contain a userHandle (e.g. virtual authenticators used in system tests) + // then we have to obtain it (in our case it is the IDM extId) using the Status Service since at the moment nevisFIDO always expects it + if (!authRespJson.response.userHandle) { + const statusRespJson = await getFido2SessionStatus(fido2SessionId, statusServiceEndpoint); + + if (statusRespJson && statusRespJson.userId) { + console.log("adding userHandle: " + statusRespJson.userId); + authRespJson.response.userHandle = btoa(statusRespJson.userId); // add missing userHandle + } + else { + throw new Error('userHandle is missing and could not determine it using the status service'); + } + } + else { + console.log("userHandle already set: " + authRespJson.response.userHandle); + } + + // send the assertion response created by the authenticator to nevisFIDO + const serverRespJson = await submitAssertion(authRespJson, authenticationEndpoint); + + // checking the server response of nevisFIDO + if ((!serverRespJson) || (serverRespJson && serverRespJson.status !== 'ok')) { + let errorMessage = (serverRespJson && serverRespJson.errorMessage) ? serverRespJson.errorMessage : 'unexpected error'; + throw new Error('authentication failed: ' + errorMessage); + } + + // send a request to nevisAuth with the fido2SessionId in the header to trigger the synchronisation of the + // nevisFIDO and nevisAuth sessions (FIDO2 AuthState -> SyncFido2SessionStatusHandler) to reach AUTH_DONE + await updateNevisAuth(fido2SessionId, nevisAuthEndpoint); + + console.log('authentication was successful'); + + console.log('reloading page...'); + window.location.reload(); + } + catch (error) { + console.error(`Error during FIDO2 authentication: ${error}`); + cancelFido2(); + } + }; + + async function getAuthenticationOptions(username, userVerification, authenticationOptionsEndpoint) { + + const authOptReqJson = { + 'username': username, + 'userVerification': userVerification, + }; + + const authOptReq = JSON.stringify(authOptReqJson); + console.log('authOptReq ==> ' + authOptReq); + + const authOptResp = await fetch(authenticationOptionsEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authOptReq, + }); + + if (!authOptResp.ok) { + throw new Error('authOptResp error: HTTP ' + authOptResp.status + ' ' + authOptResp.statusText); + } + + const authOptRespJson = await authOptResp.json() + console.log('authOptResp <== ' + JSON.stringify(authOptRespJson)); + + return authOptRespJson; + }; + + async function getFido2SessionStatus(fido2SessionId, statusServiceEndpoint) { + + const statusReqJson = { + 'fido2SessionId': fido2SessionId, + }; + + const statusReq = JSON.stringify(statusReqJson); + console.log('statusReq ==> ' + statusReq); + + const statusResp = await fetch(statusServiceEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: statusReq, + }); + + if (!statusResp.ok) { + throw new Error('statusResp error: HTTP ' + statusResp.status + ' ' + statusResp.statusText); + } + + const statusRespJson = await statusResp.json(); + console.log('statusResp <== ' + JSON.stringify(statusRespJson)); + + return statusRespJson; + } + + async function submitAssertion(authRespJson, authenticationEndpoint) { + + console.log("submitting assertion for userHandle: " + authRespJson.response.userHandle); + + // TODO koenig 20230504: read btoa once nevisFIDO is adapted + let encodedAuthResp = { + "id": authRespJson.id, + "response": { + "authenticatorData": authRespJson.response.authenticatorData, + "signature": authRespJson.response.signature, + "userHandle": authRespJson.response.userHandle, + "clientDataJSON": authRespJson.response.clientDataJSON + }, + "type": authRespJson.type + } + + const authResp = JSON.stringify(encodedAuthResp); + console.log('authResp ==> ' + authResp); + + const serverResp = await fetch(authenticationEndpoint, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + }, + body: authResp, + }); + + if (!serverResp.ok) { + throw new Error('submitAssertion error: HTTP ' + submitAssertion.status + ' ' + submitAssertion.statusText); + } + + const serverRespJson = await serverResp.json(); + console.log('serverResp <== ' + JSON.stringify(serverRespJson)); + + return serverRespJson; + }; + + async function updateNevisAuth(fido2SessionId, nevisAuthEndpoint) { + + console.log('updateNevisAuth ==> ' + fido2SessionId); + + const updateNevisAuthResponse = await fetch(nevisAuthEndpoint, { + method: 'GET', + credentials: 'same-origin', + headers: { + 'nevis-fido2-session-id': fido2SessionId, + } + }); + + if (!updateNevisAuthResponse.ok) { + throw new Error('updateNevisAuthResponse error: HTTP ' + updateNevisAuthResponse.status + ' ' + updateNevisAuthResponse.statusText); + } + + console.log('updateNevisAuth <== OK'); + + return; + }; + + // TODO koenig 20230206: we don't generate IDs into the HTML yet + let username = document.getElementsByName("username")[0].value; + params.nevisAuthEndpoint = window.location.href; + authenticate(username, params); +})(); diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_onboard.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_onboard.js new file mode 100644 index 0000000..9d92a57 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_onboard.js @@ -0,0 +1,70 @@ +function dispatch(name) { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, name, "true"); + document.body.appendChild(form); + form.submit(); +} + +async function attestation(options) { + let credential; + try { + credential = await navigator.credentials.create({ "publicKey": options }); + } + // cancel and timeout can occur besides error + catch (error) { + console.error(`Failed to create WebAuthn credential: ${error}`); + throw error; + } + // as this is the last call we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "path", "/nevisfido/fido2/attestation/result") + addInput(form, "id", credential.id); + addInput(form, "type", credential.type); + addInput(form, "response.clientDataJSON", base64url.encode(credential.response.clientDataJSON)); + addInput(form, "response.attestationObject", base64url.encode(credential.response.attestationObject)); + document.body.appendChild(form); + form.submit(); +} + +function start() { + + if (!isWebAuthnSupportedByTheBrowser()) { + dispatch("unsupported"); + return; + }; + + const request = {}; + request.path = "/nevisfido/fido2/attestation/options"; + + // calling nevisFIDO through nevisAuth on current URL using AJAX + fetch("", { + method: "POST", + headers: { + 'Content-Type': 'application/json' + }, + body: JSON.stringify(request) + }) + .then(res => res.json()) + .then(options => { + options.user.id = base64url.decode(options.user.id); + options.challenge = base64url.decode(options.challenge); + if (options.excludeCredentials != null) { + options.excludeCredentials = options.excludeCredentials.map((c) => { + c.id = base64url.decode(c.id); + return c; + }); + } + if (options.authenticatorSelection.authenticatorAttachment === null) { + options.authenticatorSelection.authenticatorAttachment = undefined; + } + return attestation(options); + }).catch((error) => { + console.log('Error during FIDO2 onboarding: ' + error); + dispatch("failed"); + }); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_utils.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_utils.js new file mode 100644 index 0000000..dc6056c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/fido2_utils.js @@ -0,0 +1,40 @@ +function addInput(form, name, value) { + const input = document.createElement("input"); + input.name = name; + input.value = value; + form.appendChild(input); +} + +/** + * Checks whether WebAuthn is supported by the browser or not. + * @return true if supported, false if it is not supported or not in secure context + */ +function isWebAuthnSupportedByTheBrowser() { + if (window.isSecureContext) { + // This feature is available only in secure contexts in some or all supporting browsers. + if ('credentials' in navigator) { + return true; + } + console.warn('Oh no! This browser does not support WebAuthn.'); + return false; + } + console.warn('WebAuthn feature is available only in secure contexts. For testing over HTTP, you can use the origin "localhost".'); + return false; +} + +/** + * Trigger on cancel pattern of the FIDO2 authentication step. + * + * Provides an alternative when the user decides to + * cancel the fido2 credential operation(create or fetch) or + * the operation fails and the error cannot be handled. + */ +function cancelFido2() { + // we have to do a top-level request instead of AJAX + const form = document.createElement("form"); + form.method = "POST"; + form.style.display = "none"; + addInput(form, "cancel_fido2", "true"); + document.body.appendChild(form); + form.submit(); +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/forge.bundle.js b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/forge.bundle.js new file mode 100644 index 0000000..58cb6a8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/resources/forge.bundle.js @@ -0,0 +1,28767 @@ +(function(root, factory) { + if(typeof define === 'function' && define.amd) { + define([], factory); + } else { + root.forge = factory(); + } +})(this, function() { +/** + * @license almond 0.2.9 Copyright (c) 2011-2014, The Dojo Foundation All Rights Reserved. + * Available via the MIT or new BSD license. + * see: http://github.com/jrburke/almond for details + */ +//Going sloppy to avoid 'use strict' string cost, but strict practices should +//be followed. +/*jslint sloppy: true */ +/*global setTimeout: false */ + +var requirejs, require, define; +(function (undef) { + var main, req, makeMap, handlers, + defined = {}, + waiting = {}, + config = {}, + defining = {}, + hasOwn = Object.prototype.hasOwnProperty, + aps = [].slice, + jsSuffixRegExp = /\.js$/; + + function hasProp(obj, prop) { + return hasOwn.call(obj, prop); + } + + /** + * Given a relative module name, like ./something, normalize it to + * a real name that can be mapped to a path. + * @param {String} name the relative name + * @param {String} baseName a real name that the name arg is relative + * to. + * @returns {String} normalized name + */ + function normalize(name, baseName) { + var nameParts, nameSegment, mapValue, foundMap, lastIndex, + foundI, foundStarMap, starI, i, j, part, + baseParts = baseName && baseName.split("/"), + map = config.map, + starMap = (map && map['*']) || {}; + + //Adjust any relative paths. + if (name && name.charAt(0) === ".") { + //If have a base name, try to normalize against it, + //otherwise, assume it is a top-level require that will + //be relative to baseUrl in the end. + if (baseName) { + //Convert baseName to array, and lop off the last part, + //so that . matches that "directory" and not name of the baseName's + //module. For instance, baseName of "one/two/three", maps to + //"one/two/three.js", but we want the directory, "one/two" for + //this normalization. + baseParts = baseParts.slice(0, baseParts.length - 1); + name = name.split('/'); + lastIndex = name.length - 1; + + // Node .js allowance: + if (config.nodeIdCompat && jsSuffixRegExp.test(name[lastIndex])) { + name[lastIndex] = name[lastIndex].replace(jsSuffixRegExp, ''); + } + + name = baseParts.concat(name); + + //start trimDots + for (i = 0; i < name.length; i += 1) { + part = name[i]; + if (part === ".") { + name.splice(i, 1); + i -= 1; + } else if (part === "..") { + if (i === 1 && (name[2] === '..' || name[0] === '..')) { + //End of the line. Keep at least one non-dot + //path segment at the front so it can be mapped + //correctly to disk. Otherwise, there is likely + //no path mapping for a path starting with '..'. + //This can still fail, but catches the most reasonable + //uses of .. + break; + } else if (i > 0) { + name.splice(i - 1, 2); + i -= 2; + } + } + } + //end trimDots + + name = name.join("/"); + } else if (name.indexOf('./') === 0) { + // No baseName, so this is ID is resolved relative + // to baseUrl, pull off the leading dot. + name = name.substring(2); + } + } + + //Apply map config if available. + if ((baseParts || starMap) && map) { + nameParts = name.split('/'); + + for (i = nameParts.length; i > 0; i -= 1) { + nameSegment = nameParts.slice(0, i).join("/"); + + if (baseParts) { + //Find the longest baseName segment match in the config. + //So, do joins on the biggest to smallest lengths of baseParts. + for (j = baseParts.length; j > 0; j -= 1) { + mapValue = map[baseParts.slice(0, j).join('/')]; + + //baseName segment has config, find if it has one for + //this name. + if (mapValue) { + mapValue = mapValue[nameSegment]; + if (mapValue) { + //Match, update name to the new value. + foundMap = mapValue; + foundI = i; + break; + } + } + } + } + + if (foundMap) { + break; + } + + //Check for a star map match, but just hold on to it, + //if there is a shorter segment match later in a matching + //config, then favor over this star map. + if (!foundStarMap && starMap && starMap[nameSegment]) { + foundStarMap = starMap[nameSegment]; + starI = i; + } + } + + if (!foundMap && foundStarMap) { + foundMap = foundStarMap; + foundI = starI; + } + + if (foundMap) { + nameParts.splice(0, foundI, foundMap); + name = nameParts.join('/'); + } + } + + return name; + } + + function makeRequire(relName, forceSync) { + return function () { + //A version of a require function that passes a moduleName + //value for items that may need to + //look up paths relative to the moduleName + return req.apply(undef, aps.call(arguments, 0).concat([relName, forceSync])); + }; + } + + function makeNormalize(relName) { + return function (name) { + return normalize(name, relName); + }; + } + + function makeLoad(depName) { + return function (value) { + defined[depName] = value; + }; + } + + function callDep(name) { + if (hasProp(waiting, name)) { + var args = waiting[name]; + delete waiting[name]; + defining[name] = true; + main.apply(undef, args); + } + + if (!hasProp(defined, name) && !hasProp(defining, name)) { + throw new Error('No ' + name); + } + return defined[name]; + } + + //Turns a plugin!resource to [plugin, resource] + //with the plugin being undefined if the name + //did not have a plugin prefix. + function splitPrefix(name) { + var prefix, + index = name ? name.indexOf('!') : -1; + if (index > -1) { + prefix = name.substring(0, index); + name = name.substring(index + 1, name.length); + } + return [prefix, name]; + } + + /** + * Makes a name map, normalizing the name, and using a plugin + * for normalization if necessary. Grabs a ref to plugin + * too, as an optimization. + */ + makeMap = function (name, relName) { + var plugin, + parts = splitPrefix(name), + prefix = parts[0]; + + name = parts[1]; + + if (prefix) { + prefix = normalize(prefix, relName); + plugin = callDep(prefix); + } + + //Normalize according + if (prefix) { + if (plugin && plugin.normalize) { + name = plugin.normalize(name, makeNormalize(relName)); + } else { + name = normalize(name, relName); + } + } else { + name = normalize(name, relName); + parts = splitPrefix(name); + prefix = parts[0]; + name = parts[1]; + if (prefix) { + plugin = callDep(prefix); + } + } + + //Using ridiculous property names for space reasons + return { + f: prefix ? prefix + '!' + name : name, //fullName + n: name, + pr: prefix, + p: plugin + }; + }; + + function makeConfig(name) { + return function () { + return (config && config.config && config.config[name]) || {}; + }; + } + + handlers = { + require: function (name) { + return makeRequire(name); + }, + exports: function (name) { + var e = defined[name]; + if (typeof e !== 'undefined') { + return e; + } else { + return (defined[name] = {}); + } + }, + module: function (name) { + return { + id: name, + uri: '', + exports: defined[name], + config: makeConfig(name) + }; + } + }; + + main = function (name, deps, callback, relName) { + var cjsModule, depName, ret, map, i, + args = [], + callbackType = typeof callback, + usingExports; + + //Use name if no relName + relName = relName || name; + + //Call the callback to define the module, if necessary. + if (callbackType === 'undefined' || callbackType === 'function') { + //Pull out the defined dependencies and pass the ordered + //values to the callback. + //Default to [require, exports, module] if no deps + deps = !deps.length && callback.length ? ['require', 'exports', 'module'] : deps; + for (i = 0; i < deps.length; i += 1) { + map = makeMap(deps[i], relName); + depName = map.f; + + //Fast path CommonJS standard dependencies. + if (depName === "require") { + args[i] = handlers.require(name); + } else if (depName === "exports") { + //CommonJS module spec 1.1 + args[i] = handlers.exports(name); + usingExports = true; + } else if (depName === "module") { + //CommonJS module spec 1.1 + cjsModule = args[i] = handlers.module(name); + } else if (hasProp(defined, depName) || + hasProp(waiting, depName) || + hasProp(defining, depName)) { + args[i] = callDep(depName); + } else if (map.p) { + map.p.load(map.n, makeRequire(relName, true), makeLoad(depName), {}); + args[i] = defined[depName]; + } else { + throw new Error(name + ' missing ' + depName); + } + } + + ret = callback ? callback.apply(defined[name], args) : undefined; + + if (name) { + //If setting exports via "module" is in play, + //favor that over return value and exports. After that, + //favor a non-undefined return value over exports use. + if (cjsModule && cjsModule.exports !== undef && + cjsModule.exports !== defined[name]) { + defined[name] = cjsModule.exports; + } else if (ret !== undef || !usingExports) { + //Use the return value from the function. + defined[name] = ret; + } + } + } else if (name) { + //May just be an object definition for the module. Only + //worry about defining if have a module name. + defined[name] = callback; + } + }; + + requirejs = require = req = function (deps, callback, relName, forceSync, alt) { + if (typeof deps === "string") { + if (handlers[deps]) { + //callback in this case is really relName + return handlers[deps](callback); + } + //Just return the module wanted. In this scenario, the + //deps arg is the module name, and second arg (if passed) + //is just the relName. + //Normalize module name, if it contains . or .. + return callDep(makeMap(deps, callback).f); + } else if (!deps.splice) { + //deps is a config object, not an array. + config = deps; + if (config.deps) { + req(config.deps, config.callback); + } + if (!callback) { + return; + } + + if (callback.splice) { + //callback is an array, which means it is a dependency list. + //Adjust args if there are dependencies + deps = callback; + callback = relName; + relName = null; + } else { + deps = undef; + } + } + + //Support require(['a']) + callback = callback || function () {}; + + //If relName is a function, it is an errback handler, + //so remove it. + if (typeof relName === 'function') { + relName = forceSync; + forceSync = alt; + } + + //Simulate async callback; + if (forceSync) { + main(undef, deps, callback, relName); + } else { + //Using a non-zero value because of concern for what old browsers + //do, and latest browsers "upgrade" to 4 if lower value is used: + //http://www.whatwg.org/specs/web-apps/current-work/multipage/timers.html#dom-windowtimers-settimeout: + //If want a value immediately, use require('id') instead -- something + //that works in almond on the global level, but not guaranteed and + //unlikely to work in other AMD implementations. + setTimeout(function () { + main(undef, deps, callback, relName); + }, 4); + } + + return req; + }; + + /** + * Just drops the config on the floor, but returns req in case + * the config return value is used. + */ + req.config = function (cfg) { + return req(cfg); + }; + + /** + * Expose module registry for debugging and tooling + */ + requirejs._defined = defined; + + define = function (name, deps, callback) { + + //This module may not have dependencies + if (!deps.splice) { + //deps is not an array, so probably means + //an object literal or factory function for + //the value. Adjust args. + callback = deps; + deps = []; + } + + if (!hasProp(defined, name) && !hasProp(waiting, name)) { + waiting[name] = [name, deps, callback]; + } + }; + + define.amd = { + jQuery: true + }; +}()); + +define("node_modules/almond/almond", function(){}); + +/** + * Utility functions for web applications. + * + * @author Dave Longley + * + * Copyright (c) 2010-2014 Digital Bazaar, Inc. + */ +(function() { +/* ########## Begin module implementation ########## */ +function initModule(forge) { + +/* Utilities API */ +var util = forge.util = forge.util || {}; + +// define setImmediate and nextTick +if(typeof process === 'undefined' || !process.nextTick) { + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + util.nextTick = function(callback) { + return setImmediate(callback); + }; + } else { + util.setImmediate = function(callback) { + setTimeout(callback, 0); + }; + util.nextTick = util.setImmediate; + } +} else { + util.nextTick = process.nextTick; + if(typeof setImmediate === 'function') { + util.setImmediate = setImmediate; + } else { + util.setImmediate = util.nextTick; + } +} + +// define isArray +util.isArray = Array.isArray || function(x) { + return Object.prototype.toString.call(x) === '[object Array]'; +}; + +// define isArrayBuffer +util.isArrayBuffer = function(x) { + return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; +}; + +// define isArrayBufferView +var _arrayBufferViews = []; +if(typeof DataView !== 'undefined') { + _arrayBufferViews.push(DataView); +} +if(typeof Int8Array !== 'undefined') { + _arrayBufferViews.push(Int8Array); +} +if(typeof Uint8Array !== 'undefined') { + _arrayBufferViews.push(Uint8Array); +} +if(typeof Uint8ClampedArray !== 'undefined') { + _arrayBufferViews.push(Uint8ClampedArray); +} +if(typeof Int16Array !== 'undefined') { + _arrayBufferViews.push(Int16Array); +} +if(typeof Uint16Array !== 'undefined') { + _arrayBufferViews.push(Uint16Array); +} +if(typeof Int32Array !== 'undefined') { + _arrayBufferViews.push(Int32Array); +} +if(typeof Uint32Array !== 'undefined') { + _arrayBufferViews.push(Uint32Array); +} +if(typeof Float32Array !== 'undefined') { + _arrayBufferViews.push(Float32Array); +} +if(typeof Float64Array !== 'undefined') { + _arrayBufferViews.push(Float64Array); +} +util.isArrayBufferView = function(x) { + for(var i = 0; i < _arrayBufferViews.length; ++i) { + if(x instanceof _arrayBufferViews[i]) { + return true; + } + } + return false; +}; + +// TODO: set ByteBuffer to best available backing +util.ByteBuffer = ByteStringBuffer; + +/** Buffer w/BinaryString backing */ + +/** + * Constructor for a binary string backed byte buffer. + * + * @param [b] the bytes to wrap (either encoded as string, one byte per + * character, or as an ArrayBuffer or Typed Array). + */ +function ByteStringBuffer(b) { + // TODO: update to match DataBuffer API + + // the data in this buffer + this.data = ''; + // the pointer for reading from this buffer + this.read = 0; + + if(typeof b === 'string') { + this.data = b; + } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { + // convert native buffer to forge buffer + // FIXME: support native buffers internally instead + var arr = new Uint8Array(b); + try { + this.data = String.fromCharCode.apply(null, arr); + } catch(e) { + for(var i = 0; i < arr.length; ++i) { + this.putByte(arr[i]); + } + } + } else if(b instanceof ByteStringBuffer || + (typeof b === 'object' && typeof b.data === 'string' && + typeof b.read === 'number')) { + // copy existing buffer + this.data = b.data; + this.read = b.read; + } + + // used for v8 optimization + this._constructedStringLength = 0; +} +util.ByteStringBuffer = ByteStringBuffer; + +/* Note: This is an optimization for V8-based browsers. When V8 concatenates + a string, the strings are only joined logically using a "cons string" or + "constructed/concatenated string". These containers keep references to one + another and can result in very large memory usage. For example, if a 2MB + string is constructed by concatenating 4 bytes together at a time, the + memory usage will be ~44MB; so ~22x increase. The strings are only joined + together when an operation requiring their joining takes place, such as + substr(). This function is called when adding data to this buffer to ensure + these types of strings are periodically joined to reduce the memory + footprint. */ +var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; +util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { + this._constructedStringLength += x; + if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { + // this substr() should cause the constructed string to join + this.data.substr(0, 1); + this._constructedStringLength = 0; + } +}; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.ByteStringBuffer.prototype.length = function() { + return this.data.length - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.ByteStringBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putByte = function(b) { + return this.putBytes(String.fromCharCode(b)); +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { + b = String.fromCharCode(b); + var d = this.data; + while(n > 0) { + if(n & 1) { + d += b; + } + n >>>= 1; + if(n > 0) { + b += b; + } + } + this.data = d; + this._optimizeConstructedString(n); + return this; +}; + +/** + * Puts bytes in this buffer. + * + * @param bytes the bytes (as a UTF-8 encoded string) to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBytes = function(bytes) { + this.data += bytes; + this._optimizeConstructedString(bytes.length); + return this; +}; + +/** + * Puts a UTF-16 encoded string into this buffer. + * + * @param str the string to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putString = function(str) { + return this.putBytes(util.encodeUtf8(str)); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32 = function(i) { + return this.putBytes( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt16Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF)); +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt24Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF)); +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt32Le = function(i) { + return this.putBytes( + String.fromCharCode(i & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 24 & 0xFF)); +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putInt = function(i, n) { + var bytes = ''; + do { + n -= 8; + bytes += String.fromCharCode((i >> n) & 0xFF); + } while(n > 0); + return this.putBytes(bytes); +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.putBuffer = function(buffer) { + return this.putBytes(buffer.getBytes()); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.getByte = function() { + return this.data.charCodeAt(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 8 ^ + this.data.charCodeAt(this.read + 1)); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 16 ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32 = function() { + var rval = ( + this.data.charCodeAt(this.read) << 24 ^ + this.data.charCodeAt(this.read + 1) << 16 ^ + this.data.charCodeAt(this.read + 2) << 8 ^ + this.data.charCodeAt(this.read + 3)); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.ByteStringBuffer.prototype.getInt16Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.ByteStringBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.ByteStringBuffer.prototype.getInt32Le = function() { + var rval = ( + this.data.charCodeAt(this.read) ^ + this.data.charCodeAt(this.read + 1) << 8 ^ + this.data.charCodeAt(this.read + 2) << 16 ^ + this.data.charCodeAt(this.read + 3) << 24); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.charCodeAt(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.ByteStringBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.ByteStringBuffer.prototype.getBytes = function(count) { + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.ByteStringBuffer.prototype.bytes = function(count) { + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.ByteStringBuffer.prototype.at = function(i) { + return this.data.charCodeAt(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.setAt = function(i, b) { + this.data = this.data.substr(0, this.read + i) + + String.fromCharCode(b) + + this.data.substr(this.read + i + 1); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.ByteStringBuffer.prototype.last = function() { + return this.data.charCodeAt(this.data.length - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.ByteStringBuffer.prototype.copy = function() { + var c = util.createBuffer(this.data); + c.read = this.read; + return c; +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.compact = function() { + if(this.read > 0) { + this.data = this.data.slice(this.read); + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.clear = function() { + this.data = ''; + this.read = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.ByteStringBuffer.prototype.truncate = function(count) { + var len = Math.max(0, this.length() - count); + this.data = this.data.substr(this.read, len); + this.read = 0; + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.ByteStringBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.length; ++i) { + var b = this.data.charCodeAt(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a UTF-16 string (standard JavaScript string). + * + * @return a UTF-16 string. + */ +util.ByteStringBuffer.prototype.toString = function() { + return util.decodeUtf8(this.bytes()); +}; + +/** End Buffer w/BinaryString backing */ + + +/** Buffer w/UInt8Array backing */ + +/** + * FIXME: Experimental. Do not use yet. + * + * Constructor for an ArrayBuffer-backed byte buffer. + * + * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a + * TypedArray. + * + * If a string is given, its encoding should be provided as an option, + * otherwise it will default to 'binary'. A 'binary' string is encoded such + * that each character is one byte in length and size. + * + * If an ArrayBuffer, DataView, or TypedArray is given, it will be used + * *directly* without any copying. Note that, if a write to the buffer requires + * more space, the buffer will allocate a new backing ArrayBuffer to + * accommodate. The starting read and write offsets for the buffer may be + * given as options. + * + * @param [b] the initial bytes for this buffer. + * @param options the options to use: + * [readOffset] the starting read offset to use (default: 0). + * [writeOffset] the starting write offset to use (default: the + * length of the first parameter). + * [growSize] the minimum amount, in bytes, to grow the buffer by to + * accommodate writes (default: 1024). + * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the + * first parameter, if it is a string (default: 'binary'). + */ +function DataBuffer(b, options) { + // default options + options = options || {}; + + // pointers for read from/write to buffer + this.read = options.readOffset || 0; + this.growSize = options.growSize || 1024; + + var isArrayBuffer = util.isArrayBuffer(b); + var isArrayBufferView = util.isArrayBufferView(b); + if(isArrayBuffer || isArrayBufferView) { + // use ArrayBuffer directly + if(isArrayBuffer) { + this.data = new DataView(b); + } else { + // TODO: adjust read/write offset based on the type of view + // or specify that this must be done in the options ... that the + // offsets are byte-based + this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); + } + this.write = ('writeOffset' in options ? + options.writeOffset : this.data.byteLength); + return; + } + + // initialize to empty array buffer and add any given bytes using putBytes + this.data = new DataView(new ArrayBuffer(0)); + this.write = 0; + + if(b !== null && b !== undefined) { + this.putBytes(b); + } + + if('writeOffset' in options) { + this.write = options.writeOffset; + } +} +util.DataBuffer = DataBuffer; + +/** + * Gets the number of bytes in this buffer. + * + * @return the number of bytes in this buffer. + */ +util.DataBuffer.prototype.length = function() { + return this.write - this.read; +}; + +/** + * Gets whether or not this buffer is empty. + * + * @return true if this buffer is empty, false if not. + */ +util.DataBuffer.prototype.isEmpty = function() { + return this.length() <= 0; +}; + +/** + * Ensures this buffer has enough empty space to accommodate the given number + * of bytes. An optional parameter may be given that indicates a minimum + * amount to grow the buffer if necessary. If the parameter is not given, + * the buffer will be grown by some previously-specified default amount + * or heuristic. + * + * @param amount the number of bytes to accommodate. + * @param [growSize] the minimum amount, in bytes, to grow the buffer by if + * necessary. + */ +util.DataBuffer.prototype.accommodate = function(amount, growSize) { + if(this.length() >= amount) { + return this; + } + growSize = Math.max(growSize || this.growSize, amount); + + // grow buffer + var src = new Uint8Array( + this.data.buffer, this.data.byteOffset, this.data.byteLength); + var dst = new Uint8Array(this.length() + growSize); + dst.set(src); + this.data = new DataView(dst.buffer); + + return this; +}; + +/** + * Puts a byte in this buffer. + * + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putByte = function(b) { + this.accommodate(1); + this.data.setUint8(this.write++, b); + return this; +}; + +/** + * Puts a byte in this buffer N times. + * + * @param b the byte to put. + * @param n the number of bytes of value b to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.fillWithByte = function(b, n) { + this.accommodate(n); + for(var i = 0; i < n; ++i) { + this.data.setUint8(b); + } + return this; +}; + +/** + * Puts bytes in this buffer. The bytes may be given as a string, an + * ArrayBuffer, a DataView, or a TypedArray. + * + * @param bytes the bytes to put. + * @param [encoding] the encoding for the first parameter ('binary', 'utf8', + * 'utf16', 'hex'), if it is a string (default: 'binary'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBytes = function(bytes, encoding) { + if(util.isArrayBufferView(bytes)) { + var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); + var len = src.byteLength - src.byteOffset; + this.accommodate(len); + var dst = new Uint8Array(this.data.buffer, this.write); + dst.set(src); + this.write += len; + return this; + } + + if(util.isArrayBuffer(bytes)) { + var src = new Uint8Array(bytes); + this.accommodate(src.byteLength); + var dst = new Uint8Array(this.data.buffer); + dst.set(src, this.write); + this.write += src.byteLength; + return this; + } + + // bytes is a util.DataBuffer or equivalent + if(bytes instanceof util.DataBuffer || + (typeof bytes === 'object' && + typeof bytes.read === 'number' && typeof bytes.write === 'number' && + util.isArrayBufferView(bytes.data))) { + var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); + this.accommodate(src.byteLength); + var dst = new Uint8Array(bytes.data.byteLength, this.write); + dst.set(src); + this.write += src.byteLength; + return this; + } + + if(bytes instanceof util.ByteStringBuffer) { + // copy binary string and process as the same as a string parameter below + bytes = bytes.data; + encoding = 'binary'; + } + + // string conversion + encoding = encoding || 'binary'; + if(typeof bytes === 'string') { + var view; + + // decode from string + if(encoding === 'hex') { + this.accommodate(Math.ceil(bytes.length / 2)); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.hex.decode(bytes, view, this.write); + return this; + } + if(encoding === 'base64') { + this.accommodate(Math.ceil(bytes.length / 4) * 3); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.base64.decode(bytes, view, this.write); + return this; + } + + // encode text as UTF-8 bytes + if(encoding === 'utf8') { + // encode as UTF-8 then decode string as raw binary + bytes = util.encodeUtf8(bytes); + encoding = 'binary'; + } + + // decode string as raw binary + if(encoding === 'binary' || encoding === 'raw') { + // one byte per character + this.accommodate(bytes.length); + view = new Uint8Array(this.data.buffer, this.write); + this.write += util.binary.raw.decode(view); + return this; + } + + // encode text as UTF-16 bytes + if(encoding === 'utf16') { + // two bytes per character + this.accommodate(bytes.length * 2); + view = new Uint16Array(this.data.buffer, this.write); + this.write += util.text.utf16.encode(view); + return this; + } + + throw new Error('Invalid encoding: ' + encoding); + } + + throw Error('Invalid parameter: ' + bytes); +}; + +/** + * Puts the given buffer into this buffer. + * + * @param buffer the buffer to put into this one. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putBuffer = function(buffer) { + this.putBytes(buffer); + buffer.clear(); + return this; +}; + +/** + * Puts a string into this buffer. + * + * @param str the string to put. + * @param [encoding] the encoding for the string (default: 'utf16'). + * + * @return this buffer. + */ +util.DataBuffer.prototype.putString = function(str) { + return this.putBytes(str, 'utf16'); +}; + +/** + * Puts a 16-bit integer in this buffer in big-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16 = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in big-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24 = function(i) { + this.accommodate(3); + this.data.setInt16(this.write, i >> 8 & 0xFFFF); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in big-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32 = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i); + this.write += 4; + return this; +}; + +/** + * Puts a 16-bit integer in this buffer in little-endian order. + * + * @param i the 16-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt16Le = function(i) { + this.accommodate(2); + this.data.setInt16(this.write, i, true); + this.write += 2; + return this; +}; + +/** + * Puts a 24-bit integer in this buffer in little-endian order. + * + * @param i the 24-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt24Le = function(i) { + this.accommodate(3); + this.data.setInt8(this.write, i >> 16 & 0xFF); + this.data.setInt16(this.write, i >> 8 & 0xFFFF, true); + this.write += 3; + return this; +}; + +/** + * Puts a 32-bit integer in this buffer in little-endian order. + * + * @param i the 32-bit integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt32Le = function(i) { + this.accommodate(4); + this.data.setInt32(this.write, i, true); + this.write += 4; + return this; +}; + +/** + * Puts an n-bit integer in this buffer in big-endian order. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putInt = function(i, n) { + this.accommodate(n / 8); + do { + n -= 8; + this.data.setInt8(this.write++, (i >> n) & 0xFF); + } while(n > 0); + return this; +}; + +/** + * Puts a signed n-bit integer in this buffer in big-endian order. Two's + * complement representation is used. + * + * @param i the n-bit integer. + * @param n the number of bits in the integer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.putSignedInt = function(i, n) { + this.accommodate(n / 8); + if(i < 0) { + i += 2 << (n - 1); + } + return this.putInt(i, n); +}; + +/** + * Gets a byte from this buffer and advances the read pointer by 1. + * + * @return the byte. + */ +util.DataBuffer.prototype.getByte = function() { + return this.data.getInt8(this.read++); +}; + +/** + * Gets a uint16 from this buffer in big-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16 = function() { + var rval = this.data.getInt16(this.read); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in big-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24 = function() { + var rval = ( + this.data.getInt16(this.read) << 8 ^ + this.data.getInt8(this.read + 2)); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in big-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32 = function() { + var rval = this.data.getInt32(this.read); + this.read += 4; + return rval; +}; + +/** + * Gets a uint16 from this buffer in little-endian order and advances the read + * pointer by 2. + * + * @return the uint16. + */ +util.DataBuffer.prototype.getInt16Le = function() { + var rval = this.data.getInt16(this.read, true); + this.read += 2; + return rval; +}; + +/** + * Gets a uint24 from this buffer in little-endian order and advances the read + * pointer by 3. + * + * @return the uint24. + */ +util.DataBuffer.prototype.getInt24Le = function() { + var rval = ( + this.data.getInt8(this.read) ^ + this.data.getInt16(this.read + 1, true) << 8); + this.read += 3; + return rval; +}; + +/** + * Gets a uint32 from this buffer in little-endian order and advances the read + * pointer by 4. + * + * @return the word. + */ +util.DataBuffer.prototype.getInt32Le = function() { + var rval = this.data.getInt32(this.read, true); + this.read += 4; + return rval; +}; + +/** + * Gets an n-bit integer from this buffer in big-endian order and advances the + * read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getInt = function(n) { + var rval = 0; + do { + rval = (rval << 8) + this.data.getInt8(this.read++); + n -= 8; + } while(n > 0); + return rval; +}; + +/** + * Gets a signed n-bit integer from this buffer in big-endian order, using + * two's complement, and advances the read pointer by n/8. + * + * @param n the number of bits in the integer. + * + * @return the integer. + */ +util.DataBuffer.prototype.getSignedInt = function(n) { + var x = this.getInt(n); + var max = 2 << (n - 2); + if(x >= max) { + x -= max << 1; + } + return x; +}; + +/** + * Reads bytes out into a UTF-8 string and clears them from the buffer. + * + * @param count the number of bytes to read, undefined or null for all. + * + * @return a UTF-8 string of bytes. + */ +util.DataBuffer.prototype.getBytes = function(count) { + // TODO: deprecate this method, it is poorly named and + // this.toString('binary') replaces it + // add a toTypedArray()/toArrayBuffer() function + var rval; + if(count) { + // read count bytes + count = Math.min(this.length(), count); + rval = this.data.slice(this.read, this.read + count); + this.read += count; + } else if(count === 0) { + rval = ''; + } else { + // read all bytes, optimize to only copy when needed + rval = (this.read === 0) ? this.data : this.data.slice(this.read); + this.clear(); + } + return rval; +}; + +/** + * Gets a UTF-8 encoded string of the bytes from this buffer without modifying + * the read pointer. + * + * @param count the number of bytes to get, omit to get all. + * + * @return a string full of UTF-8 encoded characters. + */ +util.DataBuffer.prototype.bytes = function(count) { + // TODO: deprecate this method, it is poorly named, add "getString()" + return (typeof(count) === 'undefined' ? + this.data.slice(this.read) : + this.data.slice(this.read, this.read + count)); +}; + +/** + * Gets a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * + * @return the byte. + */ +util.DataBuffer.prototype.at = function(i) { + return this.data.getUint8(this.read + i); +}; + +/** + * Puts a byte at the given index without modifying the read pointer. + * + * @param i the byte index. + * @param b the byte to put. + * + * @return this buffer. + */ +util.DataBuffer.prototype.setAt = function(i, b) { + this.data.setUint8(i, b); + return this; +}; + +/** + * Gets the last byte without modifying the read pointer. + * + * @return the last byte. + */ +util.DataBuffer.prototype.last = function() { + return this.data.getUint8(this.write - 1); +}; + +/** + * Creates a copy of this buffer. + * + * @return the copy. + */ +util.DataBuffer.prototype.copy = function() { + return new util.DataBuffer(this); +}; + +/** + * Compacts this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.compact = function() { + if(this.read > 0) { + var src = new Uint8Array(this.data.buffer, this.read); + var dst = new Uint8Array(src.byteLength); + dst.set(src); + this.data = new DataView(dst); + this.write -= this.read; + this.read = 0; + } + return this; +}; + +/** + * Clears this buffer. + * + * @return this buffer. + */ +util.DataBuffer.prototype.clear = function() { + this.data = new DataView(new ArrayBuffer(0)); + this.read = this.write = 0; + return this; +}; + +/** + * Shortens this buffer by triming bytes off of the end of this buffer. + * + * @param count the number of bytes to trim off. + * + * @return this buffer. + */ +util.DataBuffer.prototype.truncate = function(count) { + this.write = Math.max(0, this.length() - count); + this.read = Math.min(this.read, this.write); + return this; +}; + +/** + * Converts this buffer to a hexadecimal string. + * + * @return a hexadecimal string. + */ +util.DataBuffer.prototype.toHex = function() { + var rval = ''; + for(var i = this.read; i < this.data.byteLength; ++i) { + var b = this.data.getUint8(i); + if(b < 16) { + rval += '0'; + } + rval += b.toString(16); + } + return rval; +}; + +/** + * Converts this buffer to a string, using the given encoding. If no + * encoding is given, 'utf8' (UTF-8) is used. + * + * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex', + * 'base64' (default: 'utf8'). + * + * @return a string representation of the bytes in this buffer. + */ +util.DataBuffer.prototype.toString = function(encoding) { + var view = new Uint8Array(this.data, this.read, this.length()); + encoding = encoding || 'utf8'; + + // encode to string + if(encoding === 'binary' || encoding === 'raw') { + return util.binary.raw.encode(view); + } + if(encoding === 'hex') { + return util.binary.hex.encode(view); + } + if(encoding === 'base64') { + return util.binary.base64.encode(view); + } + + // decode to text + if(encoding === 'utf8') { + return util.text.utf8.decode(view); + } + if(encoding === 'utf16') { + return util.text.utf16.decode(view); + } + + throw new Error('Invalid encoding: ' + encoding); +}; + +/** End Buffer w/UInt8Array backing */ + + +/** + * Creates a buffer that stores bytes. A value may be given to put into the + * buffer that is either a string of bytes or a UTF-16 string that will + * be encoded using UTF-8 (to do the latter, specify 'utf8' as the encoding). + * + * @param [input] the bytes to wrap (as a string) or a UTF-16 string to encode + * as UTF-8. + * @param [encoding] (default: 'raw', other: 'utf8'). + */ +util.createBuffer = function(input, encoding) { + // TODO: deprecate, use new ByteBuffer() instead + encoding = encoding || 'raw'; + if(input !== undefined && encoding === 'utf8') { + input = util.encodeUtf8(input); + } + return new util.ByteBuffer(input); +}; + +/** + * Fills a string with a particular value. If you want the string to be a byte + * string, pass in String.fromCharCode(theByte). + * + * @param c the character to fill the string with, use String.fromCharCode + * to fill the string with a byte value. + * @param n the number of characters of value c to fill with. + * + * @return the filled string. + */ +util.fillString = function(c, n) { + var s = ''; + while(n > 0) { + if(n & 1) { + s += c; + } + n >>>= 1; + if(n > 0) { + c += c; + } + } + return s; +}; + +/** + * Performs a per byte XOR between two byte strings and returns the result as a + * string of bytes. + * + * @param s1 first string of bytes. + * @param s2 second string of bytes. + * @param n the number of bytes to XOR. + * + * @return the XOR'd result. + */ +util.xorBytes = function(s1, s2, n) { + var s3 = ''; + var b = ''; + var t = ''; + var i = 0; + var c = 0; + for(; n > 0; --n, ++i) { + b = s1.charCodeAt(i) ^ s2.charCodeAt(i); + if(c >= 10) { + s3 += t; + t = ''; + c = 0; + } + t += String.fromCharCode(b); + ++c; + } + s3 += t; + return s3; +}; + +/** + * Converts a hex string into a 'binary' encoded string of bytes. + * + * @param hex the hexadecimal string to convert. + * + * @return the binary-encoded string of bytes. + */ +util.hexToBytes = function(hex) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead." + var rval = ''; + var i = 0; + if(hex.length & 1 == 1) { + // odd number of characters, convert first character alone + i = 1; + rval += String.fromCharCode(parseInt(hex[0], 16)); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + } + return rval; +}; + +/** + * Converts a 'binary' encoded string of bytes to hex. + * + * @param bytes the byte string to convert. + * + * @return the string of hexadecimal characters. + */ +util.bytesToHex = function(bytes) { + // TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead." + return util.createBuffer(bytes).toHex(); +}; + +/** + * Converts an 32-bit integer to 4-big-endian byte string. + * + * @param i the integer. + * + * @return the byte string. + */ +util.int32ToBytes = function(i) { + return ( + String.fromCharCode(i >> 24 & 0xFF) + + String.fromCharCode(i >> 16 & 0xFF) + + String.fromCharCode(i >> 8 & 0xFF) + + String.fromCharCode(i & 0xFF)); +}; + +// base64 characters, reverse mapping +var _base64 = + 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; +var _base64Idx = [ +/*43 -43 = 0*/ +/*'+', 1, 2, 3,'/' */ + 62, -1, -1, -1, 63, + +/*'0','1','2','3','4','5','6','7','8','9' */ + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, + +/*15, 16, 17,'=', 19, 20, 21 */ + -1, -1, -1, 64, -1, -1, -1, + +/*65 - 43 = 22*/ +/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, + +/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ + 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, + +/*91 - 43 = 48 */ +/*48, 49, 50, 51, 52, 53 */ + -1, -1, -1, -1, -1, -1, + +/*97 - 43 = 54*/ +/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ + 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + +/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ + 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 +]; + +/** + * Base64 encodes a 'binary' encoded string of bytes. + * + * @param input the binary encoded string of bytes to base64-encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output. + */ +util.encode64 = function(input, maxline) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead." + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.length) { + chr1 = input.charCodeAt(i++); + chr2 = input.charCodeAt(i++); + chr3 = input.charCodeAt(i++); + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Base64 decodes a string into a 'binary' encoded string of bytes. + * + * @param input the base64-encoded input. + * + * @return the binary encoded string. + */ +util.decode64 = function(input) { + // TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead." + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + var output = ''; + var enc1, enc2, enc3, enc4; + var i = 0; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); + if(enc3 !== 64) { + // decoded at least 2 bytes + output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); + if(enc4 !== 64) { + // decoded 3 bytes + output += String.fromCharCode(((enc3 & 3) << 6) | enc4); + } + } + } + + return output; +}; + +/** + * UTF-8 encodes the given UTF-16 encoded string (a standard JavaScript + * string). Non-ASCII characters will be encoded as multiple bytes according + * to UTF-8. + * + * @param str the string to encode. + * + * @return the UTF-8 encoded string. + */ +util.encodeUtf8 = function(str) { + return unescape(encodeURIComponent(str)); +}; + +/** + * Decodes a UTF-8 encoded string into a UTF-16 string. + * + * @param str the string to decode. + * + * @return the UTF-16 encoded string (standard JavaScript string). + */ +util.decodeUtf8 = function(str) { + return decodeURIComponent(escape(str)); +}; + +// binary encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.binary = { + raw: {}, + hex: {}, + base64: {} +}; + +/** + * Encodes a Uint8Array as a binary-encoded string. This encoding uses + * a value between 0 and 255 for each character. + * + * @param bytes the Uint8Array to encode. + * + * @return the binary-encoded string. + */ +util.binary.raw.encode = function(bytes) { + return String.fromCharCode.apply(null, bytes); +}; + +/** + * Decodes a binary-encoded string to a Uint8Array. This encoding uses + * a value between 0 and 255 for each character. + * + * @param str the binary-encoded string to decode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.raw.decode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or + * ByteBuffer as a string of hexadecimal characters. + * + * @param bytes the bytes to convert. + * + * @return the string of hexadecimal characters. + */ +util.binary.hex.encode = util.bytesToHex; + +/** + * Decodes a hex-encoded string to a Uint8Array. + * + * @param hex the hexadecimal string to convert. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.hex.decode = function(hex, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(hex.length / 2)); + } + offset = offset || 0; + var i = 0, j = offset; + if(hex.length & 1) { + // odd number of characters, convert first character alone + i = 1; + out[j++] = parseInt(hex[0], 16); + } + // convert 2 characters (1 byte) at a time + for(; i < hex.length; i += 2) { + out[j++] = parseInt(hex.substr(i, 2), 16); + } + return output ? (j - offset) : out; +}; + +/** + * Base64-encodes a Uint8Array. + * + * @param input the Uint8Array to encode. + * @param maxline the maximum number of encoded characters per line to use, + * defaults to none. + * + * @return the base64-encoded output string. + */ +util.binary.base64.encode = function(input, maxline) { + var line = ''; + var output = ''; + var chr1, chr2, chr3; + var i = 0; + while(i < input.byteLength) { + chr1 = input[i++]; + chr2 = input[i++]; + chr3 = input[i++]; + + // encode 4 character group + line += _base64.charAt(chr1 >> 2); + line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); + if(isNaN(chr2)) { + line += '=='; + } else { + line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); + line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); + } + + if(maxline && line.length > maxline) { + output += line.substr(0, maxline) + '\r\n'; + line = line.substr(maxline); + } + } + output += line; + return output; +}; + +/** + * Decodes a base64-encoded string to a Uint8Array. + * + * @param input the base64-encoded input string. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.binary.base64.decode = function(input, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(Math.ceil(input.length / 4) * 3); + } + + // remove all non-base64 characters + input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); + + offset = offset || 0; + var enc1, enc2, enc3, enc4; + var i = 0, j = offset; + + while(i < input.length) { + enc1 = _base64Idx[input.charCodeAt(i++) - 43]; + enc2 = _base64Idx[input.charCodeAt(i++) - 43]; + enc3 = _base64Idx[input.charCodeAt(i++) - 43]; + enc4 = _base64Idx[input.charCodeAt(i++) - 43]; + + out[j++] = (enc1 << 2) | (enc2 >> 4); + if(enc3 !== 64) { + // decoded at least 2 bytes + out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2); + if(enc4 !== 64) { + // decoded 3 bytes + out[j++] = ((enc3 & 3) << 6) | enc4; + } + } + } + + // make sure result is the exact decoded length + return output ? + (j - offset) : + out.subarray(0, j); +}; + +// text encoding/decoding tools +// FIXME: Experimental. Do not use yet. +util.text = { + utf8: {}, + utf16: {} +}; + +/** + * Encodes the given string as UTF-8 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf8.encode = function(str, output, offset) { + str = util.encodeUtf8(str); + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + offset = offset || 0; + var j = offset; + for(var i = 0; i < str.length; ++i) { + out[j++] = str.charCodeAt(i); + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-8 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf8.decode = function(bytes) { + return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); +}; + +/** + * Encodes the given string as UTF-16 in a Uint8Array. + * + * @param str the string to encode. + * @param [output] an optional Uint8Array to write the output to; if it + * is too small, an exception will be thrown. + * @param [offset] the start offset for writing to the output (default: 0). + * + * @return the Uint8Array or the number of bytes written if output was given. + */ +util.text.utf16.encode = function(str, output, offset) { + var out = output; + if(!out) { + out = new Uint8Array(str.length); + } + var view = new Uint16Array(out); + offset = offset || 0; + var j = offset; + var k = offset; + for(var i = 0; i < str.length; ++i) { + view[k++] = str.charCodeAt(i); + j += 2; + } + return output ? (j - offset) : out; +}; + +/** + * Decodes the UTF-16 contents from a Uint8Array. + * + * @param bytes the Uint8Array to decode. + * + * @return the resulting string. + */ +util.text.utf16.decode = function(bytes) { + return String.fromCharCode.apply(null, new Uint16Array(bytes)); +}; + +/** + * Deflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true to return only raw deflate data, false to include zlib + * header and trailer. + * + * @return the deflated data as a string. + */ +util.deflate = function(api, bytes, raw) { + bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); + + // strip zlib header and trailer if necessary + if(raw) { + // zlib header is 2 bytes (CMF,FLG) where FLG indicates that + // there is a 4-byte DICT (alder-32) block before the data if + // its 5th bit is set + var start = 2; + var flg = bytes.charCodeAt(1); + if(flg & 0x20) { + start = 6; + } + // zlib trailer is 4 bytes of adler-32 + bytes = bytes.substring(start, bytes.length - 4); + } + + return bytes; +}; + +/** + * Inflates the given data using a flash interface. + * + * @param api the flash interface. + * @param bytes the data. + * @param raw true if the incoming data has no zlib header or trailer and is + * raw DEFLATE data. + * + * @return the inflated data as a string, null on error. + */ +util.inflate = function(api, bytes, raw) { + // TODO: add zlib header and trailer if necessary/possible + var rval = api.inflate(util.encode64(bytes)).rval; + return (rval === null) ? null : util.decode64(rval); +}; + +/** + * Sets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param obj the storage object, null to remove. + */ +var _setStorageObject = function(api, id, obj) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + var rval; + if(obj === null) { + rval = api.removeItem(id); + } else { + // json-encode and base64-encode object + obj = util.encode64(JSON.stringify(obj)); + rval = api.setItem(id, obj); + } + + // handle potential flash error + if(typeof(rval) !== 'undefined' && rval.rval !== true) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } +}; + +/** + * Gets a storage object. + * + * @param api the storage interface. + * @param id the storage ID to use. + * + * @return the storage object entry or null if none exists. + */ +var _getStorageObject = function(api, id) { + if(!api) { + throw new Error('WebStorage not available.'); + } + + // get the existing entry + var rval = api.getItem(id); + + /* Note: We check api.init because we can't do (api == localStorage) + on IE because of "Class doesn't support Automation" exception. Only + the flash api has an init method so this works too, but we need a + better solution in the future. */ + + // flash returns item wrapped in an object, handle special case + if(api.init) { + if(rval.rval === null) { + if(rval.error) { + var error = new Error(rval.error.message); + error.id = rval.error.id; + error.name = rval.error.name; + throw error; + } + // no error, but also no item + rval = null; + } else { + rval = rval.rval; + } + } + + // handle decoding + if(rval !== null) { + // base64-decode and json-decode data + rval = JSON.parse(util.decode64(rval)); + } + + return rval; +}; + +/** + * Stores an item in local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + */ +var _setItem = function(api, id, key, data) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj === null) { + // create a new storage object + obj = {}; + } + // update key + obj[key] = data; + + // set storage object + _setStorageObject(api, id, obj); +}; + +/** + * Gets an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + * + * @return the item. + */ +var _getItem = function(api, id, key) { + // get storage object + var rval = _getStorageObject(api, id); + if(rval !== null) { + // return data at key + rval = (key in rval) ? rval[key] : null; + } + + return rval; +}; + +/** + * Removes an item from local storage. + * + * @param api the storage interface. + * @param id the storage ID to use. + * @param key the key for the item. + */ +var _removeItem = function(api, id, key) { + // get storage object + var obj = _getStorageObject(api, id); + if(obj !== null && key in obj) { + // remove key + delete obj[key]; + + // see if entry has no keys remaining + var empty = true; + for(var prop in obj) { + empty = false; + break; + } + if(empty) { + // remove entry entirely if no keys are left + obj = null; + } + + // set storage object + _setStorageObject(api, id, obj); + } +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * @param api the storage interface. + * @param id the storage ID to use. + */ +var _clearItems = function(api, id) { + _setStorageObject(api, id, null); +}; + +/** + * Calls a storage function. + * + * @param func the function to call. + * @param args the arguments for the function. + * @param location the location argument. + * + * @return the return value from the function. + */ +var _callStorageFunction = function(func, args, location) { + var rval = null; + + // default storage types + if(typeof(location) === 'undefined') { + location = ['web', 'flash']; + } + + // apply storage types in order of preference + var type; + var done = false; + var exception = null; + for(var idx in location) { + type = location[idx]; + try { + if(type === 'flash' || type === 'both') { + if(args[0] === null) { + throw new Error('Flash local storage not available.'); + } + rval = func.apply(this, args); + done = (type === 'flash'); + } + if(type === 'web' || type === 'both') { + args[0] = localStorage; + rval = func.apply(this, args); + done = true; + } + } catch(ex) { + exception = ex; + } + if(done) { + break; + } + } + + if(!done) { + throw exception; + } + + return rval; +}; + +/** + * Stores an item on local disk. + * + * The available types of local storage include 'flash', 'web', and 'both'. + * + * The type 'flash' refers to flash local storage (SharedObject). In order + * to use flash local storage, the 'api' parameter must be valid. The type + * 'web' refers to WebStorage, if supported by the browser. The type 'both' + * refers to storing using both 'flash' and 'web', not just one or the + * other. + * + * The location array should list the storage types to use in order of + * preference: + * + * ['flash']: flash only storage + * ['web']: web only storage + * ['both']: try to store in both + * ['flash','web']: store in flash first, but if not available, 'web' + * ['web','flash']: store in web first, but if not available, 'flash' + * + * The location array defaults to: ['web', 'flash'] + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param data the data for the item (any javascript object/primitive). + * @param location an array with the preferred types of storage to use. + */ +util.setItem = function(api, id, key, data, location) { + _callStorageFunction(_setItem, arguments, location); +}; + +/** + * Gets an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface, null to use only WebStorage. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + * + * @return the item. + */ +util.getItem = function(api, id, key, location) { + return _callStorageFunction(_getItem, arguments, location); +}; + +/** + * Removes an item on local disk. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface. + * @param id the storage ID to use. + * @param key the key for the item. + * @param location an array with the preferred types of storage to use. + */ +util.removeItem = function(api, id, key, location) { + _callStorageFunction(_removeItem, arguments, location); +}; + +/** + * Clears the local disk storage identified by the given ID. + * + * Set setItem() for details on storage types. + * + * @param api the flash interface if flash is available. + * @param id the storage ID to use. + * @param location an array with the preferred types of storage to use. + */ +util.clearItems = function(api, id, location) { + _callStorageFunction(_clearItems, arguments, location); +}; + +/** + * Parses the scheme, host, and port from an http(s) url. + * + * @param str the url string. + * + * @return the parsed url object or null if the url is invalid. + */ +util.parseUrl = function(str) { + // FIXME: this regex looks a bit broken + var regex = /^(https?):\/\/([^:&^\/]*):?(\d*)(.*)$/g; + regex.lastIndex = 0; + var m = regex.exec(str); + var url = (m === null) ? null : { + full: str, + scheme: m[1], + host: m[2], + port: m[3], + path: m[4] + }; + if(url) { + url.fullHost = url.host; + if(url.port) { + if(url.port !== 80 && url.scheme === 'http') { + url.fullHost += ':' + url.port; + } else if(url.port !== 443 && url.scheme === 'https') { + url.fullHost += ':' + url.port; + } + } else if(url.scheme === 'http') { + url.port = 80; + } else if(url.scheme === 'https') { + url.port = 443; + } + url.full = url.scheme + '://' + url.fullHost; + } + return url; +}; + +/* Storage for query variables */ +var _queryVariables = null; + +/** + * Returns the window location query variables. Query is parsed on the first + * call and the same object is returned on subsequent calls. The mapping + * is from keys to an array of values. Parameters without values will have + * an object key set but no value added to the value array. Values are + * unescaped. + * + * ...?k1=v1&k2=v2: + * { + * "k1": ["v1"], + * "k2": ["v2"] + * } + * + * ...?k1=v1&k1=v2: + * { + * "k1": ["v1", "v2"] + * } + * + * ...?k1=v1&k2: + * { + * "k1": ["v1"], + * "k2": [] + * } + * + * ...?k1=v1&k1: + * { + * "k1": ["v1"] + * } + * + * ...?k1&k1: + * { + * "k1": [] + * } + * + * @param query the query string to parse (optional, default to cached + * results from parsing window location search query). + * + * @return object mapping keys to variables. + */ +util.getQueryVariables = function(query) { + var parse = function(q) { + var rval = {}; + var kvpairs = q.split('&'); + for(var i = 0; i < kvpairs.length; i++) { + var pos = kvpairs[i].indexOf('='); + var key; + var val; + if(pos > 0) { + key = kvpairs[i].substring(0, pos); + val = kvpairs[i].substring(pos + 1); + } else { + key = kvpairs[i]; + val = null; + } + if(!(key in rval)) { + rval[key] = []; + } + // disallow overriding object prototype keys + if(!(key in Object.prototype) && val !== null) { + rval[key].push(unescape(val)); + } + } + return rval; + }; + + var rval; + if(typeof(query) === 'undefined') { + // set cached variables if needed + if(_queryVariables === null) { + if(typeof(window) !== 'undefined' && window.location && window.location.search) { + // parse window search query + _queryVariables = parse(window.location.search.substring(1)); + } else { + // no query variables available + _queryVariables = {}; + } + } + rval = _queryVariables; + } else { + // parse given query + rval = parse(query); + } + return rval; +}; + +/** + * Parses a fragment into a path and query. This method will take a URI + * fragment and break it up as if it were the main URI. For example: + * /bar/baz?a=1&b=2 + * results in: + * { + * path: ["bar", "baz"], + * query: {"k1": ["v1"], "k2": ["v2"]} + * } + * + * @return object with a path array and query object. + */ +util.parseFragment = function(fragment) { + // default to whole fragment + var fp = fragment; + var fq = ''; + // split into path and query if possible at the first '?' + var pos = fragment.indexOf('?'); + if(pos > 0) { + fp = fragment.substring(0, pos); + fq = fragment.substring(pos + 1); + } + // split path based on '/' and ignore first element if empty + var path = fp.split('/'); + if(path.length > 0 && path[0] === '') { + path.shift(); + } + // convert query into object + var query = (fq === '') ? {} : util.getQueryVariables(fq); + + return { + pathString: fp, + queryString: fq, + path: path, + query: query + }; +}; + +/** + * Makes a request out of a URI-like request string. This is intended to + * be used where a fragment id (after a URI '#') is parsed as a URI with + * path and query parts. The string should have a path beginning and + * delimited by '/' and optional query parameters following a '?'. The + * query should be a standard URL set of key value pairs delimited by + * '&'. For backwards compatibility the initial '/' on the path is not + * required. The request object has the following API, (fully described + * in the method code): + * { + * path: . + * query: , + * getPath(i): get part or all of the split path array, + * getQuery(k, i): get part or all of a query key array, + * getQueryLast(k, _default): get last element of a query key array. + * } + * + * @return object with request parameters. + */ +util.makeRequest = function(reqString) { + var frag = util.parseFragment(reqString); + var req = { + // full path string + path: frag.pathString, + // full query string + query: frag.queryString, + /** + * Get path or element in path. + * + * @param i optional path index. + * + * @return path or part of path if i provided. + */ + getPath: function(i) { + return (typeof(i) === 'undefined') ? frag.path : frag.path[i]; + }, + /** + * Get query, values for a key, or value for a key index. + * + * @param k optional query key. + * @param i optional query key index. + * + * @return query, values for a key, or value for a key index. + */ + getQuery: function(k, i) { + var rval; + if(typeof(k) === 'undefined') { + rval = frag.query; + } else { + rval = frag.query[k]; + if(rval && typeof(i) !== 'undefined') { + rval = rval[i]; + } + } + return rval; + }, + getQueryLast: function(k, _default) { + var rval; + var vals = req.getQuery(k); + if(vals) { + rval = vals[vals.length - 1]; + } else { + rval = _default; + } + return rval; + } + }; + return req; +}; + +/** + * Makes a URI out of a path, an object with query parameters, and a + * fragment. Uses jquery internally for query string creation. + * If the path is an array, it will be joined with '/'. + * + * @param path string path or array of strings. + * @param query object with query parameters. (optional) + * @param fragment fragment string. (optional) + * + * @return string object with request parameters. + */ +util.makeLink = function(path, query, fragment) { + // join path parts if needed + path = jQuery.isArray(path) ? path.join('/') : path; + + var qstr = jQuery.param(query || {}); + fragment = fragment || ''; + return path + + ((qstr.length > 0) ? ('?' + qstr) : '') + + ((fragment.length > 0) ? ('#' + fragment) : ''); +}; + +/** + * Follows a path of keys deep into an object hierarchy and set a value. + * If a key does not exist or it's value is not an object, create an + * object in it's place. This can be destructive to a object tree if + * leaf nodes are given as non-final path keys. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param value the value to set. + */ +util.setPath = function(object, keys, value) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + object[next] = value; + } else { + // more + var hasNext = (next in object); + if(!hasNext || + (hasNext && typeof(object[next]) !== 'object') || + (hasNext && object[next] === null)) { + object[next] = {}; + } + object = object[next]; + } + } + } +}; + +/** + * Follows a path of keys deep into an object hierarchy and return a value. + * If a key does not exist, create an object in it's place. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + * @param _default value to return if path not found. + * + * @return the value at the path if found, else default if given, else + * undefined. + */ +util.getPath = function(object, keys, _default) { + var i = 0; + var len = keys.length; + var hasNext = true; + while(hasNext && i < len && + typeof(object) === 'object' && object !== null) { + var next = keys[i++]; + hasNext = next in object; + if(hasNext) { + object = object[next]; + } + } + return (hasNext ? object : _default); +}; + +/** + * Follow a path of keys deep into an object hierarchy and delete the + * last one. If a key does not exist, do nothing. + * Used to avoid exceptions from missing parts of the path. + * + * @param object the starting object. + * @param keys an array of string keys. + */ +util.deletePath = function(object, keys) { + // need to start at an object + if(typeof(object) === 'object' && object !== null) { + var i = 0; + var len = keys.length; + while(i < len) { + var next = keys[i++]; + if(i == len) { + // last + delete object[next]; + } else { + // more + if(!(next in object) || + (typeof(object[next]) !== 'object') || + (object[next] === null)) { + break; + } + object = object[next]; + } + } + } +}; + +/** + * Check if an object is empty. + * + * Taken from: + * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937 + * + * @param object the object to check. + */ +util.isEmpty = function(obj) { + for(var prop in obj) { + if(obj.hasOwnProperty(prop)) { + return false; + } + } + return true; +}; + +/** + * Format with simple printf-style interpolation. + * + * %%: literal '%' + * %s,%o: convert next argument into a string. + * + * @param format the string to format. + * @param ... arguments to interpolate into the format string. + */ +util.format = function(format) { + var re = /%./g; + // current match + var match; + // current part + var part; + // current arg index + var argi = 0; + // collected parts to recombine later + var parts = []; + // last index found + var last = 0; + // loop while matches remain + while((match = re.exec(format))) { + part = format.substring(last, re.lastIndex - 2); + // don't add empty strings (ie, parts between %s%s) + if(part.length > 0) { + parts.push(part); + } + last = re.lastIndex; + // switch on % code + var code = match[0][1]; + switch(code) { + case 's': + case 'o': + // check if enough arguments were given + if(argi < arguments.length) { + parts.push(arguments[argi++ + 1]); + } else { + parts.push(''); + } + break; + // FIXME: do proper formating for numbers, etc + //case 'f': + //case 'd': + case '%': + parts.push('%'); + break; + default: + parts.push('<%' + code + '?>'); + } + } + // add trailing part of format string + parts.push(format.substring(last)); + return parts.join(''); +}; + +/** + * Formats a number. + * + * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/ + */ +util.formatNumber = function(number, decimals, dec_point, thousands_sep) { + // http://kevin.vanzonneveld.net + // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) + // + bugfix by: Michael White (http://crestidg.com) + // + bugfix by: Benjamin Lupton + // + bugfix by: Allan Jensen (http://www.winternet.no) + // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) + // * example 1: number_format(1234.5678, 2, '.', ''); + // * returns 1: 1234.57 + + var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; + var d = dec_point === undefined ? ',' : dec_point; + var t = thousands_sep === undefined ? + '.' : thousands_sep, s = n < 0 ? '-' : ''; + var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + ''; + var j = (i.length > 3) ? i.length % 3 : 0; + return s + (j ? i.substr(0, j) + t : '') + + i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) + + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ''); +}; + +/** + * Formats a byte size. + * + * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/ + */ +util.formatSize = function(size) { + if(size >= 1073741824) { + size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB'; + } else if(size >= 1048576) { + size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB'; + } else if(size >= 1024) { + size = util.formatNumber(size / 1024, 0) + ' KiB'; + } else { + size = util.formatNumber(size, 0) + ' bytes'; + } + return size; +}; + +/** + * Converts an IPv4 or IPv6 string representation into bytes (in network order). + * + * @param ip the IPv4 or IPv6 address to convert. + * + * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't + * be parsed. + */ +util.bytesFromIP = function(ip) { + if(ip.indexOf('.') !== -1) { + return util.bytesFromIPv4(ip); + } + if(ip.indexOf(':') !== -1) { + return util.bytesFromIPv6(ip); + } + return null; +}; + +/** + * Converts an IPv4 string representation into bytes (in network order). + * + * @param ip the IPv4 address to convert. + * + * @return the 4-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv4 = function(ip) { + ip = ip.split('.'); + if(ip.length !== 4) { + return null; + } + var b = util.createBuffer(); + for(var i = 0; i < ip.length; ++i) { + var num = parseInt(ip[i], 10); + if(isNaN(num)) { + return null; + } + b.putByte(num); + } + return b.getBytes(); +}; + +/** + * Converts an IPv6 string representation into bytes (in network order). + * + * @param ip the IPv6 address to convert. + * + * @return the 16-byte address or null if the address can't be parsed. + */ +util.bytesFromIPv6 = function(ip) { + var blanks = 0; + ip = ip.split(':').filter(function(e) { + if(e.length === 0) ++blanks; + return true; + }); + var zeros = (8 - ip.length + blanks) * 2; + var b = util.createBuffer(); + for(var i = 0; i < 8; ++i) { + if(!ip[i] || ip[i].length === 0) { + b.fillWithByte(0, zeros); + zeros = 0; + continue; + } + var bytes = util.hexToBytes(ip[i]); + if(bytes.length < 2) { + b.putByte(0); + } + b.putBytes(bytes); + } + return b.getBytes(); +}; + +/** + * Converts 4-bytes into an IPv4 string representation or 16-bytes into + * an IPv6 string representation. The bytes must be in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 or IPv6 string representation if 4 or 16 bytes, + * respectively, are given, otherwise null. + */ +util.bytesToIP = function(bytes) { + if(bytes.length === 4) { + return util.bytesToIPv4(bytes); + } + if(bytes.length === 16) { + return util.bytesToIPv6(bytes); + } + return null; +}; + +/** + * Converts 4-bytes into an IPv4 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv4 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv4 = function(bytes) { + if(bytes.length !== 4) { + return null; + } + var ip = []; + for(var i = 0; i < bytes.length; ++i) { + ip.push(bytes.charCodeAt(i)); + } + return ip.join('.'); +}; + +/** + * Converts 16-bytes into an IPv16 string representation. The bytes must be + * in network order. + * + * @param bytes the bytes to convert. + * + * @return the IPv16 string representation or null for an invalid # of bytes. + */ +util.bytesToIPv6 = function(bytes) { + if(bytes.length !== 16) { + return null; + } + var ip = []; + var zeroGroups = []; + var zeroMaxGroup = 0; + for(var i = 0; i < bytes.length; i += 2) { + var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); + // canonicalize zero representation + while(hex[0] === '0' && hex !== '0') { + hex = hex.substr(1); + } + if(hex === '0') { + var last = zeroGroups[zeroGroups.length - 1]; + var idx = ip.length; + if(!last || idx !== last.end + 1) { + zeroGroups.push({start: idx, end: idx}); + } else { + last.end = idx; + if((last.end - last.start) > + (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) { + zeroMaxGroup = zeroGroups.length - 1; + } + } + } + ip.push(hex); + } + if(zeroGroups.length > 0) { + var group = zeroGroups[zeroMaxGroup]; + // only shorten group of length > 0 + if(group.end - group.start > 0) { + ip.splice(group.start, group.end - group.start + 1, ''); + if(group.start === 0) { + ip.unshift(''); + } + if(group.end === 7) { + ip.push(''); + } + } + } + return ip.join(':'); +}; + +/** + * Estimates the number of processes that can be run concurrently. If + * creating Web Workers, keep in mind that the main JavaScript process needs + * its own core. + * + * @param options the options to use: + * update true to force an update (not use the cached value). + * @param callback(err, max) called once the operation completes. + */ +util.estimateCores = function(options, callback) { + if(typeof options === 'function') { + callback = options; + options = {}; + } + options = options || {}; + if('cores' in util && !options.update) { + return callback(null, util.cores); + } + if(typeof navigator !== 'undefined' && + 'hardwareConcurrency' in navigator && + navigator.hardwareConcurrency > 0) { + util.cores = navigator.hardwareConcurrency; + return callback(null, util.cores); + } + if(typeof Worker === 'undefined') { + // workers not available + util.cores = 1; + return callback(null, util.cores); + } + if(typeof Blob === 'undefined') { + // can't estimate, default to 2 + util.cores = 2; + return callback(null, util.cores); + } + + // create worker concurrency estimation code as blob + var blobUrl = URL.createObjectURL(new Blob(['(', + function() { + self.addEventListener('message', function(e) { + // run worker for 4 ms + var st = Date.now(); + var et = st + 4; + while(Date.now() < et); + self.postMessage({st: st, et: et}); + }); + }.toString(), + ')()'], {type: 'application/javascript'})); + + // take 5 samples using 16 workers + sample([], 5, 16); + + function sample(max, samples, numWorkers) { + if(samples === 0) { + // get overlap average + var avg = Math.floor(max.reduce(function(avg, x) { + return avg + x; + }, 0) / max.length); + util.cores = Math.max(1, avg); + URL.revokeObjectURL(blobUrl); + return callback(null, util.cores); + } + map(numWorkers, function(err, results) { + max.push(reduce(numWorkers, results)); + sample(max, samples - 1, numWorkers); + }); + } + + function map(numWorkers, callback) { + var workers = []; + var results = []; + for(var i = 0; i < numWorkers; ++i) { + var worker = new Worker(blobUrl); + worker.addEventListener('message', function(e) { + results.push(e.data); + if(results.length === numWorkers) { + for(var i = 0; i < numWorkers; ++i) { + workers[i].terminate(); + } + callback(null, results); + } + }); + workers.push(worker); + } + for(var i = 0; i < numWorkers; ++i) { + workers[i].postMessage(i); + } + } + + function reduce(numWorkers, results) { + // find overlapping time windows + var overlaps = []; + for(var n = 0; n < numWorkers; ++n) { + var r1 = results[n]; + var overlap = overlaps[n] = []; + for(var i = 0; i < numWorkers; ++i) { + if(n === i) { + continue; + } + var r2 = results[i]; + if((r1.st > r2.st && r1.st < r2.et) || + (r2.st > r1.st && r2.st < r1.et)) { + overlap.push(i); + } + } + } + // get maximum overlaps ... don't include overlapping worker itself + // as the main JS process was also being scheduled during the work and + // would have to be subtracted from the estimate anyway + return overlaps.reduce(function(max, overlap) { + return Math.max(max, overlap.length); + }, 0); + } +}; + +} // end module implementation + +/* ########## Begin module wrapper ########## */ +var name = 'util'; +if(typeof define !== 'function') { + // NodeJS -> AMD + if(typeof module === 'object' && module.exports) { + var nodeJS = true; + define = function(ids, factory) { + factory(require, module); + }; + } else { + // + + ## if only form, then we include javascript here (end of body) + #if ($isFormRequest) + #parse("${templatePath}/js_end.vm") + #end + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/header.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/header.vm new file mode 100644 index 0000000..b8a5038 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/header.vm @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/html.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/html.vm new file mode 100644 index 0000000..2f02835 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/html.vm @@ -0,0 +1,32 @@ + + + + + $text.get('title') + + + + + + + + + + + #parse("${templatePath}/js_start.vm") + + + + #parse("${templatePath}/lang.vm") + + #parse("${templatePath}/header.vm") + +
+ #parse("${templatePath}/form.vm") +
+ + #parse("${templatePath}/footer.vm") + + #parse("${templatePath}/js_end.vm") + + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_end.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_end.vm new file mode 100644 index 0000000..f34431f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_end.vm @@ -0,0 +1,76 @@ + + + +#if ($gui.name == "oauth_consent") + +#end + +#if ($gui.name == "authcloud") + + +#end + +#if ($gui.name == "authcloud_onboard") + + +#end + +#if ($gui.name == "authcloud_login") + + +#end + +#if ($gui.name == "mauth_onboard") + + +#end + +#if ($gui.name == "mauth_link_qr") + + +#end + +#if ($gui.name == "mauth_push_qr") + + +#end + +#if ($gui.name == "mauth_usernameless") + + +#end + +#if ($gui.name == "fido2_auth") + + + +#end + +#if ($gui.name == "fido2_auth_std") + #set ($authenticationOptionsPath = $login.requestHeaders["fido2AuthenticationOptionsPath"]) + #set ($authenticationPath = $login.requestHeaders["fido2AuthenticationPath"]) + #set ($statusServicePath = $login.requestHeaders["fido2StatusServicePath"]) + #set ($userVerification = $login.requestHeaders["fido2UserVerification"]) + + + + +#end + +#if ($gui.name == "fido2_onboard") + + + +#end + +#if ($useFormEncryption) + + +#end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_start.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_start.vm new file mode 100644 index 0000000..ddc8437 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/js_start.vm @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/json.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/json.vm new file mode 100644 index 0000000..e9c3ff8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/json.vm @@ -0,0 +1,88 @@ +## This template is used to respond with a JSON format +## In this case, the client is supposed to parse and show the data +## The JSON data is close to the XML format of the GuiDesc + +#set ($target = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) +{ + "name" : "$gui.name" , + "target" : "$target" #if ($gui.label || $gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if + +#if ($gui.label) "label" : "$gui.label" #if ($gui.language || $gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if + +#if ($gui.language) "language" : "$gui.language" #if ($gui.domain || $gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.language) +#if ($gui.domain) "domain" : "$gui.domain" #if ($gui.getGuiElems().size() > 0 || $gui.getGuiGroup().size() > 0), #end ## if +#end ## if ($gui.domain) + +#if ($gui.getGuiElems().size() > 0) + "elements" : [ +#set ($i = 0) +#foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "label" : "$guiElem.label" #if ($guiElem['validation-failed'] || $guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem['validation-failed']) "validation-failed" : "$guiGroup.validationFailed" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #end ## if ($guiElem['validation-failed']) + + #if ($guiElem.value) "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + + #if ($guiElem.length) "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + + #if ($guiElem.format) "format" : "$guiElem.format" + #end + + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + +#end ## loop + ] #if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0), #end +#end ## if ($gui.getGuiGroup() && $gui.getGuiElem().size() > 0) +#if ($gui.getGuiGroup() && $gui.getGuiGroup().size() > 0) + "groups" : [ + #set ($j = 0) + #foreach ($guiGroup in $gui.getGuiGroup()) + "name" : "$guiGroup.name", + "type" : "$guiGroup.type", + "label" : "$guiGroup.label", + "multiple" : "$guiGroup.multiple", + "format" : "$guiGroup.format", + "optional" : "$guiGroup.optional", + "validation-failed" : "$guiGroup.validationFailed" #if ($gui.getGuiElems().length() > 0), #end + #if ($gui.getGuiElems() && $gui.getGuiElems().length() > 0) + "elements" : [ + #set ($i = 0) + #foreach ($guiElem in $gui.getGuiElems()) + { + "name" : "$guiElem.name", + "type" : "$guiElem.type", + "optional" : "$guiElem.optional", + "validation-failed" : "$guiGroup.validationFailed", + "label" : "$guiElem.label" #if ($guiElem.value || $guiElem.length || $guiElem.format), #end + #if ($guiElem.value) + "value" : "$guiElem.value.replaceAll('\\\\','_ESCAPED_BACKSLASH_').replaceAll('\\"','_ESCAPED_QUOTE_').replaceAll('\\','\\\\').replaceAll('"','\\"').replaceAll('_ESCAPED_BACKSLASH_','\\\\').replaceAll('_ESCAPED_QUOTE_','\\"')" #if ($guiElem.length || $guiElem.format), #end + #end ## if ($guiElem.value) + #if ($guiElem.length) + "max-length" : "$guiElem.length" #if ($guiElem.format), #end + #end ## if ($guiElem.length) + #if ($guiElem.format) + "format" : "$guiElem.format" + #end ## if ($guiElem.format) + } + #set ($i = $i + 1) + #if ($i < ($gui.getGuiElems().size())), #end + + #end ## loop + ] #if ($foreach.hasNext), #end + #set ($j = $j + 1) + #if ($j < ($gui.getGuiGroup().size())), #end + #end ## foreach ($guiGroup in $gui.getGuiGroup()) + #end ## if ($gui.getGuiElem() && $gui.getGuiElem().size() > 0) + ] + #end ## if ($gui.getGuiGroup() && $gui.getGuiGroup().length() > 0) +} diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/lang.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/lang.vm new file mode 100644 index 0000000..0e85f80 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/lang.vm @@ -0,0 +1,32 @@ +## Nav ================================================================= + \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/macros.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/macros.vm new file mode 100644 index 0000000..f1e4f2c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/NotUsed_Auth_Realm/webdata/template/macros.vm @@ -0,0 +1,295 @@ + +#macro(renderFormField $guiElem, $gui, $tabindex) + +#if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset" || $guiElem.type == "link") +## do nothing, will be rendered in renderFormControls nd renderFormLinks + + +#elseif ($guiElem.type == "info" || $guiElem.type == "error") + #if ($guiElem.label && $guiElem.label.length() > 0) + ## special fields: display some text only + #set ($class = "form-group") + #if ($guiElem.type == "error") + #set ($class = "$class has-error") + #end +
+
+ + $guiElem.label + +
+
+ #end + +#elseif ($guiElem.type == "hidden" && $guiElem.name == "saml.logoutURLs") + + +#elseif ($guiElem.type == "hidden") + + + +#else ## not info, error, button, submit, reset or hidden -> normal visual element + +## define CSS class of representation in form +#set ($class = "form-group") +#if ($guiElem.optional) +#set ($class = "$class optional") +#else +#set ($class = "$class required") +#end + +## highlight failed input validation, if flagged + +#if ($guiElem.validationFailed && $guiElem.value && $guiElem.value.length() > 0) +#set ($class = "$class has-error") +#end + +#if ($guiElem.validationFailed && (!$guiElem.value || $guiElem.value.length() == 0)) +#set ($class = "$class has-error") +#end + + +## the form field's container, a label, and optionally a validation-related message + +
+ ## Special handling required for radios + checkboxes + #if ($guiElem.type != "radio" && $guiElem.type != "checkbox") + + + +
+ #if ($guiElem.type == "text") + + + #elseif ($guiElem.type == "pw-text") +
+ + +
+ + #elseif ($guiElem.type == "select") + #set ($scrollSize = $guiElem.getGuiElems().size()) + #set ($scrollSize = $math.min($scrollSize,4)) + #if ($guiElem.multiple) + + #end + #foreach ($option in $guiElem.getGuiElems()) + #if ($option.selected) + + #else + + #end + #end ## foreach option + + + #elseif ($guiElem.type == "image" ) + $guiElem.label + #end + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #else + ## Special handling for checkboxes and radios +
+ + + #if ($guiElem.validationMessage && $guiElem.validationMessage.length() > 0) + $guiElem.validationMessage + #end + + #if ($jsValidation) + #renderElementValidation($guiElem, $gui) + #end +
+ #end +
+#end + +#end ## end macro + + + + +#macro(renderElementValidation $guiElem, $gui) +#if (($guiElem.validation && $guiElem.validation.length() > 0)||($guiElem.format && $guiElem.format.length() > 0)) + + + + +#end +#end ## macro + + +#macro(renderFormLinks $gui) +#set ($noLinks = true) +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "link") + #if ($noLinks) +
+ #set ($noLinks = false) + #end + ${utils.escapeHtml($guiElem.label)} + #end +#end + #if (!$noLinks) +
+ #end +#end + +#macro(renderFormControls $gui) +
+#set ($buttonClass = "btn") +#if ($isFormRequest) + #set ($buttonClass = "$buttonClass btn-default") +#else + #set ($buttonClass = "$buttonClass btn-primary") +#end +#foreach ($guiElem in $gui.getGuiElems()) + #if ($guiElem.type == "submit" || $guiElem.type == "button" || $guiElem.type == "reset") + + #end +#end ## foreach +
+ +#end ## end macro \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/log/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/log/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/status.sh b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/status.sh new file mode 100755 index 0000000..c567f8a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/status.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# wait at most 200 seconds for the port to be open +_waitInterval=10 +_waitMax=200 +_waitTime=0 +health_ok=1 +while [ $_waitTime -lt $_waitMax ]; do + # api to check status of nevisAuth + if [[ `eval "2>/dev/null>/dev/tcp/0.0.0.0/8988 && echo 1"` -eq 0 ]]; then + sleep $_waitInterval + _waitTime=$((_waitTime + _waitInterval)) + else + health_ok=0 + break; + fi +done + +if [ $health_ok -eq 1 ]; then + echo "timeout (200s) reached waiting for nevisLogrend (http(s)://0.0.0.0:8988)" + exit ${health_ok} +fi \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/tmp/.empty b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/tmp/.empty new file mode 100644 index 0000000..e69de29 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/create_nvpuser.sh b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/create_nvpuser.sh new file mode 100755 index 0000000..6e5b37c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/create_nvpuser.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +nevis_group=nvbgroup +nevis_group_id=30000 + +nevis_user=nvpuser +nevis_user_id=30002 + +if [ -z "$(getent group "$nevis_group")" ] +then + echo "Installing group '$nevis_group' with id '$nevis_group_id'" + groupadd --gid "$nevis_group_id" "$nevis_group" +fi + +if [ -z "$(getent passwd "$nevis_user")" ] +then + echo "Installing user '$nevis_user' with id '$nevis_user_id'" + useradd \ + --comment 'functional user of nevisProxy' \ + --home-dir '/opt/nevisproxy' \ + --gid "$nevis_group" \ + --uid "$nevis_user_id" \ + --shell '/sbin/nologin' \ + "$nevis_user" +fi \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-idp-nevisproxy-remote-hybrid-session-store-699f0a21dd0e852f28d27e9d.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-idp-nevisproxy-remote-hybrid-session-store-699f0a21dd0e852f28d27e9d.yaml new file mode 100644 index 0000000..b6770b6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-idp-nevisproxy-remote-hybrid-session-store-699f0a21dd0e852f28d27e9d.yaml @@ -0,0 +1,26 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisDatabase" +metadata: + name: "proxy-idp" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "699f0a21dd0e852f28d27e9d" +spec: + type: "NevisProxy" + databaseType: "MariaDB" + version: "7.2402.1" + url: "mariadb-agov-dev-gp.mariadb.database.azure.com" + port: 3306 + database: "idp_replicated_session_store" + bootstrap: true + migrate: true + rootCredentials: + name: "root-adn-agov-nevisidm-01-dev-idm" + namespace: "adn-agov-nevisidm-01-dev-idm" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..3c73c45 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,70 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisComponent" +metadata: + name: "proxy-idp" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + type: "NevisProxy" + replicas: 1 + version: "7.2402.1" + gitInitVersion: "1.3.0" + runAsNonRoot: true + ports: + management: 11080 + https: 8443 + resources: + limits: + cpu: "2" + memory: "2000Mi" + requests: + cpu: "20m" + memory: "1000Mi" + livenessProbe: + management: + httpGet: + path: "/liveness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + readinessProbe: + management: + httpGet: + path: "/readiness" + initialDelaySeconds: 40 + periodSeconds: 30 + timeoutSeconds: 6 + podDisruptionBudget: + maxUnavailable: "50%" + git: + tag: "r-779d33c24ccffc47e1cd1b39b93d065950aee10e" + dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" + credentials: "git-credentials" + database: + name: "proxy-idp" + requiredVersion: "7.2402.1" + keystores: + - "proxy-idp-notused-auth-realm-identity" + - "proxy-idp-1f0702aaabef60a615abf41f" + - "proxy-idp-auth-realm-main-idp-identity" + - "proxy-idp-auth-realm-mobile-fido-uaf-identity" + - "proxy-idp-auth-realm-recovery-identity" + truststores: + - "proxy-idp-auth-realm-mobile-fido-uaf-tls-trust" + - "proxy-idp-notused-auth-realm-signer-trust" + - "proxy-idp-notused-auth-realm-tls-trust" + - "proxy-idp-auth-realm-recovery-tls-trust" + - "proxy-idp-auth-realm-main-idp-signer-trust" + - "proxy-idp-auth-realm-main-idp-tls-trust" + - "proxy-idp-auth-realm-mobile-fido-uaf-signer-trust" + - "proxy-idp-auth-realm-recovery-signer-trust" + ingresses: + - "proxy-idp" + podSecurity: + policy: "baseline" + automountServiceAccountToken: false + timeZone: "Europe/Zurich" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-1f0702aaabef60a615abf41f-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-1f0702aaabef60a615abf41f-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..c489f7d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-1f0702aaabef60a615abf41f-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,19 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "proxy-idp-1f0702aaabef60a615abf41f" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + cn: "auth.agov-d.azure.adnovum.net" + usage: "" + san: + dns: + - "proxy-idp" + - "proxy-idp.adn-agov-nevisidm-01-uat" + - "auth.agov-d.azure.adnovum.net" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-identity-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-identity-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..3144eae --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-identity-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "proxy-idp-auth-realm-main-idp-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + cn: "proxy-idp" + usage: "" + san: + dns: + - "proxy-idp" + - "proxy-idp.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-signer-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-signer-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..fd4b134 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-signer-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-main-idp-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-tls-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-tls-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..e67bc1b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-main-idp-tls-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-main-idp-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-identity-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-identity-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..9240649 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-identity-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "proxy-idp-auth-realm-mobile-fido-uaf-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + cn: "proxy-idp" + usage: "" + san: + dns: + - "proxy-idp" + - "proxy-idp.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-signer-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-signer-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..62e3901 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-signer-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-mobile-fido-uaf-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-tls-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-tls-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..3e6e99e --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-mobile-fido-uaf-tls-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-mobile-fido-uaf-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-identity-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-identity-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..8ac606d --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-identity-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "proxy-idp-auth-realm-recovery-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + cn: "proxy-idp" + usage: "" + san: + dns: + - "proxy-idp" + - "proxy-idp.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-signer-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-signer-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..4a8e5b6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-signer-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-recovery-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-tls-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-tls-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..3b1f3d7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-auth-realm-recovery-tls-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-auth-realm-recovery-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-ingress-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-ingress-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..b88b607 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-ingress-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,16 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisIngress" +metadata: + name: "proxy-idp" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + hosts: + - host: "auth.agov-d.azure.adnovum.net" + protocol: "HTTPS" + servicePort: 8443 + serviceName: "proxy-idp" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-identity-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-identity-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..160f03a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-identity-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,18 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisKeyStore" +metadata: + name: "proxy-idp-notused-auth-realm-identity" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + cn: "proxy-idp" + usage: "" + san: + dns: + - "proxy-idp" + - "proxy-idp.adn-agov-nevisidm-01-uat" + email: [] diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-signer-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-signer-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..213e589 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-signer-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-notused-auth-realm-signer-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-sh4r3d-internal-idp-auth-signer" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-tls-trust-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-tls-trust-0ceb05c56644a59d648c13b9.yaml new file mode 100644 index 0000000..676a004 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-proxy-idp-notused-auth-realm-tls-trust-0ceb05c56644a59d648c13b9.yaml @@ -0,0 +1,14 @@ +apiVersion: "operator.nevis-security.ch/v1" +kind: "NevisTrustStore" +metadata: + name: "proxy-idp-notused-auth-realm-tls-trust" + namespace: "adn-agov-nevisidm-01-uat" + labels: + deploymentTarget: "proxy-idp" + annotations: + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" +spec: + keystores: + - name: "auth-default-identity" + namespace: "adn-agov-nevisidm-01-uat" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/nevisproxy_default.yml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/nevisproxy_default.yml new file mode 100644 index 0000000..0f02bd1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/nevisproxy_default.yml @@ -0,0 +1,19 @@ +schemaVersion: 1.0 +instance: + type: "nevisproxy" + name: "default" + directory: "/var/opt/nevisproxy/default" + pid: "file:///var/opt/nevisproxy/default/run/navajo.pid" + source: + url: "/nevisadmin/#/projects/DEFAULT-ADN-AGOV-PROJECT/patterns/0ceb05c56644a59d648c13b9" + projectKey: "DEFAULT-ADN-AGOV-PROJECT" + patternId: "0ceb05c56644a59d648c13b9" + patternClass: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.NevisProxyDeployable" + resources: + ports: + - "0.0.0.0:11080" + - "0.0.0.0:8443" + control: + start: "systemctl restart nevisproxy@default" + stop: "systemctl stop nevisproxy@default" + status: "/var/opt/nevisproxy/default/run/status.sh" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/bc.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/bc.properties new file mode 100644 index 0000000..7914b82 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/bc.properties @@ -0,0 +1,12 @@ +# source: pattern://0ceb05c56644a59d648c13b9 +bc.security.PassPhraseDialog=pipe:///var/opt/nevisproxy/default/conf/keystorepwget +# source: pattern://0ceb05c56644a59d648c13b9 +ch.nevis.navajo.tracing.ReconfigurationPeriod=60 +# source: pattern://0ceb05c56644a59d648c13b9 +org.apache.runtime.UseApachePoolMemory=false +# source: pattern://0ceb05c56644a59d648c13b9 +bc.security.PassPhrasePolicy=pipe,env,prompt +# source: pattern://0ceb05c56644a59d648c13b9 +user.locale=en_US.UTF-8 +# source: pattern://0ceb05c56644a59d648c13b9 +ch.nevis.navajo.loading.servlet.LibPath=/opt/nevisproxy/webapp/WEB-INF/lib diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/conditionallog.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/conditionallog.properties new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/conditionallog.properties @@ -0,0 +1 @@ + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/env.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/env.conf new file mode 100644 index 0000000..a0ff79a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/env.conf @@ -0,0 +1,6 @@ +# source: pattern://0ceb05c56644a59d648c13b9 +APACHE_VERSION=2.4 +# source: pattern://0ceb05c56644a59d648c13b9 +RTENV_SECURITY_CHECK=no_lib +# source: pattern://0ceb05c56644a59d648c13b9 +LD_LIBRARY_PATH=/opt/nevisproxy/lib:/opt/nevisproxy/webapp/WEB-INF/lib diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/isi3web.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/isi3web.properties new file mode 100644 index 0000000..d60dfd8 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/isi3web.properties @@ -0,0 +1 @@ +# THIS FILE INTENTIONALLY LEFT EMPTY diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/keystorepwget b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/keystorepwget new file mode 100755 index 0000000..c9378d7 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/keystorepwget @@ -0,0 +1,20 @@ +#!/bin/bash + +path=$1 +file=${path##*/} +label=${file%_*} +dir=${path%/*} + +admin_keypass="${dir}/keypass" +if [ -f "$admin_keypass" ]; then + passphrase=$($admin_keypass) + echo -n "$passphrase" + exit 0 +fi + +keybox_keypass="${dir}/${label}_keypass" +if [ -f "$keybox_keypass" ]; then + passphrase=$($keybox_keypass) + echo -n "$passphrase" + exit 0 +fi \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/log.properties b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/log.properties new file mode 100644 index 0000000..ca06c16 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/log.properties @@ -0,0 +1,236 @@ +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.LogFile=pipe:///bin/sed -u -e "s/^/[navajo.log] /g" | /bin/egrep --line-buffered -v "GET /(live|readi)ness" +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.ThresholdBase=3 +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.DebugProfile.IW4LuaFlt=4 +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.DebugProfile.IsiwebOp=6 +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.DebugProfile.NPMySQLSes=3 +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.DebugProfile.NProxyOp=4 +# source: pattern://2be125abf4a8be1a0ae5f007 +BC.Tracer.DebugProfile.NavajoOp=6 +# source: pattern://0ceb05c56644a59d648c13b9 +ch.nevis.nevisproxy.LocalLogFileName=/var/opt/nevisproxy/default/conf/conditionallog.properties +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.TimeFormat=detailed +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.ProgName=isi3web +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.Secrets.Cipher=AES +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoHttpSess=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoResource=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoRequest=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoReqIO=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoSSL=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoCookie=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoConIdent=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoSession=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoStart=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoConfig=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoDump=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoHeader=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoTimer=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoMgmt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NavajoAdmin=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NevisMgmt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.JmxAmp=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.MBeanSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.HttpAdaptor=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4HttpConnSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4HttpsConnSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4Esau4ConnSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4NISConnSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4PAMConnSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4X509AuthSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4LogRenSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4UserStatSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4DefaultSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4IdentCreaFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SessionFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CSTFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4JsonFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SecRoleFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CltTrackFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4VirtSessFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4RmRoleFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CacheFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CookieFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4RewriteFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4DelegateFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4HdrDlgFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4FakeLoginFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ErrorFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SessionLst=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4HtmlRewrite=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4DeflateFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4InflateFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ValidFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4XMLValidFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SoapFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ICAPFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4EncryptFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4UrlEncrypt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4TRXSignFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4UsrAgentFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4HandoverFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4DumpFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4DNSRedirFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SessBindFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SAMLFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4SamlErrFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CitrixFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4MappingFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ResSessFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.JMXSessionFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.JMXRequestFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NevisSession=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ParamFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4UnbluFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4MaintFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CSRFFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4FltMappFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4QmrFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4LogFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4WebSocketSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4WsMultiChSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4WsToPlainSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4WsToIIOPSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4ModsecFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4MqSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4CharSetFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.LuaNevisLib=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IW4LuaUrlEnc=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPAuthFilter=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPParamVldFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPDynCfgFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPRdrctFrmFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPXmlFilter=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPMemLeakFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPHdrVldFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPInsWrapFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPLifeCycleFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPGuessCTFilter=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPTrcTagFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPLocalSessStr=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPMySQLSessSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPMemSessSrv=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPSessionFlt=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPReaperOp=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.EsauthProvider=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IsiOp=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.transTCP=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IO=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.IOSub=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.Alarming=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.AlarmEngine=0 +# source: pattern://0ceb05c56644a59d648c13b9 +BC.Tracer.DebugProfile.NPMultiLevelStr=0 diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml new file mode 100644 index 0000000..e9344d0 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/conf/navajo.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/crs-setup.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/crs-setup.conf new file mode 100644 index 0000000..e5e9421 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/crs-setup.conf @@ -0,0 +1,870 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + + +# +# -- [[ Introduction ]] -------------------------------------------------------- +# +# The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack +# detection rules that provide a base level of protection for any web +# application. They are written for the open source, cross-platform +# ModSecurity Web Application Firewall. +# +# See also: +# https://coreruleset.org/ +# https://github.com/SpiderLabs/owasp-modsecurity-crs +# https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project +# + + +# +# -- [[ System Requirements ]] ------------------------------------------------- +# +# CRS requires ModSecurity version 2.8.0 or above. +# We recommend to always use the newest ModSecurity version. +# +# The configuration directives/settings in this file are used to control +# the OWASP ModSecurity CRS. These settings do **NOT** configure the main +# ModSecurity settings (modsecurity.conf) such as SecRuleEngine, +# SecRequestBodyAccess, SecAuditEngine, SecDebugLog, and XML processing. +# +# The CRS assumes that modsecurity.conf has been loaded. It is bundled with +# ModSecurity. If you don't have it, you can get it from: +# 2.x: https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v2/master/modsecurity.conf-recommended +# 3.x: https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended +# +# The order of file inclusion in your webserver configuration should always be: +# 1. modsecurity.conf +# 2. crs-setup.conf (this file) +# 3. rules/*.conf (the CRS rule files) +# +# Please refer to the INSTALL file for detailed installation instructions. +# + + +# +# -- [[ Mode of Operation: Anomaly Scoring vs. Self-Contained ]] --------------- +# +# The CRS can run in two modes: +# +# -- [[ Anomaly Scoring Mode (default) ]] -- +# In CRS3, anomaly mode is the default and recommended mode, since it gives the +# most accurate log information and offers the most flexibility in setting your +# blocking policies. It is also called "collaborative detection mode". +# In this mode, each matching rule increases an 'anomaly score'. +# At the conclusion of the inbound rules, and again at the conclusion of the +# outbound rules, the anomaly score is checked, and the blocking evaluation +# rules apply a disruptive action, by default returning an error 403. +# +# -- [[ Self-Contained Mode ]] -- +# In this mode, rules apply an action instantly. This was the CRS2 default. +# It can lower resource usage, at the cost of less flexibility in blocking policy +# and less informative audit logs (only the first detected threat is logged). +# Rules inherit the disruptive action that you specify (i.e. deny, drop, etc). +# The first rule that matches will execute this action. In most cases this will +# cause evaluation to stop after the first rule has matched, similar to how many +# IDSs function. +# +# -- [[ Alert Logging Control ]] -- +# In the mode configuration, you must also adjust the desired logging options. +# There are three common options for dealing with logging. By default CRS enables +# logging to the webserver error log (or Event viewer) plus detailed logging to +# the ModSecurity audit log (configured under SecAuditLog in modsecurity.conf). +# +# - To log to both error log and ModSecurity audit log file, use: "log,auditlog" +# - To log *only* to the ModSecurity audit log file, use: "nolog,auditlog" +# - To log *only* to the error log file, use: "log,noauditlog" +# +# Examples for the various modes follow. +# You must leave one of the following options enabled. +# Note that you must specify the same line for phase:1 and phase:2. +# + +# Default: Anomaly Scoring mode, log to error log, log to ModSecurity audit log +# - By default, offending requests are blocked with an error 403 response. +# - To change the disruptive action, see RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example +# and review section 'Changing the Disruptive Action for Anomaly Mode'. +# - In Apache, you can use ErrorDocument to show a friendly error page or +# perform a redirect: https://httpd.apache.org/docs/2.4/custom-error.html +# +SecDefaultAction "phase:1,log,auditlog,pass" +SecDefaultAction "phase:2,log,auditlog,pass" + +# Example: Anomaly Scoring mode, log only to ModSecurity audit log +# - By default, offending requests are blocked with an error 403 response. +# - To change the disruptive action, see RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example +# and review section 'Changing the Disruptive Action for Anomaly Mode'. +# - In Apache, you can use ErrorDocument to show a friendly error page or +# perform a redirect: https://httpd.apache.org/docs/2.4/custom-error.html +# +# SecDefaultAction "phase:1,nolog,auditlog,pass" +# SecDefaultAction "phase:2,nolog,auditlog,pass" + +# Example: Self-contained mode, return error 403 on blocking +# - In this configuration the default disruptive action becomes 'deny'. After a +# rule triggers, it will stop processing the request and return an error 403. +# - You can also use a different error status, such as 404, 406, et cetera. +# - In Apache, you can use ErrorDocument to show a friendly error page or +# perform a redirect: https://httpd.apache.org/docs/2.4/custom-error.html +# +# SecDefaultAction "phase:1,log,auditlog,deny,status:403" +# SecDefaultAction "phase:2,log,auditlog,deny,status:403" + +# Example: Self-contained mode, redirect back to homepage on blocking +# - In this configuration the 'tag' action includes the Host header data in the +# log. This helps to identify which virtual host triggered the rule (if any). +# - Note that this might cause redirect loops in some situations; for example +# if a Cookie or User-Agent header is blocked, it will also be blocked when +# the client subsequently tries to access the homepage. You can also redirect +# to another custom URL. +# SecDefaultAction "phase:1,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'" +# SecDefaultAction "phase:2,log,auditlog,redirect:'http://%{request_headers.host}/',tag:'Host: %{request_headers.host}'" + + +# +# -- [[ Paranoia Level Initialization ]] --------------------------------------- +# +# The Paranoia Level (PL) setting allows you to choose the desired level +# of rule checks that will add to your anomaly scores. +# +# With each paranoia level increase, the CRS enables additional rules +# giving you a higher level of security. However, higher paranoia levels +# also increase the possibility of blocking some legitimate traffic due to +# false alarms (also named false positives or FPs). If you use higher +# paranoia levels, it is likely that you will need to add some exclusion +# rules for certain requests and applications receiving complex input. +# +# - A paranoia level of 1 is default. In this level, most core rules +# are enabled. PL1 is advised for beginners, installations +# covering many different sites and applications, and for setups +# with standard security requirements. +# At PL1 you should face FPs rarely. If you encounter FPs, please +# open an issue on the CRS GitHub site and don't forget to attach your +# complete Audit Log record for the request with the issue. +# - Paranoia level 2 includes many extra rules, for instance enabling +# many regexp-based SQL and XSS injection protections, and adding +# extra keywords checked for code injections. PL2 is advised +# for moderate to experienced users desiring more complete coverage +# and for installations with elevated security requirements. +# PL2 comes with some FPs which you need to handle. +# - Paranoia level 3 enables more rules and keyword lists, and tweaks +# limits on special characters used. PL3 is aimed at users experienced +# at the handling of FPs and at installations with a high security +# requirement. +# - Paranoia level 4 further restricts special characters. +# The highest level is advised for experienced users protecting +# installations with very high security requirements. Running PL4 will +# likely produce a very high number of FPs which have to be +# treated before the site can go productive. +# +# All rules will log their PL to the audit log; +# example: [tag "paranoia-level/2"]. This allows you to deduct from the +# audit log how the WAF behavior is affected by paranoia level. +# +# It is important to also look into the variable +# tx.enforce_bodyproc_urlencoded (Enforce Body Processor URLENCODED) +# defined below. Enabling it closes a possible bypass of CRS. +# +# Uncomment this rule to change the default: +# +#SecAction \ +# "id:900000,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.paranoia_level=1" + + +# It is possible to execute rules from a higher paranoia level but not include +# them in the anomaly scoring. This allows you to take a well-tuned system on +# paranoia level 1 and add rules from paranoia level 2 without having to fear +# the new rules would lead to false positives that raise your score above the +# threshold. +# This optional feature is enabled by uncommenting the following rule and +# setting the tx.executing_paranoia_level. +# Technically, rules up to the level defined in tx.executing_paranoia_level +# will be executed, but only the rules up to tx.paranoia_level affect the +# anomaly scores. +# By default, tx.executing_paranoia_level is set to tx.paranoia_level. +# tx.executing_paranoia_level must not be lower than tx.paranoia_level. +# +# Please notice that setting tx.executing_paranoia_level to a higher paranoia +# level results in a performance impact that is equally high as setting +# tx.paranoia_level to said level. +# +#SecAction \ +# "id:900001,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.executing_paranoia_level=1" + + +# +# -- [[ Enforce Body Processor URLENCODED ]] ----------------------------------- +# +# ModSecurity selects the body processor based on the Content-Type request +# header. But clients are not always setting the Content-Type header for their +# request body payloads. This will leave ModSecurity with limited vision into +# the payload. The variable tx.enforce_bodyproc_urlencoded lets you force the +# URLENCODED body processor in these situations. This is off by default, as it +# implies a change of the behaviour of ModSecurity beyond CRS (the body +# processor applies to all rules, not only CRS) and because it may lead to +# false positives already on paranoia level 1. However, enabling this variable +# closes a possible bypass of CRS so it should be considered. +# +# Uncomment this rule to change the default: +# +#SecAction \ +# "id:900010,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.enforce_bodyproc_urlencoded=1" + + +# +# -- [[ Anomaly Mode Severity Levels ]] ---------------------------------------- +# +# Each rule in the CRS has an associated severity level. +# These are the default scoring points for each severity level. +# These settings will be used to increment the anomaly score if a rule matches. +# You may adjust these points to your liking, but this is usually not needed. +# +# - CRITICAL severity: Anomaly Score of 5. +# Mostly generated by the application attack rules (93x and 94x files). +# - ERROR severity: Anomaly Score of 4. +# Generated mostly from outbound leakage rules (95x files). +# - WARNING severity: Anomaly Score of 3. +# Generated mostly by malicious client rules (91x files). +# - NOTICE severity: Anomaly Score of 2. +# Generated mostly by the protocol rules (92x files). +# +# In anomaly mode, these scores are cumulative. +# So it's possible for a request to hit multiple rules. +# +# (Note: In this file, we use 'phase:1' to set CRS configuration variables. +# In general, 'phase:request' is used. However, we want to make absolutely sure +# that all configuration variables are set before the CRS rules are processed.) +# +#SecAction \ +# "id:900100,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.critical_anomaly_score=5,\ +# setvar:tx.error_anomaly_score=4,\ +# setvar:tx.warning_anomaly_score=3,\ +# setvar:tx.notice_anomaly_score=2" + + +# +# -- [[ Anomaly Mode Blocking Threshold Levels ]] ------------------------------ +# +# Here, you can specify at which cumulative anomaly score an inbound request, +# or outbound response, gets blocked. +# +# Most detected inbound threats will give a critical score of 5. +# Smaller violations, like violations of protocol/standards, carry lower scores. +# +# [ At default value ] +# If you keep the blocking thresholds at the defaults, the CRS will work +# similarly to previous CRS versions: a single critical rule match will cause +# the request to be blocked and logged. +# +# [ Using higher values ] +# If you want to make the CRS less sensitive, you can increase the blocking +# thresholds, for instance to 7 (which would require multiple rule matches +# before blocking) or 10 (which would require at least two critical alerts - or +# a combination of many lesser alerts), or even higher. However, increasing the +# thresholds might cause some attacks to bypass the CRS rules or your policies. +# +# [ New deployment strategy: Starting high and decreasing ] +# It is a common practice to start a fresh CRS installation with elevated +# anomaly scoring thresholds (>100) and then lower the limits as your +# confidence in the setup grows. You may also look into the Sampling +# Percentage section below for a different strategy to ease into a new +# CRS installation. +# +# [ Anomaly Threshold / Paranoia Level Quadrant ] +# +# High Anomaly Limit | High Anomaly Limit +# Low Paranoia Level | High Paranoia Level +# -> Fresh Site | -> Experimental Site +# ------------------------------------------------------ +# Low Anomaly Limit | Low Anomaly Limit +# Low Paranoia Level | High Paranoia Level +# -> Standard Site | -> High Security Site +# +# Uncomment this rule to change the defaults: +# +#SecAction \ +# "id:900110,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.inbound_anomaly_score_threshold=5,\ +# setvar:tx.outbound_anomaly_score_threshold=4" + +# +# -- [[ Application Specific Rule Exclusions ]] ---------------------------------------- +# +# Some well-known applications may undertake actions that appear to be +# malicious. This includes actions such as allowing HTML or Javascript within +# parameters. In such cases the CRS aims to prevent false positives by allowing +# administrators to enable prebuilt, application specific exclusions on an +# application by application basis. +# These application specific exclusions are distinct from the rules that would +# be placed in the REQUEST-900-EXCLUSION-RULES-BEFORE-CRS configuration file as +# they are prebuilt for specific applications. The 'REQUEST-900' file is +# designed for users to add their own custom exclusions. Note, using these +# application specific exclusions may loosen restrictions of the CRS, +# especially if used with an application they weren't designed for. As a result +# they should be applied with care. +# To use this functionality you must specify a supported application. To do so +# uncomment rule 900130. In addition to uncommenting the rule you will need to +# specify which application(s) you'd like to enable exclusions for. Only a +# (very) limited set of applications are currently supported, please use the +# filenames prefixed with 'REQUEST-903' to guide you in your selection. +# Such filenames use the following convention: +# REQUEST-903.9XXX-{APPNAME}-EXCLUSIONS-RULES.conf +# +# It is recommended if you run multiple web applications on your site to limit +# the effects of the exclusion to only the path where the excluded webapp +# resides using a rule similar to the following example: +# SecRule REQUEST_URI "@beginsWith /wordpress/" setvar:tx.crs_exclusions_wordpress=1 + +# +# Modify and uncomment this rule to select which application: +# +#SecAction \ +# "id:900130,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.crs_exclusions_cpanel=1,\ +# setvar:tx.crs_exclusions_drupal=1,\ +# setvar:tx.crs_exclusions_dokuwiki=1,\ +# setvar:tx.crs_exclusions_nextcloud=1,\ +# setvar:tx.crs_exclusions_wordpress=1,\ +# setvar:tx.crs_exclusions_xenforo=1" + +# +# -- [[ HTTP Policy Settings ]] ------------------------------------------------ +# +# This section defines your policies for the HTTP protocol, such as: +# - allowed HTTP versions, HTTP methods, allowed request Content-Types +# - forbidden file extensions (e.g. .bak, .sql) and request headers (e.g. Proxy) +# +# These variables are used in the following rule files: +# - REQUEST-911-METHOD-ENFORCEMENT.conf +# - REQUEST-912-DOS-PROTECTION.conf +# - REQUEST-920-PROTOCOL-ENFORCEMENT.conf + +# HTTP methods that a client is allowed to use. +# Default: GET HEAD POST OPTIONS +# Example: for RESTful APIs, add the following methods: PUT PATCH DELETE +# Example: for WebDAV, add the following methods: CHECKOUT COPY DELETE LOCK +# MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK +# Uncomment this rule to change the default. +# Changed by Nevis: As nevisProxy provides its own method checks we allow all methods here +SecAction \ + "id:900200,\ + phase:1,\ + nolog,\ + pass,\ + t:none,\ + setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE CHECKOUT COPY DELETE LOCK MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK TRACE'" + +# Content-Types that a client is allowed to send in a request. +# Default: |application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| +# |text/xml| |application/xml| |application/soap+xml| |application/json| +# |application/cloudevents+json| |application/cloudevents-batch+json| +# +# Please note, that the rule where CRS uses this variable (920420) evaluates it with operator +# `@within`, which is case sensitive, but uses t:lowercase. You must add your whole custom +# Content-Type with lowercase. +# +# Bypass Warning: some applications may not rely on the content-type request header in order +# to parse the request body. This could make an attacker able to send malicious URLENCODED/JSON/XML +# payloads without being detected by the WAF. Allowing request content-type that doesn't activate any +# body processor (for example: "text/plain", "application/x-amf", "application/octet-stream", etc..) +# could lead to a WAF bypass. For example, a malicious JSON payload submitted with a "text/plain" +# content type may still be interpreted as JSON by a backend application but would not trigger the +# JSON body parser at the WAF, leading to a bypass. +# +# To prevent blocking request with not allowed content-type by default, you can create an exclusion +# rule that removes rule 920420. For example: +# SecRule REQUEST_HEADERS:Content-Type "@rx ^text/plain" \ +# "id:1234,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# ctl:ruleRemoveById=920420,\ +# chain" +# SecRule REQUEST_URI "@rx ^/foo/bar" "t:none" +# +# Uncomment this rule to change the default. +# +#SecAction \ +# "id:900220,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" + +# Allowed HTTP versions. +# Default: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 +# Example for legacy clients: HTTP/0.9 HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 +# Note that some web server versions use 'HTTP/2', some 'HTTP/2.0', so +# we include both version strings by default. +# Uncomment this rule to change the default. +#SecAction \ +# "id:900230,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'" + +# Forbidden file extensions. +# Guards against unintended exposure of development/configuration files. +# Default: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/ +# Example: .bak/ .config/ .conf/ .db/ .ini/ .log/ .old/ .pass/ .pdb/ .rdb/ .sql/ +# Uncomment this rule to change the default. +#SecAction \ +# "id:900240,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" + +# Forbidden request headers. +# Header names should be lowercase, enclosed by /slashes/ as delimiters. +# Default: /accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ +# +# Note: Accept-Charset is a deprecated header that should not be used by clients and +# ignored by servers. It can be used for a response WAF bypass, by asking for a charset +# that the WAF cannot decode. +# Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Charset +# +# Note: Content-Encoding is used to list any encodings that have been applied to the +# original payload. It is only used for compression, which isn't supported by CRS by +# default since it blocks newlines and null bytes inside the request body. Most +# compression algorithms require at least null bytes per RFC. Blocking it shouldn't +# break anything and increases security since ModSecurity is incapable of properly +# scanning compressed request bodies. +# +# Note: Blocking Proxy header prevents 'httpoxy' vulnerability: https://httpoxy.org +# +# Uncomment this rule to change the default. +#SecAction \ +# "id:900250,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.restricted_headers=/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/'" + +# File extensions considered static files. +# Extensions include the dot, lowercase, enclosed by /slashes/ as delimiters. +# Used in DoS protection rule. See section "Anti-Automation / DoS Protection". +# Default: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/ +# Uncomment this rule to change the default. +#SecAction \ +# "id:900260,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'" + +# Content-Types charsets that a client is allowed to send in a request. +# Default: utf-8|iso-8859-1|iso-8859-15|windows-1252 +# Uncomment this rule to change the default. +# Use "|" to separate multiple charsets like in the rule defining +# tx.allowed_request_content_type. +#SecAction \ +# "id:900280,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.allowed_request_content_type_charset=utf-8|iso-8859-1|iso-8859-15|windows-1252'" + +# +# -- [[ HTTP Argument/Upload Limits ]] ----------------------------------------- +# +# Here you can define optional limits on HTTP get/post parameters and uploads. +# This can help to prevent application specific DoS attacks. +# +# These values are checked in REQUEST-920-PROTOCOL-ENFORCEMENT.conf. +# Beware of blocking legitimate traffic when enabling these limits. +# + +# Block request if number of arguments is too high +# Default: unlimited +# Example: 255 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900300,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.max_num_args=255" + +# Block request if the length of any argument name is too high +# Default: unlimited +# Example: 100 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900310,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.arg_name_length=100" + +# Block request if the length of any argument value is too high +# Default: unlimited +# Example: 400 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900320,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.arg_length=400" + +# Block request if the total length of all combined arguments is too high +# Default: unlimited +# Example: 64000 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900330,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.total_arg_length=64000" + +# Block request if the file size of any individual uploaded file is too high +# Default: unlimited +# Example: 1048576 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900340,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.max_file_size=1048576" + +# Block request if the total size of all combined uploaded files is too high +# Default: unlimited +# Example: 1048576 +# Uncomment this rule to set a limit. +#SecAction \ +# "id:900350,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.combined_file_sizes=1048576" + + +# +# -- [[ Easing In / Sampling Percentage ]] ------------------------------------- +# +# Adding the Core Rule Set to an existing productive site can lead to false +# positives, unexpected performance issues and other undesired side effects. +# +# It can be beneficial to test the water first by enabling the CRS for a +# limited number of requests only and then, when you have solved the issues (if +# any) and you have confidence in the setup, to raise the ratio of requests +# being sent into the ruleset. +# +# Adjust the percentage of requests that are funnelled into the Core Rules by +# setting TX.sampling_percentage below. The default is 100, meaning that every +# request gets checked by the CRS. The selection of requests, which are going +# to be checked, is based on a pseudo random number generated by ModSecurity. +# +# If a request is allowed to pass without being checked by the CRS, there is no +# entry in the audit log (for performance reasons), but an error log entry is +# written. If you want to disable the error log entry, then issue the +# following directive somewhere after the inclusion of the CRS +# (E.g., RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf). +# +# SecRuleUpdateActionById 901150 "nolog" +# +# ATTENTION: If this TX.sampling_percentage is below 100, then some of the +# requests will bypass the Core Rules completely and you lose the ability to +# protect your service with ModSecurity. +# +# Uncomment this rule to enable this feature: +# +#SecAction "id:900400,\ +# phase:1,\ +# pass,\ +# nolog,\ +# setvar:tx.sampling_percentage=100" + + +# +# -- [[ Project Honey Pot HTTP Blacklist ]] ------------------------------------ +# +# Optionally, you can check the client IP address against the Project Honey Pot +# HTTPBL (dnsbl.httpbl.org). In order to use this, you need to register to get a +# free API key. Set it here with SecHttpBlKey. +# +# Project Honeypot returns multiple different malicious IP types. +# You may specify which you want to block by enabling or disabling them below. +# +# Ref: https://www.projecthoneypot.org/httpbl.php +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecHttpBlKey +# +# Uncomment these rules to use this feature: +# +#SecHttpBlKey XXXXXXXXXXXXXXXXX +#SecAction "id:900500,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.block_search_ip=1,\ +# setvar:tx.block_suspicious_ip=1,\ +# setvar:tx.block_harvester_ip=1,\ +# setvar:tx.block_spammer_ip=1" + + +# +# -- [[ GeoIP Database ]] ------------------------------------------------------ +# +# There are some rulesets that inspect geolocation data of the client IP address +# (geoLookup). The CRS uses geoLookup to implement optional country blocking. +# +# To use geolocation, we make use of the MaxMind GeoIP database. +# This database is not included with the CRS and must be downloaded. +# +# There are two formats for the GeoIP database. ModSecurity v2 uses GeoLite (.dat files), +# and ModSecurity v3 uses GeoLite2 (.mmdb files). +# +# If you use ModSecurity 3, MaxMind provides a binary for updating GeoLite2 files, +# see https://github.com/maxmind/geoipupdate. +# +# Download the package for your OS, and read https://dev.maxmind.com/geoip/geoipupdate/ +# for configuration options. +# +# Warning: GeoLite (not GeoLite2) databases are considered legacy, and not being updated anymore. +# See https://support.maxmind.com/geolite-legacy-discontinuation-notice/ for more info. +# +# Therefore, if you use ModSecurity v2, you need to regenerate updated .dat files +# from CSV files first. +# +# You can achieve this using https://github.com/sherpya/geolite2legacy +# Pick the zip files from maxmind site: +# https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country-CSV.zip +# +# Follow the guidelines for installing the tool and run: +# ./geolite2legacy.py -i GeoLite2-Country-CSV.zip \ +# -f geoname2fips.csv -o /usr/share/GeoliteCountry.dat +# +# Update the database regularly, see Step 3 of the configuration link above. +# +# By default, when you execute `sudo geoipupdate` on Linux, files from the free database +# will be downloaded to `/usr/share/GeoIP` (both v1 and v2). +# +# Then choose from: +# - `GeoLite2-Country.mmdb` (if you are using ModSecurity v3) +# - `GeoLiteCountry.dat` (if you are using ModSecurity v2) +# +# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html +# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html +# +# Uncomment only one of the next rules here to use this feature. +# Choose the one depending on the ModSecurity version you are using, and change the path accordingly: +# +# For ModSecurity v3: +#SecGeoLookupDB /usr/share/GeoIP/GeoLite2-Country.mmdb +# For ModSecurity v2 (points to the converted one): +#SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat + +# +# -=[ Block Countries ]=- +# +# Rules in the IP Reputation file can check the client against a list of high +# risk country codes. These countries have to be defined in the variable +# tx.high_risk_country_codes via their ISO 3166 two-letter country code: +# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements +# +# If you are sure that you are not getting any legitimate requests from a given +# country, then you can disable all access from that country via this variable. +# The rule performing the test has the rule id 910100. +# +# This rule requires SecGeoLookupDB to be enabled and the GeoIP database to be +# downloaded (see the section "GeoIP Database" above.) +# +# By default, the list is empty. A list used by some sites was the following: +# setvar:'tx.high_risk_country_codes=UA ID YU LT EG RO BG TR RU PK MY CN'" +# +# Uncomment this rule to use this feature: +# +#SecAction \ +# "id:900600,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.high_risk_country_codes='" + + +# +# -- [[ Anti-Automation / DoS Protection ]] ------------------------------------ +# +# Optional DoS protection against clients making requests too quickly. +# +# When a client is making more than 100 requests (excluding static files) within +# 60 seconds, this is considered a 'burst'. After two bursts, the client is +# blocked for 600 seconds. +# +# Requests to static files are not counted towards DoS; they are listed in the +# 'tx.static_extensions' setting, which you can change in this file (see +# section "HTTP Policy Settings"). +# +# For a detailed description, see rule file REQUEST-912-DOS-PROTECTION.conf. +# +# Uncomment this rule to use this feature: +# +#SecAction \ +# "id:900700,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:'tx.dos_burst_time_slice=60',\ +# setvar:'tx.dos_counter_threshold=100',\ +# setvar:'tx.dos_block_timeout=600'" + + +# +# -- [[ Check UTF-8 encoding ]] ------------------------------------------------ +# +# The CRS can optionally check request contents for invalid UTF-8 encoding. +# We only want to apply this check if UTF-8 encoding is actually used by the +# site; otherwise it will result in false positives. +# +# Uncomment this rule to use this feature: +# +#SecAction \ +# "id:900950,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.crs_validate_utf8_encoding=1" + + +# +# -- [[ Blocking Based on IP Reputation ]] ------------------------------------ +# +# Blocking based on reputation is permanent in the CRS. Unlike other rules, +# which look at the individual request, the blocking of IPs is based on +# a persistent record in the IP collection, which remains active for a +# certain amount of time. +# +# There are two ways an individual client can become flagged for blocking: +# - External information (RBL, GeoIP, etc.) +# - Internal information (Core Rules) +# +# The record in the IP collection carries a flag, which tags requests from +# individual clients with a flag named IP.reput_block_flag. +# But the flag alone is not enough to have a client blocked. There is also +# a global switch named tx.do_reput_block. This is off by default. If you set +# it to 1 (=On), requests from clients with the IP.reput_block_flag will +# be blocked for a certain duration. +# +# Variables +# ip.reput_block_flag Blocking flag for the IP collection record +# ip.reput_block_reason Reason (= rule message) that caused to blocking flag +# tx.do_reput_block Switch deciding if we really block based on flag +# tx.reput_block_duration Setting to define the duration of a block +# +# It may be important to know, that all the other core rules are skipped for +# requests, when it is clear that they carry the blocking flag in question. +# +# Uncomment this rule to use this feature: +# +#SecAction \ +# "id:900960,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.do_reput_block=1" +# +# Uncomment this rule to change the blocking time: +# Default: 300 (5 minutes) +# +#SecAction \ +# "id:900970,\ +# phase:1,\ +# nolog,\ +# pass,\ +# t:none,\ +# setvar:tx.reput_block_duration=300" + + +# +# -- [[ Collection timeout ]] -------------------------------------------------- +# +# Set the SecCollectionTimeout directive from the ModSecurity default (1 hour) +# to a lower setting which is appropriate to most sites. +# This increases performance by cleaning out stale collection (block) entries. +# +# This value should be greater than or equal to: +# tx.reput_block_duration (see section "Blocking Based on IP Reputation") and +# tx.dos_block_timeout (see section "Anti-Automation / DoS Protection"). +# +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecCollectionTimeout + +# Please keep this directive uncommented. +# Default: 600 (10 minutes) +SecCollectionTimeout 600 + + +# +# -- [[ End of setup ]] -------------------------------------------------------- +# +# The CRS checks the tx.crs_setup_version variable to ensure that the setup +# has been loaded. If you are not planning to use this setup template, +# you must manually set the tx.crs_setup_version variable before including +# the CRS rules/* files. +# +# The variable is a numerical representation of the CRS version number. +# E.g., v3.0.0 is represented as 300. +# +SecAction \ + "id:900990,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + setvar:tx.crs_setup_version=335" \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/csrf_default.lua b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/csrf_default.lua new file mode 100644 index 0000000..bc67a54 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/csrf_default.lua @@ -0,0 +1,73 @@ +function contains(tab, val) + for index, value in ipairs(tab) do + if value == val then + return true + end + end + return false +end + +function inputHeader(request, response) + + if (request:getMethod() == "GET" or request:getMethod() == "HEAD" or request:getMethod() == "OPTIONS" or request:getMethod() == "TRACE") then + -- these requests are not sensitive (do not manipulate state) and are thus not checked + return + end + + -- patterns sets allowed domains or {} + domains = {} + + host = request:getHeader("Host") + + if (host == nil) then + -- Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field. + request:getTracer():notice("VA05", "Missing Host header") + response:setHeader("Content-Type", "text/plain") + response:setBody("400 Bad Request") + response:send(400) + return + end + + -- extract host name + host = host:match('([^:]+)') + + referer = request:getHeader("Referer") + if (referer ~= nil) then + referer = referer:match('^%w+://([^/:]+)') + if (referer ~= host and not contains(domains, referer)) then + if (referer ~= nil) then + request:getTracer():notice("VA01", "HTTP Referer header " .. referer .. " does not match host " .. host) + else + request:getTracer():notice("VA01", "HTTP Referer header " .. request:getHeader("Referer") .. " does not match pattern '^[a-zA-Z0-9]+://([^/:]+)'") + end + response:setHeader("Content-Type", "text/plain") + response:setBody("403 Denied") + response:send(403) + return + end + end + + origin = request:getHeader("Origin") + if (origin ~= nil) then + origin = origin:match('^%w+://([^/:]+)') + if (origin ~= host and not contains(domains, origin)) then + if (origin ~= nil) then + request:getTracer():notice("VA01", "HTTP Origin header " .. origin .. " does not match host " .. host) + else + request:getTracer():notice("VA01", "HTTP Origin header " .. request:getHeader("Origin") .. " does not match pattern '^[a-zA-Z0-9]+://([^/:]+)'") + end + response:setHeader("Content-Type", "text/plain") + response:setBody("403 Denied") + response:send(403) + return + end + end + + if (origin == nil and referer == nil) then + request:getTracer():info("VA05", "Referer or Origin header is required for sensitive requests") + response:setHeader("Content-Type", "text/plain") + response:setBody("403 Denied") + response:send(403) + return + end +end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/lua_http_processing_terminate_session.lua b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/lua_http_processing_terminate_session.lua new file mode 100644 index 0000000..25bcd27 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/lua_http_processing_terminate_session.lua @@ -0,0 +1,17 @@ +function outputHeader(request, response) + trace = request:getTracer() + -- after successful authentication neviauth returns the SecToken as attribute to the proxy + secToken = request:getAttribute("ch.nevis.isiweb4.auth.SecToken") + if secToken then + trace:debug("SessionInvalidationFilter: SecToken part of the attributes returned from nevisAuth: "..secToken) + session = request:getSession(false) + if session then + session:invalidate() + trace:info("SessionInvalidationFilter: Session invalidated after successful authentication") + else + trace:debug("SessionInvalidationFilter: SecToken but no session, nothing to do") + end + else + trace:debug("SessionInvalidationFilter: No SecToken, nothing to do") + end + end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/modsecurity.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/modsecurity.conf new file mode 100644 index 0000000..2fac027 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/modsecurity.conf @@ -0,0 +1,287 @@ +# -- Rule engine initialization ---------------------------------------------- + +# Enable ModSecurity, attaching it to every transaction. Use detection +# only to start with, because that minimises the chances of post-installation +# disruption. +# +SecRuleEngine On + + +# -- Request body handling --------------------------------------------------- + +# Allow ModSecurity to access request bodies. If you don't, ModSecurity +# won't be able to see any POST parameters, which opens a large security +# hole for attackers to exploit. +# +SecRequestBodyAccess On + + +# Enable XML request body parser. +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + +# Enable JSON request body parser. +# Initiate JSON Processor in case of JSON content-type; change accordingly +# if your application does not use 'application/json' +# +SecRule REQUEST_HEADERS:Content-Type "^application/json" \ + "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Sample rule to enable JSON request body parser for more subtypes. +# Uncomment or adapt this rule if you want to engage the JSON +# Processor for "+json" subtypes +# +#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \ +# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" + +# Maximum request body size we will accept for buffering. If you support +# file uploads then the value given on the first line has to be as large +# as the largest file you are willing to accept. The second value refers +# to the size of data, with files excluded. You want to keep that value as +# low as practical. +# +SecRequestBodyLimit 104857600 +SecRequestBodyNoFilesLimit 10485760 + +# What to do if the request body size is above our configured limit. +# Keep in mind that this setting will automatically be set to ProcessPartial +# when SecRuleEngine is set to DetectionOnly mode to minimize +# disruptions when initially deploying ModSecurity. +# +SecRequestBodyLimitAction Reject + +# Maximum parsing depth allowed for JSON objects. You want to keep this +# value as low as practical. +# +SecRequestBodyJsonDepthLimit 512 + +# Maximum number of args allowed per request. You want to keep this +# value as low as practical. The value should match that in rule 200007. +SecArgumentsLimit 1000 + +# If SecArgumentsLimit has been set, you probably want to reject any +# request body that has only been partly parsed. The value used in this +# rule should match what was used with SecArgumentsLimit +SecRule &ARGS "@ge 1000" \ +"id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2" + +# Verify that we've correctly processed the request body. +# As a rule of thumb, when failing to process a request body +# you should reject the request (when deployed in blocking mode) +# or log a high-severity alert (when deployed in detection-only mode). +# +SecRule REQBODY_ERROR "!@eq 0" \ +"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + +# By default be strict with what we accept in the multipart/form-data +# request body. If the rule below proves to be too strict for your +# environment consider changing it to detection-only. You are encouraged +# _not_ to remove it altogether. +# +SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ +"id:'200003',phase:2,t:none,log,deny,status:400, \ +msg:'Multipart request body failed strict validation: \ +PE %{REQBODY_PROCESSOR_ERROR}, \ +BQ %{MULTIPART_BOUNDARY_QUOTED}, \ +BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ +DB %{MULTIPART_DATA_BEFORE}, \ +DA %{MULTIPART_DATA_AFTER}, \ +HF %{MULTIPART_HEADER_FOLDING}, \ +LF %{MULTIPART_LF_LINE}, \ +SM %{MULTIPART_MISSING_SEMICOLON}, \ +IQ %{MULTIPART_INVALID_QUOTING}, \ +IP %{MULTIPART_INVALID_PART}, \ +IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ +FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + +# Did we see anything that might be a boundary? +# +# Here is a short description about the ModSecurity Multipart parser: the +# parser returns with value 0, if all "boundary-like" line matches with +# the boundary string which given in MIME header. In any other cases it returns +# with different value, eg. 1 or 2. +# +# The RFC 1341 descript the multipart content-type and its syntax must contains +# only three mandatory lines (above the content): +# * Content-Type: multipart/mixed; boundary=BOUNDARY_STRING +# * --BOUNDARY_STRING +# * --BOUNDARY_STRING-- +# +# First line indicates, that this is a multipart content, second shows that +# here starts a part of the multipart content, third shows the end of content. +# +# If there are any other lines, which starts with "--", then it should be +# another boundary id - or not. +# +# After 3.0.3, there are two kinds of types of boundary errors: strict and permissive. +# +# If multipart content contains the three necessary lines with correct order, but +# there are one or more lines with "--", then parser returns with value 2 (non-zero). +# +# If some of the necessary lines (usually the start or end) misses, or the order +# is wrong, then parser returns with value 1 (also a non-zero). +# +# You can choose, which one is what you need. The example below contains the +# 'strict' mode, which means if there are any lines with start of "--", then +# ModSecurity blocked the content. But the next, commented example contains +# the 'permissive' mode, then you check only if the necessary lines exists in +# correct order. Whit this, you can enable to upload PEM files (eg "----BEGIN.."), +# or other text files, which contains eg. HTTP headers. +# +# The difference is only the operator - in strict mode (first) the content blocked +# in case of any non-zero value. In permissive mode (second, commented) the +# content blocked only if the value is explicit 1. If it 0 or 2, the content will +# allowed. +# + +# +# See #1747 and #1924 for further information on the possible values for +# MULTIPART_UNMATCHED_BOUNDARY. +# +SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ + "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'" + + +# PCRE Tuning +# We want to avoid a potential RegEx DoS condition +# +SecPcreMatchLimit 100000 +SecPcreMatchLimitRecursion 100000 + + +# Some internal errors will set flags in TX and we will need to look for these. +# All of these are prefixed with "MSC_". The following flags currently exist: +# +# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. +# +SecRule TX:MSC_PCRE_LIMITS_EXCEEDED "@eq 1" \ + "id:'200005',phase:5,t:none,log,pass,msg:'PCRE match limits were exceeded.'" + + +# -- Response body handling -------------------------------------------------- + +# Allow ModSecurity to access response bodies. +# You should have this directive enabled to identify errors +# and data leakage issues. +# +# Do keep in mind that enabling this directive does increases both +# memory consumption and response latency. +# +SecResponseBodyAccess On + +# Which response MIME types do you want to inspect? You should adjust the +# configuration below to catch documents but avoid static files +# (e.g., images and archives). +# +SecResponseBodyMimeType text/plain text/html text/xml + +# Buffer response bodies of up to 512 KB in length. +SecResponseBodyLimit 524288 + +# What happens when we encounter a response body larger than the configured +# limit? By default, we process what we have and let the rest through. +# That's somewhat less secure, but does not break any legitimate pages. +# +SecResponseBodyLimitAction ProcessPartial + + +# -- Filesystem configuration ------------------------------------------------ + +# The location where ModSecurity stores temporary files (for example, when +# it needs to handle a file upload that is larger than the configured limit). +# +# This default setting is chosen due to all systems have /tmp available however, +# this is less than ideal. It is recommended that you specify a location that's private. +# +SecTmpDir /var/opt/nevisproxy/default/run/host-auth.agov-d.azure.adnovum.net + +# The location where ModSecurity will keep its persistent data. This default setting +# is chosen due to all systems have /tmp available however, it +# too should be updated to a place that other users can't access. +# +SecDataDir /var/opt/nevisproxy/default/run/host-auth.agov-d.azure.adnovum.net + + +# -- File uploads handling configuration ------------------------------------- + +# The location where ModSecurity stores intercepted uploaded files. This +# location must be private to ModSecurity. You don't want other users on +# the server to access the files, do you? +# +#SecUploadDir /opt/modsecurity/var/upload/ + +# By default, only keep the files that were determined to be unusual +# in some way (by an external inspection script). For this to work you +# will also need at least one file inspection rule. +# +#SecUploadKeepFiles RelevantOnly + +# Uploaded files are by default created with permissions that do not allow +# any other user to access them. You may need to relax that if you want to +# interface ModSecurity to an external program (e.g., an anti-virus). +# +#SecUploadFileMode 0600 + + +# -- Debug log configuration ------------------------------------------------- + +# The default debug log configuration is to duplicate the error, warning +# and notice messages from the error log. +# +#SecDebugLog /opt/modsecurity/var/log/debug.log +#SecDebugLogLevel 3 + + +# -- Audit log configuration ------------------------------------------------- + +# Log the transactions that are marked by a rule, as well as those that +# trigger a server error (determined by a 5xx or 4xx, excluding 404, +# level response status codes). +# +SecAuditEngine Off +SecAuditLogRelevantStatus "^(?:5|4(?!04))" + +# Log everything we know about a transaction. +SecAuditLogParts ABIJDEFHZ + +# Use a single file for logging. This is much easier to look at, but +# assumes that you will use the audit log only ocassionally. +# +SecAuditLogType Serial +SecAuditLog /var/opt/nevisproxy/default/logs/host-auth.agov-d.azure.adnovum.net_modsec_audit.log + +# Specify the path for concurrent audit logging. +#SecAuditLogStorageDir /opt/modsecurity/var/audit/ + + +# -- Miscellaneous ----------------------------------------------------------- + +# Use the most commonly used application/x-www-form-urlencoded parameter +# separator. There's probably only one application somewhere that uses +# something else so don't expect to change this value. +# +SecArgumentSeparator & + +# Settle on version 0 (zero) cookies, as that is what most applications +# use. Using an incorrect cookie version may open your installation to +# evasion attacks (against the rules that examine named cookies). +# +SecCookieFormat 0 + +# Specify your Unicode Code Point. +# This mapping is used by the t:urlDecodeUni transformation function +# to properly map encoded data to your language. Properly setting +# these directives helps to reduce false positives and negatives. +# +#SecUnicodeMapFile unicode.mapping 20127 + +# Improve the quality of ModSecurity by sharing information about your +# current ModSecurity version and dependencies versions. +# The following information will be shared: ModSecurity version, +# Web Server version, APR version, PCRE version, Lua version, Libxml2 +# version, Anonymous unique id for host. +SecStatusEngine Off + +Include crs-setup.conf \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/recovery_pdf_session_processing.lua b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/recovery_pdf_session_processing.lua new file mode 100644 index 0000000..7db8cf9 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/recovery_pdf_session_processing.lua @@ -0,0 +1,70 @@ +package.path = package.path .. ";/opt/nevisproxy/webapp/WEB-INF/lib/lua/Utils.lua" +local Utils = require "Utils" + +function inputHeader(request, response) + local trace = request:getTracer() + + local cookies = Utils.parseCookieHeader(request) + local token = nil + local language = nil + + for name, value in pairs(cookies) do + if (name == "agovRecoveryCode" and value) then + token = value + end + if (name == "LANG" and value) then + language = value + end + end + + if (token and language) then + + local jwtHandler = nevis.util.jwt.new() + + local publickey = param_auth_signer_key:gsub("
", "\n") + trace:debug("publickey: '" .. publickey .. "'") + + local base64 = nevis.crypto.base64.new() + token = base64:decode(token) + trace:debug("token: " .. token) + + local verified = jwtHandler:verifySignature(token, "rs256", publickey) + + if not verified then + trace:error("Blocking request: Invalid JWT : '" .. token .. "'") + response:setBody("Blocking request: Invalid JWT") + response:send(403) + else + local jwtPayload = string.gsub(token, "^.*%.([^%.]+)%..*$", "%1") + + local padding = string.len(jwtPayload) % 4 + while (padding > 0) do + padding = padding - 1 + jwtPayload = jwtPayload .. "=" + end + + trace:debug("jwtPayload: " .. jwtPayload) + + local json = base64:decode(jwtPayload) + trace:debug("json: " .. json) + + local userId = string.gsub(json, '^.*%"sub%"%:%"([^%"]+).*$', "%1") + trace:info("userId: " .. userId) + local sessionId = string.gsub(json, '^.*%"sessionId%"%:([^,]+).*$', "%1") + trace:info("sessionId: " .. sessionId) + + local query = request:getQuery() + if query then + query = query.."&userId="..userId.."&userSessionId="..sessionId.."&language="..language + else + query = "userId="..userId.."&userSessionId="..sessionId.."&language="..language + end + request:removeHeader("Cookie") + request:setQuery(query) + end + + else + trace:error("Accessed recovery pdf endpoint without required cookies") + response:send(404) + end +end \ No newline at end of file diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules.conf new file mode 100644 index 0000000..3e7b718 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules.conf @@ -0,0 +1,32 @@ +Include rules/REQUEST-901-INITIALIZATION.conf +Include rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf +Include rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf +Include rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf +Include rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf +Include rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf +Include rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf +Include rules/REQUEST-905-COMMON-EXCEPTIONS.conf +Include rules/REQUEST-910-IP-REPUTATION.conf +Include rules/REQUEST-911-METHOD-ENFORCEMENT.conf +Include rules/REQUEST-912-DOS-PROTECTION.conf +Include rules/REQUEST-913-SCANNER-DETECTION.conf +Include rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf +Include rules/REQUEST-921-PROTOCOL-ATTACK.conf +Include rules/REQUEST-922-MULTIPART-ATTACK.conf +Include rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf +Include rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf +Include rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf +Include rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf +Include rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf +Include rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf +Include rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +Include rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf +Include rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf +Include rules/REQUEST-949-BLOCKING-EVALUATION.conf +Include rules/RESPONSE-950-DATA-LEAKAGES.conf +Include rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf +Include rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf +Include rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf +Include rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf +Include rules/RESPONSE-959-BLOCKING-EVALUATION.conf +Include rules/RESPONSE-980-CORRELATION.conf diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-901-INITIALIZATION.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-901-INITIALIZATION.conf new file mode 100644 index 0000000..27fd54a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-901-INITIALIZATION.conf @@ -0,0 +1,470 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# This file REQUEST-901-INITIALIZATION.conf initializes the Core Rules +# and performs preparatory actions. It also fixes errors and omissions +# of variable definitions in the file crs-setup.conf. +# The setup.conf can and should be edited by the user, this file +# is part of the CRS installation and should not be altered. +# + + +# +# -=[ Rules Version ]=- +# +# Rule version data is added to the "Producer" line of Section H of the Audit log: +# +# - Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); OWASP_CRS/3.1.0. +# +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature +# +SecComponentSignature "OWASP_CRS/3.3.5" + +# +# -=[ Default setup values ]=- +# +# The CRS checks the tx.crs_setup_version variable to ensure that the setup +# file is included at the correct time. This detects situations where +# necessary settings are not defined, for instance if the file +# inclusion order is incorrect, or if the user has forgotten to +# include the crs-setup.conf file. +# +# If you are upgrading from an earlier version of the CRS and you are +# getting this error, please make a new copy of the setup template +# crs-setup.conf.example to crs-setup.conf, and re-apply your policy +# changes. There have been many changes in settings syntax from CRS2 +# to CRS3, so an old setup file may cause unwanted behavior. +# +# If you are not planning to use the crs-setup.conf template, you must +# manually set the tx.crs_setup_version variable before including +# the CRS rules/* files. +# +# The variable is a numerical representation of the CRS version number. +# E.g., v3.0.0 is represented as 300. +# + +SecRule &TX:crs_setup_version "@eq 0" \ + "id:901001,\ + phase:1,\ + deny,\ + status:500,\ + log,\ + auditlog,\ + msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL'" + + +# +# -=[ Default setup values ]=- +# +# Some constructs or individual rules will fail if certain parameters +# are not set in the setup.conf file. The following rules will catch +# these cases and assign sane default values. +# + +# Default Inbound Anomaly Threshold Level (rule 900110 in setup.conf) +SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \ + "id:901100,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.inbound_anomaly_score_threshold=5'" + +# Default Outbound Anomaly Threshold Level (rule 900110 in setup.conf) +SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \ + "id:901110,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.outbound_anomaly_score_threshold=4'" + +# Default Paranoia Level (rule 900000 in setup.conf) +SecRule &TX:paranoia_level "@eq 0" \ + "id:901120,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.paranoia_level=1'" + +# Default Executing Paranoia Level (rule 900000 in setup.conf) +SecRule &TX:executing_paranoia_level "@eq 0" \ + "id:901125,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.executing_paranoia_level=%{TX.PARANOIA_LEVEL}'" + +# Default Sampling Percentage (rule 900400 in setup.conf) +SecRule &TX:sampling_percentage "@eq 0" \ + "id:901130,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.sampling_percentage=100'" + +# Default Anomaly Scores (rule 900100 in setup.conf) +SecRule &TX:critical_anomaly_score "@eq 0" \ + "id:901140,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.critical_anomaly_score=5'" + +SecRule &TX:error_anomaly_score "@eq 0" \ + "id:901141,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.error_anomaly_score=4'" + +SecRule &TX:warning_anomaly_score "@eq 0" \ + "id:901142,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.warning_anomaly_score=3'" + +SecRule &TX:notice_anomaly_score "@eq 0" \ + "id:901143,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.notice_anomaly_score=2'" + +# Default do_reput_block +SecRule &TX:do_reput_block "@eq 0" \ + "id:901150,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.do_reput_block=0'" + +# Default block duration +SecRule &TX:reput_block_duration "@eq 0" \ + "id:901152,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.reput_block_duration=300'" + +# Default HTTP policy: allowed_methods (rule 900200) +SecRule &TX:allowed_methods "@eq 0" \ + "id:901160,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" + +# Default HTTP policy: allowed_request_content_type (rule 900220) +SecRule &TX:allowed_request_content_type "@eq 0" \ + "id:901162,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" + +# Default HTTP policy: allowed_request_content_type_charset (rule 900270) +SecRule &TX:allowed_request_content_type_charset "@eq 0" \ + "id:901168,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_request_content_type_charset=utf-8|iso-8859-1|iso-8859-15|windows-1252'" + +# Default HTTP policy: allowed_http_versions (rule 900230) +SecRule &TX:allowed_http_versions "@eq 0" \ + "id:901163,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'" + +# Default HTTP policy: restricted_extensions (rule 900240) +SecRule &TX:restricted_extensions "@eq 0" \ + "id:901164,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" + +# Default HTTP policy: restricted_headers (rule 900250) +SecRule &TX:restricted_headers "@eq 0" \ + "id:901165,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.restricted_headers=/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/'" + +# Default HTTP policy: static_extensions (rule 900260) +SecRule &TX:static_extensions "@eq 0" \ + "id:901166,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'" + +# Default enforcing of body processor URLENCODED +SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \ + "id:901167,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.enforce_bodyproc_urlencoded=0'" + +# Default check for UTF8 encoding validation +SecRule &TX:crs_validate_utf8_encoding "@eq 0" \ + "id:901169,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.crs_validate_utf8_encoding=0'" + +# Default monitor_anomaly_score value +SecRule &TX:monitor_anomaly_score "@eq 0" \ + "id:901170,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.monitor_anomaly_score=0'" + +# +# -=[ Initialize internal variables ]=- +# + +# Initialize anomaly scoring variables. +# All _score variables start at 0, and are incremented by the various rules +# upon detection of a possible attack. +# sql_error_match is used for shortcutting rules for performance reasons. + +SecAction \ + "id:901200,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.anomaly_score=0',\ + setvar:'tx.anomaly_score_pl1=0',\ + setvar:'tx.anomaly_score_pl2=0',\ + setvar:'tx.anomaly_score_pl3=0',\ + setvar:'tx.anomaly_score_pl4=0',\ + setvar:'tx.sql_injection_score=0',\ + setvar:'tx.xss_score=0',\ + setvar:'tx.rfi_score=0',\ + setvar:'tx.lfi_score=0',\ + setvar:'tx.rce_score=0',\ + setvar:'tx.php_injection_score=0',\ + setvar:'tx.http_violation_score=0',\ + setvar:'tx.session_fixation_score=0',\ + setvar:'tx.inbound_anomaly_score=0',\ + setvar:'tx.outbound_anomaly_score=0',\ + setvar:'tx.outbound_anomaly_score_pl1=0',\ + setvar:'tx.outbound_anomaly_score_pl2=0',\ + setvar:'tx.outbound_anomaly_score_pl3=0',\ + setvar:'tx.outbound_anomaly_score_pl4=0',\ + setvar:'tx.sql_error_match=0'" + + +# +# -=[ Initialize collections ]=- +# +# Create both Global and IP collections for rules to use. +# There are some CRS rules that assume that these two collections +# have already been initiated. +# + +SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \ + "id:901318,\ + phase:1,\ + pass,\ + t:none,t:sha1,t:hexEncode,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.ua_hash=%{MATCHED_VAR}'" + +SecAction \ + "id:901321,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + initcol:global=global,\ + initcol:ip=%{remote_addr}_%{tx.ua_hash},\ + setvar:'tx.real_ip=%{remote_addr}'" + +# +# -=[ Initialize Correct Body Processing ]=- +# +# Force request body variable and optionally request body processor +# + +# Force body variable +SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ + "id:901340,\ + phase:1,\ + pass,\ + nolog,\ + noauditlog,\ + msg:'Enabling body inspection',\ + ctl:forceRequestBodyVariable=On,\ + ver:'OWASP_CRS/3.3.5'" + +# Force body processor URLENCODED +SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ + "id:901350,\ + phase:1,\ + pass,\ + t:none,t:urlDecodeUni,\ + nolog,\ + noauditlog,\ + msg:'Enabling forced body inspection for ASCII content',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ + "ctl:requestBodyProcessor=URLENCODED" + + +# +# -=[ Easing In / Sampling Percentage ]=- +# +# This is used to send only a limited percentage of requests into the Core +# Rule Set. The selection is based on TX.sampling_percentage and a pseudo +# random number calculated below. +# +# Use this to ease into a new Core Rules installation with an existing +# productive service. +# +# See +# https://www.netnea.com/cms/2016/04/26/easing-in-conditional-modsecurity-rule-execution-based-on-pseudo-random-numbers/ +# + +# +# Generate the pseudo random number +# +# ATTENTION: This is no cryptographically secure random number. It's just +# a cheap way to get some random number suitable for sampling. +# +# We take the entropy contained in the UNIQUE_ID. We hash that variable and +# take the first integer numbers out of it. Theoretically, it is possible +# there are no integers in a sha1 hash. We make sure we get two +# integer numbers by taking the last two digits from the DURATION counter +# (in microseconds). +# Finally, leading zeros are removed from the two-digit random number. +# + +SecRule TX:sampling_percentage "@eq 100" \ + "id:901400,\ + phase:1,\ + pass,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-SAMPLING" + +SecRule UNIQUE_ID "@rx ^." \ + "id:901410,\ + phase:1,\ + pass,\ + t:sha1,t:hexEncode,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'TX.sampling_rnd100=%{MATCHED_VAR}'" + +SecRule DURATION "@rx (..)$" \ + "id:901420,\ + phase:1,\ + pass,\ + capture,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'TX.sampling_rnd100=%{TX.sampling_rnd100}%{TX.1}'" + +SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ + "id:901430,\ + phase:1,\ + pass,\ + capture,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'" + +SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \ + "id:901440,\ + phase:1,\ + pass,\ + capture,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'TX.sampling_rnd100=%{TX.1}'" + + +# +# Sampling decision +# +# If a request is allowed to pass without being checked by the CRS, there is no +# entry in the audit log (for performance reasons), but an error log entry is +# being written. If you want to disable the error log entry, then issue the +# following directive somewhere after the inclusion of the CRS +# (E.g., RESPONSE-999-EXCEPTIONS.conf). +# +# SecRuleUpdateActionById 901450 "nolog" +# + + +SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \ + "id:901450,\ + phase:1,\ + pass,\ + log,\ + noauditlog,\ + msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\ + ctl:ruleEngine=Off,\ + ver:'OWASP_CRS/3.3.5'" + +SecMarker "END-SAMPLING" + + +# +# Configuration Plausibility Checks +# + +# Make sure executing paranoia level is not lower than paranoia level +SecRule TX:executing_paranoia_level "@lt %{tx.paranoia_level}" \ + "id:901500,\ + phase:1,\ + deny,\ + status:500,\ + t:none,\ + log,\ + msg:'Executing paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\ + ver:'OWASP_CRS/3.3.5'" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf new file mode 100644 index 0000000..518300a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf @@ -0,0 +1,423 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default Drupal install. +# The exclusions are only active if crs_exclusions_drupal=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. + +# +# [ POLICY ] +# +# Drupal is a complex application that is hard to secure with the CRS. This set +# of exclusion rules aims to sanitise the CRS in a way that allows a default +# Drupal setup to be installed and configured without much hassle as far as +# ModSecurity and the CRS are concerned. +# +# The exclusion rules are fairly straight forward in the sense that they +# disable CRS on a set of well-known parameter fields that are often the source +# of false positives / false alarms of the CRS. This includes namely the +# session cookie, the password fields and article/node bodies. +# +# This is based on two assumptions: - You have a basic trust in your +# authenticated users who are allowed to edit nodes. - Drupal allows html +# content in nodes and it protects your users from attacks via these fields. +# +# If you think these assumptions are wrong or if you would prefer a more +# careful/secure approach, you can disable the exclusion rules handling of said +# node body false positives. Do this by placing the following directive in +# RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf. +# +# SecRuleRemoveById 9001200-9001299 +# +# This will mean the CRS remain intact for the editing of node bodies. +# +# The exclusion rules in this file work without the need to define a Drupal +# installation path prefix. Instead they look at the URI from the end - or +# they use regular expressions when targeting dynamic URL. This is all not +# totally foolproof. In some cases, an advanced attacker might be able to +# doctor a request in a way that one of these exclusion rules is triggered +# and the request will bypass all further inspection despite not being a +# Drupal request at all. These exclusion rules could thus be leveraged to +# disable the CRS completely. This is why these rules are off by default. +# +# The CRS rules covered by this ruleset are the rules with Paranoia Level 1 and +# 2. If you chose to run Paranoia Level 3 or 4, you will be facing additional +# false positives which you need to handle yourself. +# +# This set of exclusion rules does not cover any additional Drupal modules +# outside of core. +# +# The exclusion rules are based on Drupal 8.1.10. +# +# And finally: This set of exclusion rules is in an experimental state. If you +# encounter false positives with the basic Drupal functionality and they are +# not covered by this rule file, then please report them. The aim is to be able +# to install and run Drupal core in a seamless manner protected by +# ModSecurity / CRS up to the paranoia level 2. + + +SecRule &TX:crs_exclusions_drupal|TX:crs_exclusions_drupal "@eq 0" \ + "id:9001000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DRUPAL-RULE-EXCLUSIONS" + +SecRule &TX:crs_exclusions_drupal|TX:crs_exclusions_drupal "@eq 0" \ + "id:9001001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DRUPAL-RULE-EXCLUSIONS" + + +# [ Table of Contents ] +# +# 9001100 Session Cookie +# 9001110 Password +# 9001120 FREE for use +# 9001130 FREE for use +# 9001140 Content and Descriptions +# 9001150 FREE for use +# 9001160 Form Token +# 9001170 Text Formats and Editors +# 9001180 WYSIWYG/CKEditor Assets and Upload +# 9001190 FREE for use +# 9001200 Content and Descriptions +# +# The rule id range from 9001200 to 9001999 is reserved for future +# use (Drupal plugins / modules). + + +# [ Session Cookie ] +# +# Giving the session cookie a dynamic name is most unfortunate +# from a ModSecurity perspective. The rule language does not allow +# us to disable rules in a granular way for individual cookies with +# dynamic names. So we need to disable rule causing false positives +# for all cookies and their names. +# +# Rule Exclusion Session Cookie: 942450 SQL Hex Encoding Identified +# +SecAction "id:9001100,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES_NAMES,\ + ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Password ] +# +# Disable the CRS completely for all occurrences of passwords. +# +SecRule REQUEST_FILENAME "@endsWith /core/install.php" \ + "id:9001110,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:account[pass][pass1],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:account[pass][pass2],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /user/login" \ + "id:9001112,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/people/create" \ + "id:9001114,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass[pass1],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass[pass2],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@rx /user/[0-9]+/edit$" \ + "id:9001116,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:current_pass,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass[pass1],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass[pass2],\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Admin Settings (general) ] +# +# Disable known false positives for various fields used on admin pages. +# +# Rule Exclusion: 920271 Invalid character in request on multiple fields/paths +# Rule Exclusion: 942430 Restricted SQL Character Anomaly Detection (args) +# Disabled completely for admin/config pages +# For the people/accounts page, we disable the CRS completely for a number of +# freeform text fields. +# +SecRule REQUEST_FILENAME "@contains /admin/config/" \ + "id:9001122,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveById=942430,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/config/people/accounts" \ + "id:9001124,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveById=920271,\ + ctl:ruleRemoveById=942440,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_cancel_confirm_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_password_reset_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_register_admin_created_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_register_no_approval_required_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_register_pending_approval_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_status_activated_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_status_blocked_body,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:user_mail_status_canceled_body,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/config/development/configuration/single/import" \ + "id:9001126,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveById=920271,\ + ctl:ruleRemoveById=942440,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/config/development/maintenance" \ + "id:9001128,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveById=942440,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# +# [ Content and Descriptions ] +# +# Disable known false positives for field "ids[]". +# +# Rule Exclusion: 942130 SQL Injection Attack: SQL Tautology Detected +# +SecRule REQUEST_FILENAME "@endsWith /contextual/render" \ + "id:9001140,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetById=942130;ARGS:ids[],\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Form Token / Build ID ] +# +# Rule Exclusion for form_build_id: 942440 SQL Comment Sequence Detected on ... +# Rule Exclusion for form_token: 942450 SQL Hex Encoding +# Rule Exclusion for form_build_id: 942450 SQL Hex Encoding +# +# This is applied site-wide. +# +SecAction "id:9001160,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetById=942440;ARGS:form_build_id,\ + ctl:ruleRemoveTargetById=942450;ARGS:form_token,\ + ctl:ruleRemoveTargetById=942450;ARGS:form_build_id,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Text Formats and Editors ] +# +# Disable the CRS completely for two fields triggering many, many rules +# +# Rule Exclusion for two fields: 942440 SQL Comment Sequence Detected +# +SecRule REQUEST_FILENAME "@endsWith /admin/config/content/formats/manage/full_html" \ + "id:9001170,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:editor[settings][toolbar][button_groups],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:filters[filter_html][settings][allowed_html],\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ WYSIWYG/CKEditor Assets and Upload ] +# +# Disable the unnecessary requestBodyAccess and for binary uploads +# bigger than an arbitrary limit of 31486341 bytes. +# +# Extensive checks make sure these uploads are really legitimate. +# +# Rule 9001180 was commented out in 2021 in order to fight CVE-2021-35368. +# +#SecRule REQUEST_METHOD "@streq POST" \ +# "id:9001180,\ +# phase:1,\ +# pass,\ +# t:none,\ +# nolog,\ +# noauditlog,\ +# ver:'OWASP_CRS/3.3.0',\ +# chain" +# SecRule REQUEST_FILENAME "@rx /admin/content/assets/add/[a-z]+$" \ +# "chain" +# SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "@rx ^[a-zA-Z0-9_-]+" \ +# "ctl:requestBodyAccess=Off" + +# Rule 9001182 was commented out in 2021 in order to fight CVE-2021-35368. +# +#SecRule REQUEST_METHOD "@streq POST" \ +# "id:9001182,\ +# phase:1,\ +# pass,\ +# t:none,\ +# nolog,\ +# noauditlog,\ +# ver:'OWASP_CRS/3.3.0',\ +# chain" +# SecRule REQUEST_FILENAME "@rx /admin/content/assets/manage/[0-9]+$" \ +# "chain" +# SecRule ARGS:destination "@streq admin/content/assets" \ +# "chain" +# SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" \ +# "chain" +# SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "@rx ^[a-zA-Z0-9_-]+" \ +# "ctl:requestBodyAccess=Off" + +# Rule 9001184 was commented out in 2021 in order to fight CVE-2021-35368. +# +#SecRule REQUEST_METHOD "@streq POST" \ +# "id:9001184,\ +# phase:1,\ +# pass,\ +# t:none,\ +# nolog,\ +# noauditlog,\ +# ver:'OWASP_CRS/3.3.0',\ +# chain" +# SecRule REQUEST_FILENAME "@rx /file/ajax/field_asset_[a-z0-9_]+/[ua]nd/0/form-[a-z0-9A-Z_-]+$" \ +# "chain" +# SecRule REQUEST_HEADERS:Content-Length "@gt 31486341" \ +# "chain" +# SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)multipart/form-data" \ +# "chain" +# SecRule REQUEST_COOKIES:/S?SESS[a-f0-9]+/ "@rx ^[a-zA-Z0-9_-]+" \ +# "ctl:requestBodyAccess=Off" + + +# +# [ Content and Descriptions ] +# +# Disable the CRS completely for node bodies and other free text fields. +# Other rules are disabled individually. +# +# Rule Exclusion for ARGS:uid[0][target_id]: 942410 SQL Injection Attack +# Rule Exclusion for ARGS:destination: 932110 RCE: Windows Command Inj. +# +SecRule REQUEST_FILENAME "@endsWith /node/add/article" \ + "id:9001200,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:body[0][value],\ + ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /node/add/page" \ + "id:9001202,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:body[0][value],\ + ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@rx /node/[0-9]+/edit$" \ + "id:9001204,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:body[0][value],\ + ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id],\ + ctl:ruleRemoveTargetById=932110;ARGS:destination,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /block/add" \ + "id:9001206,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:body[0][value],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/structure/block/block-content/manage/basic" \ + "id:9001208,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:description,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@rx /editor/filter_xss/(?:full|basic)_html$" \ + "id:9001210,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:value,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@rx /user/[0-9]+/contact$" \ + "id:9001212,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message[0][value],\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/config/development/maintenance" \ + "id:9001214,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:maintenance_mode_message,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@endsWith /admin/config/services/rss-publishing" \ + "id:9001216,\ + phase:2,\ + pass,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:feed_description,\ + ver:'OWASP_CRS/3.3.5'" + + +SecMarker "END-DRUPAL-RULE-EXCLUSIONS" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf new file mode 100644 index 0000000..b4e75fa --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf @@ -0,0 +1,760 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default WordPress install. +# The exclusions are only active if crs_exclusions_wordpress=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. +# +# Note that the WordPress comment field itself is currently NOT excluded +# from checking. The reason is that malicious content is regularly being +# posted to WordPress comment forms, and there have been various cases +# of XSS and even RCE vulnerabilities exploited by WordPress comments. + +SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \ + "id:9002000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-WORDPRESS" + +SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \ + "id:9002001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-WORDPRESS" + + +# +# -=[ WordPress Front-End ]=- +# + + +# +# [ Login form ] +# + +# User login password +SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \ + "id:9002100,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pwd,\ + ver:'OWASP_CRS/3.3.5'" + +# Reset password +SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \ + "id:9002120,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq resetpass" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + + +# +# [ Comments ] +# + +# Post comment +SecRule REQUEST_FILENAME "@endsWith /wp-comments-post.php" \ + "id:9002130,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Gutenberg Editor ] +# Used when a user (auto)saves a post/page with Gutenberg. +# + +# Gutenberg +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages)" \ + "id:9002140,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.content,\ + ver:'OWASP_CRS/3.3.5'" + +# Gutenberg via rest_route for sites without pretty permalinks +SecRule REQUEST_FILENAME "@endsWith /index.php" \ + "id:9002141,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &ARGS:rest_route "@eq 1" \ + "t:none,\ + nolog,\ + chain" + SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages)" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.content" + +# Gutenberg upload image/media +SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/media" \ + "id:9002142,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=200002,\ + ctl:ruleRemoveById=200003,\ + ver:'OWASP_CRS/3.3.5'" + +# Gutenberg upload image/media via rest_route for sites without pretty permalinks +SecRule REQUEST_FILENAME "@endsWith /index.php" \ + "id:9002143,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &ARGS:rest_route "@eq 1" \ + "t:none,\ + nolog,\ + chain" + SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/media" \ + "t:none,\ + ctl:ruleRemoveById=200002,\ + ctl:ruleRemoveById=200003" + +# +# [ Live preview ] +# Used when an administrator customizes the site and previews the result +# as a normal user. +# + +# Theme select +# Example: wp_customize=on&theme=twentyfifteen&customized= +# {"old_sidebars_widgets_data":{"wp_inactive_widgets":[], +# "sidebar-1":["search-2","recent-posts-2","recent-comments-2", +# "archives-2","categories-2","meta-2"]}}&nonce=XXX& +# customize_messenger_channel=preview-0 +SecRule ARGS:wp_customize "@streq on" \ + "id:9002150,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &ARGS:action "@eq 0" \ + "t:none,\ + ctl:ruleRemoveTargetById=942200;ARGS:customized,\ + ctl:ruleRemoveTargetById=942260;ARGS:customized,\ + ctl:ruleRemoveTargetById=942300;ARGS:customized,\ + ctl:ruleRemoveTargetById=942330;ARGS:customized,\ + ctl:ruleRemoveTargetById=942340;ARGS:customized,\ + ctl:ruleRemoveTargetById=942370;ARGS:customized,\ + ctl:ruleRemoveTargetById=942430;ARGS:customized,\ + ctl:ruleRemoveTargetById=942431;ARGS:customized,\ + ctl:ruleRemoveTargetById=942460;ARGS:customized" + +# Appearance -> Widgets -> Live Preview +SecRule ARGS:wp_customize "@streq on" \ + "id:9002160,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@rx ^(?:|customize_save|update-widget)$" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=942200;ARGS:customized,\ + ctl:ruleRemoveTargetById=942260;ARGS:customized,\ + ctl:ruleRemoveTargetById=942300;ARGS:customized,\ + ctl:ruleRemoveTargetById=942330;ARGS:customized,\ + ctl:ruleRemoveTargetById=942340;ARGS:customized,\ + ctl:ruleRemoveTargetById=942370;ARGS:customized,\ + ctl:ruleRemoveTargetById=942430;ARGS:customized,\ + ctl:ruleRemoveTargetById=942431;ARGS:customized,\ + ctl:ruleRemoveTargetById=942460;ARGS:customized,\ + ctl:ruleRemoveTargetById=920230;ARGS:partials,\ + ctl:ruleRemoveTargetById=941320;ARGS:partials,\ + ctl:ruleRemoveTargetById=942180;ARGS:partials,\ + ctl:ruleRemoveTargetById=942200;ARGS:partials,\ + ctl:ruleRemoveTargetById=942260;ARGS:partials,\ + ctl:ruleRemoveTargetById=942330;ARGS:partials,\ + ctl:ruleRemoveTargetById=942340;ARGS:partials,\ + ctl:ruleRemoveTargetById=942370;ARGS:partials,\ + ctl:ruleRemoveTargetById=942430;ARGS:partials,\ + ctl:ruleRemoveTargetById=942431;ARGS:partials,\ + ctl:ruleRemoveTargetById=942460;ARGS:partials" + + + +# Self calls to wp-cron.php?doing_wp_cron=[timestamp] +# These requests may be missing Accept, Content-Length headers. +# This rule must run in phase:1. +SecRule REQUEST_FILENAME "@endsWith /wp-cron.php" \ + "id:9002200,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=920180,\ + ctl:ruleRemoveById=920300,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Cookies ] + +# WP Session Manager +# Cookie: _wp_session=[hex]||[timestamp]||[timestamp] +# detected SQLi using libinjection with fingerprint 'n&1' +SecRule REQUEST_COOKIES:_wp_session "@rx ^[0-9a-f]+\|\|\d+\|\|\d+$" \ + "id:9002300,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &REQUEST_COOKIES:_wp_session "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:_wp_session" + + +# +# -=[ WordPress Administration Back-End (wp-admin) ]=- +# + +# Skip this section for performance unless /wp-admin/ is in filename + +SecRule REQUEST_FILENAME "!@contains /wp-admin/" \ + "id:9002400,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-WORDPRESS-ADMIN" + +SecRule REQUEST_FILENAME "!@contains /wp-admin/" \ + "id:9002401,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-WORDPRESS-ADMIN" + + +# +# [ Installation ] +# + +# WordPress installation: exclude database password +SecRule REQUEST_FILENAME "@endsWith /wp-admin/setup-config.php" \ + "id:9002410,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:step "@streq 2" \ + "t:none,\ + chain" + SecRule &ARGS:step "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pwd" + +# WordPress installation: exclude admin password +SecRule REQUEST_FILENAME "@endsWith /wp-admin/install.php" \ + "id:9002420,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:step "@streq 2" \ + "t:none,\ + chain" + SecRule &ARGS:step "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:admin_password,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:admin_password2,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text" + + +# +# [ User management ] +# + +# Edit logged-in user +SecRule REQUEST_FILENAME "@endsWith /wp-admin/profile.php" \ + "id:9002520,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq update" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ctl:ruleRemoveTargetById=931130;ARGS:facebook,\ + ctl:ruleRemoveTargetById=931130;ARGS:instagram,\ + ctl:ruleRemoveTargetById=931130;ARGS:linkedin,\ + ctl:ruleRemoveTargetById=931130;ARGS:myspace,\ + ctl:ruleRemoveTargetById=931130;ARGS:pinterest,\ + ctl:ruleRemoveTargetById=931130;ARGS:soundcloud,\ + ctl:ruleRemoveTargetById=931130;ARGS:tumblr,\ + ctl:ruleRemoveTargetById=931130;ARGS:youtube,\ + ctl:ruleRemoveTargetById=931130;ARGS:wikipedia,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + +# Edit user +SecRule REQUEST_FILENAME "@endsWith /wp-admin/user-edit.php" \ + "id:9002530,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq update" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ctl:ruleRemoveTargetById=931130;ARGS:facebook,\ + ctl:ruleRemoveTargetById=931130;ARGS:instagram,\ + ctl:ruleRemoveTargetById=931130;ARGS:linkedin,\ + ctl:ruleRemoveTargetById=931130;ARGS:myspace,\ + ctl:ruleRemoveTargetById=931130;ARGS:pinterest,\ + ctl:ruleRemoveTargetById=931130;ARGS:soundcloud,\ + ctl:ruleRemoveTargetById=931130;ARGS:tumblr,\ + ctl:ruleRemoveTargetById=931130;ARGS:youtube,\ + ctl:ruleRemoveTargetById=931130;ARGS:wikipedia,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + +# Create user +SecRule REQUEST_FILENAME "@endsWith /wp-admin/user-new.php" \ + "id:9002540,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq createuser" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + + +# +# [ General exclusions ] +# + +# _wp_http_referer and wp_http_referer are passed on a lot of wp-admin pages +SecAction \ + "id:9002600,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=920230;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=931130;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=932150;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=941100;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=942130;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=942200;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=942260;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=942431;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=942440;ARGS:_wp_http_referer,\ + ctl:ruleRemoveTargetById=920230;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=931130;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=932150;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=941100;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=942130;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=942200;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=942260;ARGS:wp_http_referer,\ + ctl:ruleRemoveTargetById=942431;ARGS:wp_http_referer,\ + ver:'OWASP_CRS/3.3.5'" + +# +# [ Content editing ] +# + +# Edit posts and pages +# /wp-admin/post.php, /wp-admin/post.php?t=[timestamp] +# - Themes do not properly escape post_title in HTML, so beware of XSS +# and be conservative in excluding this parameter. +# - Parameter _wp_http_referer can appear multiple times. +SecRule REQUEST_FILENAME "@endsWith /wp-admin/post.php" \ + "id:9002700,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@rx ^(?:edit|editpost)$" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:post_title,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\ + ctl:ruleRemoveById=920272,\ + ctl:ruleRemoveById=921180" + +# Autosave posts and pages +# ARGS_NAMES:data[wp-check-locked-posts][] can appear multiple times +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002710,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq heartbeat" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:data[wp_autosave][post_title],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:data[wp_autosave][content],\ + ctl:ruleRemoveTargetById=942431;ARGS_NAMES:data[wp-refresh-post-lock][post_id],\ + ctl:ruleRemoveTargetById=942431;ARGS_NAMES:data[wp-refresh-post-lock][lock],\ + ctl:ruleRemoveTargetById=942431;ARGS_NAMES:data[wp-check-locked-posts][],\ + ctl:ruleRemoveById=921180,\ + ctl:ruleRemoveById=920272" + +# Edit menus +SecRule REQUEST_FILENAME "@endsWith /wp-admin/nav-menus.php" \ + "id:9002720,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq update" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=942460;ARGS:menu-name,\ + ctl:ruleRemoveTargetById=941330;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=941340;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942200;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942260;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942330;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942340;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942430;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942431;ARGS:nav-menu-data,\ + ctl:ruleRemoveTargetById=942460;ARGS:nav-menu-data" + +# Edit text widgets (can contain custom HTML) +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002730,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@rx ^(?:save-widget|update-widget)$" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[0][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[1][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[2][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[3][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[4][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[5][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[6][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[7][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[8][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[9][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[10][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[11][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[12][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[13][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[14][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[15][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[16][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[17][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[18][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[19][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[20][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[21][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[22][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[23][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[24][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[25][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[26][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[27][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[28][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[29][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[30][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[31][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[32][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[33][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[34][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[35][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[36][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[37][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[38][text],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:widget-text[39][text]" + +# Reorder widgets +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002740,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq widgets-order" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-1],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-1],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-2],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-2],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-3],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-3],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-4],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-4],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-5],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-5],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-6],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-6],\ + ctl:ruleRemoveTargetById=942430;ARGS:sidebars[sidebar-7],\ + ctl:ruleRemoveTargetById=942431;ARGS:sidebars[sidebar-7]" + +# Create permalink sample for new post +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002750,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq sample-permalink" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:new_title" + +# Add external link to menu +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002760,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq add-menu-item" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=931130;ARGS:menu-item[-1][menu-item-url]" + +# Editor: Add Media, Insert Media, Insert into page +SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \ + "id:9002770,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq send-attachment-to-editor" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:html" + + +# +# [ Options and Settings ] +# + +# Change site URL +SecRule REQUEST_FILENAME "@endsWith /wp-admin/options.php" \ + "id:9002800,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:option_page "@streq general" \ + "t:none,\ + chain" + SecRule &ARGS:option_page "@eq 1" \ + "t:none,\ + chain" + SecRule ARGS:action "@streq update" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetById=931130;ARGS:home,\ + ctl:ruleRemoveTargetById=931130;ARGS:siteurl" + +# Permalink settings +# permalink_structure=/index.php/%year%/%monthnum%/%day%/%postname%/ +SecRule REQUEST_FILENAME "@endsWith /wp-admin/options-permalink.php" \ + "id:9002810,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=920230;ARGS:selection,\ + ctl:ruleRemoveTargetById=920272;ARGS:selection,\ + ctl:ruleRemoveTargetById=942431;ARGS:selection,\ + ctl:ruleRemoveTargetById=920230;ARGS:permalink_structure,\ + ctl:ruleRemoveTargetById=920272;ARGS:permalink_structure,\ + ctl:ruleRemoveTargetById=942431;ARGS:permalink_structure,\ + ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ + ver:'OWASP_CRS/3.3.5'" + +# Comments blacklist and moderation list +SecRule REQUEST_FILENAME "@endsWith /wp-admin/options.php" \ + "id:9002820,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:option_page "@streq discussion" \ + "t:none,\ + chain" + SecRule &ARGS:option_page "@eq 1" \ + "t:none,\ + chain" + SecRule ARGS:action "@streq update" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:blacklist_keys,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:moderation_keys" + +# Posts/pages overview search +SecRule REQUEST_FILENAME "@endsWith /wp-admin/edit.php" \ + "id:9002830,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:s,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Helpers ] +# + +# /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common, +# admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags, +# jquery-query,admin-comments,svg-painter,heartbeat,&load%5B%5D= +# wp-auth-check,wp-a11y,wplink,jquery-ui-core,jquery-ui-widget, +# jquery-ui-position,jquery-ui-menu,jquery-ui-autocomplete&ver=4.6.1 +# +# /wp-admin/load-styles.php?c=0&dir=ltr&load%5B%5D=dashicons, +# admin-bar,buttons,media-views,common,forms,admin-menu,dashboard, +# list-tables,edit,revisions,media,themes,about,nav-menu&load%5B%5D= +# s,widgets,site-icon,l10n,wp-auth-check&ver=4.6.1 +# +# /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common, +# admin-bar,jquery-ui-widget,jquery-ui-position,wp-pointer, +# wp-ajax-response,jquery-color,wp-lists,quicktags, +# jqu&load%5B%5D=ery-query,admin-comments,jquery-ui-core, +# jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,underscore, +# customize-base,customize&load%5B%5D=-loader,thickbox,plugin-install, +# wp-util,wp-a11y,updates,shortcode,media-upload,svg-painter, +# jquery-ui-accordion&ver=3f9999390861a0133beda3ee8acf152e +SecRule REQUEST_FILENAME "@rx /wp-admin/load-(?:scripts|styles)\.php$" \ + "id:9002900,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=921180,\ + ctl:ruleRemoveTargetById=920273;ARGS_NAMES:load[],\ + ctl:ruleRemoveTargetById=942432;ARGS_NAMES:load[],\ + ctl:ruleRemoveTargetById=942360;ARGS:load[],\ + ctl:ruleRemoveTargetById=942430;ARGS:load[],\ + ctl:ruleRemoveTargetById=942431;ARGS:load[],\ + ctl:ruleRemoveTargetById=942432;ARGS:load[],\ + ver:'OWASP_CRS/3.3.5'" + + +SecMarker "END-WORDPRESS-ADMIN" + + +SecMarker "END-WORDPRESS" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf new file mode 100644 index 0000000..3b63b47 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf @@ -0,0 +1,416 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default NextCloud install. +# They will likely work with OwnCloud too, but you may have to modify them. +# The exclusions are only active if crs_exclusions_nextcloud=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. +# +# To relax upload restrictions for only the php files that need it, +# you put something like this in crs-setup.conf: +# +# SecRule REQUEST_FILENAME "@rx /(?:remote.php|index.php)/" \ +# "id:9003330,\ +# phase:1,\ +# t:none,\ +# nolog,\ +# pass,\ +# tx.restricted_extensions='.bak/ .config/ .conf/'" +# +# Large uploads can be modified with SecRequestBodyLimit. Or they +# can be more controlled by using the following: +# +# SecRule REQUEST_URI "@endsWith /index.php/apps/files/ajax/upload.php" \ +# "id:9003610,\ +# phase:1,\ +# t:none,\ +# nolog,\ +# ctl:requestBodyLimit=1073741824" +# +# --------------------- + + +SecRule &TX:crs_exclusions_nextcloud|TX:crs_exclusions_nextcloud "@eq 0" \ + "id:9003000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-NEXTCLOUD" + +SecRule &TX:crs_exclusions_nextcloud|TX:crs_exclusions_nextcloud "@eq 0" \ + "id:9003001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-NEXTCLOUD" + + +# +# [ File Manager ] +# +# +# The web interface uploads files, and interacts with the user. + +SecRule REQUEST_FILENAME "@contains /remote.php/webdav" \ + "id:9003100,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveByTag=attack-injection-php,\ + ctl:ruleRemoveById=941000-942999,\ + ctl:ruleRemoveById=951000-951999,\ + ctl:ruleRemoveById=953100-953130,\ + ctl:ruleRemoveById=920420,\ + ctl:ruleRemoveById=920440,\ + ver:'OWASP_CRS/3.3.5'" + +# Skip PUT parsing for invalid encoding / protocol violations in binary files. + +SecRule REQUEST_METHOD "@streq PUT" \ + "id:9003105,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_FILENAME "@contains /remote.php/webdav" \ + "t:none,\ + ctl:ruleRemoveById=920000-920999,\ + ctl:ruleRemoveById=932000-932999,\ + ctl:ruleRemoveById=921150,\ + ctl:ruleRemoveById=930110,\ + ctl:ruleRemoveById=930120" + +# Allow the data type 'text/vcard' + +SecRule REQUEST_FILENAME "@contains /remote.php/dav/files/" \ + "id:9003110,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/vcard|'" + +# Allow the data type 'application/octet-stream' + +SecRule REQUEST_METHOD "@rx ^(?:PUT|MOVE)$" \ + "id:9003115,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_FILENAME "@rx /remote\.php/dav/(?:files|uploads)/" \ + "setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |application/octet-stream|'" + +# Allow data types like video/mp4 + +SecRule REQUEST_METHOD "@streq PUT" \ + "id:9003116,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_FILENAME "@rx (?:/public\.php/webdav/|/remote\.php/dav/uploads/)" \ + "ctl:ruleRemoveById=920340,\ + ctl:ruleRemoveById=920420" + + +# Allow characters like /../ in files. +# Allow all kind of filetypes. +# Allow source code. + +SecRule REQUEST_FILENAME "@contains /remote.php/dav/files/" \ + "id:9003120,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=930100-930110,\ + ctl:ruleRemoveById=951000-951999,\ + ctl:ruleRemoveById=953100-953130,\ + ctl:ruleRemoveById=920440,\ + ver:'OWASP_CRS/3.3.5'" + +# Allow REPORT requests without Content-Type header (at least the iOS app does this) + +SecRule REQUEST_METHOD "@streq REPORT" \ + "id:9003121,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + chain" + SecRule REQUEST_FILENAME "@contains /remote.php/dav/files/" \ + "t:none,\ + ctl:ruleRemoveById=920340" + + +# [ Searchengine ] +# +# NexCloud uses a search field for filename or content queries. + +SecRule REQUEST_FILENAME "@contains /index.php/core/search" \ + "id:9003125,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=attack-injection-php;ARGS:query,\ + ctl:ruleRemoveTargetById=941000-942999;ARGS:query,\ + ctl:ruleRemoveTargetById=932000-932999;ARGS:query,\ + ver:'OWASP_CRS/3.3.5'" + + +# [ DAV ] +# +# NextCloud uses DAV methods with index.php and remote.php to do many things +# The default ones in ModSecurity are: GET HEAD POST OPTIONS +# +# Looking through the code, and via testing, I found these: +# +# File manager: PUT DELETE MOVE PROPFIND PROPPATCH +# Calendars: REPORT +# Others in the code or js files: PATCH MKCOL MOVE TRACE +# Others that I added just in case, and they seem related: +# CHECKOUT COPY LOCK MERGE MKACTIVITY UNLOCK. + +SecRule REQUEST_FILENAME "@rx /(?:remote|index|public)\.php/" \ + "id:9003130,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT PATCH CHECKOUT COPY DELETE LOCK MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH UNLOCK REPORT TRACE jsonp'" + + +# We need to allow DAV methods for sharing files, and removing shares +# DELETE - when the share is removed +# PUT - when setting a password / expiration time + +SecRule REQUEST_FILENAME "@rx /ocs/v[0-9]+\.php/apps/files_sharing/" \ + "id:9003140,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT DELETE'" + + +# [ Preview and Thumbnails ] + +SecRule REQUEST_FILENAME "@contains /index.php/core/preview.png" \ + "id:9003150,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=932150;ARGS:file,\ + ver:'OWASP_CRS/3.3.5'" + +# Filepreview for trashbin + +SecRule REQUEST_FILENAME "@contains /index.php/apps/files_trashbin/ajax/preview.php" \ + "id:9003155,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=932150;ARGS:file,\ + ctl:ruleRemoveTargetById=942190;ARGS:file,\ + ver:'OWASP_CRS/3.3.5'" + +SecRule REQUEST_FILENAME "@rx /index\.php/(?:apps/gallery/thumbnails|logout$)" \ + "id:9003160,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=941120;ARGS:requesttoken,\ + ver:'OWASP_CRS/3.3.5'" + + +# [ Ownnote ] + +SecRule REQUEST_FILENAME "@contains /index.php/apps/ownnote/" \ + "id:9003300,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=941150,\ + ver:'OWASP_CRS/3.3.5'" + + +# [ Text Editor ] +# +# This file can save anything, and it's name could be lots of things. + +SecRule REQUEST_FILENAME "@contains /index.php/apps/files_texteditor/" \ + "id:9003310,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:filecontents,\ + ctl:ruleRemoveTargetById=921110-921160;ARGS:filecontents,\ + ctl:ruleRemoveTargetById=932150;ARGS:filename,\ + ctl:ruleRemoveTargetById=920370-920390;ARGS:filecontents,\ + ctl:ruleRemoveTargetById=920370-920390;ARGS_COMBINED_SIZE,\ + ver:'OWASP_CRS/3.3.5'" + + +# [ Address Book ] +# +# Allow the data type 'text/vcard' + +SecRule REQUEST_FILENAME "@contains /remote.php/dav/addressbooks/" \ + "id:9003320,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/vcard|'" + +# Allow modifying contacts via the web interface +SecRule REQUEST_METHOD "@streq PUT" \ + "id:9003321,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + chain" + SecRule REQUEST_FILENAME "@contains /remote.php/dav/addressbooks/" \ + "t:none,\ + ctl:ruleRemoveById=200002" + + +# [ Calendar ] +# +# Allow the data type 'text/calendar' + +SecRule REQUEST_FILENAME "@contains /remote.php/dav/calendars/" \ + "id:9003330,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/calendar|'" + +# Allow modifying calendar events via the web interface +SecRule REQUEST_METHOD "@streq PUT" \ + "id:9003331,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + chain" + SecRule REQUEST_FILENAME "@contains /remote.php/dav/calendars/" \ + "t:none,\ + ctl:ruleRemoveById=200002" + + +# [ Notes ] +# +# We want to allow a lot of things as the user is +# allowed to note on anything. + +SecRule REQUEST_FILENAME "@contains /index.php/apps/notes/" \ + "id:9003340,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveByTag=attack-injection-php,\ + ver:'OWASP_CRS/3.3.5'" + + +# [ Bookmarks ] +# +# Allow urls in data. + +SecRule REQUEST_FILENAME "@contains /index.php/apps/bookmarks/" \ + "id:9003350,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=931130,\ + ver:'OWASP_CRS/3.3.5'" + + +# +# [ Login forms ] +# + +# This removes checks on the 'password' and related fields: + +# User login password. + +SecRule REQUEST_FILENAME "@contains /index.php/login" \ + "id:9003400,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=941100;ARGS:requesttoken,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\ + ver:'OWASP_CRS/3.3.5'" + +# Reset password. + +SecRule REQUEST_FILENAME "@endsWith /index.php/login" \ + "id:9003410,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:action "@streq resetpass" \ + "t:none,\ + chain" + SecRule &ARGS:action "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + +# Change Password and Setting up a new user/password + +SecRule REQUEST_FILENAME "@endsWith /index.php/settings/users" \ + "id:9003500,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newuserpassword,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\ + ver:'OWASP_CRS/3.3.5'" + + +SecMarker "END-NEXTCLOUD-ADMIN" + +SecMarker "END-NEXTCLOUD" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf new file mode 100644 index 0000000..048d421 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf @@ -0,0 +1,273 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default Dokuwiki install. +# The exclusions are only active if crs_exclusions_dokuwiki=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. +# +# Note, if you want to relax the upload restrictions, +# see rule 900240. For Dokuwiki you can limit the exception +# to the ajax.php file: +# +# SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php" ... +# + + +SecRule &TX:crs_exclusions_dokuwiki|TX:crs_exclusions_dokuwiki "@eq 0" \ + "id:9004000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DOKUWIKI" + +SecRule &TX:crs_exclusions_dokuwiki|TX:crs_exclusions_dokuwiki "@eq 0" \ + "id:9004001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DOKUWIKI" + + +# +# -=[ Dokuwiki Front-End ]=- +# +# Note on files specified: +# /doku.php: shows pages, saves, edits, admin +# /lib/exe/ajax.php: autosave, uploads +# +# Allow pages to be edited, and ajax to save drafts. +# +# ARGS 'wikitext', 'suffix', and 'prefix' must allow the same things, +# as the page (in part or whole) is passed via 'suffix/prefix' at times. +# attack-protocol (921110-921160/920230): Allows odd characters on the page. +# CRS: (still need attack-protocol specified.) +# attack-injection-php (930000-933999): Allows code on page. +# attack-sqli (940000-942999): Allows SQL expressions on page. +# +# Others: +# 930100-930110;REQUEST_BODY: if there's a /../ in the text. +# +# ARGS:summary (the text in the 'summary' box on page edits.): +# Allowing 930120-930130 lets user save summaries with +# system file names. This should not be needed in normal +# use. But leaving a note here of how to allow in rule below: +# ctl:ruleRemoveTargetById=930120;ARGS:summary +# ctl:ruleRemoveTargetById=930130;ARGS:summary +# +# Also, can't specify: +# SecRule ARGS:do "@streq edit" \ +# SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php"\ +# because at times the do=edit can get dropped, so if we use +# above the edit will get blocked when the page is saved. + +# Hint: those using .htaccess rewrites can remove/replace +# this first 'SecRule...' line with 'SecAction \' (unsupported). + +SecRule REQUEST_FILENAME "@rx (?:/doku.php|/lib/exe/ajax.php)$" \ + "id:9004100,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_METHOD "@streq POST" \ + "t:none,\ + chain" + SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:wikitext,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wikitext,\ + ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:suffix,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:suffix,\ + ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:prefix,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:prefix,\ + ctl:ruleRemoveTargetById=930100-930110;REQUEST_BODY" + + +# Allow it to upload files. But check for cookies just to make sure. + +SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php" \ + "id:9004110,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_METHOD "@streq POST" \ + "t:none,\ + chain" + SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ + "t:none,\ + setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type}|application/octet-stream'" + + +# Show the index, even if things like "postgresql" or other things show up. + +SecRule REQUEST_FILENAME "@endsWith /doku.php" \ + "id:9004130,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:do "@streq index" \ + "t:none,\ + chain" + SecRule &ARGS:do "@eq 1" \ + "t:none,\ + ctl:ruleRemoveById=951240,\ + ctl:ruleRemoveById=953110" + + +# +# [ Login form ] +# + +# Turn off checks for password. + +SecRule REQUEST_FILENAME "@endsWith /doku.php" \ + "id:9004200,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:do "@streq login" \ + "t:none,\ + chain" + SecRule &ARGS:do "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:p" + + +# +# [ Admin Area ] +# +# Skip this section for performance unless do=admin is in request + +SecRule ARGS:do "!@streq admin" \ + "id:9004300,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DOKUWIKI-ADMIN" + +SecRule ARGS:do "!@streq admin" \ + "id:9004310,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DOKUWIKI-ADMIN" + + +# [ Reset password ] +# +# Turn off checks for pass1, pass1-text, pass2 + +SecRule REQUEST_FILENAME "@endsWith /doku.php" \ + "id:9004320,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:do "@streq login" \ + "t:none,\ + chain" + SecRule &ARGS:do "@eq 1" \ + "t:none,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" + + +# [ Save config ] +# +# Allow the config to be saved: +# 942200: If the user adds "..." to tagline: ARGS:config[tagline] +# 942430: if ARGS:config[hidepages] has pages looking like sql statements +# 942430,942440: "--- //[[@MAIL@|@NAME@]] @DATE@//"]" in ARGS:config[signature] + +SecRule REQUEST_FILENAME "@endsWith /doku.php" \ + "id:9004370,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:page "@streq config" \ + "t:none,\ + chain" + SecRule &ARGS:page "@eq 1" \ + "t:none,\ + chain" + SecRule REQUEST_METHOD "@streq POST" \ + "t:none,\ + chain" + SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ + "t:none,\ + ctl:ruleRemoveTargetById=920230;ARGS:config[dformat],\ + ctl:ruleRemoveTargetById=942200;ARGS:config[tagline],\ + ctl:ruleRemoveTargetById=942430;ARGS:config[hidepages],\ + ctl:ruleRemoveTargetById=942430-942440;ARGS:config[signature]" + + +# When the config loads after a save, it gets blocked because +# it has 'readdir' and lines that look like sql +# 942430,942440: "--- //[[@MAIL@|@NAME@]] @DATE@//"]" in ARGS:config[signature] +# 951240,953110: When the page reloads, it triggers +# postgres and php code disclosure rules. + +SecRule REQUEST_FILENAME "@endsWith /doku.php" \ + "id:9004380,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + noauditlog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule ARGS:page "@streq config" \ + "t:none,\ + chain" + SecRule &ARGS:page "@eq 1" \ + "t:none,\ + chain" + SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ + "t:none,\ + ctl:ruleRemoveById=951240,\ + ctl:ruleRemoveById=953110" + + +# End [ Admin Area ] + +SecMarker "END-DOKUWIKI-ADMIN" + +SecMarker "END-DOKUWIKI" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf new file mode 100644 index 0000000..5bc2803 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf @@ -0,0 +1,64 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default cPanel environment. +# The exclusions are only active if crs_exclusions_cpanel=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. + + +SecRule &TX:crs_exclusions_cpanel|TX:crs_exclusions_cpanel "@eq 0" \ + "id:9005000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-CPANEL" + +SecRule &TX:crs_exclusions_cpanel|TX:crs_exclusions_cpanel "@eq 0" \ + "id:9005001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-CPANEL" + + +# +# [ cPanel whm-server-status ] +# +# Cpanel's WHM auto generates requests to /whm-server-status from +# 127.0.0.1 (triggers rule 920280, non-blocking, log only) Once every 5 minutes. +# These false positives have a low impact (logged, non-blocking) to a large number of users (all cPanel admins). +# + +# +# Rule to allow cPanel whm-server-status requests from localhost without log entry. +# +SecRule REQUEST_LINE "@rx ^GET /whm-server-status(?:/|/\?auto)? HTTP/[12]\.[01]$" \ + "id:9005100,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-apache',\ + tag:'attack-generic',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ + "t:none,\ + ctl:ruleRemoveById=920280,\ + ctl:ruleRemoveById=920350" + + +SecMarker "END-CPANEL" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf new file mode 100644 index 0000000..969caaa --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf @@ -0,0 +1,587 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# These exclusions remedy false positives in a default XenForo install. +# The exclusions are only active if crs_exclusions_xenforo=1 is set. +# See rule 900130 in crs-setup.conf.example for instructions. + +SecRule &TX:crs_exclusions_xenforo|TX:crs_exclusions_xenforo "@eq 0" \ + "id:9006000,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-XENFORO" + +SecRule &TX:crs_exclusions_xenforo|TX:crs_exclusions_xenforo "@eq 0" \ + "id:9006001,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-XENFORO" + + +# +# -=[ XenForo Front-End ]=- +# + +# Proxy for images and remote content embedded in forum posts +# GET /xf/proxy.php?image=https://example.com/some.jpg&hash=foo +# GET /xf/proxy.php?link=https://example.com&hash=foo +# POST /xf/proxy.php, body: referrer=... +SecRule REQUEST_FILENAME "@endsWith /proxy.php" \ + "id:9006100,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:image,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:link,\ + ctl:ruleRemoveTargetById=931130;ARGS:referrer,\ + ctl:ruleRemoveTargetById=942230;ARGS:referrer,\ + ver:'OWASP_CRS/3.3.5'" + +# Store drafts for private message, forum post, thread reply +# POST /xf/conversations/draft +# POST /xf/conversations/convo-title.12345/draft +# POST /xf/forums/forum-title.12345/draft +# POST /xf/threads/thread-title-%E2%98%85.12345/draft +# +# attachment_hash_combined example: +# {"type":"post","context":{"post_id":12345},"hash":"0123456789abcdef..."} +SecRule REQUEST_FILENAME "@rx /(?:conversations|(?:conversations|forums|threads)/.*)/draft$" \ + "id:9006110,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=931130;ARGS:href,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:title,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message_html,\ + ctl:ruleRemoveTargetById=942200;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942260;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942340;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942370;ARGS:attachment_hash_combined,\ + ver:'OWASP_CRS/3.3.5'" + +# Send PM, edit post, create thread, reply to thread +# POST /xf/conversations/add +# POST /xf/conversations/add-preview +# POST /xf/conversations/messages/1463947/edit +# POST /xf/posts/12345/edit +# POST /xf/posts/12345/preview +# POST /xf/conversations/convo-title.12345/add-reply +# POST /xf/threads/thread-title.12345/add-reply +# POST /xf/threads/thread-title.12345/reply-preview +# POST /xf/forums/forum-title.12345/post-thread +# POST /xf/forums/blogs/post-thread +# POST /xf/forums/forum-title.12345/thread-preview +SecRule REQUEST_FILENAME "@rx /(?:conversations/add(?:-preview)?|conversations/messages/\d+/edit|posts/\d+/(?:edit|preview)|(?:conversations|threads)/.*\.\d+/(?:add-reply|reply-preview)|forums/.*/(?:post-thread|thread-preview))$" \ + "id:9006120,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:title,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message_html,\ + ctl:ruleRemoveTargetById=942200;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942260;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942340;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942370;ARGS:attachment_hash_combined,\ + ver:'OWASP_CRS/3.3.5'" + +# Quote +# POST /xf/posts/12345/quote +SecRule REQUEST_FILENAME "@rx /posts/\d+/quote$" \ + "id:9006130,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:quoteHtml,\ + ver:'OWASP_CRS/3.3.5'" + +# Multi quote +# POST /xf/conversations/convo-title.12345/multi-quote +# POST /xf/threads/thread-title.12345/multi-quote +# quotes={"12345":["quote-html"]} +SecRule REQUEST_FILENAME "@rx /(?:conversations|threads)/.*\.\d+/multi-quote$" \ + "id:9006140,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:quotes,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[0][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[1][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[2][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[3][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[4][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[5][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[6][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[7][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[8][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:insert[9][value],\ + ver:'OWASP_CRS/3.3.5'" + +# Delete thread +# POST /xf/threads/thread-title.12345/delete +SecRule REQUEST_FILENAME "@rx /threads/.*\.\d+/delete$" \ + "id:9006150,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=942130;ARGS:starter_alert_reason,\ + ver:'OWASP_CRS/3.3.5'" + +# Feature thread +# POST /xf/threads/thread-title.12345/feature-edit +SecRule REQUEST_FILENAME "@rx /threads/.*\.\d+/feature-edit$" \ + "id:9006155,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:feature[feature_excerpt]" + +# Inline moderate thread +# POST /xf/inline-mod/ +SecRule REQUEST_FILENAME "@endsWith /inline-mod/" \ + "id:9006160,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:author_alert_reason,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ver:'OWASP_CRS/3.3.5'" + +# Warn member +# POST /xf/members/name.12345/warn +# POST /xf/posts/12345/warn +SecRule REQUEST_FILENAME "@rx /(?:members/.*\.\d+|posts/\d+)/warn$" \ + "id:9006170,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:conversation_message,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:notes,\ + ver:'OWASP_CRS/3.3.5'" + +# Editor +SecRule REQUEST_URI "@endsWith /index.php?editor/to-html" \ + "id:9006200,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:bb_code,\ + ctl:ruleRemoveTargetById=942200;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942260;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942340;ARGS:attachment_hash_combined,\ + ctl:ruleRemoveTargetById=942370;ARGS:attachment_hash_combined,\ + ver:'OWASP_CRS/3.3.5'" + +# Editor +SecRule REQUEST_URI "@endsWith /index.php?editor/to-bb-code" \ + "id:9006210,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:html,\ + ver:'OWASP_CRS/3.3.5'" + +# Post attachment +# POST /xf/account/avatar +# POST /xf/attachments/upload?type=post&context[thread_id]=12345&hash=foo +SecRule REQUEST_FILENAME "@rx /(?:account/avatar|attachments/upload)$" \ + "id:9006220,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=200003,\ + ctl:ruleRemoveTargetById=942220;ARGS:flowChunkSize,\ + ctl:ruleRemoveTargetById=942440;ARGS:flowIdentifier,\ + ctl:ruleRemoveTargetById=942440;ARGS:flowFilename,\ + ctl:ruleRemoveTargetById=942440;ARGS:flowRelativePath,\ + ver:'OWASP_CRS/3.3.5'" + +# Media +# POST /xf/index.php?editor/media +SecRule REQUEST_URI "@endsWith /index.php?editor/media" \ + "id:9006230,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=931130;ARGS:url,\ + ctl:ruleRemoveTargetById=942130;ARGS:url,\ + ver:'OWASP_CRS/3.3.5'" + +# Emoji +# GET /xf/index.php?misc/find-emoji&q=(%0A%0A +SecRule REQUEST_URI "@rx /index\.php\?misc/find-emoji&q=" \ + "id:9006240,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=921151;ARGS:q,\ + ver:'OWASP_CRS/3.3.5'" + +# Login +# POST /xf/login/login +SecRule REQUEST_FILENAME "@endsWith /login/login" \ + "id:9006300,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\ + ver:'OWASP_CRS/3.3.5'" + +# Register account +# POST /xf/register/register +# The password is passed in a variable-name form parameter. We don't +# want to exclude all parameters completely as this would cause an +# unacceptable bypass. So, we exclude only commonly hit rules. +SecRule REQUEST_FILENAME "@endsWith /register/register" \ + "id:9006310,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=942130;ARGS,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:reg_key,\ + ver:'OWASP_CRS/3.3.5'" + +# Confirm account +# GET /xf/account-confirmation/name.12345/email?c=foo +SecRule REQUEST_FILENAME "@rx /account-confirmation/.*\.\d+/email$" \ + "id:9006315,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:c" + +# Edit account +# POST /xf/account/account-details +SecRule REQUEST_FILENAME "@endsWith /account/account-details" \ + "id:9006320,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=931130;ARGS:custom_fields[picture],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:about_html,\ + ver:'OWASP_CRS/3.3.5'" + +# Lost password +# POST /xf/lost-password/user-name.12345/confirm?c=foo +SecRule REQUEST_FILENAME "@rx /lost-password/.*\.\d+/confirm$" \ + "id:9006330,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:c,\ + ver:'OWASP_CRS/3.3.5'" + +# Set forum signature +# POST /xf/account/signature +SecRule REQUEST_FILENAME "@endsWith /account/signature" \ + "id:9006340,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:signature_html,\ + ver:'OWASP_CRS/3.3.5'" + +# Search +# POST /xf/search/search +SecRule REQUEST_FILENAME "@endsWith /search/search" \ + "id:9006400,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:keywords,\ + ctl:ruleRemoveTargetById=942200;ARGS:constraints,\ + ctl:ruleRemoveTargetById=942260;ARGS:constraints,\ + ctl:ruleRemoveTargetById=942340;ARGS:constraints,\ + ctl:ruleRemoveTargetById=942370;ARGS:constraints,\ + ver:'OWASP_CRS/3.3.5'" + +# Search within thread +# GET /xf/threads/foo.12345/page12?highlight=foo +SecRule REQUEST_FILENAME "@rx /threads/.*\.\d+/(?:page\d+)?$" \ + "id:9006410,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:highlight,\ + ver:'OWASP_CRS/3.3.5'" + +# Search within search result +# GET /xf/search/12345/?q=foo +SecRule REQUEST_FILENAME "@rx /search/\d+/$" \ + "id:9006420,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:q,\ + ver:'OWASP_CRS/3.3.5'" + +# Contact form +# POST /xf/misc/contact +SecRule REQUEST_FILENAME "@endsWith /misc/contact" \ + "id:9006500,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:subject,\ + ver:'OWASP_CRS/3.3.5'" + +# Report post +# POST /xf/posts/12345/report +SecRule REQUEST_FILENAME "@rx /posts/\d+/report$" \ + "id:9006510,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ver:'OWASP_CRS/3.3.5'" + +# Alternate thread view route +# /xf/index.php?threads/title-having-some-sql.12345/ +# +# Especially threads with the HAVING sql keyword are FP prone. +# This rule has some chains to narrow down the exclusion, +# making it harder for an attacker to abuse the ARGS_NAMES +# exclusion on other endpoints. +SecRule REQUEST_FILENAME "@endsWith /index.php" \ + "id:9006600,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_METHOD "@streq GET" \ + "t:none,\ + chain" + SecRule &ARGS "@eq 1" \ + "t:none,\ + chain" + SecRule REQUEST_URI "@rx /index\.php\?threads/.*\.\d+/$" \ + "t:none,\ + ctl:ruleRemoveTargetById=942100;ARGS_NAMES,\ + ctl:ruleRemoveTargetById=942230;ARGS_NAMES" + +# Browser fingerprint (DBTech security extension) +# May Contain various javascript/XSS false positives +SecRule REQUEST_URI "@endsWith /index.php?dbtech-security/fingerprint" \ + "id:9006700,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:components[14][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:components[15][value],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:components[16][value],\ + ver:'OWASP_CRS/3.3.5'" + +# Get location info +SecRule REQUEST_FILENAME "@endsWith /misc/location-info" \ + "id:9006710,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:location,\ + ver:'OWASP_CRS/3.3.5'" + +# +# -=[ XenForo Global Exclusions ]=- +# + +# _xfRedirect, _xfRequestUri can appear on various endpoints. +# Cookies can appear on all endpoints. + +SecAction \ + "id:9006800,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=931120;ARGS:_xfRedirect,\ + ctl:ruleRemoveTargetById=941150;ARGS:_xfRedirect,\ + ctl:ruleRemoveTargetById=942230;ARGS:_xfRedirect,\ + ctl:ruleRemoveTargetById=942260;ARGS:_xfRedirect,\ + ctl:ruleRemoveTargetById=931120;ARGS:_xfRequestUri,\ + ctl:ruleRemoveTargetById=941150;ARGS:_xfRequestUri,\ + ctl:ruleRemoveTargetById=942130;ARGS:_xfRequestUri,\ + ctl:ruleRemoveTargetById=942230;ARGS:_xfRequestUri,\ + ctl:ruleRemoveTargetById=942260;ARGS:_xfRequestUri,\ + ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_csrf,\ + ctl:ruleRemoveTargetById=942210;REQUEST_COOKIES:xf_csrf,\ + ctl:ruleRemoveTargetById=942440;REQUEST_COOKIES:xf_csrf,\ + ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_emoji_usage,\ + ctl:ruleRemoveTargetById=942150;REQUEST_COOKIES:xf_emoji_usage,\ + ctl:ruleRemoveTargetById=942410;REQUEST_COOKIES:xf_emoji_usage,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;REQUEST_COOKIES:xf_ls,\ + ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_session,\ + ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:xf_user,\ + ver:'OWASP_CRS/3.3.5'" + +# +# -=[ XenForo Administration Back-End ]=- +# + +# Skip this section for performance unless requested file is admin.php + +SecRule REQUEST_FILENAME "!@endsWith /admin.php" \ + "id:9006900,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-XENFORO-ADMIN" + +SecRule REQUEST_FILENAME "!@endsWith /admin.php" \ + "id:9006901,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-XENFORO-ADMIN" + +# Admin edit user +# POST /xf/admin.php?users/the-user-name.12345/edit +SecRule REQUEST_URI "@rx /admin\.php\?users/.*\.\d+/edit$" \ + "id:9006910,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:profile[about],\ + ctl:ruleRemoveTargetById=931130;ARGS:profile[website],\ + ver:'OWASP_CRS/3.3.5'" + +# Admin save user +# POST /xf/admin.php?users/the-user-name.12345/save +# Runs in phase 1 to be able to remove rule 200003. +SecRule REQUEST_URI "@rx /admin\.php\?users/.*\.\d+/save$" \ + "id:9006920,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveById=200003,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:custom_fields[occupation],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:custom_fields[personal_quote],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:profile[about],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:profile[signature],\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:custom_fields[sexuality],\ + ctl:ruleRemoveTargetById=931130;ARGS:custom_fields[picture],\ + ctl:ruleRemoveTargetById=931130;ARGS:profile[website],\ + ver:'OWASP_CRS/3.3.5'" + + +# Admin edit forum notice +# POST /xf/admin.php?notices/0/save +# POST /xf/admin.php?notices/forum-name.12345/save +SecRule REQUEST_URI "@rx /admin\.php\?notices/(?:.*\.)?\d+/save$" \ + "id:9006930,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:message,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:title,\ + ver:'OWASP_CRS/3.3.5'" + +# Admin batch thread update +# POST /xf/admin.php?threads/batch-update/action +SecRule REQUEST_URI "@rx /admin\.php\?(?:threads|users)/batch-update/action$" \ + "id:9006940,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=942200;ARGS:criteria,\ + ctl:ruleRemoveTargetById=942260;ARGS:criteria,\ + ctl:ruleRemoveTargetById=942330;ARGS:criteria,\ + ctl:ruleRemoveTargetById=942340;ARGS:criteria,\ + ctl:ruleRemoveTargetById=942370;ARGS:criteria,\ + ver:'OWASP_CRS/3.3.5'" + +# Edit forum theme +# POST /xf/admin.php?styles/title.1234/style-properties/group&group=basic +SecRule REQUEST_URI "@rx /admin\.php\?styles/" \ + "id:9006950,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetById=942200;ARGS:json,\ + ctl:ruleRemoveTargetById=942260;ARGS:json,\ + ctl:ruleRemoveTargetById=942300;ARGS:json,\ + ctl:ruleRemoveTargetById=942330;ARGS:json,\ + ctl:ruleRemoveTargetById=942340;ARGS:json,\ + ctl:ruleRemoveTargetById=942370;ARGS:json,\ + ctl:ruleRemoveTargetById=942440;ARGS:json,\ + ver:'OWASP_CRS/3.3.5'" + +# Set forum options +# POST /xf/admin.php?options/update +SecRule REQUEST_URI "@rx /admin\.php\?options/update" \ + "id:9006960,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:options[boardInactiveMessage],\ + ver:'OWASP_CRS/3.3.5'" + +# Edit pages/templates +# POST /xf/admin.php?pages/0/save +# POST /xf/admin.php?pages/foo.12345/save +# POST /xf/admin.php?templates/foo.1234/save +SecRule REQUEST_URI "@rx /admin\.php\?(?:pages|templates)/.*/save" \ + "id:9006970,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:template,\ + ver:'OWASP_CRS/3.3.5'" + +SecMarker "END-XENFORO-ADMIN" + +SecMarker "END-XENFORO" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-905-COMMON-EXCEPTIONS.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-905-COMMON-EXCEPTIONS.conf new file mode 100644 index 0000000..191f2ea --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-905-COMMON-EXCEPTIONS.conf @@ -0,0 +1,55 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + + +# This file is used as an exception mechanism to remove common false positives +# that may be encountered. +# +# Exception for Apache SSL pinger +# +SecRule REQUEST_LINE "@streq GET /" \ + "id:905100,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-apache',\ + tag:'attack-generic',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ + "t:none,\ + ctl:ruleEngine=Off,\ + ctl:auditEngine=Off" + +# +# Exception for Apache internal dummy connection +# +SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ + "id:905110,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-apache',\ + tag:'attack-generic',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \ + "t:none,\ + chain" + SecRule REQUEST_LINE "@rx ^(?:GET /|OPTIONS \*) HTTP/[12]\.[01]$" \ + "t:none,\ + ctl:ruleEngine=Off,\ + ctl:auditEngine=Off" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-910-IP-REPUTATION.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-910-IP-REPUTATION.conf new file mode 100644 index 0000000..8f22689 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-910-IP-REPUTATION.conf @@ -0,0 +1,323 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:910011,phase:1,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:910012,phase:2,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ IP Reputation Block Flag Check ]=- +# +# The first check we do is to see if the client IP address has already +# been blacklisted by rules from previous requests. +# +# If the rule matches, it will do a skipAfter and pick up processing +# at the end of the request phase for actual blocking. +# +SecRule TX:DO_REPUT_BLOCK "@eq 1" \ + "id:910000,\ + phase:2,\ + block,\ + t:none,\ + msg:'Request from Known Malicious Client (Based on previous traffic violations)',\ + logdata:'Previous Block Reason: %{ip.reput_block_reason}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain,\ + skipAfter:BEGIN-REQUEST-BLOCKING-EVAL" + SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ GeoIP Checks ]=- +# +# This rule requires activating the SecGeoLookupDB directive +# in the crs-setup.conf file and specifying +# the list of blocked countries (tx.high_risk_country_codes). +# +# This rule does a GeoIP resolution on the client IP address. +# +SecRule TX:HIGH_RISK_COUNTRY_CODES "!@rx ^$" \ + "id:910100,\ + phase:2,\ + block,\ + t:none,\ + msg:'Client IP is from a HIGH Risk Country Location',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule TX:REAL_IP "@geoLookup" \ + "chain" + SecRule GEO:COUNTRY_CODE "@within %{tx.high_risk_country_codes}" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + +# +# -=[ IP Reputation Checks ]=- +# +# ModSecurity Rules from Trustwave SpiderLabs: IP Blacklist Alert +# Ref: http://www.modsecurity.org/projects/commercial/rules/ +# +# This rule checks the client IP address against a list of recent IPs captured +# from the SpiderLabs web honeypot systems (last 48 hours). +# +#SecRule TX:REAL_IP "@ipMatchFromFile ip_blacklist.data" \ +# "id:910110,\ +# phase:2,\ +# block,\ +# t:none,\ +# msg:'Client IP in Trustwave SpiderLabs IP Reputation Blacklist',\ +# tag:'application-multi',\ +# tag:'language-multi',\ +# tag:'platform-multi',\ +# tag:'attack-reputation-ip',\ +# tag:'paranoia-level/1',\ +# severity:'CRITICAL',\ +# setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ +# setvar:'ip.reput_block_flag=1',\ +# setvar:'ip.reput_block_reason=%{rule.msg}',\ +# expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + +# +# First check if we have already run an @rbl check for this IP by checking in IP collection. +# If we have, then skip doing another check. +# +SecRule IP:PREVIOUS_RBL_CHECK "@eq 1" \ + "id:910120,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-RBL-LOOKUP" + +# +# Check Client IP against ProjectHoneypot's HTTP Blacklist +# Ref: http://www.projecthoneypot.org/httpbl_api.php +# +# To use the blacklist, you must register for an HttpBL API Key +# and choose the traffic types to block. See section +# "Project Honey Pot HTTP Blacklist" in crs-setup.conf. +# +# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecHttpBlKey +# + +# Skip HttpBL checks if user has not defined one of the TX:block_* variables. +# This prevents error "Operator error: RBL httpBl called but no key defined: set SecHttpBlKey" +SecRule &TX:block_suspicious_ip "@eq 0" \ + "id:910130,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + chain,\ + skipAfter:END-RBL-CHECK" + SecRule &TX:block_harvester_ip "@eq 0" \ + "chain" + SecRule &TX:block_spammer_ip "@eq 0" \ + "chain" + SecRule &TX:block_search_ip "@eq 0" + +SecRule TX:REAL_IP "@rbl dnsbl.httpbl.org" \ + "id:910140,\ + phase:2,\ + pass,\ + capture,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.httpbl_msg=%{tx.0}',\ + chain" + SecRule TX:httpbl_msg "@rx RBL lookup of .*?.dnsbl.httpbl.org succeeded at TX:checkip. (.*?): .*" \ + "capture,\ + t:none,\ + setvar:'tx.httpbl_msg=%{tx.1}'" + +# The following regexs are generated based off re_operators.c +SecRule TX:block_search_ip "@eq 1" \ + "id:910150,\ + phase:2,\ + block,\ + t:none,\ + msg:'HTTP Blacklist match for search engine IP',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain,\ + skipAfter:END-RBL-CHECK" + SecRule TX:httpbl_msg "@rx Search Engine" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + setvar:'ip.previous_rbl_check=1',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}',\ + expirevar:'ip.previous_rbl_check=86400'" + +SecRule TX:block_spammer_ip "@eq 1" \ + "id:910160,\ + phase:2,\ + block,\ + t:none,\ + msg:'HTTP Blacklist match for spammer IP',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain,\ + skipAfter:END-RBL-CHECK" + SecRule TX:httpbl_msg "@rx (?i)^.*? spammer .*?$" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + setvar:'ip.previous_rbl_check=1',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}',\ + expirevar:'ip.previous_rbl_check=86400'" + +SecRule TX:block_suspicious_ip "@eq 1" \ + "id:910170,\ + phase:2,\ + block,\ + t:none,\ + msg:'HTTP Blacklist match for suspicious IP',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain,\ + skipAfter:END-RBL-CHECK" + SecRule TX:httpbl_msg "@rx (?i)^.*? suspicious .*?$" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + setvar:'ip.previous_rbl_check=1',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}',\ + expirevar:'ip.previous_rbl_check=86400'" + +SecRule TX:block_harvester_ip "@eq 1" \ + "id:910180,\ + phase:2,\ + block,\ + t:none,\ + msg:'HTTP Blacklist match for harvester IP',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain,\ + skipAfter:END-RBL-CHECK" + SecRule TX:httpbl_msg "@rx (?i)^.*? harvester .*?$" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + setvar:'ip.previous_rbl_check=1',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}',\ + expirevar:'ip.previous_rbl_check=86400'" + +SecAction \ + "id:910190,\ + phase:2,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-ip',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'ip.previous_rbl_check=1',\ + expirevar:'ip.previous_rbl_check=86400'" + +SecMarker "END-RBL-LOOKUP" + +SecMarker "END-RBL-CHECK" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:910013,phase:1,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:910014,phase:2,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:910015,phase:1,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:910016,phase:2,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:910017,phase:1,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:910018,phase:2,pass,nolog,skipAfter:END-REQUEST-910-IP-REPUTATION" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-910-IP-REPUTATION" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-911-METHOD-ENFORCEMENT.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-911-METHOD-ENFORCEMENT.conf new file mode 100644 index 0000000..840fe2b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-911-METHOD-ENFORCEMENT.conf @@ -0,0 +1,76 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ Allowed Request Methods ]=- +# +# tx.allowed_methods is defined in the crs-setup.conf file +# +SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ + "id:911100,\ + phase:2,\ + block,\ + msg:'Method is not allowed by policy',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-generic',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/274',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-911-METHOD-ENFORCEMENT" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-912-DOS-PROTECTION.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-912-DOS-PROTECTION.conf new file mode 100644 index 0000000..46767c1 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-912-DOS-PROTECTION.conf @@ -0,0 +1,324 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# Anti-Automation rules to detect Denial of Service attacks. +# +# Description of mechanics: +# When a request hits a non-static resource (TX:STATIC_EXTENSIONS), then a counter for the IP +# address is being raised (IP:DOS_COUNTER). If the counter (IP:DOS_COUNTER) hits a limit +# (TX:DOS_COUNTER_THRESHOLD), then a burst is identified (IP:DOS_BURST_COUNTER) and the +# counter (IP:DOS_COUNTER) is reset. The burst counter expires within a timeout period +# (TX:DOS_BURST_TIME_SLICE). +# If the burst counter (IP:DOS_BURST_COUNTER) is greater equal 2, then the blocking flag +# is being set (IP:DOS_BLOCK). The blocking flag (IP:DOS_BLOCK) expires within a timeout +# period (TX:DOS_BLOCK_TIMEOUT). All this counting happens in phase 5. +# There is a stricter sibling to this rule (912170) in paranoia level 2, where the +# burst counter check (IP:DOS_BURST_COUNTER) hits at greater equal 1. +# +# The blocking is done in phase 1: When the blocking flag is encountered (IP:DOS_BLOCK), +# then the request is dropped without sending a response. If this happens, then a +# counter is # raised (IP:DOS_BLOCK_COUNTER). +# When an IP address is blocked for the first time, then the blocking is reported in a +# message and a flag (IP:DOS_BLOCK_FLAG) is set. This flag expires in 60 seconds. +# When an IP address is blocked and the flag (IP:DOS_BLOCK_FLAG) is set, then the +# blocking is not being reported (to prevent a flood of alerts). When the flag +# (IP:DOS_BLOCK_FLAG) has expired and a new request is being blocked, then the +# counter (IP:DOS_BLOCK_COUNTER) is being reset to 0 and the block is being treated +# as the first block (-> alert). +# In order to be able to display the counter (IP:DOS_BLOCK_COUNTER) and resetting +# it at the same time, we copy the counter (IP:DOS_BLOCK_COUNTER) into a different +# variable (TX:DOS_BLOCK_COUNTER), which is then displayed in turn. +# +# Variables: +# IP:DOS_BLOCK Flag if an IP address should be blocked +# IP:DOS_BLOCK_COUNTER Counter of blocked requests +# IP:DOS_BLOCK_FLAG Flag keeping track of alert. Flag expires after 60 seconds. +# IP:DOS_BURST_COUNTER Burst counter +# IP:DOS_COUNTER Request counter (static resources are ignored) +# TX:DOS_BLOCK_COUNTER Copy of IP:DOS_BLOCK_COUNTER (needed for display reasons) +# TX:DOS_BLOCK_TIMEOUT Period in seconds a blocked IP will be blocked +# TX:DOS_COUNTER_THRESHOLD Limit of requests, where a burst is identified +# TX:DOS_BURST_TIME_SLICE Period in seconds when we will forget a burst +# TX:STATIC_EXTENSIONS Paths which can be ignored with regards to DoS +# +# As a precondition for these rules, please set the following three variables: +# - TX:DOS_BLOCK_TIMEOUT +# - TX:DOS_COUNTER_THRESHOLD +# - TX:DOS_BURST_TIME_SLICE +# +# And make sure that TX:STATIC_EXTENSIONS is also set. +# + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + +# +# Skip if variables defining DoS protection are not set +# +SecRule &TX:dos_burst_time_slice "@eq 0" \ + "id:912100,\ + phase:1,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain,\ + skipAfter:END-DOS-PROTECTION-CHECKS" + SecRule &TX:dos_counter_threshold "@eq 0" \ + "chain" + SecRule &TX:dos_block_timeout "@eq 0" + +SecRule &TX:dos_burst_time_slice "@eq 0" \ + "id:912110,\ + phase:5,\ + pass,\ + t:none,\ + nolog,\ + ver:'OWASP_CRS/3.3.5',\ + chain,\ + skipAfter:END-DOS-PROTECTION-CHECKS" + SecRule &TX:dos_counter_threshold "@eq 0" \ + "chain" + SecRule &TX:dos_block_timeout "@eq 0" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:912011,phase:1,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:912012,phase:2,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ Anti-Automation / DoS Protection : Block ]=- +# + +# +# Block and track # of requests and log +# +SecRule IP:DOS_BLOCK "@eq 1" \ + "id:912120,\ + phase:1,\ + drop,\ + msg:'Denial of Service (DoS) attack identified from %{tx.real_ip} (%{tx.dos_block_counter} hits since last alert)',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'paranoia-level/1',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &IP:DOS_BLOCK_FLAG "@eq 0" \ + "setvar:'ip.dos_block_counter=+1',\ + setvar:'ip.dos_block_flag=1',\ + setvar:'tx.dos_block_counter=%{ip.dos_block_counter}',\ + setvar:'ip.dos_block_counter=0',\ + expirevar:'ip.dos_block_flag=60'" + + +# +# Block and track # of requests but don't log +# +SecRule IP:DOS_BLOCK "@eq 1" \ + "id:912130,\ + phase:1,\ + drop,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'ip.dos_block_counter=+1'" + + +# +# -=[ Anti-Automation / DoS Protection: Count requests ]=- +# + +# +# Skip if we have blocked the request +# +SecRule IP:DOS_BLOCK "@eq 1" \ + "id:912140,\ + phase:5,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + ver:'OWASP_CRS/3.3.5',\ + skipAfter:END-DOS-PROTECTION-CHECKS" + + +# +# DOS Counter: Count the number of requests to non-static resources +# +SecRule REQUEST_BASENAME "@rx .*?(\.[a-z0-9]{1,10})?$" \ + "id:912150,\ + phase:5,\ + pass,\ + capture,\ + t:none,t:lowercase,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'tx.extension=/%{TX.1}/',\ + chain" + SecRule TX:EXTENSION "!@within %{tx.static_extensions}" \ + "setvar:'ip.dos_counter=+1'" + + +# +# Check DOS Counter +# If the request count is greater than or equal to user settings, +# we raise the burst counter. This happens via two separate rules: +# - 912160: raise from 0 to 1 +# - 912161: raise from 1 to 2 +# +# This approach with two rules avoids raising the burst counter +# from 0 to 2 via two concurrent requests. We do not raise the +# burst counter beyond 2. +# +# +SecRule IP:DOS_COUNTER "@ge %{tx.dos_counter_threshold}" \ + "id:912160,\ + phase:5,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &IP:DOS_BURST_COUNTER "@eq 0" \ + "setvar:'ip.dos_burst_counter=1',\ + setvar:'!ip.dos_counter',\ + expirevar:'ip.dos_burst_counter=%{tx.dos_burst_time_slice}'" + + +SecRule IP:DOS_COUNTER "@ge %{tx.dos_counter_threshold}" \ + "id:912161,\ + phase:5,\ + pass,\ + t:none,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + chain" + SecRule &IP:DOS_BURST_COUNTER "@ge 1" \ + "setvar:'ip.dos_burst_counter=2',\ + setvar:'!ip.dos_counter',\ + expirevar:'ip.dos_burst_counter=%{tx.dos_burst_time_slice}'" + + +# +# Check DOS Burst Counter and set Block +# Check the burst counter - if greater than or equal to 2, then we set the IP +# block variable for a given expiry and issue an alert. +# +SecRule IP:DOS_BURST_COUNTER "@ge 2" \ + "id:912170,\ + phase:5,\ + pass,\ + t:none,\ + log,\ + msg:'Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'paranoia-level/1',\ + tag:'attack-dos',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'ip.dos_block=1',\ + expirevar:'ip.dos_block=%{tx.dos_block_timeout}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:912013,phase:1,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:912014,phase:2,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:912019,phase:5,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +# +# Check DOS Burst Counter and set Block +# Check the burst counter - if greater than or equal to 1, then we set the IP +# block variable for a given expiry and issue an alert. +# +# This is a stricter sibling of rule 912170. +# +SecRule IP:DOS_BURST_COUNTER "@ge 1" \ + "id:912171,\ + phase:5,\ + pass,\ + t:none,\ + log,\ + msg:'Potential Denial of Service (DoS) Attack from %{tx.real_ip} - # of Request Bursts: %{ip.dos_burst_counter}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-dos',\ + tag:'paranoia-level/2',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/227/469',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'ip.dos_block=1',\ + expirevar:'ip.dos_block=%{tx.dos_block_timeout}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:912015,phase:1,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:912016,phase:2,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:912017,phase:1,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:912018,phase:2,pass,nolog,skipAfter:END-REQUEST-912-DOS-PROTECTION" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-912-DOS-PROTECTION" + +SecMarker "END-DOS-PROTECTION-CHECKS" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-913-SCANNER-DETECTION.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-913-SCANNER-DETECTION.conf new file mode 100644 index 0000000..6e12d08 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-913-SCANNER-DETECTION.conf @@ -0,0 +1,199 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ Vulnerability Scanner Checks ]=- +# +# These rules inspect the default User-Agent and Header values sent by +# various commercial and open source vuln scanners. +# +# The following rules contain User-Agent lists: +# 913100 - security scanners (data file scanners-user-agents.data) +# 913101 - scripting/generic HTTP clients (data file scripting-user-agents.data) +# 913102 - web crawlers/bots (data file crawlers-user-agents.data) +# +SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ + "id:913100,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Found User-Agent associated with security scanner',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-scanner',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/118/224/541/310',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + +SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@pmFromFile scanners-headers.data" \ + "id:913110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Found request header associated with security scanner',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-scanner',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/118/224/541/310',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + + +SecRule REQUEST_FILENAME|ARGS "@pmFromFile scanners-urls.data" \ + "id:913120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Found request filename/argument associated with security scanner',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-scanner',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/118/224/541/310',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + +# +# -=[ Scripting/Generic User-Agents ]=- +# +# This rule detects user-agents associated with various HTTP client libraries +# and scripting languages. Detection suggests attempted access by some +# automated tool. +# +# This rule is a sibling of rule 913100. +# +SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scripting-user-agents.data" \ + "id:913101,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Found User-Agent associated with scripting/generic HTTP client',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-scripting',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/118/224/541/310',\ + tag:'PCI/6.5.10',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + + +# +# -=[ Crawler User-Agents ]=- +# +# This rule detects user-agents associated with various crawlers, SEO tools, +# and bots, which have been reported to potentially misbehave. +# These crawlers can have legitimate uses when used with authorization. +# +# This rule is a sibling of rule 913100. +# +SecRule REQUEST_HEADERS:User-Agent "@pmFromFile crawlers-user-agents.data" \ + "id:913102,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Found User-Agent associated with web crawler/bot',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-reputation-crawler',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/118/224/541/310',\ + tag:'PCI/6.5.10',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}',\ + setvar:'ip.reput_block_flag=1',\ + setvar:'ip.reput_block_reason=%{rule.msg}',\ + expirevar:'ip.reput_block_flag=%{tx.reput_block_duration}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,skipAfter:END-REQUEST-913-SCANNER-DETECTION" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-913-SCANNER-DETECTION" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf new file mode 100644 index 0000000..7f31387 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf @@ -0,0 +1,1685 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# Some protocol violations are common in application layer attacks. +# Validating HTTP requests eliminates a large number of application layer attacks. +# +# The purpose of this rules file is to enforce HTTP RFC requirements that state how +# the client is supposed to interact with the server. +# https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html + + + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# Validate request line against the format specified in the HTTP RFC +# +# -=[ Rule Logic ]=- +# +# Uses rule negation against the regex for positive security. The regex specifies the proper +# construction of URI request lines such as: +# +# "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]] +# +# It also outlines proper construction for CONNECT, OPTIONS and GET requests. +# +# -=[ References ]=- +# https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.1 +# http://capec.mitre.org/data/definitions/272.html +# +SecRule REQUEST_LINE "!@rx ^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" \ + "id:920100,\ + phase:2,\ + block,\ + t:none,\ + msg:'Invalid HTTP Request Line',\ + logdata:'%{request_line}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'WARNING',\ + setvar:'tx.anomaly_score_pl1=+%{tx.warning_anomaly_score}'" + + +# +# Identify multipart/form-data name evasion attempts +# +# There are possible impedance mismatches between how +# ModSecurity interprets multipart file names and how +# a destination app server such as PHP might parse the +# Content-Disposition data: +# +# filename-parm := "filename" "=" value +# +# -=[ Rule Logic ]=- +# These rules check for the existence of the ' " ; = meta-characters in +# either the file or file name variables. +# HTML entities may lead to false positives, why they are allowed on PL1. +# Negative look behind assertions allow frequently used entities &_; +# +# -=[ Targets, characters and html entities ]=- +# +# 920120: PL1 : FILES_NAMES, FILES +# ['\";=] but allowed: +# &[aAoOuUyY]uml); &[aAeEiIoOuU]circ; &[eEiIoOuUyY]acute; +# &[aAeEiIoOuU]grave; &[cC]cedil; &[aAnNoO]tilde; & ' +# +# 920121: PL2 : FILES_NAMES, FILES +# ['\";=] : ' " ; = meta-characters +# +# Not supported by re2 (?@-]+)*$" \ + "id:920470,\ + phase:1,\ + block,\ + t:none,t:lowercase,\ + msg:'Illegal Content-Type header',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# In case Content-Type header can be parsed, check the mime-type against +# the policy defined in the 'allowed_request_content_type' variable. +# To change your policy, edit crs-setup.conf and activate rule 900220. +SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \ + "id:920420,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Request content type is not allowed by policy',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.content_type=|%{tx.0}|',\ + chain" + SecRule TX:content_type "!@within %{tx.allowed_request_content_type}" \ + "t:lowercase,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# Restrict charset parameter within the content-type header +# +SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \ + "id:920480,\ + phase:1,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Request content type charset is not allowed by policy',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule TX:1 "!@rx ^%{tx.allowed_request_content_type_charset}$" \ + "t:none,\ + ctl:forceRequestBodyVariable=On,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Restrict charset parameter inside content type header to occur max once. +# +SecRule REQUEST_HEADERS:Content-Type "@rx charset.*?charset" \ + "id:920530,\ + phase:1,\ + block,\ + t:none,t:lowercase,\ + msg:'Multiple charsets detected in content type header',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Restrict protocol versions. +# +SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \ + "id:920430,\ + phase:1,\ + block,\ + t:none,\ + msg:'HTTP protocol version is not allowed by policy',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Restrict file extension +# +SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \ + "id:920440,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'URL file extension is restricted by policy',\ + logdata:'%{TX.0}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.extension=.%{tx.1}/',\ + chain" + SecRule TX:EXTENSION "@within %{tx.restricted_extensions}" \ + "t:none,t:urlDecodeUni,t:lowercase,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Backup or "working" file extension +# example: index.php~, /index.php~/foo/ +# +SecRule REQUEST_FILENAME "@rx \.[^.~]+~(?:/.*|)$" \ + "id:920500,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Attempt to access a backup or working file',\ + logdata:'%{TX.0}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/6.5.10',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Restricted HTTP headers +# +# -=[ Rule Logic ]=- +# The use of certain headers is restricted. They are listed in the variable +# TX.restricted_headers. +# +# The headers are transformed into lowercase before the match. In order to +# make sure that only complete header names are matching, the names in +# TX.restricted_headers are wrapped in slashes. This guarantees that the +# header Range (-> /range/) is not matching the restricted header +# /content-range/ for example. +# +# This is a chained rule, where the first rule fills a set of variables of the +# form TX.header_name_. The second rule is then executed for all +# variables of the form TX.header_name_. +# +# As a consequence of the construction of the rule, the alert message and the +# alert data will not display the original header name Content-Range, but +# /content-range/ instead. +# +# +# -=[ References ]=- +# https://access.redhat.com/security/vulnerabilities/httpoxy (Header Proxy) +# +SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ + "id:920450,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'HTTP header is restricted by policy (%{MATCHED_VAR})',\ + logdata:'Restricted header detected: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',\ + chain" + SecRule TX:/^header_name_/ "@within %{tx.restricted_headers}" \ + "setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Restrict response charsets that we allow. +# The following rules make sure that the response will be in an ASCII-compatible charset that +# phase 4 rules can properly understand and block. +# + +# +# Some servers rely on the request Accept header to determine what charset to respond with. +# This rule restricts these to familiar charsets. +# +# Regular expression generated from util/regexp-assemble/data/920600.data. +# To update the regular expression run the following shell script +# (consult util/regexp-assemble/README.md for details): +# util/regexp-assemble/regexp-assemble.py update 920600 +# +SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*(?:\s*+,\s*+(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*)*$" \ + "id:920600,\ + phase:1,\ + block,\ + t:none,t:lowercase,\ + msg:'Illegal Accept header: charset parameter',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# The following rule (920620) checks for the presence of 2 or more request Content-Type headers. +# Content-Type confusion poses a significant security risk to a web application. It occurs when +# the server and client have different interpretations of the Content-Type header, leading to +# miscommunication, potential exploitation and WAF bypass. +# +# Using Apache, when multiple Content-Type request headers are received, the server combines them +# into a single header with the values separated by commas. For example, if a client sends multiple +# Content-Type headers with values "application/json" and "text/plain", Apache will combine them +# into a single header like this: "Content-Type: application/json, text/plain". +# +# On the other hand, Nginx handles multiple Content-Type headers differently. It preserves each +# header as a separate entity without combining them. So, if a client sends multiple Content-Type +# headers, Nginx will keep them separate, maintaining the original values. +# +SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \ + "id:920620,\ + phase:1,\ + block,\ + t:none,\ + msg:'Multiple Content-Type Request Headers',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +# +# -=[ Rule Logic ]=- +# +# Check the number of range fields in the Range request header. +# +# An excessive number of Range request headers can be used to DoS a server. +# The original CVE proposed an arbitrary upper limit of 5 range fields. +# +# Several clients are known to request PDF fields with up to 62 range +# fields. Therefore the standard rule does not cover PDF files. This is +# performed in two separate (stricter) siblings of this rule. +# +# 920200: PL2: Limit of 5 range header fields for all filenames outside of PDFs +# 920201: PL2: Limit of 62 range header fields for PDFs +# 920202: PL4: Limit of 5 range header fields for PDFs +# +# -=[ References ]=- +# https://httpd.apache.org/security/CVE-2011-3192.txt + + +SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ + "id:920200,\ + phase:2,\ + block,\ + t:none,\ + msg:'Range: Too many fields (6 or more)',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'WARNING',\ + chain" + SecRule REQUEST_BASENAME "!@endsWith .pdf" \ + "setvar:'tx.anomaly_score_pl2=+%{tx.warning_anomaly_score}'" + +# +# This is a sibling of rule 920200 +# + +SecRule REQUEST_BASENAME "@endsWith .pdf" \ + "id:920201,\ + phase:2,\ + block,\ + t:none,\ + msg:'Range: Too many fields for pdf request (63 or more)',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'WARNING',\ + chain" + SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){63}" \ + "setvar:'tx.anomaly_score_pl2=+%{tx.warning_anomaly_score}'" + + +SecRule ARGS "@rx %[0-9a-fA-F]{2}" \ + "id:920230,\ + phase:2,\ + block,\ + t:none,\ + msg:'Multiple URL Encoding Detected',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153/267/120',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'WARNING',\ + setvar:'tx.anomaly_score_pl2=+%{tx.warning_anomaly_score}'" + + +# +# Missing Accept Header +# +# -=[ Rule Logic ]=- +# This rule generates a notice if the Accept header is missing. +# +# Notice: The rule tries to avoid known false positives by ignoring +# OPTIONS requests coming from known offending User-Agents via two +# chained rules. +# As ModSecurity only reports the match of the last matching rule, +# the alert is misleading. +# +SecRule &REQUEST_HEADERS:Accept "@eq 0" \ + "id:920300,\ + phase:2,\ + pass,\ + t:none,\ + msg:'Request Missing an Accept Header',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/6.5.10',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'NOTICE',\ + chain" + SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ + "chain" + SecRule REQUEST_HEADERS:User-Agent "!@pm AppleWebKit Android" \ + "t:none,\ + setvar:'tx.anomaly_score_pl2=+%{tx.notice_anomaly_score}'" + +# +# PL2: This is a stricter sibling of 920270. +# +SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13,32-126,128-255" \ + "id:920271,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Invalid character in request (non printable characters)',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + + +# +# Missing User-Agent Header +# +# -=[ Rule Logic ]=- +# This rules will check to see if there is a User-Agent header or not. +# + +SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ + "id:920320,\ + phase:2,\ + pass,\ + t:none,\ + msg:'Missing User Agent Header',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'PCI/6.5.10',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'NOTICE',\ + setvar:'tx.anomaly_score_pl2=+%{tx.notice_anomaly_score}'" + + +# +# PL2: This is a stricter sibling of 920120. +# +SecRule FILES_NAMES|FILES "@rx ['\";=]" \ + "id:920121,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Attempted multipart/form-data bypass',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +# +# PL2: Block on Missing Content-Type Header with Request Body +# This is a stricter sibling of rule 920340. +# +# -=[ References ]=- +# http://httpwg.org/specs/rfc7231.html#header.content-type + +SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ + "id:920341,\ + phase:2,\ + block,\ + t:none,\ + msg:'Request Containing Content Requires Content-Type header',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/2',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ + "t:none,\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + +# +# PL 3: This is a stricter sibling of 920270. Ascii range: Printable characters in the low range +# +# This rule is also triggered by the following exploit(s): +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 32-36,38-126" \ + "id:920272,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Invalid character in request (outside of printable chars below ascii 127)',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/3',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# +# PL3: The little known x-up-devcap-post-charset request header can be used to submit +# a request with a different encoding as an alternative to the charset parameter in +# the Content-Type header. This can be used to circumvent charset restrictions on +# the Content-Type header in ASP.NET. +# Note that this only works in combination with a User-Agent prefix. +# +# This rule is based on a blog post by Soroush Dalili at +# https://soroush.secproject.com/blog/2019/05/x-up-devcap-post-charset-header-in-aspnet-to-bypass-wafs-again/ +# +SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" \ + "id:920490,\ + phase:1,\ + block,\ + t:none,\ + msg:'Request header x-up-devcap-post-charset detected in combination with prefix \'UP\' to User-Agent',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'language-aspnet',\ + tag:'platform-windows',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/3',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up" \ + "t:none,\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# +# Cache-Control Request Header whitelist +# +# -=[ Rule Logic ]=- +# This rule aims to strictly whitelist the Cache-Control request header +# values and to blocks all violations. This should be useful to intercept +# "bad bot" and tools that impersonate a real browser but with wrong request +# header setup. +# +# The regular expression used on this rule tries to match multiple directives +# in a single value, for example: "max-stale=1, max-age=2". This leads us to +# use a regular expression that accepts a trailing comma to keep compatibility +# with all regex engines and not PCRE only. For example: "max-stale=1, max-age=2, " +# +# Moreover, this regular expression allows duplicate directives sequence like: +# "max-stale, max-stale=1, no-cache, no-cache". +# +# Standard Cache-Control directives that can be used by the client: +# - max-age= +# - max-stale[=] +# - min-fresh= +# - no-cache +# - no-store +# - no-transform +# - only-if-cached +# +# References: +# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control +# - https://regex101.com/r/CZ0Hxu/22 +# +SecRule &REQUEST_HEADERS:Cache-Control "@gt 0" \ + "id:920510,\ + phase:1,\ + block,\ + t:none,\ + msg:'Invalid Cache-Control request header',\ + logdata:'Invalid Cache-Control value in request found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'header-whitelist',\ + tag:'paranoia-level/3',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule REQUEST_HEADERS:Cache-Control "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(\s*\,\s*|$)){1,7}$" \ + "setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + +# +# This is a stricter sibling of rule 920200 +# + +SecRule REQUEST_BASENAME "@endsWith .pdf" \ + "id:920202,\ + phase:2,\ + block,\ + t:none,\ + msg:'Range: Too many fields for pdf request (6 or more)',\ + logdata:'%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'WARNING',\ + chain" + SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ + "setvar:'tx.anomaly_score_pl4=+%{tx.warning_anomaly_score}'" + + +# +# This is a stricter sibling of 920270. +# +# This rule is also triggered by the following exploit(s): +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +SecRule ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" \ + "id:920273,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Invalid character in request (outside of very strict set)',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl4=+%{tx.critical_anomaly_score}'" + +# +# This is a stricter sibling of 920270. +# +SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:Sec-Fetch-User "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" \ + "id:920274,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Invalid character in request headers (outside of very strict set)',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl4=+%{tx.critical_anomaly_score}'" + +# +# This is a stricter sibling of 920270. +# The 'Sec-Fetch-User' header may contain the '?' (63) character. +# Therefore we exclude this header from rule 920274 which forbids '?'. +# https://www.w3.org/TR/fetch-metadata/#http-headerdef-sec-fetch-user +# +SecRule REQUEST_HEADERS:Sec-Fetch-User "@validateByteRange 32,34,38,42-59,61,63,65-90,95,97-122" \ + "id:920275,\ + phase:2,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'Invalid character in request headers (outside of very strict set)',\ + logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272',\ + tag:'paranoia-level/4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl4=+%{tx.critical_anomaly_score}'" + +# -=[ Abnormal Character Escapes ]=- +# +# [ Rule Logic ] +# Consider the following payload: arg=cat+/e\tc/pa\ssw\d +# Here, \s and \d were only used to obfuscate the string passwd and a lot of +# parsers will silently ignore the non-necessary escapes. The case with \t is +# a bit different though, as \t is a natural escape for the TAB character, +# so we will avoid this (and \n, \r, etc.). +# +# This rule aims to detect non-necessary, abnormal escapes. You could say it is +# a nice way to forbid the backslash character where it is not needed. +# +# This is a new rule at paranoia level 4. We expect quite a few false positives +# for this rule and we will later evaluate if the rule makes any sense at all. +# The rule is redundant with 920273 and 920274 in PL4. But if the rule proofs +# to be useful and false positives remain at a reasonable level, then it might +# be shifted to PL3 in a future release, where it would be the only rule +# covering the backslash escape. +# +# We forbid backslashes followed by a list of basic ascii characters - unless +# the backslash is preceded by another backslash. +# +# This rule is also triggered by the following exploit(s): +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\\\\])\\\\[cdeghijklmpqwxyz123456789]" \ + "id:920460,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,\ + log,\ + msg:'Abnormal character escapes in request',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/4',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/153/267',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl4=+%{tx.critical_anomaly_score}'" + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-920-PROTOCOL-ENFORCEMENT" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-921-PROTOCOL-ATTACK.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-921-PROTOCOL-ATTACK.conf new file mode 100644 index 0000000..fe5d4f6 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-921-PROTOCOL-ATTACK.conf @@ -0,0 +1,460 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ HTTP Request Smuggling ]=- +# +# [ Rule Logic ] +# This rule looks for a HTTP / WEBDAV method name in combination with the word http/\d or a CR/LF character. +# This would point to an attempt to inject a 2nd request into the request, thus bypassing +# tests carried out on the primary request. +# +# [ References ] +# http://projects.webappsec.org/HTTP-Request-Smuggling +# +SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\s+(?:\/|\w)[^\s]*(?:\s+http\/\d|[\r\n])" \ + "id:921110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,\ + msg:'HTTP Request Smuggling Attack',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/33',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# -=[ HTTP Response Splitting ]=- +# +# [ Rule Logic ] +# These rules look for Carriage Return (CR) %0d and Linefeed (LF) %0a characters. +# These characters may cause problems if the data is returned in a respones header and +# may be interpreted by an intermediary proxy server and treated as two separate +# responses. +# +# [ References ] +# http://projects.webappsec.org/HTTP-Response-Splitting +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx [\r\n]\W*?(?:content-(?:type|length)|set-cookie|location):\s*\w" \ + "id:921120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:lowercase,\ + msg:'HTTP Response Splitting Attack',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/34',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:\bhttp/\d|<(?:html|meta)\b)" \ + "id:921130,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,\ + msg:'HTTP Response Splitting Attack',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/34',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# -=[ HTTP Header Injection ]=- +# +# [ Rule Logic ] +# These rules look for Carriage Return (CR) %0d and Linefeed (LF) %0a characters, +# on their own or in combination with header field names. +# These characters may cause problems if the data is returned in a response header +# and interpreted by the client. +# The rules are similar to rules defending against the HTTP Request Splitting and +# Request Smuggling rules. +# +# [ References ] +# https://en.wikipedia.org/wiki/HTTP_header_injection +# +SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@rx [\n\r]" \ + "id:921140,\ + phase:2,\ + block,\ + capture,\ + t:none,t:htmlEntityDecode,\ + msg:'HTTP Header Injection Attack via headers',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/273',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# Detect newlines in argument names. +# Checking for GET arguments has been moved to paranoia level 2 (921151) +# in order to mitigate possible false positives. +# +# This rule is also triggered by the following exploit(s): +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +SecRule ARGS_NAMES "@rx [\n\r]" \ + "id:921150,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,\ + msg:'HTTP Header Injection Attack via payload (CR/LF detected)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/33',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule ARGS_GET_NAMES|ARGS_GET "@rx [\n\r]+(?:\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" \ + "id:921160,\ + phase:1,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,\ + msg:'HTTP Header Injection Attack via payload (CR/LF and header-name detected)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/33',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# -=[ HTTP Splitting ]=- +# +# This rule detect \n or \r in the REQUEST FILENAME +# Reference: https://www.owasp.org/index.php/Testing_for_HTTP_Splitting/Smuggling_(OTG-INPVAL-016) +# +SecRule REQUEST_FILENAME "@rx [\n\r]" \ + "id:921190,\ + phase:1,\ + block,\ + t:none,t:urlDecodeUni,\ + msg:'HTTP Splitting (CR/LF in request filename detected)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/34',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ LDAP Injection ]=- +# +# [ Rule Logic ] +# +# This is a rule trying to prevent LDAP injection. It is based on a BlackHat presentation by Alonso Parada +# and regex writing by Denis Kolegov. +# +# [ References ] +# * https://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf +# * https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/ +# * https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/276#issue-126581660 + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ^[^:\(\)\&\|\!\<\>\~]*\)\s*(?:\((?:[^,\(\)\=\&\|\!\<\>\~]+[><~]?=|\s*[&!|]\s*(?:\)|\()?\s*)|\)\s*\(\s*[\&\|\!]\s*|[&!|]\s*\([^\(\)\=\&\|\!\<\>\~]+[><~]?=[^:\(\)\&\|\!\<\>\~]*)" \ + "id:921200,\ + phase:2,\ + block,\ + capture,\ + t:none,t:htmlEntityDecode,\ + msg:'LDAP Injection Attack',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-ldap',\ + tag:'platform-multi',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/136',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# -=[ Body Processor Bypass ]=- +# +# [ Rule Logic ] +# +# This rule intends to detect content types in the Content-Type header outside of the actual content type declaration. +# This prevents bypasses targeting the Modsecurity recommended rules controlling which body processor is used. +# +# Regular expression generated from util/regexp-assemble/data/921421.data. +# To update the regular expression run the following shell script +# (consult util/regexp-assemble/README.md for details): +# util/regexp-assemble/regexp-assemble.py update 921421 +# +SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s,]+[;\s,].*?(?:(?:application(?:\/soap\+|\/)|text\/)xml|application\/(?:.+[+])?json)" \ + "id:921421,\ + phase:1,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Content-Type header: Dangerous content type outside the mime type declaration',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + +# Detect newlines in GET argument values. +# These may point to a HTTP header injection attack, but can also sometimes +# occur in benign query parameters. +# +# See also: rule 921140, 921150 +# +SecRule ARGS_GET "@rx [\n\r]" \ + "id:921151,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,\ + msg:'HTTP Header Injection Attack via payload (CR/LF detected)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/2',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220/33',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + +# +# -=[ Body Processor Bypass ]=- +# +# [ Rule Logic ] +# +# This rule intends to detect content types in the Content-Type header outside of the actual content type declaration. +# +# [ References ] +# * See rule 921422 +# +# Regular expression generated from util/regexp-assemble/data/921422.data. +# To update the regular expression run the following shell script +# (consult util/regexp-assemble/README.md for details): +# util/regexp-assemble/regexp-assemble.py update 921422 +# +SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s,]+[;\s,].*?\b(?:(audio|image|video|csv|css|vnd|pdf|plain|json|soap|xml|x-www-form-urlencoded|form-data|related|x-amf|octet|stream|csp|report)|(text|multipart|application)|(\/|\+))\b" \ + "id:921422,\ + phase:1,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Content-Type header: Dangerous content type outside the mime type declaration',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/2',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'PCI/12.1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# +# + +# Forbid Request Range Header +# +# It is possible abuse the HTTP Request Range Header to leak error pages +# and other information in very small snippets. +# The easiest way to fight this is to deny the use of this header. +# This is a viable option since the header is only used in rare circumstances +# anymore. +# If it is necessary to use it in a certain setup, then it is best to +# create a rule exclusion for a given URI and this rule ID as a workaround. +# +SecRule &REQUEST_HEADERS:Range "@gt 0" \ + "id:921230,\ + phase:1,\ + block,\ + t:none,\ + msg:'HTTP Range Header detected',\ + logdata:'Matched Data: Header %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'paranoia-level/3',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/210/272/220',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# -=[ HTTP Parameter Pollution ]=- +# +# [ Rule Logic ] +# These rules look for multiple parameters with the same name. +# 921170 counts the occurrences of the individual parameters. +# 921180 checks if any counter is > 1. +# +# One HPP attack vector is to try evade signature filters by distributing the +# attack payload across multiple parameters with the same name. +# This works as many security devices only apply signatures to individual +# parameter payloads, however the back-end web application may (in the case +# of ASP.NET) consolidate all of the payloads into one thus making the +# attack payload active. +# +# [ References ] +# http://tacticalwebappsec.blogspot.com/2009/05/http-parameter-pollution.html +# https://capec.mitre.org/data/definitions/460.html +# +SecRule ARGS_NAMES "@rx ." \ + "id:921170,\ + phase:2,\ + pass,\ + nolog,\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/137/15/460',\ + ver:'OWASP_CRS/3.3.5',\ + setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'" + +SecRule TX:/paramcounter_.*/ "@gt 1" \ + "id:921180,\ + phase:2,\ + pass,\ + msg:'HTTP Parameter Pollution (%{TX.1})',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/137/15/460',\ + tag:'paranoia-level/3',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule MATCHED_VARS_NAMES "@rx TX:paramcounter_(.*)" \ + "capture,\ + setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-921-PROTOCOL-ATTACK" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-922-MULTIPART-ATTACK.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-922-MULTIPART-ATTACK.conf new file mode 100644 index 0000000..1384706 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-922-MULTIPART-ATTACK.conf @@ -0,0 +1,92 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + +# This file is to address the 3UWMWA6W vulnerability. +# It requires ModSecurity version 2.9.6 or 3.0.8 (or an updated version with backports +# of the security fixes in these versions) or a compatible engine supporting these changes. +# +# If you cannot upgrade ModSecurity, this file will cause ModSecurity to fail to start. +# In that case, you can temporarily delete this file. However, you will be missing +# protection from these rules. Therefore, we recommend upgrading your engine instead. + +# The rules in this file will be part of the 920 / 921 in the future. + +# Only allow specific charsets when using "_charset_" +# Note: this is in phase:2 because these are headers that come in the body +SecRule &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" \ + "id:922100,\ + phase:2,\ + block,\ + t:none,\ + msg:'Multipart content type global _charset_ definition is not allowed by policy',\ + logdata:'Matched Data: %{ARGS._charset_}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-multipart-header',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153',\ + tag:'paranoia-level/1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule ARGS:_charset_ "!@within |%{tx.allowed_request_content_type_charset}|" \ + "t:lowercase,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# Only allow specific charsets same as Rule 920600 +# Note: this is in phase:2 because these are headers that come in the body +SecRule MULTIPART_PART_HEADERS "@rx ^content-type\s*+:\s*+(.*)$" \ + "id:922110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Illegal MIME Multipart Header content-type: charset parameter',\ + logdata:'Matched Data: %{TX.1} found within Content-Type multipart form',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-protocol',\ + tag:'OWASP_CRS',\ + tag:'capec/272/220',\ + tag:'paranoia-level/1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule TX:1 "!@rx ^(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*(?:\s*+,\s*+(?:(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+)\/(?:\*|[^\"(),\/:;<=>?![\x5c\]{}]+))(?:\s*+;\s*+(?:(?:charset\s*+=\s*+(?:\"?(?:iso-8859-15?|windows-1252|utf-8)\b\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\"(),\/:;<=>?![\x5c\]{}]|[^e\"(),/:;<=>?![\x5c\]{}])|[^s\"(),/:;<=>?![\x5c\]{}])|[^r\"(),/:;<=>?![\x5c\]{}])|[^a\"(),/:;<=>?![\x5c\]{}])|[^h\"(),/:;<=>?![\x5c\]{}])|[^c\"(),/:;<=>?![\x5c\]{}])[^\"(),/:;<=>?![\x5c\]{}]*(?:)\s*+=\s*+[^(),/:;<=>?![\x5c\]{}]+)|;?))*)*$" \ + "t:lowercase,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# Content-Transfer-Encoding was deprecated by rfc7578 in 2015 and should not be used (see: https://www.rfc-editor.org/rfc/rfc7578#section-4.7) +# Note: this is in phase:2 because these are headers that come in the body +SecRule MULTIPART_PART_HEADERS "@rx content-transfer-encoding:(.*)" \ + "id:922120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Content-Transfer-Encoding was deprecated by rfc7578 in 2015 and should not be used',\ + logdata:'Matched Data: %{TX.0}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-deprecated-header',\ + tag:'OWASP_CRS',\ + tag:'capec/272/220',\ + tag:'paranoia-level/1',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf new file mode 100644 index 0000000..986657c --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf @@ -0,0 +1,156 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ Directory Traversal Attacks ]=- +# +# Ref: https://github.com/wireghoul/dotdotpwn +# +# [ Encoded /../ Payloads ] +# +SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|XML:/* "@rx (?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" \ + "id:930100,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Path Traversal Attack (/../)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-lfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153/126',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'" + +# +# [ Decoded /../ Payloads ] +# +SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|XML:/* "@rx (?:^|[\\/])\.\.(?:[\\/]|$)" \ + "id:930110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,\ + msg:'Path Traversal Attack (/../)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-lfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153/126',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + multiMatch,\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'" + +# +# -=[ OS File Access ]=- +# +# Ref: https://github.com/lightos/Panoptic/blob/master/cases.xml +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmFromFile lfi-os-files.data" \ + "id:930120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\ + msg:'OS File Access Attempt',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-lfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153/126',\ + tag:'PCI/6.5.4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# -=[ Restricted File Access ]=- +# +# Detects attempts to retrieve application source code, metadata, +# credentials and version control history possibly reachable in a web root. +# +SecRule REQUEST_FILENAME "@pmFromFile restricted-files.data" \ + "id:930130,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,\ + msg:'Restricted File Access Attempt',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-lfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/255/153/126',\ + tag:'PCI/6.5.4',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-930-APPLICATION-ATTACK-LFI" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf new file mode 100644 index 0000000..888c8e4 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf @@ -0,0 +1,153 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ +# +# RFI Attacks +# + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# -=[ Rule Logic ]=- +# These rules look for common types of Remote File Inclusion (RFI) attack methods. +# - URL Contains an IP Address +# - The PHP "include()" Function +# - RFI Data Ends with Question Mark(s) (?) +# - RFI Host Doesn't Match Local Host +# +# -=[ References ]=- +# http://projects.webappsec.org/Remote-File-Inclusion +# http://tacticalwebappsec.blogspot.com/2009/06/generic-remote-file-inclusion-attack.html +# +SecRule ARGS "@rx ^(?i:file|ftps?|https?):\/\/(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" \ + "id:931100,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/175/253',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +SecRule QUERY_STRING|REQUEST_BODY "@rx (?i)(?:\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(?:file|ftps?|https?):\/\/" \ + "id:931110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,\ + msg:'Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/175/253',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +SecRule ARGS "@rx ^(?i:file|ftps?|https?).*?\?+$" \ + "id:931120,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rfi',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/175/253',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +SecRule ARGS "@rx ^(?i:file|ftps?|https?)://([^/]*).*$" \ + "id:931130,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rfi',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/175/253',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ + chain" + SecRule TX:/rfi_parameter_.*/ "!@endsWith .%{request_headers.host}" \ + "ctl:auditLogParts=+E,\ + setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-931-APPLICATION-ATTACK-RFI" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf new file mode 100644 index 0000000..b586045 --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf @@ -0,0 +1,730 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + + +# [ Unix command injection ] +# +# This rule detects Unix command injections. +# A command injection takes a form such as: +# +# foo.jpg;uname -a +# foo.jpg||uname -a +# +# The vulnerability exists when an application executes a shell command +# without proper input escaping/validation. +# +# This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit: +# [ Oracle WebLogic vulnerability CVE-2017-10271 - Exploit tested: https://www.exploit-db.com/exploits/43458 ] +# +# To prevent false positives, we look for a 'starting sequence' that +# precedes a command in shell syntax, such as: ; | & $( ` <( >( +# Anatomy of the regexp with examples of patterns caught: +# +# 1. Starting tokens +# +# ; ;ifconfig +# \{ {ifconfig} +# \| |ifconfig +# \|\| ||ifconfig +# & &ifconfig +# && &&ifconfig +# \n ;\nifconfig +# \r ;\rifconfig +# \$\( $(ifconfig) +# $\(\( $((ifconfig)) +# ` `ifconfig` +# \${ ${ifconfig} +# <\( <( ifconfig ) +# >\( >( ifconfig ) +# \(\s*\) a() ( ifconfig; ); a +# +# 2. Command prefixes +# +# { { ifconfig } +# \s*\(\s* ( ifconfig ) +# \w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+ VARNAME=xyz ifconfig +# !\s* ! ifconfig +# \$ $ifconfig +# +# 3. Quoting +# +# ' 'ifconfig' +# \" "ifconfig" +# +# 4. Paths +# +# [\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/ /sbin/ifconfig, /s?in/./ifconfig, /s[a-b]in/ifconfig etc. +# +# This rule is case-sensitive to prevent FP ("Cat" vs. "cat"). +# +# An effort was made to combat evasions by shell quoting (e.g. 'ls', +# 'l'"s", \l\s are all valid). ModSecurity has a t:cmdLine +# transformation built-in to deal with this, but unfortunately, it +# replaces ';' characters and lowercases the payload, which is less +# useful for this case. However, emulating the transformation makes +# the regexp more complex. +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932100.txt | ./regexp-cmdline.py unix | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]* +# [regexp assembled from util/regexp-assemble/regexp-932100.txt] +# \b" \ +# +# This is the base Rule to prevent Unix Command Injection +# Please refer other rules 932105,932106 to know more. +# +# .932100 +# ├── 932105 +# ├── 932106 +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:w[\\\\'\"]*p[\\\\'\"]*-[\\\\'\"]*(?:d[\\\\'\"]*(?:o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*m[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*q[\\\\'\"]*u[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|m[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*r)|s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|h[\\\\'\"]*w|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m|(?:\s|<|>).*)|o[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*(?:t[\\\\'\"]*e|l)[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|d[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|(?:[np]|y[\\\\'\"]*n[\\\\'\"]*x)[\\\\'\"]*(?:\s|<|>).*)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p[\\\\'\"]*2)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*h)|r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*k[\\\\'\"]*s[\\\\'\"]*w|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*(?:p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|h[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*(?:\s|<|>).*|f[\\\\'\"]*l[\\\\'\"]*a[\\\\'\"]*g[\\\\'\"]*s|a[\\\\'\"]*t[\\\\'\"]*t[\\\\'\"]*r|m[\\\\'\"]*o[\\\\'\"]*d)|r[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*b|(?:[cp]|a[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h)|f[\\\\'\"]*(?:i(?:[\\\\'\"]*(?:l[\\\\'\"]*e[\\\\'\"]*(?:t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|(?:\s|<|>).*)|n[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*))?|t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o|(?:\s|<|>).*)|u[\\\\'\"]*n[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n|(?:e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|c)[\\\\'\"]*(?:\s|<|>).*|o[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|e[\\\\'\"]*(?:n[\\\\'\"]*(?:v(?:[\\\\'\"]*-[\\\\'\"]*u[\\\\'\"]*p[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)?|d[\\\\'\"]*(?:i[\\\\'\"]*f|s[\\\\'\"]*w))|x[\\\\'\"]*(?:p[\\\\'\"]*(?:a[\\\\'\"]*n[\\\\'\"]*d|o[\\\\'\"]*r[\\\\'\"]*t|r)|e[\\\\'\"]*c[\\\\'\"]*(?:\s|<|>).*)|c[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|s[\\\\'\"]*a[\\\\'\"]*c|v[\\\\'\"]*a[\\\\'\"]*l)|h[\\\\'\"]*(?:t[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|p[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|o[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e|i[\\\\'\"]*d)|(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)[\\\\'\"]*(?:\s|<|>).*|i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*y)|i[\\\\'\"]*(?:p[\\\\'\"]*(?:(?:6[\\\\'\"]*)?t[\\\\'\"]*a[\\\\'\"]*b[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*s|c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g)|r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|f[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*i[\\\\'\"]*g|d[\\\\'\"]*(?:\s|<|>).*)|g[\\\\'\"]*(?:(?:e[\\\\'\"]*t[\\\\'\"]*f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c|i[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|u[\\\\'\"]*n[\\\\'\"]*z[\\\\'\"]*i[\\\\'\"]*p|d[\\\\'\"]*b)|a[\\\\'\"]*(?:(?:l[\\\\'\"]*i[\\\\'\"]*a[\\\\'\"]*s|w[\\\\'\"]*k)[\\\\'\"]*(?:\s|<|>).*|d[\\\\'\"]*d[\\\\'\"]*u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r|p[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t|r[\\\\'\"]*(?:c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|d[\\\\'\"]*(?:h[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*i[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*t|(?:i[\\\\'\"]*f[\\\\'\"]*f|u)[\\\\'\"]*(?:\s|<|>).*|(?:m[\\\\'\"]*e[\\\\'\"]*s|p[\\\\'\"]*k)[\\\\'\"]*g|o[\\\\'\"]*(?:a[\\\\'\"]*s|n[\\\\'\"]*e)|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:k[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*r|o[\\\\'\"]*r[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*(?:x[\\\\'\"]*(?:\s|<|>).*|q)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e)|j[\\\\'\"]*(?:(?:a[\\\\'\"]*v[\\\\'\"]*a|o[\\\\'\"]*b[\\\\'\"]*s)[\\\\'\"]*(?:\s|<|>).*|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c)|k[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*l[\\\\'\"]*(?:a[\\\\'\"]*l[\\\\'\"]*l|(?:\s|<|>).*)|(?:G[\\\\'\"]*E[\\\\'\"]*T[\\\\'\"]*(?:\s|<|>)|\.\s).*|7[\\\\'\"]*z(?:[\\\\'\"]*[ar])?)\b" \ + "id:932100,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Unix Command Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# Apache 2.2 requires configuration file lines to be under 8kB. +# Therefore, some remaining commands have been split off to a separate rule. +# For explanation of this rule, see rule 932100. +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932105.txt | ./regexp-cmdline.py unix | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]* +# [regexp assembled from util/regexp-assemble/regexp-932105.txt] +# \b" \ +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:(?:f[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*l[\\\\'\"]*)?(?:\s|<|>).*|e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d[\\\\'\"]*(?:\s|<|>).*)|h[\\\\'\"]*(?:\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b|u[\\\\'\"]*t[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n|(?:\s|<|>).*)|o[\\\\'\"]*(?:(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|r[\\\\'\"]*t)[\\\\'\"]*(?:\s|<|>).*|c[\\\\'\"]*a[\\\\'\"]*t)|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p[\\\\'\"]*(?:\s|<|>).*)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|(?:l[\\\\'\"]*e[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|u[\\\\'\"]*(?:(?:\s|<|>).*|d[\\\\'\"]*o)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:k[\\\\'\"]*(?:g(?:(?:[\\\\'\"]*_)?[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*f[\\\\'\"]*o)?|e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|a[\\\\'\"]*(?:t[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|s[\\\\'\"]*s[\\\\'\"]*w[\\\\'\"]*d)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|f[\\\\'\"]*(?:\s|<|>).*)|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|e[\\\\'\"]*r[\\\\'\"]*(?:l(?:[\\\\'\"]*(?:s[\\\\'\"]*h|5))?|m[\\\\'\"]*s)|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|(?:u[\\\\'\"]*s[\\\\'\"]*h|o[\\\\'\"]*p)[\\\\'\"]*d|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*(?:\s|<|>).*)|n[\\\\'\"]*(?:c[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|(?:\s|<|>).*|a[\\\\'\"]*t)|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t|(?:\s|<|>).*)|s[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*o[\\\\'\"]*k[\\\\'\"]*u[\\\\'\"]*p|t[\\\\'\"]*a[\\\\'\"]*t)|(?:a[\\\\'\"]*n[\\\\'\"]*o|i[\\\\'\"]*c[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|(?:o[\\\\'\"]*h[\\\\'\"]*u|m[\\\\'\"]*a)[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)[\\\\'\"]*(?:\s|<|>).*|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h)|m[\\\\'\"]*(?:(?:d[\\\\'\"]*i[\\\\'\"]*r[\\\\'\"]*)?(?:\s|<|>).*|u[\\\\'\"]*s[\\\\'\"]*e[\\\\'\"]*r)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|(?:a[\\\\'\"]*r|c[\\\\'\"]*p|p[\\\\'\"]*m)[\\\\'\"]*(?:\s|<|>).*|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|e[\\\\'\"]*(?:l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t|e[\\\\'\"]*(?:\s|<|>).*)|i[\\\\'\"]*m[\\\\'\"]*e[\\\\'\"]*(?:o[\\\\'\"]*u[\\\\'\"]*t|(?:\s|<|>).*)|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r[\\\\'\"]*(?:\s|<|>).*)|o[\\\\'\"]*(?:u[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*(?:\s|<|>).*|p))|u[\\\\'\"]*(?:n[\\\\'\"]*(?:l[\\\\'\"]*(?:i[\\\\'\"]*n[\\\\'\"]*k[\\\\'\"]*(?:\s|<|>).*|z[\\\\'\"]*m[\\\\'\"]*a)|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l)|l[\\\\'\"]*i[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*(?:\s|<|>).*)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l(?:[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w))?|(?:(?:o[\\\\'\"]*u[\\\\'\"]*n|u[\\\\'\"]*t)[\\\\'\"]*t|v)[\\\\'\"]*(?:\s|<|>).*)|x[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|(?:\s|<|>).*)|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s|t[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*m|x[\\\\'\"]*d[\\\\'\"]*(?:\s|<|>).*)|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|i[\\\\'\"]*p[\\\\'\"]*(?:\s|<|>).*|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|o[\\\\'\"]*(?:p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*l|n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*(?:a[\\\\'\"]*m[\\\\'\"]*i|(?:\s|<|>).*)|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|v[\\\\'\"]*i[\\\\'\"]*(?:m[\\\\'\"]*(?:\s|<|>).*|g[\\\\'\"]*r|p[\\\\'\"]*w)|y[\\\\'\"]*u[\\\\'\"]*m)\b" \ + "id:932105,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Unix Command Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Windows command injection ] +# +# This rule detects Windows shell command injections. +# If you are not running Windows, it is safe to disable this rule. +# +# A command injection takes a form such as: +# +# foo.jpg&ver /r +# foo.jpg|ver /r +# +# The vulnerability exists when an application executes a shell command +# without proper input escaping/validation. +# +# To prevent false positives, we look for a 'starting sequence' that +# precedes a command in CMD syntax, such as: ; | & ` +# +# Anatomy of the regexp: +# +# 1. Starting tokens +# +# ; ;cmd +# \{ {cmd +# \| |cmd +# \|\| ||cmd +# & &cmd +# && &&cmd +# \n \ncmd +# \r \rcmd +# ` `cmd +# +# 2. Command prefixes +# +# ( (cmd) +# , ,cmd +# @ @cmd +# ' 'cmd' +# " "cmd" +# \s spacing+cmd +# +# 3. Paths +# +# [\w'\"\./]+/ /path/cmd +# [\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\ C:\Program Files\cmd +# [\^\.\w '\"/\\\\]*\\\\)?[\"\^]* \\net\share\dir\cmd +# +# 4. Quoting +# +# \" "cmd" +# \^ ^cmd +# +# 5. Extension/switches +# +# \.[\"\^]*\w+ cmd.com, cmd.exe, etc. +# /b cmd/h +# +# An effort is made to combat evasions by CMD syntax; for example, +# the following strings are valid: c^md, @cmd, "c"md. ModSecurity +# has a t:cmdLine transformation built-in to deal with some of these, +# but unfortunately, that transformation replaces ';' characters (so +# we cannot match on the start of a command) and '\' characters (so we +# have trouble matching paths). This makes the regexp more complex. +# +# This rule is case-insensitive. +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932110.txt | ./regexp-cmdline.py windows | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]* +# [regexp assembled from util/regexp-assemble/regexp-932110.txt] +# (?:\.[\"\^]*\w+)?\b" \ +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:m[\"\^]*(?:y[\"\^]*s[\"\^]*q[\"\^]*l(?:[\"\^]*(?:d[\"\^]*u[\"\^]*m[\"\^]*p(?:[\"\^]*s[\"\^]*l[\"\^]*o[\"\^]*w)?|h[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*h[\"\^]*o[\"\^]*w))?|s[\"\^]*(?:i[\"\^]*(?:n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2|e[\"\^]*x[\"\^]*e[\"\^]*c)|c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|g[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*c)|o[\"\^]*(?:u[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|v[\"\^]*o[\"\^]*l)|v[\"\^]*e[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r|[dr][\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*i[\"\^]*n[\"\^]*k)|d[\"\^]*(?:s[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*d|(?:[\s,;]|\.|/|<|>).*)|a[\"\^]*p[\"\^]*i[\"\^]*s[\"\^]*e[\"\^]*n[\"\^]*d|b[\"\^]*s[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*i|e[\"\^]*a[\"\^]*s[\"\^]*u[\"\^]*r[\"\^]*e|m[\"\^]*s[\"\^]*y[\"\^]*s)|d[\"\^]*(?:i[\"\^]*(?:s[\"\^]*k[\"\^]*(?:(?:m[\"\^]*g[\"\^]*m|p[\"\^]*a[\"\^]*r)[\"\^]*t|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|r[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*e)|f[\"\^]*f[\"\^]*(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*(?:l[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*f|t[\"\^]*r[\"\^]*e[\"\^]*e|(?:[\s,;]|\.|/|<|>).*)|v[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c[\"\^]*o[\"\^]*n)|(?:f[\"\^]*r[\"\^]*a|b[\"\^]*u)[\"\^]*g)|s[\"\^]*(?:a[\"\^]*(?:c[\"\^]*l[\"\^]*s|d[\"\^]*d)|q[\"\^]*u[\"\^]*e[\"\^]*r[\"\^]*y|m[\"\^]*o[\"\^]*(?:v[\"\^]*e|d)|g[\"\^]*e[\"\^]*t|r[\"\^]*m)|(?:r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r|o[\"\^]*s[\"\^]*k[\"\^]*e)[\"\^]*y|(?:c[\"\^]*o[\"\^]*m[\"\^]*c[\"\^]*n[\"\^]*f|x[\"\^]*d[\"\^]*i[\"\^]*a)[\"\^]*g|a[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|n[\"\^]*s[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|c[\"\^]*(?:o[\"\^]*(?:m[\"\^]*(?:p[\"\^]*(?:(?:a[\"\^]*c[\"\^]*t[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|m[\"\^]*g[\"\^]*m[\"\^]*t)|e[\"\^]*x[\"\^]*p)|n[\"\^]*(?:2[\"\^]*p|v[\"\^]*e)[\"\^]*r[\"\^]*t|p[\"\^]*y)|l[\"\^]*(?:e[\"\^]*a[\"\^]*(?:n[\"\^]*m[\"\^]*g[\"\^]*r|r[\"\^]*m[\"\^]*e[\"\^]*m)|u[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*r)|h[\"\^]*(?:k[\"\^]*(?:n[\"\^]*t[\"\^]*f[\"\^]*s|d[\"\^]*s[\"\^]*k)|d[\"\^]*i[\"\^]*r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|s[\"\^]*(?:c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|c[\"\^]*m[\"\^]*d)|v[\"\^]*d[\"\^]*e)|e[\"\^]*r[\"\^]*t[\"\^]*(?:u[\"\^]*t[\"\^]*i[\"\^]*l|r[\"\^]*e[\"\^]*q)|a[\"\^]*(?:l[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|c[\"\^]*l[\"\^]*s)|m[\"\^]*d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|i[\"\^]*p[\"\^]*h[\"\^]*e[\"\^]*r|u[\"\^]*r[\"\^]*l)|f[\"\^]*(?:o[\"\^]*r[\"\^]*(?:m[\"\^]*a[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*n[\"\^]*d[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|s[\"\^]*t[\"\^]*r)|s[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|u[\"\^]*t[\"\^]*i[\"\^]*l)|t[\"\^]*(?:p[\"\^]*(?:[\s,;]|\.|/|<|>).*|y[\"\^]*p[\"\^]*e)|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|c[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*r[\"\^]*e[\"\^]*p)|n[\"\^]*(?:e[\"\^]*t[\"\^]*(?:s[\"\^]*(?:t[\"\^]*a[\"\^]*t|v[\"\^]*c|h)|(?:[\s,;]|\.|/|<|>).*|c[\"\^]*a[\"\^]*t|d[\"\^]*o[\"\^]*m)|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|r[\"\^]*i[\"\^]*g[\"\^]*h[\"\^]*t[\"\^]*s)|(?:s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u|m[\"\^]*a)[\"\^]*p|c[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|a[\"\^]*t)|b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|e[\"\^]*(?:x[\"\^]*p[\"\^]*(?:a[\"\^]*n[\"\^]*d[\"\^]*(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*r[\"\^]*e[\"\^]*r)|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*(?:c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e|v[\"\^]*w[\"\^]*r)|n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|g[\"\^]*r[\"\^]*e[\"\^]*p|r[\"\^]*a[\"\^]*s[\"\^]*e|c[\"\^]*h[\"\^]*o)|g[\"\^]*(?:a[\"\^]*t[\"\^]*h[\"\^]*e[\"\^]*r[\"\^]*n[\"\^]*e[\"\^]*t[\"\^]*w[\"\^]*o[\"\^]*r[\"\^]*k[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*(?:(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l|e[\"\^]*d[\"\^]*i)[\"\^]*t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|i[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*t[\"\^]*m[\"\^]*a[\"\^]*c)|i[\"\^]*(?:r[\"\^]*b(?:[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))?|f[\"\^]*m[\"\^]*e[\"\^]*m[\"\^]*b[\"\^]*e[\"\^]*r|p[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|n[\"\^]*e[\"\^]*t[\"\^]*c[\"\^]*p[\"\^]*l|c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s)|a[\"\^]*(?:d[\"\^]*(?:d[\"\^]*u[\"\^]*s[\"\^]*e[\"\^]*r[\"\^]*s|m[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*m[\"\^]*d)|r[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*|t[\"\^]*t[\"\^]*r[\"\^]*i[\"\^]*b|s[\"\^]*s[\"\^]*o[\"\^]*c|z[\"\^]*m[\"\^]*a[\"\^]*n)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t|t[\"\^]*i[\"\^]*m[\"\^]*e|m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f)|a[\"\^]*b[\"\^]*e[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|u[\"\^]*s[\"\^]*r[\"\^]*m[\"\^]*g[\"\^]*r)|b[\"\^]*(?:(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)|r[\"\^]*o[\"\^]*w[\"\^]*s[\"\^]*t[\"\^]*a)[\"\^]*t|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|o[\"\^]*o[\"\^]*t[\"\^]*c[\"\^]*f[\"\^]*g)|h[\"\^]*(?:o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e|d[\"\^]*w[\"\^]*w[\"\^]*i[\"\^]*z)|j[\"\^]*a[\"\^]*v[\"\^]*a[\"\^]*(?:[\s,;]|\.|/|<|>).*|7[\"\^]*z(?:[\"\^]*[ar])?)(?:\.[\"\^]*\w+)?\b" \ + "id:932110,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Windows Command Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-windows',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# Apache 2.2 requires configuration file lines to be under 8kB. +# Therefore, some remaining commands have been split off to a separate rule. +# For explanation of this rule, see rule 932110. +# +# This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit: +# [ Oracle WebLogic vulnerability CVE-2017-10271 - Exploit tested: https://www.exploit-db.com/exploits/43458 ] +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932115.txt | ./regexp-cmdline.py windows | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]* +# [regexp assembled from util/regexp-assemble/regexp-932110.txt] +# (?:\.[\"\^]*\w+)?\b" \ +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:;|\{|\||\|\||&|&&|\n|\r|`)\s*[\(,@\'\"\s]*(?:[\w'\"\./]+/|[\\\\'\"\^]*\w[\\\\'\"\^]*:.*\\\\|[\^\.\w '\"/\\\\]*\\\\)?[\"\^]*(?:s[\"\^]*(?:y[\"\^]*s[\"\^]*(?:t[\"\^]*e[\"\^]*m[\"\^]*(?:p[\"\^]*r[\"\^]*o[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*t[\"\^]*i[\"\^]*e[\"\^]*s[\"\^]*(?:d[\"\^]*a[\"\^]*t[\"\^]*a[\"\^]*e[\"\^]*x[\"\^]*e[\"\^]*c[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*p[\"\^]*r[\"\^]*e[\"\^]*v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n|(?:p[\"\^]*e[\"\^]*r[\"\^]*f[\"\^]*o[\"\^]*r[\"\^]*m[\"\^]*a[\"\^]*n[\"\^]*c|h[\"\^]*a[\"\^]*r[\"\^]*d[\"\^]*w[\"\^]*a[\"\^]*r)[\"\^]*e|a[\"\^]*d[\"\^]*v[\"\^]*a[\"\^]*n[\"\^]*c[\"\^]*e[\"\^]*d)|i[\"\^]*n[\"\^]*f[\"\^]*o)|k[\"\^]*e[\"\^]*y|d[\"\^]*m)|h[\"\^]*(?:o[\"\^]*(?:w[\"\^]*(?:g[\"\^]*r[\"\^]*p|m[\"\^]*b[\"\^]*r)[\"\^]*s|r[\"\^]*t[\"\^]*c[\"\^]*u[\"\^]*t)|e[\"\^]*l[\"\^]*l[\"\^]*r[\"\^]*u[\"\^]*n[\"\^]*a[\"\^]*s|u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|r[\"\^]*p[\"\^]*u[\"\^]*b[\"\^]*w|a[\"\^]*r[\"\^]*e|i[\"\^]*f[\"\^]*t)|e[\"\^]*(?:t[\"\^]*(?:(?:x[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l)|c[\"\^]*p[\"\^]*o[\"\^]*l|l[\"\^]*e[\"\^]*c[\"\^]*t)|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|l[\"\^]*i[\"\^]*s[\"\^]*t)|u[\"\^]*b[\"\^]*(?:i[\"\^]*n[\"\^]*a[\"\^]*c[\"\^]*l|s[\"\^]*t)|t[\"\^]*a[\"\^]*r[\"\^]*t[\"\^]*(?:[\s,;]|\.|/|<|>).*|i[\"\^]*g[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*i[\"\^]*f|l[\"\^]*(?:e[\"\^]*e[\"\^]*p|m[\"\^]*g[\"\^]*r)|o[\"\^]*r[\"\^]*t|f[\"\^]*c|v[\"\^]*n)|p[\"\^]*(?:s[\"\^]*(?:s[\"\^]*(?:h[\"\^]*u[\"\^]*t[\"\^]*d[\"\^]*o[\"\^]*w[\"\^]*n|e[\"\^]*r[\"\^]*v[\"\^]*i[\"\^]*c[\"\^]*e|u[\"\^]*s[\"\^]*p[\"\^]*e[\"\^]*n[\"\^]*d)|l[\"\^]*(?:o[\"\^]*g[\"\^]*(?:g[\"\^]*e[\"\^]*d[\"\^]*o[\"\^]*n|l[\"\^]*i[\"\^]*s[\"\^]*t)|i[\"\^]*s[\"\^]*t)|p[\"\^]*(?:a[\"\^]*s[\"\^]*s[\"\^]*w[\"\^]*d|i[\"\^]*n[\"\^]*g)|g[\"\^]*e[\"\^]*t[\"\^]*s[\"\^]*i[\"\^]*d|e[\"\^]*x[\"\^]*e[\"\^]*c|f[\"\^]*i[\"\^]*l[\"\^]*e|i[\"\^]*n[\"\^]*f[\"\^]*o|k[\"\^]*i[\"\^]*l[\"\^]*l)|o[\"\^]*(?:w[\"\^]*e[\"\^]*r[\"\^]*(?:s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l(?:[\"\^]*_[\"\^]*i[\"\^]*s[\"\^]*e)?|c[\"\^]*f[\"\^]*g)|r[\"\^]*t[\"\^]*q[\"\^]*r[\"\^]*y|p[\"\^]*d)|r[\"\^]*(?:i[\"\^]*n[\"\^]*t[\"\^]*(?:(?:[\s,;]|\.|/|<|>).*|b[\"\^]*r[\"\^]*m)|n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|m[\"\^]*n[\"\^]*g[\"\^]*r)|o[\"\^]*m[\"\^]*p[\"\^]*t)|a[\"\^]*t[\"\^]*h[\"\^]*(?:p[\"\^]*i[\"\^]*n[\"\^]*g|(?:[\s,;]|\.|/|<|>).*)|e[\"\^]*r[\"\^]*(?:l(?:[\"\^]*(?:s[\"\^]*h|5))?|f[\"\^]*m[\"\^]*o[\"\^]*n)|y[\"\^]*t[\"\^]*h[\"\^]*o[\"\^]*n(?:[\"\^]*(?:3(?:[\"\^]*m)?|2))?|k[\"\^]*g[\"\^]*m[\"\^]*g[\"\^]*r|h[\"\^]*p(?:[\"\^]*[57])?|u[\"\^]*s[\"\^]*h[\"\^]*d|i[\"\^]*n[\"\^]*g)|r[\"\^]*(?:e[\"\^]*(?:(?:p[\"\^]*l[\"\^]*a[\"\^]*c[\"\^]*e|n(?:[\"\^]*a[\"\^]*m[\"\^]*e)?|s[\"\^]*e[\"\^]*t)[\"\^]*(?:[\s,;]|\.|/|<|>).*|g[\"\^]*(?:s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2|e[\"\^]*d[\"\^]*i[\"\^]*t|(?:[\s,;]|\.|/|<|>).*|i[\"\^]*n[\"\^]*i)|c[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c|o[\"\^]*v[\"\^]*e[\"\^]*r)|k[\"\^]*e[\"\^]*y[\"\^]*w[\"\^]*i[\"\^]*z)|u[\"\^]*(?:n[\"\^]*(?:d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|a[\"\^]*s)|b[\"\^]*y[\"\^]*(?:1(?:[\"\^]*[89])?|2[\"\^]*[012]))|a[\"\^]*(?:s[\"\^]*(?:p[\"\^]*h[\"\^]*o[\"\^]*n[\"\^]*e|d[\"\^]*i[\"\^]*a[\"\^]*l)|r[\"\^]*(?:[\s,;]|\.|/|<|>).*)|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r[\"\^]*)?(?:[\s,;]|\.|/|<|>).*|t[\"\^]*s[\"\^]*h[\"\^]*a[\"\^]*r[\"\^]*e)|o[\"\^]*(?:u[\"\^]*t[\"\^]*e[\"\^]*(?:[\s,;]|\.|/|<|>).*|b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)|s[\"\^]*(?:t[\"\^]*r[\"\^]*u[\"\^]*i|y[\"\^]*n[\"\^]*c)|d[\"\^]*(?:[\s,;]|\.|/|<|>).*)|t[\"\^]*(?:a[\"\^]*(?:s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*c[\"\^]*h[\"\^]*d|m[\"\^]*g[\"\^]*r)|k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n)|(?:i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u|p[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*i|e[\"\^]*l[\"\^]*n[\"\^]*e|l[\"\^]*i[\"\^]*s)[\"\^]*t|s[\"\^]*(?:d[\"\^]*i[\"\^]*s[\"\^]*c[\"\^]*o|s[\"\^]*h[\"\^]*u[\"\^]*t[\"\^]*d)[\"\^]*n|y[\"\^]*p[\"\^]*e[\"\^]*(?:p[\"\^]*e[\"\^]*r[\"\^]*f|(?:[\s,;]|\.|/|<|>).*)|r[\"\^]*(?:a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*t|e[\"\^]*e))|w[\"\^]*(?:i[\"\^]*n[\"\^]*(?:d[\"\^]*i[\"\^]*f[\"\^]*f|m[\"\^]*s[\"\^]*d[\"\^]*p|v[\"\^]*a[\"\^]*r|r[\"\^]*[ms])|u[\"\^]*(?:a[\"\^]*(?:u[\"\^]*c[\"\^]*l[\"\^]*t|p[\"\^]*p)|s[\"\^]*a)|s[\"\^]*c[\"\^]*(?:r[\"\^]*i[\"\^]*p[\"\^]*t|u[\"\^]*i)|e[\"\^]*v[\"\^]*t[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|m[\"\^]*i[\"\^]*(?:m[\"\^]*g[\"\^]*m[\"\^]*t|c)|a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|h[\"\^]*o[\"\^]*a[\"\^]*m[\"\^]*i|g[\"\^]*e[\"\^]*t)|u[\"\^]*(?:s[\"\^]*(?:e[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*c[\"\^]*o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*t[\"\^]*r[\"\^]*o[\"\^]*l[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*t[\"\^]*i[\"\^]*n[\"\^]*g[\"\^]*s|r[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t)|n[\"\^]*(?:r[\"\^]*a[\"\^]*r|z[\"\^]*i[\"\^]*p))|q[\"\^]*(?:u[\"\^]*e[\"\^]*r[\"\^]*y[\"\^]*(?:[\s,;]|\.|/|<|>).*|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a|g[\"\^]*r[\"\^]*e[\"\^]*p)|o[\"\^]*(?:d[\"\^]*b[\"\^]*c[\"\^]*(?:a[\"\^]*d[\"\^]*3[\"\^]*2|c[\"\^]*o[\"\^]*n[\"\^]*f)|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|v[\"\^]*(?:o[\"\^]*l[\"\^]*(?:[\s,;]|\.|/|<|>).*|e[\"\^]*r[\"\^]*i[\"\^]*f[\"\^]*y)|x[\"\^]*c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|o[\"\^]*p[\"\^]*y)|z[\"\^]*i[\"\^]*p[\"\^]*(?:[\s,;]|\.|/|<|>).*)(?:\.[\"\^]*\w+)?\b" \ + "id:932115,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Windows Command Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-windows',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Windows PowerShell, cmdlets and options ] +# +# Detect some common PowerShell commands, cmdlets and options. +# These commands should be relatively uncommon in normal text, but +# potentially useful for code injection. +# +# If you are not running Windows, it is safe to disable this rule. +# +# https://technet.microsoft.com/en-us/magazine/ff714569.aspx +# https://msdn.microsoft.com/en-us/powershell/scripting/core-powershell/console/powershell.exe-command-line-help +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmFromFile windows-powershell-commands.data" \ + "id:932120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:cmdLine,t:lowercase,\ + msg:'Remote Command Execution: Windows PowerShell Command Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'language-powershell',\ + tag:'platform-windows',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Unix shell expressions ] +# +# Detects the following patterns which are common in Unix shell scripts +# and one-liners: +# +# $(foo) Command substitution +# ${foo} Parameter expansion +# <(foo) Process substitution +# >(foo) Process substitution +# $((foo)) Arithmetic expansion +# +# Regexp generated from util/regexp-assemble/regexp-932130.data using Regexp::Assemble. +# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" \ + "id:932130,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:cmdLine,\ + msg:'Remote Command Execution: Unix Shell Expression Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Windows FOR, IF commands ] +# +# This rule detects Windows command shell FOR and IF commands. +# If you are not running Windows, it is safe to disable this rule. +# +# Examples: +# +# FOR %a IN (set) DO +# FOR /D %a IN (dirs) DO +# FOR /F "options" %a IN (text|"text") DO +# FOR /L %a IN (start,step,end) DO +# FOR /R C:\dir %A IN (set) DO +# +# IF [/I] [NOT] EXIST filename | DEFINED define | ERRORLEVEL n | CMDEXTVERSION n +# IF [/I] [NOT] item1 [==|EQU|NEQ|LSS|LEQ|GTR|GEQ] item2 +# IF [/I] [NOT] (item1) [==|EQU|NEQ|LSS|LEQ|GTR|GEQ] (item2) +# +# http://ss64.com/nt/if.html +# http://ss64.com/nt/for.html +# +# Regexp generated from util/regexp-assemble/regexp-932140.data using Regexp::Assemble. +# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \b(?:if(?:/i)?(?: not)?(?: exist\b| defined\b| errorlevel\b| cmdextversion\b|(?: |\().*(?:\bgeq\b|\bequ\b|\bneq\b|\bleq\b|\bgtr\b|\blss\b|==))|for(?:/[dflr].*)? %+[^ ]+ in\(.*\)\s?do)" \ + "id:932140,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:cmdLine,\ + msg:'Remote Command Execution: Windows FOR/IF Command Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-windows',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Unix direct remote command execution ] +# +# Detects Unix commands at the start of a parameter (direct RCE). +# Example: foo=wget%20www.example.com +# +# This case is different from command injection (rule 932100), where a +# command string is appended (injected) to a regular parameter, and then +# passed to a shell unescaped. +# +# This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit: +# [ Oracle WebLogic vulnerability CVE-2017-10271 - Exploit tested: https://www.exploit-db.com/exploits/43458 ] +# +# Due to a higher risk of false positives, the following changes have been +# made relative to rule 932100: +# 1) the set of commands is smaller +# 2) we require a trailing space (denoting command parameters) or command +# separator character after the command +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932150.txt | ./regexp-cmdline.py unix | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:^|=)\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]* +# [regexp assembled from util/regexp-assemble/regexp-932150.txt] +# [\\\\'\"]*(?:\s|;|\||&|<|>)" \ +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:^|=)\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:l[\\\\'\"]*(?:s(?:[\\\\'\"]*(?:b[\\\\'\"]*_[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*a[\\\\'\"]*s[\\\\'\"]*e|c[\\\\'\"]*p[\\\\'\"]*u|m[\\\\'\"]*o[\\\\'\"]*d|p[\\\\'\"]*c[\\\\'\"]*i|u[\\\\'\"]*s[\\\\'\"]*b|-[\\\\'\"]*F|o[\\\\'\"]*f))?|z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|m[\\\\'\"]*(?:o[\\\\'\"]*r[\\\\'\"]*e|a)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s)|e[\\\\'\"]*s[\\\\'\"]*s[\\\\'\"]*(?:(?:f[\\\\'\"]*i[\\\\'\"]*l|p[\\\\'\"]*i[\\\\'\"]*p)[\\\\'\"]*e|e[\\\\'\"]*c[\\\\'\"]*h[\\\\'\"]*o)|a[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*(?:l[\\\\'\"]*o[\\\\'\"]*g(?:[\\\\'\"]*i[\\\\'\"]*n)?|c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*m)|w[\\\\'\"]*p(?:[\\\\'\"]*-[\\\\'\"]*d[\\\\'\"]*o[\\\\'\"]*w[\\\\'\"]*n[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*d)?|f[\\\\'\"]*t[\\\\'\"]*p(?:[\\\\'\"]*g[\\\\'\"]*e[\\\\'\"]*t)?|y[\\\\'\"]*n[\\\\'\"]*x)|s[\\\\'\"]*(?:e[\\\\'\"]*(?:t[\\\\'\"]*(?:e[\\\\'\"]*n[\\\\'\"]*v|s[\\\\'\"]*i[\\\\'\"]*d)|n[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*i[\\\\'\"]*l|d)|h(?:[\\\\'\"]*\.[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*s[\\\\'\"]*t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*b)?|o[\\\\'\"]*(?:u[\\\\'\"]*r[\\\\'\"]*c[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g[\\\\'\"]*s|y[\\\\'\"]*s[\\\\'\"]*c[\\\\'\"]*t[\\\\'\"]*l|c[\\\\'\"]*(?:h[\\\\'\"]*e[\\\\'\"]*d|p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|f[\\\\'\"]*t[\\\\'\"]*p|u[\\\\'\"]*d[\\\\'\"]*o|s[\\\\'\"]*h|v[\\\\'\"]*n)|p[\\\\'\"]*(?:t[\\\\'\"]*a[\\\\'\"]*r(?:[\\\\'\"]*(?:d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p))?|y[\\\\'\"]*t[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*n(?:[\\\\'\"]*(?:3(?:[\\\\'\"]*m)?|2))?|k[\\\\'\"]*(?:e[\\\\'\"]*x[\\\\'\"]*e[\\\\'\"]*c|i[\\\\'\"]*l[\\\\'\"]*l)|r[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*v|(?:g[\\\\'\"]*r[\\\\'\"]*e|f[\\\\'\"]*t)[\\\\'\"]*p|e[\\\\'\"]*r[\\\\'\"]*l(?:[\\\\'\"]*5)?|h[\\\\'\"]*p(?:[\\\\'\"]*[57])?|i[\\\\'\"]*n[\\\\'\"]*g|o[\\\\'\"]*p[\\\\'\"]*d)|n[\\\\'\"]*(?:c(?:[\\\\'\"]*(?:\.[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*d[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*o[\\\\'\"]*n[\\\\'\"]*a[\\\\'\"]*l|o[\\\\'\"]*p[\\\\'\"]*e[\\\\'\"]*n[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*d)|a[\\\\'\"]*t))?|e[\\\\'\"]*t[\\\\'\"]*(?:k[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*-[\\\\'\"]*f[\\\\'\"]*t[\\\\'\"]*p|(?:s[\\\\'\"]*t|c)[\\\\'\"]*a[\\\\'\"]*t)|o[\\\\'\"]*h[\\\\'\"]*u[\\\\'\"]*p|p[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*g|s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t)|t[\\\\'\"]*(?:c[\\\\'\"]*(?:p[\\\\'\"]*(?:t[\\\\'\"]*r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e|i[\\\\'\"]*n[\\\\'\"]*g)|s[\\\\'\"]*h)|r[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t[\\\\'\"]*e(?:[\\\\'\"]*6)?|i[\\\\'\"]*m[\\\\'\"]*e(?:[\\\\'\"]*o[\\\\'\"]*u[\\\\'\"]*t)?|a[\\\\'\"]*(?:i[\\\\'\"]*l(?:[\\\\'\"]*f)?|r)|e[\\\\'\"]*l[\\\\'\"]*n[\\\\'\"]*e[\\\\'\"]*t)|r[\\\\'\"]*(?:e[\\\\'\"]*(?:p[\\\\'\"]*(?:l[\\\\'\"]*a[\\\\'\"]*c[\\\\'\"]*e|e[\\\\'\"]*a[\\\\'\"]*t)|a[\\\\'\"]*l[\\\\'\"]*p[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*h|n[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*e)|u[\\\\'\"]*b[\\\\'\"]*y(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|m[\\\\'\"]*(?:u[\\\\'\"]*s[\\\\'\"]*e|d[\\\\'\"]*i)[\\\\'\"]*r|n[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*o|s[\\\\'\"]*y[\\\\'\"]*n[\\\\'\"]*c|c[\\\\'\"]*p)|b[\\\\'\"]*(?:z[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|c[\\\\'\"]*a[\\\\'\"]*t)|s[\\\\'\"]*d[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*f[\\\\'\"]*f|t[\\\\'\"]*a[\\\\'\"]*r)|u[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*n|a[\\\\'\"]*s[\\\\'\"]*h)|m[\\\\'\"]*(?:y[\\\\'\"]*s[\\\\'\"]*q[\\\\'\"]*l[\\\\'\"]*(?:d[\\\\'\"]*u[\\\\'\"]*m[\\\\'\"]*p(?:[\\\\'\"]*s[\\\\'\"]*l[\\\\'\"]*o[\\\\'\"]*w)?|h[\\\\'\"]*o[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*o[\\\\'\"]*p[\\\\'\"]*y|a[\\\\'\"]*d[\\\\'\"]*m[\\\\'\"]*i[\\\\'\"]*n|s[\\\\'\"]*h[\\\\'\"]*o[\\\\'\"]*w)|l[\\\\'\"]*o[\\\\'\"]*c[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*e|a[\\\\'\"]*i[\\\\'\"]*l[\\\\'\"]*q)|u[\\\\'\"]*(?:n[\\\\'\"]*(?:c[\\\\'\"]*o[\\\\'\"]*m[\\\\'\"]*p[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|l[\\\\'\"]*z[\\\\'\"]*m[\\\\'\"]*a|a[\\\\'\"]*m[\\\\'\"]*e|r[\\\\'\"]*a[\\\\'\"]*r|s[\\\\'\"]*e[\\\\'\"]*t|z[\\\\'\"]*i[\\\\'\"]*p|x[\\\\'\"]*z)|s[\\\\'\"]*e[\\\\'\"]*r[\\\\'\"]*(?:(?:a[\\\\'\"]*d|m[\\\\'\"]*o)[\\\\'\"]*d|d[\\\\'\"]*e[\\\\'\"]*l))|x[\\\\'\"]*(?:z(?:[\\\\'\"]*(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|d[\\\\'\"]*(?:i[\\\\'\"]*f[\\\\'\"]*f|e[\\\\'\"]*c)|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e))?|a[\\\\'\"]*r[\\\\'\"]*g[\\\\'\"]*s)|z[\\\\'\"]*(?:(?:(?:[ef][\\\\'\"]*)?g[\\\\'\"]*r[\\\\'\"]*e|i)[\\\\'\"]*p|c[\\\\'\"]*(?:a[\\\\'\"]*t|m[\\\\'\"]*p)|d[\\\\'\"]*i[\\\\'\"]*f[\\\\'\"]*f|l[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*s|m[\\\\'\"]*o[\\\\'\"]*r[\\\\'\"]*e|r[\\\\'\"]*u[\\\\'\"]*n|s[\\\\'\"]*h)|f[\\\\'\"]*(?:t[\\\\'\"]*p[\\\\'\"]*(?:s[\\\\'\"]*t[\\\\'\"]*a[\\\\'\"]*t[\\\\'\"]*s|w[\\\\'\"]*h[\\\\'\"]*o)|i[\\\\'\"]*l[\\\\'\"]*e[\\\\'\"]*t[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*t|e[\\\\'\"]*t[\\\\'\"]*c[\\\\'\"]*h|g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p)|c[\\\\'\"]*(?:o[\\\\'\"]*(?:m[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*d|p[\\\\'\"]*r[\\\\'\"]*o[\\\\'\"]*c)|u[\\\\'\"]*r[\\\\'\"]*l|s[\\\\'\"]*h|c)|e[\\\\'\"]*(?:g[\\\\'\"]*r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*h[\\\\'\"]*o|v[\\\\'\"]*a[\\\\'\"]*l|x[\\\\'\"]*e[\\\\'\"]*c|n[\\\\'\"]*v)|d[\\\\'\"]*(?:m[\\\\'\"]*e[\\\\'\"]*s[\\\\'\"]*g|a[\\\\'\"]*s[\\\\'\"]*h|i[\\\\'\"]*f[\\\\'\"]*f|o[\\\\'\"]*a[\\\\'\"]*s)|g[\\\\'\"]*(?:z[\\\\'\"]*(?:c[\\\\'\"]*a[\\\\'\"]*t|i[\\\\'\"]*p)|r[\\\\'\"]*e[\\\\'\"]*p|c[\\\\'\"]*c)|j[\\\\'\"]*(?:o[\\\\'\"]*b[\\\\'\"]*s[\\\\'\"]*\s+[\\\\'\"]*-[\\\\'\"]*x|a[\\\\'\"]*v[\\\\'\"]*a)|w[\\\\'\"]*(?:h[\\\\'\"]*o[\\\\'\"]*a[\\\\'\"]*m[\\\\'\"]*i|g[\\\\'\"]*e[\\\\'\"]*t|3[\\\\'\"]*m)|i[\\\\'\"]*r[\\\\'\"]*b(?:[\\\\'\"]*(?:1(?:[\\\\'\"]*[89])?|2[\\\\'\"]*[012]))?|o[\\\\'\"]*n[\\\\'\"]*i[\\\\'\"]*n[\\\\'\"]*t[\\\\'\"]*r|h[\\\\'\"]*(?:e[\\\\'\"]*a[\\\\'\"]*d|u[\\\\'\"]*p)|v[\\\\'\"]*i[\\\\'\"]*(?:g[\\\\'\"]*r|p[\\\\'\"]*w)|G[\\\\'\"]*E[\\\\'\"]*T)[\\\\'\"]*(?:\s|;|\||&|<|>)" \ + "id:932150,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Direct Unix Command Execution',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Unix shell snippets ] +# +# Detect some common sequences found in shell commands and scripts. +# +# Some commands which were restricted in earlier rules due to FP, +# have been added here with their full path, in order to catch some +# cases where the full path is sent. +# +# This rule is also triggered by an Apache Struts Remote Code Execution exploit: +# [ Apache Struts vulnerability CVE-2017-9805 - Exploit tested: https://www.exploit-db.com/exploits/42627 ] +# +# This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit: +# [ Oracle WebLogic vulnerability CVE-2017-10271 - Exploit tested: https://www.exploit-db.com/exploits/43458 ] + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmFromFile unix-shell.data" \ + "id:932160,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:cmdLine,t:normalizePath,t:lowercase,\ + msg:'Remote Command Execution: Unix Shell Code Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# [ Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) ] +# +# Detect exploitation of "Shellshock" GNU Bash RCE vulnerability. +# +# Based on ModSecurity rules created by Red Hat. +# Permission for use was granted by Martin Prpic +# +# https://access.redhat.com/articles/1212303 +# +SecRule REQUEST_HEADERS|REQUEST_LINE "@rx ^\(\s*\)\s+{" \ + "id:932170,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecode,\ + msg:'Remote Command Execution: Shellshock (CVE-2014-6271)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +SecRule ARGS_NAMES|ARGS|FILES_NAMES "@rx ^\(\s*\)\s+{" \ + "id:932171,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecode,t:urlDecodeUni,\ + msg:'Remote Command Execution: Shellshock (CVE-2014-6271)',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ Restricted File Upload ]=- +# +# Detects attempts to upload a file with a forbidden filename. +# +# Many application contain Unrestricted File Upload vulnerabilities. +# https://www.owasp.org/index.php/Unrestricted_File_Upload +# +# These might be abused to upload configuration files or other files +# that affect the behavior of the web server, possibly causing remote +# code execution. +# +SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X-File-Name \ + "@pmFromFile restricted-upload.data" \ + "id:932180,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'Restricted File Upload Attempt',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rce',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + + +# +# -=[ Rule 932200 ]=- +# +# Block RCE Bypass using different techniques: +# - uninitialized variables (https://www.secjuice.com/web-application-firewall-waf-evasion/) +# - string concatenations (https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0) +# - globbing patterns (https://medium.com/secjuice/waf-evasion-techniques-718026d693d8) +# +# Examples: +# - foo;cat$u+/etc$u/passwd +# - bar;cd+/etc;/bin$u/ca*+passwd +# - foo;ca\t+/et\c/pa\s\swd +# - foo;c'at'+/etc/pa's'swd +# +# Regex notes: https://regex101.com/r/JgZFRi/7 +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ([*?`\\'][^/\n]+/|\$[({\[#a-zA-Z0-9]|/[^/]+?[*?`\\'])" \ + "id:932200,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,t:urlDecodeUni,\ + msg:'RCE Bypass Technique',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-rce',\ + tag:'paranoia-level/2',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule MATCHED_VAR "@rx /" "t:none,t:urlDecodeUni,chain" + SecRule MATCHED_VAR "@rx \s" "t:none,t:urlDecodeUni,\ + setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + +# Missing Unix commands have been added to a new word list i.e. +# util/regexp-assemble/regexp-932106.txt +# These commands may have a higher risk of false positives. +# Therefore, they have been split off to a separate rule in PL3. +# For explanation of this rule, see rule 932100. +# +# To rebuild the word list regexp: +# cd util/regexp-assemble +# cat regexp-932106.txt | ./regexp-cmdline.py unix | ./regexp-assemble.pl +# +# Then insert the assembled regexp into this template: +# +# SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]* +# [regexp assembled from util/regexp-assemble/regexp-932106.txt] +# \b" \ +# +# This rule is a stricter sibling of rule 932100. + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:;|\{|\||\|\||&|&&|\n|\r|\$\(|\$\(\(|`|\${|<\(|>\(|\(\s*\))\s*(?:{|\s*\(\s*|\w+=(?:[^\s]*|\$.*|\$.*|<.*|>.*|\'.*\'|\".*\")\s+|!\s*|\$)*\s*(?:'|\")*(?:[\?\*\[\]\(\)\-\|+\w'\"\./\\\\]+/)?[\\\\'\"]*(?:(?:(?:a[\\\\'\"]*p[\\\\'\"]*t[\\\\'\"]*i[\\\\'\"]*t[\\\\'\"]*u[\\\\'\"]*d|u[\\\\'\"]*p[\\\\'\"]*2[\\\\'\"]*d[\\\\'\"]*a[\\\\'\"]*t)[\\\\'\"]*e|d[\\\\'\"]*n[\\\\'\"]*f|v[\\\\'\"]*i)[\\\\'\"]*(?:\s|<|>).*|p[\\\\'\"]*(?:a[\\\\'\"]*c[\\\\'\"]*m[\\\\'\"]*a[\\\\'\"]*n[\\\\'\"]*(?:\s|<|>).*|w[\\\\'\"]*d|s)|w[\\\\'\"]*(?:(?:\s|<|>).*|h[\\\\'\"]*o))\b" \ + "id:932106,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'Remote Command Execution: Unix Command Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + +# +# -=[ Bypass Rule 930120 (wildcard) ]=- +# +# When Paranoia Level is set to 1 and 2, a Remote Command Execution +# could be exploited bypassing rule 930120 (OS File Access Attempt) +# by using wildcard characters. +# +# In some other cases, it could be bypassed even if the Paranoia Level is set to 3. +# Please, keep in mind that this rule could lead to many false positives. +# +SecRule ARGS "@rx (?:/|\\\\)(?:[\?\*]+[a-z/\\\\]+|[a-z/\\\\]+[\?\*]+)" \ + "id:932190,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecode,t:urlDecodeUni,t:normalizePath,t:cmdLine,\ + msg:'Remote Command Execution: Wildcard bypass technique attempt',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-shell',\ + tag:'platform-unix',\ + tag:'attack-rce',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/248/88',\ + tag:'PCI/6.5.2',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-932-APPLICATION-ATTACK-RCE" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf new file mode 100644 index 0000000..58be88f --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf @@ -0,0 +1,734 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + +# +# -=[ PHP Injection Attacks ]=- +# +# [ References ] +# http://rips-scanner.sourceforge.net/ +# https://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Executionh +# + +# +# [ PHP Open Tag Found ] +# +# Detects PHP open tags "', but +# this resulted in false positives which were difficult to prevent. +# Therefore, that pattern is now checked by rule 933190 in paranoia levels +# 3 or higher. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:<\?(?:[^x]|x[^m]|xm[^l]|xml[^\s]|xml$|$)|<\?php|\[(?:\/|\\\\)?php\])" \ + "id:933100,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:lowercase,\ + msg:'PHP Injection Attack: PHP Open Tag Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# [ PHP Script Uploads ] +# +# Block file uploads with filenames ending in PHP related extensions +# (.php, .phps, .phtml, .php5 etc). +# +# Many application contain Unrestricted File Upload vulnerabilities. +# https://www.owasp.org/index.php/Unrestricted_File_Upload +# +# Attackers may use such a vulnerability to achieve remote code execution +# by uploading a .php file. If the upload storage location is predictable +# and not adequately protected, the attacker may then request the uploaded +# .php file and have the code within it executed on the server. +# +# Also block files with just dot (.) characters after the extension: +# https://community.rapid7.com/community/metasploit/blog/2013/08/15/time-to-patch-joomla +# +# Some AJAX uploaders use the nonstandard request headers X-Filename, +# X_Filename, or X-File-Name to transmit the file name to the server; +# scan these request headers as well as multipart/form-data file names. +# +SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name "@rx .*\.(?:php\d*|phtml)\.*$" \ + "id:933110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'PHP Injection Attack: PHP Script File Upload Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Configuration Directives ] +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmFromFile php-config-directives.data" \ + "id:933120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:normalisePath,t:lowercase,\ + msg:'PHP Injection Attack: Configuration Directive Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule MATCHED_VARS "@pm =" \ + "capture,\ + ctl:auditLogParts=+E,\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Variables ] +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pmFromFile php-variables.data" \ + "id:933130,\ + phase:2,\ + block,\ + capture,\ + t:none,t:normalisePath,t:urlDecodeUni,t:lowercase,\ + msg:'PHP Injection Attack: Variables Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP I/O Streams ] +# +# The "php://" syntax can be used to refer to various objects, such as local files (for LFI), +# remote urls (for RFI), or standard input/request body. Its occurrence indicates a possible attempt +# to either inject PHP code or exploit a file inclusion vulnerability in a PHP web app. +# +# Examples: +# php://filter/resource=./../../../wp-config.php +# php://filter/resource=http://www.example.com +# php://stdin +# php://input +# +# http://php.net/manual/en/wrappers.php.php +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" \ + "id:933140,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'PHP Injection Attack: I/O Stream Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Wrappers ] +# +# PHP comes with many built-in wrappers for various URL-style protocols for use with the filesystem +# functions such as fopen(), copy(), file_exists() and filesize(). Abusing of PHP wrappers like phar:// +# could lead to RCE as describled by Sam Thomas at BlackHat USA 2018 (https://bit.ly/2yaKV5X), even +# wrappers like zlib://, glob://, rar://, zip://, etc... could lead to LFI and expect:// to RCE. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:zlib|glob|phar|ssh2|rar|ogg|expect|zip)://" \ + "id:933200,\ + phase:2,\ + block,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,\ + msg:'PHP Injection Attack: Wrapper scheme detected',\ + logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Functions ] +# +# Detecting PHP function names is useful to block PHP code injection attacks. +# There are many PHP functions. We have to strike a balance between robust detection +# of PHP code in content, and the risk of false positives. +# +# The list of PHP functions is divided into four groups of varying attack/false positive risk. +# Four separate rules are used to detect these groups of functions: +# +# - Rule 933150: ~40 words highly common to PHP injection payloads and extremely rare in +# natural language or other contexts. +# Examples: 'base64_decode', 'file_get_contents'. +# These words are detected as a match directly using @pmFromFile. +# Function names are defined in php-function-names-933150.data +# +# - Rule 933160: ~220 words which are common in PHP code, but have a higher chance to cause +# false positives in natural language or other contexts. +# Examples: 'chr', 'eval'. +# To mitigate false positives, a regexp looks for PHP function syntax, e.g. 'eval()'. +# Regexp is generated from function names in util/regexp-assemble/regexp-933160.data +# +# - Rule 933151: ~1300 words of lesser importance. This includes most PHP functions and keywords. +# Examples: 'addslashes', 'array_diff'. +# For performance reasons, the @pmFromFile operator is used, and many functions from lesser +# used PHP extensions are removed. +# To mitigate false positives, we only match when the '(' character is also found. +# This rule only runs in paranoia level 2 or higher. +# Function names are defined in php-function-names-933151.data +# +# - Rule 933161: ~200 words with short or trivial names, possibly leading to false positives. +# Examples: 'abs', 'cos'. +# To mitigate false positives, a regexp matches on function syntax, e.g. 'abs()'. +# This rule only runs in paranoia level 3 or higher. +# Regexp is generated from function names in util/regexp-assemble/regexp-933161.data +# + + +# +# [ PHP Functions: High-Risk PHP Function Names ] +# +# Rule 933150 contains a small list of function names which are highly indicative of a PHP +# injection attack, for example 'base64_decode'. +# We block these function names outright, without using a complex regexp or chain. +# This could make the detection a bit more robust against possible bypasses. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@pmFromFile php-function-names-933150.data" \ + "id:933150,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'PHP Injection Attack: High-Risk PHP Function Name Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Functions: High-Risk PHP Function Calls ] +# +# Some PHP function names have a certain risk of false positives, due to short +# names, full or partial overlap with common natural language terms, uses in +# other contexts, et cetera. Some examples are 'eval', 'exec', 'system'. +# +# For these function names, we apply a regexp to look for PHP function syntax. +# The regexp looks for a word boundary and adjoining parentheses. +# For instance, we want to block 'eval()', but we want to allow 'medieval()'. +# +# We have to be careful of possible bypasses using comment syntax. Examples: +# +# system(...) +# system (...) +# system\t(...) +# system /*comment*/ (...) +# system /*multiline \n comment*/ (...) +# system //comment \n (...) +# system #comment \n (...) +# +# This rule is also triggered by the following exploit(s): +# [ Apache Struts vulnerability CVE-2017-9791 - Exploit tested: https://www.exploit-db.com/exploits/42324 ] +# [ Apache Struts vulnerability CVE-2018-11776 - Exploit tested: https://www.exploit-db.com/exploits/45260 ] +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +# Regexp generated from util/regexp-assemble/regexp-933160.data using Regexp::Assemble. +# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage. +# +# Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble +# output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|b(?:(?:son_(?:de|en)|ase64_en)code|zopen)|var_dump)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" \ + "id:933160,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'PHP Injection Attack: High-Risk PHP Function Call Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Object Injection ] +# +# PHP Object Injection is an application level vulnerability that could allow +# an attacker to perform different kinds of malicious attacks, such as +# Code Injection, SQL Injection, Path Traversal and Application Denial of Service, +# depending on the context. +# +# The vulnerability occurs when user-supplied input is not properly sanitized +# before being passed to the unserialize() PHP function. Since PHP allows object +# serialization, attackers could pass ad-hoc serialized strings to a vulnerable +# unserialize() call, resulting in an arbitrary PHP object(s) injection into the +# application scope. +# +# https://www.owasp.org/index.php/PHP_Object_Injection +# +# In serialized form, PHP objects have the following format: +# +# O:8:"stdClass":1:{s:1:"a";i:2;} +# O:3:"Foo":0:{} +# +# Also detected are PHP objects with a custom unserializer: +# http://www.phpinternalsbook.com/classes_objects/serialization.html +# These have the following format: +# +# C:11:"ArrayObject":37:{x:i:0;a:1:{s:1:"a";s:1:"b";};m:a:0:{}} +# C:3:"Foo":23:{s:15:"My private data";} +# +# HTTP headers are inspected, since PHP object injection vulnerabilities have been +# found in applications parsing them: +# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8562 (User-Agent header) +# https://www.exploit-db.com/exploits/39033/ (X-Forwarded-For header) +# http://karmainsecurity.com/KIS-2015-10 (Host header) +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|ARGS_NAMES|ARGS|XML:/* "@rx [oOcC]:\d+:\".+?\":\d+:{.*}" \ + "id:933170,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'PHP Injection Attack: Serialized Object Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + + +# +# [ PHP Functions: Variable Function Calls ] +# +# PHP 'variable functions' provide an alternate syntax for calling PHP functions. +# http://php.net/manual/en/functions.variable-functions.php +# +# An attacker may use variable function syntax to evade detection of function +# names during exploitation of a remote code execution vulnerability. +# An example to use the 'file_get_contents' function while evading rule 933150: +# +# $fn = 'file_' . 'get_' . 'contents'; +# echo $fn('wp-co' . 'nfig.php'); +# +# Some examples from obfuscated malware: +# +# $OOO0000O0(...) +# @$b374k(...) +# $_[@-_]($_[@!+_] ) +# +# A breakdown of the regular expression: +# +# \$+ +# The variable's '$' char, or multiple '$' for 'variable variables': +# http://php.net/manual/en/language.variables.variable.php +# (?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+}) +# One of the following: +# - A variable name; regexp from http://php.net/language.variables.basics +# - A nonempty expression for variable variables: ${'fn'} or $ {'fn'} +# (?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)* +# Optional whitespace, array access, or comments +# \(.*\) +# Parentheses optionally containing function parameters +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@rx \$+(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+})(?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)*\(.*\)" \ + "id:933180,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'PHP Injection Attack: Variable Function Call Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# [ PHP Functions: Variable Function Prevent Bypass ] +# +# Referring to https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/ +# the rule 933180 could be bypassed by using the following payloads: +# +# - (system)('uname') +# - (sy.(st).em)('uname') +# - (string)"system"('uname') +# - define('x', 'sys' . 'tem');(x)/* comment */('uname') +# - $y = 'sys'.'tem';($y)('uname') +# - define('z', [['sys' .'tem']]);(z)[0][0]('uname'); +# - (system)(ls) +# - (/**/system)(ls/**/); +# - (['system'])[0]('uname'); +# - (++[++system++][++0++])++{/*dsasd*/0}++(++ls++); +# +# This rule blocks all payloads above and avoids to block values like: +# +# - [ACME] this is a test (just a test) +# - Test (with two) rounded (brackets) +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@rx (?:(?:\(|\[)[a-zA-Z0-9_.$\"'\[\](){}/*\s]+(?:\)|\])[0-9_.$\"'\[\](){}/*\s]*\([a-zA-Z0-9_.$\"'\[\](){}/*\s].*\)|\([\s]*string[\s]*\)[\s]*(?:\"|'))" \ + "id:933210,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecode,t:replaceComments,t:compressWhitespace,\ + msg:'PHP Injection Attack: Variable Function Call Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +# +# [ PHP Functions: Medium-Risk PHP Function Names ] +# +# In paranoia level 2, we add additional checks for most PHP functions. +# +# The size of the PHP function list is considerable. +# Even after excluding the more obscure PHP extensions, 1300+ functions remain. +# For performance and maintenance reasons, this rule does not use a regexp, +# but uses a phrase file (@pmFromFile), and additionally looks for an '(' character +# in the matched variable. +# +# This approach carries some risk for false positives. Therefore, the function list +# has been curated to remove words closely matching natural language and terms often +# used in other contexts. +# +# This rule is a stricter sibling of rule 933150. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@pmFromFile php-function-names-933151.data" \ + "id:933151,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'PHP Injection Attack: Medium-Risk PHP Function Name Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/2',\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + chain" + SecRule MATCHED_VARS "@pm (" \ + "capture,\ + ctl:auditLogParts=+E,\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + +# +# [ PHP Variables: Common Variable Indexes ] +# +# In paranoia level 3, we add additional checks for parameters to many PHP variables. +# +# +# One of the more common variables used within attacks on PHP is $_SERVER. Because +# of how many different ways PHP has for executing variables (variable variables, +# etc) often just looking for $_SERVER will be less effective than looking for the +# various indexes within $_SERVER. This rule checks for these indexes. +# This rule is located in PL 3 because often developers will use these names as +# parameter names or values and this will lead to false positives. +# Because this list is not expected to change and it is limited in size we use a +# regex in this case to look for these values whereas in its sibling rule we use +# @pmFromFile for flexibility and performance. +# +# To rebuild the regexp: +# cd util/regexp-assemble +# ./regexp-assemble.pl < regexp-933131.data +# +# This rule is a stricter sibling of rule 933130. +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)" \ + "id:933131,\ + phase:2,\ + block,\ + capture,\ + t:none,t:normalisePath,t:urlDecodeUni,\ + msg:'PHP Injection Attack: Variables Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Functions: Low-Value PHP Function Calls ] +# +# In paranoia level 3, we add additional checks for the remaining PHP functions. +# +# Most of these function names are likely to cause false positives in natural text +# or common parameter values, such as 'abs', 'copy', 'date', 'key', 'max', 'min'. +# Therefore, these function names are not scanned in lower paranoia levels. +# +# To mitigate the risk of false positives somewhat, a regexp is used to look for +# PHP function syntax. (See rule 933160 for a description.) +# +# This rule is a stricter sibling of rule 933160. +# +# This rule is also triggered by the following exploit(s): +# [ Apache Struts vulnerability CVE-2018-11776 - Exploit tested: https://www.exploit-db.com/exploits/45262 ] +# [ SAP CRM Java vulnerability CVE-2018-2380 - Exploit tested: https://www.exploit-db.com/exploits/44292 ] +# +# Regexp generated from util/regexp-assemble/regexp-933161.data using Regexp::Assemble. +# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage. +# +# Note that after assemble, PHP function syntax pre/postfix is added to the Regexp::Assemble +# output. Example: "@rx (?i)\bASSEMBLE_OUTPUT_HERE(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\b(?:i(?:s(?:_(?:in(?:t(?:eger)?|finite)|n(?:u(?:meric|ll)|an)|(?:calla|dou)ble|s(?:calar|tring)|f(?:inite|loat)|re(?:source|al)|l(?:ink|ong)|a(?:rray)?|object|bool)|set)|n(?:(?:clud|vok)e|t(?:div|val))|(?:mplod|dat)e|conv)|s(?:t(?:r(?:(?:le|sp)n|coll)|at)|(?:e(?:rializ|ttyp)|huffl)e|i(?:milar_text|zeof|nh?)|p(?:liti?|rintf)|(?:candi|ubst)r|y(?:mlink|slog)|o(?:undex|rt)|leep|rand|qrt)|f(?:ile(?:(?:siz|typ)e|owner|pro)|l(?:o(?:atval|ck|or)|ush)|(?:rea|mo)d|t(?:ell|ok)|unction|close|gets|stat|eof)|c(?:h(?:o(?:wn|p)|eckdate|root|dir|mod)|o(?:(?:(?:nsta|u)n|mpac)t|sh?|py)|lose(?:dir|log)|(?:urren|ryp)t|eil)|e(?:x(?:(?:trac|i)t|p(?:lode)?)|a(?:ster_da(?:te|ys)|ch)|r(?:ror_log|egi?)|mpty|cho|nd)|l(?:o(?:g(?:1[0p])?|caltime)|i(?:nk(?:info)?|st)|(?:cfirs|sta)t|evenshtein|trim)|d(?:i(?:(?:skfreespac)?e|r(?:name)?)|e(?:fined?|coct)|(?:oubleva)?l|ate)|r(?:e(?:(?:quir|cod|nam)e|adlin[ek]|wind|set)|an(?:ge|d)|ound|sort|trim)|m(?:b(?:split|ereg)|i(?:crotime|n)|a(?:i[ln]|x)|etaphone|y?sql|hash)|u(?:n(?:(?:tain|se)t|iqid|link)|s(?:leep|ort)|cfirst|mask)|a(?:s(?:(?:se|o)rt|inh?)|r(?:sort|ray)|tan[2h]?|cosh?|bs)|t(?:e(?:xtdomain|mpnam)|a(?:int|nh?)|ouch|ime|rim)|h(?:e(?:ader(?:s_(?:lis|sen)t)?|brev)|ypot|ash)|p(?:a(?:thinfo|ck)|r(?:intf?|ev)|close|o[sw]|i)|g(?:et(?:t(?:ext|ype)|date)|mdate)|o(?:penlog|ctdec|rd)|b(?:asename|indec)|n(?:atsor|ex)t|k(?:sort|ey)|quotemeta|wordwrap|virtual|join)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" \ + "id:933161,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'PHP Injection Attack: Low-Value PHP Function Call Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# +# [ PHP Script Uploads: Superfluous extension ] +# +# Block file uploads with PHP related extensions (.php, .phps, .phtml, +# .php5 etc) anywhere in the name, followed by a dot. +# +# Example: index.php.tmp +# +# Uploading of such files can lead to remote code execution if +# Apache is configured with AddType and MultiViews, as Apache will +# automatically do a filename match when the extension is unknown. +# This configuration is fortunately not common in modern installs. +# +# Blocking these file names might lead to more false positives. +# +# Some AJAX uploaders use the nonstandard request headers X-Filename, +# X_Filename, or X-File-Name to transmit the file name to the server; +# scan these request headers as well as multipart/form-data file names. +# +# This rule is a stricter sibling of rule 933110. +# +SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name "@rx .*\.(?:php\d*|phtml)\..*$" \ + "id:933111,\ + phase:2,\ + block,\ + capture,\ + t:none,t:lowercase,\ + msg:'PHP Injection Attack: PHP Script File Upload Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +# [ PHP Closing Tag Found ] +# +# http://www.php.net/manual/en/language.basic-syntax.phptags.php +# +# This check was extracted from 933100 (paranoia level 1), since the +# checked sequence '?>' commonly causes false positives. +# See issue #654 for discussion. +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm ?>" \ + "id:933190,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,\ + msg:'PHP Injection Attack: PHP Closing Tag Found',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-php',\ + tag:'platform-multi',\ + tag:'attack-injection-php',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/3',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl3=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-933-APPLICATION-ATTACK-PHP" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf new file mode 100644 index 0000000..89f495a --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf @@ -0,0 +1,96 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + + +# [ Insecure unserialization / generic RCE signatures ] +# +# Libraries performing insecure unserialization: +# - node-serialize: _$$ND_FUNC$$_ (CVE-2017-5941) +# - funcster: __js_function +# +# See: +# https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ +# https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/ +# +# Some generic snippets used: +# - function() { +# - new Function( +# - eval( +# - String.fromCharCode( +# +# Last two are used by nodejsshell.py, +# https://github.com/ajinabraham/Node.Js-Security-Course/blob/master/nodejsshell.py +# +# As base64 is sometimes (but not always) used to encode serialized values, +# use multiMatch and t:base64decode. +# +# Regexp generated from util/regexp-assemble/regexp-934100.data using Regexp::Assemble. +# See https://coreruleset.org/20190826/optimizing-regular-expressions/ for usage. + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:(?:_(?:\$\$ND_FUNC\$\$_|_js_function)|(?:new\s+Function|\beval)\s*\(|String\s*\.\s*fromCharCode|function\s*\(\s*\)\s*{|this\.constructor)|module\.exports\s*=)" \ + "id:934100,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:base64Decode,\ + msg:'Node.js Injection Attack',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-javascript',\ + tag:'platform-multi',\ + tag:'attack-rce',\ + tag:'attack-injection-nodejs',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + multiMatch,\ + setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +# +# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher) +# + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,skipAfter:END-REQUEST-934-APPLICATION-ATTACK-NODEJS" +# +# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher) +# + + + +# +# -= Paranoia Levels Finished =- +# +SecMarker "END-REQUEST-934-APPLICATION-ATTACK-NODEJS" diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf new file mode 100644 index 0000000..3b2376b --- /dev/null +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-d.azure.adnovum.net/WEB-INF/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf @@ -0,0 +1,885 @@ +# ------------------------------------------------------------------------ +# OWASP ModSecurity Core Rule Set ver.3.3.5 +# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. +# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENSE file for full details. +# ------------------------------------------------------------------------ + +# +# -= Paranoia Level 0 (empty) =- (apply unconditionally) +# + + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +# +# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher) +# + + +# +# -=[ Libinjection - XSS Detection ]=- +# +# Ref: https://github.com/client9/libinjection +# Ref: https://speakerdeck.com/ngalbreath/libinjection-from-sqli-to-xss +# +# -=[ Targets ]=- +# +# 941100: PL1 : REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/| +# REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent| +# ARGS_NAMES|ARGS|XML:/* +# +# 941101: PL2 : REQUEST_HEADERS:Referer +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/* "@detectXSS" \ + "id:941100,\ + phase:2,\ + block,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Attack Detected via libinjection',\ + logdata:'Matched Data: XSS data found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ XSS Filters - Category 1 ]=- +# http://xssplayground.net23.net/xssfilter.html +# script tag based XSS vectors, e.g., +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@rx (?i)]*>[\s\S]*?" \ + "id:941110,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Filter - Category 1: Script Tag Vector',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ XSS Filters - Category 2 ]=- +# XSS vectors making use of event handlers like onerror, onload etc, e.g., +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\"'`;\/0-9=\x0B\x09\x0C\x3B\x2C\x28\x3B]on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=" \ + "id:941120,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Filter - Category 2: Event Handler Vector',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ XSS Filters - Category 3 ]=- +# +# Regexp generated from util/regexp-assemble/regexp-941130.data using Regexp::Assemble. +# To rebuild the regexp: +# cd util/regexp-assemble +# ./regexp-assemble.pl regexp-941130.data +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\S](?:!ENTITY\s+(?:\S+|%\s+\S+)\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text\/html|pattern\b.*?=|formaction|\@import|;base64)\b" \ + "id:941130,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Filter - Category 3: Attribute Vector',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ XSS Filters - Category 4 ]=- +# XSS vectors making use of javascript uri and tags, e.g.,

+# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\b[^>]*?>[\s\S]*?|(?:=|U\s*?R\s*?L\s*?\()\s*?[^>]*?\s*?S\s*?C\s*?R\s*?I\s*?P\s*?T\s*?:)" \ + "id:941140,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Filter - Category 4: Javascript URI Vector',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# -=[ NoScript XSS Filters ]=- +# Ref: http://noscript.net/ +# +# [NoScript InjectionChecker] HTML injection +# +# Regexp generated from util/regexp-assemble/regexp-941160.data using Regexp::Assemble. +# To rebuild the regexp: +# cd util/regexp-assemble +# ./regexp-assemble.pl regexp-941160.data +# Note that after assemble an ignore case flag (i) is added to the to the Regexp::Assemble output: +# Add ignore case flag between '?' and ':': "(?i:...)" +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|(?:peech|ound)(?:start|end)|u(?:ccess|spend|bmit)|croll|how)|m(?:o(?:z(?:(?:pointerlock|fullscreen)(?:change|error)|(?:orientation|time)change|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|b(?:e(?:fore(?:(?:(?:de)?activa|scriptexecu)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ransition(?:cancel|end|run)|ime(?:update|out)|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom)|s(?:tyle|rc)|background|formaction|lowsrc|ping)[\s\x08]*?=|<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*\W*?(?:(?:a\W*?(?:n\W*?i\W*?m\W*?a\W*?t\W*?e|p\W*?p\W*?l\W*?e\W*?t|u\W*?d\W*?i\W*?o)|b\W*?(?:i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|a\W*?s\W*?e|o\W*?d\W*?y)|i?\W*?f\W*?r\W*?a\W*?m\W*?e|o\W*?b\W*?j\W*?e\W*?c\W*?t|i\W*?m\W*?a?\W*?g\W*?e?|e\W*?m\W*?b\W*?e\W*?d|p\W*?a\W*?r\W*?a\W*?m|v\W*?i\W*?d\W*?e\W*?o|l\W*?i\W*?n\W*?k)[^>\w]|s\W*?(?:c\W*?r\W*?i\W*?p\W*?t|t\W*?y\W*?l\W*?e|e\W*?t[^>\w]|v\W*?g)|m\W*?(?:a\W*?r\W*?q\W*?u\W*?e\W*?e|e\W*?t\W*?a[^>\w])|f\W*?o\W*?r\W*?m))" \ + "id:941160,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'NoScript XSS InjectionChecker: HTML Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [NoScript InjectionChecker] Attributes injection +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:\W|^)(?:javascript:(?:[\s\S]+[=\\\(\[\.<]|[\s\S]*?(?:\bname\b|\\[ux]\d))|data:(?:(?:[a-z]\w+\/\w[\w+-]+\w)?[;,]|[\s\S]*?;[\s\S]*?\b(?:base64|charset=)|[\s\S]*?,[\s\S]*?<[\s\S]*?\w[\s\S]*?>))|@\W*?i\W*?m\W*?p\W*?o\W*?r\W*?t\W*?(?:\/\*[\s\S]*?)?(?:[\"']|\W*?u\W*?r\W*?l[\s\S]*?\()|\W*?-\W*?m\W*?o\W*?z\W*?-\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g[\s\S]*?:[\s\S]*?\W*?u\W*?r\W*?l[\s\S]*?\(" \ + "id:941170,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'NoScript XSS InjectionChecker: Attribute Injection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +# +# [Blacklist Keywords from Node-Validator] +# https://raw.github.com/chriso/node-validator/master/validator.js +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm document.cookie document.write .parentnode .innerhtml window.location -moz-binding .*?(?:@[i\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\\\\]|&#x?0*(?:40|28|92|5C);?)))" \ + "id:941190,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'IE XSS Filters - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)" \ + "id:941200,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'IE XSS Filters - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)" \ + "id:941210,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'IE XSS Filters - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)" \ + "id:941220,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'IE XSS Filters - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)]" \ + "id:941290,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'IE XSS Filters - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)]*[\xbe>]|<[^\xbe]*\xbe" \ + "id:941310,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\ + msg:'US-ASCII Malformed Encoding XSS Filter - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-tomcat',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# https://nedbatchelder.com/blog/200704/xss_with_utf7.html +# UTF-7 encoding XSS filter evasion for IE. +# Reported by Vladimir Ivanov +# + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \+ADw-.*(?:\+AD4-|>)|<.*\+AD4-" \ + "id:941350,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\ + msg:'UTF-7 Encoding IE XSS - Attack Detected',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-internet-explorer',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Defend against JSFuck and Hieroglyphy obfuscation of Javascript code +# +# https://en.wikipedia.org/wiki/JSFuck +# https://github.com/alcuadrado/hieroglyphy +# +# These JS obfuscations mostly aim for client side XSS exploits, hence the +# integration of this rule into the XSS rule group. But serverside JS could +# also be attacked via these techniques. +# +# Detection pattern / Core elements of JSFuck and Hieroglyphy are the +# following two items: +# !![] +# !+[] +# +# ModSecurity always transforms "+" into " " with query strings and the +# URLENCODE body processor (but not for JSON). So we need to check for +# the following patterns: +# !![] +# !+[] +# ! [] + +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ![!+ ]\[\]" \ + "id:941360,\ + phase:2,\ + block,\ + capture,\ + t:none,\ + msg:'JSFuck / Hieroglyphy obfuscation detected',\ + logdata:'Matched Data: Suspicious payload found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242/63',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + +# +# Prevent 941180 bypass by using JavaScript global variables +# Refer to: https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ +# +# Examples: +# - /?search=/?a=";+alert(self["document"]["cookie"]);// +# - /?search=/?a=";+document+/*foo*/+.+/*bar*/+cookie;// +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML:/* "@rx (?:self|document|this|top|window)\s*(?:/\*|[\[)]).+?(?:\]|\*/)" \ + "id:941370,\ + phase:2,\ + block,\ + capture,\ + t:none,t:urlDecodeUni,t:compressWhitespace,\ + msg:'JavaScript global variable found',\ + logdata:'Matched Data: Suspicious JS global variable found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'attack-xss',\ + tag:'paranoia-level/1',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242/63',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'" + + +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +# +# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher) +# + +# +# This is a stricter sibling of rule 941100. +# +SecRule REQUEST_HEADERS:Referer "@detectXSS" \ + "id:941101,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Attack Detected via libinjection',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +# +# -=[ XSS Filters - Category 5 ]=- +# HTML attributes - src, style and href +# +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\b(?:s(?:tyle|rc)|href)\b[\s\S]*?=" \ + "id:941150,\ + phase:2,\ + block,\ + capture,\ + t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\ + msg:'XSS Filter - Category 5: Disallowed HTML Attributes',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + tag:'application-multi',\ + tag:'language-multi',\ + tag:'platform-multi',\ + tag:'attack-xss',\ + tag:'OWASP_CRS',\ + tag:'capec/1000/152/242',\ + tag:'paranoia-level/2',\ + ctl:auditLogParts=+E,\ + ver:'OWASP_CRS/3.3.5',\ + severity:'CRITICAL',\ + setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ + setvar:'tx.anomaly_score_pl2=+%{tx.critical_anomaly_score}'" + + +# Detect tags that are the most common direct HTML injection points. +# +# +# +# +#