Merge pull request #6 from DSorlov/dev

1.1.3

certs/frejaeid_prod_aRw9OLn2BhM7hxoc458cIXHfezw.jwt

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvTCCAyWgAwIBAgIUHOOkesGZPQnJ2w/tfx3ia9LQR1swDQYJKoZIhvcNAQEL
+BQAweTELMAkGA1UEBhMCU0UxFDASBgNVBGETCzU1OTExMC00ODA2MR0wGwYDVQQK
+ExRWZXJpc2VjIEZyZWphIGVJRCBBQjETMBEGA1UECxMKUHJvZHVjdGlvbjEgMB4G
+A1UEAxMXRnJlamEgZUlEIElzc3VpbmcgQ0EgdjEwHhcNMjAwNTE0MDkxODU1WhcN
+MjMwNTE0MDkxODU1WjB6MSEwHwYDVQQDExhGcmVqYSBlSUQgSldTIFNpZ25pbmcg
+djIxFDASBgNVBGETCzU1OTExMC00ODA2MRMwEQYDVQQLEwpQcm9kdWN0aW9uMR0w
+GwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjELMAkGA1UEBhMCU0UwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1b0Napazk5UxsaV5aO82d1ab6wXMO
+ci+Tvv08sIGx8PXYYOvA1GRsJy+l5hDjbdzhk3ftrlx1gq7WmRhFgFuwP8ZHAWIq
+OF/JQQtKUEPrUbMulqJyMyAvb+tpGyBNTHpvOSIvcazTq9jdDkKQ5xuaGpVdE3dh
+8og2bJbKbXBlSuBxB85L5IxZvkQJ8Fs40rLVN58p3ppX36d5aHVLBp+7f1hRGpI9
+KTKoeH5RVtF/BaVLNWnKZ5WEiG5G4tbzc6H06UeUFu/XGXTl3ji7Kd5w5/aSFP1+
+XF0ntRtdJkCvPI/eYEF8KDsJR9V1wOn+Wje/J2YLZ33giD+HLUbZfNBxAgMBAAGj
+gbswgbgwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwWAYIKwYBBQUHAQEE
+TDBKMEgGCCsGAQUFBzAChjxodHRwczovL3d3dy5mcmVqYWVpZC5jb20vdGMvY2Vy
+dHMvZnJlamFlaWRfaXNzdWluZ19jYV92MS5jZXIwHwYDVR0jBBgwFoAUED8kN9o6
+iEfwKOPN0xXwS6n2sVAwHQYDVR0OBBYEFLPEmwpnlugc7/DRNhyS4Uaw3d/PMA0G
+CSqGSIb3DQEBCwUAA4IBgQAn4coTJBL7PUQhpRVNbGyigWIyOfumxkiIU1GumLqe
+G/8z0C0JI4OV5olFOVm0xjGW2WkdMq5vZVTZCfur7L/ftQ06C5tyE2IubWOdUVFp
+IL3ephlFYCTVzOCZuh2fRmL8XzuyGCNauQh5r4UsxwGh8Gh039uf77ZprcsnbsIg
+XgvkT1fuvB/VoUGJ6OrLWAd+U0i7DHBWkh+siGZiiE1xaaMDjnXa7+3ks0W2Ukwa
+tt+Jj+zCcmGP/R0luhsPM/RWC5ARQq2zWCzoU7dRyhlX1qPEecDId7vTT+8umaMc
+jYt9L1+D1botwUOX/y7V49eOKulGOGlBCsrwxnE4tt+29k26UPGoxvdwleifFx4g
+dh9QjbwKjqXnZ6oip9r76yjP7pASgqWtcTdKQV9Cav66W6Ta21oxgNRq2S8xSeiS
+DR7uXDX7RqAEjd0k3tCUxXwVMH6WorUQA+NszpR5hr0lTRYALTsTSj8VdgFJDam0
+vsYzHH84bfb942CcNv9bbOA=
+-----END CERTIFICATE-----

certs/frejaeid_prod.jwt → certs/frejaeid_prod_onjnxVgI3oUzWQMLciD7sQZ4mqM.jwt

@@ -25,4 +25,4 @@ APa/7M16YKBkEdQidcu2uYp4GHZCcB72XDxXO8JtL62OPTS80HgA9kMb5MZdJeo2
 awGyCBVPbZXAgfypr6pGQafMFkZoBzp9N1z+YGEJqEAFgljS5vNtEUGsPiRe8DUP
 A59tnAEF09W7HQDw3hSabyYNGuMndtV575CvyXFBOH4VM6bda+MC+8oy0SyubD/h
 daqqd+KNF8QMZrDM6RqcWao=
------END CERTIFICATE-----
+-----END CERTIFICATE-----

certs/frejaeid_test_2LQIrINOzwWAVDhoYybqUcXXmVs.jwt

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgIUf/dquk5/rxf1bf1oKN3DK/dldfAwDQYJKoZIhvcNAQEL
+BQAwgYMxCzAJBgNVBAYTAlNFMRIwEAYDVQQHEwlTdG9ja2hvbG0xFDASBgNVBGET
+CzU1OTExMC00ODA2MR0wGwYDVQQKExRWZXJpc2VjIEZyZWphIGVJRCBBQjENMAsG
+A1UECxMEVGVzdDEcMBoGA1UEAxMTUlNBIFRFU1QgSXNzdWluZyBDQTAeFw0yMDA1
+MTMxMzUxNTJaFw0yMzA1MTMxMzUxNTJaMIGKMQswCQYDVQQGEwJTRTESMBAGA1UE
+BxMJU3RvY2tob2xtMRQwEgYDVQRhEws1NTkxMTAtNDgwNjEdMBsGA1UEChMUVmVy
+aXNlYyBGcmVqYSBlSUQgQUIxDTALBgNVBAsTBFRlc3QxIzAhBgNVBAMTGkZyZWph
+IGVJRCBURVNUIE9yZyBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAgMINs87TiouDPSSmpn05kZv9TN8XdopcHnElp6ElJLpQh3oYGIL4B71o
+IgF3r8zRWq8kQoJlYMugmhsld0r0EsUJbsrcjBJ5CJ1WYZg1Vu8FpYLKoaFRI/qx
+T6xCMvd238Q99Sdl6G6O9sQQoFq10EaYBa970Tl3nDziQQ6bbSNkZoOYIZoicx4+
+1XFsrGiru8o8QIyc3g0eSgrd3esbUkuk0eH65SeaaOCrsaCOpJUqEziD+el4R6d4
+0dTz/uxWmNpGKF4BmsNWeQi9b4gDYuFqNYhs7bnahvkK6LvtDThV79395px/oUz5
+BEDdVwjxPJzgaAuUHE+6A1dMapkjsQIDAQABo3QwcjAOBgNVHQ8BAf8EBAMCBsAw
+DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRqfIoPnXAOHNpfLaA8Jl+I6BW/nDAS
+BgNVHSAECzAJMAcGBSoDBAUKMB0GA1UdDgQWBBT7j90x8xG2Sg2p7dCiEpsq3mo5
+PTANBgkqhkiG9w0BAQsFAAOCAQEArir0lrtYRqxqPc3GmyL09tQEPcVGd/VuKMaj
+JqoB6v219Ky/7atRaMdmY3NVHoGFY2gf2EB0MU2dGMuIbjYlC7EBi7T/ByIUJbKj
+9gK5qUNtgHvOaTT0RFfGlCT45JTyCWMWZEM03DMXEvFMqqqJVXSyE212WfgbuZ9R
+XVVT3BMJ23WY4wZp2Qi4NwUUjUNHf6EQKlrFuX9YjIGI0+JEITvQ3t20sU1yZt7x
+EHOxZQ7gsgXydG/daFPsz08KJ+XH0i3vsRerh/lfodvBISudPeoUNkSPzd10KJRs
+9OVsgi20aG7liHTRAtY8QSkV+973QUdw6EorceX6RG2AGlhljQ==
+-----END CERTIFICATE-----

changelog.md

@@ -4,7 +4,25 @@ The format is based on [Keep a Changelog][keep-a-changelog]
 <!-- and this project adheres to [Semantic Versioning][semantic-versioning]. -->
 
 ## [Unreleased]
-- Nothing for now
+- Nothing right now
+
+## [0.1.3] (2020-07-01)
+
+### Breaking Changes
+- Renamed ssn in output object to id which is more universal due to HSA-id and Freja OrgID which can ingest and send out other forms of id and to prepare for any additional forms of other identity types that we wish to invoke. Currently only in use by frejaeid, frejaorgid and ghsaid.
+
+### Added
+- General support for extra functions in modules 
+- Added support for SITHS ID via GrandID by Svensk e-Identitet (ghsaid)
+- Freja OrgID functions for creating/deleting organizational ids created (frejaorgid)
+- Added more options for invocation and data results for Freja eID (frejaeid)
+- Added support for adding and removing CUSTOM_IDENTIFIERs. (frejaeid)
+- Multiple certificates to validate freja eid jwt (frejaeid, frejaorgid)
+
+### Fixed
+- Fixed bug in Freja OrgID preventing successfull verification during certain conditions.
+- Fixed default testing config for ftfrejaeid
+- Fixed unpacking in frejaeid and cases where errors where treated as successes
 
 ## [0.1.2] (2020-06-09)
 - Fixed broken authentication (gbankid, gfrejaeid) for Svensk e-Idenitet
@@ -34,6 +52,7 @@ The format is based on [Keep a Changelog][keep-a-changelog]
 
 [keep-a-changelog]: http://keepachangelog.com/en/1.0.0/
 [Unreleased]: https://github.com/DSorlov/eid-provider/compare/master...dev
+[0.1.3]: https://github.com/DSorlov/eid-provider/releases/tag/v0.1.3
 [0.1.2]: https://github.com/DSorlov/eid-provider/releases/tag/v0.1.2
 [0.1.1]: https://github.com/DSorlov/eid-provider/releases/tag/v0.1.1
 [0.1.0]: https://github.com/DSorlov/eid-provider/releases/tag/v0.1.0

docs/frejaeid.md

@@ -4,12 +4,22 @@
 This module works directly with the Freja eID REST API.
 It is supplied with working testing credentials and basic production details.
 
+This module exposes extra functions also:
+- **setCustomIdentifier(user,customid): bool** Function to add a unique identifier to a user, can be used for mapping etc.
+- **deleteCustomIdentifier(customid): bool** Removes the unique identifier for a user
+
 ### Inputs and outputs
 
 **Alternative inputs**
 
-Also accepts objects with `ssn` (Social Security Number) and and optional `country` properties.
-If country property is missing the default country is assumed.
+Can accept string or object. String will be combined with default `id_type` and `default_country`. Object will be examined and properties that are usefull will be used. If a property is missing the default value is used for that field. If suitable properties are not found the last resort will call the `.toString()` of the object and use that value in combination with default `id_type`.
+```
+type: string [SSN,EMAIL,PHONE]
+ssn: string (only if type is SSN)
+country: string (only if type is SSN)
+email: string (only if type is EMAIL)
+phone: string (only if type is PHONE)
+```
 
 * If country equal to 'SE', the value must be the 12-digit format of the Swedish "personnummer" without spaces or hyphens. Example: 195210131234.
 * If country equal to 'NO', the value must be the 11-digit format of the Norwegian "personnummer" without spaces or hyphens. Example: 13105212345.
@@ -21,23 +31,36 @@ If country property is missing the default country is assumed.
 * `autostart_url` code for invoking authorization
 
 ### Default Configuration
+attribute_list is a comma separated list of EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO,SSN,ADDRESSES,DATE_OF_BIRTH,ALL_EMAIL_ADDRESSES
+minimum_level is one of BASIC,EXTENDED,PLUS
+id_type is one of SSN,EMAIL,PHONE
 >**Default production configuration (settings.production)**
 ```
 endpoint:  'https://services.prod.frejaeid.com',
 client_cert:  '',
 ca_cert:  fs.readFileSync(`./certs/bankid_prod.ca`),
-jwt_cert:  fs.readFileSync(`./certs/frejaeid_prod.jwt`),
-minimumLevel:  'EXTENDED',
+jwt_cert: {
+    'aRw9OLn2BhM7hxoc458cIXHfezw': fs.readFileSync(__dirname +`/../certs/frejaeid_prod_aRw9OLn2BhM7hxoc458cIXHfezw.jwt`),
+    'onjnxVgI3oUzWQMLciD7sQZ4mqM': fs.readFileSync(__dirname +`/../certs/frejaeid_prod_onjnxVgI3oUzWQMLciD7sQZ4mqM.jwt`)
+},
+minimum_level:  'EXTENDED',
 password:  '',
-default_country: 'SE'
+default_country: 'SE',
+id_type: 'SSN',
+attribute_list: 'EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO'        
 ```
 >**Default testing configuration (settings.testing)**
 ```
 endpoint:  'https://services.test.frejaeid.com',
 client_cert:  fs.readFileSync('./certs/frejaeid_test.pfx'),
 ca_cert:  fs.readFileSync(`./certs/frejaeid_test.ca`),
-jwt_cert:  fs.readFileSync(`./certs/frejaeid_test.jwt`),
-minimumLevel:  'EXTENDED',
+jwt_cert:  {
+    '2LQIrINOzwWAVDhoYybqUcXXmVs': fs.readFileSync(__dirname +`/../certs/frejaeid_test_2LQIrINOzwWAVDhoYybqUcXXmVs.jwt`),
+    'HwMHK_gb3_iuNF1advMtlG0-fUs': fs.readFileSync(__dirname +`/../certs/frejaeid_test_HwMHK_gb3_iuNF1advMtlG0-fUs.jwt`)
+},
+minimum_evel:  'EXTENDED',
 password:  'test',
-default_country: 'SE'
+default_country: 'SE',
+id_type: 'SSN',
+attribute_list: 'EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO'        
 ```

docs/frejaorgid.md

@@ -4,30 +4,62 @@
 This module works directly with the Freja eID REST API for Organizational IDs.
 It is not supplied with any testing credentials. Contact Verisec AB.
 
+This module exposes extra functions also:
+- **addOrgIdRequest(ssn, title, attribute, value)** Adds a org id to a user, works as authRequest except returns `status: created` on success
+- **pollAddOrgIdStatus(id)** Checks if id have been added, works like pollAuthRequest except returns `status: created` on success
+- **initAddOrgIdRequest(ssn, title, attribute, value)** Initializes a request to add org id to a user, works like initAuthRequest
+- **cancelAddOrgIdRequest(id)** Aborts a request to add org id to a user, works like cancelAuthRequest
+- **deleteOrgIdRequest(id): bool** Removes a org id from a user, returns a object with a standard `status` field
+
 ### Inputs and outputs
 
 **Alternative inputs**
 
-None.
+Can accept string or object. String will be combined with default id_type and default_country. Object will be examined and properties that are usefull will be used. If a property is missing the default value is used for that field. If suitable properties are not found the last resort will call the .toString() of the object and use that value in combination with default id_type.
+```
+type: string [ORG_ID,SSN,EMAIL,PHONE]
+ssn: string (only if type is SSN)
+country: string (only if type is SSN)
+email: string (only if type is EMAIL)
+phone: string (only if type is PHONE)
+org_id: string (only if type ORG_ID)
+```
 
 **Extra fields on completion**
 * `autostart_token` the token used for autostart
 * `autostart_url` code for invoking authorization
 
 ### Default Configuration
+attribute_list is a comma separated list of EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO,SSN,ADDRESSES,DATE_OF_BIRTH,ALL_EMAIL_ADDRESSES
+minimum_level is one of BASIC,EXTENDED,PLUS
+id_type is one of ORG_ID,SSN,EMAIL,PHONE
 >**Default production configuration (settings.production)**
 ```
 endpoint:  'https://services.prod.frejaeid.com',
 client_cert:  '',
 ca_cert:  fs.readFileSync(`./certs/bankid_prod.ca`),
-jwt_cert:  fs.readFileSync(`./certs/frejaeid_prod.jwt`),
-password:  ''
+jwt_cert: {
+    'aRw9OLn2BhM7hxoc458cIXHfezw': fs.readFileSync(__dirname +`/../certs/frejaeid_prod_aRw9OLn2BhM7hxoc458cIXHfezw.jwt`),
+    'onjnxVgI3oUzWQMLciD7sQZ4mqM': fs.readFileSync(__dirname +`/../certs/frejaeid_prod_onjnxVgI3oUzWQMLciD7sQZ4mqM.jwt`)
+},
+password:  '',
+default_country: 'SE',
+minimum_level: 'EXTENDED',
+id_type: 'ORG_ID',
+attribute_list: 'EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO'        
 ```
 >**Default testing configuration (settings.testing)**
 ```
 endpoint:  'https://services.test.frejaeid.com',
 client_cert:  '',
 ca_cert:  fs.readFileSync(`./certs/frejaeid_test.ca`),
-jwt_cert:  fs.readFileSync(`./certs/frejaeid_test.jwt`),
-password:  ''
+jwt_cert:  {
+    '2LQIrINOzwWAVDhoYybqUcXXmVs': fs.readFileSync(__dirname +`/../certs/frejaeid_test_2LQIrINOzwWAVDhoYybqUcXXmVs.jwt`),
+    'HwMHK_gb3_iuNF1advMtlG0-fUs': fs.readFileSync(__dirname +`/../certs/frejaeid_test_HwMHK_gb3_iuNF1advMtlG0-fUs.jwt`)
+},
+password:  '',
+default_country: 'SE',
+minimum_level: 'EXTENDED',
+id_type: 'ORG_ID',
+attribute_list: 'EMAIL_ADDRESS,RELYING_PARTY_USER_ID,BASIC_USER_INFO'       
 ```

docs/ftfrejaeid.md

@@ -26,6 +26,6 @@ policy: ''
 ```
 endpoint: 'https://grpt.funktionstjanster.se:18898/grp/v2?wsdl',
 ca_cert: fs.readFileSync(`./certs/ftbankid_test.ca`),
-display_name: 'test',
+display_name: 'Test av Freja eID',
 policy: 'logtest020'
 ```

docs/ghsaid.md

@@ -0,0 +1,29 @@
+## SITHS Mobile (HSA-ID) via GrandID by Svensk e-Identitet (ghsaid)
+
+### Description
+This module works by interfacing the GrandID service.
+It is supplied only with basic information. You need to obtain your own credentials.
+
+### Inputs and outputs
+
+**Alternative inputs**
+
+Also accepts objects with `hsaid` (Social Security Number) property.
+
+**Extra fields on completion**
+* `autostart_token` the token used for autostart
+* `autostart_url` code for invoking authorization
+
+### Default Configuration
+>**Default production configuration (settings.production)**
+```
+endpoint: 'https://client.grandid.com/',
+servicekey: '',
+apikey: ''
+```
+>**Default testing configuration (settings.testing)**
+```
+endpoint: 'https://client.grandid.com/',
+servicekey: '',
+apikey: ''
+```

eid-provider.js

@@ -22,6 +22,13 @@ module.exports = function(provider) {
         module.cancelSignRequest = library.cancelSignRequest;
         module.cancelAuthRequest = library.cancelAuthRequest;
 
+        // Support for exposing additional methods.
+        // Since these are asymetrical they do NOT need to conform
+        // to any form of input or output standard
+        if (library.extras) for(var extraFunction in library.extras) {
+            module[extraFunction] = library.extras[extraFunction];
+        }
+
         // Give it to our master
         return module;
 

modules/bankid.js

@@ -104,7 +104,7 @@ async function pollStatus(id,self=this) {
             return {
                 status: 'completed', 
                 user: {
-                    ssn: result.data.completionData.user.personalNumber,
+                    id: result.data.completionData.user.personalNumber,
                     firstname: result.data.completionData.user.givenName,
                     surname: result.data.completionData.user.surname,
                     fullname: result.data.completionData.user.name