Test eService implementation

.gitignore

@@ -28,3 +28,18 @@ target/
 
 # Generated by MacOS
 **/.DS_Store
+
+
+# Node dependencies
+node_modules/
+
+# Next.js build output
+.next/
+
+
+# Ignore node_modules directory for the eID-service
+eID-service/node_modules/
+
+
+# Ignore eID-service node_modules
+eID-service/node_modules

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "eID-Service"]
+	path = eID-Service
+	url = https://github.com/ADORSYS-GIS/EID-Service

eID-service/.env.local

@@ -0,0 +1,21 @@
+# eID-Server Configuration
+EID_SERVER_URL=https://localhost:3000/eid
+EID_SERVER_ADDRESS=https://localhost:3000/eid
+
+# Application Configuration
+NEXT_PUBLIC_BASE_URL=https://localhost:8080
+PORT=8443
+
+# HTTPS Server Configuration
+HTTPS_CERT_PATH=./certs/fullchain.pem
+HTTPS_KEY_PATH=./certs/client.key
+
+# TLS/mTLS Configuration (optional)
+# EID_SERVER_TLS_MODE=normal
+# EID_SERVER_CERT_PATH=path/to/client-cert.pem
+# EID_SERVER_KEY_PATH=path/to/client-key.pem
+# EID_SERVER_CA_PATH=path/to/ca-cert.pem
+# EID_SERVER_REJECT_UNAUTHORIZED=false
+
+# Security
+NODE_ENV=development

eID-service/CERTIFICATE_GUIDE.md

@@ -0,0 +1,172 @@
+# TLS Certificate Configuration Guide
+
+This guide explains how to configure TLS certificates for the eID Test eService, supporting both normal TLS with eID-Client and mTLS with eID-Server.
+
+## Certificate Overview
+
+The eService supports flexible TLS configuration:
+
+- **HTTPS Server**: Self-signed certificates accepted for development
+- **eID-Client Communication**: Normal TLS (server certificates)
+- **eID-Server Communication**: Optional mTLS (mutual TLS with client certificates)
+
+## Certificate Requirements
+
+### For HTTPS Server (eService)
+
+- **Server Certificate** (PEM format)
+- **Private Key** (PEM format)
+- **CA Certificate** (optional, for certificate chain validation)
+
+### For eID-Server Communication (mTLS)
+
+- **Client Certificate** (PEM format)
+- **Client Private Key** (PEM format)
+- **CA Certificate** (optional, for server certificate validation)
+
+## Quick Setup
+
+### 1. Generate Self-Signed Certificates (Development)
+
+```bash
+# Generate private key
+openssl genrsa -out server.key 2048
+
+# Generate certificate signing request
+openssl req -new -key server.key -out server.csr -subj "/C=DE/ST=Berlin/L=Berlin/O=eID-Test-eService/CN=localhost"
+
+# Generate self-signed certificate (valid for 1 year)
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+
+# Clean up
+rm server.csr
+```
+
+### 2. Configure Environment Variables
+
+Create or update your `.env.local` file:
+
+```bash
+# HTTPS Server Configuration
+HTTPS_CERT_PATH=./certs/server.crt
+HTTPS_KEY_PATH=./certs/server.key
+HTTPS_CA_PATH=./certs/ca.crt  # Optional
+
+# eID-Server Configuration
+EID_SERVER_URL=https://your-eid-server.com/eIDService
+EID_SERVER_TLS_MODE=mtls  # or 'normal' for regular TLS
+
+# mTLS Certificates (for eID-Server communication)
+EID_SERVER_CERT_PATH=./certs/client.crt
+EID_SERVER_KEY_PATH=./certs/client.key
+EID_SERVER_CA_PATH=./certs/server-ca.crt  # Optional
+
+# Alternative: Direct PEM content (instead of file paths)
+EID_SERVER_CERT=-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIJAKg...
+-----END CERTIFICATE-----
+
+EID_SERVER_KEY=-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC...
+-----END PRIVATE KEY-----
+
+# Base URL (will auto-detect HTTPS)
+NEXT_PUBLIC_BASE_URL=https://localhost:3000
+```
+
+## TLS Modes Explained
+
+### Normal TLS Mode (`EID_SERVER_TLS_MODE=normal`)
+
+- **Use case**: Standard TLS connection to eID-Server
+- **Requirements**: Server certificate validation only
+- **Certificates**: Optional client certificates
+
+### Mutual TLS Mode (`EID_SERVER_TLS_MODE=mtls`)
+
+- **Use case**: Mutual authentication with eID-Server
+- **Requirements**: Both client and server certificates
+- **Certificates**: Mandatory client certificate + key
+
+## Certificate File Structure
+
+```toml
+your-project/
+├── certs/
+│   ├── server.crt          # HTTPS server certificate
+│   ├── server.key          # HTTPS server private key
+│   ├── client.crt          # mTLS client certificate
+│   ├── client.key          # mTLS client private key
+│   └── server-ca.crt       # eID-Server CA certificate (optional)
+├── .env.local
+└── ...
+```
+
+## Certificate Formats
+
+### Supported Formats
+
+- **PEM format** (most common)
+- **Base64 encoded** content
+- **File paths** or direct content
+
+### Certificate Content Example
+
+```pem
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIJAKg...
+[Base64 encoded certificate]
+-----END CERTIFICATE-----
+```
+
+### Private Key Content Example
+
+```pem
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC...
+[Base64 encoded private key]
+-----END PRIVATE KEY-----
+```
+
+## Common Certificate Issues
+
+### Self-Signed Certificate Warnings
+
+**Issue**: Browser shows security warning
+**Solution**:
+
+- Development: Accept the certificate in browser
+- Production: Use proper CA-signed certificates
+
+### Certificate Validation Errors
+
+**Issue**: `UNABLE_TO_VERIFY_LEAF_SIGNATURE` or similar
+**Solution**:
+
+- Set `NODE_ENV=development` to accept self-signed certs
+- Provide proper CA certificate in `EID_SERVER_CA_PATH`
+
+### mTLS Authentication Failures
+
+**Issue**: eID-Server rejects client certificate
+**Solution**:
+
+- Verify certificate is signed by trusted CA
+- Check certificate expiration
+- Ensure private key matches certificate
+
+## Advanced Configuration
+
+### Custom Certificate Validation
+
+```javascript
+// In SOAP client configuration
+const tlsOptions = {
+  rejectUnauthorized: true, // Strict validation
+  ca: fs.readFileSync("./certs/trusted-ca.crt"),
+  checkServerIdentity: (host, cert) => {
+    // Custom validation logic
+    return undefined; // Accept connection
+  },
+};
+```

eID-service/QUICK_START.md

@@ -0,0 +1,159 @@
+# Quick Start Guide - eID Test eService
+
+## Prerequisites
+
+- **Node.js** (v16 or higher)
+- **npm** (comes with Node.js)
+- **eID-Server** running and accessible
+- **eID-Client** (AusWeisApp2) installed on your system
+
+## 1. Install Dependencies
+
+```bash
+npm install
+```
+
+## 2. Configure Environment
+
+Copy the example environment file:
+
+```bash
+cp .env.local.example .env.local
+```
+
+Edit `.env.local` with your settings:
+
+```bash
+# Required: Your eID-Server SOAP endpoint
+EID_SERVER_URL=https://your-eid-server.com/eIDService
+
+# Optional: Base URL for your service (default: http://localhost:3000)
+NEXT_PUBLIC_BASE_URL=http://localhost:3000
+```
+
+## 3. Start the Application
+
+**Development mode:**
+
+```bash
+npm run dev
+```
+
+**Production mode:**
+
+```bash
+npm run build
+npm start
+```
+
+## 4. Access the Application
+
+Open your browser and go to:
+
+```bash
+http://localhost:3000
+```
+
+## 5. Test the Authentication Flow
+
+1. **Configure Operations**: Select REQUIRED/ALLOWED/PROHIBITED for personal data attributes
+2. **Set Verifications**: Enable age/place verification if needed
+3. **Click "Start eID Authentication"**
+4. **eID-Client will open**: AusWeisApp2 will launch automatically
+5. **Complete authentication**: Follow the eID-Client prompts
+6. **View results**: Return to the application to see authentication results
+
+## Environment Variables Reference
+
+| Variable               | Required | Description              | Example                             |
+| ---------------------- | -------- | ------------------------ | ----------------------------------- |
+| `EID_SERVER_URL`       | ✅       | eID-Server SOAP endpoint | `https://localhost:8443/eIDService` |
+| `NEXT_PUBLIC_BASE_URL` | ❌       | Your service URL         | `http://localhost:3000`             |
+| `NODE_ENV`             | ❌       | Environment mode         | `development` or `production`       |
+
+## TLS/mTLS Configuration (Optional)
+
+For secure communication with eID-Server:
+
+```bash
+# Add to .env.local
+TLS_CERT=base64_encoded_client_certificate
+TLS_KEY=base64_encoded_client_private_key
+TLS_CA=base64_encoded_ca_certificate
+```
+
+To generate base64 encoded certificates:
+
+```bash
+# Linux/Mac
+base64 -i client.crt -o client.crt.b64
+base64 -i client.key -o client.key.b64
+base64 -i ca.crt -o ca.crt.b64
+
+# Windows
+certutil -encode client.crt client.crt.b64
+```
+
+## Troubleshooting
+
+### Application won't start
+
+- Check Node.js version: `node --version`
+- Ensure port 3000 is available: `lsof -i :3000`
+- Check for port conflicts
+
+### eID-Client doesn't open
+
+- Verify AusWeisApp2 is installed
+- Check browser console for errors
+- Ensure the tcTokenURL is properly formatted
+
+### eID-Server connection fails
+
+- Verify `EID_SERVER_URL` is correct
+- Check network connectivity
+- Review TLS certificate configuration
+- Check eID-Server logs
+
+### Authentication fails
+
+- Review eID-Server response logs
+- Verify session management is working
+- Check SOAP message format
+- Ensure proper error handling
+
+## Development Commands
+
+```bash
+# Start development server
+npm run dev
+
+# Build for production
+npm run build
+
+# Start production server
+npm start
+
+# Run linter
+npm run lint
+
+# Install dependencies
+npm install
+```
+
+## Default Configuration
+
+The application works out-of-the-box with these defaults:
+
+- **eID-Server URL**: `https://localhost:8443/eIDService`
+- **Base URL**: `http://localhost:3000`
+- **Session Timeout**: 30 minutes
+- **TLS**: Disabled in development, enabled in production
+
+## Next Steps
+
+1. **Configure your eID-Server**: Update `EID_SERVER_URL` in `.env.local`
+2. **Test basic authentication**: Try with default settings
+3. **Customize operations**: Select specific personal data attributes
+4. **Enable verifications**: Try age and place verification
+5. **Set up TLS**: Configure certificates for production use