Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ecsec Public
reqesidta-prototype
eid-server
Commits
59b50398
Commit
59b50398
authored
Nov 14, 2019
by
Tobias Assmann
Browse files
create folder for client delivery, start preparing deployment stuff there
parent
f7d2b4e4
Changes
49
Hide whitespace changes
Inline
Side-by-side
docker/deploy-to_stage.sh
deleted
100755 → 0
View file @
f7d2b4e4
#!/bin/bash
# deployment script for reqesidta
# michael rauh, tobias assmann
echo
"fix setup first!"
exit
1
# setup env
ENV
=
stage
USER
=
tobias
HOST
=
localhost
DIR
=
/home/tobias/Projects/reqesidta/deploy
# Synchronize this directory with the target on $HOST.
# Exclude the dev files and rename the corresponding files on the server.
rsync
-av
--delete
--progress
\
--exclude
'docker-compose.yml'
\
--exclude
'poseidas/config/POSeIDAS.xml'
\
--exclude
'poseidas/db/poseidas.mv.db'
\
--exclude
'sam/config/ssa-server.conf'
\
--exclude
'deploy-to_*'
\
--exclude
'*.dodeploy'
\
--exclude
'*.dodeploy'
\
./
$USER
@
$HOST
:
$DIR
ssh
$USER
@
$HOST
"mv
$DIR
/docker-compose_
$ENV
.yml
$DIR
/docker-compose.yml"
ssh
$USER
@
$HOST
"mv
$DIR
/poseidas/config/POSeIDAS_stage.xml
$DIR
/poseidas/config/POSeIDAS.xml"
ssh
$USER
@
$HOST
"mv
$DIR
/poseidas/db/poseidas_stage.mv.db
$DIR
/poseidas/db/poseidas.mv.db"
ssh
$USER
@
$HOST
"mv
$DIR
/ssa/config/ssa-server_
$ENV
.yml
$DIR
/ssa/config/ssa-server.conf"
# Restart / re-build the services
ssh
$USER
@
$HOST
"cd
$DIR
/ && docker-compose up -d --build"
docker/facade/traefik-dyn.yml
View file @
59b50398
...
...
@@ -2,8 +2,3 @@ tls:
certificates
:
-
certFile
:
/certs/docker.reqesidta.de.cert
keyFile
:
/certs/docker.reqesidta.de.key
# stores:
# default:
# defaultCertificate:
# certFile: /certs/docker.reqesidta.de.cert
# keyFile: /certs/docker.reqesidta.de.key
docker_for-client-delivery/deploy-to_TEMPLATE.sh
0 → 100644
View file @
59b50398
#!/bin/bash
#
# deployment script for reqesidta eid-server project
# michael rauh, tobias assmann
#
# This file acts as a template for creating a deploy script
# for a specific target environment. Please setup the env vars
# accourding to your needs:
#
# name of the target environment
ENV
=
stage
# the host of the target environment
HOST
=
localhost
# the user on the target environment used to copy the files there and run the project
USER
=
tobias
# the directory on the host of the target environment where
DIR
=
/home/tobias/Projects/reqesidta/deploy
#
#######################################################################################
# check for needed files
#
# check for needed commands
# local
command
-v
rsync
>
/dev/null 2>&1
||
{
echo
>
&2
"rsync is needed on locahost but it's not installed. Aborting."
;
exit
1
;
}
command
-v
ssh
>
/dev/null 2>&1
||
{
echo
>
&2
"ssh is needed on localhost but it's not installed. Aborting."
;
exit
1
;
}
# remote
ssh
$USER
@
$HOST
"command -v docker >/dev/null 2>&1"
||
{
echo
>
&2
"docker is needed on
$HOST
but it's not installed. Aborting."
;
exit
1
;
}
ssh
$USER
@
$HOST
"command -v docker-compose >/dev/null 2>&1"
||
{
echo
>
&2
"docker is needed on
$HOST
but it's not installed. Aborting."
;
exit
1
;
}
# synchronize this directory with the target on $HOST.
# exclude the not needed files
rsync
-av
--delete
--progress
\
--exclude
'sam/config/ssa-server_TEMPLATE.conf'
\
--exclude
'docker-compose_TEMPLATE.yml'
\
--exclude
'deploy-to*'
\
--exclude
'readme*'
\
./
$USER
@
$HOST
:
$DIR
# Restart / re-build the services
#ssh $USER@$HOST "cd $DIR/ && docker-compose up -d --build"
echo
"Deployment done, please wait until all services are fully running and proceed to EJBCA key setup."
exit
0
;
docker_for-client-delivery/docker-compose_TEMPLATE.yml
0 → 100644
View file @
59b50398
version
:
"
3.4"
services
:
facade
:
image
:
"
traefik:v2.0"
container_name
:
"
reqesidta_facade"
labels
:
-
"
traefik.enable=true"
command
:
--providers.docker=true
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--log.level=error
# change TARGET_PORT to the port your reverse proxy is facing to
ports
:
-
"
TARGET_PORT:80"
networks
:
-
reqesidta_net
volumes
:
-
/var/run/docker.sock:/var/run/docker.sock
poseidas
:
image
:
"
reqesidta/poseidas"
container_name
:
"
reqesidta_poseidas"
labels
:
-
"
traefik.enable=true"
-
"
traefik.http.services.poseidas.loadbalancer.server.port=8443"
-
"
traefik.http.routers.poseidas.rule=Path(`/POSeIDAS/eidas-middleware/paosreceiver`)"
-
"
traefik.http.routers.poseidas.entrypoints=web"
build
:
context
:
./poseidas
args
:
JAR_FILE
:
POSeIDAS-exec.jar
networks
:
reqesidta_net
:
aliases
:
-
poseidas.docker.reqesidta.de
volumes
:
-
./poseidas/config:/opt/poseidas/config
-
./poseidas/db:/opt/poseidas/database
ejbca
:
image
:
"
reqesidta/ejbca"
container_name
:
"
reqesidta_ejbca"
build
:
context
:
./ejbca
hostname
:
localhost:8444
depends_on
:
-
postgres
environment
:
DATABASE_JDBC_URL
:
jdbc:postgresql://postgres:5432/ejbca
DATABASE_USER
:
ejbca
DATABASE_PASSWORD
:
password
networks
:
reqesidta_net
:
aliases
:
-
ejbca.docker.reqesidta.de
postgres
:
image
:
"
postgres:11.4"
container_name
:
"
reqesidta_postgres"
environment
:
POSTGRES_USER
:
ejbca
POSTGRES_PASSWORD
:
password
networks
:
-
reqesidta_net
ssa
:
image
:
"
reqesidta/ssa"
container_name
:
"
reqesidta_ssa"
labels
:
-
"
traefik.enable=true"
-
"
traefik.http.services.ssa.loadbalancer.server.port=8080"
-
"
traefik.http.routers.ssa.rule=PathPrefix(`/ssa-server`)"
-
"
traefik.http.routers.ssa.entrypoints=web"
build
:
context
:
./ssa
depends_on
:
-
poseidas
-
ejbca
command
:
/opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
networks
:
reqesidta_net
:
aliases
:
-
ssa.docker.reqesidta.de
sam
:
image
:
"
reqesidta/sam"
container_name
:
"
reqesidta_sam"
build
:
context
:
./sam
networks
:
reqesidta_net
:
aliases
:
-
sam.docker.reqesidta.de
webui
:
image
:
"
reqesidta/webui"
container_name
:
"
reqesidta_webui"
labels
:
-
"
traefik.enable=true"
-
"
traefik.http.services.webui.loadbalancer.server.port=80"
-
"
traefik.http.routers.webui.rule=PathPrefix(`/`)"
-
"
traefik.http.routers.webui.entrypoints=web"
build
:
context
:
./webui
networks
:
reqesidta_net
:
aliases
:
-
webui.docker.reqesidta.de
networks
:
reqesidta_net
:
driver
:
bridge
docker_for-client-delivery/ejbca/Dockerfile
0 → 100644
View file @
59b50398
FROM
primekey/ejbca-ce:6.15.2.1
# Add a shell script to configure EJBCA.
COPY
ejbca-config.sh /usr/local/bin/
USER
root
# Replace the Organisation string with a custom one to better differentiate it
# from productions certs.
RUN
sed
-i
"s/EJBCA Container Quickstart/EJBCA Docker dev certificate/g"
\
/opt/primekey/bin/internal/after-deployed-app-create-certificate.sh
RUN
chown
10001:10001 /usr/local/bin/ejbca-config.sh
RUN
chmod
755 /usr/local/bin/ejbca-config.sh
USER
10001
docker_for-client-delivery/ejbca/ejbca-config.sh
0 → 100644
View file @
59b50398
#!/bin/sh
cd
/opt/primekey/bin/
||
exit
# Use the existing CA (see comment below)
CA
=
ManagementCA
ALIAS
=
ecsecCMP
CN
=
sam.docker.reqesidta.de
PW
=
testtest
# Create a CMP config
./ejbca.sh config cmp addalias
$ALIAS
./ejbca.sh config cmp updatealias
$ALIAS
--key
operationmode
--value
ra
./ejbca.sh config cmp updatealias
$ALIAS
--key
authenticationmodule
--value
EndEntityCertificate
./ejbca.sh config cmp updatealias
$ALIAS
--key
authenticationparameters
--value
$CA
./ejbca.sh config cmp updatealias
$ALIAS
--key
allowraverifypopo
--value
true
./ejbca.sh config cmp updatealias
$ALIAS
--key
ra.caname
--value
$CA
./ejbca.sh config cmp updatealias
$ALIAS
--key
defaultca
--value
$CA
# Make script idempotent by always deleting the user first
./ejbca.sh ra delendentity
-force
--username
$CN
# Add end entity for the server key pair
./ejbca.sh ra addendentity
--username
$CN
--password
$PW
\
--dn
"CN=
$CN
"
--caname
$CA
--type
1
--token
P12
# Add entity to admin role
./ejbca.sh roles addrolemember
--role
"Super Administrator Role"
--caname
$CA
\
--with
"CertificateAuthenticationToken:WITH_COMMONNAME"
--value
$CN
# Enable batch mode
./ejbca.sh ra setclearpwd
$CN
$PW
# Create p12 file (saved in p12 subfolder)
./ejbca.sh batch
# Various (currently) unused commands:
# Create a new CA. As you can't set auto-activation to true here, you will have
# to do this manually or create custom cryptotokens (see below).
# ./ejbca.sh ca init \
# --caname $CA \
# --dn "C=DE,O=ecsec GmbH,CN=ecsec Docker Root CA" \
# --tokenType soft \
# --tokenPass ecsecCATokenPass \
# --keytype ECDSA \
# --keyspec secp256r1 \
# -s SHA256withECDSA \
# -v 3650 \
# --policy null
# ./ejbca.sh cryptotoken create --autoactivate true --pin 1234 --token $TOKEN --type SoftCryptoToken
# ./ejbca.sh cryptotoken generatekey --alias signKey --keyspec secp256r1 --token $TOKEN
# ./ejbca.sh cryptotoken generatekey --alias encryptKey --keyspec 2048 --token $TOKEN
# ./ejbca.sh ca changecatoken --caname $CA --cryptotoken $TOKEN --execute
# ./ejbca.sh ca activateca $CA --code ecsecCATokenPass
# ./ejbca.sh ca changecatokensignalg --caname $CA --sigalg SHA256withECDSA
docker_for-client-delivery/poseidas/Dockerfile
0 → 100644
View file @
59b50398
FROM
governikus/zulu-openjdk:8u212
RUN
mkdir
-p
/opt/poseidas
ENV
JAVA_OPTS=""
EXPOSE
8443
WORKDIR
/opt/poseidas
ARG
JAR_FILE
ADD
${JAR_FILE} POSeIDAS-exec.jar
ENTRYPOINT
exec java $JAVA_OPTS -jar /opt/poseidas/POSeIDAS-exec.jar $0 $@
docker_for-client-delivery/poseidas/config/.gitkeep
0 → 100644
View file @
59b50398
docker_for-client-delivery/poseidas/db/.gitkeep
0 → 100644
View file @
59b50398
docker_for-client-delivery/readme.md
0 → 100644
View file @
59b50398
# Setup
## yml anpassen (docker compose)
## ssa-config
## config erstellen poseidas
## datenbank poseidas
## Deployment
### EJBCA key setup script
docker_for-client-delivery/sam/Dockerfile
0 → 100644
View file @
59b50398
# use thorntial to make deployment most lightweight
# should run in certified secure env
FROM
governikus/zulu-openjdk:8u212
ADD
*-thorntail.jar /opt/thorntail.jar
# pck12 file for signing certificate requests
COPY
sam.docker.reqesidta.de.p12 /opt/sam.docker.reqesidta.de.p12
# Prevent error "SocketException: Protocol family unavailable", see:
# See https://www.sipmann.com/socketException-protocol-family-unavailable-java-docker-wildfly.html#.XZ8tvZxCSWg
ENV
JAVA_OPTS="-Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true"
EXPOSE
8080
ENTRYPOINT
exec java $JAVA_OPTS $JAVA_DEBUG -jar /opt/thorntail.jar
docker_for-client-delivery/sam/readme.md
0 → 100644
View file @
59b50398
password for pkcs12 keystore: testtest
docker_for-client-delivery/ssa/Dockerfile
0 → 100644
View file @
59b50398
# installs android platform
ARG
WILDFLY_IMAGE=jboss/wildfly:17.0.1.Final
FROM
$WILDFLY_IMAGE
# we need wsdl and cert for consuming the eID SOAP service
COPY
wsdl/* /opt/jboss/
# copy the needed war into the image
COPY
dist/* /opt/jboss/wildfly/standalone/deployments/
# copy the config for the server into the image
COPY
config/ssa-server.conf /opt/jboss/ssa-server.conf
EXPOSE
9990
docker_for-client-delivery/ssa/config/ssa-server_TEMPLATE.conf
0 → 100644
View file @
59b50398
ssa
-
config
{
sessionMaxAge
:
60
,
sessionCheckAgeInterval
:
30
,
baseUrl
:
"https://docker.reqesidta.de/ssa-server"
eidUrl
:
"http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
samUrl
:
"http://sam.docker.reqesidta.de:8080"
caUrl
:
"http://ejbca.docker.reqesidta.de:8080/ejbca/publicweb/cmp/ecsecCMP"
}
docker_for-client-delivery/ssa/dist/ssa-server.war
0 → 100644
View file @
59b50398
File added
docker_for-client-delivery/ssa/wsdl/TR-03130eID-Server.wsdl
0 → 100644
View file @
59b50398
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<wsdl:definitions
xmlns:soap=
"http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns=
"http://bsi.bund.de/eID/"
xmlns:wsdl=
"http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd=
"http://www.w3.org/2001/XMLSchema"
name=
"eID"
xmlns:wsp=
"http://www.w3.org/ns/ws-policy"
xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:sp=
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
targetNamespace=
"http://bsi.bund.de/eID/"
>
<wsdl:documentation>
Version 2.1.2 2017-10-25
</wsdl:documentation>
<wsdl:types>
<xsd:schema>
<xsd:import
schemaLocation=
"TR-03130eID-Server.xsd"
namespace=
"http://bsi.bund.de/eID/"
/>
</xsd:schema>
</wsdl:types>
<wsdl:message
name=
"useIDRequest"
>
<wsdl:part
name=
"parameters"
element=
"tns:useIDRequest"
/>
</wsdl:message>
<wsdl:message
name=
"useIDResponse"
>
<wsdl:part
name=
"parameters"
element=
"tns:useIDResponse"
/>
</wsdl:message>
<wsdl:message
name=
"getServerInfoResponse"
>
<wsdl:part
name=
"parameters"
element=
"tns:getServerInfoResponse"
/>
</wsdl:message>
<wsdl:message
name=
"getServerInfoRequest"
>
<wsdl:part
name=
"parameters"
element=
"tns:getServerInfoRequest"
/>
</wsdl:message>
<wsdl:message
name=
"getResultRequest"
>
<wsdl:part
name=
"parameters"
element=
"tns:getResultRequest"
/>
</wsdl:message>
<wsdl:message
name=
"getResultResponse"
>
<wsdl:part
name=
"parameters"
element=
"tns:getResultResponse"
/>
</wsdl:message>
<wsdl:portType
name=
"eID"
>
<wsdl:operation
name=
"useID"
>
<wsdl:input
message=
"tns:useIDRequest"
/>
<wsdl:output
message=
"tns:useIDResponse"
/>
</wsdl:operation>
<wsdl:operation
name=
"getServerInfo"
>
<wsdl:input
message=
"tns:getServerInfoRequest"
/>
<wsdl:output
message=
"tns:getServerInfoResponse"
/>
</wsdl:operation>
<wsdl:operation
name=
"getResult"
>
<wsdl:input
message=
"tns:getResultRequest"
/>
<wsdl:output
message=
"tns:getResultResponse"
/>
</wsdl:operation>
</wsdl:portType>
<wsp:Policy
wsu:Id=
"SigOnly"
>
<wsp:ExactlyOne>
<wsp:All>
<!-- Transport Layer Binding was removed in Version 1.5 -->
<!-- Message Level -->
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken=
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"
>
<wsp:Policy>
<sp:RequireIssuerSerialReference
/>
<sp:WssX509V3Token10
/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken=
"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"
>
<wsp:Policy>
<sp:RequireIssuerSerialReference
/>
<sp:WssX509V3Token10
/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Sha256
/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict
/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp
/>
<sp:OnlySignEntireHeadersAndBody
/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
<sp:Policy>
<sp:MustSupportRefIssuerSerial
/>
</sp:Policy>
</sp:Wss10>
<sp:SignedParts>
<sp:Body
/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:binding
name=
"eIDSOAP"
type=
"tns:eID"
>
<wsp:PolicyReference
URI=
"#SigOnly"
/>
<soap:binding
style=
"document"
transport=
"http://schemas.xmlsoap.org/soap/http"
/>
<wsdl:operation
name=
"useID"
>
<soap:operation
soapAction=
"http://bsi.bund.de/eID/useID"
/>
<wsdl:input>
<soap:body
use=
"literal"
/>
</wsdl:input>
<wsdl:output>
<soap:body
use=
"literal"
/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation
name=
"getServerInfo"
>
<soap:operation
soapAction=
"http://bsi.bund.de/eID/getServerInfo"
/>
<wsdl:input>
<soap:body
use=
"literal"
/>
</wsdl:input>
<wsdl:output>
<soap:body
use=
"literal"
/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation
name=
"getResult"
>
<soap:operation
soapAction=
"http://bsi.bund.de/eID/getResult"
/>
<wsdl:input>
<soap:body
use=
"literal"
/>
</wsdl:input>
<wsdl:output>
<soap:body
use=
"literal"
/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service
name=
"eID"
>
<wsdl:port
name=
"eIDSOAP"
binding=
"tns:eIDSOAP"
>
<soap:address
location=
"http://www.bsi.bund.de/eid/server/2.0"
/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
docker_for-client-delivery/ssa/wsdl/TR-03130eID-Server.xsd
0 → 100644
View file @
59b50398
<?xml version="1.0" encoding="UTF-8"?>
<schema
xmlns=
"http://www.w3.org/2001/XMLSchema"
xmlns:dss=
"urn:oasis:names:tc:dss:1.0:core:schema"
xmlns:tns=
"http://bsi.bund.de/eID/"
xmlns:Q1=
"urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:saml=
"urn:oasis:names:tc:SAML:2.0:assertion"
targetNamespace=
"http://bsi.bund.de/eID/"
elementFormDefault=
"qualified"
attributeFormDefault=
"unqualified"
version=
"2.1.2 2017-10-25"
>
<import
namespace=
"urn:oasis:names:tc:dss:1.0:core:schema"
schemaLocation=
"oasis-dss-core-schema-v1.0-os.xsd"
/>
<import
namespace=
"urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation=
"saml-schema-assertion-2.0.xsd"
/>
<complexType
name=
"SessionType"
>
<sequence>
<element
name=
"ID"
>
<simpleType>
<restriction
base=
"hexBinary"
>
<minLength
value=
"16"
/>
</restriction>
</simpleType>
</element>
</sequence>
</complexType>
<element
name=
"useIDResponse"
type=
"tns:useIDResponseType"
/>
<complexType
name=
"useIDResponseType"
>
<sequence>
<element
name=
"Session"
type=
"tns:SessionType"
/>
<element
name=
"eCardServerAddress"
type=
"anyURI"
minOccurs=
"0"
/>
<element
name=
"PSK"
type=
"tns:PreSharedKeyType"
/>
<element
ref=
"dss:Result"
/>
</sequence>
</complexType>
<complexType
name=
"PersonalDataType"
>
<sequence>
<element
name=
"DocumentType"
type=
"tns:DocumentType"
minOccurs=
"0"
/>
<element
name=
"IssuingState"
type=
"tns:ICAOCountry"
minOccurs=
"0"
/>
<element
name=
"DateOfExpiry"
type=
"date"
minOccurs=
"0"
/>
<element
name=
"GivenNames"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"FamilyNames"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"ArtisticName"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"AcademicTitle"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"DateOfBirth"
type=
"tns:GeneralDateType"
minOccurs=
"0"
/>
<element
name=
"PlaceOfBirth"
type=
"tns:GeneralPlaceType"
minOccurs=
"0"
/>
<element
name=
"Nationality"
type=
"tns:ICAOCountry"
minOccurs=
"0"
/>
<element
name=
"BirthName"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"PlaceOfResidence"
type=
"tns:GeneralPlaceType"
minOccurs=
"0"
/>
<element
name=
"ResidencePermitI"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"RestrictedID"
type=
"tns:RestrictedIDType"
minOccurs=
"0"
/>
</sequence>
</complexType>
<complexType
name=
"GeneralPlaceType"
>
<choice>
<element
name=
"StructuredPlace"
type=
"tns:PlaceType"
/>
<element
name=
"FreetextPlace"
type=
"string"
/>
<element
name=
"NoPlaceInfo"
type=
"string"
/>
</choice>
</complexType>
<complexType
name=
"PlaceType"
>
<sequence>
<element
name=
"Street"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"City"
type=
"string"
/>
<element
name=
"State"
type=
"string"
minOccurs=
"0"
/>
<element
name=
"Country"
type=
"tns:ICAOCountry"
/>
<element
name=
"ZipCode"
type=
"string"
minOccurs=
"0"
/>
</sequence>
</complexType>
<simpleType
name=
"DocumentType"
>
<restriction
base=
"string"
>
<pattern
value=
"[A-Z ]{2}"
/>
</restriction>
</simpleType>
<simpleType
name=
"ICAOCountry"
>
<restriction
base=
"string"
>
<pattern
value=
"[A-Z ]{1,3}"
/>
</restriction>
</simpleType>
<complexType
name=
"AgeVerificationRequestType"
>
<sequence>
<element
name=
"Age"
>
<simpleType>
<restriction
base=
"int"
>
<minInclusive
value=
"0"
/>
</restriction>
</simpleType>
</element>
</sequence>
</complexType>
<complexType
name=
"VerificationResultType"
>
<sequence>
<element
name=
"FulfilsRequest"
type=
"boolean"
/>
</sequence>
</complexType>
<element
name=
"useIDRequest"
type=
"tns:useIDRequestType"