From 3c7115a77d21d94e4761659b11e8deca67292044 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 19 Nov 2024 16:36:36 +0200
Subject: [PATCH 01/20] SLIB-66 - make existing code v2 specific; fix cert
 issues

---
 .../{Config.java => SmartIdV2Config.java}     |  27 ++++++------
 ...ntroller.java => SmartIdV2Controller.java} |  24 +++++------
 .../model/AuthenticationSessionInfo.java      |   5 ++-
 .../sk/siddemo/model/SigningSessionInfo.java  |   2 +-
 .../services/SmartIdCertificateService.java   |   2 +-
 .../SmartIdCertificateServiceImpl.java        |  14 +++----
 ...va => SmartIdV2AuthenticationService.java} |   4 +-
 ...> SmartIdV2AuthenticationServiceImpl.java} |  31 +++++++-------
 ...ce.java => SmartIdV2SignatureService.java} |   2 +-
 ...ava => SmartIdV2SignatureServiceImpl.java} |  32 +++++++-------
 src/main/resources/application.yml            |  39 +++++++++---------
 src/main/resources/sid.trusted_root_certs.p12 | Bin 3990 -> 6358 bytes
 .../resources/templates/authentication.html   |  12 +-----
 .../templates/authenticationResult.html       |  10 +----
 src/main/resources/templates/error.html       |  10 +----
 .../resources/templates/fragments/header.html |  20 +++++++++
 src/main/resources/templates/index.html       |  18 ++------
 .../templates/sidOperationError.html          |  10 +----
 src/main/resources/templates/signature.html   |  10 +----
 .../resources/templates/signingResult.html    |  10 +----
 20 files changed, 123 insertions(+), 159 deletions(-)
 rename src/main/java/ee/sk/siddemo/{Config.java => SmartIdV2Config.java} (79%)
 rename src/main/java/ee/sk/siddemo/controller/{SmartIdController.java => SmartIdV2Controller.java} (88%)
 rename src/main/java/ee/sk/siddemo/services/{SmartIdAuthenticationService.java => SmartIdV2AuthenticationService.java} (91%)
 rename src/main/java/ee/sk/siddemo/services/{SmartIdAuthenticationServiceImpl.java => SmartIdV2AuthenticationServiceImpl.java} (87%)
 rename src/main/java/ee/sk/siddemo/services/{SmartIdSignatureService.java => SmartIdV2SignatureService.java} (96%)
 rename src/main/java/ee/sk/siddemo/services/{SmartIdSignatureServiceImpl.java => SmartIdV2SignatureServiceImpl.java} (89%)
 create mode 100644 src/main/resources/templates/fragments/header.html

diff --git a/src/main/java/ee/sk/siddemo/Config.java b/src/main/java/ee/sk/siddemo/SmartIdV2Config.java
similarity index 79%
rename from src/main/java/ee/sk/siddemo/Config.java
rename to src/main/java/ee/sk/siddemo/SmartIdV2Config.java
index b9614a3..88bb1ec 100644
--- a/src/main/java/ee/sk/siddemo/Config.java
+++ b/src/main/java/ee/sk/siddemo/SmartIdV2Config.java
@@ -37,36 +37,36 @@
 import org.springframework.web.context.WebApplicationContext;
 
 import ee.sk.siddemo.model.UserSidSession;
-import ee.sk.smartid.AuthenticationResponseValidator;
-import ee.sk.smartid.SmartIdClient;
+import ee.sk.smartid.v2.AuthenticationResponseValidator;
+import ee.sk.smartid.v2.SmartIdClient;
 
 @Configuration
-public class Config {
+public class SmartIdV2Config {
 
-    @Value("${sid.client.relyingPartyUuid}")
+    @Value("${sid.v2.client.relyingPartyUuid}")
     private String sidRelyingPartyUuid;
 
-    @Value("${sid.client.relyingPartyName}")
+    @Value("${sid.v2.client.relyingPartyName}")
     private String sidRelyingPartyName;
 
-    @Value("${sid.client.applicationProviderHost}")
+    @Value("${sid.v2.client.applicationProviderHost}")
     private String sidApplicationProviderHost;
 
-    @Value("${sid.truststore.trusted-server-ssl-certs.filename}")
+    @Value("${sid.v2.truststore.trusted-server-ssl-certs.filename}")
     private String sidTrustedServerSslCertsFilename;
 
-    @Value("${sid.truststore.trusted-server-ssl-certs.password}")
+    @Value("${sid.v2.truststore.trusted-server-ssl-certs.password}")
     private String sidTrustedServerSslCertsPassword;
 
-    @Value("${sid.truststore.trusted-root-certs.filename}")
+    @Value("${sid.v2.truststore.trusted-root-certs.filename}")
     private String sidTrustedRootCertsFilename;
 
-    @Value("${sid.truststore.trusted-root-certs.password}")
+    @Value("${sid.v2.truststore.trusted-root-certs.password}")
     private String sidTrustedRootCertsPassword;
 
     @Bean
-    public SmartIdClient smartIdClient() throws Exception {
-        InputStream is = Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
+    public SmartIdClient smartIdClientV2() throws Exception {
+        InputStream is = SmartIdV2Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
         KeyStore trustStore = KeyStore.getInstance("PKCS12");
         trustStore.load(is, sidTrustedServerSslCertsPassword.toCharArray());
 
@@ -92,7 +92,7 @@ public AuthenticationResponseValidator sidResponseValidator() throws Exception {
 
         List<X509Certificate> certificates = new ArrayList<>();
 
-        InputStream is = Config.class.getResourceAsStream(sidTrustedRootCertsFilename);
+        InputStream is = SmartIdV2Config.class.getResourceAsStream(sidTrustedRootCertsFilename);
 
         KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
         keystore.load(is, sidTrustedRootCertsPassword.toCharArray());
@@ -106,5 +106,4 @@ public AuthenticationResponseValidator sidResponseValidator() throws Exception {
 
         return new AuthenticationResponseValidator(certificates.toArray(new X509Certificate[0]));
     }
-
 }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
similarity index 88%
rename from src/main/java/ee/sk/siddemo/controller/SmartIdController.java
rename to src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
index ba22cc0..d59c6b0 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
@@ -41,22 +41,22 @@
 import ee.sk.siddemo.model.SigningSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.siddemo.model.UserSidSession;
-import ee.sk.siddemo.services.SmartIdAuthenticationService;
-import ee.sk.siddemo.services.SmartIdSignatureService;
-import ee.sk.smartid.AuthenticationIdentity;
+import ee.sk.siddemo.services.SmartIdV2AuthenticationService;
+import ee.sk.siddemo.services.SmartIdV2SignatureService;
+import ee.sk.smartid.v2.AuthenticationIdentity;
 import jakarta.validation.Valid;
 
 @RestController
-public class SmartIdController {
+public class SmartIdV2Controller {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdController.class);
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV2Controller.class);
 
-    private final SmartIdSignatureService signatureService;
-    private final SmartIdAuthenticationService authenticationService;
+    private final SmartIdV2SignatureService signatureService;
+    private final SmartIdV2AuthenticationService authenticationService;
     private final UserSidSession userSidSession;
 
     @Autowired
-    public SmartIdController(SmartIdSignatureService signatureService, SmartIdAuthenticationService authenticationService, UserSidSession userSidSession) {
+    public SmartIdV2Controller(SmartIdV2SignatureService signatureService, SmartIdV2AuthenticationService authenticationService, UserSidSession userSidSession) {
         this.signatureService = signatureService;
         this.authenticationService = authenticationService;
         this.userSidSession = userSidSession; // session scope, autowired
@@ -67,7 +67,7 @@ public ModelAndView userRequestForm() {
         return new ModelAndView("index", "userRequest", new UserRequest());
     }
 
-    @PostMapping(value = "/signatureRequest")
+    @PostMapping(value = "/v2/signatureRequest")
     public ModelAndView sendSignatureRequest(@ModelAttribute("userRequest") UserRequest userRequest,
                                              BindingResult bindingResult, ModelMap model) {
 
@@ -88,7 +88,7 @@ public ModelAndView sendSignatureRequest(@ModelAttribute("userRequest") UserRequ
         return new ModelAndView("/signature", model);
     }
 
-    @PostMapping(value = "/sign")
+    @PostMapping(value = "/v2/sign")
     public ModelAndView sign(ModelMap model) {
 
         SigningResult signingResult = signatureService.sign(userSidSession.getSigningSessionInfo());
@@ -100,7 +100,7 @@ public ModelAndView sign(ModelMap model) {
         return new ModelAndView("signingResult", model);
     }
 
-    @PostMapping(value = "/authenticationRequest")
+    @PostMapping(value = "/v2/authenticationRequest")
     public ModelAndView sendAuthenticationRequest(@ModelAttribute("userRequest") @Valid UserRequest userRequest,
                                                   BindingResult bindingResult, ModelMap model) {
 
@@ -117,7 +117,7 @@ public ModelAndView sendAuthenticationRequest(@ModelAttribute("userRequest") @Va
         return new ModelAndView("/authentication", model);
     }
 
-    @PostMapping(value = "/authenticate")
+    @PostMapping(value = "/v2/authenticate")
     public ModelAndView authenticate(ModelMap model) {
         AuthenticationIdentity person = authenticationService.authenticate(userSidSession.getAuthenticationSessionInfo());
         model.addAttribute("person", person);
diff --git a/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java b/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
index de1e1f6..ef2241b 100644
--- a/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
+++ b/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
@@ -22,8 +22,9 @@
  * #L%
  */
 
-import ee.sk.smartid.AuthenticationHash;
-import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+
+import ee.sk.smartid.v2.AuthenticationHash;
+import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 public class AuthenticationSessionInfo {
 
diff --git a/src/main/java/ee/sk/siddemo/model/SigningSessionInfo.java b/src/main/java/ee/sk/siddemo/model/SigningSessionInfo.java
index df6b81a..3b43424 100644
--- a/src/main/java/ee/sk/siddemo/model/SigningSessionInfo.java
+++ b/src/main/java/ee/sk/siddemo/model/SigningSessionInfo.java
@@ -25,7 +25,7 @@
 import org.digidoc4j.Container;
 import org.digidoc4j.DataToSign;
 
-import ee.sk.smartid.SignableHash;
+import ee.sk.smartid.v2.SignableHash;
 
 public class SigningSessionInfo {
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateService.java b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateService.java
index 1e3bd3b..d0fae2c 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateService.java
@@ -23,7 +23,7 @@
  */
 
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.smartid.SmartIdCertificate;
+import ee.sk.smartid.v2.SmartIdCertificate;
 
 public interface SmartIdCertificateService {
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
index 036b74e..f2be280 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
@@ -28,25 +28,25 @@
 
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.smartid.SmartIdCertificate;
-import ee.sk.smartid.SmartIdClient;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
 import ee.sk.smartid.exception.permanent.SmartIdClientException;
 import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
 import ee.sk.smartid.exception.useraccount.UserAccountNotFoundException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
-import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v2.SmartIdCertificate;
+import ee.sk.smartid.v2.SmartIdClient;
+import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
 public class SmartIdCertificateServiceImpl implements SmartIdCertificateService {
 
     private static final Logger logger = LoggerFactory.getLogger(SmartIdCertificateServiceImpl.class);
 
-    private final SmartIdClient client;
+    private final SmartIdClient smartIdClientV2;
 
-    public SmartIdCertificateServiceImpl(SmartIdClient client) {
-        this.client = client;
+    public SmartIdCertificateServiceImpl(SmartIdClient smartIdClientV2) {
+        this.smartIdClientV2 = smartIdClientV2;
     }
 
     @Override
@@ -62,7 +62,7 @@ public SmartIdCertificate getCertificate(UserRequest userRequest) {
                     userRequest.getNationalIdentityNumber());
 
 
-            SmartIdCertificate responseWithSigningCertificate = client
+            SmartIdCertificate responseWithSigningCertificate = smartIdClientV2
                     .getCertificate()
                     .withSemanticsIdentifier(semanticsIdentifier)
                     .withCertificateLevel("QUALIFIED")
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
similarity index 91%
rename from src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationService.java
rename to src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
index 1479b1c..4b12a21 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
@@ -24,9 +24,9 @@
 
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.smartid.AuthenticationIdentity;
+import ee.sk.smartid.v2.AuthenticationIdentity;
 
-public interface SmartIdAuthenticationService {
+public interface SmartIdV2AuthenticationService {
 
     AuthenticationSessionInfo startAuthentication(UserRequest userRequest);
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
similarity index 87%
rename from src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationServiceImpl.java
rename to src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
index f4b3a1a..8e15521 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdAuthenticationServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
@@ -34,11 +34,7 @@
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.smartid.AuthenticationHash;
-import ee.sk.smartid.AuthenticationIdentity;
-import ee.sk.smartid.AuthenticationResponseValidator;
-import ee.sk.smartid.SmartIdAuthenticationResponse;
-import ee.sk.smartid.SmartIdClient;
+
 import ee.sk.smartid.exception.UnprocessableSmartIdResponseException;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
 import ee.sk.smartid.exception.useraccount.CertificateLevelMismatchException;
@@ -47,23 +43,28 @@
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
 import ee.sk.smartid.exception.useraction.UserSelectedWrongVerificationCodeException;
-import ee.sk.smartid.rest.dao.Interaction;
-import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v2.AuthenticationHash;
+import ee.sk.smartid.v2.AuthenticationIdentity;
+import ee.sk.smartid.v2.AuthenticationResponseValidator;
+import ee.sk.smartid.v2.SmartIdAuthenticationResponse;
+import ee.sk.smartid.v2.SmartIdClient;
+import ee.sk.smartid.v2.rest.dao.Interaction;
+import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
-public class SmartIdAuthenticationServiceImpl implements SmartIdAuthenticationService {
+public class SmartIdV2AuthenticationServiceImpl implements SmartIdV2AuthenticationService {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdAuthenticationServiceImpl.class);
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV2AuthenticationServiceImpl.class);
 
-    @Value("${sid.auth.displayText}")
+    @Value("${sid.v2.auth.displayText}")
     private String sidAuthDisplayText;
 
-    private final SmartIdClient client;
+    private final SmartIdClient smartIdClientV2;
     private final AuthenticationResponseValidator sidAuthenticationResponseValidator;
 
-    public SmartIdAuthenticationServiceImpl(SmartIdClient client,
-                                            AuthenticationResponseValidator sidAuthenticationResponseValidator) {
-        this.client = client;
+    public SmartIdV2AuthenticationServiceImpl(SmartIdClient smartIdClientV2,
+                                              AuthenticationResponseValidator sidAuthenticationResponseValidator) {
+        this.smartIdClientV2 = smartIdClientV2;
         this.sidAuthenticationResponseValidator = sidAuthenticationResponseValidator;
     }
 
@@ -100,7 +101,7 @@ public AuthenticationIdentity authenticate(AuthenticationSessionInfo authenticat
         AuthenticationIdentity authIdentity = null;
 
         try {
-            SmartIdAuthenticationResponse response = client
+            SmartIdAuthenticationResponse response = smartIdClientV2
                     .createAuthentication()
                     .withSemanticsIdentifier(authenticationSessionInfo.getSemanticsIdentifier())
                     .withAuthenticationHash(authenticationHash)
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdSignatureService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureService.java
similarity index 96%
rename from src/main/java/ee/sk/siddemo/services/SmartIdSignatureService.java
rename to src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureService.java
index bf0c805..0389531 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdSignatureService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureService.java
@@ -26,7 +26,7 @@
 import ee.sk.siddemo.model.SigningSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 
-public interface SmartIdSignatureService {
+public interface SmartIdV2SignatureService {
 
     SigningSessionInfo sendSignatureRequest(UserRequest userRequest);
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdSignatureServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
similarity index 89%
rename from src/main/java/ee/sk/siddemo/services/SmartIdSignatureServiceImpl.java
rename to src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
index b51a4bc..68890b6 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdSignatureServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
@@ -50,43 +50,43 @@
 import ee.sk.siddemo.model.SigningSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.HashType;
-import ee.sk.smartid.SignableData;
-import ee.sk.smartid.SignableHash;
-import ee.sk.smartid.SmartIdCertificate;
-import ee.sk.smartid.SmartIdClient;
-import ee.sk.smartid.SmartIdSignature;
+import ee.sk.smartid.v2.SignableData;
+import ee.sk.smartid.v2.SignableHash;
+import ee.sk.smartid.v2.SmartIdCertificate;
+import ee.sk.smartid.v2.SmartIdClient;
+import ee.sk.smartid.v2.SmartIdSignature;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
 import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
 import ee.sk.smartid.exception.useraccount.UserAccountNotFoundException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
 import ee.sk.smartid.exception.useraction.UserSelectedWrongVerificationCodeException;
-import ee.sk.smartid.rest.dao.Interaction;
-import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v2.rest.dao.Interaction;
+import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
-public class SmartIdSignatureServiceImpl implements SmartIdSignatureService {
+public class SmartIdV2SignatureServiceImpl implements SmartIdV2SignatureService {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdSignatureServiceImpl.class);
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV2SignatureServiceImpl.class);
 
-    @Value("${sid.sign.displayText}")
+    @Value("${sid.v2.sign.displayText}")
     private String sidSignDisplayText;
 
-    @Value("${sid.client.relyingPartyUuid}")
+    @Value("${sid.v2.client.relyingPartyUuid}")
     private String sidRelyingPartyUuid;
 
-    @Value("${sid.client.relyingPartyName}")
+    @Value("${sid.v2.client.relyingPartyName}")
     private String sidRelyingPartyName;
 
     @Value("${app.signed-files-directory}")
     private String signedFilesDirectory;
 
     private final SmartIdCertificateService certificateService;
-    private final SmartIdClient client;
+    private final SmartIdClient smartIdClientV2;
 
-    public SmartIdSignatureServiceImpl(SmartIdCertificateService certificateService, SmartIdClient client) {
+    public SmartIdV2SignatureServiceImpl(SmartIdCertificateService certificateService, SmartIdClient smartIdClientV2) {
         this.certificateService = certificateService;
-        this.client = client;
+        this.smartIdClientV2 = smartIdClientV2;
     }
 
     @Override
@@ -149,7 +149,7 @@ public SigningResult sign(SigningSessionInfo signingSessionInfo) {
 
         try {
 
-            SmartIdSignature smartIdSignature = client
+            SmartIdSignature smartIdSignature = smartIdClientV2
                     .createSignature()
                     .withDocumentNumber(signingSessionInfo.getDocumentNumber())
                     .withSignableHash(signingSessionInfo.getHashToSign())
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 7693e6f..7072e24 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -4,25 +4,26 @@ spring.servlet.multipart:
 server.port: 8081
 
 sid:
-  client:
-    relyingPartyUuid: 00000000-0000-0000-0000-000000000000
-    relyingPartyName: DEMO
-    applicationProviderHost: https://sid.demo.sk.ee/smart-id-rp/v2/
-  auth:
-    displayText: Log in with Smart-ID demo?
-    displayTextFormat: GSM7
-    displayTextLanguage: ENG
-  sign:
-    displayText: Подписать?
-    displayTextFormat: UCS2
-    displayTextLanguage: RUS
-  truststore:
-    trusted-server-ssl-certs:
-      filename: /sid.trusted_server_certs.p12
-      password: changeit
-    trusted-root-certs:
-      filename: /sid.trusted_root_certs.p12
-      password: changeit
+  v2:
+    client:
+      relyingPartyUuid: 00000000-0000-0000-0000-000000000000
+      relyingPartyName: DEMO
+      applicationProviderHost: https://sid.demo.sk.ee/smart-id-rp/v2/
+    auth:
+      displayText: Log in with Smart-ID demo?
+      displayTextFormat: GSM7
+      displayTextLanguage: ENG
+    sign:
+      displayText: Подписать?
+      displayTextFormat: UCS2
+      displayTextLanguage: RUS
+    truststore:
+      trusted-server-ssl-certs:
+        filename: /sid.trusted_server_certs.p12
+        password: changeit
+      trusted-root-certs:
+        filename: /sid.trusted_root_certs.p12
+        password: changeit
 
 app:
   signed-files-directory: target/signed-files
\ No newline at end of file
diff --git a/src/main/resources/sid.trusted_root_certs.p12 b/src/main/resources/sid.trusted_root_certs.p12
index 3e75dfccdeb4b33699301bcd0fe24bf558204097..465d8928137e92b89666c91bb6a389c326a63a69 100644
GIT binary patch
delta 6340
zcmV;#7(3^dAJ#EIFoGD;0s#Xsf*5=T2`Yw2hW8Bt2LYgh7;OZC7-=wq7-cYm7-0qp
zDuzgg_YDCD2B3l%QZRxTP67b{FoGCIkw7aHX$ojHUSk0GJOxQN6NkBagkvKSk$)tA
z&%h2Q7&oz`#XzTxm)wIbfPxp$#}p4AW6&Sp=4r{6*!Bv-cxJe<>*eNkIhCU%?yAYg
zMVa;eu*#y1Qm8O7MC!GSCgl5yc$BYv@z%LCxocB3%7}@cPhp;(s!n5<&@O2|cy3&j
zQC$x_W4tm%<$6Z`#-r&=`mIQ>zc;vl&B1!tF`AVuWAp7&x9XE-Ix*<gfJ7G5QXkGg
zGB1eT*5oZ8Xdbc_y{zMf<6^2V!W~86NS-D~rUs6+1TFZT#DC<CQczb~8yr9fY_O0z
z>tow=5W-)AbX43v$P}h0Hx;L#OM95x2I56b5d+ak)IVj*-O4qRClu$bnO7QrKQB8&
zxr`V%O7;m-Ve=y+8^H}%?*T2W|47|^F3-ZtcaTann3fXqE-E<OnH?-lhIt2#>GlJ%
zW?v?)xbr(WC=uqcB@njXH9J}hItS~F0;_k)QF--6`f?`|4vbNwMNjnw@2VN?`7J&M
z3+SlAJ?mYKl_(`%<XuYmO%qdpzCKyTh_qT+u<-UImEmYz_w;XHjG)w-aT;>w7<DSF
zvSIP+&_W!-^NokeNf2V9Jw(lG*00OCnq0EGixBpD$-O<ac%mO~2&d;xxkD3wyBZyi
zg|j~&pA?;y1xBMWic5N^BpNLG=0-4@-1EVLn_fY3M7<DM6@%0(jC(qNN2$;=lLetI
z`LzpYbEp!jwr~VIEfdK(+rCq|yrlFSNmSj_QHBKD*3Fcevfm}!`fi{>7stxd?Rx;Q
zS^T}oe<eO4BbF5)dXg#aHO<cy-psZl#-3YCKJ@adUe_Z@6_<J9sXCiT*fzFhf1-~>
zqFjL(=a8*g5~d!PDB+lY6zm%I(}Bl3?E<zqEPvHUyFx~J?#uwWRVD!VY`p*YS>cKZ
zM{|NpJa8;NL7I_KW{(+%_y-_Gu+A|3J#4;hH7SyTWW4M#jAtd6y$#6?U1~*N*vyM=
z2;YhQTg>s5Uk`DGD)g4yVGu7)m(Q4he&A0@9HFt4eSF+}HvM*g0)|65`s9z6#@OL2
zK10x2-f;)atVJA*R)r*OUN~Tf7N83NmAGv0=`T^cXMnm0M>5x*KH;<GC_${IubsBC
zLVZ-VT6J!K>rtI_4=tJa_xtaqZ{65jdn24ql!AsJQ?4vBN$;;H&y+Bfyfvw|L8=n1
zctqEAop)!l;u55Pzah^)hwcW%eq;jn#q@Vom5o~BvL_}nbn2MyQPXl!LJ)^C6o0hD
z*PEvt4i|_DJ!DEhbX>J_Ig2oamIQ5GoO!<RaiRj;0;dEI$|T!XH8xy{?#KQUN-~JH
zNsL$5OgS@&Jdh*RJ|H`+IJ)OLw7F^EU*K3pI-tKYhv}PtYiLC67~q_De(|68W4m_~
z-R&376!qzS0yA{Zi{y})xoc{T!2QFo0XDC|Q{gzZFt)1DxjnV>#_bshzvz|iR1&8`
z%T6^u-9PD{li5@0BesfP#kAz`g1S&=TH`p;G<>sc7BYtgtV(xh>Wq33(>9pB({KbS
za^YV*vaoP}EpZLdbi)|7x|{ROEgKm@QXxRVD;XyVkb2NErl!?hhEY0h2LJR-ClS6R
zcazVlzf3wDSlCOA%{^Bw9iW&V+<J)~)g<6B?HJ&9PkyCZ3>18u`nB556TQn!NMbID
z7lVae`uvys$K=D4lkNE@$_Ii?qLDpHyU$N_fPJBVauf2Mr^x7h$50|O=<IGW=12QN
zBH|P6HNS<N1r~Cfa6<<17J!z@((rgid1I11j8kJ%HUvSYcrm^4@z}SYG$3BH0A7{4
zeFJ0)xP=)uz!m>@4*6vfm^ad(KATL6QK{vL%xmySeM0c5%D)2!y7$Wh;;<Fm_<gis
z#Ei>-nO2rZ11ho0VVZm34Y@AjWHL$?=^G?7g+X8IX@t8kfsm-!3PAS&vk*+QOHO_D
zl-_o`NG5wKDArJ%X$E(JkHgx7NAw58{0f=y!a>7X?&pXo+r?~hU!b7twcpnbANsa2
zcCrb8+dLu<iud@xVlUKG#N`FJ&12k(K+@5F9X#sJfXgRsPF(3#v8b+(uKWJa9BQS2
zsiiT<mk`JSs~A>yJ?=x!{=^Y|Cw%}3=P|9T_SE9kPB<y8wV!P;)zisg?v4|660PE5
zh^ns!*lqrayXp+00^^Ny;t?#pxGRR2+GigYR$N|&XbjV=JVhqO3BzzXkQObmb=b9k
znzT9!%h%7b@48VM4_Akpn&Wuox_RWe)S|s@<;~DcHEd$1G0hiAxVw&NzEPH!aP@dp
zJX7sUVlJaL49Oo3PSfOM;wwrBPA-w<%%c3*A+98Q9goAg7PxWOtYS=0DC&Cr+Nuwo
zZ>KT7Q+oGR3)RZ$2oOpcZ2pj3CF5X!LLGZRI`WcJI+Tem&2qmdddi-pKHKqDkHG{g
zW;4=|cQr`f#>rl&4{l$nm~knN&!QtAGrAVb>ZW+<U@|+C_vmV6-B#w<uY5{uDGs&l
z;9h;zD%FHWvldz_K&(eyO+xx#UNutJFj7lF$NW_nS!&2@rvtnCSH_>u{BTcyKDfTz
zUC2{d@_+{i9x*kt<~0*`(|&HyH?`@({t<{5)9{_T@=#npD3tG(Ole`V?FuL&?rE)F
z&IK{XG+y@T;K%Rp<{ZUf9x@V1MvUQI(^q&&k3Wnq6BwffX`fBZy-G4oXb0+klfd#`
zmMIaPwWVC0gpQ-?*t{--uo{VfH_y443?dkZ<Ag@(S70l%MKMC-7K9yxA`$jY6?!4!
zHIW9f-(_H<fC4vW=ee%H9b5XRai0Rv37dsKYDh`-09}l$m46BX&dhM-&+8RVpLRt{
z)eKmdI)aYGn<xrwGu=z(AJJEv@T#~rX&>zK@klBfMZjh#{Y?}7gs)bA;z8^kLDxBp
zl|-Iy_rUD<de+SYJ*p7Mz7>_SRC;fs#m-DmbkJ=hALi&SlqWuOGz2?|QFCKbeRBjX
zG2;M(hT9SC6?(A6P&YotPR)_uzdzo{9a@&aNkCVo_IJSDBhQmBNp&>^lF{{708gUY
zOqN9p(e5i>Mhsnj*nC=l9JZtYaCnAgW@;{)(&*w8Ri~*rlu(^EpLA2fps+@tgr1(5
zZ(m{T>GT>wf#SFu`(k6xn99%=tVciLHSU3ea;@TMecsu#c&>b$Geju&C6iQsC;hl=
zE?pkSK;Y(4?I~1T_-NmdHAKK6{tcG@s=e%#2mTKnEd*zdifage09BbHi}sMFNK)Cp
z{R4C5o>1$sLhKDCYyJOVZCT+>fUfUQmWe{cyb1^u>XDNQRwXHWFGRM?+3#Ft=#g88
zn-t0+3VELmK6ztti5c0OIeBLN;eS=JH#o7Mi%D-Ye?|>7=Q{Ub#9%>lp`h`K8QXpu
zjkf)#FhsgDqOs6_SJnhEUA~_c3m@8sW<K;D;TY$8SQCzKw>x}0lN3)M;EC9v^NvhM
zC7#>63TV(=hg&l<yYIWHbVyH9OAoPv%I-422`2TBlWDWaz@n9XK?WTy{YUI7YxuTQ
ztZZ01Q5B1)>~Oy*tfn&|7an8C{S!R&vA(Vo<&F4LG*h8}E+`yV?9HzZ*=k1#wztkw
zKR6h9HBmzI?v|jgMnAf*PZ_&sTtN!j_#Rm_wU4xNW6WlC#Cg4O^@Q!Tfo2$4?-{hb
zIV+U1o~@BN+lYC7H*|7kRBjRiqG^bHQ!jF9Fn`ooE9?{Ui|4P96Q<EmzTwQp;gr=v
zKWrD|y$$An(p58?@X*xs-)!gl*GGX?wUU2aQ03l|ugN#naUZJJe{rszj@d4LO)V?2
zI%GIRqq?SJ*Pv1QoXg~GSSqQ&-7zV(;G4_|@7MH?8=hd;VX)ORfh=kvG#Bp!Aq~iM
zeU;+8CGd+Jr?{%#YrEF9+^9+!O@0X07N<>H(($B!^IHeKp4;k-l-A<VuZrQGXU!Cp
zN0R!7MX+>fjYjOvTAmC5Ot_-qX=+?fKZqN4`==&g3PKGp{+QbK>7#21Hm{KJAP1_F
zfVFn^G^~T7;$=^Yts-%HaxKtasyyGD4IND6&9QYCk=rK<;k%`X)(9x%(^FKX_$}=8
z49bCj;cR)P={&bbqXY(+9%qoXzg8Mw354um!g#W*n9LDyw4?GgYt;DRn=$dRG4HDD
zZf!K*Q|dR8AaAaachf%2kvjr(!zJ|h|0Gr|Fx9&dWc2{>bXCVo#TWnoJCQL|Y=o5{
zsS{aY;Z?3z><We`Lb{zN85I7XUR;~^)nYn-kx{2P$)4u)JZu9sd@5=@TgpgXjimW2
zg<v?|sFoZU_zX&l`ut!T8agm%mgN%K4R&a!$f|jZ6IX|Je?y{P;<|e(;+{0}WlrCO
z1&{J-vjuySrt)93EH=@{(3@1=kaCaWawHNE?6A0T*u^i@^+9=WT%md8d<yY?d2aT9
z>H9WL5RbRKV8sgG$kGv!IP&XJdd**)cyYw_GHDmefdO!5%$7|?*Sme(wZ?;ySFOtG
zo&2xC=KIF5SQMq)nNmJ0CO35z!GRXb`n@pP2neN9#VBAP2%TT;<;uesz{&y&ZGQMp
zg!O2iM3hZeRQC9%i~Uq0%u^5nK&>%<J~74@*=sZg$!qFLI2Dc(rcos#d{Q#2=M%W7
z$4qjdI2FC?`O=!>Bzl_DD4J3P8<^NCo`|U0KC-XA*T{T>e_T8U?thpr%D3=8>q{Vx
z+rQ+`SSEBpi~dc2PDOL|A%52W^~|N<At)?O#AOnEy(Tu-1KaUtV;wkikEDHn0tYuE
zz<l;<GK9{5fY?^46|w<o1l3CaXYu)qt>%aCcz6Itw^=+m`9W%A0Idl)^d0rg%#9+I
zlrHXS=P@O6jNk|8-3K@@oLi(#NdK;PH@M+%<wrO<!X()DU=YlbK%23O(*rK#HH8ap
zew_e1waP$1jq_o$Bt<iI83JT~?Dl9au)ZNIc2yP-NA&$u`bVS2PRkFP_~s_QQk`a~
zZZ~5Aj1a<UjYt=tZieXK;8&{`DuLGc9cLr?<pwd!*&|B4oHhfvJlcTW7yfMu+U7SB
zX#DE7c_bki*WrQVTXJJ4u;v(K>Ctcw5XPmVpetq%0cOz3ka%`m+(#dO!5CL%t6doT
zWg!<=&N@0L`x0fj3%E*)l^Kq!>S{+F&)@leoi`pxjjG`(D7m}9n$@GF4v%m_Xt0r`
zW2?+PXu_lj+qUWm#T2UHua}fP>JLewPt|}21k=${*@xI7@l_@amYb&f0-C1U4)&x?
z87?f}UYcFfXA~A)m!rOa`!hU=`#Wf@-2<9ZTjGKB)V*78$jZE>Wp52@&BjnP&h-IP
z_{Rf3j1@!~g^z^A1;OJTHQK>%sJIgQSV645)%TqL2GhIqUi4|G^|+w<6Su@X@V6Gj
zTvs6IzKa3cg17|M4!stqu=h8;O2fB*Ww~aq4d`00KM_DSS&B`6s+0f)IUTygfrl8(
z*U{Aw^J)Ya4t3YQ>!M&@#>*G6-^<n=LDpdHA?sLGMfg%9D>Ozyfx)8}m*-q=Bh#$v
z{3zC7Ot3m#o^<NG4`%ftcD)9h<X1-t<V}!Cri$Z>@PER3-wtcbDSI}vbfOn2S+-{N
z&UIC|qsJ1}%=OQIVEE=X@|&m0Z9vFDSwRe1g(VC8Of4g1sh?#azMPj9&US-)h@UMh
zsMbJk8>5Q#$B^EPnr9y^hIipzq?lu&Ej@q!ZqA@0hL@&nOCq%^kvPH^xCS&Sbp@2*
z@<=y~Vj)7Ve=13#NpR?RR5nKlWpTNn+s6}D1_LoRxzUz?Xp|@G2YGH716vFm8K=u^
z0yZ*O$EVHmYHy0slRdYugR(akc_g0WE9J?E@`U|bb<$0G1JQfu$EY%FkXz;b+TXh%
z7TW0Q&0IebORzMB*66zL&pA)^iv9Qi<JV#7Osn&q#;HE*43V7CnQixe<Ra+YeHHbf
zq_PRdPb|iNt)X0c7A4P&B6uEVp*50J-!jR=vF_JClNrL*!+oSO`qWIy!JGMRbm$)7
z(?SRardP1~Jm}ry1$zlc_*Nbf%q)MiG&jrrqRon-iTMF_h>{vEZ-Gw{rSvTV)N^Qh
zOKm&sYO*#scG?zFS2Kk3!5%x;31qq}G=Ua);9hxuFb@eT;B%FzOVz!0F*1OU5jlFC
zdVC5A)CC#<8Xt9BKMoqh*k7SQD8Gj#8(-OJC>*^e;JRF{J5)rG%8$i6H#|)ZS3pBH
zH`mc9m3@N$yZ<y8%KhG`YlLOLyaelOy9;p`SIepB^oU8fHv2+nIDUkP!fE}}v6O>^
z_XduCW+62*(iwc|J$=R;e5@qIBIBB0c$HRGSw;~@0N!8v6NRS18g^&ncXGm8ea2=n
zh&*JGyGRvCJ00!cCzo|Vcdo;Q{Fkj)_f4Z)L-Rw4FeS8(E-=WyPqzPC$8&rVpw^D+
zO4m=oGPv=h70DayNa#o^$x?N;CMksx^Rb_QyR8k1138f$e9pwDpZ0%K3Sh5!Eq2`V
z<$88s?c$2X%>g|CsI7>7*V$%~S=_dWwFO|Bih8ma$E&aP%i<DZtQjK$l`v|<Sm<go
zkn6uO-&mtoULA;)+}Nb4CUQ|K846r7%;*@~_lPM~?d&^d(CCG_oJVB_4a@m^!$0tU
zhv0TU2khr3V};^dVA6cKJKa^O;8#O`>I1-;P#2DSH>kx55bQ_mQ~hUVD~9my>R86K
zxtkr4zV=Rt&d=+`xH(UbAz<?K$Dk(otm&Q=4j`><j;=2iz!6vpqJ2e|Sm(p%*=6iq
z2~%Ja)@zZL8?|Io^b8tNHzW$|;h(pEB6BC~MZ!d4$c*-n%20o<(T#$UaZZqzD2@pD
zQ)JT|o|`I3`(-9Wy<mnUncmIpyB$|bVC&e-*fzRdvsxt{cL~XvMR%ZtOHus3Vq|S9
zsgr1n6+{Ad2X0yl7_pPud-zj+ZfJ`(33+tpH&@ldCm_Pd{w{I7ksF<SHX?6-vccBL
zV9XT=#=ohLw7HzA4>|us7(1pdv5h>=7TNH;Qbe`WgsOq^f35H(gb7<I&+vd+S<j0n
zYs3y*BDg@s4C@HvzMFxGvti;piX9nDBHVM%wsR2WGP9u$iOVg>U>Ok^hAx!%l5TRz
zM_@WHB+P2e64UsrC=|6MIm<<VCq8>ZrT3jC<{;<AQeq06)O_&n^1NPJC+}<wFXv;;
z)`d>RQv91fENknLqb4xMjz{1%IdX1d{=EpwCSeV;9VFq0E(qVQHOEuee?2l3d4)Wf
zFvdQK&oEk4%%4Ud3JqW_EYs=S-{Xr<=1^npZg=F+Qus4MJ=dX;u;vGULI{mxT(0IF
zq~od8FauQ7j%iJE{i`)|=tqU#uDtGkvF4~|=!R+-u9Aj=?P|erUXCQ<!ZmklDD)1R
z6+Tz<mjUxfYm%e6-#Iu#BqN_Aw>a+_8+Xqv+^jpQkho^JjKDtP%sXJf2Yl-%QEu`I
zzhPKnw+)>R`TEjvK$R7L<4SUH8%1b7l{0oHR?iYN>A0%LJPC+$hk=oETMxuJ35yN&
z#PPd156QihS%J8IMMBWuxURNvKt}|G%MMUlAJ=nP9W7aP11R%^G!z7dDWt+$rgh%e
z)k^A&xceg;?`;ODb?ag+Fq+iW*jjyGjcs3)Xg?e3n!{Ig|4)Q}znK7|^%FrEPCW%>
zh*1GB-F2dWVi$B}^C05&b48R7QL#2?INYsCXMKV;@(6iVJaT?CQK6QQ$KMCEOP$?C
z9d~sW2mplK=2}&zrEL+Q8VkNN1J`hFi(;3dX@p7t8dEbmp1pv+h)OLlo?XSyQUsX)
zdL|uiOGCg@3za2*CQL&MW3Ff`-^y1(xl6on<sTCZqq$79ETX0AIr*Bk&OZRi8bV|G
z5KBIT=ivdo(lGBvdAJ(dP;7$YG((zU6A!es+bR|TqUFrsS*7KwoFIC|{damj7}tpo
zX_yp@lhU{n#ZA}hka@(6y_CIjeX<e-ZigbjQw*#C-eX^X-xeO|rYxjQm}KUGPxCp~
zWq<^|S3ZIpK8F!P4|lT|qCyr8Ym5=7njSOT6cotjoB&ytQGep}l}&h!;?gKL=}bz&
zgeGJ39HM#Jw4Yx=uWjj`z@KoAv;%mLuY9_I_t-g41b-(9f9}pd-zhJ`oL8CC{*<aW
zjP@JapYBv+=?e)2dE37I3zl&3X)G~ue2x*ZFikKqFbxI?V1`HmWdj5P0R;dAAVL?F
z($bck?<%}rr>Yh`lMybB2NmsVz()d`^hwM$6a*9~-U6x^%!_1{!_G2S_X5lY(f_#u
G0w)liH7U^m

delta 3954
zcmV-&4~_8FF_s@dFoF+~0s#Xsf)6|f2`Yw2hW8Bt2LYgh4=n_O4=FH$4<#^y4<QB#
zDuzgg_YDCD2B3lu5-@@f4gvuHFoF*Ukw7aH0Y2aQACl-h6vc}ZS0>$B3ZKT@k$)tA
z&~|ecma@x-`tKqFq)KHSfPxN?*1qF6Dtv1>WRG8ty4YIfEN)hb=Fda+(nkHx3gB-}
z1i-?|r>X;0aT57%JCFR``E>RwS#txJX{6ysLcr&Cr_E)41;5QmS1SMho7Eo*wzv8U
z7xx^xvbpkg>>Gy3T%XP18L^pr!8ZkeXvJHE-|IWaF1@zR6hqlMq)$|;DQ4x#2tofX
zE<VHShTP>?q(^+}t#UC1gsN>4S_B(v_&C6)%EW-z%McE%GHdmqQ=Ir#MLU|@<?mvo
zcAem9ed#hhCGcw(X5GO^38?mO22><4U}AoF2qll9*#C78!8X;#Yn>rgW@*EJXzOQP
zaP)?Wh{b~aAPSISY8GX+AF7o(b;;sxfz9nH$@Y8-)CTvi)ncj-mwy1hF+!~ioO$?>
z;Q_d<tVb9zxvyq=#abhTZwJT8ewl)2`d|kcuO_vmTG@?*%Yt`#Cn!x}JqDE{Y<7-q
z&H>v_?ePTp3h0vU%<K5HNbZb(Jh^%+hTq~~>lnC_nzLVo|HR?>7C;!@-VphWN&Bwp
zJ=Z*g^lFlJm>VviPCxWABlQ))gaDpx6l2#%`@6zGp#cI`V`Kx>*J}G~bL9rnBuaF?
zQn7Wq-NpYZT|4MKmYm@DEk|yZ6r4>>roBge0(uKYLk0cz^_|g2*_bqc&LEhqfSdF*
z8Nf+Q50OF;ZwUu!wv1h4Z7dU=+;XNYsaJs@StekTgLqIFJ}C#<52{H!ejf^uzIj(j
zX(wDXFlPa5<|0!eQEzM_m?+5Fnhb8VKkHrCyj+H7PSlA|$|EF-4u(8!ieb%SVjjbw
zis8X=&RVB<1An`>)!D><6k589voo$AH*|<bg<%yVgdweFans;vRJ29edMYCLDoAN^
z?jx6ckpD^u>N^!eBdFLuB9AUcmj_EvX}+sVKqh=ey~FUY1FU?7VmmT7A(DP@^yHq2
zhbB@fqJ>fnl3oi*qbr5X231#=;Ryk5d}LOMsNs<Cc&W@Nc};GAE--{IVEgQKb`s^c
zRqMmLPFuw;;i(bZFxmb!5rX#C`Iv4x!NqYl3joP*hRjiTpQP!dk8r`3sc$E!Ua7e#
z+VK{_s%bF>7zEOUjhEVjul{2SZV!#5o@L+LHL9Cc-`Whpa4xl((Wo{SnhH)T9Z3R>
z!wTMrBYza8L9W(+_|?3n3~g@C*BWjMb(8u|Mxa%qI5pXLdStL<9Mv^~X`CkgsPX7h
zo?bCYWf*iJh#8N{%D(s5OBM|?WYs!XS*9jIGKL7=**1LS>!rmt#a0PH{)5OcrN`f{
zCLT)l+H3r;2RHzxszdD#cZc1UNWKWfc0X1PzVdIG@=d&dioq;e?kgSk85^k%*4mt;
zGy2^;$l9+&IOhXTf(u+hbkI6M%rZ#sJa{zNJ*eYgq7S_Z)lH-TWDD#*4w>`NSetnr
zq~H*$6(0j)QsrCzREI|B7Fsx)SIJD#mxS0e#5ru!65K_D5joAX;w?LDJW?AX3Qht=
zr_j%EQ4YO-DrTo3VAdL{(T2(FiE>^Gy0Y|YIe?5;__S!ZE40LJO5z~-{dmn^A-AkY
z2kDLe<6tbvz0M*(1<@a*^ZtY|=y6a#Vh>T8!x=SM9T7vP-TbO$j!&htH|8i`+n(Gu
z-rpj+^XWN`x#0kc<BupWPx;hNE3rIroJK(s+JU%#W&mKByog%;>1uk6Uyr5hilI3e
zA=zQ}i1@O*i7#V`xT1bDm<p=<v+v?v=*mGlR%MIp$x5%&prw|a*iE5gj!7D*m^t=a
zWXdZHQt{FY)-rL<(wl2mbDuirCk2nWX46I352zgI<^;Taco4gu1+G?2$u4cynf4n7
z>sH5qHL0Iz;o&#A&6lF`8*^SntG25+M8K9d_sfK>5gvZ66#;VxeNR_KL;$xn-<fI1
zx4HKy*h9N5K;EP`9t>bvS+BavRwEJgm4+-Y$TuTuhfb1wphH^hH5w(}4X0ZZP)702
zbc%SC78Y~%Rp3t%1z4r>JT@aHj9NvgLg}1;K$)Bk0nU|u_h$E4H06kKJ3Tv@XvD}V
zskd^ck?8xZe@4@l)a38`l|B&n*p$34l6JbBtIqUT@~b)8A-#No+58jRXQgfIHSU=?
z4-rdS*%FoV(@D0A5sdAfu*Wfx0U#o8s3`G63os6!;eAP!<2&pdtPR#gev)E^MCsCh
zzdWTnoF)M61Z}zRt#Rti@KkDUA<MPBR_1Z?F&^l?w_RU+c1COnW&Wy*$Bn?4ynkVV
zQRn(XgH@*^GD<XZ4piYJ2B(i?T%f)gFZka~)N>kE+WT=bLFjRm%`mIq+)QupoIxPv
z#Tve+9}_TdLjtJ7k5>OGbC<S+jeiw?w+4J$YCR{Q0><3tG5X=5zB4<27vZzDVi<5w
z;{s;yqQ`atDz>RY!C&-ntv<W5i7pBDsv433*ONf1SP>reP8?Lju$@4V#o0x`E*J6$
zzBVm$djP3F)W~Ojr;)6zK?C`czr||Mu~t}eCOX9GCzb3x&j#EP*nL}om?Z~)GpOwX
zy_r_+qb`c-AQQYU>XU7kItn(2Bcwxfc;hZWx@rw}SU3F;XXCP8GruQ0SJ%l-Ah@%D
zIr7ksLy+-_CteO}2E7#IWi~2bP&dpfbV3lgn<s=&$G{p;e)?yU4Fv=lJviN<3gplt
z|JHMw2;Inq;BVRh4+}_C(K*zA;9!h)RP_o>3U~%3<(UrgLIH=L`kY`@_KNh8xI`9c
zQYnOly3H#DEGQAJnu+Ed<P5OHw)`I229J*JY6Xw%Jw4?On%YJO{pcz37YV2}wgVGe
zz#YP6wNmPGZgT8<zNZlKsZD^!#hr56DKg+)B&1x0L>uXe>2xuHM&Mh2AH^W!qre|I
zV;;}$uV)6nv|G5d4G|%L*GRO5DNvCKNnv)7>T#=nARHXGw_I?!umq449Wk1%Xx9%6
z9MVbTa66lR$hC|-k12Ct4zB4zS%=lQtor<-e}Ptxfo;cQqfm-LC8(yFZCYWdVNKDU
ziN6?VFq}?&aP3jsM4Hrp>>-dIXX)$VIG<omYqy|`6sbQjIWxDv;;)na)+3L+d;||Y
zI?cHWy&Lo^Zs^NLB-THA<GRl9j>H67QnA4^Cu$LP1XT=|7d~=qjN6ayM74y7XUy)e
zf^Sf8Le;9}e{880udMs@owLrNg&L#@Scguh<2o!Wu$Vtxb8r}cJ*5NXQDG1I6->Ku
zwDQ?x%0~3iD>Lk7l&^q?vvC662&H4qxy3%1T!H;HgK1?ya`VX0V2O`rG^J<#Bn)99
zjDFNy0x;wJ-i3M<4hB$~=)09H@t|Ym869y9Ho^ofFzla)Uph3h%<?&ngUin36DQI*
zsxO7of`qMrQhD5e(g%`#?m!X%fvJnj`W*|GOV}+0gK8k`)Za^MA`oMpHinTVz6bT%
z*H|*^j~9Za30Z4oX2fO8bO(z?zwu%B`T#`2)kh_;hWiU0W8Qca3zJYGFXTN=$I4pU
z&q}P?fIyvmJn?hOY+pAhi)$hER3?HuIAGjtB*!5xi+aL;0X$US&AK^urg!g}Lkm~f
z;(;Z2ux3zJAU0kGAH8v2y)g<Tfrt0oIvBK*f)ceeL4<G9W>{~|4Uv_;5g$m(S6##Q
zaqZ?5gi0m{MlVNBz|aIIm02XExQ`Q(a>!TznYHeFx!aT_AbQHT{>p%T(QufB4et5g
zpG$lWQ?dttWK=|nX6#xO@BQgY8^<JlZj}W0@*K@8459@*FEbZzqePa>#PXDW-HTiY
z9Su(x0B7G_G-v7-6rDH9L|*ERJzXUzlL18LU0^i%iCG25G**R+?(fMWSQfYEIHLjo
zT|}wQAft|Jr%#}nc(9tv`p(8f)|mLcg_wJ?f+5L&Q?%6^g!9ERNhiG<3?|?B$16Cb
zdrPgcrrT?6ulEI$cF{5q)9f5+e=HL3!%y*oZI?B8=eq9>&xz(wwt3f~cyZ;?2-QXg
zCirO(%A^^#3t)3DJW&2i$nqq=<F*K)I9hR5e4lg)XwglU--wB1mpgerl){1OhM-0y
zF0S)`<nFeAga&4AJvE3CXiPq6)ZciQ6^B!<B8~0VT-M51eaHHs8Ip;Ods`{Hej3Dy
zQs8yc$Z3U4O|zm+{P_?QO=37c1CQ(NuA$J3rt)--Zj}6Z%&KY=eaCw~t^AOBzTT&u
zcWB$JlNL``o~FA|fW9{ay#3p?*vwMfTg+yE#}Mn(cCv4hy}Om4k%qG(&A7`idAEFT
z94_5MU5ko(VxP<_LBWUK+^9K5Nhf3e(j1E^ONwUtR$oMrkU(r;S+>r}PRG9LZ34$M
z36<nIXD2Vtp}+%lR39Ff^*|Pq9kG|}&?Y!w9KesExmr)mL=}0@<bAQUC|EnNJXNQE
zklVlo7NVphFh%QU66-AsHOjn1>NRwbOQVil03_I8K}yRws@i{yN?P^(+ZLHC>vS0*
zAB5N)JV4a)QVaXZ*VaUF)u=-z+w2HnOY_<bL*JeeuiPx#Wv5NFLLUH8K;m`%U+n39
z*tS8YaXiCGosC=4fFW^D#;ZM4Ut;-xJUEUheo5h%_Np>1%XD4d73;D^$C)o6o3hKU
zm#s%L`wnNqA;j2Tw(AgNBRKN^fQ~8!UdvuZmkV~W%#$tl9abgu7a^aL!)t1U52y=L
zMzz-dz;7f*O{;8tag)*Y^rtfH4?8sh{!@SN<5<e&l|~sy8d-Dvu>fz-Q*JnaT3^p<
z-&*vZcIQjhzVo>`ja@yte$J2IzTLzm%!YAF)<v6t1U=owRcrT*M13{jFcA&k4O|`s
zd3ZFP;{AfkBZBjPZs5<YV#brk7us}WRFAqk6KTP$ql8TWroJQje4oeeN+D4l`kU_z
z0@a-Fttb?Pah#LB&x&_eZ&we0Y9Sd>!q82ouK+<N#4MCNMbEb3jE5>V@>K<)8yVrk
zRdiEU+J>E94AR;a{y%R3{AEm=oOxwu?jr=3KY6q?Z!k?TF)$4V31Egu0c8UO0s#d8
z1Rzb9An-_|8hJF>GWV8Kk&7hcs=pJznyuznUOX(h)zAbKry)v7V0)7hh?C+EYH%&9
MQPSKG#{vQ;5YD}N{Qv*}

diff --git a/src/main/resources/templates/authentication.html b/src/main/resources/templates/authentication.html
index 51f3cce..0ec19af 100644
--- a/src/main/resources/templates/authentication.html
+++ b/src/main/resources/templates/authentication.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
@@ -52,7 +44,7 @@ <h4 class="alert-heading text-center" th:text="${verificationCode}"></h4>
         <p>Enter the Smart-ID PIN1 into your phone after you receive a SMS with the same control code you can see here.</p>
 
     </div>
-    <form method="POST" th:action="@{/authenticate}" name="authenticationConfirm"></form>
+    <form method="POST" th:action="@{/v2/authenticate}" name="authenticationConfirm"></form>
 </div>
 
 <script th:src="@{/js/bootstrap.js}"></script>
diff --git a/src/main/resources/templates/authenticationResult.html b/src/main/resources/templates/authenticationResult.html
index ae1dc36..c6b1437 100644
--- a/src/main/resources/templates/authenticationResult.html
+++ b/src/main/resources/templates/authenticationResult.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
diff --git a/src/main/resources/templates/error.html b/src/main/resources/templates/error.html
index 7cef0e4..1265c54 100644
--- a/src/main/resources/templates/error.html
+++ b/src/main/resources/templates/error.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
diff --git a/src/main/resources/templates/fragments/header.html b/src/main/resources/templates/fragments/header.html
new file mode 100644
index 0000000..02b6ba1
--- /dev/null
+++ b/src/main/resources/templates/fragments/header.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<body>
+<div th:fragment="header">
+    <header>
+        <div class="navbar navbar-dark bg-dark shadow-sm">
+            <div class="container d-flex justify-content-between">
+                <a href="/" class="navbar-brand d-flex align-items-center">
+                    <strong>Smart-ID Demo</strong>
+                </a>
+                <a href="https://github.com/SK-EID/smart-id-documentation/wiki/Environment-technical-parameters" target="_blank"
+                   class="navbar-brand d-flex align-items-center">
+                    <strong>Test persons</strong>
+                </a>
+            </div>
+        </div>
+    </header>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index eedfc13..59412d4 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -95,18 +95,8 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-            <a href="https://github.com/SK-EID/smart-id-documentation/wiki/Environment-technical-parameters" target="_blank" class="navbar-brand d-flex align-items-center">
-                <strong>Test persons</strong>
-            </a>
-        </div>
-    </div>
-</header>
+
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="custom-switch">
     <h1 class="h1-padding text-center">Smart-ID</h1>
@@ -121,7 +111,7 @@ <h1 class="h1-padding text-center">Smart-ID</h1>
 </div>
 
 <div class="forms">
-    <form method="POST" th:action="@{/authenticationRequest}" th:object="${userRequest}" class="form-action" id="authenticationForm">
+    <form method="POST" th:action="@{/v2/authenticationRequest}" th:object="${userRequest}" class="form-action" id="authenticationForm">
         <div class="form-group">
             <label for="country">Country</label>
             <select th:field="*{country}" id="country">
@@ -143,7 +133,7 @@ <h1 class="h1-padding text-center">Smart-ID</h1>
         <button type="submit" class="btn btn-primary float-right">Authenticate</button>
     </form>
 
-    <form method="POST" th:action="@{/signatureRequest}" th:object="${userRequest}" enctype="multipart/form-data" class="form-action" id="signatureForm">
+    <form method="POST" th:action="@{/v2/signatureRequest}" th:object="${userRequest}" enctype="multipart/form-data" class="form-action" id="signatureForm">
 
         <div class="form-group">
             <label for="country">Country</label>
diff --git a/src/main/resources/templates/sidOperationError.html b/src/main/resources/templates/sidOperationError.html
index 3d14907..f3ac0e8 100644
--- a/src/main/resources/templates/sidOperationError.html
+++ b/src/main/resources/templates/sidOperationError.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
diff --git a/src/main/resources/templates/signature.html b/src/main/resources/templates/signature.html
index 579c1a4..60d415f 100644
--- a/src/main/resources/templates/signature.html
+++ b/src/main/resources/templates/signature.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
diff --git a/src/main/resources/templates/signingResult.html b/src/main/resources/templates/signingResult.html
index 31825ae..b0afa85 100644
--- a/src/main/resources/templates/signingResult.html
+++ b/src/main/resources/templates/signingResult.html
@@ -35,15 +35,7 @@
 </head>
 
 <body>
-<header>
-    <div class="navbar navbar-dark bg-dark shadow-sm">
-        <div class="container d-flex justify-content-between">
-            <a href="/" class="navbar-brand d-flex align-items-center">
-                <strong>Smart-ID Demo</strong>
-            </a>
-        </div>
-    </div>
-</header>
+<div th:insert="~{fragments/header :: header}"></div>
 
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">

From e4fedb6515da7dd2d85eb5a3d3a31324d3395503 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Sat, 23 Nov 2024 22:48:42 +0200
Subject: [PATCH 02/20] SLIB-66 - add dynamic link authentication

---
 .../ee/sk/siddemo/GlobalExceptionHandler.java |  20 ++
 .../ee/sk/siddemo/config/AsyncConfig.java     |   9 +
 .../siddemo/{ => config}/SmartIdV2Config.java |   2 +-
 .../ee/sk/siddemo/config/SmartIdV3Config.java |  51 +++++
 .../controller/SmartIdDemoController.java     |  15 ++
 .../controller/SmartIdV2Controller.java       |  34 ++--
 .../controller/SmartIdV3Controller.java       |  70 +++++++
 .../ee/sk/siddemo/model/DynamicContent.java   |  22 ++
 .../ee/sk/siddemo/services/AsyncCallback.java |   6 +
 .../services/DynamicContentService.java       |  53 +++++
 .../SmartIdV3AuthenticationService.java       |  78 ++++++++
 .../SmartIdV3SessionsStatusService.java       |  37 ++++
 src/main/resources/application.yml            |  12 ++
 src/main/resources/static/css/style.css       |  20 ++
 .../resources/templates/fragments/header.html |  34 ++--
 src/main/resources/templates/index.html       | 188 +-----------------
 .../templates/{ => v2}/authentication.html    |   2 +-
 .../{ => v2}/authenticationResult.html        |   2 +-
 src/main/resources/templates/v2/main.html     | 181 +++++++++++++++++
 .../templates/{ => v2}/signature.html         |   4 +-
 .../templates/{ => v2}/signingResult.html     |   2 +-
 .../templates/v3/authentication-result.html   |  23 +++
 .../templates/v3/authentication.html          |  95 +++++++++
 src/main/resources/templates/v3/main.html     | 122 ++++++++++++
 24 files changed, 866 insertions(+), 216 deletions(-)
 create mode 100644 src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
 create mode 100644 src/main/java/ee/sk/siddemo/config/AsyncConfig.java
 rename src/main/java/ee/sk/siddemo/{ => config}/SmartIdV2Config.java (99%)
 create mode 100644 src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdDemoController.java
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
 create mode 100644 src/main/java/ee/sk/siddemo/model/DynamicContent.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/AsyncCallback.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/DynamicContentService.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
 create mode 100644 src/main/resources/static/css/style.css
 rename src/main/resources/templates/{ => v2}/authentication.html (93%)
 rename src/main/resources/templates/{ => v2}/authenticationResult.html (93%)
 create mode 100644 src/main/resources/templates/v2/main.html
 rename src/main/resources/templates/{ => v2}/signature.html (89%)
 rename src/main/resources/templates/{ => v2}/signingResult.html (93%)
 create mode 100644 src/main/resources/templates/v3/authentication-result.html
 create mode 100644 src/main/resources/templates/v3/authentication.html
 create mode 100644 src/main/resources/templates/v3/main.html

diff --git a/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
new file mode 100644
index 0000000..52f5050
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
@@ -0,0 +1,20 @@
+package ee.sk.siddemo;
+
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.servlet.ModelAndView;
+
+import ee.sk.siddemo.exception.SidOperationException;
+
+@ControllerAdvice
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(SidOperationException.class)
+    public ModelAndView handleSidOperationException(SidOperationException exception) {
+        var model = new ModelMap();
+
+        model.addAttribute("errorMessage", exception.getMessage());
+        return new ModelAndView("sidOperationError", model);
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/config/AsyncConfig.java b/src/main/java/ee/sk/siddemo/config/AsyncConfig.java
new file mode 100644
index 0000000..91c6d0c
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/config/AsyncConfig.java
@@ -0,0 +1,9 @@
+package ee.sk.siddemo.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.scheduling.annotation.EnableAsync;
+
+@Configuration
+@EnableAsync
+public class AsyncConfig {
+}
diff --git a/src/main/java/ee/sk/siddemo/SmartIdV2Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV2Config.java
similarity index 99%
rename from src/main/java/ee/sk/siddemo/SmartIdV2Config.java
rename to src/main/java/ee/sk/siddemo/config/SmartIdV2Config.java
index 88bb1ec..b68dd6a 100644
--- a/src/main/java/ee/sk/siddemo/SmartIdV2Config.java
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV2Config.java
@@ -1,4 +1,4 @@
-package ee.sk.siddemo;
+package ee.sk.siddemo.config;
 
 /*-
  * #%L
diff --git a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
new file mode 100644
index 0000000..a99f4ee
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
@@ -0,0 +1,51 @@
+package ee.sk.siddemo.config;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.service.SmartIdRequestBuilderService;
+
+@Configuration
+public class SmartIdV3Config {
+
+    @Value("${sid.v3.truststore.trusted-server-ssl-certs.filename}")
+    private String sidTrustedServerSslCertsFilename;
+
+    @Value("${sid.v3.truststore.trusted-server-ssl-certs.password}")
+    private String sidTrustedServerSslCertsPassword;
+
+    @Value("${sid.v3.client.relyingPartyUuid}")
+    private String sidRelyingPartyUuid;
+
+    @Value("${sid.v3.client.relyingPartyName}")
+    private String sidRelyingPartyName;
+
+    @Value("${sid.v3.client.applicationProviderHost}")
+    private String sidApplicationProviderHost;
+
+    @Bean
+    public SmartIdClient smartIdClientV3() throws Exception {
+        InputStream is = SmartIdV3Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
+        KeyStore trustStore = KeyStore.getInstance("PKCS12");
+        trustStore.load(is, sidTrustedServerSslCertsPassword.toCharArray());
+
+        // Client setup. Note that these values are demo environment specific.
+        var client = new SmartIdClient();
+        client.setRelyingPartyUUID(sidRelyingPartyUuid);
+        client.setRelyingPartyName(sidRelyingPartyName);
+        client.setHostUrl(sidApplicationProviderHost);
+        client.setTrustStore(trustStore);
+
+        return client;
+    }
+
+    @Bean
+    public SmartIdRequestBuilderService smartIdRequestBuilderService() {
+        return new SmartIdRequestBuilderService();
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdDemoController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdDemoController.java
new file mode 100644
index 0000000..eafb944
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdDemoController.java
@@ -0,0 +1,15 @@
+package ee.sk.siddemo.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.GetMapping;
+
+@Controller
+public class SmartIdDemoController {
+
+    @GetMapping("/")
+    public String introductionPage(Model model) {
+        model.addAttribute("activeTab", null);
+        return "index";
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
index d59c6b0..a402ccc 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
@@ -25,6 +25,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.ui.Model;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -35,7 +36,6 @@
 import org.springframework.web.servlet.ModelAndView;
 
 import ee.sk.siddemo.exception.FileUploadException;
-import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.SigningResult;
 import ee.sk.siddemo.model.SigningSessionInfo;
@@ -62,9 +62,10 @@ public SmartIdV2Controller(SmartIdV2SignatureService signatureService, SmartIdV2
         this.userSidSession = userSidSession; // session scope, autowired
     }
 
-    @GetMapping(value = "/")
-    public ModelAndView userRequestForm() {
-        return new ModelAndView("index", "userRequest", new UserRequest());
+    @GetMapping(value = "/rp-api-v2")
+    public ModelAndView userRequestForm(Model model) {
+        model.addAttribute("activeTab", "rp-api-v2");
+        return new ModelAndView("v2/main", "userRequest", new UserRequest());
     }
 
     @PostMapping(value = "/v2/signatureRequest")
@@ -84,8 +85,9 @@ public ModelAndView sendSignatureRequest(@ModelAttribute("userRequest") UserRequ
         userSidSession.setSigningSessionInfo(signingSessionInfo);
 
         model.addAttribute("signingSessionInfo", signingSessionInfo);
+        model.addAttribute("activeTab", "rp-api-v2");
 
-        return new ModelAndView("/signature", model);
+        return new ModelAndView("v2/signature", model);
     }
 
     @PostMapping(value = "/v2/sign")
@@ -96,8 +98,9 @@ public ModelAndView sign(ModelMap model) {
         userSidSession.clearSigningSession();
 
         model.addAttribute("signingResult", signingResult);
+        model.addAttribute("activeTab", "rp-api-v2");
 
-        return new ModelAndView("signingResult", model);
+        return new ModelAndView("v2/signingResult", model);
     }
 
     @PostMapping(value = "/v2/authenticationRequest")
@@ -113,8 +116,9 @@ public ModelAndView sendAuthenticationRequest(@ModelAttribute("userRequest") @Va
         userSidSession.setAuthenticationSessionInfo(authenticationSessionInfo);
 
         model.addAttribute("verificationCode", authenticationSessionInfo.getVerificationCode());
+        model.addAttribute("activeTab", "rp-api-v2");
 
-        return new ModelAndView("/authentication", model);
+        return new ModelAndView("v2/authentication", model);
     }
 
     @PostMapping(value = "/v2/authenticate")
@@ -123,8 +127,8 @@ public ModelAndView authenticate(ModelMap model) {
         model.addAttribute("person", person);
 
         userSidSession.clearAuthenticationSessionInfo();
-
-        return new ModelAndView("authenticationResult", model);
+        model.addAttribute("activeTab", "rp-api-v2");
+        return new ModelAndView("v2/authenticationResult", model);
     }
 
     @ExceptionHandler(FileUploadException.class)
@@ -132,16 +136,6 @@ public ModelAndView handleFileUploadException(FileUploadException exception) {
         var model = new ModelMap();
 
         model.addAttribute("errorMessage", "File upload error");
-
-        return new ModelAndView("sidOperationError", model);
-    }
-
-    @ExceptionHandler(SidOperationException.class)
-    public ModelAndView handleSidOperationException(SidOperationException exception) {
-        var model = new ModelMap();
-
-        model.addAttribute("errorMessage", exception.getMessage());
-
         return new ModelAndView("sidOperationError", model);
     }
 
@@ -155,6 +149,4 @@ public ModelAndView handleSmartIdException(Exception exception) {
 
         return new ModelAndView("error", model);
     }
-
-
 }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
new file mode 100644
index 0000000..9b03c2d
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -0,0 +1,70 @@
+package ee.sk.siddemo.controller;
+
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.model.UserRequest;
+import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import jakarta.servlet.http.HttpSession;
+
+@Controller
+public class SmartIdV3Controller {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3Controller.class);
+
+    private final SmartIdV3AuthenticationService smartIdV3AuthenticationService;
+    private final DynamicContentService dynamicContentService;
+
+    public SmartIdV3Controller(SmartIdV3AuthenticationService smartIdV3AuthenticationService,
+                               DynamicContentService dynamicContentService) {
+        this.smartIdV3AuthenticationService = smartIdV3AuthenticationService;
+        this.dynamicContentService = dynamicContentService;
+    }
+
+    @GetMapping(value = "/rp-api-v3")
+    public ModelAndView userRequestForm(Model model) {
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/main", "userRequest", new UserRequest());
+    }
+
+    @GetMapping(value = "/v3/start-authentication")
+    public ModelAndView sendAuthenticationRequest(ModelMap model, HttpSession session) {
+        smartIdV3AuthenticationService.startAuthentication(session);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/authentication", model);
+    }
+
+    @GetMapping(value = "/v3/check-authentication-status")
+    @ResponseBody
+    public Map<String, Object> getPageContent(HttpSession session) {
+        String sessionStatus = (String) session.getAttribute("session_status");
+        if ("ERROR".equals(sessionStatus)) {
+            logger.error("Error occurred while fetching session status");
+            throw new SidOperationException(session.getAttribute("session_status_error_message").toString());
+        } else if ("COMPLETED".equals(sessionStatus)) {
+            logger.debug("Session status: COMPLETED");
+            return Map.of("sessionStatus", "COMPLETED");
+        } else {
+            logger.debug("Update dynamic content");
+            DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
+            return Map.of("dynamicLink", dynamicContent.getDynamicLink().toString(), "qrCode", dynamicContent.getQrCode());
+        }
+    }
+
+    @GetMapping(value = "/v3/authentication-result")
+    public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
+        smartIdV3AuthenticationService.authenticate(session);
+        return new ModelAndView("v3/authentication-result", model);
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/model/DynamicContent.java b/src/main/java/ee/sk/siddemo/model/DynamicContent.java
new file mode 100644
index 0000000..9e3d578
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/model/DynamicContent.java
@@ -0,0 +1,22 @@
+package ee.sk.siddemo.model;
+
+import java.net.URI;
+
+public class DynamicContent {
+
+    private final URI dynamicLink;
+    private final String qrCode;
+
+    public DynamicContent(URI dynamicLink, String qrDataUri) {
+        this.dynamicLink = dynamicLink;
+        this.qrCode = qrDataUri;
+    }
+
+    public URI getDynamicLink() {
+        return dynamicLink;
+    }
+
+    public String getQrCode() {
+        return qrCode;
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/AsyncCallback.java b/src/main/java/ee/sk/siddemo/services/AsyncCallback.java
new file mode 100644
index 0000000..9e66487
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/AsyncCallback.java
@@ -0,0 +1,6 @@
+package ee.sk.siddemo.services;
+
+public interface AsyncCallback<T> {
+
+    void onComplete(T result, Throwable error);
+}
diff --git a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
new file mode 100644
index 0000000..0a3bfbf
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
@@ -0,0 +1,53 @@
+package ee.sk.siddemo.services;
+
+import java.net.URI;
+import java.time.Duration;
+import java.time.Instant;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.smartid.v3.AuthCode;
+import ee.sk.smartid.v3.DynamicContentBuilder;
+import ee.sk.smartid.v3.DynamicLinkType;
+import ee.sk.smartid.v3.SessionType;
+import ee.sk.smartid.v3.SmartIdClient;
+import jakarta.servlet.http.HttpSession;
+
+@Service
+public class DynamicContentService {
+
+    private static final Logger logger = LoggerFactory.getLogger(DynamicContentService.class);
+
+    public final SmartIdClient smartIdClientV3;
+
+    public DynamicContentService(SmartIdClient smartIdClientV3) {
+        this.smartIdClientV3 = smartIdClientV3;
+    }
+
+    public DynamicContent getDynamicContent(HttpSession session) {
+        String sessionSecret = (String) session.getAttribute("sessionSecret");
+        String sessionToken = (String) session.getAttribute("sessionToken");
+        Instant responseReceivedTime = (Instant) session.getAttribute("responseReceivedTime");
+
+        return getDynamicContent(sessionToken, sessionSecret, responseReceivedTime);
+    }
+
+    public DynamicContent getDynamicContent(String sessionToken, String sessionSecret, Instant responseReceivedTime) {
+        long elapsedSeconds = Duration.between(responseReceivedTime, Instant.now()).getSeconds();
+        logger.info("Dynamic content elapsed seconds: {}", elapsedSeconds);
+
+        String authCode = AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds);
+        DynamicContentBuilder contentBuilder = smartIdClientV3.createDynamicContent()
+                .withSessionType(SessionType.AUTHENTICATION)
+                .withSessionToken(sessionToken)
+                .withElapsedSeconds(elapsedSeconds)
+                .withAuthCode(authCode);
+        URI dynamicLink = contentBuilder.withDynamicLinkType(DynamicLinkType.WEB_2_APP).createUri();
+        String qrDataUri = contentBuilder.withDynamicLinkType(DynamicLinkType.QR_CODE).createQrCodeDataUri();
+        return new DynamicContent(dynamicLink, qrDataUri);
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
new file mode 100644
index 0000000..784f662
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -0,0 +1,78 @@
+package ee.sk.siddemo.services;
+
+import java.time.Instant;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
+import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
+import ee.sk.smartid.v3.RandomChallenge;
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.Interaction;
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+import ee.sk.smartid.v3.service.SmartIdRequestBuilderService;
+import jakarta.servlet.http.HttpSession;
+
+@Service
+public class SmartIdV3AuthenticationService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3AuthenticationService.class);
+
+    private final SmartIdClient smartIdClientV3;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+    private final SmartIdRequestBuilderService smartIdRequestBuilderService;
+
+    public SmartIdV3AuthenticationService(SmartIdClient smartIdClientV3,
+                                          DynamicContentService dynamicContentService,
+                                          SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
+                                          SmartIdRequestBuilderService smartIdRequestBuilderService) {
+        this.smartIdClientV3 = smartIdClientV3;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+        this.smartIdRequestBuilderService = smartIdRequestBuilderService;
+    }
+
+    public void startAuthentication(HttpSession session) {
+        String randomChallenge = RandomChallenge.generate();
+        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+                .withRandomChallenge(randomChallenge)
+                .withAllowedInteractionsOrder(
+                        List.of(Interaction.displayTextAndPIN("Login ? "))
+                ).initAuthenticationSession();
+        Instant responseReceivedTime = Instant.now();
+
+        session.setAttribute("randomChallenge", randomChallenge);
+        session.setAttribute("sessionSecret", response.getSessionSecret());
+        session.setAttribute("sessionToken", response.getSessionToken());
+        session.setAttribute("sessionID", response.getSessionID());
+        session.setAttribute("responseReceivedTime", responseReceivedTime);
+
+        startSessionsStatusPolling(session, response);
+    }
+
+    private void startSessionsStatusPolling(HttpSession session, DynamicLinkAuthenticationSessionResponse response) {
+        smartIdV3SessionsStatusService.getSessionStatus(response.getSessionID(), (result, error) -> {
+            if (error != null) {
+                logger.debug("Error occurred while fetching session status", error);
+                session.setAttribute("session_status", "ERROR");
+                session.setAttribute("session_status_error_message", error.getMessage());
+            } else {
+                logger.debug("Querying sessions completed");
+                session.setAttribute("session_status", "COMPLETED");
+                session.setAttribute("session_status_response", result);
+            }
+        });
+    }
+
+    public void authenticate(HttpSession session) {
+        SessionStatus sessionsStatusResponse = (SessionStatus) session.getAttribute("session_status_response");
+        try {
+            smartIdRequestBuilderService.createSmartIdAuthenticationResponse(sessionsStatusResponse, "QUALIFIED", null, (String) session.getAttribute("randomChallenge"));
+        } catch (DocumentUnusableException ex) {
+            throw new SidOperationException("Invalid authentication response", ex);
+        }
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
new file mode 100644
index 0000000..59408a6
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -0,0 +1,37 @@
+package ee.sk.siddemo.services;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Service;
+
+import ee.sk.smartid.exception.permanent.SmartIdClientException;
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+
+@Service
+public class SmartIdV3SessionsStatusService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3SessionsStatusService.class);
+
+    private final SmartIdClient smartIdClientV3;
+
+    public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3) {
+        this.smartIdClientV3 = smartIdClientV3;
+    }
+
+    @Async
+    public void getSessionStatus(String sessionId, AsyncCallback<SessionStatus> callback) {
+        logger.debug("Starting to poll session status for session {}", sessionId);
+        try {
+            SessionStatus sessionStatus = smartIdClientV3.createSessionStatusPoller().fetchFinalSessionStatus(sessionId);
+            if (sessionStatus.getState().equals("COMPLETE")) {
+                logger.debug("Session state: {}", sessionStatus.getState());
+                callback.onComplete(sessionStatus, null);
+            }
+        } catch (SmartIdClientException ex) {
+            logger.error("Error occurred while fetching session status", ex);
+            callback.onComplete(null, ex);
+        }
+    }
+}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 7072e24..4743782 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -24,6 +24,18 @@ sid:
       trusted-root-certs:
         filename: /sid.trusted_root_certs.p12
         password: changeit
+  v3:
+    client:
+      relyingPartyUuid: ${SID_RELYING_PARTY_UUID}
+      relyingPartyName: ${SID_RELYING_PARTY_NAME}
+      applicationProviderHost: https://sid.demo.sk.ee/smart-id-rp/v3/
+    truststore:
+      trusted-server-ssl-certs:
+        filename: /sid.trusted_server_certs.p12
+        password: changeit
+      trusted-root-certs:
+        filename: /sid.trusted_root_certs.p12
+        password: changeit
 
 app:
   signed-files-directory: target/signed-files
\ No newline at end of file
diff --git a/src/main/resources/static/css/style.css b/src/main/resources/static/css/style.css
new file mode 100644
index 0000000..d7ac9e6
--- /dev/null
+++ b/src/main/resources/static/css/style.css
@@ -0,0 +1,20 @@
+html, body {
+    height: 100%;
+}
+
+body {
+    display: -ms-flexbox;
+    -ms-flex-align: center;
+    align-items: center;
+    padding-bottom: 40px;
+    background-color: #f5f5f5;
+}
+
+.content-area {
+    height: 90vh;
+    overflow: auto;
+}
+
+.view-content {
+    max-width: 800px;
+}
\ No newline at end of file
diff --git a/src/main/resources/templates/fragments/header.html b/src/main/resources/templates/fragments/header.html
index 02b6ba1..1086f0c 100644
--- a/src/main/resources/templates/fragments/header.html
+++ b/src/main/resources/templates/fragments/header.html
@@ -2,19 +2,29 @@
 <html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
 <body>
 <div th:fragment="header">
-    <header>
-        <div class="navbar navbar-dark bg-dark shadow-sm">
-            <div class="container d-flex justify-content-between">
-                <a href="/" class="navbar-brand d-flex align-items-center">
-                    <strong>Smart-ID Demo</strong>
-                </a>
-                <a href="https://github.com/SK-EID/smart-id-documentation/wiki/Environment-technical-parameters" target="_blank"
-                   class="navbar-brand d-flex align-items-center">
-                    <strong>Test persons</strong>
-                </a>
-            </div>
+    <nav class="navbar navbar-dark bg-dark shadow-sm navbar-expand-lg">
+        <a class="navbar-brand" href="/">Smart-ID Demo</a>
+        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false"
+                aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+        <div class="collapse navbar-collapse" id="navbarNav">
+            <ul class="navbar-nav ml-auto">
+                <li class="nav-item" th:classappend="${activeTab == 'rp-api-v3'} ? 'active'">
+                    <a class="nav-link" href="/rp-api-v3">RP API v3</a>
+                </li>
+                <li class="nav-item" th:classappend="${activeTab == 'rp-api-v2'} ? 'active'">
+                    <a class="nav-link" href="/rp-api-v2">RP API v2</a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" href="https://github.com/SK-EID/smart-id-documentation/wiki/Environment-technical-parameters" target="_blank"
+                       rel="noopener noreferrer">
+                        <strong>Test persons</strong>
+                    </a>
+                </li>
+            </ul>
         </div>
-    </header>
+    </nav>
 </div>
 </body>
 </html>
\ No newline at end of file
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index 59412d4..e55223f 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -6,190 +6,24 @@
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
     <link rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
-
-    <style>
-        html,
-        body {
-            height: 100%;
-        }
-
-        body {
-            display: -ms-flexbox;
-            -ms-flex-align: center;
-            align-items: center;
-            padding-bottom: 40px;
-            background-color: #f5f5f5;
-        }
-
-        .h1-padding {
-            padding-top: 100px;
-            padding-bottom: 30px;
-        }
-
-        .custom-switch {
-            width: 100%;
-            max-width: 330px;
-            margin: auto;
-            position: relative;
-            box-sizing: border-box;
-            height: auto;
-            padding: 30px 15px 0 15px;
-            font-size: 16px;
-        }
-
-        .forms {
-            padding-bottom: 100px;
-        }
-
-        .form-action {
-            width: 100%;
-            max-width: 330px;
-            padding: 100px 15px 15px 15px;
-            margin: auto;
-        }
-        .form-action .form-control {
-            position: relative;
-            box-sizing: border-box;
-            height: auto;
-            padding: 10px;
-            font-size: 16px;
-        }
-        .form-action .form-control:focus {
-            z-index: 2;
-        }
-
-        #inputPhone {
-            margin-bottom: 10px;
-            border-bottom-right-radius: 0;
-            border-bottom-left-radius: 0;
-        }
-
-        #inputIdentityNumber {
-            margin-bottom: 10px;
-            border-top-left-radius: 0;
-            border-top-right-radius: 0;
-        }
-
-        #inputSignPhone {
-            margin-bottom: 10px;
-            border-bottom-right-radius: 0;
-            border-bottom-left-radius: 0;
-        }
-
-        #inputSignIdentityNumber {
-            margin-bottom: 10px;
-            border-bottom-right-radius: 0;
-            border-bottom-left-radius: 0;
-        }
-
-        #document {
-            margin-bottom: 10px;
-            border-bottom-right-radius: 0;
-            border-bottom-left-radius: 0;
-        }
-
-        #signatureForm {
-            display: none;
-        }
-    </style>
+    <link rel="stylesheet" th:href="@{/css/style.css}">
 </head>
 
 <body>
-
 <div th:insert="~{fragments/header :: header}"></div>
 
-<div class="custom-switch">
-    <h1 class="h1-padding text-center">Smart-ID</h1>
-    <ul class="nav nav-tabs">
-        <li class="nav-item">
-            <a class="nav-link active" id="authentication">Authenticate</a>
-        </li>
-        <li class="nav-item">
-            <a class="nav-link" id="signature">Sign a document</a>
-        </li>
-    </ul>
+<div class="text-center py-5">
+    <div class="container">
+        <h1>Smart-ID demo</h1>
+        <p class="lead">
+            This application will demonstrate the use of Smart-ID with the RP API v2 and v3. <br>
+            Please select the RP API version you would like to use.
+        </p>
+        <a href="/rp-api-v3" class="btn btn-primary btn-lg">RP API v3</a>
+        <a href="/rp-api-v2" class="btn btn-outline-secondary btn-lg">RP API v2</a>
+    </div>
 </div>
-
-<div class="forms">
-    <form method="POST" th:action="@{/v2/authenticationRequest}" th:object="${userRequest}" class="form-action" id="authenticationForm">
-        <div class="form-group">
-            <label for="country">Country</label>
-            <select th:field="*{country}" id="country">
-            <option th:value="'EE'" th:text="Estonia"></option>
-            <option th:value="'LV'" th:text="Latvia"></option>
-            <option th:value="'LT'" th:text="Lithuania"></option>
-            <option th:value="'BE'" th:text="Belgium"></option>
-            </select>
-            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
-                country Error </div>
-        </div>
-
-        <div class="form-group">
-            <label for="inputIdentityNumber">National identity number</label>
-            <input type="text" th:field="*{nationalIdentityNumber}" class="form-control" id="inputIdentityNumber">
-            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
-                 nationalIdentityNumber Error </div>
-        </div>
-        <button type="submit" class="btn btn-primary float-right">Authenticate</button>
-    </form>
-
-    <form method="POST" th:action="@{/v2/signatureRequest}" th:object="${userRequest}" enctype="multipart/form-data" class="form-action" id="signatureForm">
-
-        <div class="form-group">
-            <label for="country">Country</label>
-            <select th:field="*{country}" id="country">
-                <option th:value="'EE'" th:text="Estonia"></option>
-                <option th:value="'LV'" th:text="Latvia"></option>
-                <option th:value="'LT'" th:text="Lithuania"></option>
-            </select>
-            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
-                country Error </div>
-        </div>
-
-        <div class="form-group">
-            <label for="inputSignIdentityNumber">National identity number</label>
-            <input type="text" th:field="*{nationalIdentityNumber}" class="form-control" id="inputSignIdentityNumber">
-            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
-                nationalIdentityNumber Error </div>
-        </div>
-        <div class="form-group">
-            <label for="document">Document to sign (max 10 MB)</label>
-            <input type="file" th:field="*{file}" class="form-control" id="document">
-
-            <div th:if="${#fields.hasErrors('file')}" th:errors="*{file}" style="color:red">
-                file Error </div>
-
-        </div>
-        <button type="submit" value="submit" class="btn btn-primary float-right">Sign</button>
-    </form>
-</div>
-
 <script th:src="@{/js/bootstrap.js}"></script>
-<script type="text/javascript">
-    var authenticationTab = document.getElementById('authentication');
-    var signatureTab = document.getElementById('signature');
-    authenticationTab.addEventListener('click', showAuthentication, false);
-    signatureTab.addEventListener('click', showSigning, false);
-
-    function showAuthentication() {
-        document.getElementById('authenticationForm').style.display = 'block';
-        document.getElementById('signatureForm').style.display = 'none';
-        document.getElementById('authentication').classList.add("active");
-        document.getElementById('signature').classList.remove("active");
-    }
-
-    function showSigning() {
-        document.getElementById('authenticationForm').style.display = 'none';
-        document.getElementById('signatureForm').style.display = 'block';
-        document.getElementById('authentication').classList.remove("active");
-        document.getElementById('signature').classList.add("active");
-    }
-
-    if (window.location.href.indexOf('sign') > -1) {
-        showSigning();
-    }
-
-</script>
 </body>
 
 </html>
\ No newline at end of file
diff --git a/src/main/resources/templates/authentication.html b/src/main/resources/templates/v2/authentication.html
similarity index 93%
rename from src/main/resources/templates/authentication.html
rename to src/main/resources/templates/v2/authentication.html
index 0ec19af..495d734 100644
--- a/src/main/resources/templates/authentication.html
+++ b/src/main/resources/templates/v2/authentication.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
 
     <style>
         html,
diff --git a/src/main/resources/templates/authenticationResult.html b/src/main/resources/templates/v2/authenticationResult.html
similarity index 93%
rename from src/main/resources/templates/authenticationResult.html
rename to src/main/resources/templates/v2/authenticationResult.html
index c6b1437..02cc558 100644
--- a/src/main/resources/templates/authenticationResult.html
+++ b/src/main/resources/templates/v2/authenticationResult.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
 
     <style>
         html,
diff --git a/src/main/resources/templates/v2/main.html b/src/main/resources/templates/v2/main.html
new file mode 100644
index 0000000..86ab34a
--- /dev/null
+++ b/src/main/resources/templates/v2/main.html
@@ -0,0 +1,181 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+
+    <style>
+        .h1-padding {
+            padding-top: 100px;
+            padding-bottom: 30px;
+        }
+
+        .custom-switch {
+            width: 100%;
+            max-width: 330px;
+            margin: auto;
+            position: relative;
+            box-sizing: border-box;
+            height: auto;
+            padding: 30px 15px 0 15px;
+            font-size: 16px;
+        }
+
+        .forms {
+            padding-bottom: 100px;
+        }
+
+        .form-action {
+            width: 100%;
+            max-width: 330px;
+            padding: 100px 15px 15px 15px;
+            margin: auto;
+        }
+
+        .form-action .form-control {
+            position: relative;
+            box-sizing: border-box;
+            height: auto;
+            padding: 10px;
+            font-size: 16px;
+        }
+
+        .form-action .form-control:focus {
+            z-index: 2;
+        }
+
+        #inputPhone {
+            margin-bottom: 10px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        #inputIdentityNumber {
+            margin-bottom: 10px;
+            border-top-left-radius: 0;
+            border-top-right-radius: 0;
+        }
+
+        #inputSignPhone {
+            margin-bottom: 10px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        #inputSignIdentityNumber {
+            margin-bottom: 10px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        #document {
+            margin-bottom: 10px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        #signatureForm {
+            display: none;
+        }
+    </style>
+</head>
+<body>
+
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="custom-switch">
+    <h1 class="h1-padding text-center">Smart-ID</h1>
+    <ul class="nav nav-tabs">
+        <li class="nav-item">
+            <a class="nav-link active" id="authentication">Authenticate</a>
+        </li>
+        <li class="nav-item">
+            <a class="nav-link" id="signature">Sign a document</a>
+        </li>
+    </ul>
+</div>
+
+<div class="forms">
+    <form method="POST" th:action="@{/v2/authenticationRequest}" th:object="${userRequest}" class="form-action" id="authenticationForm">
+        <div class="form-group">
+            <label for="country">Country</label>
+            <select th:field="*{country}" id="country">
+                <option th:value="'EE'" th:text="Estonia"></option>
+                <option th:value="'LV'" th:text="Latvia"></option>
+                <option th:value="'LT'" th:text="Lithuania"></option>
+                <option th:value="'BE'" th:text="Belgium"></option>
+            </select>
+            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                country Error </div>
+        </div>
+
+        <div class="form-group">
+            <label for="inputIdentityNumber">National identity number</label>
+            <input type="text" th:field="*{nationalIdentityNumber}" class="form-control" id="inputIdentityNumber">
+            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
+                nationalIdentityNumber Error </div>
+        </div>
+        <button type="submit" class="btn btn-primary float-right">Authenticate</button>
+    </form>
+
+    <form method="POST" th:action="@{/v2/signatureRequest}" th:object="${userRequest}" enctype="multipart/form-data" class="form-action" id="signatureForm">
+
+        <div class="form-group">
+            <label for="country">Country</label>
+            <select th:field="*{country}" id="country">
+                <option th:value="'EE'" th:text="Estonia"></option>
+                <option th:value="'LV'" th:text="Latvia"></option>
+                <option th:value="'LT'" th:text="Lithuania"></option>
+            </select>
+            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                country Error </div>
+        </div>
+
+        <div class="form-group">
+            <label for="inputSignIdentityNumber">National identity number</label>
+            <input type="text" th:field="*{nationalIdentityNumber}" class="form-control" id="inputSignIdentityNumber">
+            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
+                nationalIdentityNumber Error </div>
+        </div>
+        <div class="form-group">
+            <label for="document">Document to sign (max 10 MB)</label>
+            <input type="file" th:field="*{file}" class="form-control" id="document">
+
+            <div th:if="${#fields.hasErrors('file')}" th:errors="*{file}" style="color:red">
+                file Error </div>
+
+        </div>
+        <button type="submit" value="submit" class="btn btn-primary float-right">Sign</button>
+    </form>
+</div>
+<script th:src="@{/js/bootstrap.js}"></script>
+<script type="text/javascript">
+    var authenticationTab = document.getElementById('authentication');
+    var signatureTab = document.getElementById('signature');
+    authenticationTab.addEventListener('click', showAuthentication, false);
+    signatureTab.addEventListener('click', showSigning, false);
+
+    function showAuthentication() {
+        document.getElementById('authenticationForm').style.display = 'block';
+        document.getElementById('signatureForm').style.display = 'none';
+        document.getElementById('authentication').classList.add("active");
+        document.getElementById('signature').classList.remove("active");
+    }
+
+    function showSigning() {
+        document.getElementById('authenticationForm').style.display = 'none';
+        document.getElementById('signatureForm').style.display = 'block';
+        document.getElementById('authentication').classList.remove("active");
+        document.getElementById('signature').classList.add("active");
+    }
+
+    if (window.location.href.indexOf('sign') > -1) {
+        showSigning();
+    }
+
+</script>
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/signature.html b/src/main/resources/templates/v2/signature.html
similarity index 89%
rename from src/main/resources/templates/signature.html
rename to src/main/resources/templates/v2/signature.html
index 60d415f..3005e68 100644
--- a/src/main/resources/templates/signature.html
+++ b/src/main/resources/templates/v2/signature.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
 
     <style>
         html,
@@ -44,7 +44,7 @@
         <p>To sign the uploaded document, enter the Smart-ID PIN2 into your phone after you receive a SMS with the same control code you can see here.</p>
 
     </div>
-    <form method="POST" th:action="@{/sign}" name="signatureConfirm"></form>
+    <form method="POST" th:action="@{/v2/sign}" name="signatureConfirm"></form>
 </div>
 
 <script th:src="@{/js/bootstrap.js}"></script>
diff --git a/src/main/resources/templates/signingResult.html b/src/main/resources/templates/v2/signingResult.html
similarity index 93%
rename from src/main/resources/templates/signingResult.html
rename to src/main/resources/templates/v2/signingResult.html
index b0afa85..b0f970c 100644
--- a/src/main/resources/templates/signingResult.html
+++ b/src/main/resources/templates/v2/signingResult.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
 
     <style>
         html,
diff --git a/src/main/resources/templates/v3/authentication-result.html b/src/main/resources/templates/v3/authentication-result.html
new file mode 100644
index 0000000..d886f9d
--- /dev/null
+++ b/src/main/resources/templates/v3/authentication-result.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
+    <h1> Authentication result</h1>
+    <!--  Todo: implement   -->
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/authentication.html b/src/main/resources/templates/v3/authentication.html
new file mode 100644
index 0000000..f5c8b0d
--- /dev/null
+++ b/src/main/resources/templates/v3/authentication.html
@@ -0,0 +1,95 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+
+    <style>
+        .responsive-text {
+            font-size: 1rem;
+        }
+
+        @media (min-width: 768px) {
+            .responsive-text {
+                font-size: 1.5rem;
+            }
+        }
+
+        @media (min-width: 1200px) {
+            .responsive-text {
+                font-size: 2rem;
+            }
+        }
+
+        .qr-area {
+            width: 610px;
+            height: 610px;
+            background: #ffffff;
+        }
+    </style>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center content-area pt-3">
+    <div class="container view-content h-100">
+        <div class="container">
+            <div class="container d-flex align-items-center justify-content-center qr-area">
+                <img class="img-fluid" id="qr-code" alt="QR code">
+            </div>
+            <div class="container text-center mt-3">
+                <p class="responsive-text">
+                    Please scan the QR code with the Smart-ID app to proceed
+                </p>
+            </div>
+        </div>
+
+        <div class="container border-dark pt-3">
+            <div class="container text-center">
+               <p>
+                   Link option is only meant to work on mobile device where Smart-ID app is installed.
+                   If app is not available on your device, then link should direct you to the app store.
+               </p>
+            </div>
+            <div class="container text-center">
+                <a class="btn btn-primary" id="dynamic-link"> To Smart-ID app</a>
+            </div>
+            <div class="container">
+                <h5> Link content</h5>
+                <div class="text-wrap" style="overflow-wrap: break-word">
+                    <p id="link-content"></p>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+<script type="text/javascript">
+    function loadContent() {
+        fetch('/v3/check-authentication-status')
+            .then(response => response.json())
+            .then(data => {
+                if (data.sessionStatus === 'COMPLETED') {
+                    console.log('Session completed');
+                    window.location.href = '/v3/authentication-result';
+                } else {
+                    console.log("Session data: " + data);
+                    document.getElementById("qr-code").src = data.qrCode;
+                    document.getElementById("dynamic-link").href = data.dynamicLink;
+                    document.getElementById("link-content").innerText = data.dynamicLink;
+                    setTimeout(loadContent, 1000);
+                }
+            })
+            .catch(error => console.error('Error:', error));
+    }
+    window.onload = loadContent;
+</script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
new file mode 100644
index 0000000..33a9a36
--- /dev/null
+++ b/src/main/resources/templates/v3/main.html
@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+<body>
+
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex align-items-center justify-content-center content-area">
+    <div class="container view-content">
+        <div class="row border rounded shadow p-3 bg-light">
+            <!-- Sidebar -->
+            <div class="col-md-4 bg-light border-right p-3" id="sidebar">
+                <h5 class="text-uppercase fw-bold mb-2">Dynamic link</h5>
+                <div class="ms-3">
+                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="anonymous-authentication">Anonymous authentication</a>
+                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="person-code-authentication">Authentication with person code</a>
+                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="document-number-authentication">Authentication with document number</a>
+                </div>
+
+                <h5 class="text-uppercase fw-bold mt-4 mb-2"> Notification </h5>
+                <div class="ms-3">
+                    <a href="#" class="btn btn-outline-dark w-100 mb-1">Authentication with person code</a>
+                    <a href="#" class="btn btn-outline-dark w-100 mb-1">Authentication with document number</a>
+                </div>
+            </div>
+
+            <!-- Content -->
+            <div class="col-md-8 p-3">
+                <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
+                    <div class="container" id="anonymous-authentication-area">
+                        <div class="text-center">
+                            <h1>Smart-ID</h1>
+                            <a th:href="@{/v3/start-authentication}" class="btn btn-primary">Authenticate</a>
+                        </div>
+                    </div>
+
+                    <div class="container d-none" id="person-code-authentication-area">
+                        <!--                    add form to submit-->
+                        <form action="v3/person-code-authentication" method="post">
+                            <div class="text-center">
+                                <h1>Smart-ID</h1>
+                            </div>
+                            <div>
+                                <label for="country"> Select country </label>
+                                <select id="country" class="form-control" name="country">
+                                    <option value="EE">Estonia</option>
+                                    <option value="LT">Lithuania</option>
+                                    <option value="LV">Latvia</option>
+                                </select>
+                            </div>
+
+                            <div class="pt-3">
+                                <label for="person-code">Person code</label>
+                                <input type="text" id="person-code" class="form-control" placeholder="Enter person code" name="personCode">
+                            </div>
+                            <div class="text-right pt-3">
+                                <button type="submit" class="btn btn-primary">Authenticate</button>
+                            </div>
+                        </form>
+                    </div>
+
+                    <div class="container d-none" id="document-number-authentication-area">
+                        <form action="v3/document-number-authentication" method="post">
+                            <div class="text-center">
+                                <h1>Smart-ID</h1>
+                            </div>
+
+                            <div>
+                                <label for="document-number"> Document number</label>
+                                <input type="text" id="document-number" class="form-control" placeholder="Enter document number">
+                            </div>
+
+                            <div class="text-right pt-3">
+                                <button type="submit" class="btn btn-primary">Authenticate</button>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+<script>
+    // Anonymous authentication
+    const anonymousAuthenticationButton = document.getElementById("anonymous-authentication");
+    anonymousAuthenticationButton.addEventListener("click", showAnonymousAuthentication);
+
+    function showAnonymousAuthentication() {
+        document.getElementById("anonymous-authentication-area").classList.remove('d-none');
+        document.getElementById("person-code-authentication-area").classList.add('d-none');
+        document.getElementById("document-number-authentication-area").classList.add('d-none');
+    }
+
+    // Person code authentication
+    const personCodeAuthenticationButton = document.getElementById("person-code-authentication");
+    personCodeAuthenticationButton.addEventListener("click", showPersonCodeAuthentication);
+
+    function showPersonCodeAuthentication() {
+        document.getElementById("anonymous-authentication-area").classList.add('d-none');
+        document.getElementById("person-code-authentication-area").classList.remove('d-none');
+        document.getElementById("document-number-authentication-area").classList.add('d-none');
+    }
+
+    // Document number authentication
+    const documentNumberAuthenticationButton = document.getElementById("document-number-authentication");
+    documentNumberAuthenticationButton.addEventListener("click", showDocumentNumberAuthentication);
+
+    function showDocumentNumberAuthentication() {
+        document.getElementById("anonymous-authentication-area").classList.add('d-none');
+        document.getElementById("person-code-authentication-area").classList.add('d-none');
+        document.getElementById("document-number-authentication-area").classList.remove('d-none');
+    }
+</script>
+</body>
+</html>
\ No newline at end of file

From 77c5f2889fcedfe687260b472462c77a525ca526 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 26 Nov 2024 22:47:46 +0200
Subject: [PATCH 03/20] SLIB-66 - add person code and document number
 authentications

---
 .../ee/sk/siddemo/config/SmartIdV3Config.java |  5 ++
 .../controller/SmartIdV3Controller.java       | 89 ++++++++++++++----
 .../model/UserDocumentNumberRequest.java      | 17 ++++
 .../services/DynamicContentService.java       | 21 +++--
 .../siddemo/services/SessionStatusStore.java  | 48 ++++++++++
 .../SmartIdV3AuthenticationService.java       | 90 ++++++++++++++-----
 .../SmartIdV3SessionsStatusService.java       | 38 +++++---
 src/main/resources/application.yml            |  2 +
 .../templates/v3/authentication.html          | 18 ++--
 src/main/resources/templates/v3/main.html     | 34 ++++---
 10 files changed, 285 insertions(+), 77 deletions(-)
 create mode 100644 src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/SessionStatusStore.java

diff --git a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
index a99f4ee..6482f0f 100644
--- a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
@@ -2,6 +2,7 @@
 
 import java.io.InputStream;
 import java.security.KeyStore;
+import java.util.concurrent.TimeUnit;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
@@ -28,6 +29,9 @@ public class SmartIdV3Config {
     @Value("${sid.v3.client.applicationProviderHost}")
     private String sidApplicationProviderHost;
 
+    @Value("${sid.v3.client.polling-timeout-in-seconds}")
+    private Integer sidPollingTimeout;
+
     @Bean
     public SmartIdClient smartIdClientV3() throws Exception {
         InputStream is = SmartIdV3Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
@@ -40,6 +44,7 @@ public SmartIdClient smartIdClientV3() throws Exception {
         client.setRelyingPartyName(sidRelyingPartyName);
         client.setHostUrl(sidApplicationProviderHost);
         client.setTrustStore(trustStore);
+        client.setPollingSleepTimeout(TimeUnit.SECONDS, sidPollingTimeout);
 
         return client;
     }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index 9b03c2d..e3f6509 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -7,16 +7,22 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.ui.ModelMap;
+import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
 
-import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SessionStatusStore;
 import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
+import jakarta.validation.Valid;
 
 @Controller
 public class SmartIdV3Controller {
@@ -25,41 +31,77 @@ public class SmartIdV3Controller {
 
     private final SmartIdV3AuthenticationService smartIdV3AuthenticationService;
     private final DynamicContentService dynamicContentService;
+    private final SessionStatusStore sessionStatusStore;
 
     public SmartIdV3Controller(SmartIdV3AuthenticationService smartIdV3AuthenticationService,
-                               DynamicContentService dynamicContentService) {
+                               DynamicContentService dynamicContentService,
+                               SessionStatusStore sessionStatusStore) {
         this.smartIdV3AuthenticationService = smartIdV3AuthenticationService;
         this.dynamicContentService = dynamicContentService;
+        this.sessionStatusStore = sessionStatusStore;
+    }
+
+    @ModelAttribute("userRequest")
+    public UserRequest userRequest() {
+        return new UserRequest();
+    }
+
+    @ModelAttribute("userDocumentNumberRequest")
+    public UserDocumentNumberRequest userDocumentNumberRequest() {
+        return new UserDocumentNumberRequest();
     }
 
     @GetMapping(value = "/rp-api-v3")
-    public ModelAndView userRequestForm(Model model) {
+    public String userRequestForm(Model model) {
         model.addAttribute("activeTab", "rp-api-v3");
-        return new ModelAndView("v3/main", "userRequest", new UserRequest());
+        return "v3/main";
     }
 
     @GetMapping(value = "/v3/start-authentication")
-    public ModelAndView sendAuthenticationRequest(ModelMap model, HttpSession session) {
+    public ModelAndView startAuthentication(ModelMap model, HttpServletRequest request) {
+        HttpSession session = resetSession(request);
         smartIdV3AuthenticationService.startAuthentication(session);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/authentication", model);
     }
 
+    @PostMapping(value = "/v3/start-authentication-with-person-code")
+    public ModelAndView startAuthentication(ModelMap model, HttpServletRequest request,
+                                            @ModelAttribute("userRequest") @Valid UserRequest userRequest,
+                                            BindingResult bindingResult) {
+        model.addAttribute("activeTab", "rp-api-v3");
+        if (bindingResult.hasErrors()) {
+            return new ModelAndView("v3/main", "userRequest", userRequest);
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3AuthenticationService.startAuthentication(session, userRequest);
+        return new ModelAndView("v3/authentication", model);
+    }
+
+    @PostMapping(value = "/v3/start-authentication-with-document-number")
+    public ModelAndView startAuthentication(ModelMap model, HttpServletRequest request,
+                                            @ModelAttribute("userDocumentNumberRequest") @Valid UserDocumentNumberRequest userDocumentNumberRequest,
+                                            BindingResult bindingResult) {
+        model.addAttribute("activeTab", "rp-api-v3");
+        if (bindingResult.hasErrors()) {
+            return new ModelAndView("v3/main", "userDocumentNumberRequest", userDocumentNumberRequest);
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3AuthenticationService.startAuthentication(session, userDocumentNumberRequest);
+        return new ModelAndView("v3/authentication", model);
+    }
+
     @GetMapping(value = "/v3/check-authentication-status")
     @ResponseBody
-    public Map<String, Object> getPageContent(HttpSession session) {
-        String sessionStatus = (String) session.getAttribute("session_status");
-        if ("ERROR".equals(sessionStatus)) {
-            logger.error("Error occurred while fetching session status");
-            throw new SidOperationException(session.getAttribute("session_status_error_message").toString());
-        } else if ("COMPLETED".equals(sessionStatus)) {
+    public Map<String, Object> checkAuthenticationStatus(HttpSession session) {
+        boolean checkCompleted = smartIdV3AuthenticationService.checkAuthenticationStatus(session);
+        if (checkCompleted) {
             logger.debug("Session status: COMPLETED");
             return Map.of("sessionStatus", "COMPLETED");
-        } else {
-            logger.debug("Update dynamic content");
-            DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
-            return Map.of("dynamicLink", dynamicContent.getDynamicLink().toString(), "qrCode", dynamicContent.getQrCode());
         }
+        logger.debug("Update dynamic content");
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
+        return Map.of("dynamicLink", dynamicContent.getDynamicLink().toString(), "qrCode", dynamicContent.getQrCode());
     }
 
     @GetMapping(value = "/v3/authentication-result")
@@ -67,4 +109,21 @@ public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session)
         smartIdV3AuthenticationService.authenticate(session);
         return new ModelAndView("v3/authentication-result", model);
     }
+
+    @GetMapping(value = "/v3/cancel-authentication")
+    public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
+        resetSession(request);
+        return new ModelAndView("v3/main", model);
+    }
+
+    private HttpSession resetSession(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        if (session != null) {
+            sessionStatusStore.removeSession(session.getId());
+            session.invalidate();
+        }
+        // Create a new session
+        session = request.getSession(true);
+        return session;
+    }
 }
diff --git a/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java b/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
new file mode 100644
index 0000000..8ad74b7
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
@@ -0,0 +1,17 @@
+package ee.sk.siddemo.model;
+
+import jakarta.validation.constraints.NotNull;
+
+public class UserDocumentNumberRequest {
+
+    @NotNull
+    private String documentNumber;
+
+    public String getDocumentNumber() {
+        return documentNumber;
+    }
+
+    public void setDocumentNumber(String documentNumber) {
+        this.documentNumber = documentNumber;
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
index 0a3bfbf..80fcf05 100644
--- a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
+++ b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
@@ -7,6 +7,7 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 import ee.sk.siddemo.model.DynamicContent;
@@ -22,6 +23,9 @@ public class DynamicContentService {
 
     private static final Logger logger = LoggerFactory.getLogger(DynamicContentService.class);
 
+    @Value("${sid.v3.client.dynamic-link-url}")
+    private String dynamicLinkUrl;
+
     public final SmartIdClient smartIdClientV3;
 
     public DynamicContentService(SmartIdClient smartIdClientV3) {
@@ -40,14 +44,21 @@ public DynamicContent getDynamicContent(String sessionToken, String sessionSecre
         long elapsedSeconds = Duration.between(responseReceivedTime, Instant.now()).getSeconds();
         logger.info("Dynamic content elapsed seconds: {}", elapsedSeconds);
 
-        String authCode = AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds);
         DynamicContentBuilder contentBuilder = smartIdClientV3.createDynamicContent()
+                .withBaseUrl(dynamicLinkUrl)
                 .withSessionType(SessionType.AUTHENTICATION)
                 .withSessionToken(sessionToken)
-                .withElapsedSeconds(elapsedSeconds)
-                .withAuthCode(authCode);
-        URI dynamicLink = contentBuilder.withDynamicLinkType(DynamicLinkType.WEB_2_APP).createUri();
-        String qrDataUri = contentBuilder.withDynamicLinkType(DynamicLinkType.QR_CODE).createQrCodeDataUri();
+                .withElapsedSeconds(elapsedSeconds);
+
+        URI dynamicLink = contentBuilder
+                .withDynamicLinkType(DynamicLinkType.WEB_2_APP)
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds))
+                .createUri();
+
+        String qrDataUri = contentBuilder
+                .withDynamicLinkType(DynamicLinkType.QR_CODE)
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.QR_CODE, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds))
+                .createQrCodeDataUri();
         return new DynamicContent(dynamicLink, qrDataUri);
     }
 }
diff --git a/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java b/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java
new file mode 100644
index 0000000..3edf9a7
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java
@@ -0,0 +1,48 @@
+package ee.sk.siddemo.services;
+
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ExecutionException;
+
+import org.springframework.stereotype.Service;
+
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+
+@Service
+public class SessionStatusStore {
+
+    private final Map<String, Session> sessionStore = new ConcurrentHashMap<>();
+
+    public void addSession(String sessionId, CompletableFuture<?> future) {
+        sessionStore.put(sessionId, new Session(future));
+    }
+
+    public Optional<SessionStatus> getSessionsStatus(String sessionId) {
+        Session session = sessionStore.get(sessionId);
+        if (session == null) {
+            return Optional.empty();
+        }
+        if (session.future.isDone()) {
+            try {
+                return Optional.of((SessionStatus) session.future.get());
+            } catch (InterruptedException | ExecutionException ex) {
+                throw new RuntimeException(ex);
+            }
+        }
+        return Optional.empty();
+    }
+
+    public void removeSession(String sessionId) {
+        Session session = sessionStore.remove(sessionId);
+        if (session != null && session.future != null) {
+            // TODO - 26.11.24: this will not interrupt the task if it is already running, polling ends with timeout
+            session.future.cancel(true);
+        }
+    }
+
+    private record Session(CompletableFuture<?> future) {
+    }
+
+}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index 784f662..6a78182 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -2,17 +2,20 @@
 
 import java.time.Instant;
 import java.util.List;
+import java.util.Optional;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
 import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
+import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
+import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
 import ee.sk.smartid.v3.RandomChallenge;
 import ee.sk.smartid.v3.SmartIdClient;
 import ee.sk.smartid.v3.rest.dao.Interaction;
+import ee.sk.smartid.v3.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
 import ee.sk.smartid.v3.service.SmartIdRequestBuilderService;
 import jakarta.servlet.http.HttpSession;
@@ -20,59 +23,98 @@
 @Service
 public class SmartIdV3AuthenticationService {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3AuthenticationService.class);
-
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
     private final SmartIdRequestBuilderService smartIdRequestBuilderService;
+    private final SessionStatusStore sessionStatusStore;
 
     public SmartIdV3AuthenticationService(SmartIdClient smartIdClientV3,
-                                          DynamicContentService dynamicContentService,
                                           SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
-                                          SmartIdRequestBuilderService smartIdRequestBuilderService) {
+                                          SmartIdRequestBuilderService smartIdRequestBuilderService, SessionStatusStore sessionStatusStore) {
         this.smartIdClientV3 = smartIdClientV3;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
         this.smartIdRequestBuilderService = smartIdRequestBuilderService;
+        this.sessionStatusStore = sessionStatusStore;
     }
 
     public void startAuthentication(HttpSession session) {
         String randomChallenge = RandomChallenge.generate();
         DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
+                .withAllowedInteractionsOrder(List.of(Interaction.displayTextAndPIN("Login ? ")))
+                .initAuthenticationSession();
+        Instant responseReceivedTime = Instant.now();
+
+        updateSession(session, randomChallenge, response, responseReceivedTime);
+
+        smartIdV3SessionsStatusService.startPolling(session, response);
+    }
+
+    public void startAuthentication(HttpSession session, UserRequest userRequest) {
+        String randomChallenge = RandomChallenge.generate();
+        SemanticsIdentifier semanticsIdentifier = new SemanticsIdentifier(SemanticsIdentifier.IdentityType.PNO, userRequest.getCountry(), userRequest.getNationalIdentityNumber());
+
+        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+                .withRandomChallenge(randomChallenge)
+                .withSemanticsIdentifier(semanticsIdentifier)
                 .withAllowedInteractionsOrder(
                         List.of(Interaction.displayTextAndPIN("Login ? "))
                 ).initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
-        session.setAttribute("randomChallenge", randomChallenge);
-        session.setAttribute("sessionSecret", response.getSessionSecret());
-        session.setAttribute("sessionToken", response.getSessionToken());
-        session.setAttribute("sessionID", response.getSessionID());
-        session.setAttribute("responseReceivedTime", responseReceivedTime);
+        updateSession(session, randomChallenge, response, responseReceivedTime);
+
+        smartIdV3SessionsStatusService.startPolling(session, response);
+    }
 
-        startSessionsStatusPolling(session, response);
+    public void startAuthentication(HttpSession session, UserDocumentNumberRequest userDocumentNumberRequest) {
+        String randomChallenge = RandomChallenge.generate();
+
+        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+                .withRandomChallenge(randomChallenge)
+                .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
+                .withAllowedInteractionsOrder(
+                        List.of(Interaction.displayTextAndPIN("Login ? "))
+                ).initAuthenticationSession();
+        Instant responseReceivedTime = Instant.now();
+
+        updateSession(session, randomChallenge, response, responseReceivedTime);
+
+        smartIdV3SessionsStatusService.startPolling(session, response);
     }
 
-    private void startSessionsStatusPolling(HttpSession session, DynamicLinkAuthenticationSessionResponse response) {
-        smartIdV3SessionsStatusService.getSessionStatus(response.getSessionID(), (result, error) -> {
-            if (error != null) {
-                logger.debug("Error occurred while fetching session status", error);
-                session.setAttribute("session_status", "ERROR");
-                session.setAttribute("session_status_error_message", error.getMessage());
-            } else {
-                logger.debug("Querying sessions completed");
-                session.setAttribute("session_status", "COMPLETED");
-                session.setAttribute("session_status_response", result);
-            }
-        });
+    public boolean checkAuthenticationStatus(HttpSession session) {
+        Optional<SessionStatus> sessionStatus = sessionStatusStore.getSessionsStatus(session.getId());
+        return sessionStatus
+                .map(status -> {
+                    if (status.getState().equals("COMPLETE")) {
+                        session.setAttribute("session_status", "COMPLETED");
+                        session.setAttribute("session_status_response", status);
+                        return true;
+                    }
+                    return false;
+                })
+                .orElse(false);
     }
 
     public void authenticate(HttpSession session) {
         SessionStatus sessionsStatusResponse = (SessionStatus) session.getAttribute("session_status_response");
         try {
+            // TODO - 26.11.24: create authentication response and invalidate current session
             smartIdRequestBuilderService.createSmartIdAuthenticationResponse(sessionsStatusResponse, "QUALIFIED", null, (String) session.getAttribute("randomChallenge"));
+            // TODO - 26.11.24: clear session status storage
         } catch (DocumentUnusableException ex) {
             throw new SidOperationException("Invalid authentication response", ex);
+        } catch (SessionTimeoutException ex) {
+            throw new SidOperationException("Session timed out", ex);
         }
     }
+
+    private static void updateSession(HttpSession session, String randomChallenge, DynamicLinkAuthenticationSessionResponse response, Instant responseReceivedTime) {
+        session.setAttribute("randomChallenge", randomChallenge);
+        session.setAttribute("sessionSecret", response.getSessionSecret());
+        session.setAttribute("sessionToken", response.getSessionToken());
+        session.setAttribute("sessionID", response.getSessionID());
+        session.setAttribute("responseReceivedTime", responseReceivedTime);
+    }
 }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index 59408a6..a8f7a1d 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -1,13 +1,17 @@
 package ee.sk.siddemo.services;
 
+import java.util.concurrent.CompletableFuture;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
 import ee.sk.smartid.exception.permanent.SmartIdClientException;
+import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
 import ee.sk.smartid.v3.SmartIdClient;
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
+import jakarta.servlet.http.HttpSession;
 
 @Service
 public class SmartIdV3SessionsStatusService {
@@ -15,23 +19,33 @@ public class SmartIdV3SessionsStatusService {
     private static final Logger logger = LoggerFactory.getLogger(SmartIdV3SessionsStatusService.class);
 
     private final SmartIdClient smartIdClientV3;
+    private final SessionStatusStore sessionStatusStore;
 
-    public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3) {
+    public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3, SessionStatusStore sessionStatusStore) {
         this.smartIdClientV3 = smartIdClientV3;
+        this.sessionStatusStore = sessionStatusStore;
     }
 
     @Async
-    public void getSessionStatus(String sessionId, AsyncCallback<SessionStatus> callback) {
-        logger.debug("Starting to poll session status for session {}", sessionId);
-        try {
-            SessionStatus sessionStatus = smartIdClientV3.createSessionStatusPoller().fetchFinalSessionStatus(sessionId);
-            if (sessionStatus.getState().equals("COMPLETE")) {
-                logger.debug("Session state: {}", sessionStatus.getState());
-                callback.onComplete(sessionStatus, null);
+    public void startPolling(HttpSession session, DynamicLinkAuthenticationSessionResponse response) {
+        CompletableFuture<SessionStatus> sessionStatusFuture = initPolling(response.getSessionID());
+        sessionStatusStore.addSession(session.getId(), sessionStatusFuture);
+    }
+
+    private CompletableFuture<SessionStatus> initPolling(String sessionId) {
+        return CompletableFuture.supplyAsync(() -> {
+            try {
+                if (Thread.currentThread().isInterrupted()) {
+                    throw new InterruptedException("Task was interrupted");
+                }
+                return smartIdClientV3.createSessionStatusPoller().fetchFinalSessionStatus(sessionId);
+            } catch (SmartIdClientException ex) {
+                logger.error("Error occurred while fetching session status", ex);
+                throw new RuntimeException(ex);
+            } catch (InterruptedException ex) {
+                logger.debug("Polling was interrupted", ex);
+                return null;
             }
-        } catch (SmartIdClientException ex) {
-            logger.error("Error occurred while fetching session status", ex);
-            callback.onComplete(null, ex);
-        }
+        });
     }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 4743782..595c914 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -29,6 +29,8 @@ sid:
       relyingPartyUuid: ${SID_RELYING_PARTY_UUID}
       relyingPartyName: ${SID_RELYING_PARTY_NAME}
       applicationProviderHost: https://sid.demo.sk.ee/smart-id-rp/v3/
+      polling-timeout-in-seconds: 2
+      dynamic-link-url: https://sid.demo.sk.ee/dynamic-link/
     truststore:
       trusted-server-ssl-certs:
         filename: /sid.trusted_server_certs.p12
diff --git a/src/main/resources/templates/v3/authentication.html b/src/main/resources/templates/v3/authentication.html
index f5c8b0d..f35fc01 100644
--- a/src/main/resources/templates/v3/authentication.html
+++ b/src/main/resources/templates/v3/authentication.html
@@ -39,22 +39,22 @@
 <div class="container-fluid d-flex flex-column align-items-center justify-content-center content-area pt-3">
     <div class="container view-content h-100">
         <div class="container">
-            <div class="container d-flex align-items-center justify-content-center qr-area">
-                <img class="img-fluid" id="qr-code" alt="QR code">
-            </div>
             <div class="container text-center mt-3">
                 <p class="responsive-text">
                     Please scan the QR code with the Smart-ID app to proceed
                 </p>
             </div>
+            <div class="container d-flex align-items-center justify-content-center qr-area">
+                <img class="img-fluid" id="qr-code" alt="QR code">
+            </div>
         </div>
 
         <div class="container border-dark pt-3">
             <div class="container text-center">
-               <p>
-                   Link option is only meant to work on mobile device where Smart-ID app is installed.
-                   If app is not available on your device, then link should direct you to the app store.
-               </p>
+                <p>
+                    Link option is only meant to work on mobile device where Smart-ID app is installed.
+                    If app is not available on your device, then link should direct you to the app store.
+                </p>
             </div>
             <div class="container text-center">
                 <a class="btn btn-primary" id="dynamic-link"> To Smart-ID app</a>
@@ -66,6 +66,10 @@ <h5> Link content</h5>
                 </div>
             </div>
         </div>
+<!--        Todo: does not work yet  -->
+<!--        <div class="container text-center">-->
+<!--            <a th:href="@{/v3/cancel-authentication}" class="btn btn-outline-dark">cancel</a>-->
+<!--        </div>-->
     </div>
 </div>
 
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index 33a9a36..79fbf74 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -42,42 +42,48 @@ <h1>Smart-ID</h1>
                     </div>
 
                     <div class="container d-none" id="person-code-authentication-area">
-                        <!--                    add form to submit-->
-                        <form action="v3/person-code-authentication" method="post">
+                        <form action="v3/start-authentication-with-person-code" th:object="${userRequest}" method="POST" class="form-action">
                             <div class="text-center">
                                 <h1>Smart-ID</h1>
                             </div>
-                            <div>
+                            <div class="form-group">
                                 <label for="country"> Select country </label>
-                                <select id="country" class="form-control" name="country">
-                                    <option value="EE">Estonia</option>
-                                    <option value="LT">Lithuania</option>
-                                    <option value="LV">Latvia</option>
+                                <select th:field="*{country}" id="country" class="form-control" name="country">
+                                    <option th:value="'EE'" value="EE">Estonia</option>
+                                    <option th:value="'LV'" value="LV">Latvia</option>
+                                    <option th:value="'LT'" th:text="Lithuania"></option>
+                                    <option th:value="'BE'" th:text="Belgium"></option>
                                 </select>
+                                <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                                    country Error
+                                </div>
                             </div>
 
-                            <div class="pt-3">
+                            <div class="form-group">
                                 <label for="person-code">Person code</label>
-                                <input type="text" id="person-code" class="form-control" placeholder="Enter person code" name="personCode">
+                                <input th:field="*{nationalIdentityNumber}" type="text" id="person-code" class="form-control"
+                                       placeholder="Enter person code" name="personCode">
+                                <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
+                                    nationalIdentityNumber Error </div>
                             </div>
-                            <div class="text-right pt-3">
+                            <div class="text-right">
                                 <button type="submit" class="btn btn-primary">Authenticate</button>
                             </div>
                         </form>
                     </div>
 
                     <div class="container d-none" id="document-number-authentication-area">
-                        <form action="v3/document-number-authentication" method="post">
+                        <form action="v3/start-authentication-with-document-number" th:object="${userDocumentNumberRequest}" method="POST" class="form-action" >
                             <div class="text-center">
                                 <h1>Smart-ID</h1>
                             </div>
 
-                            <div>
+                            <div class="form-group">
                                 <label for="document-number"> Document number</label>
-                                <input type="text" id="document-number" class="form-control" placeholder="Enter document number">
+                                <input  th:field="*{documentNumber}" type="text" id="document-number" class="form-control" placeholder="Enter document number">
                             </div>
 
-                            <div class="text-right pt-3">
+                            <div class="text-right">
                                 <button type="submit" class="btn btn-primary">Authenticate</button>
                             </div>
                         </form>

From d60753cbb057a4ce1f93abb6904c8ee3ae707050 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 10 Dec 2024 00:21:05 +0200
Subject: [PATCH 04/20] SLIB-66 - add authentication sessions result validation

---
 .../ee/sk/siddemo/config/SmartIdV3Config.java | 13 +++++--
 .../controller/SmartIdV2Controller.java       |  2 +-
 .../controller/SmartIdV3Controller.java       |  4 +-
 .../model/AuthenticationSessionInfo.java      |  2 +-
 .../services/DynamicContentService.java       |  5 +--
 .../SmartIdCertificateServiceImpl.java        |  2 +-
 .../SmartIdV2AuthenticationService.java       |  2 +-
 .../SmartIdV2AuthenticationServiceImpl.java   |  4 +-
 .../SmartIdV2SignatureServiceImpl.java        |  2 +-
 .../SmartIdV3AuthenticationService.java       | 37 ++++++++++++-------
 .../SmartIdV3SessionsStatusService.java       |  1 +
 .../templates/v3/authentication-result.html   |  8 +++-
 12 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
index 6482f0f..442772c 100644
--- a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
@@ -8,8 +8,8 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+import ee.sk.smartid.v3.AuthenticationResponseValidator;
 import ee.sk.smartid.v3.SmartIdClient;
-import ee.sk.smartid.v3.service.SmartIdRequestBuilderService;
 
 @Configuration
 public class SmartIdV3Config {
@@ -32,6 +32,13 @@ public class SmartIdV3Config {
     @Value("${sid.v3.client.polling-timeout-in-seconds}")
     private Integer sidPollingTimeout;
 
+    @Value("${sid.v3.truststore.trusted-root-certs.filename}")
+    private String sidTrustedRootCertsFilename;
+
+    @Value("${sid.v3.truststore.trusted-root-certs.password}")
+    private String sidTrustedRootCertsPassword;
+
+
     @Bean
     public SmartIdClient smartIdClientV3() throws Exception {
         InputStream is = SmartIdV3Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
@@ -50,7 +57,7 @@ public SmartIdClient smartIdClientV3() throws Exception {
     }
 
     @Bean
-    public SmartIdRequestBuilderService smartIdRequestBuilderService() {
-        return new SmartIdRequestBuilderService();
+    public AuthenticationResponseValidator authenticationResponseValidatorV3() {
+        return new AuthenticationResponseValidator(sidTrustedRootCertsFilename, sidTrustedRootCertsPassword);
     }
 }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
index a402ccc..3ec7647 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
@@ -43,7 +43,7 @@
 import ee.sk.siddemo.model.UserSidSession;
 import ee.sk.siddemo.services.SmartIdV2AuthenticationService;
 import ee.sk.siddemo.services.SmartIdV2SignatureService;
-import ee.sk.smartid.v2.AuthenticationIdentity;
+import ee.sk.smartid.AuthenticationIdentity;
 import jakarta.validation.Valid;
 
 @RestController
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index e3f6509..16d766a 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -20,6 +20,7 @@
 import ee.sk.siddemo.services.DynamicContentService;
 import ee.sk.siddemo.services.SessionStatusStore;
 import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import ee.sk.smartid.AuthenticationIdentity;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
 import jakarta.validation.Valid;
@@ -106,7 +107,8 @@ public Map<String, Object> checkAuthenticationStatus(HttpSession session) {
 
     @GetMapping(value = "/v3/authentication-result")
     public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
-        smartIdV3AuthenticationService.authenticate(session);
+        AuthenticationIdentity authenticationIdentity = smartIdV3AuthenticationService.authenticate(session);
+        model.addAttribute("person", authenticationIdentity);
         return new ModelAndView("v3/authentication-result", model);
     }
 
diff --git a/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java b/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
index ef2241b..f154fc4 100644
--- a/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
+++ b/src/main/java/ee/sk/siddemo/model/AuthenticationSessionInfo.java
@@ -23,8 +23,8 @@
  */
 
 
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v2.AuthenticationHash;
-import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 public class AuthenticationSessionInfo {
 
diff --git a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
index 80fcf05..89cc648 100644
--- a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
+++ b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
@@ -4,7 +4,6 @@
 import java.time.Duration;
 import java.time.Instant;
 
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -52,12 +51,12 @@ public DynamicContent getDynamicContent(String sessionToken, String sessionSecre
 
         URI dynamicLink = contentBuilder
                 .withDynamicLinkType(DynamicLinkType.WEB_2_APP)
-                .withAuthCode(AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds))
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, elapsedSeconds, sessionSecret))
                 .createUri();
 
         String qrDataUri = contentBuilder
                 .withDynamicLinkType(DynamicLinkType.QR_CODE)
-                .withAuthCode(AuthCode.createHash(DynamicLinkType.QR_CODE, SessionType.AUTHENTICATION, sessionSecret, elapsedSeconds))
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.QR_CODE, SessionType.AUTHENTICATION, elapsedSeconds, sessionSecret))
                 .createQrCodeDataUri();
         return new DynamicContent(dynamicLink, qrDataUri);
     }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
index f2be280..aa633f3 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdCertificateServiceImpl.java
@@ -34,9 +34,9 @@
 import ee.sk.smartid.exception.useraccount.UserAccountNotFoundException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v2.SmartIdCertificate;
 import ee.sk.smartid.v2.SmartIdClient;
-import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
 public class SmartIdCertificateServiceImpl implements SmartIdCertificateService {
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
index 4b12a21..95abdb8 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationService.java
@@ -24,7 +24,7 @@
 
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.smartid.v2.AuthenticationIdentity;
+import ee.sk.smartid.AuthenticationIdentity;
 
 public interface SmartIdV2AuthenticationService {
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
index 8e15521..7743e08 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
@@ -35,6 +35,7 @@
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 
+import ee.sk.smartid.AuthenticationIdentity;
 import ee.sk.smartid.exception.UnprocessableSmartIdResponseException;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
 import ee.sk.smartid.exception.useraccount.CertificateLevelMismatchException;
@@ -43,13 +44,12 @@
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
 import ee.sk.smartid.exception.useraction.UserSelectedWrongVerificationCodeException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v2.AuthenticationHash;
-import ee.sk.smartid.v2.AuthenticationIdentity;
 import ee.sk.smartid.v2.AuthenticationResponseValidator;
 import ee.sk.smartid.v2.SmartIdAuthenticationResponse;
 import ee.sk.smartid.v2.SmartIdClient;
 import ee.sk.smartid.v2.rest.dao.Interaction;
-import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
 public class SmartIdV2AuthenticationServiceImpl implements SmartIdV2AuthenticationService {
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
index 68890b6..f8af50d 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
@@ -50,6 +50,7 @@
 import ee.sk.siddemo.model.SigningSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.HashType;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v2.SignableData;
 import ee.sk.smartid.v2.SignableHash;
 import ee.sk.smartid.v2.SmartIdCertificate;
@@ -62,7 +63,6 @@
 import ee.sk.smartid.exception.useraction.UserRefusedException;
 import ee.sk.smartid.exception.useraction.UserSelectedWrongVerificationCodeException;
 import ee.sk.smartid.v2.rest.dao.Interaction;
-import ee.sk.smartid.v2.rest.dao.SemanticsIdentifier;
 
 @Service
 public class SmartIdV2SignatureServiceImpl implements SmartIdV2SignatureService {
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index 6a78182..33778bf 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -9,15 +9,18 @@
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
+import ee.sk.smartid.AuthenticationIdentity;
 import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v3.AuthenticationResponseValidator;
+import ee.sk.smartid.v3.DynamicLinkAuthenticationResponse;
+import ee.sk.smartid.v3.DynamicLinkAuthenticationResponseMapper;
 import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
 import ee.sk.smartid.v3.RandomChallenge;
 import ee.sk.smartid.v3.SmartIdClient;
-import ee.sk.smartid.v3.rest.dao.Interaction;
-import ee.sk.smartid.v3.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkInteraction;
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
-import ee.sk.smartid.v3.service.SmartIdRequestBuilderService;
 import jakarta.servlet.http.HttpSession;
 
 @Service
@@ -25,23 +28,24 @@ public class SmartIdV3AuthenticationService {
 
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
-    private final SmartIdRequestBuilderService smartIdRequestBuilderService;
     private final SessionStatusStore sessionStatusStore;
+    private final AuthenticationResponseValidator authenticationResponseValidatorV3;
 
     public SmartIdV3AuthenticationService(SmartIdClient smartIdClientV3,
                                           SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
-                                          SmartIdRequestBuilderService smartIdRequestBuilderService, SessionStatusStore sessionStatusStore) {
+                                          SessionStatusStore sessionStatusStore,
+                                          AuthenticationResponseValidator authenticationResponseValidatorV3) {
         this.smartIdClientV3 = smartIdClientV3;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
-        this.smartIdRequestBuilderService = smartIdRequestBuilderService;
         this.sessionStatusStore = sessionStatusStore;
+        this.authenticationResponseValidatorV3 = authenticationResponseValidatorV3;
     }
 
     public void startAuthentication(HttpSession session) {
         String randomChallenge = RandomChallenge.generate();
         DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
-                .withAllowedInteractionsOrder(List.of(Interaction.displayTextAndPIN("Login ? ")))
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? ")))
                 .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -58,7 +62,7 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
                 .withRandomChallenge(randomChallenge)
                 .withSemanticsIdentifier(semanticsIdentifier)
                 .withAllowedInteractionsOrder(
-                        List.of(Interaction.displayTextAndPIN("Login ? "))
+                        List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? "))
                 ).initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -74,7 +78,7 @@ public void startAuthentication(HttpSession session, UserDocumentNumberRequest u
                 .withRandomChallenge(randomChallenge)
                 .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
                 .withAllowedInteractionsOrder(
-                        List.of(Interaction.displayTextAndPIN("Login ? "))
+                        List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? "))
                 ).initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -97,12 +101,19 @@ public boolean checkAuthenticationStatus(HttpSession session) {
                 .orElse(false);
     }
 
-    public void authenticate(HttpSession session) {
+    public AuthenticationIdentity authenticate(HttpSession session) {
         SessionStatus sessionsStatusResponse = (SessionStatus) session.getAttribute("session_status_response");
+        String randomChallenge = (String) session.getAttribute("randomChallenge");
+
         try {
-            // TODO - 26.11.24: create authentication response and invalidate current session
-            smartIdRequestBuilderService.createSmartIdAuthenticationResponse(sessionsStatusResponse, "QUALIFIED", null, (String) session.getAttribute("randomChallenge"));
-            // TODO - 26.11.24: clear session status storage
+            // validate sessions status for dynamic link authentication
+            DynamicLinkAuthenticationResponse dynamicLinkAuthenticationResponse = DynamicLinkAuthenticationResponseMapper.from(sessionsStatusResponse);
+
+            // validate and map authentication response to authentication identity
+            AuthenticationIdentity authenticationIdentity = authenticationResponseValidatorV3.from(dynamicLinkAuthenticationResponse, randomChallenge);
+            // invalidate current session after successful authentication
+            session.invalidate();
+            return authenticationIdentity;
         } catch (DocumentUnusableException ex) {
             throw new SidOperationException("Invalid authentication response", ex);
         } catch (SessionTimeoutException ex) {
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index a8f7a1d..a5fdc4f 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -13,6 +13,7 @@
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
 import jakarta.servlet.http.HttpSession;
 
+// TODO - 10.12.24: replace this with sessions status querying
 @Service
 public class SmartIdV3SessionsStatusService {
 
diff --git a/src/main/resources/templates/v3/authentication-result.html b/src/main/resources/templates/v3/authentication-result.html
index d886f9d..ec9282a 100644
--- a/src/main/resources/templates/v3/authentication-result.html
+++ b/src/main/resources/templates/v3/authentication-result.html
@@ -14,7 +14,13 @@
 
 <div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
     <h1> Authentication result</h1>
-    <!--  Todo: implement   -->
+    <p>
+        <span th:text="${person.getIdentityNumber()}"></span>
+        <span th:text="${person.getCountry()}"></span>
+        <span th:text="${person.getDateOfBirth()}"></span>
+        <span th:text="${person.getSurname()}"></span>
+        <span th:text="${person.getGivenName()}"></span>
+    </p>
 </div>
 
 <script th:src="@{/js/bootstrap.js}"></script>

From 8ed709c5f74f9b3948ccd704c49c526265a2b42f Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 10 Dec 2024 11:50:20 +0200
Subject: [PATCH 05/20] SLIB-66 - update java-client function names

---
 .../ee/sk/siddemo/services/SmartIdV3AuthenticationService.java  | 2 +-
 .../ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index 33778bf..d9ef623 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -110,7 +110,7 @@ public AuthenticationIdentity authenticate(HttpSession session) {
             DynamicLinkAuthenticationResponse dynamicLinkAuthenticationResponse = DynamicLinkAuthenticationResponseMapper.from(sessionsStatusResponse);
 
             // validate and map authentication response to authentication identity
-            AuthenticationIdentity authenticationIdentity = authenticationResponseValidatorV3.from(dynamicLinkAuthenticationResponse, randomChallenge);
+            AuthenticationIdentity authenticationIdentity = authenticationResponseValidatorV3.toAuthenticationIdentity(dynamicLinkAuthenticationResponse, randomChallenge);
             // invalidate current session after successful authentication
             session.invalidate();
             return authenticationIdentity;
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index a5fdc4f..8b6fd59 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -39,7 +39,7 @@ private CompletableFuture<SessionStatus> initPolling(String sessionId) {
                 if (Thread.currentThread().isInterrupted()) {
                     throw new InterruptedException("Task was interrupted");
                 }
-                return smartIdClientV3.createSessionStatusPoller().fetchFinalSessionStatus(sessionId);
+                return smartIdClientV3.getSessionsStatusPoller().fetchFinalSessionStatus(sessionId);
             } catch (SmartIdClientException ex) {
                 logger.error("Error occurred while fetching session status", ex);
                 throw new RuntimeException(ex);

From 7e18043e6164ea7ff88381d54f34e7722abfe474 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Wed, 11 Dec 2024 00:40:46 +0200
Subject: [PATCH 06/20] SLIB-66 - update for java-client changes

---
 .../services/SmartIdV3AuthenticationService.java       | 10 +++++-----
 .../services/SmartIdV3SessionsStatusService.java       |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index d9ef623..7e6b71d 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -16,10 +16,10 @@
 import ee.sk.smartid.v3.AuthenticationResponseValidator;
 import ee.sk.smartid.v3.DynamicLinkAuthenticationResponse;
 import ee.sk.smartid.v3.DynamicLinkAuthenticationResponseMapper;
-import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
 import ee.sk.smartid.v3.RandomChallenge;
 import ee.sk.smartid.v3.SmartIdClient;
 import ee.sk.smartid.v3.rest.dao.DynamicLinkInteraction;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkSessionResponse;
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
 import jakarta.servlet.http.HttpSession;
 
@@ -43,7 +43,7 @@ public SmartIdV3AuthenticationService(SmartIdClient smartIdClientV3,
 
     public void startAuthentication(HttpSession session) {
         String randomChallenge = RandomChallenge.generate();
-        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+        DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? ")))
                 .initAuthenticationSession();
@@ -58,7 +58,7 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
         String randomChallenge = RandomChallenge.generate();
         SemanticsIdentifier semanticsIdentifier = new SemanticsIdentifier(SemanticsIdentifier.IdentityType.PNO, userRequest.getCountry(), userRequest.getNationalIdentityNumber());
 
-        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+        DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withSemanticsIdentifier(semanticsIdentifier)
                 .withAllowedInteractionsOrder(
@@ -74,7 +74,7 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
     public void startAuthentication(HttpSession session, UserDocumentNumberRequest userDocumentNumberRequest) {
         String randomChallenge = RandomChallenge.generate();
 
-        DynamicLinkAuthenticationSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
+        DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
                 .withAllowedInteractionsOrder(
@@ -121,7 +121,7 @@ public AuthenticationIdentity authenticate(HttpSession session) {
         }
     }
 
-    private static void updateSession(HttpSession session, String randomChallenge, DynamicLinkAuthenticationSessionResponse response, Instant responseReceivedTime) {
+    private static void updateSession(HttpSession session, String randomChallenge, DynamicLinkSessionResponse response, Instant responseReceivedTime) {
         session.setAttribute("randomChallenge", randomChallenge);
         session.setAttribute("sessionSecret", response.getSessionSecret());
         session.setAttribute("sessionToken", response.getSessionToken());
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index 8b6fd59..2ad9138 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -8,8 +8,8 @@
 import org.springframework.stereotype.Service;
 
 import ee.sk.smartid.exception.permanent.SmartIdClientException;
-import ee.sk.smartid.v3.DynamicLinkAuthenticationSessionResponse;
 import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkSessionResponse;
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
 import jakarta.servlet.http.HttpSession;
 
@@ -28,7 +28,7 @@ public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3, SessionStat
     }
 
     @Async
-    public void startPolling(HttpSession session, DynamicLinkAuthenticationSessionResponse response) {
+    public void startPolling(HttpSession session, DynamicLinkSessionResponse response) {
         CompletableFuture<SessionStatus> sessionStatusFuture = initPolling(response.getSessionID());
         sessionStatusStore.addSession(session.getId(), sessionStatusFuture);
     }

From 57d7616b8798cd8d1610bbd42551422c9903a2df Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Fri, 13 Dec 2024 14:41:38 +0200
Subject: [PATCH 07/20] SLIB-66 - update session status querying and fix
 showing errors

---
 .../ee/sk/siddemo/GlobalExceptionHandler.java | 14 ++++
 .../ee/sk/siddemo/config/SmartIdV3Config.java |  4 ++
 .../controller/SmartIdV2Controller.java       |  2 +-
 ...artIdV3AuthenticationStatusController.java | 65 +++++++++++++++++++
 .../controller/SmartIdV3Controller.java       | 35 ++--------
 .../ee/sk/siddemo/services/AsyncCallback.java |  6 --
 .../siddemo/services/SessionStatusStore.java  | 48 --------------
 .../SmartIdV3AuthenticationService.java       | 51 ++++++++-------
 .../SmartIdV3SessionsStatusService.java       | 60 ++++++++++-------
 src/main/resources/application.yml            |  5 +-
 src/main/resources/logback.xml                |  6 +-
 .../templates/v3/authentication.html          | 16 ++---
 12 files changed, 170 insertions(+), 142 deletions(-)
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
 delete mode 100644 src/main/java/ee/sk/siddemo/services/AsyncCallback.java
 delete mode 100644 src/main/java/ee/sk/siddemo/services/SessionStatusStore.java

diff --git a/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
index 52f5050..4377bc9 100644
--- a/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
+++ b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
@@ -1,5 +1,7 @@
 package ee.sk.siddemo;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -10,6 +12,8 @@
 @ControllerAdvice
 public class GlobalExceptionHandler {
 
+    private static final Logger logger = LoggerFactory.getLogger(GlobalExceptionHandler.class);
+
     @ExceptionHandler(SidOperationException.class)
     public ModelAndView handleSidOperationException(SidOperationException exception) {
         var model = new ModelMap();
@@ -17,4 +21,14 @@ public ModelAndView handleSidOperationException(SidOperationException exception)
         model.addAttribute("errorMessage", exception.getMessage());
         return new ModelAndView("sidOperationError", model);
     }
+
+    @ExceptionHandler(Exception.class)
+    public ModelAndView handleSmartIdException(Exception exception) {
+        logger.warn("Generic error caught", exception);
+
+        var model = new ModelMap();
+        model.addAttribute("errorMessage", exception.getMessage());
+        return new ModelAndView("error", model);
+    }
+
 }
diff --git a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
index 442772c..745c33f 100644
--- a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
@@ -32,6 +32,9 @@ public class SmartIdV3Config {
     @Value("${sid.v3.client.polling-timeout-in-seconds}")
     private Integer sidPollingTimeout;
 
+    @Value("${sid.v3.client.open-socket-timeout-in-seconds}")
+    private Integer sidOpenSocketTimeout;
+
     @Value("${sid.v3.truststore.trusted-root-certs.filename}")
     private String sidTrustedRootCertsFilename;
 
@@ -52,6 +55,7 @@ public SmartIdClient smartIdClientV3() throws Exception {
         client.setHostUrl(sidApplicationProviderHost);
         client.setTrustStore(trustStore);
         client.setPollingSleepTimeout(TimeUnit.SECONDS, sidPollingTimeout);
+        client.setSessionStatusResponseSocketOpenTime(TimeUnit.SECONDS, sidOpenSocketTimeout);
 
         return client;
     }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
index 3ec7647..4c296ec 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV2Controller.java
@@ -145,7 +145,7 @@ public ModelAndView handleSmartIdException(Exception exception) {
 
         var model = new ModelMap();
 
-        model.addAttribute("errorMessage", exception.getMessage());
+        model.addAttribute("message", exception.getMessage());
 
         return new ModelAndView("error", model);
     }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
new file mode 100644
index 0000000..68d40af
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
@@ -0,0 +1,65 @@
+package ee.sk.siddemo.controller;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.ModelAndView;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import jakarta.servlet.http.HttpSession;
+
+@RestController
+public class SmartIdV3AuthenticationStatusController {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3AuthenticationStatusController.class);
+
+    private final DynamicContentService dynamicContentService;
+    private final SmartIdV3AuthenticationService smartIdV3AuthenticationService;
+
+    public SmartIdV3AuthenticationStatusController(DynamicContentService dynamicContentService,
+                                                   SmartIdV3AuthenticationService smartIdV3AuthenticationService) {
+        this.dynamicContentService = dynamicContentService;
+        this.smartIdV3AuthenticationService = smartIdV3AuthenticationService;
+    }
+
+    @GetMapping(value = "/v3/check-authentication-status")
+    public ResponseEntity<Map<String, String>> checkAuthenticationStatus(HttpSession session) {
+        boolean checkCompleted;
+        try {
+            checkCompleted = smartIdV3AuthenticationService.checkAuthenticationStatus(session);
+        } catch (SidOperationException ex) {
+            logger.error("Error occurred while checking authentication status", ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("errorMessage", ex.getMessage()));
+        }
+        if (checkCompleted) {
+            logger.debug("Session status: COMPLETED");
+            return ResponseEntity.ok(Map.of("sessionStatus", "COMPLETED"));
+        }
+
+        // Generate QR-code and dynamic link
+        logger.debug("Generate dynamic content for session {}", session.getId());
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
+        Map<String, String> content = new HashMap<>();
+        content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
+        content.put("qrCode", dynamicContent.getQrCode());
+        return ResponseEntity.ok(content);
+    }
+
+    @GetMapping(value = "/auth-session-error")
+    public ModelAndView handleAuthenticationSessionErrors(@RequestParam(value = "errorMessage", required = false) String errorMessage,
+                                                    ModelMap model) {
+        model.addAttribute("errorMessage", errorMessage);
+        return new ModelAndView("sidOperationError", model);
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index 16d766a..45c3abc 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -1,7 +1,5 @@
 package ee.sk.siddemo.controller;
 
-import java.util.Map;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Controller;
@@ -11,15 +9,12 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
 
-import ee.sk.siddemo.model.DynamicContent;
 import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.siddemo.services.DynamicContentService;
-import ee.sk.siddemo.services.SessionStatusStore;
 import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
 import ee.sk.smartid.AuthenticationIdentity;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
@@ -28,18 +23,13 @@
 @Controller
 public class SmartIdV3Controller {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3Controller.class);
-
     private final SmartIdV3AuthenticationService smartIdV3AuthenticationService;
-    private final DynamicContentService dynamicContentService;
-    private final SessionStatusStore sessionStatusStore;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
 
     public SmartIdV3Controller(SmartIdV3AuthenticationService smartIdV3AuthenticationService,
-                               DynamicContentService dynamicContentService,
-                               SessionStatusStore sessionStatusStore) {
+                               SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
         this.smartIdV3AuthenticationService = smartIdV3AuthenticationService;
-        this.dynamicContentService = dynamicContentService;
-        this.sessionStatusStore = sessionStatusStore;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
     }
 
     @ModelAttribute("userRequest")
@@ -53,7 +43,7 @@ public UserDocumentNumberRequest userDocumentNumberRequest() {
     }
 
     @GetMapping(value = "/rp-api-v3")
-    public String userRequestForm(Model model) {
+    public String viewRpApiV3Tab(Model model) {
         model.addAttribute("activeTab", "rp-api-v3");
         return "v3/main";
     }
@@ -92,19 +82,6 @@ public ModelAndView startAuthentication(ModelMap model, HttpServletRequest reque
         return new ModelAndView("v3/authentication", model);
     }
 
-    @GetMapping(value = "/v3/check-authentication-status")
-    @ResponseBody
-    public Map<String, Object> checkAuthenticationStatus(HttpSession session) {
-        boolean checkCompleted = smartIdV3AuthenticationService.checkAuthenticationStatus(session);
-        if (checkCompleted) {
-            logger.debug("Session status: COMPLETED");
-            return Map.of("sessionStatus", "COMPLETED");
-        }
-        logger.debug("Update dynamic content");
-        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
-        return Map.of("dynamicLink", dynamicContent.getDynamicLink().toString(), "qrCode", dynamicContent.getQrCode());
-    }
-
     @GetMapping(value = "/v3/authentication-result")
     public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
         AuthenticationIdentity authenticationIdentity = smartIdV3AuthenticationService.authenticate(session);
@@ -121,7 +98,7 @@ public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest requ
     private HttpSession resetSession(HttpServletRequest request) {
         HttpSession session = request.getSession();
         if (session != null) {
-            sessionStatusStore.removeSession(session.getId());
+            smartIdV3SessionsStatusService.cancelPolling(session.getId());
             session.invalidate();
         }
         // Create a new session
diff --git a/src/main/java/ee/sk/siddemo/services/AsyncCallback.java b/src/main/java/ee/sk/siddemo/services/AsyncCallback.java
deleted file mode 100644
index 9e66487..0000000
--- a/src/main/java/ee/sk/siddemo/services/AsyncCallback.java
+++ /dev/null
@@ -1,6 +0,0 @@
-package ee.sk.siddemo.services;
-
-public interface AsyncCallback<T> {
-
-    void onComplete(T result, Throwable error);
-}
diff --git a/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java b/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java
deleted file mode 100644
index 3edf9a7..0000000
--- a/src/main/java/ee/sk/siddemo/services/SessionStatusStore.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package ee.sk.siddemo.services;
-
-import java.util.Map;
-import java.util.Optional;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ExecutionException;
-
-import org.springframework.stereotype.Service;
-
-import ee.sk.smartid.v3.rest.dao.SessionStatus;
-
-@Service
-public class SessionStatusStore {
-
-    private final Map<String, Session> sessionStore = new ConcurrentHashMap<>();
-
-    public void addSession(String sessionId, CompletableFuture<?> future) {
-        sessionStore.put(sessionId, new Session(future));
-    }
-
-    public Optional<SessionStatus> getSessionsStatus(String sessionId) {
-        Session session = sessionStore.get(sessionId);
-        if (session == null) {
-            return Optional.empty();
-        }
-        if (session.future.isDone()) {
-            try {
-                return Optional.of((SessionStatus) session.future.get());
-            } catch (InterruptedException | ExecutionException ex) {
-                throw new RuntimeException(ex);
-            }
-        }
-        return Optional.empty();
-    }
-
-    public void removeSession(String sessionId) {
-        Session session = sessionStore.remove(sessionId);
-        if (session != null && session.future != null) {
-            // TODO - 26.11.24: this will not interrupt the task if it is already running, polling ends with timeout
-            session.future.cancel(true);
-        }
-    }
-
-    private record Session(CompletableFuture<?> future) {
-    }
-
-}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index 7e6b71d..981a4a1 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -4,13 +4,15 @@
 import java.util.List;
 import java.util.Optional;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.AuthenticationIdentity;
-import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
+import ee.sk.smartid.exception.UnprocessableSmartIdResponseException;
+import ee.sk.smartid.exception.useraccount.CertificateLevelMismatchException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v3.AuthenticationResponseValidator;
@@ -28,16 +30,16 @@ public class SmartIdV3AuthenticationService {
 
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
-    private final SessionStatusStore sessionStatusStore;
     private final AuthenticationResponseValidator authenticationResponseValidatorV3;
 
+    @Value("${sid.v3.auth.displayText}")
+    private String displayText;
+
     public SmartIdV3AuthenticationService(SmartIdClient smartIdClientV3,
                                           SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
-                                          SessionStatusStore sessionStatusStore,
                                           AuthenticationResponseValidator authenticationResponseValidatorV3) {
         this.smartIdClientV3 = smartIdClientV3;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
-        this.sessionStatusStore = sessionStatusStore;
         this.authenticationResponseValidatorV3 = authenticationResponseValidatorV3;
     }
 
@@ -45,7 +47,7 @@ public void startAuthentication(HttpSession session) {
         String randomChallenge = RandomChallenge.generate();
         DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
-                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? ")))
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
                 .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -61,9 +63,8 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
         DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withSemanticsIdentifier(semanticsIdentifier)
-                .withAllowedInteractionsOrder(
-                        List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? "))
-                ).initAuthenticationSession();
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
+                .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
         updateSession(session, randomChallenge, response, responseReceivedTime);
@@ -73,13 +74,11 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
 
     public void startAuthentication(HttpSession session, UserDocumentNumberRequest userDocumentNumberRequest) {
         String randomChallenge = RandomChallenge.generate();
-
         DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
-                .withAllowedInteractionsOrder(
-                        List.of(DynamicLinkInteraction.displayTextAndPIN("Login ? "))
-                ).initAuthenticationSession();
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
+                .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
         updateSession(session, randomChallenge, response, responseReceivedTime);
@@ -88,12 +87,12 @@ public void startAuthentication(HttpSession session, UserDocumentNumberRequest u
     }
 
     public boolean checkAuthenticationStatus(HttpSession session) {
-        Optional<SessionStatus> sessionStatus = sessionStatusStore.getSessionsStatus(session.getId());
+        Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
         return sessionStatus
                 .map(status -> {
                     if (status.getState().equals("COMPLETE")) {
+                        saveValidateResponse(session, status);
                         session.setAttribute("session_status", "COMPLETED");
-                        session.setAttribute("session_status_response", status);
                         return true;
                     }
                     return false;
@@ -101,23 +100,31 @@ public boolean checkAuthenticationStatus(HttpSession session) {
                 .orElse(false);
     }
 
+    private static void saveValidateResponse(HttpSession session, SessionStatus status) {
+        try {
+            // validate sessions status for dynamic link authentication
+            var dynamicLinkAuthenticationResponse = DynamicLinkAuthenticationResponseMapper.from(status);
+            session.setAttribute("authentication_response", dynamicLinkAuthenticationResponse);
+        } catch (SessionTimeoutException ex) {
+            throw new SidOperationException("Session timed out", ex);
+        }
+    }
+
     public AuthenticationIdentity authenticate(HttpSession session) {
-        SessionStatus sessionsStatusResponse = (SessionStatus) session.getAttribute("session_status_response");
+        // validate sessions status for dynamic link authentication
+        DynamicLinkAuthenticationResponse response = (DynamicLinkAuthenticationResponse) session.getAttribute("authentication_response");
         String randomChallenge = (String) session.getAttribute("randomChallenge");
 
         try {
-            // validate sessions status for dynamic link authentication
-            DynamicLinkAuthenticationResponse dynamicLinkAuthenticationResponse = DynamicLinkAuthenticationResponseMapper.from(sessionsStatusResponse);
-
             // validate and map authentication response to authentication identity
-            AuthenticationIdentity authenticationIdentity = authenticationResponseValidatorV3.toAuthenticationIdentity(dynamicLinkAuthenticationResponse, randomChallenge);
+            AuthenticationIdentity authenticationIdentity = authenticationResponseValidatorV3.toAuthenticationIdentity(response, randomChallenge);
             // invalidate current session after successful authentication
             session.invalidate();
             return authenticationIdentity;
-        } catch (DocumentUnusableException ex) {
+        } catch (UnprocessableSmartIdResponseException ex) {
             throw new SidOperationException("Invalid authentication response", ex);
-        } catch (SessionTimeoutException ex) {
-            throw new SidOperationException("Session timed out", ex);
+        } catch (CertificateLevelMismatchException ex) {
+            throw new SidOperationException("Certificate level mismatch", ex);
         }
     }
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index 2ad9138..42c00e7 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -1,10 +1,15 @@
 package ee.sk.siddemo.services;
 
-import java.util.concurrent.CompletableFuture;
+import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
 import ee.sk.smartid.exception.permanent.SmartIdClientException;
@@ -13,40 +18,51 @@
 import ee.sk.smartid.v3.rest.dao.SessionStatus;
 import jakarta.servlet.http.HttpSession;
 
-// TODO - 10.12.24: replace this with sessions status querying
 @Service
 public class SmartIdV3SessionsStatusService {
 
     private static final Logger logger = LoggerFactory.getLogger(SmartIdV3SessionsStatusService.class);
 
+    private final Map<String, Future<?>> sessions = new ConcurrentHashMap<>();
+
     private final SmartIdClient smartIdClientV3;
-    private final SessionStatusStore sessionStatusStore;
 
-    public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3, SessionStatusStore sessionStatusStore) {
+    public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3) {
         this.smartIdClientV3 = smartIdClientV3;
-        this.sessionStatusStore = sessionStatusStore;
     }
 
-    @Async
-    public void startPolling(HttpSession session, DynamicLinkSessionResponse response) {
-        CompletableFuture<SessionStatus> sessionStatusFuture = initPolling(response.getSessionID());
-        sessionStatusStore.addSession(session.getId(), sessionStatusFuture);
+    public void startPolling(HttpSession httpSession, DynamicLinkSessionResponse response) {
+        Callable<SessionStatus> task = () -> initPolling(response.getSessionID());
+        Future<?> future = Executors.newSingleThreadExecutor().submit(task);
+        sessions.put(httpSession.getId(), future);
     }
 
-    private CompletableFuture<SessionStatus> initPolling(String sessionId) {
-        return CompletableFuture.supplyAsync(() -> {
+    public Optional<SessionStatus> getSessionsStatus(String sessionId) {
+        Future<?> session = sessions.get(sessionId);
+        if (session != null && session.isDone()) {
             try {
-                if (Thread.currentThread().isInterrupted()) {
-                    throw new InterruptedException("Task was interrupted");
-                }
-                return smartIdClientV3.getSessionsStatusPoller().fetchFinalSessionStatus(sessionId);
-            } catch (SmartIdClientException ex) {
-                logger.error("Error occurred while fetching session status", ex);
+                return Optional.of((SessionStatus) session.get());
+            } catch (InterruptedException | ExecutionException ex) {
                 throw new RuntimeException(ex);
-            } catch (InterruptedException ex) {
-                logger.debug("Polling was interrupted", ex);
-                return null;
             }
-        });
+        }
+        return Optional.empty();
+    }
+
+    public void cancelPolling(String sessionId) {
+        Future<?> future = sessions.get(sessionId);
+        if (future != null) {
+            future.cancel(true);
+            sessions.remove(sessionId);
+        }
+    }
+
+    private SessionStatus initPolling(String sessionId) {
+        try {
+            return smartIdClientV3.getSessionsStatusPoller().fetchFinalSessionStatus(sessionId);
+        } catch (SmartIdClientException ex) {
+            logger.error("Error occurred while fetching session status", ex);
+            throw new RuntimeException(ex);
+        }
     }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 595c914..b44af6a 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -29,8 +29,11 @@ sid:
       relyingPartyUuid: ${SID_RELYING_PARTY_UUID}
       relyingPartyName: ${SID_RELYING_PARTY_NAME}
       applicationProviderHost: https://sid.demo.sk.ee/smart-id-rp/v3/
-      polling-timeout-in-seconds: 2
+      polling-timeout-in-seconds: 5
       dynamic-link-url: https://sid.demo.sk.ee/dynamic-link/
+      open-socket-timeout-in-seconds: 1
+    auth:
+      displayText: Log in with Smart-ID demo?
     truststore:
       trusted-server-ssl-certs:
         filename: /sid.trusted_server_certs.p12
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
index 903ea99..bba73d4 100644
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@@ -12,14 +12,10 @@
 
 
     <!-- LOG everything at INFO level -->
-    <root level="info">
+    <root level="debug">
         <appender-ref ref="Console" />
     </root>
 
-    <logger name="ee.sk" level="debug">
-        <appender-ref ref="Console" />
-    </logger>
-
     <!-- set this to TRACE if you want to log actual payloads and headers sent out -->
     <logger name="ee.sk.smartid.rest" level="trace" additivity="false">
         <appender-ref ref="Console" />
diff --git a/src/main/resources/templates/v3/authentication.html b/src/main/resources/templates/v3/authentication.html
index f35fc01..2a260e0 100644
--- a/src/main/resources/templates/v3/authentication.html
+++ b/src/main/resources/templates/v3/authentication.html
@@ -66,10 +66,9 @@ <h5> Link content</h5>
                 </div>
             </div>
         </div>
-<!--        Todo: does not work yet  -->
-<!--        <div class="container text-center">-->
-<!--            <a th:href="@{/v3/cancel-authentication}" class="btn btn-outline-dark">cancel</a>-->
-<!--        </div>-->
+        <div class="container text-center">
+            <a th:href="@{/v3/cancel-authentication}" class="btn btn-outline-dark">Cancel</a>
+        </div>
     </div>
 </div>
 
@@ -79,19 +78,20 @@ <h5> Link content</h5>
         fetch('/v3/check-authentication-status')
             .then(response => response.json())
             .then(data => {
-                if (data.sessionStatus === 'COMPLETED') {
-                    console.log('Session completed');
+                if (data.errorMessage !== undefined) {
+                    window.location.href = '/auth-session-error?errorMessage=' + data.errorMessage;
+                } else if (data.sessionStatus === 'COMPLETED') {
                     window.location.href = '/v3/authentication-result';
                 } else {
-                    console.log("Session data: " + data);
                     document.getElementById("qr-code").src = data.qrCode;
                     document.getElementById("dynamic-link").href = data.dynamicLink;
                     document.getElementById("link-content").innerText = data.dynamicLink;
                     setTimeout(loadContent, 1000);
                 }
             })
-            .catch(error => console.error('Error:', error));
+            .catch(error => console.log('Error:', error));
     }
+
     window.onload = loadContent;
 </script>
 </body>

From 632228ee41c8e64be5cb8cfd9b1abddf8cda505f Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Fri, 13 Dec 2024 15:34:38 +0200
Subject: [PATCH 08/20] SLIB-66 - add querying IP-address

---
 .../siddemo/services/SmartIdV3AuthenticationService.java  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
index 981a4a1..839cc89 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3AuthenticationService.java
@@ -4,6 +4,8 @@
 import java.util.List;
 import java.util.Optional;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
@@ -28,6 +30,8 @@
 @Service
 public class SmartIdV3AuthenticationService {
 
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3AuthenticationService.class);
+
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
     private final AuthenticationResponseValidator authenticationResponseValidatorV3;
@@ -48,6 +52,7 @@ public void startAuthentication(HttpSession session) {
         DynamicLinkSessionResponse response = smartIdClientV3.createDynamicLinkAuthentication()
                 .withRandomChallenge(randomChallenge)
                 .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
+                .withShareMdClientIpAddress(true)
                 .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -64,6 +69,7 @@ public void startAuthentication(HttpSession session, UserRequest userRequest) {
                 .withRandomChallenge(randomChallenge)
                 .withSemanticsIdentifier(semanticsIdentifier)
                 .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
+                .withShareMdClientIpAddress(true)
                 .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -78,6 +84,7 @@ public void startAuthentication(HttpSession session, UserDocumentNumberRequest u
                 .withRandomChallenge(randomChallenge)
                 .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
                 .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN(displayText)))
+                .withShareMdClientIpAddress(true)
                 .initAuthenticationSession();
         Instant responseReceivedTime = Instant.now();
 
@@ -93,6 +100,7 @@ public boolean checkAuthenticationStatus(HttpSession session) {
                     if (status.getState().equals("COMPLETE")) {
                         saveValidateResponse(session, status);
                         session.setAttribute("session_status", "COMPLETED");
+                        logger.debug("Mobile device IP address: {}", status.getDeviceIpAddress());
                         return true;
                     }
                     return false;

From 54965ffd7a59f0f0b2df3ebbab2cc30e4bf63a1c Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Fri, 13 Dec 2024 16:06:53 +0200
Subject: [PATCH 09/20] SLIB-66 - code clean up

---
 src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java         | 1 -
 src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java | 2 --
 src/main/resources/templates/v3/authentication.html             | 2 +-
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
index 745c33f..d634e20 100644
--- a/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
+++ b/src/main/java/ee/sk/siddemo/config/SmartIdV3Config.java
@@ -41,7 +41,6 @@ public class SmartIdV3Config {
     @Value("${sid.v3.truststore.trusted-root-certs.password}")
     private String sidTrustedRootCertsPassword;
 
-
     @Bean
     public SmartIdClient smartIdClientV3() throws Exception {
         InputStream is = SmartIdV3Config.class.getResourceAsStream(sidTrustedServerSslCertsFilename);
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index 45c3abc..a425471 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -1,7 +1,5 @@
 package ee.sk.siddemo.controller;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.ui.ModelMap;
diff --git a/src/main/resources/templates/v3/authentication.html b/src/main/resources/templates/v3/authentication.html
index 2a260e0..69ca660 100644
--- a/src/main/resources/templates/v3/authentication.html
+++ b/src/main/resources/templates/v3/authentication.html
@@ -45,7 +45,7 @@
                 </p>
             </div>
             <div class="container d-flex align-items-center justify-content-center qr-area">
-                <img class="img-fluid" id="qr-code" alt="QR code">
+                <img src="" class="img-fluid" id="qr-code" alt="QR code">
             </div>
         </div>
 

From a24e7e81b8193d659e18ebaf7b925b73381f19e6 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 17 Dec 2024 23:20:23 +0200
Subject: [PATCH 10/20] SLIB-73 - add base for dynamic-link certificate choice

---
 ...artIdV3AuthenticationStatusController.java |   3 +-
 .../SmartIdV3CertificateChoiceController.java | 109 ++++++
 .../services/DynamicContentService.java       |  12 +-
 .../SmartIdV3CertificateChoiceService.java    | 116 +++++++
 src/main/resources/static/css/style.css       |  20 +-
 .../v3/certificate-choice-result.html         |  27 ++
 .../templates/v3/certificate-choice.html      |  99 ++++++
 src/main/resources/templates/v3/main.html     | 324 +++++++++++++-----
 8 files changed, 608 insertions(+), 102 deletions(-)
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java
 create mode 100644 src/main/resources/templates/v3/certificate-choice-result.html
 create mode 100644 src/main/resources/templates/v3/certificate-choice.html

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
index 68d40af..9fa6f03 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
@@ -17,6 +17,7 @@
 import ee.sk.siddemo.model.DynamicContent;
 import ee.sk.siddemo.services.DynamicContentService;
 import ee.sk.siddemo.services.SmartIdV3AuthenticationService;
+import ee.sk.smartid.v3.SessionType;
 import jakarta.servlet.http.HttpSession;
 
 @RestController
@@ -49,7 +50,7 @@ public ResponseEntity<Map<String, String>> checkAuthenticationStatus(HttpSession
 
         // Generate QR-code and dynamic link
         logger.debug("Generate dynamic content for session {}", session.getId());
-        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session);
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session, SessionType.AUTHENTICATION);
         Map<String, String> content = new HashMap<>();
         content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
         content.put("qrCode", dynamicContent.getQrCode());
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java
new file mode 100644
index 0000000..66b7068
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java
@@ -0,0 +1,109 @@
+package ee.sk.siddemo.controller;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SmartIdV3CertificateChoiceService;
+import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
+import ee.sk.smartid.v3.SessionType;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+
+@Controller
+public class SmartIdV3CertificateChoiceController {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3CertificateChoiceController.class);
+
+    private final SmartIdV3CertificateChoiceService smartIdV3CertificateChoiceService;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+    private final DynamicContentService dynamicContentService;
+
+    public SmartIdV3CertificateChoiceController(SmartIdV3CertificateChoiceService smartIdV3CertificateChoiceService,
+                                                SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
+                                                DynamicContentService dynamicContentService) {
+        this.smartIdV3CertificateChoiceService = smartIdV3CertificateChoiceService;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+        this.dynamicContentService = dynamicContentService;
+    }
+
+    @GetMapping(value = "/v3/start-certificate-choice")
+    public ModelAndView startCertificateChoice(ModelMap model, HttpServletRequest request) {
+        HttpSession session = resetSession(request);
+        smartIdV3CertificateChoiceService.startCertificateChoice(session);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/certificate-choice", model);
+    }
+
+    @GetMapping(value = "/v3/check-certificate-choice-status")
+    @ResponseBody
+    public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSession session) {
+        boolean checkCompleted;
+        try {
+            checkCompleted = smartIdV3CertificateChoiceService.checkCertificateChoiceStatus(session);
+        } catch (SidOperationException ex) {
+            logger.error("Error occurred while checking authentication status", ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("errorMessage", ex.getMessage()));
+        }
+        if (checkCompleted) {
+            logger.debug("Session status: COMPLETED");
+            return ResponseEntity.ok(Map.of("sessionStatus", "COMPLETED"));
+        }
+
+        // Generate QR-code and dynamic link
+        logger.debug("Generate dynamic content for session {}", session.getId());
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session, SessionType.CERTIFICATE_CHOICE);
+        Map<String, String> content = new HashMap<>();
+        content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
+        content.put("qrCode", dynamicContent.getQrCode());
+        return ResponseEntity.ok(content);
+    }
+
+    @GetMapping(value = "/certificate-choice-session-error")
+    public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "errorMessage", required = false) String errorMessage,
+                                                          ModelMap model) {
+        model.addAttribute("errorMessage", errorMessage);
+        return new ModelAndView("sidOperationError", model);
+    }
+
+    @GetMapping(value = "/v3/certificate-choice-result")
+    public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
+        String documentNumber = (String) session.getAttribute("documentNumber");
+        String distinguishedName = (String) session.getAttribute("distinguishedName");
+        model.addAttribute("documentNumber", documentNumber);
+        model.addAttribute("distinguishedName", distinguishedName);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/certificate-choice-result", model);
+    }
+
+    @GetMapping(value = "/v3/cancel-certificate-choice")
+    public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
+        resetSession(request);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/main", model);
+    }
+
+    private HttpSession resetSession(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        if (session != null) {
+            smartIdV3SessionsStatusService.cancelPolling(session.getId());
+            session.invalidate();
+        }
+        // Create a new session
+        session = request.getSession(true);
+        return session;
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
index 89cc648..90c91a0 100644
--- a/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
+++ b/src/main/java/ee/sk/siddemo/services/DynamicContentService.java
@@ -31,32 +31,32 @@ public DynamicContentService(SmartIdClient smartIdClientV3) {
         this.smartIdClientV3 = smartIdClientV3;
     }
 
-    public DynamicContent getDynamicContent(HttpSession session) {
+    public DynamicContent getDynamicContent(HttpSession session, SessionType sessionType) {
         String sessionSecret = (String) session.getAttribute("sessionSecret");
         String sessionToken = (String) session.getAttribute("sessionToken");
         Instant responseReceivedTime = (Instant) session.getAttribute("responseReceivedTime");
 
-        return getDynamicContent(sessionToken, sessionSecret, responseReceivedTime);
+        return getDynamicContent(sessionType, sessionToken, sessionSecret, responseReceivedTime);
     }
 
-    public DynamicContent getDynamicContent(String sessionToken, String sessionSecret, Instant responseReceivedTime) {
+    public DynamicContent getDynamicContent(SessionType sessionType, String sessionToken, String sessionSecret, Instant responseReceivedTime) {
         long elapsedSeconds = Duration.between(responseReceivedTime, Instant.now()).getSeconds();
         logger.info("Dynamic content elapsed seconds: {}", elapsedSeconds);
 
         DynamicContentBuilder contentBuilder = smartIdClientV3.createDynamicContent()
                 .withBaseUrl(dynamicLinkUrl)
-                .withSessionType(SessionType.AUTHENTICATION)
+                .withSessionType(sessionType)
                 .withSessionToken(sessionToken)
                 .withElapsedSeconds(elapsedSeconds);
 
         URI dynamicLink = contentBuilder
                 .withDynamicLinkType(DynamicLinkType.WEB_2_APP)
-                .withAuthCode(AuthCode.createHash(DynamicLinkType.WEB_2_APP, SessionType.AUTHENTICATION, elapsedSeconds, sessionSecret))
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.WEB_2_APP, sessionType, elapsedSeconds, sessionSecret))
                 .createUri();
 
         String qrDataUri = contentBuilder
                 .withDynamicLinkType(DynamicLinkType.QR_CODE)
-                .withAuthCode(AuthCode.createHash(DynamicLinkType.QR_CODE, SessionType.AUTHENTICATION, elapsedSeconds, sessionSecret))
+                .withAuthCode(AuthCode.createHash(DynamicLinkType.QR_CODE, sessionType, elapsedSeconds, sessionSecret))
                 .createQrCodeDataUri();
         return new DynamicContent(dynamicLink, qrDataUri);
     }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java
new file mode 100644
index 0000000..bd93540
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java
@@ -0,0 +1,116 @@
+package ee.sk.siddemo.services;
+
+import java.nio.charset.StandardCharsets;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Optional;
+
+import org.apache.hc.client5.http.utils.Base64;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.smartid.exception.useraction.SessionTimeoutException;
+import ee.sk.smartid.v3.ErrorResultHandler;
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkSessionResponse;
+import ee.sk.smartid.v3.rest.dao.SessionResult;
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+import jakarta.servlet.http.HttpSession;
+
+@Service
+public class SmartIdV3CertificateChoiceService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3CertificateChoiceService.class);
+
+    private final SmartIdClient smartIdClientV3;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+
+    public SmartIdV3CertificateChoiceService(SmartIdClient smartIdClientV3,
+                                             SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
+        this.smartIdClientV3 = smartIdClientV3;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+    }
+
+    public void startCertificateChoice(HttpSession session) {
+        // TODO - 16.12.24: uncomment when anonymous certificate choice is supported by RP API v3
+//        DynamicLinkSessionResponse response = this.smartIdClientV3.createDynamicLinkCertificateRequest()
+//                .withCertificateLevel(CertificateLevel.QUALIFIED)
+//                .withShareMdClientIpAddress(true)
+//                .initCertificateChoice();
+        DynamicLinkSessionResponse response = new DynamicLinkSessionResponse();
+        response.setSessionID("fake-session-id");
+        response.setSessionToken("fake-token");
+        response.setSessionSecret(Base64.encodeBase64String("fake-secret".getBytes(StandardCharsets.UTF_8)));
+
+        Instant responseReceivedTime = Instant.now();
+
+        session.setAttribute("sessionID", response.getSessionID());
+        session.setAttribute("sessionToken", response.getSessionToken());
+        session.setAttribute("sessionSecret", response.getSessionSecret());
+        session.setAttribute("responseReceivedTime", responseReceivedTime);
+
+        // TODO - 16.12.24: uncomment when anonymous certificate choice session can be created
+//        smartIdV3SessionsStatusService.startPolling(session, response);
+    }
+
+    public boolean checkCertificateChoiceStatus(HttpSession session) {
+        // TODO - 16.12.24: uncomment when anonymous certificate choice is supported by RP API v3
+        // Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
+
+        // Dummy session status to simulate querying the session status, displaying dynamic sessions for 10seconds
+        // Remove after RP API v3 supports dynamic-link certificate choice
+        Instant responseReceivedTime = (Instant) session.getAttribute("responseReceivedTime");
+        long elapsedSeconds = Duration.between(responseReceivedTime, Instant.now()).getSeconds();
+        SessionStatus status = dummySessionsStatus(elapsedSeconds);
+        Optional<SessionStatus> sessionStatus = Optional.of(status);
+
+        return sessionStatus
+                .map(ss -> {
+                    if (ss.getState().equals("COMPLETE")) {
+                        saveValidateResponse(session, ss);
+                        session.setAttribute("session_status", "COMPLETED");
+                        logger.debug("Mobile device IP address: {}", ss.getDeviceIpAddress());
+                        return true;
+                    }
+                    return false;
+                })
+                .orElse(false);
+    }
+
+    // TODO - 17.12.24: only used for simulating querying the session status, remove after actuall functionality can be used
+    private static SessionStatus dummySessionsStatus(long elapsedSeconds) {
+        SessionStatus status;
+        if (elapsedSeconds > 10) {
+            SessionResult result = new SessionResult();
+            result.setEndResult("OK");
+            result.setDocumentNumber("PNOEE-1234567890-MOCK-Q");
+
+            status = new SessionStatus();
+            status.setState("COMPLETE");
+            status.setResult(result);
+        } else {
+            status = new SessionStatus();
+            status.setState("RUNNING");
+        }
+        return status;
+    }
+
+    private static void saveValidateResponse(HttpSession session, SessionStatus status) {
+        try {
+            // validate sessions status does not contain errors
+            if (!"OK".equals(status.getResult().getEndResult())) {
+                ErrorResultHandler.handle(status.getResult().getEndResult());
+            }
+            // TODO - 17.12.24: uncomment when anonymous certificate choice is supported by RP API v3
+//            X509Certificate certificate = CertificateParser.parseX509Certificate(status.getCert().getValue());
+//            String distinguishedName = certificate.getSubjectX500Principal().getName();
+            String distinguishedName = "CN=John Doe, OU=IT, O=Company, C=EE";
+            session.setAttribute("distinguishedName", distinguishedName);
+            session.setAttribute("documentNumber", status.getResult().getDocumentNumber());
+        } catch (SessionTimeoutException ex) {
+            throw new SidOperationException("Session timed out", ex);
+        }
+    }
+}
diff --git a/src/main/resources/static/css/style.css b/src/main/resources/static/css/style.css
index d7ac9e6..9bfef03 100644
--- a/src/main/resources/static/css/style.css
+++ b/src/main/resources/static/css/style.css
@@ -1,5 +1,6 @@
-html, body {
+body, html {
     height: 100%;
+    margin: 0;
 }
 
 body {
@@ -10,9 +11,22 @@ body {
     background-color: #f5f5f5;
 }
 
+main {
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 95vh;
+}
+
+.sticky-tabs {
+    position: sticky;
+    top: 0;
+    z-index: 10;
+    border-bottom: 1px solid #ddd;
+}
+
 .content-area {
-    height: 90vh;
-    overflow: auto;
+    overflow: hidden;
 }
 
 .view-content {
diff --git a/src/main/resources/templates/v3/certificate-choice-result.html b/src/main/resources/templates/v3/certificate-choice-result.html
new file mode 100644
index 0000000..f082606
--- /dev/null
+++ b/src/main/resources/templates/v3/certificate-choice-result.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
+    <h1> Certificate choice result</h1>
+    <p>
+        <span th:text="${documentNumber}"></span>
+        <br>
+        <span th:text="${distinguishedName}"></span>
+    </p>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/certificate-choice.html b/src/main/resources/templates/v3/certificate-choice.html
new file mode 100644
index 0000000..f6b2e14
--- /dev/null
+++ b/src/main/resources/templates/v3/certificate-choice.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+
+    <style>
+        .responsive-text {
+            font-size: 1rem;
+        }
+
+        @media (min-width: 768px) {
+            .responsive-text {
+                font-size: 1.5rem;
+            }
+        }
+
+        @media (min-width: 1200px) {
+            .responsive-text {
+                font-size: 2rem;
+            }
+        }
+
+        .qr-area {
+            width: 610px;
+            height: 610px;
+            background: #ffffff;
+        }
+    </style>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center content-area pt-3">
+    <div class="container view-content h-100">
+        <div class="container">
+            <div class="container text-center mt-3">
+                <p class="responsive-text">
+                    Please scan the QR code with the Smart-ID app to proceed
+                </p>
+            </div>
+            <div class="container d-flex align-items-center justify-content-center qr-area">
+                <img src="" class="img-fluid" id="qr-code" alt="QR code">
+            </div>
+        </div>
+
+        <div class="container border-dark pt-3">
+            <div class="container text-center">
+                <p>
+                    Link option is only meant to work on mobile device where Smart-ID app is installed.
+                    If app is not available on your device, then link should direct you to the app store.
+                </p>
+            </div>
+            <div class="container text-center">
+                <a class="btn btn-primary" id="dynamic-link"> To Smart-ID app</a>
+            </div>
+            <div class="container">
+                <h5> Link content</h5>
+                <div class="text-wrap" style="overflow-wrap: break-word">
+                    <p id="link-content"></p>
+                </div>
+            </div>
+        </div>
+        <div class="container text-center">
+            <a th:href="@{/v3/cancel-certificate-choice}" class="btn btn-outline-dark">Cancel</a>
+        </div>
+    </div>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+<script type="text/javascript">
+    function loadContent() {
+        fetch('/v3/check-certificate-choice-status')
+            .then(response => response.json())
+            .then(data => {
+                if (data.errorMessage !== undefined) {
+                    window.location.href = '/certificate-choice-session-error?errorMessage=' + data.errorMessage;
+                } else if (data.sessionStatus === 'COMPLETED') {
+                    window.location.href = '/v3/certificate-choice-result';
+                } else {
+                    document.getElementById("qr-code").src = data.qrCode;
+                    document.getElementById("dynamic-link").href = data.dynamicLink;
+                    document.getElementById("link-content").innerText = data.dynamicLink;
+                    setTimeout(loadContent, 1000);
+                }
+            })
+            .catch(error => console.log('Error:', error));
+    }
+
+    window.onload = loadContent;
+</script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index 79fbf74..e970aef 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -6,123 +6,263 @@
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
     <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
-    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+    <link href="../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
 </head>
 <body>
 
 <div th:insert="~{fragments/header :: header}"></div>
 
-<div class="container-fluid d-flex align-items-center justify-content-center content-area">
-    <div class="container view-content">
-        <div class="row border rounded shadow p-3 bg-light">
-            <!-- Sidebar -->
-            <div class="col-md-4 bg-light border-right p-3" id="sidebar">
-                <h5 class="text-uppercase fw-bold mb-2">Dynamic link</h5>
-                <div class="ms-3">
-                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="anonymous-authentication">Anonymous authentication</a>
-                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="person-code-authentication">Authentication with person code</a>
-                    <a href="#" class="btn btn-outline-dark w-100 mb-1" id="document-number-authentication">Authentication with document number</a>
-                </div>
+<main class="container d-flex justify-content-center align-items-center">
+    <div class="row w-100">
+        <div class="col-12 col-md-10 offset-md-1">
+            <ul class="nav nav-tabs sticky-tabs" id="v3-flow-tabs">
+                <li class="nav-item">
+                    <a class="nav-link active" id="auth-tab" role="tab" aria-controls="auth-tab-pane" aria-selected="true">
+                        Authentication
+                    </a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" id="cert-choice-tab" role="tab" aria-controls="cert-choice-tab-pane" aria-selected="false">
+                        Certificate choice
+                    </a>
+                </li>
+                <li class="nav-item">
+                    <a class="nav-link" id="sign-tab" role="tab" aria-controls="sign-tab-pane" aria-selected="false">
+                        Signature
+                    </a>
+                </li>
+            </ul>
 
-                <h5 class="text-uppercase fw-bold mt-4 mb-2"> Notification </h5>
-                <div class="ms-3">
-                    <a href="#" class="btn btn-outline-dark w-100 mb-1">Authentication with person code</a>
-                    <a href="#" class="btn btn-outline-dark w-100 mb-1">Authentication with document number</a>
-                </div>
-            </div>
+            <div class="content-area tab-content" id="v3-flow-tab-panes">
+                <div class="tab-pane active" id="auth-tab-pane" role="tabpanel" aria-labelledby="auth-tab-pane">
+                    <div class="row border rounded p-3 bg-light">
+                        <!-- Sidebar -->
+                        <div class="col-md-4 bg-light border-right p-3" id="sidebar">
+                            <h5 class="text-uppercase fw-bold mb-2">Dynamic link</h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 auth-btn"
+                                   aria-controls="anonymous-authentication">Anonymous authentication</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 auth-btn"
+                                   aria-controls="dynamic-link-person-code-authentication">Authentication with person code</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 auth-btn"
+                                   aria-controls="dynamic-link-document-number-authentication">Authentication with document number</a>
+                            </div>
 
-            <!-- Content -->
-            <div class="col-md-8 p-3">
-                <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
-                    <div class="container" id="anonymous-authentication-area">
-                        <div class="text-center">
-                            <h1>Smart-ID</h1>
-                            <a th:href="@{/v3/start-authentication}" class="btn btn-primary">Authenticate</a>
+                            <h5 class="text-uppercase fw-bold mt-4 mb-2"> Notification </h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 auth-btn"
+                                   aria-controls="notification-person-code-authentication">Authentication with person code</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 auth-btn"
+                                   aria-controls="notification-document-number-authentication">Authentication with document number</a>
+                            </div>
                         </div>
-                    </div>
 
-                    <div class="container d-none" id="person-code-authentication-area">
-                        <form action="v3/start-authentication-with-person-code" th:object="${userRequest}" method="POST" class="form-action">
-                            <div class="text-center">
-                                <h1>Smart-ID</h1>
-                            </div>
-                            <div class="form-group">
-                                <label for="country"> Select country </label>
-                                <select th:field="*{country}" id="country" class="form-control" name="country">
-                                    <option th:value="'EE'" value="EE">Estonia</option>
-                                    <option th:value="'LV'" value="LV">Latvia</option>
-                                    <option th:value="'LT'" th:text="Lithuania"></option>
-                                    <option th:value="'BE'" th:text="Belgium"></option>
-                                </select>
-                                <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
-                                    country Error
+                        <!-- Content -->
+                        <div class="col-md-8 p-3">
+                            <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
+                                <div class="container auth-area" id="anonymous-authentication">
+                                    <div class="text-center">
+                                        <h1>Smart-ID</h1>
+                                        <a th:href="@{/v3/start-authentication}" class="btn btn-primary">Authenticate</a>
+                                    </div>
                                 </div>
-                            </div>
 
-                            <div class="form-group">
-                                <label for="person-code">Person code</label>
-                                <input th:field="*{nationalIdentityNumber}" type="text" id="person-code" class="form-control"
-                                       placeholder="Enter person code" name="personCode">
-                                <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}" style="color:red">
-                                    nationalIdentityNumber Error </div>
-                            </div>
-                            <div class="text-right">
-                                <button type="submit" class="btn btn-primary">Authenticate</button>
+                                <div class="container d-none auth-area" id="dynamic-link-person-code-authentication">
+                                    <form action="v3/start-authentication-with-person-code" th:object="${userRequest}" method="POST"
+                                          class="form-action">
+                                        <div class="text-center">
+                                            <h1>Smart-ID</h1>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="country"> Select country </label>
+                                            <select th:field="*{country}" id="country" class="form-control" name="country">
+                                                <option th:value="'EE'" value="EE">Estonia</option>
+                                                <option th:value="'LV'" value="LV">Latvia</option>
+                                                <option th:value="'LT'" th:text="Lithuania"></option>
+                                                <option th:value="'BE'" th:text="Belgium"></option>
+                                            </select>
+                                            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                                                country Error
+                                            </div>
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="person-code">Person code</label>
+                                            <input th:field="*{nationalIdentityNumber}" type="text" id="person-code" class="form-control"
+                                                   placeholder="Enter person code" name="personCode">
+                                            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}"
+                                                 style="color:red">
+                                                nationalIdentityNumber Error
+                                            </div>
+                                        </div>
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Authenticate</button>
+                                        </div>
+                                    </form>
+                                </div>
+
+                                <div class="container d-none auth-area" id="dynamic-link-document-number-authentication">
+                                    <form action="v3/start-authentication-with-document-number" th:object="${userDocumentNumberRequest}"
+                                          method="POST"
+                                          class="form-action">
+                                        <div class="text-center">
+                                            <h1>Smart-ID</h1>
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="document-number"> Document number</label>
+                                            <input th:field="*{documentNumber}" type="text" id="document-number" class="form-control"
+                                                   placeholder="Enter document number">
+                                        </div>
+
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Authenticate</button>
+                                        </div>
+                                    </form>
+                                </div>
+
+                                <div class="container d-none auth-area" id="notification-person-code-authentication">
+                                    Person code authentication
+                                </div>
+
+                                <div class="container d-none auth-area" id="notification-document-number-authentication">
+                                    Document number authentication
+                                </div>
                             </div>
-                        </form>
+                        </div>
                     </div>
+                </div>
+
+                <div class="tab-pane" id="cert-choice-tab-pane" role="tabpanel" aria-labelledby="cert-choice-tab-pane">
+                    <div class="row border rounded p-3 bg-light">
 
-                    <div class="container d-none" id="document-number-authentication-area">
-                        <form action="v3/start-authentication-with-document-number" th:object="${userDocumentNumberRequest}" method="POST" class="form-action" >
-                            <div class="text-center">
-                                <h1>Smart-ID</h1>
+                        <!-- Sidebar -->
+                        <div class="col-md-4 bg-light border-right p-3" id="cert-choice-sidebar">
+                            <h5 class="text-uppercase fw-bold mb-2">Dynamic link</h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 certification-choice-btn"
+                                   aria-controls="anonymous-certificate-choice">Anonymous certificate choice</a>
                             </div>
 
-                            <div class="form-group">
-                                <label for="document-number"> Document number</label>
-                                <input  th:field="*{documentNumber}" type="text" id="document-number" class="form-control" placeholder="Enter document number">
+                            <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 certification-choice-btn"
+                                   aria-controls="person-code-certificate-choice">Certificate choice with person code</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 certification-choice-btn"
+                                   aria-controls="document-number-certificate-choice">Certificate choice with document number</a>
                             </div>
+                        </div>
+
+                        <!-- Content -->
+                        <div class="col-md-8 p-3">
+                            <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100 certification-choice-btn">
+                                <div class="container certification-choice-area" id="anonymous-certificate-choice">
+                                    <div class="text-center">
+                                        <h1>Smart-ID</h1>
+                                        <a th:href="@{/v3/start-certificate-choice}" class="btn btn-primary">Certificate choice</a>
+                                        <p>
+                                            Certificate choice should be used with signing a file. For testing purposes this demo is provided
+                                            for only testing this single flow
+                                        </p>
+                                    </div>
+                                </div>
 
-                            <div class="text-right">
-                                <button type="submit" class="btn btn-primary">Authenticate</button>
+                                <div class="container d-none certification-choice-area" id="person-code-certificate-choice">
+                                    <!--todo: implement-->
+                                    Person code certificate choice
+                                </div>
+
+                                <div class="container d-none certification-choice-area" id="document-number-certificate-choice">
+                                    <!--todo: implement-->
+                                    Document number certificate choice
+                                </div>
                             </div>
-                        </form>
+                        </div>
                     </div>
                 </div>
+
+                <div class="tab-pane" id="sign-tab-pane" role="tabpanel" aria-labelledby="sign-tab-pane">
+                    Signing tab
+                </div>
             </div>
+
         </div>
     </div>
-</div>
+</main>
+<script th:src="@{/js/bootstrap.js}"></script>
 <script>
-    // Anonymous authentication
-    const anonymousAuthenticationButton = document.getElementById("anonymous-authentication");
-    anonymousAuthenticationButton.addEventListener("click", showAnonymousAuthentication);
-
-    function showAnonymousAuthentication() {
-        document.getElementById("anonymous-authentication-area").classList.remove('d-none');
-        document.getElementById("person-code-authentication-area").classList.add('d-none');
-        document.getElementById("document-number-authentication-area").classList.add('d-none');
-    }
-
-    // Person code authentication
-    const personCodeAuthenticationButton = document.getElementById("person-code-authentication");
-    personCodeAuthenticationButton.addEventListener("click", showPersonCodeAuthentication);
-
-    function showPersonCodeAuthentication() {
-        document.getElementById("anonymous-authentication-area").classList.add('d-none');
-        document.getElementById("person-code-authentication-area").classList.remove('d-none');
-        document.getElementById("document-number-authentication-area").classList.add('d-none');
-    }
-
-    // Document number authentication
-    const documentNumberAuthenticationButton = document.getElementById("document-number-authentication");
-    documentNumberAuthenticationButton.addEventListener("click", showDocumentNumberAuthentication);
-
-    function showDocumentNumberAuthentication() {
-        document.getElementById("anonymous-authentication-area").classList.add('d-none');
-        document.getElementById("person-code-authentication-area").classList.add('d-none');
-        document.getElementById("document-number-authentication-area").classList.remove('d-none');
-    }
+    // handle tab switching
+    const tabs = document.querySelectorAll('#v3-flow-tabs .nav-link');
+    const tabPanes = document.querySelectorAll('#v3-flow-tab-panes .tab-pane');
+
+    tabs.forEach(tab => {
+        tab.onclick = function () {
+            tabPanes.forEach(tabPane => {
+                tabPane.classList.remove('active');
+            });
+            tabs.forEach(tab => {
+                tab.classList.remove('active');
+            });
+
+            const tabId = tab.getAttribute('aria-controls');
+            let tabPane = document.getElementById(tabId);
+            tabPane.classList.add('active');
+            tab.classList.add('active');
+        }
+    });
+
+    // handle auth content switching
+    const authButtons = document.querySelectorAll('.auth-btn');
+    const authAreas = document.querySelectorAll('.auth-area');
+    authButtons.forEach(button => {
+        button.onclick = function () {
+            authButtons.forEach(button => {
+                button.classList.remove('active');
+            });
+            authAreas.forEach(area => {
+                area.classList.remove('active');
+                area.classList.add('d-none');
+            });
+            button.classList.add('active');
+
+            const areaId = button.getAttribute('aria-controls');
+            let area = document.getElementById(areaId);
+            area.classList.add('active');
+            area.classList.remove('d-none');
+
+        }
+    });
+
+    // handle certificate choice content switching
+    // handle auth content switching
+    const certButtons = document.querySelectorAll('.certification-choice-btn');
+    const certAreas = document.querySelectorAll('.certification-choice-area');
+    certButtons.forEach(button => {
+        button.onclick = function () {
+            certButtons.forEach(button => {
+                button.classList.remove('active');
+            });
+            certAreas.forEach(area => {
+                area.classList.remove('active');
+                area.classList.add('d-none');
+            });
+            button.classList.add('active');
+
+            const areaId = button.getAttribute('aria-controls');
+            console.log(areaId);
+            let area = document.getElementById(areaId);
+            area.classList.add('active');
+            area.classList.remove('d-none');
+        }
+    });
 </script>
 </body>
 </html>
\ No newline at end of file

From f2f846da043c6e06f47cb872b672ef5f3f7ddf42 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Fri, 20 Dec 2024 00:07:18 +0200
Subject: [PATCH 11/20] SLIB-76 - initial changes for notification-based
 certificate choice

---
 .../controller/SmartIdV3Controller.java       |   7 +-
 ...namicLinkCertificateChoiceController.java} |  39 +++---
 ...ationBasedCertificateChoiceController.java | 113 ++++++++++++++++++
 ...3DynamicLinkCertificateChoiceService.java} |   8 +-
 ...ficationBasedCertificateChoiceService.java |  77 ++++++++++++
 .../SmartIdV3SessionsStatusService.java       |   6 +-
 src/main/resources/logback.xml                |   2 +-
 .../certificate-choice-result.html            |   4 +-
 .../certificate-choice.html                   |  10 +-
 src/main/resources/templates/v3/main.html     |  43 ++++++-
 .../certificate-choice-result.html            |  27 +++++
 .../certificate-choice.html                   |  39 ++++++
 12 files changed, 337 insertions(+), 38 deletions(-)
 rename src/main/java/ee/sk/siddemo/controller/{SmartIdV3CertificateChoiceController.java => SmartIdV3DynamicLinkCertificateChoiceController.java} (68%)
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
 rename src/main/java/ee/sk/siddemo/services/{SmartIdV3CertificateChoiceService.java => SmartIdV3DynamicLinkCertificateChoiceService.java} (94%)
 create mode 100644 src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
 rename src/main/resources/templates/v3/{ => dynamic-link}/certificate-choice-result.html (78%)
 rename src/main/resources/templates/v3/{ => dynamic-link}/certificate-choice.html (86%)
 create mode 100644 src/main/resources/templates/v3/notification-based/certificate-choice-result.html
 create mode 100644 src/main/resources/templates/v3/notification-based/certificate-choice.html

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index a425471..b66aedd 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -30,7 +30,12 @@ public SmartIdV3Controller(SmartIdV3AuthenticationService smartIdV3Authenticatio
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
     }
 
-    @ModelAttribute("userRequest")
+    @ModelAttribute("certUserRequest")
+    public UserRequest certUserRequest() {
+        return new UserRequest();
+    }
+
+    @ModelAttribute("authUserRequest")
     public UserRequest userRequest() {
         return new UserRequest();
     }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
similarity index 68%
rename from src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java
rename to src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
index 66b7068..a1902f1 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3CertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
@@ -17,43 +17,43 @@
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.DynamicContent;
 import ee.sk.siddemo.services.DynamicContentService;
-import ee.sk.siddemo.services.SmartIdV3CertificateChoiceService;
+import ee.sk.siddemo.services.SmartIdV3DynamicLinkCertificateChoiceService;
 import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
 import ee.sk.smartid.v3.SessionType;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
 
 @Controller
-public class SmartIdV3CertificateChoiceController {
+public class SmartIdV3DynamicLinkCertificateChoiceController {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3CertificateChoiceController.class);
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3DynamicLinkCertificateChoiceController.class);
 
-    private final SmartIdV3CertificateChoiceService smartIdV3CertificateChoiceService;
+    private final SmartIdV3DynamicLinkCertificateChoiceService smartIdV3DynamicLinkCertificateChoiceService;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
     private final DynamicContentService dynamicContentService;
 
-    public SmartIdV3CertificateChoiceController(SmartIdV3CertificateChoiceService smartIdV3CertificateChoiceService,
-                                                SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
-                                                DynamicContentService dynamicContentService) {
-        this.smartIdV3CertificateChoiceService = smartIdV3CertificateChoiceService;
+    public SmartIdV3DynamicLinkCertificateChoiceController(SmartIdV3DynamicLinkCertificateChoiceService smartIdV3DynamicLinkCertificateChoiceService,
+                                                           SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
+                                                           DynamicContentService dynamicContentService) {
+        this.smartIdV3DynamicLinkCertificateChoiceService = smartIdV3DynamicLinkCertificateChoiceService;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
         this.dynamicContentService = dynamicContentService;
     }
 
-    @GetMapping(value = "/v3/start-certificate-choice")
-    public ModelAndView startCertificateChoice(ModelMap model, HttpServletRequest request) {
+    @GetMapping(value = "/v3/dynamic-link/start-certificate-choice")
+    public ModelAndView startDynamicCertificateChoice(ModelMap model, HttpServletRequest request) {
         HttpSession session = resetSession(request);
-        smartIdV3CertificateChoiceService.startCertificateChoice(session);
+        smartIdV3DynamicLinkCertificateChoiceService.startCertificateChoice(session);
         model.addAttribute("activeTab", "rp-api-v3");
-        return new ModelAndView("v3/certificate-choice", model);
+        return new ModelAndView("v3/dynamic-link/certificate-choice", model);
     }
 
-    @GetMapping(value = "/v3/check-certificate-choice-status")
+    @GetMapping(value = "/v3/dynamic-link/check-certificate-choice-status")
     @ResponseBody
     public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSession session) {
         boolean checkCompleted;
         try {
-            checkCompleted = smartIdV3CertificateChoiceService.checkCertificateChoiceStatus(session);
+            checkCompleted = smartIdV3DynamicLinkCertificateChoiceService.checkCertificateChoiceStatus(session);
         } catch (SidOperationException ex) {
             logger.error("Error occurred while checking authentication status", ex);
             return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("errorMessage", ex.getMessage()));
@@ -72,24 +72,25 @@ public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSess
         return ResponseEntity.ok(content);
     }
 
-    @GetMapping(value = "/certificate-choice-session-error")
+    @GetMapping(value = "/v3/dynamic-link/certificate-choice-session-error")
     public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "errorMessage", required = false) String errorMessage,
-                                                          ModelMap model) {
+                                                             ModelMap model) {
         model.addAttribute("errorMessage", errorMessage);
+        model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("sidOperationError", model);
     }
 
-    @GetMapping(value = "/v3/certificate-choice-result")
+    @GetMapping(value = "/v3/dynamic-link/certificate-choice-result")
     public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
         String documentNumber = (String) session.getAttribute("documentNumber");
         String distinguishedName = (String) session.getAttribute("distinguishedName");
         model.addAttribute("documentNumber", documentNumber);
         model.addAttribute("distinguishedName", distinguishedName);
         model.addAttribute("activeTab", "rp-api-v3");
-        return new ModelAndView("v3/certificate-choice-result", model);
+        return new ModelAndView("v3/dynamic-link/certificate-choice-result", model);
     }
 
-    @GetMapping(value = "/v3/cancel-certificate-choice")
+    @GetMapping(value = "/v3/dynamic-link/cancel-certificate-choice")
     public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
         resetSession(request);
         model.addAttribute("activeTab", "rp-api-v3");
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
new file mode 100644
index 0000000..2259da2
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -0,0 +1,113 @@
+package ee.sk.siddemo.controller;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.model.UserRequest;
+import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SmartIdV3NotificationBasedCertificateChoiceService;
+import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
+import ee.sk.smartid.v3.SessionType;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+import jakarta.validation.Valid;
+
+@Controller
+public class SmartIdV3NotificationBasedCertificateChoiceController {
+
+    private final Logger logger = LoggerFactory.getLogger(SmartIdV3NotificationBasedCertificateChoiceController.class);
+
+    private final SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+    private final DynamicContentService dynamicContentService;
+
+    public SmartIdV3NotificationBasedCertificateChoiceController(SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService,
+                                                                 SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
+                                                                 DynamicContentService dynamicContentService) {
+        this.smartIdV3NotificationBasedCertificateChoiceService = smartIdV3NotificationBasedCertificateChoiceService;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+        this.dynamicContentService = dynamicContentService;
+    }
+
+
+    @PostMapping(value = "/v3/notification-based/start-certificate-choice-with-person-code")
+    public ModelAndView startNotificationCertificateChoiceWithPersonCode(ModelMap model,
+                                                                         HttpServletRequest request,
+                                                                         @ModelAttribute("certUserRequest") @Valid UserRequest certUserRequest,
+                                                                         BindingResult bindingResult) {
+        if (bindingResult.hasErrors()) {
+            return new ModelAndView("v3/main", "certUserRequest", certUserRequest);
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(session, certUserRequest);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/notification-based/certificate-choice", model);
+    }
+
+    @GetMapping(value = "/v3/notification-based/check-certificate-choice-status")
+    @ResponseBody
+    public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSession session) {
+        boolean checkCompleted;
+        try {
+            checkCompleted = smartIdV3NotificationBasedCertificateChoiceService.checkCertificateChoiceStatus(session);
+        } catch (SidOperationException ex) {
+            logger.error("Error occurred while checking authentication status", ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("errorMessage", ex.getMessage()));
+        }
+        if (checkCompleted) {
+            logger.debug("Session status: COMPLETED");
+            return ResponseEntity.ok(Map.of("sessionStatus", "COMPLETED"));
+        }
+
+        // Generate QR-code and dynamic link
+        logger.debug("Generate dynamic content for session {}", session.getId());
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session, SessionType.CERTIFICATE_CHOICE);
+        Map<String, String> content = new HashMap<>();
+        content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
+        content.put("qrCode", dynamicContent.getQrCode());
+        return ResponseEntity.ok(content);
+    }
+
+    @GetMapping(value = "/v3/notification-based/certificate-choice-result")
+    public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
+        String documentNumber = (String) session.getAttribute("documentNumber");
+        String distinguishedName = (String) session.getAttribute("distinguishedName");
+        model.addAttribute("documentNumber", documentNumber);
+        model.addAttribute("distinguishedName", distinguishedName);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/notification-based/certificate-choice-result", model);
+    }
+
+    @GetMapping(value = "/v3/notification-based/cancel-certificate-choice")
+    public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
+        resetSession(request);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/main", model);
+    }
+
+    private HttpSession resetSession(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        if (session != null) {
+            smartIdV3SessionsStatusService.cancelPolling(session.getId());
+            session.invalidate();
+        }
+        // Create a new session
+        session = request.getSession(true);
+        return session;
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
similarity index 94%
rename from src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java
rename to src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
index bd93540..fb093c3 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3CertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
@@ -20,15 +20,15 @@
 import jakarta.servlet.http.HttpSession;
 
 @Service
-public class SmartIdV3CertificateChoiceService {
+public class SmartIdV3DynamicLinkCertificateChoiceService {
 
-    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3CertificateChoiceService.class);
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3DynamicLinkCertificateChoiceService.class);
 
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
 
-    public SmartIdV3CertificateChoiceService(SmartIdClient smartIdClientV3,
-                                             SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
+    public SmartIdV3DynamicLinkCertificateChoiceService(SmartIdClient smartIdClientV3,
+                                                        SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
         this.smartIdClientV3 = smartIdClientV3;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
     }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
new file mode 100644
index 0000000..4f8f44c
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
@@ -0,0 +1,77 @@
+package ee.sk.siddemo.services;
+
+import java.security.cert.X509Certificate;
+import java.util.Optional;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.UserRequest;
+import ee.sk.smartid.CertificateParser;
+import ee.sk.smartid.exception.useraction.SessionTimeoutException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v3.CertificateLevel;
+import ee.sk.smartid.v3.ErrorResultHandler;
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.NotificationCertificateChoiceSessionResponse;
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+import jakarta.servlet.http.HttpSession;
+import jakarta.validation.Valid;
+
+@Service
+public class SmartIdV3NotificationBasedCertificateChoiceService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3NotificationBasedCertificateChoiceService.class);
+
+    private final SmartIdClient smartIdClientV3;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+
+    public SmartIdV3NotificationBasedCertificateChoiceService(SmartIdClient smartIdClientV3,
+                                                              SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
+        this.smartIdClientV3 = smartIdClientV3;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+    }
+
+    public void startCertificateChoice(HttpSession session, @Valid UserRequest userRequest) {
+        var semanticsIdentifier = new SemanticsIdentifier(SemanticsIdentifier.IdentityType.PNO, userRequest.getCountry(), userRequest.getNationalIdentityNumber());
+        NotificationCertificateChoiceSessionResponse response = smartIdClientV3.createNotificationCertificateChoice()
+                .withCertificateLevel(CertificateLevel.QSCD)
+                .withSemanticsIdentifier(semanticsIdentifier)
+                .initCertificateChoice();
+
+        smartIdV3SessionsStatusService.startPolling(session, response.getSessionID());
+    }
+
+    public boolean checkCertificateChoiceStatus(HttpSession session) {
+        Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
+        return sessionStatus
+                .map(ss -> {
+                    if (ss.getState().equals("COMPLETE")) {
+                        saveValidateResponse(session, ss);
+                        session.setAttribute("session_status", "COMPLETED");
+                        logger.debug("Mobile device IP address: {}", ss.getDeviceIpAddress());
+                        return true;
+                    }
+                    return false;
+                })
+                .orElse(false);
+    }
+
+    private static void saveValidateResponse(HttpSession session, SessionStatus status) {
+        try {
+            // validate sessions status does not contain errors
+            if (!"OK".equals(status.getResult().getEndResult())) {
+                ErrorResultHandler.handle(status.getResult().getEndResult());
+            }
+            // TODO - 17.12.24: uncomment when anonymous certificate choice is supported by RP API v3
+            X509Certificate certificate = CertificateParser.parseX509Certificate(status.getCert().getValue());
+            String distinguishedName = certificate.getSubjectX500Principal().getName();
+            session.setAttribute("distinguishedName", distinguishedName);
+            session.setAttribute("documentNumber", status.getResult().getDocumentNumber());
+        } catch (SessionTimeoutException ex) {
+            throw new SidOperationException("Session timed out", ex);
+        }
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
index 42c00e7..4e02e61 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3SessionsStatusService.java
@@ -32,7 +32,11 @@ public SmartIdV3SessionsStatusService(SmartIdClient smartIdClientV3) {
     }
 
     public void startPolling(HttpSession httpSession, DynamicLinkSessionResponse response) {
-        Callable<SessionStatus> task = () -> initPolling(response.getSessionID());
+        startPolling(httpSession, response.getSessionID());
+    }
+
+    public void startPolling(HttpSession httpSession, String sessionId) {
+        Callable<SessionStatus> task = () -> initPolling(sessionId);
         Future<?> future = Executors.newSingleThreadExecutor().submit(task);
         sessions.put(httpSession.getId(), future);
     }
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
index bba73d4..1d74303 100644
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@@ -12,7 +12,7 @@
 
 
     <!-- LOG everything at INFO level -->
-    <root level="debug">
+    <root level="trace">
         <appender-ref ref="Console" />
     </root>
 
diff --git a/src/main/resources/templates/v3/certificate-choice-result.html b/src/main/resources/templates/v3/dynamic-link/certificate-choice-result.html
similarity index 78%
rename from src/main/resources/templates/v3/certificate-choice-result.html
rename to src/main/resources/templates/v3/dynamic-link/certificate-choice-result.html
index f082606..e2c090f 100644
--- a/src/main/resources/templates/v3/certificate-choice-result.html
+++ b/src/main/resources/templates/v3/dynamic-link/certificate-choice-result.html
@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
-    <link href="../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+    <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
 </head>
 
 <body>
diff --git a/src/main/resources/templates/v3/certificate-choice.html b/src/main/resources/templates/v3/dynamic-link/certificate-choice.html
similarity index 86%
rename from src/main/resources/templates/v3/certificate-choice.html
rename to src/main/resources/templates/v3/dynamic-link/certificate-choice.html
index f6b2e14..d6f6092 100644
--- a/src/main/resources/templates/v3/certificate-choice.html
+++ b/src/main/resources/templates/v3/dynamic-link/certificate-choice.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
-    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
     <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
 
     <style>
@@ -67,7 +67,7 @@ <h5> Link content</h5>
             </div>
         </div>
         <div class="container text-center">
-            <a th:href="@{/v3/cancel-certificate-choice}" class="btn btn-outline-dark">Cancel</a>
+            <a th:href="@{/v3/dynamic-link/cancel-certificate-choice}" class="btn btn-outline-dark">Cancel</a>
         </div>
     </div>
 </div>
@@ -75,13 +75,13 @@ <h5> Link content</h5>
 <script th:src="@{/js/bootstrap.js}"></script>
 <script type="text/javascript">
     function loadContent() {
-        fetch('/v3/check-certificate-choice-status')
+        fetch('/v3/dyanmic-link/check-certificate-choice-status')
             .then(response => response.json())
             .then(data => {
                 if (data.errorMessage !== undefined) {
-                    window.location.href = '/certificate-choice-session-error?errorMessage=' + data.errorMessage;
+                    window.location.href = '/v3/dynamic-link/certificate-choice-session-error?errorMessage=' + data.errorMessage;
                 } else if (data.sessionStatus === 'COMPLETED') {
-                    window.location.href = '/v3/certificate-choice-result';
+                    window.location.href = '/v3/dynamic-link/certificate-choice-result';
                 } else {
                     document.getElementById("qr-code").src = data.qrCode;
                     document.getElementById("dynamic-link").href = data.dynamicLink;
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index e970aef..a4349a7 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -73,7 +73,9 @@ <h1>Smart-ID</h1>
                                 </div>
 
                                 <div class="container d-none auth-area" id="dynamic-link-person-code-authentication">
-                                    <form action="v3/start-authentication-with-person-code" th:object="${userRequest}" method="POST"
+                                    <form action="v3/start-authentication-with-person-code"
+                                          th:object="${authUserRequest}"
+                                          method="POST"
                                           class="form-action">
                                         <div class="text-center">
                                             <h1>Smart-ID</h1>
@@ -163,11 +165,11 @@ <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
 
                         <!-- Content -->
                         <div class="col-md-8 p-3">
-                            <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100 certification-choice-btn">
+                            <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
                                 <div class="container certification-choice-area" id="anonymous-certificate-choice">
                                     <div class="text-center">
                                         <h1>Smart-ID</h1>
-                                        <a th:href="@{/v3/start-certificate-choice}" class="btn btn-primary">Certificate choice</a>
+                                        <a th:href="@{/v3/dynamic-link/start-certificate-choice}" class="btn btn-primary">Certificate choice</a>
                                         <p>
                                             Certificate choice should be used with signing a file. For testing purposes this demo is provided
                                             for only testing this single flow
@@ -176,8 +178,39 @@ <h1>Smart-ID</h1>
                                 </div>
 
                                 <div class="container d-none certification-choice-area" id="person-code-certificate-choice">
-                                    <!--todo: implement-->
-                                    Person code certificate choice
+                                    <form action="/v3/notification-based/start-certificate-choice-with-person-code"
+                                          th:object="${certUserRequest}"
+                                          method="POST"
+                                          class="form-action">
+                                        <div class="text-center">
+                                            <h1>Smart-ID</h1>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="cert-choice-country"> Select country </label>
+                                            <select th:field="*{country}" id="cert-choice-country" class="form-control" name="country">
+                                                <option th:value="'EE'" value="EE">Estonia</option>
+                                                <option th:value="'LV'" value="LV">Latvia</option>
+                                                <option th:value="'LT'" th:text="Lithuania"></option>
+                                                <option th:value="'BE'" th:text="Belgium"></option>
+                                            </select>
+                                            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                                                country Error
+                                            </div>
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="cert-choice-person-code">Person code</label>
+                                            <input th:field="*{nationalIdentityNumber}" type="text" id="cert-choice-person-code" class="form-control"
+                                                   placeholder="Enter person code" name="personCode">
+                                            <div th:if="${#fields.hasErrors('nationalIdentityNumber')}" th:errors="*{nationalIdentityNumber}"
+                                                 style="color:red">
+                                                nationalIdentityNumber Error
+                                            </div>
+                                        </div>
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Certificate choice</button>
+                                        </div>
+                                    </form>
                                 </div>
 
                                 <div class="container d-none certification-choice-area" id="document-number-certificate-choice">
diff --git a/src/main/resources/templates/v3/notification-based/certificate-choice-result.html b/src/main/resources/templates/v3/notification-based/certificate-choice-result.html
new file mode 100644
index 0000000..e2c090f
--- /dev/null
+++ b/src/main/resources/templates/v3/notification-based/certificate-choice-result.html
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
+    <h1> Certificate choice result</h1>
+    <p>
+        <span th:text="${documentNumber}"></span>
+        <br>
+        <span th:text="${distinguishedName}"></span>
+    </p>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/notification-based/certificate-choice.html b/src/main/resources/templates/v3/notification-based/certificate-choice.html
new file mode 100644
index 0000000..fc92f9c
--- /dev/null
+++ b/src/main/resources/templates/v3/notification-based/certificate-choice.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+<main>
+    <div class="d-flex align-items-center">
+        <div class="spinner-border ml-auto m-3" role="status" aria-hidden="true"></div>
+        <strong>Querying certificate ...</strong>
+    </div>
+</main>
+<script th:src="@{/js/bootstrap.js}"></script>
+<script type="text/javascript">
+    function loadContent() {
+        fetch('/v3/notification-based/check-certificate-choice-status')
+            .then(response => response.json())
+            .then(data => {
+                if (data.errorMessage !== undefined) {
+                    window.location.href = '/v3/notification-based/certificate-choice-session-error?errorMessage=' + data.errorMessage;
+                } else if (data.sessionStatus === 'COMPLETED') {
+                    window.location.href = '/v3/notification-based/certificate-choice-result';
+                }
+            })
+            .catch(error => console.log('Error:', error));
+    }
+
+    window.onload = loadContent;
+</script>
+</body>
+
+</html>
\ No newline at end of file

From 9192041abf126283e4a4408215ac3447f7c2d124 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Mon, 27 Jan 2025 15:25:25 +0200
Subject: [PATCH 12/20] SLIB-76 - fix status refresh issues

---
 ...ationBasedCertificateChoiceController.java | 24 ++++---------------
 ...ficationBasedCertificateChoiceService.java |  9 +++----
 .../certificate-choice-result.html            |  2 --
 .../certificate-choice.html                   |  2 ++
 4 files changed, 12 insertions(+), 25 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
index 2259da2..bb483dc 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -1,6 +1,5 @@
 package ee.sk.siddemo.controller;
 
-import java.util.HashMap;
 import java.util.Map;
 
 import org.slf4j.Logger;
@@ -17,12 +16,9 @@
 import org.springframework.web.servlet.ModelAndView;
 
 import ee.sk.siddemo.exception.SidOperationException;
-import ee.sk.siddemo.model.DynamicContent;
 import ee.sk.siddemo.model.UserRequest;
-import ee.sk.siddemo.services.DynamicContentService;
 import ee.sk.siddemo.services.SmartIdV3NotificationBasedCertificateChoiceService;
 import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
-import ee.sk.smartid.v3.SessionType;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpSession;
 import jakarta.validation.Valid;
@@ -34,17 +30,13 @@ public class SmartIdV3NotificationBasedCertificateChoiceController {
 
     private final SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
-    private final DynamicContentService dynamicContentService;
 
     public SmartIdV3NotificationBasedCertificateChoiceController(SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService,
-                                                                 SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
-                                                                 DynamicContentService dynamicContentService) {
+                                                                 SmartIdV3SessionsStatusService smartIdV3SessionsStatusService) {
         this.smartIdV3NotificationBasedCertificateChoiceService = smartIdV3NotificationBasedCertificateChoiceService;
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
-        this.dynamicContentService = dynamicContentService;
     }
 
-
     @PostMapping(value = "/v3/notification-based/start-certificate-choice-with-person-code")
     public ModelAndView startNotificationCertificateChoiceWithPersonCode(ModelMap model,
                                                                          HttpServletRequest request,
@@ -73,21 +65,15 @@ public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSess
             logger.debug("Session status: COMPLETED");
             return ResponseEntity.ok(Map.of("sessionStatus", "COMPLETED"));
         }
-
-        // Generate QR-code and dynamic link
-        logger.debug("Generate dynamic content for session {}", session.getId());
-        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session, SessionType.CERTIFICATE_CHOICE);
-        Map<String, String> content = new HashMap<>();
-        content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
-        content.put("qrCode", dynamicContent.getQrCode());
-        return ResponseEntity.ok(content);
+        return ResponseEntity.ok(Map.of("sessionStatus", "IN_PROGRESS"));
     }
 
     @GetMapping(value = "/v3/notification-based/certificate-choice-result")
     public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
-        String documentNumber = (String) session.getAttribute("documentNumber");
         String distinguishedName = (String) session.getAttribute("distinguishedName");
-        model.addAttribute("documentNumber", documentNumber);
+        if (distinguishedName == null) {
+            return new ModelAndView("v3/main", model);
+        }
         model.addAttribute("distinguishedName", distinguishedName);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/notification-based/certificate-choice-result", model);
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
index 4f8f44c..0b76c0a 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
@@ -1,6 +1,8 @@
 package ee.sk.siddemo.services;
 
 import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Optional;
 
 import org.slf4j.Logger;
@@ -25,6 +27,8 @@ public class SmartIdV3NotificationBasedCertificateChoiceService {
 
     private static final Logger logger = LoggerFactory.getLogger(SmartIdV3NotificationBasedCertificateChoiceService.class);
 
+    private static final Map<String, String> oidMap = Map.of("2.5.4.5", "serialNumber", "2.5.4.42", "givenName", "2.5.4.4", "surname");
+
     private final SmartIdClient smartIdClientV3;
     private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
 
@@ -61,15 +65,12 @@ public boolean checkCertificateChoiceStatus(HttpSession session) {
 
     private static void saveValidateResponse(HttpSession session, SessionStatus status) {
         try {
-            // validate sessions status does not contain errors
             if (!"OK".equals(status.getResult().getEndResult())) {
                 ErrorResultHandler.handle(status.getResult().getEndResult());
             }
-            // TODO - 17.12.24: uncomment when anonymous certificate choice is supported by RP API v3
             X509Certificate certificate = CertificateParser.parseX509Certificate(status.getCert().getValue());
-            String distinguishedName = certificate.getSubjectX500Principal().getName();
+            String distinguishedName = certificate.getSubjectX500Principal().getName("RFC1779", oidMap);
             session.setAttribute("distinguishedName", distinguishedName);
-            session.setAttribute("documentNumber", status.getResult().getDocumentNumber());
         } catch (SessionTimeoutException ex) {
             throw new SidOperationException("Session timed out", ex);
         }
diff --git a/src/main/resources/templates/v3/notification-based/certificate-choice-result.html b/src/main/resources/templates/v3/notification-based/certificate-choice-result.html
index e2c090f..93c05b5 100644
--- a/src/main/resources/templates/v3/notification-based/certificate-choice-result.html
+++ b/src/main/resources/templates/v3/notification-based/certificate-choice-result.html
@@ -15,8 +15,6 @@
 <div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
     <h1> Certificate choice result</h1>
     <p>
-        <span th:text="${documentNumber}"></span>
-        <br>
         <span th:text="${distinguishedName}"></span>
     </p>
 </div>
diff --git a/src/main/resources/templates/v3/notification-based/certificate-choice.html b/src/main/resources/templates/v3/notification-based/certificate-choice.html
index fc92f9c..02cd767 100644
--- a/src/main/resources/templates/v3/notification-based/certificate-choice.html
+++ b/src/main/resources/templates/v3/notification-based/certificate-choice.html
@@ -27,6 +27,8 @@
                     window.location.href = '/v3/notification-based/certificate-choice-session-error?errorMessage=' + data.errorMessage;
                 } else if (data.sessionStatus === 'COMPLETED') {
                     window.location.href = '/v3/notification-based/certificate-choice-result';
+                } else {
+                    setTimeout(loadContent, 1000);
                 }
             })
             .catch(error => console.log('Error:', error));

From 66d6760f60821416b372261a1e44e62e4985cd6d Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Mon, 27 Jan 2025 23:37:27 +0200
Subject: [PATCH 13/20] SLIB-76 - add querying certificate by document number

---
 ...ationBasedCertificateChoiceController.java | 15 ++++++++++
 ...ficationBasedCertificateChoiceService.java | 11 ++++++-
 src/main/resources/templates/v3/main.html     | 30 ++++++++++++++++---
 3 files changed, 51 insertions(+), 5 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
index bb483dc..39ceeab 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -16,6 +16,7 @@
 import org.springframework.web.servlet.ModelAndView;
 
 import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.siddemo.services.SmartIdV3NotificationBasedCertificateChoiceService;
 import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
@@ -51,6 +52,20 @@ public ModelAndView startNotificationCertificateChoiceWithPersonCode(ModelMap mo
         return new ModelAndView("v3/notification-based/certificate-choice", model);
     }
 
+    @PostMapping(value = "/v3/notification-based/start-certificate-choice-with-document-number")
+    public ModelAndView startNotificationCertificateChoiceWithDocumentNumber(ModelMap model,
+                                                                         HttpServletRequest request,
+                                                                         @ModelAttribute("userDocumentNumberRequest") @Valid UserDocumentNumberRequest userDocumentNumberRequest,
+                                                                         BindingResult bindingResult) {
+        if (bindingResult.hasErrors()) {
+            return new ModelAndView("v3/main", "userDocumentNumberRequest", userDocumentNumberRequest);
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(session, userDocumentNumberRequest);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("v3/notification-based/certificate-choice", model);
+    }
+
     @GetMapping(value = "/v3/notification-based/check-certificate-choice-status")
     @ResponseBody
     public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSession session) {
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
index 0b76c0a..adbd535 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
@@ -1,7 +1,6 @@
 package ee.sk.siddemo.services;
 
 import java.security.cert.X509Certificate;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
 
@@ -10,6 +9,7 @@
 import org.springframework.stereotype.Service;
 
 import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.CertificateParser;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
@@ -48,6 +48,15 @@ public void startCertificateChoice(HttpSession session, @Valid UserRequest userR
         smartIdV3SessionsStatusService.startPolling(session, response.getSessionID());
     }
 
+    public void startCertificateChoice(HttpSession session, @Valid UserDocumentNumberRequest userDocumentNumberRequest) {
+        NotificationCertificateChoiceSessionResponse response = smartIdClientV3.createNotificationCertificateChoice()
+                .withCertificateLevel(CertificateLevel.QUALIFIED)
+                .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
+                .initCertificateChoice();
+
+        smartIdV3SessionsStatusService.startPolling(session, response.getSessionID());
+    }
+
     public boolean checkCertificateChoiceStatus(HttpSession session) {
         Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
         return sessionStatus
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index a58b488..aca8972 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -118,8 +118,11 @@ <h1>Smart-ID</h1>
                                         </div>
 
                                         <div class="form-group">
-                                            <label for="document-number"> Document number</label>
-                                            <input th:field="*{documentNumber}" type="text" id="document-number" class="form-control"
+                                            <label for="dynamic-link-auth-document-number"> Document number</label>
+                                            <input th:field="*{documentNumber}"
+                                                   type="text"
+                                                   id="dynamic-link-auth-document-number"
+                                                   class="form-control"
                                                    placeholder="Enter document number">
                                         </div>
 
@@ -218,8 +221,27 @@ <h1>Smart-ID</h1>
                                 </div>
 
                                 <div class="container d-none certification-choice-area" id="document-number-certificate-choice">
-                                    <!--todo: implement-->
-                                    Document number certificate choice
+                                    <form method="POST"
+                                          th:action="@{/v3/notification-based/start-certificate-choice-with-document-number}"
+                                          th:object="${userDocumentNumberRequest}"
+                                          class="form-action">
+                                        <div class="text-center">
+                                            <h1>Smart-ID</h1>
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="notification-cert-choice-document-number"> Document number</label>
+                                            <input th:field="*{documentNumber}"
+                                                   type="text"
+                                                   id="notification-cert-choice-document-number"
+                                                   class="form-control"
+                                                   placeholder="Enter document number">
+                                        </div>
+
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Query certificate</button>
+                                        </div>
+                                    </form>
                                 </div>
                             </div>
                         </div>

From 878e392e43675ba17f148872ba3f54d61a71cd9e Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Mon, 27 Jan 2025 23:49:14 +0200
Subject: [PATCH 14/20] SLIB-76 - add license headers

---
 ...ynamicLinkCertificateChoiceController.java | 22 +++++++++++++++++++
 ...ationBasedCertificateChoiceController.java | 22 +++++++++++++++++++
 ...V3DynamicLinkCertificateChoiceService.java | 22 +++++++++++++++++++
 ...ficationBasedCertificateChoiceService.java | 22 +++++++++++++++++++
 4 files changed, 88 insertions(+)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
index a1902f1..b55349a 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
@@ -1,5 +1,27 @@
 package ee.sk.siddemo.controller;
 
+/*-
+ * #%L
+ * Smart-ID sample Java client
+ * %%
+ * Copyright (C) 2018 - 2025 SK ID Solutions AS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ */
+
 import java.util.HashMap;
 import java.util.Map;
 
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
index 39ceeab..69e0728 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -1,5 +1,27 @@
 package ee.sk.siddemo.controller;
 
+/*-
+ * #%L
+ * Smart-ID sample Java client
+ * %%
+ * Copyright (C) 2018 - 2025 SK ID Solutions AS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ */
+
 import java.util.Map;
 
 import org.slf4j.Logger;
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
index fb093c3..e04299d 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
@@ -1,5 +1,27 @@
 package ee.sk.siddemo.services;
 
+/*-
+ * #%L
+ * Smart-ID sample Java client
+ * %%
+ * Copyright (C) 2018 - 2025 SK ID Solutions AS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ */
+
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.time.Instant;
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
index adbd535..7cbe8d9 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
@@ -1,5 +1,27 @@
 package ee.sk.siddemo.services;
 
+/*-
+ * #%L
+ * Smart-ID sample Java client
+ * %%
+ * Copyright (C) 2018 - 2025 SK ID Solutions AS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Lesser Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Lesser Public
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/lgpl-3.0.html>.
+ * #L%
+ */
+
 import java.security.cert.X509Certificate;
 import java.util.Map;
 import java.util.Optional;

From e684e17faa6f90075b1a3c8d51b9d86eb2f3f2fa Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 28 Jan 2025 10:14:56 +0200
Subject: [PATCH 15/20] SLIB-76 - clean up code

---
 .../sk/siddemo/SmartIdJavaDemoApplication.java   |  4 ++--
 .../SmartIdV3AuthenticationStatusController.java |  2 +-
 .../siddemo/controller/SmartIdV3Controller.java  |  9 ++-------
 ...V3DynamicLinkCertificateChoiceController.java |  4 ++--
 ...ficationBasedCertificateChoiceController.java | 16 ++++++++--------
 .../SmartIdV2AuthenticationServiceImpl.java      |  1 -
 .../services/SmartIdV2SignatureServiceImpl.java  | 12 ++++++------
 ...tIdV3DynamicLinkCertificateChoiceService.java |  4 ++--
 ...otificationBasedCertificateChoiceService.java |  4 ++--
 src/main/resources/templates/v3/main.html        |  5 ++---
 10 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/SmartIdJavaDemoApplication.java b/src/main/java/ee/sk/siddemo/SmartIdJavaDemoApplication.java
index 8cd3765..64e8494 100644
--- a/src/main/java/ee/sk/siddemo/SmartIdJavaDemoApplication.java
+++ b/src/main/java/ee/sk/siddemo/SmartIdJavaDemoApplication.java
@@ -10,12 +10,12 @@
  * it under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation, either version 3 of the
  * License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Lesser Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Lesser Public
  * License along with this program.  If not, see
  * <http://www.gnu.org/licenses/lgpl-3.0.html>.
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
index 4a831b0..52f4def 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3AuthenticationStatusController.java
@@ -81,7 +81,7 @@ public ResponseEntity<Map<String, String>> checkAuthenticationStatus(HttpSession
 
     @GetMapping(value = "/auth-session-error")
     public ModelAndView handleAuthenticationSessionErrors(@RequestParam(value = "errorMessage", required = false) String errorMessage,
-                                                    ModelMap model) {
+                                                          ModelMap model) {
         model.addAttribute("errorMessage", errorMessage);
         return new ModelAndView("sidOperationError", model);
     }
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
index 89f74a7..b2a9959 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3Controller.java
@@ -52,13 +52,8 @@ public SmartIdV3Controller(SmartIdV3AuthenticationService smartIdV3Authenticatio
         this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
     }
 
-    @ModelAttribute("certUserRequest")
-    public UserRequest certUserRequest() {
-        return new UserRequest();
-    }
-
-    @ModelAttribute("authUserRequest")
-    public UserRequest authUserRequest() {
+    @ModelAttribute("userRequest")
+    public UserRequest userRequest() {
         return new UserRequest();
     }
 
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
index b55349a..63b29d9 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
@@ -10,12 +10,12 @@
  * it under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation, either version 3 of the
  * License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Lesser Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Lesser Public
  * License along with this program.  If not, see
  * <http://www.gnu.org/licenses/lgpl-3.0.html>.
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
index 69e0728..c13e825 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -10,12 +10,12 @@
  * it under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation, either version 3 of the
  * License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Lesser Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Lesser Public
  * License along with this program.  If not, see
  * <http://www.gnu.org/licenses/lgpl-3.0.html>.
@@ -63,22 +63,22 @@ public SmartIdV3NotificationBasedCertificateChoiceController(SmartIdV3Notificati
     @PostMapping(value = "/v3/notification-based/start-certificate-choice-with-person-code")
     public ModelAndView startNotificationCertificateChoiceWithPersonCode(ModelMap model,
                                                                          HttpServletRequest request,
-                                                                         @ModelAttribute("certUserRequest") @Valid UserRequest certUserRequest,
+                                                                         @ModelAttribute("userRequest") @Valid UserRequest userRequest,
                                                                          BindingResult bindingResult) {
         if (bindingResult.hasErrors()) {
-            return new ModelAndView("v3/main", "certUserRequest", certUserRequest);
+            return new ModelAndView("v3/main", "userRequest", userRequest);
         }
         HttpSession session = resetSession(request);
-        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(session, certUserRequest);
+        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(session, userRequest);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/notification-based/certificate-choice", model);
     }
 
     @PostMapping(value = "/v3/notification-based/start-certificate-choice-with-document-number")
     public ModelAndView startNotificationCertificateChoiceWithDocumentNumber(ModelMap model,
-                                                                         HttpServletRequest request,
-                                                                         @ModelAttribute("userDocumentNumberRequest") @Valid UserDocumentNumberRequest userDocumentNumberRequest,
-                                                                         BindingResult bindingResult) {
+                                                                             HttpServletRequest request,
+                                                                             @ModelAttribute("userDocumentNumberRequest") @Valid UserDocumentNumberRequest userDocumentNumberRequest,
+                                                                             BindingResult bindingResult) {
         if (bindingResult.hasErrors()) {
             return new ModelAndView("v3/main", "userDocumentNumberRequest", userDocumentNumberRequest);
         }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
index 7743e08..6afeadd 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2AuthenticationServiceImpl.java
@@ -34,7 +34,6 @@
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.AuthenticationSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
-
 import ee.sk.smartid.AuthenticationIdentity;
 import ee.sk.smartid.exception.UnprocessableSmartIdResponseException;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
index f8af50d..ac21578 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV2SignatureServiceImpl.java
@@ -50,18 +50,18 @@
 import ee.sk.siddemo.model.SigningSessionInfo;
 import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.HashType;
-import ee.sk.smartid.rest.dao.SemanticsIdentifier;
-import ee.sk.smartid.v2.SignableData;
-import ee.sk.smartid.v2.SignableHash;
-import ee.sk.smartid.v2.SmartIdCertificate;
-import ee.sk.smartid.v2.SmartIdClient;
-import ee.sk.smartid.v2.SmartIdSignature;
 import ee.sk.smartid.exception.permanent.ServerMaintenanceException;
 import ee.sk.smartid.exception.useraccount.DocumentUnusableException;
 import ee.sk.smartid.exception.useraccount.UserAccountNotFoundException;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
 import ee.sk.smartid.exception.useraction.UserRefusedException;
 import ee.sk.smartid.exception.useraction.UserSelectedWrongVerificationCodeException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+import ee.sk.smartid.v2.SignableData;
+import ee.sk.smartid.v2.SignableHash;
+import ee.sk.smartid.v2.SmartIdCertificate;
+import ee.sk.smartid.v2.SmartIdClient;
+import ee.sk.smartid.v2.SmartIdSignature;
 import ee.sk.smartid.v2.rest.dao.Interaction;
 
 @Service
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
index e04299d..65d721d 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkCertificateChoiceService.java
@@ -10,12 +10,12 @@
  * it under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation, either version 3 of the
  * License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Lesser Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Lesser Public
  * License along with this program.  If not, see
  * <http://www.gnu.org/licenses/lgpl-3.0.html>.
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
index 7cbe8d9..bd04c80 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3NotificationBasedCertificateChoiceService.java
@@ -10,12 +10,12 @@
  * it under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation, either version 3 of the
  * License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Lesser Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Lesser Public
  * License along with this program.  If not, see
  * <http://www.gnu.org/licenses/lgpl-3.0.html>.
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index aca8972..9db381c 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -75,7 +75,7 @@ <h1>Smart-ID</h1>
                                 <div class="container d-none auth-area" id="dynamic-link-person-code-authentication">
                                     <form method="POST"
                                           th:action="@{/v3/start-authentication-with-person-code}"
-                                          th:object="${authUserRequest}"
+                                          th:object="${userRequest}"
                                           class="form-action">
                                         <div class="text-center">
                                             <h1>Smart-ID</h1>
@@ -187,7 +187,7 @@ <h1>Smart-ID</h1>
                                 <div class="container d-none certification-choice-area" id="person-code-certificate-choice">
                                     <form method="POST"
                                           th:action="@{/v3/notification-based/start-certificate-choice-with-person-code}"
-                                          th:object="${certUserRequest}"
+                                          th:object="${userRequest}"
                                           class="form-action">
                                         <div class="text-center">
                                             <h1>Smart-ID</h1>
@@ -300,7 +300,6 @@ <h1>Smart-ID</h1>
     });
 
     // handle certificate choice content switching
-    // handle auth content switching
     const certButtons = document.querySelectorAll('.certification-choice-btn');
     const certAreas = document.querySelectorAll('.certification-choice-area');
     certButtons.forEach(button => {

From 2cfe3228ce6fb5a242187609defd5e7aad0aa6a5 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 28 Jan 2025 16:00:27 +0200
Subject: [PATCH 16/20] SLIB-74 - add signing areas

---
 .../v3/dynamic-link/certificate-choice.html   |   2 +-
 src/main/resources/templates/v3/main.html     | 110 +++++++++++-------
 2 files changed, 71 insertions(+), 41 deletions(-)

diff --git a/src/main/resources/templates/v3/dynamic-link/certificate-choice.html b/src/main/resources/templates/v3/dynamic-link/certificate-choice.html
index d6f6092..a4d75e2 100644
--- a/src/main/resources/templates/v3/dynamic-link/certificate-choice.html
+++ b/src/main/resources/templates/v3/dynamic-link/certificate-choice.html
@@ -6,7 +6,7 @@
     <title>Smart-ID</title>
     <!-- Bootstrap core CSS -->
     <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
-    <link href="../../static/css/style.css.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+    <link href="../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
 
     <style>
         .responsive-text {
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index 9db381c..10ec8e0 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -34,6 +34,7 @@
             </ul>
 
             <div class="content-area tab-content" id="v3-flow-tab-panes">
+                <!-- Authentication -->
                 <div class="tab-pane active" id="auth-tab-pane" role="tabpanel" aria-labelledby="auth-tab-pane">
                     <div class="row border rounded p-3 bg-light">
                         <!-- Sidebar -->
@@ -144,6 +145,7 @@ <h1>Smart-ID</h1>
                     </div>
                 </div>
 
+                <!-- Cert choice -->
                 <div class="tab-pane" id="cert-choice-tab-pane" role="tabpanel" aria-labelledby="cert-choice-tab-pane">
                     <div class="row border rounded p-3 bg-light">
 
@@ -248,8 +250,49 @@ <h1>Smart-ID</h1>
                     </div>
                 </div>
 
+                <!-- Signing -->
                 <div class="tab-pane" id="sign-tab-pane" role="tabpanel" aria-labelledby="sign-tab-pane">
-                    Signing tab
+                    <div class="row border rounded p-3 bg-light">
+                        <!-- Sidebar -->
+                        <div class="col-md-4 bg-light border-right p-3" id="signing-sidebar">
+                            <h5 class="text-uppercase fw-bold mb-2">Dynamic link</h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 signing-btn"
+                                   aria-controls="dynamic-link-signing-with-document-number">Sign with document number</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 signing-btn"
+                                   aria-controls="dynamic-link-signing-with-person-code">Sign with person code</a>
+                            </div>
+
+                            <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
+                            <div class="ms-3">
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 signing-btn"
+                                   aria-controls="notification-signing-with-person-code">Signing with person code</a>
+                                <a href="#"
+                                   class="btn btn-outline-dark w-100 mb-1 signing-btn"
+                                   aria-controls="notification-signing-with-document-number">Signing with document number</a>
+                            </div>
+                        </div>
+                        <!-- Content -->
+                        <div class="col-md-8 p-3">
+                            <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
+                                <div class="container signing-area" id="dynamic-link-signing-with-document-number">
+                                    Dynamic-link signing with document number
+                                </div>
+                                <div class="container d-none signing-area" id="dynamic-link-signing-with-person-code">
+                                    Dynamic-link signing with person code
+                                </div>
+                                <div class="container d-none signing-area" id="notification-signing-with-person-code">
+                                    Notification based signing with person code
+                                </div>
+                                <div class="container d-none signing-area" id="notification-signing-with-document-number">
+                                    Notification based signing with document number
+                                </div>
+                            </div>
+                        </div>
+                    </div>
                 </div>
             </div>
 
@@ -278,48 +321,35 @@ <h1>Smart-ID</h1>
         }
     });
 
-    // handle auth content switching
-    const authButtons = document.querySelectorAll('.auth-btn');
-    const authAreas = document.querySelectorAll('.auth-area');
-    authButtons.forEach(button => {
-        button.onclick = function () {
-            authButtons.forEach(button => {
-                button.classList.remove('active');
-            });
-            authAreas.forEach(area => {
-                area.classList.remove('active');
-                area.classList.add('d-none');
-            });
-            button.classList.add('active');
+    // handle area switching
+    function connectButtonClickToArea(buttonClass, areaClass) {
+        const buttons = document.querySelectorAll(buttonClass);
+        const areas = document.querySelectorAll(areaClass);
+        buttons.forEach(button => {
+            button.onclick = function () {
+                // hide all buttons and areas
+                buttons.forEach(button => {
+                    button.classList.remove('active');
+                });
+                areas.forEach(area => {
+                    area.classList.remove('active');
+                    area.classList.add('d-none');
+                });
 
-            const areaId = button.getAttribute('aria-controls');
-            let area = document.getElementById(areaId);
-            area.classList.add('active');
-            area.classList.remove('d-none');
-        }
-    });
+                // show the clicked button and related area
+                button.classList.add('active');
 
-    // handle certificate choice content switching
-    const certButtons = document.querySelectorAll('.certification-choice-btn');
-    const certAreas = document.querySelectorAll('.certification-choice-area');
-    certButtons.forEach(button => {
-        button.onclick = function () {
-            certButtons.forEach(button => {
-                button.classList.remove('active');
-            });
-            certAreas.forEach(area => {
-                area.classList.remove('active');
-                area.classList.add('d-none');
-            });
-            button.classList.add('active');
+                const areaId = button.getAttribute('aria-controls');
+                let area = document.getElementById(areaId);
+                area.classList.add('active');
+                area.classList.remove('d-none');
+            }
+        });
+    }
 
-            const areaId = button.getAttribute('aria-controls');
-            console.log(areaId);
-            let area = document.getElementById(areaId);
-            area.classList.add('active');
-            area.classList.remove('d-none');
-        }
-    });
+    connectButtonClickToArea('.auth-btn', '.auth-area');
+    connectButtonClickToArea('.certification-choice-btn', '.certification-choice-area');
+    connectButtonClickToArea('.signing-btn', '.signing-area');
 </script>
 </body>
 </html>
\ No newline at end of file

From 0c441aff593462307902d8e209987911902d2f3b Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Tue, 4 Feb 2025 23:46:09 +0200
Subject: [PATCH 17/20] SLIB-74 - add signing with document number

---
 .../ee/sk/siddemo/GlobalExceptionHandler.java |   2 +-
 ...artIdV3DynamicLinkSignatureController.java | 125 ++++++++++++
 .../model/UserDocumentNumberRequest.java      |  11 ++
 .../SmartIdV3DynamicLinkSignatureService.java | 180 ++++++++++++++++++
 src/main/resources/templates/error.html       |  10 +-
 .../v3/dynamic-link/signing-result.html       |  28 +++
 .../templates/v3/dynamic-link/signing.html    |  99 ++++++++++
 src/main/resources/templates/v3/main.html     |  28 ++-
 8 files changed, 479 insertions(+), 4 deletions(-)
 create mode 100644 src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
 create mode 100644 src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
 create mode 100644 src/main/resources/templates/v3/dynamic-link/signing-result.html
 create mode 100644 src/main/resources/templates/v3/dynamic-link/signing.html

diff --git a/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
index 85b2699..ce1a9d9 100644
--- a/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
+++ b/src/main/java/ee/sk/siddemo/GlobalExceptionHandler.java
@@ -46,7 +46,7 @@ public ModelAndView handleSidOperationException(SidOperationException exception)
 
     @ExceptionHandler(Exception.class)
     public ModelAndView handleSmartIdException(Exception exception) {
-        logger.warn("Generic error caught", exception);
+        logger.warn("Generic error caught {}", exception.getMessage());
 
         var model = new ModelMap();
         model.addAttribute("errorMessage", exception.getMessage());
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
new file mode 100644
index 0000000..a8ab2bb
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
@@ -0,0 +1,125 @@
+package ee.sk.siddemo.controller;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.DynamicContent;
+import ee.sk.siddemo.model.SigningResult;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
+import ee.sk.siddemo.services.DynamicContentService;
+import ee.sk.siddemo.services.SmartIdV3DynamicLinkSignatureService;
+import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
+import ee.sk.smartid.v3.SessionType;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpSession;
+
+@Controller
+public class SmartIdV3DynamicLinkSignatureController {
+
+    private final Logger logger = LoggerFactory.getLogger(SmartIdV3DynamicLinkSignatureController.class);
+
+    private final SmartIdV3DynamicLinkSignatureService smartIdV3DynamicLinkSignatureService;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+    private final DynamicContentService dynamicContentService;
+
+    public SmartIdV3DynamicLinkSignatureController(SmartIdV3DynamicLinkSignatureService smartIdV3DynamicLinkSignatureService,
+                                                   SmartIdV3SessionsStatusService smartIdV3SessionsStatusService,
+                                                   DynamicContentService dynamicContentService) {
+        this.smartIdV3DynamicLinkSignatureService = smartIdV3DynamicLinkSignatureService;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+        this.dynamicContentService = dynamicContentService;
+    }
+
+    @PostMapping(value = "v3/dynamic-link/start-signing-with-document-number")
+    public ModelAndView sendDynamicLinkSigningRequestWithDocumentNumber(@ModelAttribute("userDocumentNumberRequest") UserDocumentNumberRequest userDocumentNumberRequest,
+                                                                        BindingResult bindingResult,
+                                                                        ModelMap model,
+                                                                        RedirectAttributes redirectAttributes,
+                                                                        HttpServletRequest request) {
+        model.addAttribute("activeTab", "rp-api-v3");
+        if (userDocumentNumberRequest.getFile() == null || userDocumentNumberRequest.getFile().getOriginalFilename() == null || userDocumentNumberRequest.getFile().isEmpty()) {
+            bindingResult.rejectValue("file", "error.file", "Please select a file to upload");
+        }
+
+        if (bindingResult.hasErrors()) {
+            logger.debug("Validation errors: {}", bindingResult.getAllErrors());
+            redirectAttributes.addFlashAttribute("org.springframework.validation.BindingResult.userDocumentNumberRequest", bindingResult);
+            redirectAttributes.addFlashAttribute("userDocumentNumberRequest", userDocumentNumberRequest);
+            return new ModelAndView("redirect:/rp-api-v3");
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3DynamicLinkSignatureService.startSigningWithDocumentNumber(session, userDocumentNumberRequest);
+        return new ModelAndView("v3/dynamic-link/signing", model);
+    }
+
+    @GetMapping(value = "v3/dynamic-link/check-signing-status")
+    @ResponseBody
+    public ResponseEntity<Map<String, String>> checkSigningStatus(HttpSession session) {
+        boolean checkCompleted;
+        try {
+            checkCompleted = smartIdV3DynamicLinkSignatureService.checkSignatureStatus(session);
+        } catch (SidOperationException ex) {
+            logger.error("Error occurred while checking authentication status", ex);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(Map.of("errorMessage", ex.getMessage()));
+        }
+        if (checkCompleted) {
+            logger.debug("Session status: COMPLETED");
+            return ResponseEntity.ok(Map.of("sessionStatus", "COMPLETED"));
+        }
+
+        logger.debug("Generate dynamic content for session {}", session.getId());
+        DynamicContent dynamicContent = dynamicContentService.getDynamicContent(session, SessionType.SIGNATURE);
+        Map<String, String> content = new HashMap<>();
+        content.put("dynamicLink", dynamicContent.getDynamicLink().toString());
+        content.put("qrCode", dynamicContent.getQrCode());
+        return ResponseEntity.ok(content);
+    }
+
+    @GetMapping(value = "/v3/dynamic-link/sign-session-error")
+    public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "errorMessage", required = false) String errorMessage,
+                                                             ModelMap model) {
+        model.addAttribute("errorMessage", errorMessage);
+        model.addAttribute("activeTab", "rp-api-v3");
+        return new ModelAndView("sidOperationError", model);
+    }
+
+    @GetMapping(value = "/v3/dynamic-link/signing-result")
+    public ModelAndView getSigningResult(ModelMap model, HttpSession session) {
+        SigningResult signingResult = smartIdV3DynamicLinkSignatureService.handleSignatureResult(session);
+        model.addAttribute("signingResult", signingResult);
+        return new ModelAndView("v3/dynamic-link/signing-result", model);
+    }
+
+    @GetMapping(value = "/v3/dynamic-link/cancel-signing")
+    public ModelAndView cancelSigning(ModelMap model, HttpServletRequest request) {
+        resetSession(request);
+        return new ModelAndView("redirect:v3/main", model);
+    }
+
+    private HttpSession resetSession(HttpServletRequest request) {
+        HttpSession session = request.getSession();
+        if (session != null) {
+            smartIdV3SessionsStatusService.cancelPolling(session.getId());
+            session.invalidate();
+        }
+        // Create a new session
+        session = request.getSession(true);
+        return session;
+    }
+}
diff --git a/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java b/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
index f69f4f5..ad8dcf2 100644
--- a/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
+++ b/src/main/java/ee/sk/siddemo/model/UserDocumentNumberRequest.java
@@ -22,12 +22,15 @@
  * #L%
  */
 
+import org.springframework.web.multipart.MultipartFile;
+
 import jakarta.validation.constraints.NotNull;
 
 public class UserDocumentNumberRequest {
 
     @NotNull
     private String documentNumber;
+    private MultipartFile file;
 
     public String getDocumentNumber() {
         return documentNumber;
@@ -36,4 +39,12 @@ public String getDocumentNumber() {
     public void setDocumentNumber(String documentNumber) {
         this.documentNumber = documentNumber;
     }
+
+    public MultipartFile getFile() {
+        return file;
+    }
+
+    public void setFile(MultipartFile file) {
+        this.file = file;
+    }
 }
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
new file mode 100644
index 0000000..b4a33b4
--- /dev/null
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
@@ -0,0 +1,180 @@
+package ee.sk.siddemo.services;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.cert.X509Certificate;
+import java.time.Instant;
+import java.util.List;
+import java.util.Optional;
+
+import org.digidoc4j.Configuration;
+import org.digidoc4j.Container;
+import org.digidoc4j.ContainerBuilder;
+import org.digidoc4j.DataFile;
+import org.digidoc4j.DataToSign;
+import org.digidoc4j.DigestAlgorithm;
+import org.digidoc4j.Signature;
+import org.digidoc4j.SignatureBuilder;
+import org.digidoc4j.SignatureProfile;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import org.springframework.web.multipart.MultipartFile;
+
+import ee.sk.siddemo.exception.FileUploadException;
+import ee.sk.siddemo.exception.SidOperationException;
+import ee.sk.siddemo.model.SigningResult;
+import ee.sk.siddemo.model.UserDocumentNumberRequest;
+import ee.sk.smartid.CertificateParser;
+import ee.sk.smartid.HashType;
+import ee.sk.smartid.exception.useraction.SessionTimeoutException;
+import ee.sk.smartid.v3.CertificateLevel;
+import ee.sk.smartid.v3.SignableData;
+import ee.sk.smartid.v3.SignatureResponseMapper;
+import ee.sk.smartid.v3.SingatureResponse;
+import ee.sk.smartid.v3.SmartIdClient;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkInteraction;
+import ee.sk.smartid.v3.rest.dao.DynamicLinkSessionResponse;
+import ee.sk.smartid.v3.rest.dao.SessionCertificate;
+import ee.sk.smartid.v3.rest.dao.SessionStatus;
+import jakarta.servlet.http.HttpSession;
+
+@Service
+public class SmartIdV3DynamicLinkSignatureService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SmartIdV3DynamicLinkSignatureService.class);
+
+    @Value("${app.signed-files-directory}")
+    private String signedFilesDirectory;
+
+    private final SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService;
+    private final SmartIdV3SessionsStatusService smartIdV3SessionsStatusService;
+    private final SmartIdClient smartIdClientV3;
+
+    public SmartIdV3DynamicLinkSignatureService(SmartIdV3NotificationBasedCertificateChoiceService smartIdV3NotificationBasedCertificateChoiceService, SmartIdV3SessionsStatusService smartIdV3SessionsStatusService, SmartIdClient smartIdClientV3) {
+        this.smartIdV3NotificationBasedCertificateChoiceService = smartIdV3NotificationBasedCertificateChoiceService;
+        this.smartIdV3SessionsStatusService = smartIdV3SessionsStatusService;
+        this.smartIdClientV3 = smartIdClientV3;
+    }
+
+    public void startSigningWithDocumentNumber(HttpSession session, UserDocumentNumberRequest userDocumentNumberRequest) {
+        DataFile uploadedFile = getUploadedDataFile(userDocumentNumberRequest.getFile());
+
+        var configuration = new Configuration(Configuration.Mode.TEST);
+        Container container = ContainerBuilder.aContainer()
+                .withConfiguration(configuration)
+                .withDataFile(uploadedFile)
+                .build();
+
+        X509Certificate certificate = getCertificate(session, userDocumentNumberRequest);
+
+        DataToSign dataToSign = SignatureBuilder.aSignature(container)
+                .withSigningCertificate(certificate)
+                .withSignatureDigestAlgorithm(DigestAlgorithm.SHA256)
+                .withSignatureProfile(SignatureProfile.LT)
+                .buildDataToSign();
+
+        var signableData = new SignableData(dataToSign.getDataToSign());
+        signableData.setHashType(HashType.SHA256);
+
+        DynamicLinkSessionResponse sessionResponse = smartIdClientV3.createDynamicLinkSignature()
+                .withCertificateLevel(CertificateLevel.QUALIFIED)
+                .withSignableData(signableData)
+                .withDocumentNumber(userDocumentNumberRequest.getDocumentNumber())
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN("Sign the document!")))
+                .initSignatureSession();
+        Instant responseReceivedTime = Instant.now();
+
+        session.setAttribute("sessionSecret", sessionResponse.getSessionSecret());
+        session.setAttribute("sessionToken", sessionResponse.getSessionToken());
+        session.setAttribute("sessionID", sessionResponse.getSessionID());
+        session.setAttribute("responseReceivedTime", responseReceivedTime);
+        session.setAttribute("signableData", signableData);
+        session.setAttribute("dataToSign", dataToSign);
+        session.setAttribute("container", container);
+
+        smartIdV3SessionsStatusService.startPolling(session, sessionResponse.getSessionID());
+    }
+
+    public boolean checkSignatureStatus(HttpSession session) {
+        Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
+        return sessionStatus
+                .map(status -> {
+                    if (status.getState().equals("COMPLETE")) {
+                        saveValidateResponse(session, status);
+                        session.setAttribute("session_status", "COMPLETED");
+                        logger.debug("Mobile device IP address: {}", status.getDeviceIpAddress());
+                        return true;
+                    }
+                    return false;
+                })
+                .orElse(false);
+    }
+
+    public SigningResult handleSignatureResult(HttpSession session) {
+        var dynamicLinkSignatureResponse = (SingatureResponse) session.getAttribute("signing_response");
+        if (dynamicLinkSignatureResponse == null) {
+            throw new SidOperationException("No signature response found in session");
+        }
+
+        byte[] signatureValue = dynamicLinkSignatureResponse.getSignatureValue();
+        DataToSign dataToSign = (DataToSign) session.getAttribute("dataToSign");
+        Signature signature = dataToSign.finalize(signatureValue);
+
+        Container container = (Container) session.getAttribute("container");
+        container.addSignature(signature);
+        try {
+            File containerFile = File.createTempFile("sid-demo-container-", ".asice");
+            Path targetPath = createSavePath(containerFile);
+            container.saveAsFile(targetPath.toString());
+            return SigningResult.newBuilder()
+                    .withResult("Signing successful")
+                    .withValid(signature.validateSignature().isValid())
+                    .withTimestamp(signature.getTimeStampCreationTime())
+                    .withContainerFilePath(targetPath.toString())
+                    .build();
+        } catch (IOException e) {
+            throw new SidOperationException("Could not create container file.", e);
+        }
+    }
+
+    private DataFile getUploadedDataFile(MultipartFile uploadedFile) {
+        try {
+            return new DataFile(uploadedFile.getInputStream(), uploadedFile.getOriginalFilename(), uploadedFile.getContentType());
+        } catch (IOException e) {
+            throw new FileUploadException(e.getCause());
+        }
+    }
+
+    private X509Certificate getCertificate(HttpSession httpSession, UserDocumentNumberRequest userDocumentNumberRequest) {
+        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(httpSession, userDocumentNumberRequest);
+        Optional<SessionStatus> certSessionStatus;
+        do {
+            certSessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(httpSession.getId());
+        } while (certSessionStatus.isEmpty());
+
+        SessionCertificate sessionCertificate = certSessionStatus.get().getCert();
+        return CertificateParser.parseX509Certificate(sessionCertificate.getValue());
+    }
+
+    private Path createSavePath(File containerFile) {
+        Path targetDir = Paths.get(signedFilesDirectory);
+        File directory = targetDir.toFile();
+        if (!directory.exists()) {
+            directory.mkdirs();
+        }
+        return targetDir.resolve(containerFile.getName());
+    }
+
+    private static void saveValidateResponse(HttpSession session, SessionStatus status) {
+        try {
+            var dynamicLinkSignatureResponse = SignatureResponseMapper.from(status, CertificateLevel.QUALIFIED.name());
+            session.setAttribute("signing_response", dynamicLinkSignatureResponse);
+        } catch (SessionTimeoutException ex) {
+            throw new SidOperationException(ex.getMessage());
+        }
+    }
+}
diff --git a/src/main/resources/templates/error.html b/src/main/resources/templates/error.html
index 1265c54..eaae551 100644
--- a/src/main/resources/templates/error.html
+++ b/src/main/resources/templates/error.html
@@ -40,10 +40,16 @@
 <div class="alert-box">
     <div class="alert alert-secondary" role="alert">
         <h4 class="alert-heading text-center" th:text="${'Error'}"></h4>
+        <div class="text-center">
+            <p th:if="${message != null && message.contains('SizeLimitExceededException')}"
+               th:text="${'Maximum upload size exceeded'}"></p>
 
-        <p class="text-center" th:if="${message != null && message.contains('SizeLimitExceededException')}" th:text="${'Maximum upload size exceeded'}"></p>
-        <p class="text-center" th:if="${message == null || !message.contains('SizeLimitExceededException')}" th:text="${message}"></p>
+            <p th:if="${message == null || !message.contains('SizeLimitExceededException')}"
+               th:text="${message}"></p>
 
+            <p th:if="${errorMessage != null}"
+               th:text="${errorMessage}"></p>
+        </div>
         <p><a href="/">Go to front page</a></p>
     </div>
 </div>
diff --git a/src/main/resources/templates/v3/dynamic-link/signing-result.html b/src/main/resources/templates/v3/dynamic-link/signing-result.html
new file mode 100644
index 0000000..3664b27
--- /dev/null
+++ b/src/main/resources/templates/v3/dynamic-link/signing-result.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center vh-100">
+    <h1> Signing result</h1>
+    <div class="alert alert-secondary" role="alert">
+        <h4 class="alert-heading text-center" th:text="${signingResult.result}"></h4>
+        <h6 th:text="${'Signature is valid: ' + signingResult.valid}" class="text-center"></h6>
+        <h6 th:text="${'Signed at:' + signingResult.timestamp}" class="text-center"></h6>
+        <p th:text="${'Signed container is at: ' + signingResult.containerFilePath}" class="text-center"></p>
+    </div>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/dynamic-link/signing.html b/src/main/resources/templates/v3/dynamic-link/signing.html
new file mode 100644
index 0000000..88e7657
--- /dev/null
+++ b/src/main/resources/templates/v3/dynamic-link/signing.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html lang="et" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <title>Smart-ID</title>
+    <!-- Bootstrap core CSS -->
+    <link href="../../static/css/bootstrap.css" rel="stylesheet" th:href="@{/css/bootstrap.css}"/>
+    <link href="../../../static/css/style.css" rel="stylesheet" th:href="@{/css/style.css}"/>
+
+    <style>
+        .responsive-text {
+            font-size: 1rem;
+        }
+
+        @media (min-width: 768px) {
+            .responsive-text {
+                font-size: 1.5rem;
+            }
+        }
+
+        @media (min-width: 1200px) {
+            .responsive-text {
+                font-size: 2rem;
+            }
+        }
+
+        .qr-area {
+            width: 610px;
+            height: 610px;
+            background: #ffffff;
+        }
+    </style>
+</head>
+
+<body>
+<div th:insert="~{fragments/header :: header}"></div>
+
+<div class="container-fluid d-flex flex-column align-items-center justify-content-center content-area pt-3">
+    <div class="container view-content h-100">
+        <div class="container">
+            <div class="container text-center mt-3">
+                <p class="responsive-text">
+                    Please scan the QR code with the Smart-ID app to proceed
+                </p>
+            </div>
+            <div class="container d-flex align-items-center justify-content-center qr-area">
+                <img src="" class="img-fluid" id="qr-code" alt="QR code">
+            </div>
+        </div>
+
+        <div class="container border-dark pt-3">
+            <div class="container text-center">
+                <p>
+                    Link option is only meant to work on mobile device where Smart-ID app is installed.
+                    If app is not available on your device, then link should direct you to the app store.
+                </p>
+            </div>
+            <div class="container text-center">
+                <a class="btn btn-primary" id="dynamic-link"> To Smart-ID app</a>
+            </div>
+            <div class="container">
+                <h5> Link content</h5>
+                <div class="text-wrap" style="overflow-wrap: break-word">
+                    <p id="link-content"></p>
+                </div>
+            </div>
+        </div>
+        <div class="container text-center">
+            <a th:href="@{/v3/cancel-authentication}" class="btn btn-outline-dark">Cancel</a>
+        </div>
+    </div>
+</div>
+
+<script th:src="@{/js/bootstrap.js}"></script>
+<script type="text/javascript">
+    function loadContent() {
+        fetch('/v3/dynamic-link/check-signing-status')
+            .then(response => response.json())
+            .then(data => {
+                if (data.errorMessage !== undefined) {
+                    window.location.href = '/v3/dynamic-link/sign-session-error?errorMessage=' + data.errorMessage;
+                } else if (data.sessionStatus === 'COMPLETED') {
+                    window.location.href = '/v3/dynamic-link/signing-result';
+                } else {
+                    document.getElementById("qr-code").src = data.qrCode;
+                    document.getElementById("dynamic-link").href = data.dynamicLink;
+                    document.getElementById("link-content").innerText = data.dynamicLink;
+                    setTimeout(loadContent, 1000);
+                }
+            })
+            .catch(error => console.log('Error:', error));
+    }
+
+    window.onload = loadContent;
+</script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index 10ec8e0..dfd1c1e 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -279,7 +279,33 @@ <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
                         <div class="col-md-8 p-3">
                             <div class="container h-100 d-flex align-items-center justify-content-center content-area w-100">
                                 <div class="container signing-area" id="dynamic-link-signing-with-document-number">
-                                    Dynamic-link signing with document number
+                                    <form method="POST"
+                                          th:action="@{/v3/dynamic-link/start-signing-with-document-number}"
+                                          th:object="${userDocumentNumberRequest}"
+                                          class="form-action"
+                                          enctype="multipart/form-data">
+                                        <div class="form-group">
+                                            <label for="dynamic-link-sign-document-number"> Document number</label>
+                                            <input th:field="*{documentNumber}"
+                                                   type="text"
+                                                   id="dynamic-link-sign-document-number"
+                                                   class="form-control"
+                                                   placeholder="Enter document number">
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="document">Document to sign (max 10 MB)</label>
+                                            <input type="file" th:field="*{file}" id="document">
+
+                                            <div th:if="${#fields.hasErrors('file')}" th:errors="*{file}" style="color:red">
+                                                file Error
+                                            </div>
+                                        </div>
+
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Sign</button>
+                                        </div>
+                                    </form>
                                 </div>
                                 <div class="container d-none signing-area" id="dynamic-link-signing-with-person-code">
                                     Dynamic-link signing with person code

From d0664959706f3c7d389a31ec7c4125f4a12baca7 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Wed, 5 Feb 2025 00:23:44 +0200
Subject: [PATCH 18/20] SLIB-74 - add signing with person code

---
 ...artIdV3DynamicLinkSignatureController.java | 24 +++++++++
 .../SmartIdV3DynamicLinkSignatureService.java | 54 +++++++++++++++++++
 src/main/resources/templates/v3/main.html     | 45 ++++++++++++++--
 3 files changed, 120 insertions(+), 3 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
index a8ab2bb..60e66d9 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
@@ -22,6 +22,7 @@
 import ee.sk.siddemo.model.DynamicContent;
 import ee.sk.siddemo.model.SigningResult;
 import ee.sk.siddemo.model.UserDocumentNumberRequest;
+import ee.sk.siddemo.model.UserRequest;
 import ee.sk.siddemo.services.DynamicContentService;
 import ee.sk.siddemo.services.SmartIdV3DynamicLinkSignatureService;
 import ee.sk.siddemo.services.SmartIdV3SessionsStatusService;
@@ -68,6 +69,28 @@ public ModelAndView sendDynamicLinkSigningRequestWithDocumentNumber(@ModelAttrib
         return new ModelAndView("v3/dynamic-link/signing", model);
     }
 
+    @PostMapping(value = "v3/dynamic-link/start-signing-with-person-code")
+    public ModelAndView sendDynamicLinkSigningRequestWithPersonCode(@ModelAttribute("userRequest") UserRequest userRequest,
+                                                                    BindingResult bindingResult,
+                                                                    ModelMap model,
+                                                                    RedirectAttributes redirectAttributes,
+                                                                    HttpServletRequest request) {
+        model.addAttribute("activeTab", "rp-api-v3");
+        if (userRequest.getFile() == null || userRequest.getFile().getOriginalFilename() == null || userRequest.getFile().isEmpty()) {
+            bindingResult.rejectValue("file", "error.file", "Please select a file to upload");
+        }
+
+        if (bindingResult.hasErrors()) {
+            logger.debug("Validation errors: {}", bindingResult.getAllErrors());
+            redirectAttributes.addFlashAttribute("org.springframework.validation.BindingResult.userRequest", bindingResult);
+            redirectAttributes.addFlashAttribute("userRequest", userRequest);
+            return new ModelAndView("redirect:/rp-api-v3");
+        }
+        HttpSession session = resetSession(request);
+        smartIdV3DynamicLinkSignatureService.startSigningWithPersonCode(session, userRequest);
+        return new ModelAndView("v3/dynamic-link/signing", model);
+    }
+
     @GetMapping(value = "v3/dynamic-link/check-signing-status")
     @ResponseBody
     public ResponseEntity<Map<String, String>> checkSigningStatus(HttpSession session) {
@@ -103,6 +126,7 @@ public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "
     public ModelAndView getSigningResult(ModelMap model, HttpSession session) {
         SigningResult signingResult = smartIdV3DynamicLinkSignatureService.handleSignatureResult(session);
         model.addAttribute("signingResult", signingResult);
+        model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/dynamic-link/signing-result", model);
     }
 
diff --git a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
index b4a33b4..39eb60a 100644
--- a/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
+++ b/src/main/java/ee/sk/siddemo/services/SmartIdV3DynamicLinkSignatureService.java
@@ -28,9 +28,11 @@
 import ee.sk.siddemo.exception.SidOperationException;
 import ee.sk.siddemo.model.SigningResult;
 import ee.sk.siddemo.model.UserDocumentNumberRequest;
+import ee.sk.siddemo.model.UserRequest;
 import ee.sk.smartid.CertificateParser;
 import ee.sk.smartid.HashType;
 import ee.sk.smartid.exception.useraction.SessionTimeoutException;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import ee.sk.smartid.v3.CertificateLevel;
 import ee.sk.smartid.v3.SignableData;
 import ee.sk.smartid.v3.SignatureResponseMapper;
@@ -99,6 +101,47 @@ public void startSigningWithDocumentNumber(HttpSession session, UserDocumentNumb
         smartIdV3SessionsStatusService.startPolling(session, sessionResponse.getSessionID());
     }
 
+    public void startSigningWithPersonCode(HttpSession session, UserRequest userRequest) {
+        DataFile uploadedFile = getUploadedDataFile(userRequest.getFile());
+
+        var configuration = new Configuration(Configuration.Mode.TEST);
+        Container container = ContainerBuilder.aContainer()
+                .withConfiguration(configuration)
+                .withDataFile(uploadedFile)
+                .build();
+
+        X509Certificate certificate = getCertificate(session, userRequest);
+
+        DataToSign dataToSign = SignatureBuilder.aSignature(container)
+                .withSigningCertificate(certificate)
+                .withSignatureDigestAlgorithm(DigestAlgorithm.SHA256)
+                .withSignatureProfile(SignatureProfile.LT)
+                .buildDataToSign();
+
+        var signableData = new SignableData(dataToSign.getDataToSign());
+        signableData.setHashType(HashType.SHA256);
+
+        var semanticsIdentifier = new SemanticsIdentifier(SemanticsIdentifier.IdentityType.PNO, userRequest.getCountry(), userRequest.getNationalIdentityNumber());
+
+        DynamicLinkSessionResponse sessionResponse = smartIdClientV3.createDynamicLinkSignature()
+                .withCertificateLevel(CertificateLevel.QUALIFIED)
+                .withSignableData(signableData)
+                .withSemanticsIdentifier(semanticsIdentifier)
+                .withAllowedInteractionsOrder(List.of(DynamicLinkInteraction.displayTextAndPIN("Sign the document!")))
+                .initSignatureSession();
+        Instant responseReceivedTime = Instant.now();
+
+        session.setAttribute("sessionSecret", sessionResponse.getSessionSecret());
+        session.setAttribute("sessionToken", sessionResponse.getSessionToken());
+        session.setAttribute("sessionID", sessionResponse.getSessionID());
+        session.setAttribute("responseReceivedTime", responseReceivedTime);
+        session.setAttribute("signableData", signableData);
+        session.setAttribute("dataToSign", dataToSign);
+        session.setAttribute("container", container);
+
+        smartIdV3SessionsStatusService.startPolling(session, sessionResponse.getSessionID());
+    }
+
     public boolean checkSignatureStatus(HttpSession session) {
         Optional<SessionStatus> sessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(session.getId());
         return sessionStatus
@@ -160,6 +203,17 @@ private X509Certificate getCertificate(HttpSession httpSession, UserDocumentNumb
         return CertificateParser.parseX509Certificate(sessionCertificate.getValue());
     }
 
+    private X509Certificate getCertificate(HttpSession httpSession, UserRequest userRequest) {
+        smartIdV3NotificationBasedCertificateChoiceService.startCertificateChoice(httpSession, userRequest);
+        Optional<SessionStatus> certSessionStatus;
+        do {
+            certSessionStatus = smartIdV3SessionsStatusService.getSessionsStatus(httpSession.getId());
+        } while (certSessionStatus.isEmpty());
+
+        SessionCertificate sessionCertificate = certSessionStatus.get().getCert();
+        return CertificateParser.parseX509Certificate(sessionCertificate.getValue());
+    }
+
     private Path createSavePath(File containerFile) {
         Path targetDir = Paths.get(signedFilesDirectory);
         File directory = targetDir.toFile();
diff --git a/src/main/resources/templates/v3/main.html b/src/main/resources/templates/v3/main.html
index dfd1c1e..1f6d676 100644
--- a/src/main/resources/templates/v3/main.html
+++ b/src/main/resources/templates/v3/main.html
@@ -294,8 +294,8 @@ <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
                                         </div>
 
                                         <div class="form-group">
-                                            <label for="document">Document to sign (max 10 MB)</label>
-                                            <input type="file" th:field="*{file}" id="document">
+                                            <label for="dynamic-link-doc-nr-document">Document to sign (max 10 MB)</label>
+                                            <input type="file" th:field="*{file}" id="dynamic-link-doc-nr-document">
 
                                             <div th:if="${#fields.hasErrors('file')}" th:errors="*{file}" style="color:red">
                                                 file Error
@@ -308,7 +308,46 @@ <h5 class="text-uppercase fw-bold mt-4 mb-2">Notification</h5>
                                     </form>
                                 </div>
                                 <div class="container d-none signing-area" id="dynamic-link-signing-with-person-code">
-                                    Dynamic-link signing with person code
+                                    <form method="POST"
+                                          th:action="@{/v3/dynamic-link/start-signing-with-person-code}"
+                                          th:object="${userRequest}"
+                                          class="form-action"
+                                          enctype="multipart/form-data">
+
+                                        <div class="form-group">
+                                            <label for="dynamic-link-signing-country"> Select country </label>
+                                            <select th:field="*{country}" id="dynamic-link-signing-country" class="form-control" name="country">
+                                                <option th:value="'EE'" value="EE">Estonia</option>
+                                                <option th:value="'LV'" value="LV">Latvia</option>
+                                                <option th:value="'LT'" th:text="Lithuania"></option>
+                                                <option th:value="'BE'" th:text="Belgium"></option>
+                                            </select>
+                                            <div th:if="${#fields.hasErrors('country')}" th:errors="*{country}" style="color:red">
+                                                country Error
+                                            </div>
+                                        </div>
+                                        <div class="form-group">
+                                            <label for="dynamic-link-sign-person-code"> Person code</label>
+                                            <input th:field="*{nationalIdentityNumber}"
+                                                   type="text"
+                                                   id="dynamic-link-sign-person-code"
+                                                   class="form-control"
+                                                   placeholder="Enter person code">
+                                        </div>
+
+                                        <div class="form-group">
+                                            <label for="dynamic-link-person-code-document">Document to sign (max 10 MB)</label>
+                                            <input type="file" th:field="*{file}" id="dynamic-link-person-code-document">
+
+                                            <div th:if="${#fields.hasErrors('file')}" th:errors="*{file}" style="color:red">
+                                                file Error
+                                            </div>
+                                        </div>
+
+                                        <div class="text-right">
+                                            <button type="submit" class="btn btn-primary">Sign</button>
+                                        </div>
+                                    </form>
                                 </div>
                                 <div class="container d-none signing-area" id="notification-signing-with-person-code">
                                     Notification based signing with person code

From 969a5f728d6358ef1366b7ffd7c284bde6987a61 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Wed, 5 Feb 2025 00:27:12 +0200
Subject: [PATCH 19/20] SLIB-74 - fix function names

---
 .../SmartIdV3DynamicLinkCertificateChoiceController.java    | 4 ++--
 .../controller/SmartIdV3DynamicLinkSignatureController.java | 6 +++---
 ...artIdV3NotificationBasedCertificateChoiceController.java | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
index 63b29d9..6f531c0 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkCertificateChoiceController.java
@@ -103,7 +103,7 @@ public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "
     }
 
     @GetMapping(value = "/v3/dynamic-link/certificate-choice-result")
-    public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
+    public ModelAndView toCertificateChoiceResult(ModelMap model, HttpSession session) {
         String documentNumber = (String) session.getAttribute("documentNumber");
         String distinguishedName = (String) session.getAttribute("distinguishedName");
         model.addAttribute("documentNumber", documentNumber);
@@ -113,7 +113,7 @@ public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session)
     }
 
     @GetMapping(value = "/v3/dynamic-link/cancel-certificate-choice")
-    public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
+    public ModelAndView cancelCertificateChoice(ModelMap model, HttpServletRequest request) {
         resetSession(request);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/main", model);
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
index 60e66d9..ccf0ead 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
@@ -115,15 +115,15 @@ public ResponseEntity<Map<String, String>> checkSigningStatus(HttpSession sessio
     }
 
     @GetMapping(value = "/v3/dynamic-link/sign-session-error")
-    public ModelAndView handleCertificateChoiceSessionsError(@RequestParam(value = "errorMessage", required = false) String errorMessage,
-                                                             ModelMap model) {
+    public ModelAndView handleSigningSessionError(@RequestParam(value = "errorMessage", required = false) String errorMessage,
+                                                  ModelMap model) {
         model.addAttribute("errorMessage", errorMessage);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("sidOperationError", model);
     }
 
     @GetMapping(value = "/v3/dynamic-link/signing-result")
-    public ModelAndView getSigningResult(ModelMap model, HttpSession session) {
+    public ModelAndView toSigningResult(ModelMap model, HttpSession session) {
         SigningResult signingResult = smartIdV3DynamicLinkSignatureService.handleSignatureResult(session);
         model.addAttribute("signingResult", signingResult);
         model.addAttribute("activeTab", "rp-api-v3");
diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
index c13e825..aeab301 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3NotificationBasedCertificateChoiceController.java
@@ -106,7 +106,7 @@ public ResponseEntity<Map<String, String>> checkCertificateChoiceStatus(HttpSess
     }
 
     @GetMapping(value = "/v3/notification-based/certificate-choice-result")
-    public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session) {
+    public ModelAndView toCertificateChoiceResult(ModelMap model, HttpSession session) {
         String distinguishedName = (String) session.getAttribute("distinguishedName");
         if (distinguishedName == null) {
             return new ModelAndView("v3/main", model);
@@ -117,7 +117,7 @@ public ModelAndView getAuthenticationResult(ModelMap model, HttpSession session)
     }
 
     @GetMapping(value = "/v3/notification-based/cancel-certificate-choice")
-    public ModelAndView cancelAuthentication(ModelMap model, HttpServletRequest request) {
+    public ModelAndView cancelCertificateChoice(ModelMap model, HttpServletRequest request) {
         resetSession(request);
         model.addAttribute("activeTab", "rp-api-v3");
         return new ModelAndView("v3/main", model);

From 5f7c8d85b7c084b0283282a0081ed4bbac897b44 Mon Sep 17 00:00:00 2001
From: Urmas Muser <urmas.muser@nortal.com>
Date: Wed, 5 Feb 2025 21:28:42 +0200
Subject: [PATCH 20/20] SLIB-74 - fix cancelling signing

---
 .../controller/SmartIdV3DynamicLinkSignatureController.java     | 2 +-
 src/main/resources/templates/v3/dynamic-link/signing.html       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
index ccf0ead..0a111aa 100644
--- a/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
+++ b/src/main/java/ee/sk/siddemo/controller/SmartIdV3DynamicLinkSignatureController.java
@@ -133,7 +133,7 @@ public ModelAndView toSigningResult(ModelMap model, HttpSession session) {
     @GetMapping(value = "/v3/dynamic-link/cancel-signing")
     public ModelAndView cancelSigning(ModelMap model, HttpServletRequest request) {
         resetSession(request);
-        return new ModelAndView("redirect:v3/main", model);
+        return new ModelAndView("redirect:/rp-api-v3", model);
     }
 
     private HttpSession resetSession(HttpServletRequest request) {
diff --git a/src/main/resources/templates/v3/dynamic-link/signing.html b/src/main/resources/templates/v3/dynamic-link/signing.html
index a244720..ffbaa2e 100644
--- a/src/main/resources/templates/v3/dynamic-link/signing.html
+++ b/src/main/resources/templates/v3/dynamic-link/signing.html
@@ -67,7 +67,7 @@ <h5> Link content</h5>
             </div>
         </div>
         <div class="container text-center">
-            <a th:href="@{/v3/cancel-authentication}" class="btn btn-outline-dark">Cancel</a>
+            <a th:href="@{/v3/dynamic-link/cancel-signing}" class="btn btn-outline-dark">Cancel</a>
         </div>
     </div>
 </div>