Add Legal Office seal and complete Azure CDN deployment

- Add Legal Office of the Master seal (SVG design with Maltese Cross, scales of justice, legal scroll)
- Create legal-office-manifest-template.json for Legal Office credentials
- Update SEAL_MAPPING.md and DESIGN_GUIDE.md with Legal Office seal documentation
- Complete Azure CDN infrastructure deployment:
  - Resource group, storage account, and container created
  - 17 PNG seal files uploaded to Azure Blob Storage
  - All manifest templates updated with Azure URLs
  - Configuration files generated (azure-cdn-config.env)
- Add comprehensive Azure CDN setup scripts and documentation
- Fix manifest URL generation to prevent double slashes
- Verify all seals accessible via HTTPS

scripts/test/generate-test-data.sh

@@ -0,0 +1,202 @@
+#!/bin/bash
+# Generate test data for Entra VerifiedID testing
+# Creates sample credentials, test payloads, and validation data
+
+set -euo pipefail
+
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
+log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1"; }
+
+cd "$(dirname "$0")/../.."
+
+TEST_DATA_DIR="test-data/entra"
+mkdir -p "${TEST_DATA_DIR}"
+
+log_info "Generating test data for Entra VerifiedID..."
+
+# Sample credential issuance request
+cat > "${TEST_DATA_DIR}/issuance-request.json" << 'EOF'
+{
+  "claims": {
+    "email": "test@example.com",
+    "name": "Test User",
+    "role": "member",
+    "userId": "user-123"
+  },
+  "pin": "1234",
+  "callbackUrl": "https://api.theorder.org/vc/entra/webhook"
+}
+EOF
+
+# Multi-manifest issuance requests
+cat > "${TEST_DATA_DIR}/issuance-request-diplomatic.json" << 'EOF'
+{
+  "claims": {
+    "recipientName": "John Doe",
+    "recipientTitle": "Ambassador",
+    "missionCountry": "France",
+    "missionType": "embassy"
+  },
+  "manifestName": "diplomatic"
+}
+EOF
+
+cat > "${TEST_DATA_DIR}/issuance-request-judicial.json" << 'EOF'
+{
+  "claims": {
+    "role": "judge",
+    "appointmentAuthority": "Supreme Court",
+    "jurisdiction": "EU",
+    "appointmentDate": "2024-01-01T00:00:00Z"
+  },
+  "manifestName": "judicial"
+}
+EOF
+
+cat > "${TEST_DATA_DIR}/issuance-request-financial.json" << 'EOF'
+{
+  "claims": {
+    "role": "financial-officer",
+    "appointmentDate": "2024-01-01T00:00:00Z",
+    "jurisdiction": "EU"
+  },
+  "manifestName": "financial"
+}
+EOF
+
+# Webhook test payloads
+cat > "${TEST_DATA_DIR}/webhook-issuance-successful.json" << 'EOF'
+{
+  "requestId": "test-request-id-123",
+  "requestStatus": "issuance_successful",
+  "credential": {
+    "id": "vc:test:123",
+    "type": ["VerifiableCredential", "IdentityCredential"],
+    "issuer": "did:web:test.verifiedid.msidentity.com",
+    "issuanceDate": "2024-01-01T00:00:00Z",
+    "credentialSubject": {
+      "email": "test@example.com",
+      "name": "Test User"
+    },
+    "proof": {
+      "type": "JsonWebSignature2020",
+      "created": "2024-01-01T00:00:00Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test#key",
+      "jws": "test-jws-signature"
+    }
+  }
+}
+EOF
+
+cat > "${TEST_DATA_DIR}/webhook-issuance-failed.json" << 'EOF'
+{
+  "requestId": "test-request-id-123",
+  "requestStatus": "issuance_failed",
+  "error": {
+    "code": "ISSUANCE_FAILED",
+    "message": "Test error message"
+  }
+}
+EOF
+
+# Verification test payload
+cat > "${TEST_DATA_DIR}/verification-request.json" << 'EOF'
+{
+  "credential": {
+    "id": "vc:test:123",
+    "type": ["VerifiableCredential", "IdentityCredential"],
+    "issuer": "did:web:test.verifiedid.msidentity.com",
+    "issuanceDate": "2024-01-01T00:00:00Z",
+    "credentialSubject": {
+      "email": "test@example.com",
+      "name": "Test User"
+    },
+    "proof": {
+      "type": "JsonWebSignature2020",
+      "created": "2024-01-01T00:00:00Z",
+      "proofPurpose": "assertionMethod",
+      "verificationMethod": "did:web:test#key",
+      "jws": "test-jws-signature"
+    }
+  }
+}
+EOF
+
+# eIDAS bridge test payload
+cat > "${TEST_DATA_DIR}/eidas-verify-issue-request.json" << 'EOF'
+{
+  "document": "base64-encoded-document-here",
+  "userId": "user-123",
+  "userEmail": "test@example.com",
+  "pin": "1234"
+}
+EOF
+
+# Test script for API endpoints
+cat > "${TEST_DATA_DIR}/test-endpoints.sh" << 'EOF'
+#!/bin/bash
+# Test Entra VerifiedID API endpoints
+
+BASE_URL="${API_BASE_URL:-http://localhost:4002}"
+AUTH_TOKEN="${AUTH_TOKEN:-}"
+
+echo "Testing Entra VerifiedID endpoints..."
+
+# Test issuance
+echo "1. Testing credential issuance..."
+curl -X POST "${BASE_URL}/vc/issue/entra" \
+  -H "Content-Type: application/json" \
+  ${AUTH_TOKEN:+-H "Authorization: Bearer ${AUTH_TOKEN}"} \
+  -d @issuance-request.json
+
+echo -e "\n\n2. Testing credential verification..."
+curl -X POST "${BASE_URL}/vc/verify/entra" \
+  -H "Content-Type: application/json" \
+  -d @verification-request.json
+
+echo -e "\n\n3. Testing webhook endpoint..."
+curl -X POST "${BASE_URL}/vc/entra/webhook" \
+  -H "Content-Type: application/json" \
+  -d @webhook-issuance-successful.json
+
+echo -e "\n\n4. Testing status endpoint..."
+curl "${BASE_URL}/vc/entra/status/test-request-id-123"
+EOF
+
+chmod +x "${TEST_DATA_DIR}/test-endpoints.sh"
+
+# Rate limit test script
+cat > "${TEST_DATA_DIR}/test-rate-limits.sh" << 'EOF'
+#!/bin/bash
+# Test rate limiting by sending multiple requests
+
+BASE_URL="${API_BASE_URL:-http://localhost:4002}"
+AUTH_TOKEN="${AUTH_TOKEN:-}"
+
+echo "Testing rate limits (sending 15 requests rapidly)..."
+
+for i in {1..15}; do
+  echo "Request $i..."
+  curl -X POST "${BASE_URL}/vc/issue/entra" \
+    -H "Content-Type: application/json" \
+    ${AUTH_TOKEN:+-H "Authorization: Bearer ${AUTH_TOKEN}"} \
+    -d '{"claims": {"test": "true"}}' \
+    -w "\nStatus: %{http_code}\n" \
+    -s -o /dev/null
+  sleep 0.1
+done
+
+echo "Rate limit test complete. Check for 429 responses."
+EOF
+
+chmod +x "${TEST_DATA_DIR}/test-rate-limits.sh"
+
+log_success "Test data generated in ${TEST_DATA_DIR}/"
+log_info "Files created:"
+ls -la "${TEST_DATA_DIR}"
+