Update MOA-ID Specification (appendix)

Bug fix: OA URL escape
Verify Country-Code in Foreign Identities Mode (AT login not possible)

4 files changed, 19 insertions, 9 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 58194361c..84e55435d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -44,7 +44,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 		
 	    // escape parameter strings
 		target = StringEscapeUtils.escapeHtml(target);
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		//oaURL = StringEscapeUtils.escapeHtml(oaURL);
 		bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
 		templateURL = StringEscapeUtils.escapeHtml(templateURL);
 		useMandate = StringEscapeUtils.escapeHtml(useMandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 477d99220..ec05af5a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
 

 /**

  * Servlet requested for getting the foreign eID

@@ -158,8 +159,17 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");

 	    	}

 	    	else {

+	    			

+		    	
+	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
+	    		if (countrycode != null) {
+	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
+	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+	    				throw new AuthenticationException("auth.22", null);
+	    			}
+	    		}
+	    		
 	    		// Foreign Identities Modus	

-		    	

 		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);

 		      // build dataurl (to the GetForeignIDSerlvet)

 		    	String dataurl =

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index ee0b4e7e2..ede5f05d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -197,12 +197,12 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			String ilAssertion = "";
 			if (saml1parameter.isProvideIdentityLink()) {		
 				if (session.getBusinessService()) {
-					IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+					//IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
 					
-					Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
-								.getSamlAssertion());
-					
-					ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+//					Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+//								.getSamlAssertion());
+//					
+//					ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
 					
 				} else {
 					ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index a310b16ff..309b644d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -72,7 +72,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 			HttpServletResponse response, String action) throws MOAIDException {
 		RequestImpl config = new RequestImpl();
 		String oaURL = (String) request.getParameter(PARAM_OA);
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		//oaURL = StringEscapeUtils.escapeHtml(oaURL);
 		
 		String target = (String) request.getParameter(PARAM_TARGET);
 		target = StringEscapeUtils.escapeHtml(target);