Merge branch 'moa-2.1-Snapshot' into authnrequest_signrequest_split

5 files changed, 63 insertions, 45 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index c0e1dd3ca..9af2f5ee5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setGivenName(identityLink.getGivenName());
 		authData.setFamilyName(identityLink.getFamilyName());
 		authData.setDateOfBirth(identityLink.getDateOfBirth());
-		authData.setQualifiedCertificate(verifyXMLSigResp
-				.isQualifiedCertificate());
-		authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
-		authData.setPublicAuthorityCode(verifyXMLSigResp
-				.getPublicAuthorityCode());
+		
+		if (verifyXMLSigResp != null) {
+			authData.setQualifiedCertificate(verifyXMLSigResp
+					.isQualifiedCertificate());
+			authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+			authData.setPublicAuthorityCode(verifyXMLSigResp
+					.getPublicAuthorityCode());
+			
+		} else {
+			Logger.warn("No signature verfication response found!");
+			
+		}
+		
 		authData.setBkuURL(session.getBkuURL());
 		
 		authData.setStorkAttributes(session.getStorkAttributes());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 2d49eb809..5a2fda67f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -301,17 +301,14 @@ public class PEPSConnectorServlet extends AuthServlet {
     		// retrieve target

 	        //TODO: check in case of SSO!!!

 	        String targetType = null;

-	        String targetValue = null;

 	        if(oaParam.getBusinessService()) {

 	        	String id = oaParam.getIdentityLinkDomainIdentifier();

 	        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))

-	        		targetValue = id.substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length());

+	        		targetType = id;

 	        	else

-	        		targetValue = moaSession.getDomainIdentifier();

-	        	targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_;

+	        		targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();

 	        } else {

-	        	targetType = AuthenticationSession.TARGET_PREFIX_;

-    			targetValue = oaParam.getTarget();

+	        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();

 	        }

 			

 			Logger.debug("Starting connecting SZR Gateway");

@@ -320,7 +317,7 @@ public class PEPSConnectorServlet extends AuthServlet {
 			try {

 				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),

 																		  oaParam.getFriendlyName(), 

-																		  targetType, targetValue, 

+																		  targetType, null, 

 																		  oaParam.getMandateProfiles());

 			} catch (STORKException e) {

 				// this is really nasty but we work against the system here. We are supposed to get the gender attribute from

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 762d9af2c..547a86bd9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -288,15 +288,16 @@ public class CreateXMLSignatureResponseValidator {
     }
     if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
       String samlSpecialText = (String)samlAttribute.getValue();
+      samlSpecialText = samlSpecialText.replaceAll("'", "'");
       
-    String text = "";
-    try {
+      String text = "";
+      try {
 		OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
 		if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText()))
 			Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix());
-	} catch (ConfigurationException e) {
-		Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
-	}
+      } catch (ConfigurationException e) {
+    	  Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
+      }
       
       
       String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
@@ -516,22 +517,23 @@ public class CreateXMLSignatureResponseValidator {
     }
     if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
       String samlSpecialText = (String)samlAttribute.getValue();
+      samlSpecialText = samlSpecialText.replaceAll("'", "'");
       
-    String text = "";
-    try {
-		if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
+      String text = "";
+      try {
+    	 if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText()))
 			Logger.info("Use addional AuthBlock Text from SSO=" +text);
 		else
 			text = new String();
-	} catch (ConfigurationException e) {
-		Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
-	}
+      } catch (ConfigurationException e) {
+    	  Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e);
+      }
       
       
-      String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
-      if (!samlSpecialText.equals(specialText)) {
-        throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
-      }
+      	String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant);
+      	if (!samlSpecialText.equals(specialText)) {
+      		throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText});
+      	}
     } else {
       throw new ValidateException("validator.35", null);
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index e6e77911a..864be253a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -29,7 +29,6 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
 import java.net.URI;
-import java.net.URL;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -242,13 +241,19 @@ public class BuildFromLegacyConfig {
 	    		for (int i=0; i<transformsInfos.length; i++) {
 
 	    			TransformsInfoType transforminfotype = new TransformsInfoType();
-	    			
-	    			String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir);	    			    			
-	    			Path fileName_ = new File(new URI(fileURL)).toPath().getFileName();
-	    			transforminfotype.setFilename(fileName_.toString());
 	    		
-	    			transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
-	    			auth_transformInfos.add(transforminfotype); 
+	    			if (transformsInfoFileNames[i] != null && 
+	    					transformsInfos[i] != null) {	    			
+	    				String fileURL = FileUtils.makeAbsoluteURL(transformsInfoFileNames[i], rootConfigFileDir);	    			    			
+	    				Path fileName_ = new File(new URI(fileURL)).toPath().getFileName();
+	    				transforminfotype.setFilename(fileName_.toString());
+	    		
+	    				transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8"));
+	    				auth_transformInfos.add(transforminfotype);
+	    				
+	    			} else
+	    				Logger.warn("AuthBlock Transformation " + transformsInfoFileNames[i] 
+	    						+ "not found.");
 	    		}
 	    		
 	    	} 
@@ -448,6 +453,7 @@ public class BuildFromLegacyConfig {
 	        	oa_saml1.setProvideStammzahl(oa.getProvideStammzahl());
 	        	oa_saml1.setUseCondition(oa.getUseCondition());
 	        	oa_saml1.setIsActive(true);
+	        	oa_saml1.setProvideAllErrors(false);
 	        	
 	        	//OA_PVP2
 	        	OAPVP2 oa_pvp2 = new OAPVP2();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 399e7fa22..9c8c52e87 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -166,21 +166,26 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 			IRequest protocolRequest) 
 					throws Throwable{
 		
-		SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
+		OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+		if (!oa.getSAML1Parameter().isProvideAllErrors())
+			return false;
 		
-		String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+		else {
+			SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();			
+			String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
 		
-		String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
-		url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
-		url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-		url = response.encodeRedirectURL(url);
+			String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+			url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
+			url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+			url = response.encodeRedirectURL(url);
 		
-		response.setContentType("text/html");
-		response.setStatus(302);
-		response.addHeader("Location", url);
-		Logger.debug("REDIRECT TO: " + url);
+			response.setContentType("text/html");
+			response.setStatus(302);
+			response.addHeader("Location", url);
+			Logger.debug("REDIRECT TO: " + url);
 		
-		return true;
+			return true;
+		}
 	}
 
 	public IAction getAction(String action) {