7 files changed, 57 insertions, 7 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 4f35b084f..d9f3ef7e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -454,6 +454,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			session.setTemplateURL(templateURL);
 			session.setBusinessService(oaParam.getBusinessService());
 			session.setModul(modul);
+			session.setForeignMode(false);
 			session.setAction(action);
 			if (sourceID != null)
 				session.setSourceID(sourceID);
@@ -2850,6 +2851,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
 		moaSession.setAction(action);
 		moaSession.setModul(modul);
+		moaSession.setForeignMode(true);
 		if (sourceID != null)
 			moaSession.setSourceID(sourceID);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index aaad1cc1e..e7bd5f511 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -267,6 +267,8 @@ public class AuthenticationSession {
 	private boolean authenticated;
 
 	private boolean authenticatedUsed = false;
+	
+	private boolean foreignMode = false;
 
 	public boolean isAuthenticatedUsed() {
 		return authenticatedUsed;
@@ -1020,4 +1022,12 @@ public class AuthenticationSession {
 		this.mandate = mandate;
 	}
 
+	public boolean isForeignMode() {
+		return foreignMode;
+	}
+
+	public void setForeignMode(boolean foreignMode) {
+		this.foreignMode = foreignMode;
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 6516e64b7..3f775f38e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -179,11 +180,14 @@ public class GetForeignIDServlet extends AuthServlet {
 		    	String samlArtifactBase64 = 

 		    		AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID);
 		    	if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-		    		redirectURL = session.getOAURLRequested();
+		    		/*redirectURL = session.getOAURLRequested();
 		    		if (!session.getBusinessService()) {
 		    			redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
 		    		}
 		    		redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+		    		redirectURL = resp.encodeRedirectURL(redirectURL);*/
+		    		redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
+							ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
 		    		redirectURL = resp.encodeRedirectURL(redirectURL);
 		    		
 		    	} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4ec894d47..731c7581c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,6 +23,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;

 import at.gv.egovernment.moa.id.auth.stork.STORKException;

 import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;

+import at.gv.egovernment.moa.id.moduls.ModulUtils;

 import at.gv.egovernment.moa.id.util.HTTPUtils;

 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.DOMUtils;

@@ -200,11 +201,14 @@ public class PEPSConnectorServlet extends AuthServlet {
 			//redirect

 			String redirectURL = null;

 	    	if (!samlArtifactBase64.equals("Redirect to Input Processor")) {

-	    		redirectURL = moaSession.getOAURLRequested();

+	    		/*redirectURL = moaSession.getOAURLRequested();

 	    		if (!moaSession.getBusinessService()) {

 	    			redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));

 	    		}

 	    		redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));

+	    		redirectURL = response.encodeRedirectURL(redirectURL);*/

+	    		redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), 

+						ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), samlArtifactBase64);

 	    		redirectURL = response.encodeRedirectURL(redirectURL);

 	    	} else {

 	    		redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 51ec82e2d..d5198a862 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,7 +146,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    	}

 	    	else {

 	    		// Foreign Identities Modus	

-		    	

+		    	session.setForeignMode(true);

 		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);

 		      // build dataurl (to the GetForeignIDSerlvet)

 		    	String dataurl =

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 61b55f73d..f2c41a051 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -141,7 +141,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     	
     	if (createXMLSignatureRequestOrRedirect == null) {
     	   // no identity link found
-    		
+
     		boolean useMandate = session.getUseMandate();
     		if (useMandate) {
     			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 251d263d9..2452e35c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
 
+import iaik.x509.X509Certificate;
+
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
 
@@ -12,13 +18,37 @@ public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
 
 	public Attribute build(AuthenticationSession authSession) {
 		String countryCode = "AT";
-		if(authSession.getStorkAuthnRequest() != null) {
-			countryCode = authSession.getStorkAuthnRequest().getCitizenCountryCode();
+
+		
+		if (authSession.getStorkAuthnRequest() != null) {
+			countryCode = authSession.getStorkAuthnRequest()
+					.getCitizenCountryCode();
+		} else {
+			
+			//TODO: replace with TSL lookup when TSL is ready!
+			X509Certificate certificate = authSession.getSignerCertificate();
+
+			if (certificate != null) {
+				try {
+					LdapName ln = new LdapName(certificate.getIssuerDN()
+							.getName());
+					for (Rdn rdn : ln.getRdns()) {
+						if (rdn.getType().equalsIgnoreCase("C")) {
+							Logger.info("C is: " + rdn.getValue());
+							countryCode = rdn.getValue().toString();
+							break;
+						}
+					}
+				} catch (Exception e) {
+					Logger.error("Failed to extract country code from certificate", e);
+				}
+			}
 		}
+
 		return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
 				EID_ISSUING_NATION_NAME, countryCode);
 	}
-	
+
 	public Attribute buildEmpty() {
 		return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
 				EID_ISSUING_NATION_NAME);