1 files changed, 21 insertions, 19 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 63ad62662..b0a4f2f8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 
 	public static void parse(AuthenticationSession moasession, 
 			String target,
-			String sourceID,
 			String oaURL,
 			String bkuURL,
 			String templateURL,
@@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 	    // escape parameter strings
 	    //TODO: use URLEncoder.encode!!
 	    target = StringEscapeUtils.escapeHtml(target);
-	    sourceID = StringEscapeUtils.escapeHtml(sourceID);
 	    oaURL = StringEscapeUtils.escapeHtml(oaURL);
 	    bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
 	    templateURL = StringEscapeUtils.escapeHtml(templateURL);
@@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 
 	      // check parameter
 		if (!ParamValidatorUtils.isValidOA(oaURL))
-         throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
-	    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
-	       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
-	       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+           throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
 	    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
              throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		    
-	    if (!ParamValidatorUtils.isValidSourceID(sourceID))
-             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
 	    if (!ParamValidatorUtils.isValidCCC(ccc))
              throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
 	    		    
@@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 			}
 			
 			
+			//Validate BKU URI
+		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+			       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+					    
 			if (!oaParam.getBusinessService()) {
 				if (isEmpty(target))
 					throw new WrongParametersException("StartAuthentication",
@@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 
 		// check if HTTP Connection may be allowed (through
 		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		String boolStr = AuthConfigurationProvider
-				.getInstance()
-				.getGenericConfigurationParameter(
-						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		//INFO: removed from MOA-ID 2.0 Config
+//		String boolStr = AuthConfigurationProvider
+//				.getInstance()
+//				.getGenericConfigurationParameter(
+//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		
 		if ((!authURL.startsWith("https:"))
-				&& (false == BoolUtils.valueOf(boolStr)))
+//				&& (false == BoolUtils.valueOf(boolStr))
+				)
 			throw new AuthenticationException("auth.07",
 					new Object[] { authURL + "*" });
 		
 		moasession.setAuthURL(authURL);
 
-		//check and set SourceID
-		if (sourceID != null)
-			moasession.setSourceID(sourceID);
+//		//check and set SourceID
+//		if (sourceID != null)
+//			moasession.setSourceID(sourceID);
 		
 		// BKU URL has not been set yet, even if session already exists
 		if (bkuURL == null) {
@@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 			}
 		}
 		moasession.setBkuURL(bkuURL);
+
 		
+	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
+		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
 		// override template url by url from configuration file
 		if (oaParam.getTemplateURL() != null) {
 			templateURL = oaParam.getTemplateURL();
@@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 				
 		//get Parameters from request
 		String target = req.getParameter(PARAM_TARGET);
-	    String sourceID = req.getParameter(PARAM_SOURCEID);
 	    String oaURL = req.getParameter(PARAM_OA);
 	    String bkuURL = req.getParameter(PARAM_BKU);
 	    String templateURL = req.getParameter(PARAM_TEMPLATE);
@@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 	    oaURL = request.getOAURL();
 	    target = request.getTarget();
 	    
-	    parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
 	    
 	}