1 files changed, 56 insertions, 117 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index e15d8f908..16ff65477 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -43,7 +43,9 @@ import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -51,6 +53,7 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -94,130 +97,66 @@ public class StartAuthenticationServlet extends AuthServlet {
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
-	Logger.debug("GET StartAuthentication");
-    String authURL = req.getScheme() + "://" + req.getServerName();
-    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
-      authURL = authURL.concat(":" + req.getServerPort());
-    }
-    authURL = authURL.concat(req.getContextPath() + "/");
+	Logger.debug("GET StartAuthentication");  
+	  	
+	String sessionID = req.getParameter(PARAM_SESSIONID);
+	 sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+
+
+	
+	try {
+		
+		if (StringUtils.isEmpty(sessionID)) 
+			throw new MOAIDException("auth.18", null);
+		
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
+		if (!ParamValidatorUtils.isValidSessionID(sessionID))
+		    throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+		
+		setNoCachingHeadersInHttpRespone(req, resp);
 
-    HttpSession httpSession = req.getSession();
-    
-    String target = req.getParameter(PARAM_TARGET);
-    String sourceID = req.getParameter(PARAM_SOURCEID);
-    String oaURL = req.getParameter(PARAM_OA);
-    String bkuURL = req.getParameter(PARAM_BKU);
-    String templateURL = req.getParameter(PARAM_TEMPLATE);
-    String sessionID = req.getParameter(PARAM_SESSIONID);
-    String useMandate = req.getParameter(PARAM_USEMANDATE);
-    String ccc = req.getParameter(PARAM_CCC);
-    
-    IRequest request = RequestStorage.getPendingRequest(httpSession);
-    
-    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
-    String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
-    request.getOAURL();
-    
-    // escape parameter strings
-    //TODO: use URLEncoder.encode!!
-    target = StringEscapeUtils.escapeHtml(target);
-    sourceID = StringEscapeUtils.escapeHtml(sourceID);
-    oaURL = StringEscapeUtils.escapeHtml(oaURL);
-    bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
-    templateURL = StringEscapeUtils.escapeHtml(templateURL);
-    sessionID = StringEscapeUtils.escapeHtml(sessionID);
-    useMandate = StringEscapeUtils.escapeHtml(useMandate);
-    ccc = StringEscapeUtils.escapeHtml(ccc);
-    modul = StringEscapeUtils.escapeHtml(modul);
-    action = StringEscapeUtils.escapeHtml(action);
-    
-    oaURL = request.getOAURL();
-    target = request.getTarget();
-    
-    setNoCachingHeadersInHttpRespone(req, resp);
     
- 	
-    	try {
-		      // check parameter
-    		if (!ParamValidatorUtils.isValidOA(oaURL))
-             throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
-		    if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
-		       throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-		    if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
-		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
-		    if (!ParamValidatorUtils.isValidSessionID(sessionID))
-             throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
-		    if (!ParamValidatorUtils.isValidUseMandate(useMandate))
-	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		    
-		    if (!ParamValidatorUtils.isValidSourceID(sourceID))
-	             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-		    if (!ParamValidatorUtils.isValidCCC(ccc))
-	             throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-		    
-		    if(modul == null) {
-		    	modul = SAML1Protocol.PATH;
-		    }
-		    
-		    if(action == null) {
-		    	action = SAML1Protocol.GETARTIFACT;
-		    }
-		        
-		    Logger.info("Start Authentication Module: " + modul + " Action: " + action);
-		    
-		    OAAuthParameter oaParam =
-		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
-		        if (oaParam == null)
-		          throw new AuthenticationException("auth.00", new Object[] { oaURL });
-		    
-		    // get target and target friendly name from config
-		    String targetConfig = oaParam.getTarget();
-			String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
-			
-			String targetFriendlyName = null;
-			    			
-			if (StringUtils.isEmpty(targetConfig)) {
-			    	// no target attribut is given in OA config
-			    	// target is used from request
-			    	// check parameter
-			 	if (!ParamValidatorUtils.isValidTarget(target))
-			   		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");			    			   
-			} else {
-			    	// use target from config			    	
-			    	target = targetConfig;
-			    	targetFriendlyName = targetFriendlyNameConfig;
-			}		    
-
-		    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-		    
-		    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc));    
-		    // STORK or normal authentication
-		    if (storkConfig.isSTORKAuthentication(ccc)) {
-		    	//STORK authentication
-		    	Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc);
-		    	Logger.debug("Starting STORK authentication");
-		    	
-		    	AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID, modul, action);							
-		    	
-		    } else {
-		    	//normal MOA-ID authentication
-		    	Logger.debug("Starting normal MOA-ID authentication");
-			    			    	    	
-		    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID, modul, action);	   
+	    //TODO: Load MOASession
+    	AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);  
 	
-				resp.setContentType("text/html;charset=UTF-8");
-				PrintWriter out = new PrintWriter(resp.getOutputStream());
-				out.print(getIdentityLinkForm);
-				out.flush();
-		    }
-			Logger.debug("Finished GET StartAuthentication");
+	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+	    
+	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));    
+	    // STORK or normal authentication
+	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+	    	//STORK authentication
+	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+	    	Logger.debug("Starting STORK authentication");
+	    	
+	    	//TODO: insert sessionID to STORK!!
+	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession);							
+	    	
+	    } else {
+	    	//normal MOA-ID authentication
+	    	Logger.debug("Starting normal MOA-ID authentication");
+		    			    	    	
+	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());	   
+
+			resp.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(resp.getOutputStream());
+			out.print(getIdentityLinkForm);
+			out.flush();
+	    }
+		Logger.debug("Finished GET StartAuthentication");
 		
-		}
+	}
+	
     catch (WrongParametersException ex) {
       handleWrongParameters(ex, req, resp);
     }
-		catch (MOAIDException ex) {
-			handleError(null, ex, req, resp);
-		}
+    
+	catch (MOAIDException ex) {
+		handleError(null, ex, req, resp);
+			
+	} catch (MOADatabaseException e) {
+		handleError(null, e, req, resp);
+	}
   }