aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java112
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java19
16 files changed, 310 insertions, 106 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 68e6b950a..a68dca65a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -24,11 +24,15 @@
package at.gv.egovernment.moa.id.auth;
+import iaik.ixsil.exceptions.UtilsException;
+import iaik.ixsil.util.Utils;
import iaik.pki.PKIException;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Principal;
@@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.AuthenticationException;
@@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
/**
@@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param useMandate Indicates if mandate is used or not
* @param templateURL URL providing an HTML template for the HTML form generated
* @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode)
- * @param scheme determines the protocol used
+ * @param scheme determines the protocol used
+ * @param sourceID
* @return HTML form
* @throws AuthenticationException
* @see GetIdentityLinkFormBuilder
@@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String bkuURL,
String useMandate,
String sessionID,
- String scheme)
+ String scheme,
+ String sourceID)
throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
String useMandateString = null;
@@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
session.setAuthURL(authURL);
session.setTemplateURL(templateURL);
- session.setBusinessService(oaParam.getBusinessService());
+ session.setBusinessService(oaParam.getBusinessService());
+ if (sourceID != null)
+ session.setSourceID(sourceID);
}
// BKU URL has not been set yet, even if session already exists
if (bkuURL == null) {
@@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
// for testing new identity link certificate
- // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample
// xmlInfoboxReadResponse = null;
// try {
-// File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml");
+// File file = new File("c:/temp/XXXMuster.xml");
// FileInputStream fis;
//
// fis = new FileInputStream(file);
// byte[] array = Utils.readFromInputStream(fis);
//
// xmlInfoboxReadResponse = new String(array);
-// //System.out.println(xmlInfoboxReadResponse);
+// System.out.println(xmlInfoboxReadResponse);
//
// } catch (FileNotFoundException e) {
// // TODO Auto-generated catch block
@@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// // TODO Auto-generated catch block
// e.printStackTrace();
// }
-//
+
// parses the <InfoboxReadResponse>
@@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session);
+ String authBlock = buildAuthenticationBlock(session, oaParam);
// session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
@@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
- private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
String gebDat = identityLink.getDateOfBirth();
String identificationValue = identityLink.getIdentificationValue();
String identificationType = identityLink.getIdentificationType();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC());
session.setIssueInstant(issueInstant);
String authURL = session.getAuthURL();
String target = session.getTarget();
@@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// parses <CreateXMLSignatureResponse>
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+
try {
String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
session.setAuthBlock(serializedAssertion);
@@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
}
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
// builds authentication data and stores it together with a SAML artifact
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
if (session.getUseMandate()) {
// mandate mode
+ //session.setAssertionAuthBlock(assertionAuthBlock)
+
+ // set signer certificate
+ session.setSignerCertificate(vsresp.getX509certificate());
+
return null;
}
else {
@@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
}
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
- X509Certificate cert = session.getForeignSignerCertificate();
+ X509Certificate cert = session.getSignerCertificate();
vsresp.setX509certificate(cert);
- AuthenticationData authData = buildAuthenticationData(session, vsresp);
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean useUTC = oaParam.getUseUTC();
+ AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);
String samlAssertion =
@@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
session.getBkuURL(),
session.getAssertionSignerCertificateBase64(),
session.getAssertionBusinessService(),
+ session.getSourceID(),
session.getExtendedSAMLAttributesOA());
authData.setSamlAssertion(samlAssertion);
@@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
*/
private AuthenticationData buildAuthenticationData(
AuthenticationSession session,
- VerifyXMLSignatureResponse verifyXMLSigResp)
+ VerifyXMLSignatureResponse verifyXMLSigResp,
+ boolean useUTC)
throws ConfigurationException, BuildException {
IdentityLink identityLink = session.getIdentityLink();
@@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setMinorVersion(0);
authData.setAssertionID(Random.nextRandom());
authData.setIssuer(session.getAuthURL());
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC));
authData.setIdentificationType(identityLink.getIdentificationType());
authData.setGivenName(identityLink.getGivenName());
authData.setFamilyName(identityLink.getFamilyName());
@@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
authData.setBkuURL(session.getBkuURL());
+ authData.setUseUTC(oaParam.getUseUTC());
boolean provideStammzahl = oaParam.getProvideStammzahl();
if (provideStammzahl) {
authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 260b3fd01..f3be98ef0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -43,6 +43,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_OA = "OA";
/** servlet parameter &quot;bkuURI&quot; */
public static final String PARAM_BKU = "bkuURI";
+ /** servlet parameter &quot;sourceID&quot; */
+ public static final String PARAM_SOURCEID = "sourceID";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
/** servlet parameter &quot;BKUSelectionTemplate&quot; */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 8af4e3af5..410d045f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder {
" <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
" <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
" </saml:Attribute>"+ NL;
+
+ protected static String SAML_ATTRIBUTE_NO_NAMESPACE =
+ " <saml:Attribute AttributeName=''{0}''>" + NL +
+ " <saml:AttributeValue>{1}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>"+ NL;
/**
* Empty constructor
@@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder {
}
return sb.toString();
}
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException {
+ StringBuffer sb = new StringBuffer();
+ if (sourceID!=null)
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID}));
+
+ return sb.toString();
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 367116c73..7032e09eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- "{10}" +
- "{11}" +
+ "{10}" +
+ "{11}" +
"{12}" +
+ "{13}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
@@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
" <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
" <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL +
- "{11}" +
- "{12}" +
+ "{11}" +
+ "{12}" +
"{13}" +
+ "{14}" +
" </saml:AttributeStatement>" + NL +
"</saml:Assertion>";
/**
@@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String assertion;
try {
+
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
@@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlPersonData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
@@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
+ String sourceID,
List extendedSAMLAttributes)
throws BuildException
{
@@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
StringUtils.removeXMLDeclaration(xmlMandateData),
isQualifiedCertificate,
bkuURL,
+ buildSourceIDSAMLAttributes(sourceID),
publicAuthorityAttribute,
signerCertificateAttribute,
buildExtendedSAMLAttributes(extendedSAMLAttributes)});
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3ab8ff819..5a18b720b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -62,6 +62,11 @@ public class AuthenticationSession {
* Friendly name for the target, if target is configured via MOA-ID configuration
*/
private String targetFriendlyName;
+
+ /**
+ * SourceID
+ */
+ private String sourceID;
/**
* Indicates if target from configuration is used or not
*/
@@ -155,7 +160,7 @@ public class AuthenticationSession {
private boolean businessService;
/**
- * Signer certificate of the foreign citizen
+ * Signer certificate of the foreign citizen or for mandate mode
*/
private X509Certificate signerCertificate;
/**
@@ -212,11 +217,11 @@ public class AuthenticationSession {
infoboxValidators = new ArrayList();
}
- public X509Certificate getForeignSignerCertificate() {
+ public X509Certificate getSignerCertificate() {
return signerCertificate;
}
- public void setForeignSignerCertificate(X509Certificate signerCertificate) {
+ public void setSignerCertificate(X509Certificate signerCertificate) {
this.signerCertificate = signerCertificate;
}
@@ -285,6 +290,14 @@ public class AuthenticationSession {
}
/**
+ * Returns the sourceID.
+ * @return String
+ */
+ public String getSourceID() {
+ return sourceID;
+ }
+
+ /**
* Returns the target friendly name.
* @return String
*/
@@ -332,6 +345,15 @@ public class AuthenticationSession {
this.target = target;
}
}
+
+ /**
+ * Sets the sourceID
+ * @param sourceID The sourceID to set
+ */
+ public void setSourceID(String sourceID) {
+ this.sourceID = sourceID;
+ }
+
/**
* Sets the target. If the target includes the target prefix, the prefix will be stripped off.
* @param target The target to set
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
index da5ad6ab9..b5c72ef9f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants {
String statusMessageCode = null;
String statusMessage = null;
String samlAssertion = "";
+ boolean useUTC = false;
if (requests.length > 1) {
// more than 1 request given as parameter
statusCode = "samlp:Requester";
@@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants {
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
try {
+
AuthenticationData authData = AuthenticationServer.getInstance().
getAuthenticationData(samlArtifact);
+
+ useUTC = authData.getUseUTC();
// success
samlAssertion = authData.getSamlAssertion();
statusCode = "samlp:Success";
@@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants {
}
}
try {
- String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
responses[0] = new SAMLResponseBuilder().build(
responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+
}
catch (MOAIDException e) {
AxisFault fault = AxisFault.makeFault(e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index ca3883dad..431af3c31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(req.getContextPath() + "/");
String target = req.getParameter(PARAM_TARGET);
+ String sourceID = req.getParameter(PARAM_SOURCEID);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
String useMandate = req.getParameter(PARAM_USEMANDATE);
-
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
sessionID = StringEscapeUtils.escapeHtml(sessionID);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
-
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
@@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
OAAuthParameter oaParam =
AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
@@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet {
if (!ParamValidatorUtils.isValidTarget(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
else {
// use target from config
- getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme());
+ getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);
}
resp.setContentType("text/html;charset=UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index f7f9d8fed..17cbe7a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -24,26 +24,40 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.URLEncoder;
/**
@@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+
if (samlArtifactBase64 == null) {
//mandate Mode
+
+ callMISService(session, req, resp);
- Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+ //Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
- String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+ //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
// build dataurl
- String dataurl =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- REQ_VERIFY_CERTIFICATE,
- session.getSessionID());
+// String dataurl =
+// new DataURLBuilder().buildDataURL(
+// session.getAuthURL(),
+// REQ_VERIFY_CERTIFICATE,
+// session.getSessionID());
//Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
//ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
- Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+ //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+ //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
}
+
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
redirectURL = session.getOAURLRequested();
if (!session.getBusinessService()) {
@@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
}
+
+ /**
+ * Calls the MIS Service
+ * @param session
+ * @throws IOException
+ */
+ private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException {
+
+ try {
+ AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
+ SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+
+ // get identitity link as byte[]
+ Element elem = session.getIdentityLink().getSamlAssertion();
+ String s = DOMUtils.serializeNode(elem);
+
+ System.out.println("IDL: " + s);
+
+ byte[] idl = s.getBytes();
+
+ // redirect url
+ // build redirect(to the GetMISSessionIdSerlvet)
+ String redirectURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ GET_MIS_SESSIONID,
+ session.getSessionID());
+
+ String oaURL = session.getOAURLRequested();
+ OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+ String profiles = oaParam.getMandateProfiles();
+
+ if (profiles == null) {
+ Logger.error("No Mandate/Profile for OA configured.");
+ throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
+ }
+
+ String profilesArray[] = profiles.split(",");
+ for(int i = 0; i < profilesArray.length; i++) {
+ profilesArray[i] = profilesArray[i].trim();
+ }
+
+ String oaFriendlyName = oaParam.getFriendlyName();
+ String mandateReferenceValue = session.getMandateReferenceValue();
+ X509Certificate cert = session.getSignerCertificate();
+ MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
+ String redirectMISGUI = misSessionID.getRedirectURL();
+
+ if (misSessionID == null) {
+ Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+ throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ }
+
+ session.setMISSessionID(misSessionID.getSessiondId());
+
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectMISGUI);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ } catch (GeneralSecurityException ex) {
+ handleError(null, ex, req, resp);
+ } catch (PKIException e) {
+ handleError(null, e, req, resp);
+ } catch (MISSimpleClientException e) {
+ handleError(null, e, req, resp);
+ } catch (TransformerException e) {
+ handleError(null, e, req, resp);
+ }
+ }
/**
* Adds a parameter to a URL.
* @param url the URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index acf8b0b64..27f956c40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
if (useMandate) {
- // Mandate Modus
- // make request to MIS
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- // get identitity link as byte[]
- Element elem = session.getIdentityLink().getSamlAssertion();
- String s = DOMUtils.serializeNode(elem);
- byte[] idl = s.getBytes();
-
- // redirect url
- // build redirect(to the GetMISSessionIdSerlvet)
- String redirectURL =
- new DataURLBuilder().buildDataURL(
- session.getAuthURL(),
- GET_MIS_SESSIONID,
- session.getSessionID());
-
- String oaURL = session.getOAURLRequested();
- OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
- String profiles = oaParam.getMandateProfiles();
-
- if (profiles == null) {
- Logger.error("No Mandate/Profile for OA configured.");
- throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
- }
-
- String profilesArray[] = profiles.split(",");
- for(int i = 0; i < profilesArray.length; i++) {
- profilesArray[i] = profilesArray[i].trim();
- }
-
- String oaFriendlyName = oaParam.getFriendlyName();
- String mandateReferenceValue = session.getMandateReferenceValue();
- MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
- String redirectMISGUI = misSessionID.getRedirectURL();
-
- if (misSessionID == null) {
- Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
- throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
- }
-
- session.setMISSessionID(misSessionID.getSessiondId());
-
- resp.setStatus(302);
- resp.addHeader("Location", redirectMISGUI);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
+ Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+ throw new AuthenticationException("auth.13", null);
}
else {
// Foreign Identities Modus
@@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet {
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
- } catch (TransformerException e) {
- handleError(null, e, req, resp);
- }
+ }
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 6d4a21674..fc5d82936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// create the InfoboxReadRequest to get the certificate
String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
- // build dataurl (to the GetForeignIDSerlvet)
+ // build dataurl (to the VerifyCertificateSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 7fe85cfae..8cc51bf93 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -579,6 +579,7 @@ public class ConfigurationBuilder {
oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData")));
+ oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));
oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f85666acf..65e21cbce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter {
* determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data
*/
private boolean provideFullMandatorData;
+
+ /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/
+ private boolean useUTC;
/**
* url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
*/
@@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter {
return provideFullMandatorData;
}
+ /**
+ * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>.
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
+
/**
* Returns the key box identifier.
@@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter {
public void setProvideFullMandatorData(boolean provideFullMandatorData) {
this.provideFullMandatorData = provideFullMandatorData;
}
+
+ /**
+ * Sets the useUTC variable.
+ * @param useUTC The useUTC value to set
+ */
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
+
/**
* Sets the key box identifier.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 44eb98dad..79f3b4e30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -107,6 +107,9 @@ public class AuthenticationData {
* the corresponding <code>lt;saml:Assertion&gt;</code>
*/
private String samlAssertion;
+
+ /** useUTC */
+ private boolean useUTC;
/**
* creation timestamp
*/
@@ -166,6 +169,14 @@ public class AuthenticationData {
public String getWBPK() {
return wbPK;
}
+
+ /**
+ * Returns useUTC
+ * @return useUTC
+ */
+ public boolean getUseUTC() {
+ return useUTC;
+ }
/**
* Sets the minorVersion.
@@ -215,6 +226,10 @@ public class AuthenticationData {
this.wbPK = wbPK;
}
+ public void setUseUTC(boolean useUTC) {
+ this.useUTC = useUTC;
+ }
+
/**
* Returns the assertionID.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
index 5ce952662..2493f42b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {
*/
public Element build(String requestID, String samlArtifactBase64) throws BuildException {
try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);
String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
return requestElem;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 8c3bccab3..fa220d13d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -75,6 +75,36 @@ public class ParamValidatorUtils {
return false;
}
+ }
+
+ /**
+ * Checks if the given target is valid
+ * @param sourceID HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSourceID(String sourceID) {
+
+ Logger.debug("Überprüfe Parameter sourceID");
+
+ // if non parameter is given return true
+ if (sourceID == null) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+
+
+ Pattern pattern = Pattern.compile("[\\w-_]{1,50}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter sourceID erfolgreich überprüft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)");
+ return false;
+ }
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 1181253f1..620919c61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -149,7 +149,8 @@ public class MISSimpleClient {
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
-
+
+
idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
mirElement.appendChild(idlElement);
@@ -237,7 +238,18 @@ public class MISSimpleClient {
}
}
- private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+
+// try {
+// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request));
+// } catch (TransformerException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// } catch (IOException e1) {
+// // TODO Auto-generated catch block
+// e1.printStackTrace();
+// }
+
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -249,7 +261,8 @@ public class MISSimpleClient {
PostMethod post = new PostMethod(webServiceURL);
StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
post.setRequestEntity(re);
- int responseCode = httpclient.executeMethod(post);
+ int responseCode = httpclient.executeMethod(post);
+
if (responseCode != 200) {
throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
}