1 files changed, 27 insertions, 5 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7c581d470..aff2c83ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.io.IOException;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -90,6 +91,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("MOAID_AuthenticationManager")
 public class AuthenticationManager extends MOAIDAuthConstants {
 
+	private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -309,6 +311,18 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	}
 	
 	/**
+	 * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
+	 * 
+	 * @param httpReqParam http parameter name, but never null
+	 */
+	public void addParameterNameToWhiteList(String httpReqParam) {
+		if (MiscUtil.isNotEmpty(httpReqParam))
+			reqParameterWhiteListeForModules.add(httpReqParam);
+		
+	}
+	
+	
+	/**
 	 * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
 	 * 
 	 * @param protocolRequest Authentication request which is actually in process
@@ -386,17 +400,25 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
 				&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
+		
+		//add X509 SSL client certificate if exist
+		if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
+			Logger.debug("Find SSL-client-certificate on request --> Add it to context");
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE, 
+					((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+			
+		}
 						
-		//add leagcy parameters to context
-		if (leagacyMode) {
+		//add additional http request parameter to context
+		if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) {
 			Enumeration<String> reqParamNames = httpReq.getParameterNames();
 			while(reqParamNames.hasMoreElements()) {
 				String paramName = reqParamNames.nextElement();
 				if (MiscUtil.isNotEmpty(paramName) && 
-						MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName))
+						( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) 
+								|| reqParameterWhiteListeForModules.contains(paramName) ))
 					executionContext.put(paramName, 
-							StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
-				
+							StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));				
 			}			
 		}