1 files changed, 42 insertions, 29 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 89834307d..e2eda5755 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -124,37 +124,50 @@ public class ProcessValidatorInputServlet extends AuthServlet {
         String dataURL = new DataURLBuilder().buildDataURL(

             session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);

         

-        // Test if we have a user input form sign template

-        String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);

-        String inputProcessorSignTemplate = null;

-        OAAuthParameter oaParam =

-          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());

-        // override template url by url from configuration file

-        if (oaParam.getInputProcessorSignTemplateURL() != null) {

-          inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();

-        }       

-        if (inputProcessorSignTemplateURL != null) {

-          try {

-            inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));

-          } catch (IOException ex) {

-            throw new AuthenticationException(

-              "auth.03",

-              new Object[] { inputProcessorSignTemplateURL, ex.toString()},

-              ex);

+        String htmlForm = null;

+        

+        boolean doInputProcessorSign = false;

+        String inputProcessorSignForm = req.getParameter("Sign_Form");

+        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");

+        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");

+        if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");

+        if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");

+        if (doInputProcessorSign) {

+          // Test if we have a user input form sign template

+          String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);

+          String inputProcessorSignTemplate = null;

+          OAAuthParameter oaParam =

+            AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());

+          // override template url by url from configuration file

+          if (oaParam.getInputProcessorSignTemplateURL() != null) {

+            inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();

+          }       

+          if (inputProcessorSignTemplateURL != null) {

+            try {

+              inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));

+            } catch (IOException ex) {

+              throw new AuthenticationException(

+                "auth.03",

+                new Object[] { inputProcessorSignTemplateURL, ex.toString()},

+                ex);

+            }

           }

+          

+          htmlForm = new GetVerifyAuthBlockFormBuilder().build(

+              inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());

+          htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());

+          htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);

+          htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());

+          htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);

+          htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());

+          resp.setContentType("text/html;charset=UTF-8");

+        } else {

+          htmlForm = createXMLSignatureRequestOrRedirect;

+          resp.setStatus(307);

+          resp.addHeader("Location", dataURL);

+          //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)

+          resp.setContentType("text/xml;charset=UTF-8");

         }

-

-        

-        

-        String htmlForm = new GetVerifyAuthBlockFormBuilder().build(

-            inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());

-        htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());

-        htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);

-        htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());

-        htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);

-        htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());

-        

-        resp.setContentType("text/html;charset=UTF-8");

         

         OutputStream out = resp.getOutputStream();

         out.write(htmlForm.getBytes("UTF-8"));