From a2375a20ba551b5d4762a35b9b067d328fca81b4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 26 Sep 2018 14:08:13 +0200
Subject: fix bug in auth. protocol deactivation

---
 .../protocols/oauth20/protocol/OAuth20Protocol.java   | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 9f4174bf0..e83353059 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -11,6 +11,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -21,10 +22,12 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -47,7 +50,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME,
 					PVPConstants.BPK_NAME
 			});
-		
+
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	
 	public String getName() { 
 		return NAME;
 	}
@@ -68,12 +73,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//OpenID Connect auth request
 	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
-	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
 		try {			
-- 
cgit v1.2.3


From f27dd94733a9c2cf3a6e4f5611fbeff9de199720 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 14 Dec 2018 13:18:23 +0100
Subject: some more updates and first code for TUG interaction

---
 .../moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b00675e7c..3b300c824 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("OAuth20AuthAction")
-class OAuth20AuthAction implements IAction {
+public class OAuth20AuthAction implements IAction {
 	
 	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired protected ITransactionStorage transactionStorage;
@@ -131,7 +131,7 @@ class OAuth20AuthAction implements IAction {
 		
 	}
 	
-	private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
+	public Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, 
 			OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException {
 		
 		// create response
-- 
cgit v1.2.3


From 9ddeacf32976d14c3f2f70ec446262998eb8a68e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 4 Feb 2019 08:00:14 +0100
Subject: add code for eID4U attribute collection

---
 .../moa/id/protocols/oauth20/OAuth20Constants.java           |  3 ++-
 .../moa/id/protocols/oauth20/protocol/OAuth20Protocol.java   | 12 ++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
index b0736ff2e..cc987bfe7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -56,7 +56,8 @@ public final class OAuth20Constants {
 	public static final String PARAM_SCOPE = "scope";
 	public static final String PARAM_MOA_MOD = "mod";
 	public static final String PARAM_MOA_ACTION = "action";
-
+	public static final String PARAM_OPENID_CODE = "openid_code";
+	
 	
 	// reponse parameters
 	public static final String RESPONSE_CODE = "code";
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e83353059..0952ba0a6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -107,12 +107,12 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//openID Connect tokken request
 	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
-	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
-//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-//			Logger.info("OpenID-Connect is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-//			
-//		}
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException, InvalidProtocolRequestException {
+		if (!moaAuthConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
 		
 		OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
 		try {			
-- 
cgit v1.2.3


From ffb4fc9f4ff9e1779ae4da8017fc686881a3e8ae Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 18 Feb 2019 08:30:49 +0100
Subject: add 'Austrian eID' demo-mode to simulate attribute behavior from 2020

---
 .../protocols/oauth20/attributes/OAuth20AttributeBuilder.java  | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 19fdb3fee..8e9d1e4f5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -44,11 +44,13 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -95,8 +97,9 @@ public final class OAuth20AttributeBuilder {
 	private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
 	private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
-	private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();		
+	@Deprecated private static final List<IAttributeBuilder> buildersSTORK = new ArrayList<IAttributeBuilder>();
+	
 	static {
 		// openId
 		buildersOpenId.add(new OpenIdIssuerAttribute());
@@ -120,11 +123,14 @@ public final class OAuth20AttributeBuilder {
 		buildersEID.add(new EIDAuthBlock());
 		buildersEID.add(new EIDSignerCertificate());
 		buildersEID.add(new BPKAttributeBuilder());
+		buildersEID.add(new BPKListAttributeBuilder());
+		buildersEID.add(new EncryptedBPKAttributeBuilder());
 		
 		// eID_gov
 		buildersEIDGov.add(new EIDSourcePIN());
 		buildersEIDGov.add(new EIDSourcePINType());
 		buildersEIDGov.add(new EIDIdentityLinkBuilder());
+		buildersEIDGov.add(new BPKListAttributeBuilder());
 		
 		// mandate
 		buildersMandate.add(new MandateTypeAttributeBuilder());
-- 
cgit v1.2.3


From c7cd9327bbc4d7e180bab9b6bff2a17028c166dc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 19 Feb 2019 11:28:24 +0100
Subject: add some more attribute functionality for 'Austrian eID' demo-mode

---
 .../moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java  | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 8e9d1e4f5..9779b0cf4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -55,7 +55,9 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonEncBPKListAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
@@ -139,6 +141,8 @@ public final class OAuth20AttributeBuilder {
 		buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonBPKListAttributeBuilder());
+		buildersMandate.add(new MandateNaturalPersonEncBPKListAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
 		buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
-- 
cgit v1.2.3


From 0ec665ef207e9fb0f599a2b66789e5c39b2893dd Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 19 Feb 2019 11:29:19 +0100
Subject: update OpenID-Connect request validation

---
 .../oauth20/protocol/OAuth20AuthRequest.java       | 33 ++++++++++----------
 .../oauth20/protocol/OAuth20BaseRequest.java       | 22 +++++---------
 .../oauth20/protocol/OAuth20TokenRequest.java      | 35 ++++++++++------------
 3 files changed, 39 insertions(+), 51 deletions(-)

(limited to 'id/server/modules/moa-id-module-openID/src/main/java/at')

diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 0350a113c..4dc99262e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -24,19 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -160,7 +161,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oAuthConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
@@ -178,25 +179,23 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
 		}
 		
-		// check if client id and redirect uri are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			
-			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oAuthConfig);
-			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		// OAOAUTH20 cannot be null at this point. check was done in base request			
+		if (StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| StringUtils.isEmpty(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20OANotSupportedException();
 			
+		}
+					
+		if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
+				|| !this.getRedirectUri().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
+			throw new OAuth20AccessDeniedException();
 			
-		} catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
+		this.setOnlineApplicationConfiguration(oAuthConfig);
+		Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
+		
 	}
 
 //	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 118de861c..9cceea7d5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -35,10 +35,8 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -77,21 +75,17 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
 			
-			if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
-					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_REDIRECTURL))) {
-				throw new OAuth20OANotSupportedException();
-			}
+			// oAuth
+			this.populateSpecialParameters(request, authConfig, oaParam);
+			
+			// cleanup parameters
+			this.checkAllowedParameters(request);
+			
 		}
 		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
-		
-		// oAuth
-		this.populateSpecialParameters(request, authConfig);
-		
-		// cleanup parameters
-		this.checkAllowedParameters(request);
+				
 	}
 	
 	private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
@@ -112,6 +106,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 89e4252b1..9a3613ea1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -24,20 +24,20 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
-import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20TokenRequest")
@@ -125,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig, ISPConfiguration oaParam) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
@@ -136,26 +136,21 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 			throw new OAuth20InvalidGrantException();
 		}
 		
-		// check if client id and secret are ok
-		try {
-			// OAOAUTH20 cannot be null at this point. check was done in base request
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
-			
-			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
-				throw new OAuth20AccessDeniedException();
-			}
-			
-			this.setOnlineApplicationConfiguration(oaParam);
-			
+		// OAOAUTH20 cannot be null at this point. check was done in base request		
+		if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
+				|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)))
+			throw new OAuth20OANotSupportedException();
+									
+		if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
+			throw new OAuth20AccessDeniedException();
 		}
-		catch (EAAFConfigurationException e) {
-			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+		
+		if (!this.getClientSecret().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET))) {
+			throw new OAuth20AccessDeniedException();
 		}
 		
+		this.setOnlineApplicationConfiguration(oaParam);
+		
 		Logger.info("Dispatch OpenIDConnect TokenRequest: ClientID=" + this.clientID);
 		
 		//add valid parameters
-- 
cgit v1.2.3