fix some interfederation problems

7 files changed, 90 insertions, 35 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 7a05d6497..215fd9a17 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -31,6 +31,7 @@ import org.apache.log4j.Logger;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
 import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
@@ -241,6 +242,19 @@ public class InterfederationIDPAction extends BasicOAAction {
 	            return Constants.STRUTS_ERROR_VALIDATION;
 
 	        } else {
+	        	
+	        	//set default Target interfederated nameID caluclation
+	        	if (getGeneralOA().isBusinessService()) {
+	        		IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber();
+	        		if (businessID == null) {
+	        			businessID = new IdentificationNumber();
+	        			onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
+	        		}
+	        		businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP");
+	        		
+	        	} else
+	        		onlineapplication.setTarget("MOA-IDP");
+	        		        	
 				postProcessSaveOnlineApplication(onlineapplication);
 						        	
 	        }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index e83718949..010aead55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,6 +2,7 @@
 package at.gv.egovernment.moa.id.auth;
 
 import iaik.asn1.ObjectID;
+import iaik.pki.PKIRuntimeException;
 import iaik.util.logging.Log;
 import iaik.x509.X509Certificate;
 import iaik.x509.X509ExtensionInitException;
@@ -1164,11 +1165,31 @@ public class AuthenticationServer implements MOAIDAuthConstants {
                 vtids, tpid);
         // debug output
 
-        // invokes the call
-        Element domVsresp = new SignatureVerificationInvoker()
-                .verifyXMLSignature(domVsreq);
-        // debug output
+        Element domVsresp = null;
+        
+        try {
+        	// invokes the call
+        	domVsresp = new SignatureVerificationInvoker()
+        		.verifyXMLSignature(domVsreq);
+        	// debug output
+        	
+        } catch ( ServiceException e) {
+        	Logger.error("Signature verification error. ", e);
+        	Logger.error("Signed Data: " + session.getAuthBlock());
+        	try {        		
+				Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+			} catch (TransformerException e1) {
+				e1.printStackTrace();
+				
+			} catch (IOException e1) {
+				e1.printStackTrace();
+				
+			}
+        	
+        	throw e; 
+        }
 
+        
         // parses the <VerifyXMLSignatureResponse>
         VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
                 domVsresp).parseData();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 143a04dad..dca0958f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext;
 import javax.xml.bind.Unmarshaller;
 
 import org.hibernate.cfg.Configuration;
-import org.opensaml.DefaultBootstrap;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a37026ab4..4eba83ad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -222,8 +222,10 @@ public class DispatcherServlet extends AuthServlet{
 				}
 			}
 
-			//HttpSession httpSession = req.getSession();
-			//Map<String, IRequest> protocolRequests = null;
+			//get SSO Cookie for Request
+			SSOManager ssomanager = SSOManager.getInstance();
+			String ssoId = ssomanager.getSSOSessionID(req);
+			
 			IRequest protocolRequest = null;
 			
 			try {
@@ -258,7 +260,8 @@ public class DispatcherServlet extends AuthServlet{
 							moduleAction = info.getAction(protocolRequest.requestedAction());
 
 							//create interfederated mOASession
-							String sessionID = AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true);
+							String sessionID = 
+									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
 							req.getParameterMap().put(PARAM_SESSIONID, sessionID);
 														
 							Logger.info("PreProcessing of SSO interfederation response complete. ");
@@ -318,16 +321,12 @@ public class DispatcherServlet extends AuthServlet{
 				}
 								
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
-				SSOManager ssomanager = SSOManager.getInstance();
 				
 				String moasessionID = null;
 				String newSSOSessionId = null;
 				AuthenticationSession moasession = null;	
 				IAuthData authData = null;
-				
-				//get SSO Cookie for Request
-				String ssoId = ssomanager.getSSOSessionID(req);
-					
+									
 				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				
 				
 				if (needAuthentication) {
@@ -358,7 +357,7 @@ public class DispatcherServlet extends AuthServlet{
 
 					
 					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
-					useSSOOA = oaParam.useSSO();
+					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
 					
 					
 					//if a legacy request is used SSO should not be allowed, actually
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 094cfa31f..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -130,7 +130,8 @@ public class SSOManager {
 		else {
 			if (protocolRequest != null && 
 					protocolRequest instanceof RequestImpl &&
-					storedSession.isInterfederatedSSOSession()) {
+					storedSession.isInterfederatedSSOSession() &&
+					!storedSession.isAuthenticated()) {
 
 				if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
 					InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 74a5e01ad..26922a13b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -215,7 +215,7 @@ public class AuthenticationSessionStoreage {
 	}
 	
 	public static String getMOASessionSSOID(String SSOSessionID) {
-		  MiscUtil.assertNotNull(SSOSessionID, "moasessionID");	  
+		  MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
 		  Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
 		  
@@ -643,22 +643,44 @@ public class AuthenticationSessionStoreage {
 		  return result.get(0).getInderfederation().get(0);
 	}
 	
-	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated) throws MOADatabaseException, AssertionAttributeExtractorExeption {
-		String id = Random.nextRandom();
-		AuthenticationSession session = new AuthenticationSession(id);
-		session.setAuthenticated(true);
-		session.setAuthenticatedUsed(false);
-		
-		AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
-		dbsession.setSessionid(id);
-		dbsession.setAuthenticated(isAuthenticated);
-		dbsession.setInterfederatedSSOSession(true);
+	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption {		
+		AuthenticatedSessionStore dbsession = null;
+		
+		//search for active SSO session
+		if (MiscUtil.isNotEmpty(ssoID)) {
+			String moaSession = getMOASessionSSOID(ssoID);		
+			if (MiscUtil.isNotEmpty(moaSession)) {
+				try {
+					dbsession = searchInDatabase(moaSession);
+				
+				}catch (MOADatabaseException e) {
+				
+				}			
+			} 	
+		}
 		
-		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+		String id = null;
 		Date now = new Date();
-		dbsession.setCreated(now);
+		
+		//create new MOASession if any exists
+		if (dbsession == null) {
+			id = Random.nextRandom();
+			dbsession = new AuthenticatedSessionStore();
+			dbsession.setSessionid(id);
+			dbsession.setCreated(now);
+			
+		} else {
+			id = dbsession.getSessionid();
+			
+		}
+				
+		dbsession.setInterfederatedSSOSession(true);
+		dbsession.setAuthenticated(isAuthenticated);
 		dbsession.setUpdated(now);
 		
+		AuthenticationSession session = new AuthenticationSession(id);
+		session.setAuthenticated(true);
+		session.setAuthenticatedUsed(false);
 		dbsession.setSession(SerializationUtils.serialize(session));
 		
 		//add interfederation information
@@ -682,18 +704,16 @@ public class AuthenticationSessionStoreage {
 			idp = new InterfederationSessionStore();
 			idp.setCreated(now);
 			idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
-			
+			idp.setMoasession(dbsession);
+			idpList.add(idp);
+						
 		}
-		
 		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());		
 		idp.setSessionIndex(extract.getSessionIndex());
 		idp.setUserNameID(extract.getNameID());
 		idp.setAttributesRequested(false);
 		idp.setQAALevel(extract.getQAALevel());
-		idp.setMoasession(dbsession);
-		idpList.add(idp);
-		
-		
+
 		//store AssertionStore element to Database
 		try {
 			MOASessionDBUtils.saveOrUpdate(dbsession);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 2a65366b8..5cfb1bb92 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -30,6 +30,7 @@ import java.util.List;
 import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
+import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
@@ -109,7 +110,7 @@ public class AuthenticatedSessionStore implements Serializable{
 	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
     private List<OldSSOSessionIDStore> oldssosessionids = null;
 	
-	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
     private List<InterfederationSessionStore> inderfederation = null;
 
     @PrePersist