Improvement for cluster operations

 - only use http GET parameter for session management and no information from browser sessions.

5 files changed, 67 insertions, 20 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 7c96c2194..83d0ced20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

 import at.gv.egovernment.moa.id.auth.stork.STORKException;

 import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;

 import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;

@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;

 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;

 import at.gv.egovernment.moa.id.util.HTTPUtils;

+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;

 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.StringUtils;

 import at.gv.util.xsd.xmldsig.SignatureType;

@@ -123,9 +125,18 @@ public class PEPSConnectorServlet extends AuthServlet {
 				Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");

 				throw new AuthenticationException("auth.02", new Object[] { moaSessionID });

 			}

-			

+

+	         if (!ParamValidatorUtils.isValidSessionID(moaSessionID))

+	             throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");

+

 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);

 			

+			//load MOASession from database

+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);

+			

+			//change MOASessionID

+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);

+			

 			Logger.info("Found MOA sessionID: " + moaSessionID);

 			

 			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");

@@ -166,10 +177,7 @@ public class PEPSConnectorServlet extends AuthServlet {
 			}

 			

 			Logger.info("Got SAML response with authentication success message.");

-			

-			//check if authentication request was created before

-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);

-			

+						

 			Logger.debug("MOA session is still valid");

 			

 			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index d28c5eeec..c1104f9f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -24,27 +24,51 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 
 import java.io.Serializable;
 
+import org.opensaml.Configuration;
 import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
 import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class MOARequest implements Serializable{
 
 	private static final long serialVersionUID = 2395131650841669663L;
 	
-	private RequestAbstractType samlRequest;
-	private EntityDescriptor entityMetadata; 
+	private Element samlRequest;
 	private boolean verified = false;
-
+	private String entityID = null;
+	
 	public MOARequest(RequestAbstractType request) {
-		samlRequest = request;
+		samlRequest = request.getDOM();
 	}
 
 	public RequestAbstractType getSamlRequest() {
-		return samlRequest;
+		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+		
+		try {
+			return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+			
+		} catch (UnmarshallingException e) {
+			Logger.warn("AuthnRequest Unmarshaller error", e);
+			return null;
+		}
+		
 	}
 
 	public void setSamlRequest(RequestAbstractType request) {
-		this.samlRequest = request;
+		this.samlRequest = request.getDOM();
 	}
 
 	public boolean isVerified() {
@@ -55,13 +79,29 @@ public class MOARequest implements Serializable{
 		this.verified = verified;
 	}
 
-	public EntityDescriptor getEntityMetadata() {
-		return entityMetadata;
+	public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
+		
+		try {
+			return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+			
+		} catch (MetadataProviderException e) {
+			Logger.warn("No Metadata for EntitiyID " + entityID);
+			throw new NoMetadataInformationException();
+		}			
 	}
 
-	public void setEntityMetadata(EntityDescriptor entityMetadata) {
-		this.entityMetadata = entityMetadata;
+	/**
+	 * @return the entitiyID
+	 */
+	public String getEntityID() {
+		return entityID;
+	}
+
+	/**
+	 * @param entitiyID the entitiyID to set
+	 */
+	public void setEntityID(String entitiyID) {
+		this.entityID = entitiyID;
 	}
-	
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index af29054e1..d00b1cc16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -128,7 +128,7 @@ public class PostBinding implements IDecoder, IEncoder {
 		
 		MOARequest request = new MOARequest(inboundMessage);
 		request.setVerified(false);
-		request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+		request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
 		return request;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 7c9cc6259..f09178f55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -131,7 +131,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
 				.getInboundMessage();
 		MOARequest request = new MOARequest(inboundMessage);
 		request.setVerified(true);
-		request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+		request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
 		return request;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 4d143058b..b6ab357b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -154,8 +154,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			
 		}
 	
-		//TODO: insert!!!!!!
-		if (encryptionCredentials != null && false) {
+		if (encryptionCredentials != null) {
 			//encrypt SAML2 assertion
 				
 			try {