Merge branch 'eIDAS_node_2.0_tests' into huge_refactoring

# Conflicts:
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
#	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
#	id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
#	id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
#	id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
#	id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
#	id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
#	id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java

3 files changed, 55 insertions, 10 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 448e2a0f5..c39d78d8b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -164,6 +164,13 @@ public class IDPSingleLogOutServlet extends AbstractController {
 				Logger.info("Restart Single LogOut process after timeout ... ");
 					try {						
 						SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
+						if (sloContainer == null) {
+							Logger.info("No Single LogOut processing information with ID: " + restartProcess);
+							handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false);
+							return;
+							
+						}
+						
 						if (sloContainer.hasFrontChannelOA())
 							sloContainer.putFailedOA("differntent OAs");
 							
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index c77542b4a..e5a8bb739 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -40,7 +41,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -83,7 +83,10 @@ public class RedirectServlet {
 			oa = authConfig.getServiceProviderConfiguration(url, IOAAuthParameters.class);
 			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
 			
-			if (oa == null || !authConfig.getPublicURLPrefix().contains(authURL)) {		
+			List<String> allowedPublicUrlPrefixes = authConfig.getPublicURLPrefix();
+			
+			if ((oa == null && !checkRedirectToItself(url, allowedPublicUrlPrefixes)) 
+					|| !authConfig.getPublicURLPrefix().contains(authURL)) {		
 				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
 				return;
 				
@@ -168,5 +171,17 @@ public class RedirectServlet {
 		}
 		
 	}
+
+	private boolean checkRedirectToItself(String url, List<String> allowedPublicUrlPrefixes) {
+		if (url != null) {		
+			for (String el : allowedPublicUrlPrefixes) {
+				if (url.startsWith(el))
+					return true;
+			
+			}
+		}
+		
+		return false;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 07b5242e0..5aa3a691f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -25,10 +25,14 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -41,7 +45,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 
-	@Autowired private SSOManager ssomanager;
+	@Autowired private IRequestStorage requestStorage;
+	@Autowired(required=false) private SSOManager ssomanager;
+	
 	
 	/* (non-Javadoc)
 	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
@@ -50,18 +56,35 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
 		
-		//get SSO Cookie for Request
-		String ssoId = ssomanager.getSSOSessionID(request);
+		String uniqueSessionIdentifier = null;
+		
+		//if SSOManager is available, search SessionIdentifier in SSO session
+		if (ssomanager != null) {
+			String ssoId = ssomanager.getSSOSessionID(request);			
+			uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+			
+		}
+		
+		// search SessionIdentifier in PendingRequest if available
+		if (MiscUtil.isEmpty(uniqueSessionIdentifier)) {
+			String pendingReqId = StringEscapeUtils.escapeHtml4(
+					request.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));			
+			if (StringUtils.isNotEmpty(pendingReqId)) {
+				IRequest pendingReq = requestStorage.getPendingRequest(pendingReqId);
+				if (pendingReq != null)
+					uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+				
+			}						
+		}
 		
-		//search for unique session identifier
-		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
-		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+		//if NO SSOSession and no PendingRequest create new SessionIdentifier
+		if (StringUtils.isEmpty(uniqueSessionIdentifier))
 			uniqueSessionIdentifier = Random.nextHexRandom16();
 		
 		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
-		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
-		
+		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);		
 		return true; 
+		
 	}
 
 	/* (non-Javadoc)