SSO Implementation

11 files changed, 300 insertions, 141 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 19af66150..f7c0ff812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		// TODO See Bug #144
 		// Compare AuthBlock Data with information stored in session, especially
 		// date and time
-
+		CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+		
 		// compares the public keys from the identityLink with the AuthBlock
 		VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
 				vsresp, session.getIdentityLink());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c41de1904..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -25,6 +25,7 @@
 package at.gv.egovernment.moa.id.auth.data;
 
 import java.io.Serializable;
+import java.util.Date;
 
 import iaik.x509.X509Certificate;
 
@@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{
    */
   private int signatureManifestCheckCode = -1;
 
+  private Date signingDateTime;
+  
   /**
    * Returns the certificateCheckCode.
    * @return int
@@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{
     this.signatureManifestCheckCode = signatureManifestCheckCode;
   }
 
+  public Date getSigningDateTime() {
+	 return signingDateTime;
+  }
+
+  public void setSigningDateTime(Date signingDateTime) {
+	this.signingDateTime = signingDateTime;
+  }
+
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 16ff65477..571d4e738 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException;
 import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
 import eu.stork.vidp.messages.stork.RequestedAttributes;
 
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
+public class LogOutServlet extends AuthServlet {
 
-  /**
-	 * 
-	 */
 	private static final long serialVersionUID = 3908001651893673395L;
 
-
-/**
-   * Responds with an HTML form which upon submit requests the identity link
-   * from the security layer implementation.
-   * <br>
-   * Response:
-   * <ul>
-   * <li>Content type: <code>"text/html"</code></li>
-   * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
-   * <li>Error status: <code>500</code>
-   * </ul>
-   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
-   */
+	private static final String REDIRECT_URL = "redirect";
+	
   protected void doGet(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
-	Logger.debug("GET StartAuthentication");  
-	  	
-	String sessionID = req.getParameter(PARAM_SESSIONID);
-	 sessionID = (String) req.getAttribute(PARAM_SESSIONID);
-
+	Logger.debug("receive LogOut Request");  
 
+	String redirectUrl = (String) req.getParameter(REDIRECT_URL);
 	
-	try {
-		
-		if (StringUtils.isEmpty(sessionID)) 
-			throw new MOAIDException("auth.18", null);
-		
-		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
-		if (!ParamValidatorUtils.isValidSessionID(sessionID))
-		    throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
-		
-		setNoCachingHeadersInHttpRespone(req, resp);
-
-    
-	    //TODO: Load MOASession
-    	AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);  
+	SSOManager ssomanager = SSOManager.getInstance();
+	
+	//get SSO token from request
+	String ssoid = ssomanager.getSSOSessionID(req);
 	
-	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-	    
-	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));    
-	    // STORK or normal authentication
-	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
-	    	//STORK authentication
-	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
-	    	Logger.debug("Starting STORK authentication");
-	    	
-	    	//TODO: insert sessionID to STORK!!
-	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession);							
-	    	
-	    } else {
-	    	//normal MOA-ID authentication
-	    	Logger.debug("Starting normal MOA-ID authentication");
-		    			    	    	
-	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());	   
-
-			resp.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(resp.getOutputStream());
-			out.print(getIdentityLinkForm);
-			out.flush();
-	    }
-		Logger.debug("Finished GET StartAuthentication");
+	if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+		//TODO: Single LogOut Implementation
 		
+		//delete SSO session and MOA session
+		AuthenticationManager authmanager = AuthenticationManager.getInstance();
+		authmanager.logout(req, resp);
+		Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+	} else {
+		Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
 	}
 	
-    catch (WrongParametersException ex) {
-      handleWrongParameters(ex, req, resp);
-    }
-    
-	catch (MOAIDException ex) {
-		handleError(null, ex, req, resp);
-			
-	} catch (MOADatabaseException e) {
-		handleError(null, e, req, resp);
-	}
+	//Remove SSO token
+	ssomanager.deleteSSOSessionID(req, resp);
+	
+	//invalidate Session
+	req.getSession().invalidate();
+	
+	//Redirect to Application
+    resp.setStatus(301);
+    resp.addHeader("Location", redirectUrl);
   }
 
 
-  /**
-   * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-   */
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
     
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e77dd30d0..115c52688 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator {
   /** Xpath expression to the dsig:Signature element */
   private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
   
+  private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
      
  /** Singleton instance. <code>null</code>, if none has been created. */
   private static CreateXMLSignatureResponseValidator instance;
@@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator {
       throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
     }
   }
+  
+  public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+	
+	  //TODO: insert Time validation!!!!
+	  
+  }
+  
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..892607c16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
 import java.util.List;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
       
     }
   }
-
+  
   /**
    * Method validateCertificate.
    * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 244197379..4c5b82db8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.entrypoints;
 
+import iaik.util.logging.Log;
+
 import java.io.IOException;
 import java.util.Iterator;
 
@@ -12,6 +14,7 @@ import javax.servlet.http.HttpSession;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IAction;
@@ -20,11 +23,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.ModulStorage;
 import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
-public class DispatcherServlet extends AuthServlet {
+public class DispatcherServlet extends AuthServlet{
 
 	/**
 	 * 
@@ -189,7 +195,31 @@ public class DispatcherServlet extends AuthServlet {
 				
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();
 				
+				SSOManager ssomanager = SSOManager.getInstance();
+				
+				//get SSO Cookie for Request
+				String ssoId = ssomanager.getSSOSessionID(req);
+											
 				if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
+				
+					//check SSO session
+					if (ssoId != null) {
+						String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+						
+						if (correspondingMOASession != null) {
+							Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+									"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+							
+							AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+							ssomanager.deleteSSOSessionID(req, resp);
+						}
+					}
+					
+					boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+					
+					//TODO: load useSSO from config!
+					boolean useSSOOA = true;
+					
 					if (protocolRequest.isPassiv()
 							&& protocolRequest.forceAuth()) {
 						// conflict!
@@ -206,8 +236,7 @@ public class DispatcherServlet extends AuthServlet {
 					} else if (protocolRequest.isPassiv()) {
 						if (authmanager.tryPerformAuthentication(req,
 								resp)
-								|| authmanager.isAuthenticated(req,
-										resp)) {
+								|| (isValidSSOSession && useSSOOA) ) {
 							// Passive authentication ok!
 						} else {
 							throw new NoPassivAuthenticationException();
@@ -215,8 +244,7 @@ public class DispatcherServlet extends AuthServlet {
 					} else {
 						if (authmanager.tryPerformAuthentication(req,
 								resp)
-								|| authmanager.isAuthenticated(req,
-										resp)) {
+								|| (isValidSSOSession && useSSOOA) ) {
 							// Is authenticated .. proceed
 						} else {
 							// Start authentication!
@@ -226,11 +254,26 @@ public class DispatcherServlet extends AuthServlet {
 						}
 					}
 				}
-
+						
 				moduleAction.processRequest(protocolRequest, req, resp);
 
+				//save SSO session usage in Database				
+				String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+						AuthenticationManager.MOA_SESSION, null);
+
+				String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+				
+				if (newSSOSessionId != null) {
+					ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+					
+				} else {
+					ssomanager.deleteSSOSessionID(req, resp);
+				}
+				
 				RequestStorage.removePendingRequest(httpSession);
-				authmanager.logout(req, resp);
+				
+				
+				//authmanager.logout(req, resp);
 
 			} catch (Throwable e) {
 				e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 58fec9790..d04c0b3d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -66,45 +66,45 @@ public class AuthenticationManager extends AuthServlet {
 		return null;
 	}
 
-	/**
-	 * Checks if the session is authenticated
-	 * 
-	 * @param request
-	 * @param response
-	 * @return
-	 */
-	public boolean isAuthenticated(HttpServletRequest request,
-			HttpServletResponse response) {
-		Logger.info("Checking authentication");
-
-		HttpSession session = request.getSession();
-		
-		String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
-		
-		if(moaSessionID == null) {
-			Logger.info("NO MOA Session to logout");
-			return false;
-		}
-		
-//		AuthenticationSession authSession;
-//		try {
-//			authSession = AuthenticationSessionStoreage
-//					.getSession(moaSessionID);
-//			
-//		} catch (MOADatabaseException e) {
-//			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
-//			return false;
-//		}
+//	/**
+//	 * Checks if the session is authenticated
+//	 * 
+//	 * @param request
+//	 * @param response
+//	 * @return
+//	 */
+//	public boolean isAuthenticated(HttpServletRequest request,
+//			HttpServletResponse response) {
+//		Logger.info("Checking authentication");
+//
+//		HttpSession session = request.getSession();
+//		
+//		String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
 //		
-//		if(authSession == null) {
-//			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//		if(moaSessionID == null) {
+//			Logger.info("NO MOA Session to logout");
 //			return false;
 //		}
 //		
-//		return authSession.isAuthenticated();
-		
-		return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
-	}
+////		AuthenticationSession authSession;
+////		try {
+////			authSession = AuthenticationSessionStoreage
+////					.getSession(moaSessionID);
+////			
+////		} catch (MOADatabaseException e) {
+////			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+////			return false;
+////		}
+////		
+////		if(authSession == null) {
+////			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+////			return false;
+////		}
+////		
+////		return authSession.isAuthenticated();
+//		
+//		return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
+//	}
 
 	/**
 	 * Checks if this request can authenticate a MOA Session
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 9dcef5778..3bbb3bd2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -174,6 +174,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 			AssertionConsumerService consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
 			AttributeConsumingService attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+			
+			//TODO: maybe change to getEntityID()
 			String oaURL = consumerService.getLocation();
 			String binding = consumerService.getBinding();
 			String entityID = moaRequest.getEntityMetadata().getEntityID();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3634c9983..2c4b7c4c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,9 +32,6 @@ public class GetArtifactAction implements IAction {
 		AuthenticationManager authmanager = AuthenticationManager.getInstance();
 		AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
 
-
-//		String oaURL = (String) httpReq.getAttribute(PARAM_OA);
-//		oaURL = StringEscapeUtils.escapeHtml(oaURL);
 		String oaURL = (String) req.getOAURL();
 		String target = (String) req.getTarget();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 09314ba37..d6cf84d86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -95,6 +95,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
 		
 		config.setTarget(oaParam.getTarget());
 		
+		//TODO: set reauthenticate if OA.useSSO=false
+		
 		request.getSession().setAttribute(PARAM_OA, oaURL);
 		request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
 		return config;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 44f0563b1..8ea6a6633 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -13,6 +13,7 @@ import org.apache.commons.lang.SerializationUtils;
 import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
+import org.hibernate.Transaction;
 
 import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
@@ -20,6 +21,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
@@ -93,16 +96,48 @@ public class AuthenticationSessionStoreage {
 	
 	public static void destroySession(String moaSessionID) throws MOADatabaseException {
 		
-		try {
-			AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID);
-			HibernateUtil.delete(dbsession);
+		  Session session = HibernateUtil.getCurrentSession();
+		  
+		  List result;
+		  
+		  synchronized (session) {
+			  
+			  session.beginTransaction();
+			  Query query = session.getNamedQuery("getSessionWithID");
+			  query.setString("sessionid", moaSessionID);
+			  result = query.list();
+
+		  
+			  Logger.trace("Found entries: " + result.size());
+			  
+			  //Assertion requires an unique artifact
+			  if (result.size() != 1) {
+				 Logger.trace("No entries found.");
+			   	throw new MOADatabaseException("No session found with this sessionID");
+			  }
+			  
+			  AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
 			
-		} catch (MOADatabaseException e) {
-			Logger.warn("MOASession could not be destroyed.");
-			throw new MOADatabaseException(e);
-		}
+//				//delete old SSO Session Ids
+//				List<OldSSOSessionIDStore> oldssosessionids = dbsession.getOldssosessionids();
+//
+//				for (OldSSOSessionIDStore oldsssid : oldssosessionids) {
+//					session.delete(oldsssid);
+//				}
+//								
+//				//delete active OA
+//				List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+//
+//				for (OASessionStore activeOA : activeOAs) {
+//					session.delete(activeOA);
+//
+//				}
+				
+				//delete MOA Session
+				session.delete(dbsession);
+				session.getTransaction().commit();
+		  }
 				
-		
 	}
 	
 //	public static void dumpSessionStore() {
@@ -141,10 +176,7 @@ public class AuthenticationSessionStoreage {
 			throw new AuthenticationException("TODO!", null);
 		}
 		
-		
-		
-		
-		
+			
 //		synchronized (sessionStore) {
 //			if (sessionStore.containsKey(session.getSessionID())) {
 //				AuthenticationSession theSession = sessionStore.get(session
@@ -163,6 +195,77 @@ public class AuthenticationSessionStoreage {
 //		throw new AuthenticationException("TODO!", null);
 	}
 
+	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
+			String OAUrl) throws AuthenticationException {
+		
+		AuthenticatedSessionStore dbsession;
+		Transaction tx =  null;
+		
+		try {
+
+			  Session session = HibernateUtil.getCurrentSession();
+			  List result;
+			  
+			  synchronized (session) {
+				  
+				  tx = session.beginTransaction();
+				  Query query = session.getNamedQuery("getSessionWithID");
+				  query.setString("sessionid", moaSessionID);
+				  result = query.list();
+
+			  
+				  Logger.trace("Found entries: " + result.size());
+				  
+				  //Assertion requires an unique artifact
+				  if (result.size() != 1) {
+					 Logger.trace("No entries found.");
+				   	throw new MOADatabaseException("No session found with this sessionID");
+				  }
+				  
+				  dbsession = (AuthenticatedSessionStore) result.get(0);
+				
+				  //set active OA applications
+				  OASessionStore activeOA = new OASessionStore();
+				  activeOA.setOaurlprefix(OAUrl);
+				  activeOA.setMoasession(dbsession);
+				  activeOA.setCreated(new Date());
+				  
+				  List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();				  
+				  activeOAs.add(activeOA);
+				  dbsession.setActiveOAsessions(activeOAs);
+
+				  
+				  //Store used SSOId 
+				  if (dbsession.getSSOsessionid() != null) {
+					  OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+					  oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+					  oldSSOId.setMoasession(dbsession);
+					  
+					  List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+					  oldSSOIds.add(oldSSOId);
+				  }
+				  
+					dbsession.setSSOSession(true);
+					dbsession.setSSOsessionid(SSOSessionID);
+					
+					//Store MOASession
+					session.saveOrUpdate(dbsession);
+					
+					//send transaction
+					tx.commit();
+			}
+			
+		} catch (MOADatabaseException e) {
+			throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
+			
+		} catch(HibernateException e) {
+	  		Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+	  		 tx.rollback();
+	  		 throw new AuthenticationException("SSO Session information can not be stored!  --> SSO is deactivated", null);	
+	  	 }
+	}
+	
+	
 	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
 		
 		try {
@@ -181,6 +284,49 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 	
+	public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+		
+		  MiscUtil.assertNotNull(SSOId, "moasessionID");	  
+		  Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+		  Session session = HibernateUtil.getCurrentSession();
+		  
+		  List<AuthenticatedSessionStore> result;
+		  
+		  synchronized (session) {
+			  session.beginTransaction();
+			  Query query = session.getNamedQuery("getSessionWithSSOID");
+			  query.setString("sessionid", SSOId);
+			  result = query.list();
+			  
+			  //send transaction
+			  session.getTransaction().commit();
+		  }
+		  
+		  Logger.trace("Found entries: " + result.size());
+		  
+		  //Assertion requires an unique artifact
+		  if (result.size() != 1) {
+			 Logger.trace("No entries found.");
+			 return false;
+					 
+		  } else {
+			  AuthenticatedSessionStore dbsession = result.get(0);
+			  
+				
+				if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+					Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+					return true;
+					
+				} else {
+					Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() 
+							+ " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+				}
+			
+				return false;
+		  }
+		
+	}
+		
 	public static void clean(long now, long authDataTimeOut) {
 		Date expioredate = new Date(now - authDataTimeOut);