-- Solve merge problems (AuthnRequestHandler.java & mandateReferenceValueAttributeBuilder)

-- Change sessionmanagement betweem AuthAction and TokenAction to AssertionStorage class
-- add class definieten to HTML config element

6 files changed, 65 insertions, 89 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 1061a2802..9aecefd43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -207,7 +207,7 @@ public class AuthenticationSession implements Serializable {
 	
 	private boolean ssoRequested = false;
 	
-	private OAuth20SessionObject oAuth20SessionObject;
+//	private OAuth20SessionObject oAuth20SessionObject;
 	
 	// /**
 	// * Indicates if target from configuration is used or not
@@ -963,18 +963,18 @@ public class AuthenticationSession implements Serializable {
 	}
 	
 	/**
-	 * @return the oAuth20SessionObject
-	 */
-	public OAuth20SessionObject getoAuth20SessionObject() {
-		return oAuth20SessionObject;
-	}
-	
-	/**
-	 * @param oAuth20SessionObject
-	 *            the oAuth20SessionObject to set
-	 */
-	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
-		this.oAuth20SessionObject = oAuth20SessionObject;
-	}
+//	 * @return the oAuth20SessionObject
+//	 */
+//	public OAuth20SessionObject getoAuth20SessionObject() {
+//		return oAuth20SessionObject;
+//	}
+//	
+//	/**
+//	 * @param oAuth20SessionObject
+//	 *            the oAuth20SessionObject to set
+//	 */
+//	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
+//		this.oAuth20SessionObject = oAuth20SessionObject;
+//	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
index 20711373e..4c7d1a37b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
@@ -15,7 +15,7 @@ public class OAuth20SessionObject implements Serializable {
 	
 	private String code;
 	
-	private AuthenticationSession authDataSession;
+	private String authDataSession;
 	
 	public String getScope() {
 		return scope;
@@ -40,11 +40,11 @@ public class OAuth20SessionObject implements Serializable {
 		this.code = code;
 	}
 	
-	public AuthenticationSession getAuthDataSession() {
+	public String getAuthDataSession() {
 		return authDataSession;
 	}
 	
-	public void setAuthDataSession(AuthenticationSession authDataSession) {
+	public void setAuthDataSession(String authDataSession) {
 		this.authDataSession = authDataSession;
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 68f508103..17649487a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -13,7 +13,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 
 class OAuth20AuthAction implements IAction {
@@ -32,25 +34,25 @@ class OAuth20AuthAction implements IAction {
 		String responseType = oAuthRequest.getResponseType();
 		AuthenticationSession session = null;
 		
+		String code = Random.nextRandom();
+		
 		try {
-			session = AuthenticationSessionStoreage.createSession();
-			
-			String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession);
+					
 			Logger.debug("Stored session with id: " + code);
 			OAuth20SessionObject o = new OAuth20SessionObject();
 			if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
 				o.setScope(oAuthRequest.getScope());
 				o.setCode(code);
-				o.setAuthDataSession(moasession);
+				o.setAuthDataSession(moasession.getSessionID());
 				
 			} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
 				throw new OAuth20ResponseTypeException();
 			}
 			
-			// store data in oath session
-			session.setoAuth20SessionObject(o);
-			AuthenticationSessionStoreage.storeSession(session);
-			Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID());
+			// store data in oath session			
+			AssertionStorage.getInstance().put(code, o);
+			
+			Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
 			
 			// add code and state to redirect url
 			httpResp.setStatus(HttpServletResponse.SC_FOUND);
@@ -65,14 +67,12 @@ class OAuth20AuthAction implements IAction {
 			Logger.debug("REDIRECT TO: " + finalUrl.toString());
 		}
 		catch (Exception e) {
-			try {
-				if (session != null) {
-					Logger.debug("Going to destroy session: " + session.getSessionID());
-					AuthenticationSessionStoreage.destroySession(session.getSessionID());
-				}
-			}
-			catch (MOADatabaseException e1) {
+
+			//remove OAuthSessionObject if it already exists
+			if (AssertionStorage.getInstance().containsKey(code)) {
+				AssertionStorage.getInstance().remove(code);
 			}
+			
 			if (e instanceof OAuth20Exception) {
 				throw (OAuth20Exception) e;
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3dceaecdf..b975b5594 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Unauthorized
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -38,25 +39,41 @@ class OAuth20TokenAction implements IAction {
 	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			AuthenticationSession moasession) throws MOAIDException {
 		
-		AuthenticationSession session = null;
+		
+		OAuth20SessionObject auth20SessionObject = null;
 		try {
 			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+		
+			try {
+				Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
+				
+				auth20SessionObject = 
+						AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
 			
-			session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode());
-			if (session == null) {
+			} catch (MOADatabaseException e) {
 				throw new OAuth20UnauthorizedClientException();
+				
 			}
-			
-			OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject();
-			Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID());
-			
+
 			// do checking for different grant types and code
 			if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
 				throw new OAuth20UnauthorizedClientException();
 			} else {
 				Logger.debug("Loaded of OAuth20SessionObject was successful");
 			}
+
 			
+			Logger.debug("Load MOASession from database");
+			AuthenticationSession session = AuthenticationSessionStoreage.getSession(auth20SessionObject.getAuthDataSession());
+			if (session == null) {
+				Logger.warn("NO MOASession found with SessionID " + auth20SessionObject.getAuthDataSession());
+				throw new OAuth20UnauthorizedClientException();
+				
+			} else {
+				Logger.debug("Loading of MOASession was successful.");
+				
+			}
+						
 			final String accessToken = UUID.randomUUID().toString();
 			
 			// create response
@@ -67,7 +84,7 @@ class OAuth20TokenAction implements IAction {
 			
 			// build id token and scope
 			Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
-					auth20SessionObject.getAuthDataSession());
+					session);
 			Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
 			params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
 			Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
@@ -93,14 +110,12 @@ class OAuth20TokenAction implements IAction {
 		}
 		
 		finally {
-			if (session != null) {
+			if (auth20SessionObject != null) {
 				// destroy session for clean up
-				try {
-					Logger.debug("Going to destroy session: " + session.getSessionID());
-					AuthenticationSessionStoreage.destroySession(session.getSessionID());
-				}
-				catch (MOADatabaseException e) {
-				}
+
+				Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
+				AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+
 			}
 		}
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 2c4eb15de..dc1a4f04b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -1,36 +1,22 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
 
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
 
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
 		return MANDATE_REFERENCE_VALUE_NAME;
 	}
-	public Attribute build(AuthenticationSession authSession, 
 	
 	public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
 			IAttributeGenerator<ATT> g) throws AttributeException {
 		if (authSession.getUseMandate()) {
-			Element mandate = authSession.getMandate();
-			if (mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if (mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			
+		
 			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
-					mandateObject.getMandateID());
+					authSession.getMandateReferenceValue());
 		}
 		return null;
 		
@@ -40,29 +26,3 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
 		return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME);
 	}
 }
-
-	public Attribute build(AuthenticationSession authSession, 
-			OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
-		if(authSession.getUseMandate()) {
-			
-//			Element mandate = authSession.getMandate();
-//			if(mandate == null) {
-//				throw new NoMandateDataAvailableException();
-//			}
-//			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-//			if(mandateObject == null) {
-//				throw new NoMandateDataAvailableException();
-//			}
-			
-			return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, 
-					MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue());
-		}
-		return null;
-		
-	}
-	
-	public Attribute buildEmpty() {
-		return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, 
-				MANDATE_REFERENCE_VALUE_NAME);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 0c7dea3c8..9de385307 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
+import org.joda.time.DateTime;
 import org.opensaml.Configuration;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.Assertion;