extending the peps communication and response

8 files changed, 477 insertions, 48 deletions

diff --git a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
index 166a48ff8..eca38ec8c 100644
--- a/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
+++ b/id/server/data/deploy/conf/moa-id/stork/SamlEngine.xml
@@ -61,7 +61,7 @@
                         <!-- Specific signature module -->
                         <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
                         <!-- Settings specific module -->
-                        <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
+                        <parameter name="fileConfiguration" value="SignModule_VIDP.xml" />
                 </configuration>
         </instance>
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1d9e31674..8f0d259b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -159,6 +159,7 @@ public class AttributeCollector implements IAction {
             	new ConsentEvaluator().generateSTORKResponse(response, container);
 
             return "12345"; // AssertionId
+                            // TODO
 
         } catch (ExternalAttributeRequestRequiredException e) {
             // the attribute request is ongoing and requires an external service.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 5e49fe413..efa77577e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -3,23 +3,30 @@ package at.gv.egovernment.moa.id.protocols.stork2;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.*;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.apache.velocity.runtime.RuntimeConstants;
-import org.joda.time.DateTime;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.StringWriter;
+import java.security.NoSuchAlgorithmException;
 
 
 /**
@@ -41,23 +48,23 @@ public class AuthenticationRequest implements IAction {
 
         this.moaSession = moasession;
 
-        if (req instanceof MOASTORKRequest) {
+        if ((req instanceof MOASTORKRequest) && !((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
 
             this.moaStorkRequest = (MOASTORKRequest) req;
 
             Logger.debug("Entering MOASTORKRequest");
             httpResp.reset();
-            
+
             OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
             if (oaParam == null)
                 throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
 
             MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
-            
+
             // check if it is attribute query
             if (moaStorkRequest.isAttrRequest()) {
                 Logger.debug("Starting AttrQueryRequest");
-                
+
                 moaStorkResponse.setSTORKAttrResponse(new STORKAttrQueryResponse());
             }
             // check if we have authentication request
@@ -70,7 +77,7 @@ public class AuthenticationRequest implements IAction {
 
                 Logger.debug("Starting generation of SAML response");
                 try {
-                    moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(),httpReq.getRemoteAddr(), false));
+                    moaStorkResponse.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(moaStorkRequest.getStorkAuthnRequest(), moaStorkResponse.getStorkAuthnResponse(), httpReq.getRemoteAddr(), false));
                 } catch (STORKSAMLEngineException ex) {
                     // TODO
                 }
@@ -80,7 +87,7 @@ public class AuthenticationRequest implements IAction {
 
 
             }
-            
+
             //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry());
 
             // Prepare extended attributes
@@ -107,20 +114,256 @@ public class AuthenticationRequest implements IAction {
             arep.setSamlId("xxxx");
             arep.setStatusCode("xxxx");
 
-           // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
-           // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
+            // arep.setNotBefore(new DateTime().withTimeAtStartOfDay());
+            // arep.setNotOnOrAfter(new DateTime().withTimeAtStartOfDay());
 
 
             Logger.debug("Data container prepared");
 
             return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam);
+        }  // check if we are getting request for citizen of some other country
+        else if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
+
+            // - generate new key
+            String artifactId = null;
+            try {
+                artifactId = new SecureRandomIdentifierGenerator().generateIdentifier();
+            } catch (NoSuchAlgorithmException e) {
+                e.printStackTrace();
+            }
+
+            STORKAuthnRequest spAuthnRequest = ((MOASTORKRequest) req).getStorkAuthnRequest();
+            STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+
+            try {
+                storkAuthnRequest = (STORKAuthnRequest) spAuthnRequest.clone();
+            } catch (CloneNotSupportedException e) {
+                e.printStackTrace();
+            }
+
+            storkAuthnRequest.setIssuer("VIDP");
+            storkAuthnRequest.setAssertionConsumerServiceURL("https://vm-stork2-vidp:8443/moa-id-auth/stork2/SendPEPSAuthnRequest");
+            storkAuthnRequest.setSamlId(artifactId);
+
+            String publicURLPrefix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+            if (publicURLPrefix == null)
+                throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()});
+
+
+            DataContainer originalRequest = new DataContainer();
+            originalRequest.setRequest((MOASTORKRequest) req);
+
+
+            // preparing redirection for the client
+            try {
+                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+                VelocityContext context = new VelocityContext();
+
+                //STORKAuthnRequest storkAuthnRequest = new STORKAuthnRequest();
+
+                try {
+                    //Get SAMLEngine instance
+                    STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+                    Logger.debug("Starting generation of SAML request");
+                    storkAuthnRequest = engine.generateSTORKAuthnRequest(storkAuthnRequest);
+
+                    //generateSAML Token
+                    Logger.info("SAML response succesfully generated!");
+                } catch (STORKSAMLEngineException e) {
+                    Logger.error("Failed to generate STORK SAML Response", e);
+                    throw new MOAIDException("stork.05", null);
+                }
+
+
+                // store original request from sp in order to be able to extract it in later iteration/response
+                try {
+                    AssertionStorage.getInstance().put(storkAuthnRequest.getSamlId(), originalRequest);
+                    Logger.info("Storing artifactId " + storkAuthnRequest.getSamlId() + " of SP authentication request");
+                } catch (MOADatabaseException e) {
+                    e.printStackTrace();
+                }
+
+                byte[] blob;
+                blob = storkAuthnRequest.getTokenSaml();
+
+                context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(blob));
+                Logger.debug("SAMLRequest original: " + new String(blob));
+
+                Logger.debug("Putting url as action: " + "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
+                context.put("action", "https://peps-test.mju.gov.si/PEPS/ColleagueRequest");
+                Logger.debug("Starting template merge");
+                StringWriter writer = new StringWriter();
+
+                Logger.debug("Doing template merge");
+                template.merge(context, writer);
+                Logger.debug("Template merge done");
+
+                Logger.debug("Sending html content: " + writer.getBuffer().toString());
+                Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+                httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+            } catch (Exception e) {
+                Logger.error("Velocity error: " + e.getMessage());
+            }
+            return "xxxx";// TODO
+
+        } // check if we got the response from peps, if so then process it and forward to sp
+        else if ((req instanceof MOASTORKResponse)) {
+
+            MOASTORKResponse moastorkResponse = (MOASTORKResponse) req;
+
+
+            STORKAuthnResponse authnResponse = null;
+            // check if valid authn request is contained
+
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+            try {
+                authnResponse = engine.validateSTORKAuthnResponse(moastorkResponse.getSTORKAuthnResponseToken(), httpReq.getRemoteAddr());
+            } catch (STORKSAMLEngineException ex) {
+                Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+            }
+
+            Logger.info("Requesting artifactId " + authnResponse.getInResponseTo() + " from store.");
+
+            DataContainer dataContainer = null;
+
+            try {
+                dataContainer = AssertionStorage.getInstance().get(authnResponse.getInResponseTo(), DataContainer.class);
+            } catch (MOADatabaseException e) {
+                e.printStackTrace();
+            }
+
+            authnResponse.setInResponseTo(dataContainer.getRequest().getStorkAuthnRequest().getSamlId());
+            authnResponse.setAudienceRestriction(dataContainer.getRequest().getAssertionConsumerServiceURL());
+
+
+            try {
+                //Get SAMLEngine instance
+                STORKSAMLEngine engine2 = STORKSAMLEngine.getInstance("VIDP");
+                Logger.debug("Starting generation of SAML response");
+
+                authnResponse = engine2.generateSTORKAuthnResponse(dataContainer.getRequest().getStorkAuthnRequest(), authnResponse, httpReq.getRemoteAddr(), false);
+
+                //generateSAML Token
+                Logger.info("SAML response succesfully generated!");
+            } catch (STORKSAMLEngineException e) {
+                Logger.error("Failed to generate STORK SAML Response", e);
+                throw new MOAIDException("stork.05", null);
+            }
+
+            // preparing redirection for the client
+            try {
+                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+                VelocityContext context = new VelocityContext();
+
+                byte[] blob;
+                blob = authnResponse.getTokenSaml();
+
+                context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+                Logger.debug("SAMLResponse original: " + new String(blob));
+
+                Logger.debug("Putting assertion consumer url as action: " + dataContainer.getRequest().getAssertionConsumerServiceURL());
+                context.put("action", dataContainer.getRequest().getAssertionConsumerServiceURL());
+
+                Logger.debug("Starting template merge");
+                StringWriter writer = new StringWriter();
+
+                Logger.debug("Doing template merge");
+                template.merge(context, writer);
+                Logger.debug("Template merge done");
+
+                Logger.debug("Sending html content: " + writer.getBuffer().toString());
+                Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+                httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+            } catch (Exception e) {
+                Logger.error("Velocity error: " + e.getMessage());
+            }
+
+
+            return "yyyyy"; // TODO
         } else {
             Logger.error("Could not recognize request.");
             throw new MOAIDException("stork.15", null);
         }
     }
 
+
+    public void generatePEPSRedirect(HttpServletResponse httpResp, DataContainer container) throws MOAIDException {
+        MOASTORKRequest request = container.getRequest();
+        MOASTORKResponse response = container.getResponse();
+
+        Logger.info("generating stork response...");
+
+        try {
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+            Logger.debug("Starting generation of SAML response");
+            if (response.isAuthnResponse())
+                response.setSTORKAuthnResponse(engine.generateSTORKAuthnResponse(request.getStorkAuthnRequest(), response.getStorkAuthnResponse(), container.getRemoteAddress(), false));
+            else
+                response.setSTORKAttrResponse(engine.generateSTORKAttrQueryResponse(request.getStorkAttrQueryRequest(), response.getStorkAttrQueryResponse(), container.getRemoteAddress(), "", false));
+
+
+            //generateSAML Token
+            Logger.info("SAML response succesfully generated!");
+        } catch (STORKSAMLEngineException e) {
+            Logger.error("Failed to generate STORK SAML Response", e);
+            throw new MOAIDException("stork.05", null);
+        }
+
+        // preparing redirection for the client
+        try {
+            VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+            Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+            VelocityContext context = new VelocityContext();
+
+            byte[] blob;
+            if (request.isAttrRequest())
+                blob = response.getStorkAttrQueryResponse().getTokenSaml();
+            else
+                blob = response.getStorkAuthnResponse().getTokenSaml();
+
+            context.put("SAMLResponse", PEPSUtil.encodeSAMLToken(blob));
+            Logger.debug("SAMLResponse original: " + new String(blob));
+
+            Logger.debug("Putting assertion consumer url as action: " + request.getAssertionConsumerServiceURL());
+            context.put("action", request.getAssertionConsumerServiceURL());
+            Logger.debug("Starting template merge");
+            StringWriter writer = new StringWriter();
+
+            Logger.debug("Doing template merge");
+            template.merge(context, writer);
+            Logger.debug("Template merge done");
+
+            Logger.debug("Sending html content: " + writer.getBuffer().toString());
+            Logger.debug("Sending html content2  : " + new String(writer.getBuffer()));
+
+            httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+
+        } catch (Exception e) {
+            Logger.error("Velocity error: " + e.getMessage());
+        }
+    }
+
+
     public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+
+        if (req instanceof MOASTORKRequest) {
+            if (((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("SI")) {
+                return false;
+
+            }
+        } else if (req instanceof MOASTORKResponse) {
+            return false;
+        }
+
         return true;
     }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 9ea33c8ef..a5a91fa55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -7,6 +7,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
 import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
 
 /**
  * Implements MOA request and stores StorkAuthn/Attr-Request related data.
@@ -36,6 +37,7 @@ public class MOASTORKRequest implements IRequest, Serializable {
     /** The stork attr query request. */
     private STORKAttrQueryRequest storkAttrQueryRequest;
 
+
     /**
      * Sets the sTORK authn request.
      *
@@ -72,7 +74,6 @@ public class MOASTORKRequest implements IRequest, Serializable {
         return null != storkAuthnRequest;
     }
 
-
     /**
      * Gets the stork authn request.
      *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index 4e0f57779..7d9e20cd0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -1,28 +1,124 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
-import java.io.Serializable;
-
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.auth.commons.STORKAttrQueryResponse;
 import eu.stork.peps.auth.commons.STORKAuthnResponse;
 
+import java.io.Serializable;
+
 /**
  * Implements MOA request and stores StorkAuthn/Attr-Request related data.
  *
  * @author bsuzic
  */
-public class MOASTORKResponse implements Serializable {
-	
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = -5798803155055518747L;
-	
-	/** The stork authn request. */
-	private STORKAuthnResponse storkAuthnResponse;
-    
-    /** The stork attr query request. */
+public class MOASTORKResponse implements IRequest, Serializable {
+
+    /**
+     * The Constant serialVersionUID.
+     */
+    private static final long serialVersionUID = -5798803155055518747L;
+
+    /**
+     * The stork authn request.
+     */
+    private STORKAuthnResponse storkAuthnResponse;
+
+    /**
+     * The stork attr query request.
+     */
     private STORKAttrQueryResponse storkAttrQueryResponse;
-    
+
+    /**
+     * The action.
+     */
+    String action = null;
+
+    /**
+     * The token
+     */
+    private byte[] storkAuthnResponseToken = null;
+
+    /**
+     * The request id.
+     */
+    private String requestID;
+
+
+    /**
+     * The module.
+     */
+    String module = null;
+
+    /**
+     * The target.
+     */
+    private String target = null;
+
+
+    /* (non-Javadoc)
+   * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
+   */
+    public String requestedModule() {
+        return this.module;
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
+     */
+    public String requestedAction() {
+        return action;
+    }
+
+
+    /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
+ */
+    public String getRequestID() {
+        return this.requestID;
+    }
+
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget()
+     */
+    public String getTarget() {
+        return this.target;
+    }
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IRequest#isSSOSupported()
+     */
+    public boolean isSSOSupported() {
+        return false;
+    }
+
+
+    /* (non-Javadoc)
+     * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
+     */
+    public boolean forceAuth() {
+        return false;
+    }
+
+
+    /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String)
+ */
+    public void setModule(String module) {
+        this.module = module;
+    }
+
+
+    /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String)
+ */
+    public void setRequestID(String id) {
+        this.requestID = id;
+    }
+
     /**
      * Sets the sTORK authn response.
      *
@@ -33,6 +129,23 @@ public class MOASTORKResponse implements Serializable {
     }
 
     /**
+     * Sets the sTORK authn response token
+     *
+     * @param request the new sTORK authn response token
+     */
+    public void setSTORKAuthnResponseToken(byte[] token) {
+        this.storkAuthnResponseToken = token;
+    }
+
+    /**
+     * Gets the sTORK authn response token .
+     *
+     * @param request the new sTORK authn response
+     */
+    public byte[] getSTORKAuthnResponseToken() {
+        return this.storkAuthnResponseToken;
+    }
+    /**
      * Sets the sTORK attr response.
      *
      * @param request the new sTORK attr response
@@ -77,17 +190,17 @@ public class MOASTORKResponse implements Serializable {
     public STORKAttrQueryResponse getStorkAttrQueryResponse() {
         return this.storkAttrQueryResponse;
     }
-    
+
     /**
      * Gets the personal attribute list.
      *
      * @return the personal attribute list
      */
     public IPersonalAttributeList getPersonalAttributeList() {
-    	if(isAttrResponse())
-    		return this.storkAttrQueryResponse.getPersonalAttributeList();
-    	else
-    		return this.storkAuthnResponse.getPersonalAttributeList();
+        if (isAttrResponse())
+            return this.storkAttrQueryResponse.getPersonalAttributeList();
+        else
+            return this.storkAuthnResponse.getPersonalAttributeList();
     }
 
     /**
@@ -96,22 +209,53 @@ public class MOASTORKResponse implements Serializable {
      * @param populateAttributes the new personal attribute list
      */
     public void setPersonalAttributeList(PersonalAttributeList populateAttributes) {
-    	if(isAttrResponse())
-    		this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
-    	else
-    		this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
-    }
-    
-	/**
-	 * Sets the country.
-	 *
-	 * @param spCountry the new country
-	 */
-	public void setCountry(String spCountry) {
-    	if(isAttrResponse())
-    		this.storkAttrQueryResponse.setCountry(spCountry);
-    	else
-    		this.storkAuthnResponse.setCountry(spCountry);
-	}
+        if (isAttrResponse())
+            this.storkAttrQueryResponse.setPersonalAttributeList(populateAttributes);
+        else
+            this.storkAuthnResponse.setPersonalAttributeList(populateAttributes);
+    }
+
+    /**
+     * Sets the country.
+     *
+     * @param spCountry the new country
+     */
+    public void setCountry(String spCountry) {
+        if (isAttrResponse())
+            this.storkAttrQueryResponse.setCountry(spCountry);
+        else
+            this.storkAuthnResponse.setCountry(spCountry);
+    }
+
+
+    /* (non-Javadoc)
+    * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
+    */
+    public String getOAURL() {
+        if (isAuthnResponse())
+            return storkAuthnResponse.getAudienceRestriction();
+        else if (isAttrResponse())
+            return storkAttrQueryResponse.getAudienceRestriction();
+        else {
+            Logger.error("There is no authentication or attribute request contained in MOASTORKRequest.");
+            return null;
+        }
+    }
+
+    /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
+ */
+    public boolean isPassiv() {
+        return false;
+    }
+
+
+    /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String)
+ */
+    public void setAction(String action) {
+        this.action = action;
+    }
+
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
index 0e94600db..5d13ccb45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java
@@ -68,7 +68,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider {
         String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
         String spApplication = spInstitution;
 
-        //generate AuthnRquest
+        //generate AttrQueryRequest
         STORKAttrQueryRequest attributeRequest = new STORKAttrQueryRequest();
         attributeRequest.setDestination(destination);
         attributeRequest.setAssertionConsumerServiceURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 3bd1686b4..077867fe0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse;
  */
 public class MandateRetrievalRequest implements IAction {
     public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
-        Logger.info("Entering mandateretrievalrequest");
+        Logger.error("Entering mandateretrievalrequest");
         return null;  //
     }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 00f919c82..689aed8aa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -64,10 +64,46 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         Logger.debug("Initiating action: " + action);
 
         MOASTORKRequest STORK2Request = new MOASTORKRequest();
+        MOASTORKResponse STORK2Response = new MOASTORKResponse();
 
-		if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
+
+        if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
 			return STORK2Request;
 
+
+        if (request.getParameter("SAMLResponse") != null) {
+            //extract STORK Response from HTTP Request
+            byte[] decSamlToken;
+            try {
+                decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+            } catch (NullPointerException e) {
+                if (request.getRemoteHost().contains("129.27.142")) {
+                    Logger.warn("Availability check by " + request.getRemoteHost() + " on URI: " + request.getRequestURI());
+                } else {
+                    Logger.error("Unable to retrieve STORK Request for host: " + request.getRemoteHost() + " and URI: " + request.getRequestURI(), e);
+                }
+                throw new MOAIDException("stork.04", null);
+            }
+
+            //Get SAMLEngine instance
+            STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+
+            STORKAuthnResponse authnResponse = null;
+
+
+            // check if valid authn request is contained
+            try {
+                authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, request.getRemoteAddr());
+            } catch (STORKSAMLEngineException ex) {
+                Logger.error("Unable to validate Stork AuthenticationResponse: " + ex.getMessage());
+            }
+
+            STORK2Response.setSTORKAuthnResponseToken(decSamlToken);
+
+            return STORK2Response;
+
+        }   else  if (request.getParameter("SAMLRequest") != null)  {
+
         //extract STORK Response from HTTP Request
         byte[] decSamlToken;
         try {
@@ -87,6 +123,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         STORKAuthnRequest authnRequest = null;
         STORKAttrQueryRequest attrRequest = null;
 
+
         // check if valid authn request is contained
         try {
             authnRequest = engine.validateSTORKAuthnRequest(decSamlToken);
@@ -112,6 +149,9 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants {
         STORK2Request.setSTORKAttrRequest(attrRequest);
 
         return STORK2Request;
+        } else {
+            throw new MOAIDException("stork.14", null);  // TODO Specify message
+            }
     }
 
     public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {