6 files changed, 93 insertions, 41 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index e988cc292..150cd959e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -82,9 +82,7 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	 */
 	@Override
 	public List<String> parse(OnlineApplication dbOA,
-			AuthenticatedUser authUser, HttpServletRequest request) {
-        subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector());
-		
+			AuthenticatedUser authUser, HttpServletRequest request) {		
 		String target_full = dbOA.getTarget();
 		if (MiscUtil.isNotEmpty(target_full)) {
 			if (TargetValidator.isValidTarget(target_full)) {
@@ -95,8 +93,10 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 				
 				if (TargetValidator.isValidTarget(target_split[0])) {
 					target = target_split[0];
-					if (target_split.length > 1)
+					if (target_split.length > 1) {
 						target_subsector = target_split[1];
+						subTargetSet = true;
+					}
 					
 				} else {
 					target = "";
@@ -367,4 +367,22 @@ public class OATargetConfiguration implements IOnlineApplicationData {
     public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
         this.deaktivededBusinessService = deaktivededBusinessService;
     }
+
+
+	/**
+	 * @return the subTargetSet
+	 */
+	public boolean isSubTargetSet() {
+		return subTargetSet;
+	}
+
+
+	/**
+	 * @param subTargetSet the subTargetSet to set
+	 */
+	public void setSubTargetSet(boolean subTargetSet) {
+		this.subTargetSet = subTargetSet;
+	}
+    
+    
 }
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index 261966a86..b8bd1dc02 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -46,8 +46,8 @@
 								</s:select>
 							</s:else>
 							
-							<s:checkbox name="subTargetSet" 
-								value="%{subTargetSet}"
+							<s:checkbox name="targetConfig.subTargetSet" 
+								value="%{targetConfig.subTargetSet}"
 								labelposition="left"
 								key="webpages.oaconfig.general.target.subsector.checkbox"
 								cssClass="checkbox"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 17d6898ee..ddcc6e1d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
@@ -76,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -239,11 +241,7 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				attributs = reqQueryAttr;
 				
 			//IDP is a service provider IDP and request interfederated IDP to collect attributes				
-			} else {
-				
-				//TODO: check if response include attributes and map this attributes to requested attributes
-				//TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
-				
+			} else {												
 				//get PVP 2.1 attributes from protocol specific requested attributes
 				attributs = req.getRequestedAttributes();
 				
@@ -255,44 +253,52 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 				Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
 				throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
 			}
+
+			
+			//TODO: check if response include attributes and map this attributes to requested attributes
+			//TODO: insert code to parse Attributes from AuthnRespones for USP --> Zustelldienst
+			Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+			AssertionAttributeExtractor extractor = 
+					new AssertionAttributeExtractor(intfResp);			
 						
-			//build attributQuery request
-			AttributeQuery query = 
-					AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+			if (!extractor.containsAllRequiredAttributes()) {			
+				//build attributQuery request
+				AttributeQuery query = 
+						AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
 			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+				//build SOAP request				
+				List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
 			
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+				if (xmlObjects.size() == 0) {
+					Logger.error("Receive emptry AttributeQuery response-body.");
+					throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
 				
-			}
+				}
 			
-			if (xmlObjects.get(0) instanceof Response) {
-				Response intfResp = (Response) xmlObjects.get(0);
+				if (xmlObjects.get(0) instanceof Response) {
+					intfResp = (Response) xmlObjects.get(0);
 				
-				//validate PVP 2.1 response
-				try {
-					SAMLVerificationEngine engine = new SAMLVerificationEngine();
-					engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+					//validate PVP 2.1 response
+					try {
+						SAMLVerificationEngine engine = new SAMLVerificationEngine();
+						engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
 				
-					SAMLVerificationEngine.validateAssertion(intfResp, false);
+						SAMLVerificationEngine.validateAssertion(intfResp, false);
 					
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
-				}
-				
-				//parse response information to authData
-				buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
-								
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+					} catch (Exception e) {
+						Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+						throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+					}
+												
+				} else {
+					Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+					throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
 				
+				}
 			}
-										 						
+			//parse response information to authData
+			buildAuthDataFormInterfederationResponse(authdata, session, intfResp);			
+			
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 0d34fcb87..1e38bd4ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{
 							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
 							moduleAction = info.getAction(protocolRequest.requestedAction());
 
-							//create interfederated mOASession
+							//create interfederated MOASession
 							String sessionID = 
 									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
 							req.getParameterMap().put(PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index ee0088576..9aadfdc28 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
 import java.util.List;
 
 import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.saml2.core.Response;
@@ -54,6 +55,19 @@ public class AssertionAttributeExtractor {
 			throw new AssertionAttributeExtractorExeption();		
 	}
 
+	public boolean containsAllRequiredAttributes() {
+		//TODO: add default attribute list
+		return containsAllRequiredAttributes(null);
+		
+	}
+	
+	public boolean containsAllRequiredAttributes(List<Attribute> attributs) {		
+		//TODO: add validation		
+		return false;
+		
+	}
+	
+	
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
 		if (assertion.getSubject() != null) {
 			Subject subject = assertion.getSubject();
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index f762ecdf6..3ee362890 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -144,7 +144,21 @@
 		

 		<dependency>

 			<groupId>iaik</groupId>

-			<artifactId>iaik_tsl</artifactId>			

+			<artifactId>iaik_tsl</artifactId>

+			<exclusions>

+				<exclusion>

+					<artifactId>iaik_pki_module</artifactId>

+					<groupId>iaik</groupId>

+				</exclusion>

+				<exclusion>

+					<artifactId>iaik_ecc_signed</artifactId>

+					<groupId>iaik</groupId>

+				</exclusion>

+				<exclusion>

+					<artifactId>iaik_jce_eval_signed</artifactId>

+					<groupId>iaik</groupId>

+				</exclusion>

+			</exclusions>			

 		</dependency>

 		<dependency>

 			<groupId>iaik</groupId>