1 files changed, 39 insertions, 6 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 840c3f2be..393b80d04 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -1,3 +1,25 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
 package at.gv.egovernment.moa.id.storage;
 
 import java.util.Date;
@@ -17,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
@@ -88,7 +111,9 @@ public class AuthenticationSessionStoreage {
 			dbsession.setAuthenticated(session.isAuthenticated());
 			byte[] serialized = SerializationUtils.serialize(session);
 			
-			dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+			EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+			dbsession.setSession(encdata.getEncData());
+			dbsession.setIv(encdata.getIv());
 			
 			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
 			dbsession.setUpdated(new Date());
@@ -111,7 +136,9 @@ public class AuthenticationSessionStoreage {
 			dbsession.setAuthenticated(session.isAuthenticated());
 			byte[] serialized = SerializationUtils.serialize(session);
 			
-			dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+			EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+			dbsession.setSession(encdata.getEncData());
+			dbsession.setIv(encdata.getIv());
 			
 			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
 			dbsession.setUpdated(new Date());
@@ -171,7 +198,9 @@ public class AuthenticationSessionStoreage {
 			
 			byte[] serialized = SerializationUtils.serialize(session);
 			
-			dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+			EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+			dbsession.setSession(encdata.getEncData());
+			dbsession.setIv(encdata.getIv());
 			
 			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
 			dbsession.setUpdated(new Date());
@@ -269,7 +298,9 @@ public class AuthenticationSessionStoreage {
 			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
 			
 			//decrypt Session
-			byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+			EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+					dbsession.getIv());
+			byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
 					
 			AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
 
@@ -432,9 +463,11 @@ public class AuthenticationSessionStoreage {
 			  }
 			
 			//decrypt Session
-			byte[] decrypted = SessionEncrytionUtil.decrypt(result.get(0).getSession());
-					
+			EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
+						result.get(0).getIv());
+			byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);			  					
 			return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+			
 								
 		} catch (Throwable e) {
 			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);