aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java23
1 files changed, 17 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index b00df8a86..393b80d04 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
@@ -110,7 +111,9 @@ public class AuthenticationSessionStoreage {
dbsession.setAuthenticated(session.isAuthenticated());
byte[] serialized = SerializationUtils.serialize(session);
- dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -133,7 +136,9 @@ public class AuthenticationSessionStoreage {
dbsession.setAuthenticated(session.isAuthenticated());
byte[] serialized = SerializationUtils.serialize(session);
- dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -193,7 +198,9 @@ public class AuthenticationSessionStoreage {
byte[] serialized = SerializationUtils.serialize(session);
- dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+ EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ dbsession.setSession(encdata.getEncData());
+ dbsession.setIv(encdata.getIv());
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -291,7 +298,9 @@ public class AuthenticationSessionStoreage {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
//decrypt Session
- byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+ EncryptedData encdata = new EncryptedData(dbsession.getSession(),
+ dbsession.getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
@@ -454,9 +463,11 @@ public class AuthenticationSessionStoreage {
}
//decrypt Session
- byte[] decrypted = SessionEncrytionUtil.decrypt(result.get(0).getSession());
-
+ EncryptedData encdata = new EncryptedData(result.get(0).getSession(),
+ result.get(0).getIv());
+ byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);