11 files changed, 126 insertions, 59 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998fa495f..b79b99a65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -32,7 +32,9 @@ import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
+import java.util.Iterator;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -62,6 +64,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameTy
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -69,6 +72,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -788,16 +792,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	
 		//set STORK attributes
 		if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {				
-			authData.setStorkAuthnResponse(extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));				
-			authData.setForeigner(true);
+			try {
+				authData.setGenericData(AuthenticationSessionStorageConstants.STORK_RESPONSE, 
+						extractor.getSingleAttributeValue(PVPConstants.EID_STORK_TOKEN_NAME));
+				authData.setForeigner(true);
+				
+			} catch (SessionDataStorageException e) {
+				Logger.warn("STORK Response can not stored into generic authData.", e);
+				
+			}				
 			
-		}
-	
-		if (!extractor.getSTORKAttributes().isEmpty()) {
-			authData.setStorkAttributes(extractor.getSTORKAttributes());
-			authData.setForeigner(true);
 			
 		}
+	
+//		if (!extractor.getSTORKAttributes().isEmpty()) {
+//			authData.setStorkAttributes(extractor.getSTORKAttributes());
+//			authData.setForeigner(true);
+//			
+//		}
 				
 		authData.setSsoSession(true);
 		authData.setInterfederatedSSOSession(true);
@@ -887,10 +899,22 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 		authData.setBkuURL(session.getBkuURL());
 		
-		authData.setStorkAttributes(session.getStorkAttributes());
-		authData.setStorkAuthnResponse(session.getStorkAuthnResponse());
-		authData.setStorkRequest(session.getStorkAuthnRequest());
-		
+		//copy all generic authentication information to authData
+		if (session.getGenericSessionDataStorage() != null &&  
+				!session.getGenericSessionDataStorage().isEmpty()) {
+			Iterator<Entry<String, Object>> copyInterator = session.getGenericSessionDataStorage().entrySet().iterator();
+			while (copyInterator.hasNext()) {
+				Entry<String, Object> element = copyInterator.next();
+				try {
+					authData.setGenericData(element.getKey(), element.getValue());
+					
+				} catch (SessionDataStorageException e) {
+					Logger.warn("Can not add generic authData with key:" + element.getKey(), e);
+					
+				}				
+			}									
+		}
+								
 		authData.setSignerCertificate(session.getEncodedSignerCertificate());
 		authData.setAuthBlock(session.getAuthBlock());
 		
@@ -921,9 +945,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 			
 			if (MiscUtil.isEmpty(authData.getCcc())) {
-				if (authData.getStorkAuthnRequest() != null) {
-					authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
-					Logger.info("Can not extract country from certificate -> Use country from STORK request.");
+				String storkCCC = authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_CCC, String.class);
+				
+				if (MiscUtil.isNotEmpty(storkCCC)) {
+					authData.setCcc(storkCCC);
+					Logger.info("Can not extract country from certificate -> Use country:" + storkCCC + " from STORK request.");
 					
 				}
 								
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index 84b791708..43a0458cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -47,7 +48,8 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder  {
 			throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
 			
 		} else {
-			String storkResponse = authData.getStorkAuthnResponse();
+			String storkResponse = authData.getGenericData(
+					AuthenticationSessionStorageConstants.STORK_RESPONSE, String.class);
 						
 			if ( MiscUtil.isEmpty(storkResponse) ) {
 				throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 26b3bfbd1..9c294245f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -38,9 +38,6 @@ import org.opensaml.saml2.core.StatusResponseType;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.xml.XMLObject;
 
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.logging.Logger;
@@ -50,7 +47,7 @@ public class AssertionAttributeExtractor {
 	
 	private Assertion assertion = null;
 	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	private PersonalAttributeList storkAttributes = new PersonalAttributeList();
+	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
 		
 	private final List<String> minimalAttributeNameList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
@@ -77,9 +74,9 @@ public class AssertionAttributeExtractor {
 						for (XMLObject el : attr.getAttributeValues())
 							storkAttrValues.add(el.getDOM().getTextContent());
 						
-						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-								false, storkAttrValues , "Available");
-						storkAttributes.put(attr.getName(), storkAttr );
+//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
+//								false, storkAttrValues , "Available");
+//						storkAttributes.put(attr.getName(), storkAttr );
 						
 					} else {
 						List<String> attrList = new ArrayList<String>();
@@ -155,9 +152,9 @@ public class AssertionAttributeExtractor {
 		
 	}
 	
-	public PersonalAttributeList getSTORKAttributes() {
-		return storkAttributes;
-	}
+//	public PersonalAttributeList getSTORKAttributes() {
+//		return storkAttributes;
+//	}
 	
 	
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b94348856..5bdf51e7d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,7 +27,10 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -71,8 +74,11 @@ public class GetArtifactAction implements IAction {
 			SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
 						
 			// add other stork attributes to MOA assertion if available
-			if(null != authData.getStorkAttributes()) {
-				List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(authData.getStorkAttributes());
+			IPersonalAttributeList storkAttributes = authData.getGenericData(
+					AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+					IPersonalAttributeList.class);
+			if(null != storkAttributes) {
+				List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes);
 				authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
 				Logger.info("MOA assertion assembled and SAML Artifact generated.");
 			}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
index 939390847..ee4961d5e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
@@ -21,6 +21,7 @@ import org.apache.commons.io.IOUtils;
 import org.xml.sax.SAXException;

 

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;

 import at.gv.egovernment.moa.id.auth.data.IdentityLink;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.BKUException;

@@ -113,7 +114,9 @@ public abstract class AbstractPepsConnectorWithLocalSigningTask extends Abstract
 		moaSession.setIdentityLink(identityLink);

 

 		Logger.debug("Adding addtional STORK attributes to MOA session");

-		moaSession.setStorkAttributes(personalAttributeList);

+		moaSession.setGenericDataToSession(

+				AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 

+				personalAttributeList);

 

 		// We don't have BKUURL, setting from null to "Not applicable"

 		moaSession.setBkuURL("Not applicable (STORK Authentication)");

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index ef61739f8..901762f17 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -46,6 +46,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

@@ -264,7 +265,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 			//attributeList.add(newAttribute);

 

 			//store SignRequest for later...

-			moasession.setSignedDoc(signedDoc);

+			moasession.setGenericDataToSession("STORK_signDoc", signedDoc);

 

 			acsURL = issuerValue + AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;

 			// TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"

@@ -339,7 +340,9 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 		Logger.debug("STORK AuthnRequest successfully internally validated.");

 

 		//send

-		moasession.setStorkAuthnRequest(authnRequest);

+		moasession.setGenericDataToSession(

+				AuthenticationSessionStorageConstants.STORK_REQUEST, 

+				authnRequest);

 

 		// do PEPS-conform logging for easier evaluation

 		try {

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 7b9fa3f12..f872241ae 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;

@@ -142,7 +143,10 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			moaSession.setXMLVerifySignatureResponse(tmp);

 			executionContext.put("identityLinkAvailable", false);

 			try {

-				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();

+				IPersonalAttributeList personalAttributeList = 

+						moaSession.getGenericDataFromSession(

+								AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 

+								IPersonalAttributeList.class);

 				// Add SignResponse TODO Add signature (extracted from signResponse)?

 				List<String> values = new ArrayList<String>();

 				values.add(signResponseString);

@@ -151,7 +155,8 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");

 				personalAttributeList.add(signedDocAttribute);

 

-				String authnContextClassRef = moaSession.getAuthnContextClassRef();

+				String authnContextClassRef = moaSession.getGenericDataFromSession(

+						"STORK_authContextClass", String.class);

 				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);

 				executionContext.put("identityLinkAvailable", true);

 			} catch (STORKException e) {

@@ -187,8 +192,9 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			}

 

 			Logger.debug("Add full STORK AuthnResponse to MOA session");

-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas

-																					// authnResponse?

+			moaSession.setGenericDataToSession(

+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 

+					request.getParameter("SAMLResponse"));

 			

 			MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED);

 			

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 304e5f495..8240f6d00 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -2,18 +2,15 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
 

 import iaik.x509.X509Certificate;

 

-import java.io.IOException;

 import java.io.StringWriter;

 import java.util.ArrayList;

 import java.util.Collection;

-import java.util.List;

 

 import javax.servlet.http.HttpServletRequest;

 import javax.servlet.http.HttpServletResponse;

 import javax.xml.transform.Source;

 import javax.xml.transform.stream.StreamSource;

 

-import org.apache.commons.codec.binary.Base64;

 import org.apache.commons.io.IOUtils;

 import org.apache.commons.lang.StringEscapeUtils;

 import org.apache.velocity.Template;

@@ -24,6 +21,7 @@ import org.opensaml.saml2.core.StatusCode;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;

@@ -204,7 +202,10 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 

 			Logger.debug("MOA session is still valid");

 

-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();

+			STORKAuthnRequest storkAuthnRequest = 

+					moaSession.getGenericDataFromSession(

+							AuthenticationSessionStorageConstants.STORK_REQUEST, 

+							STORKAuthnRequest.class);

 

 			if (storkAuthnRequest == null) {

 				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);

@@ -263,11 +264,15 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 				} else {

 

 					// store SAMLResponse

-					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));

+					moaSession.setGenericDataToSession(

+							AuthenticationSessionStorageConstants.STORK_RESPONSE, 

+							request.getParameter("SAMLResponse"));

 					// store authnResponse

 

 					// moaSession.setAuthnResponse(authnResponse);//not serializable

-					moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);

+					moaSession.setGenericDataToSession(

+							AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 

+							attributeList);

 

 					String authnContextClassRef = null;

 					try {

@@ -277,12 +282,12 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");

 					}

 

-					moaSession.setAuthnContextClassRef(authnContextClassRef);

-					moaSession.setReturnURL(request.getRequestURL());

+					moaSession.setGenericDataToSession("STORK_authContextClass", authnContextClassRef);

+					moaSession.setGenericDataToSession("STORK_returnURL", request.getRequestURL());

 

 					// load signedDoc

-					String signRequest = moaSession.getSignedDoc();

-

+					String signRequest = moaSession.getGenericDataFromSession("STORK_signDoc", String.class);

+					

 					// session is implicit stored in changeSessionID!!!!

 					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);

 

@@ -380,9 +385,11 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			}

 

 			Logger.debug("Add full STORK AuthnResponse to MOA session");

-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas

-																					// authnResponse?

-

+			moaSession.setGenericDataToSession(

+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 

+					request.getParameter("SAMLResponse"));

+			

+			

 			// session is implicit stored in changeSessionID!!!!

 			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);

 

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index b505605ab..8322d1a02 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
 

 import iaik.x509.X509Certificate;

 

-import java.io.IOException;

 import java.io.InputStream;

 import java.io.StringWriter;

 import java.net.URL;

@@ -11,7 +10,6 @@ import java.util.ArrayList;
 import java.util.Arrays;

 import java.util.Date;

 import java.util.List;

-import java.util.Properties;

 

 import javax.activation.DataSource;

 import javax.servlet.http.HttpServletRequest;

@@ -39,6 +37,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;

 import at.gv.egovernment.moa.id.auth.data.IdentityLink;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

@@ -243,7 +242,10 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 

 			Logger.debug("MOA session is still valid");

 

-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();

+			STORKAuthnRequest storkAuthnRequest = 

+					moaSession.getGenericDataFromSession(

+							AuthenticationSessionStorageConstants.STORK_REQUEST, 

+							STORKAuthnRequest.class);

 

 			if (storkAuthnRequest == null) {

 				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);

@@ -575,10 +577,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			moaSession.setIdentityLink(identityLink);

 

 			Logger.debug("Adding addtional STORK attributes to MOA session");

-			moaSession.setStorkAttributes(attributeList);

-

+			moaSession.setGenericDataToSession(

+					AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 

+					attributeList);

+			

 			Logger.debug("Add full STORK AuthnResponse to MOA session");

-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));

+			moaSession.setGenericDataToSession(

+					AuthenticationSessionStorageConstants.STORK_RESPONSE, 

+					request.getParameter("SAMLResponse"));

+

 

 			// We don't have BKUURL, setting from null to "Not applicable"

 			moaSession.setBkuURL("Not applicable (STORK Authentication)");

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
index 9a0598cf6..fb9172f6e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/STORKAttributHelper.java
@@ -24,8 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.PersonalAttribute;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -43,7 +42,10 @@ public class STORKAttributHelper {
 			throw new UnavailableAttributeException(attributName);
 			
 		} else {
-			IPersonalAttributeList storkAttributes = authSession.getStorkAttributes();
+			IPersonalAttributeList storkAttributes = 
+					authSession.getGenericData(
+							AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+							IPersonalAttributeList.class);
 			
 			if ( storkAttributes == null ) {
 				throw new UnavailableAttributeException(attributName);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 2c7e5b539..f9f38e2d5 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.id.data.IAuthData;
@@ -30,6 +31,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
 import eu.stork.peps.auth.commons.PersonalAttribute;
 import eu.stork.peps.auth.commons.PersonalAttributeList;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
@@ -83,12 +85,17 @@ public class MOAAttributeProvider {
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
         String storkAttribute = requestedAttribute.getName();
-
+        
+        IPersonalAttributeList storkAttributes = 
+        		authData.getGenericData(
+						AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST, 
+						IPersonalAttributeList.class);
+        
         // TODO: check if authData gets populated with stork attributtes during previous steps; it seems it is not
-        if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+        if (null != authData && null != storkAttributes && storkAttributes.containsKey(requestedAttribute.getName())) {
             Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
             try {
-                PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+                PersonalAttribute tmp = storkAttributes.get(requestedAttribute.getName());
                 attributeList.add((PersonalAttribute) tmp.clone());
             } catch(Exception e) {
                 Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);