From 1b6b4dabd0333367abe2ccb0e72bd5986df65327 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 16 Apr 2014 11:47:25 +0200
Subject: refactor PVP21 inbound message processing

---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 189 ++++++++++++---------
 .../id/protocols/pvp2x/PVPTargetConfiguration.java |   2 +-
 .../protocols/pvp2x/binding/ArtifactBinding.java   |   9 +-
 .../moa/id/protocols/pvp2x/binding/IDecoder.java   |   9 +-
 .../moa/id/protocols/pvp2x/binding/MOARequest.java | 124 --------------
 .../id/protocols/pvp2x/binding/MOAResponse.java    |  60 -------
 .../id/protocols/pvp2x/binding/PostBinding.java    |  76 ++++-----
 .../protocols/pvp2x/binding/RedirectBinding.java   | 126 ++++++++------
 .../id/protocols/pvp2x/binding/SoapBinding.java    |  10 +-
 .../protocols/pvp2x/messages/InboundMessage.java   | 114 +++++++++++++
 .../pvp2x/messages/InboundMessageInterface.java    |  38 +++++
 .../id/protocols/pvp2x/messages/MOARequest.java    |  58 +++++++
 .../id/protocols/pvp2x/messages/MOAResponse.java   |  56 ++++++
 .../pvp2x/requestHandler/ArtifactResolution.java   |   2 +-
 .../pvp2x/requestHandler/AuthnRequestHandler.java  |   2 +-
 .../pvp2x/requestHandler/IRequestHandler.java      |   2 +-
 .../pvp2x/requestHandler/RequestManager.java       |   2 +-
 .../pvp2x/verification/SAMLVerificationEngine.java |  18 +-
 18 files changed, 507 insertions(+), 390 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e81b23d41..46cf7dfec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -56,7 +56,10 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
@@ -133,7 +136,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 	public PVP2XProtocol() {
 		super();
 	}
-
+	
 	public IRequest preProcess(HttpServletRequest request,
 			HttpServletResponse response, String action) throws MOAIDException {
 
@@ -154,100 +157,30 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			return null;
 		}
 		try {
-			PVPTargetConfiguration config = new PVPTargetConfiguration();
-
-
-			MOARequest moaRequest = decoder.decodeRequest(request, response);
-			
-			RequestAbstractType samlReq =  moaRequest.getSamlRequest();
 
-			//String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
-			//Logger.info("SAML : " + xml);
+			InboundMessage msg = (InboundMessage) decoder.decode(request, response);
 			
-			if(!moaRequest.isVerified()) {
+			if(!msg.isVerified()) {
 				SAMLVerificationEngine engine = new SAMLVerificationEngine();
-				engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-				moaRequest.setVerified(true);
-			}
-			
-			if(!(samlReq instanceof AuthnRequest)) {
-				throw new MOAIDException("Unsupported request", new Object[] {});
-			}
-						
-			EntityDescriptor metadata = moaRequest.getEntityMetadata();
-			if(metadata == null) {
-				throw new NoMetadataInformationException();
-			}
-			SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-			
-			AuthnRequest authnRequest = (AuthnRequest)samlReq;
-			
-			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-			int assertionidx = 0;
-			
-			if(aIdx != null) {
-				assertionidx = aIdx.intValue();
+				engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+				msg.setVerified(true);
 				
-			} else {				
-				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
 			}
 			
-			aIdx = authnRequest.getAttributeConsumingServiceIndex();
-			int attributeIdx = 0;
-			
-			if(aIdx != null) {
-				attributeIdx = aIdx.intValue();
-			}
-			
-			AssertionConsumerService consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-			
-			AttributeConsumingService attributeConsumer = null;
+			if (msg instanceof MOARequest)
+				return preProcessAuthRequest(request, response, (MOARequest) msg);
 			
-			if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-				attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-			} 
-						
-			String oaURL = moaRequest.getEntityMetadata().getEntityID();
-			String binding = consumerService.getBinding();
-//			String entityID = moaRequest.getEntityMetadata().getEntityID();
-			
-			Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
-			
-			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			
-			config.setOAURL(oaURL);
-			config.setBinding(binding);
-			config.setRequest(moaRequest);
-			config.setConsumerURL(consumerService.getLocation());
-						
-			String useMandate = request.getParameter(PARAM_USEMANDATE);
-			if(useMandate != null) {
-				if(useMandate.equals("true") && attributeConsumer != null) {
-					if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-						throw new MandateAttributesNotHandleAbleException();
-					}
-				}
+			else if (msg instanceof MOAResponse) {
+				return null;
+				
 			}
-
-			//validate AuthnRequest
-			try {
-				AuthnRequestValidator.validate((AuthnRequestImpl) samlReq);
 				
-			} catch (AuthnRequestValidatorException e) {
-				if (generateErrorMessage(e, request, response, config)) {
-					throw new AuthnRequestValidatorException(e.getMessage(), 
-							new Object[] {}, config);
-					
-				} else {
-					throw new MOAIDException(e.getMessage(), new Object[] {});
-	
-				}			
+			
+			else {
+				Logger.error("Receive unsupported PVP21 message");
+				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
-
-			//request.getSession().setAttribute(PARAM_OA, oaURL);
 			
-			return config;
 
 		} catch (PVP2Exception e) {
 			throw e;
@@ -356,4 +289,90 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		return true;
 	}
 
+	private IRequest preProcessAuthRequest(HttpServletRequest request,
+			HttpServletResponse response, MOARequest moaRequest) throws Throwable {
+		
+		RequestAbstractType samlReq =  moaRequest.getSamlRequest();
+
+		if(!(samlReq instanceof AuthnRequest)) {
+			throw new MOAIDException("Unsupported request", new Object[] {});
+		}
+					
+		EntityDescriptor metadata = moaRequest.getEntityMetadata();
+		if(metadata == null) {
+			throw new NoMetadataInformationException();
+		}
+		SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		
+		AuthnRequest authnRequest = (AuthnRequest)samlReq;
+		
+		Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
+		int assertionidx = 0;
+		
+		if(aIdx != null) {
+			assertionidx = aIdx.intValue();
+			
+		} else {				
+			assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
+		}
+		
+		aIdx = authnRequest.getAttributeConsumingServiceIndex();
+		int attributeIdx = 0;
+		
+		if(aIdx != null) {
+			attributeIdx = aIdx.intValue();
+		}
+		
+		AssertionConsumerService consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
+		
+		AttributeConsumingService attributeConsumer = null;
+		
+		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
+				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+		} 
+		
+		
+		
+		PVPTargetConfiguration config = new PVPTargetConfiguration();
+		
+		
+		String oaURL = moaRequest.getEntityMetadata().getEntityID();
+		String binding = consumerService.getBinding();
+		
+		Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
+		
+		oaURL = StringEscapeUtils.escapeHtml(oaURL);
+		
+		config.setOAURL(oaURL);
+		config.setBinding(binding);
+		config.setRequest(moaRequest);
+		config.setConsumerURL(consumerService.getLocation());
+		
+		String useMandate = request.getParameter(PARAM_USEMANDATE);
+		if(useMandate != null) {
+			if(useMandate.equals("true") && attributeConsumer != null) {
+				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+					throw new MandateAttributesNotHandleAbleException();
+				}
+			}
+		}
+
+		//validate AuthnRequest
+		try {
+			AuthnRequestValidator.validate((AuthnRequestImpl) samlReq);
+			
+		} catch (AuthnRequestValidatorException e) {			
+			if (generateErrorMessage(e, request, response, config)) {
+				throw new AuthnRequestValidatorException(e.getMessage(), 
+						new Object[] {}, config);
+				
+			} else {
+				throw new MOAIDException(e.getMessage(), new Object[] {});
+
+			}			
+		}
+
+		return config;
+	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index b3887a444..03b65bc7e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 
 public class PVPTargetConfiguration extends RequestImpl {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 1a2a02037..6801d25d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -43,6 +43,7 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.signature.Signature;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 
@@ -100,19 +101,13 @@ public class ArtifactBinding implements IDecoder, IEncoder {
 		}
 	}
 
-	public MOARequest decodeRequest(HttpServletRequest req,
+	public InboundMessageInterface decode(HttpServletRequest req,
 			HttpServletResponse resp) throws MessageDecodingException,
 			SecurityException {
 
 		return null;
 	}
 
-	public MOAResponse decodeRespone(HttpServletRequest req,
-			HttpServletResponse resp) throws MessageDecodingException,
-			SecurityException {
-
-		return null;
-	}
 
 	public boolean handleDecode(String action, HttpServletRequest req) {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index b64b28de8..108caf047 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -29,15 +29,12 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.xml.security.SecurityException;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
 
 public interface IDecoder {
-	public MOARequest decodeRequest(HttpServletRequest req, 
+	public InboundMessageInterface decode(HttpServletRequest req, 
 			HttpServletResponse resp)
 					throws MessageDecodingException, SecurityException, PVP2Exception;
-	
-	public MOAResponse decodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp)
-					throws MessageDecodingException, SecurityException, PVP2Exception;
-	
+		
 	public boolean handleDecode(String action, HttpServletRequest req);
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
deleted file mode 100644
index 11054fd57..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.io.Serializable;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
-import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest implements Serializable{
-
-	private static final long serialVersionUID = 2395131650841669663L;
-	
-	private Element samlRequest;
-	private boolean verified = false;
-	private String entityID = null;
-	private String relayState = null;
-	
-	public MOARequest(RequestAbstractType request) {
-		samlRequest = request.getDOM();
-	}
-
-	public RequestAbstractType getSamlRequest() {
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
-		
-		try {
-			return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnRequest Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-
-	
-	
-	/**
-	 * @return the relayState
-	 */
-	public String getRelayState() {
-		return relayState;
-	}
-
-	/**
-	 * @param relayState the relayState to set
-	 */
-	public void setRelayState(String relayState) {
-		this.relayState = relayState;
-	}
-
-	public void setSamlRequest(RequestAbstractType request) {
-		this.samlRequest = request.getDOM();
-	}
-
-	public boolean isVerified() {
-		return verified;
-	}
-
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-
-	public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
-		
-		try {
-			return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
-			
-		} catch (MetadataProviderException e) {
-			Logger.warn("No Metadata for EntitiyID " + entityID);
-			throw new NoMetadataInformationException();
-		}			
-	}
-
-	/**
-	 * @return the entitiyID
-	 */
-	public String getEntityID() {
-		return entityID;
-	}
-
-	/**
-	 * @param entitiyID the entitiyID to set
-	 */
-	public void setEntityID(String entitiyID) {
-		this.entityID = entitiyID;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
deleted file mode 100644
index 3d21d95c4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-
-public class MOAResponse {
-	private Response samlResponse;
-	private EntityDescriptor entityMetadata;
-	private boolean verified = false;
-
-	public MOAResponse(Response response) {
-		samlResponse = response;
-	}
-
-	public Response getSamlResponse() {
-		return samlResponse;
-	}
-
-	public void setSamlResponse(Response samlResponse) {
-		this.samlResponse = samlResponse;
-	}
-
-	public boolean isVerified() {
-		return verified;
-	}
-
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-	
-	public EntityDescriptor getEntityMetadata() {
-		return entityMetadata;
-	}
-
-	public void setEntityMetadata(EntityDescriptor entityMetadata) {
-		this.entityMetadata = entityMetadata;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index b190ca24e..a7633952a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -34,6 +34,7 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -48,6 +49,10 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -129,58 +134,51 @@ public class PostBinding implements IDecoder, IEncoder {
 		}
 	}
 
-	public MOARequest decodeRequest(HttpServletRequest req,
+	public InboundMessageInterface decode(HttpServletRequest req,
 			HttpServletResponse resp) throws MessageDecodingException,
 			SecurityException {
 
 		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
 		decode.setURIComparator(new MOAURICompare());
-		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
-		messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
-		decode.decode(messageContext);
-
-		RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-				.getInboundMessage();
+		
+		decode.decode(messageContext);		
 				
-		MOARequest request = new MOARequest(inboundMessage);
-		request.setVerified(false);
+		messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+		
+		InboundMessage msg = null;
 		
+		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);			
+			
+			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+					.getInboundMessage();			
+			msg = new MOARequest(inboundMessage);
+			
+		} else if (messageContext.getInboundMessage() instanceof Response){
+			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+			
+			Response inboundMessage = (Response) messageContext.getInboundMessage();			
+			msg = new MOAResponse(inboundMessage);
+			
+		} else
+			//create empty container if request type is unknown
+			msg = new InboundMessage();
+		
+		msg.setVerified(false);
+		
+		decode.decode(messageContext);
 		if (messageContext.getPeerEntityMetadata() != null)
-			request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
 		
 		else
-			Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue());
+			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
 				
-		request.setRelayState(messageContext.getRelayState());
-		return request;
-
-	}
-
-	public MOAResponse decodeRespone(HttpServletRequest req,
-			HttpServletResponse resp) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
-		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
-		decode.decode(messageContext);
-
-		Response inboundMessage = (Response) messageContext.getInboundMessage();
-
-		MOAResponse moaResponse = new MOAResponse(inboundMessage);
-		moaResponse.setVerified(false);
-		moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
-		return moaResponse;
-
+		msg.setRelayState(messageContext.getRelayState());
+		
+		return msg;
 	}
 
 	public boolean handleDecode(String action, HttpServletRequest req) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index f8eb84c02..9254ec279 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
@@ -51,6 +52,10 @@ import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.X509Credential;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -63,7 +68,32 @@ public class RedirectBinding implements IDecoder, IEncoder {
 	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
 			RequestAbstractType request, String targetLocation, String relayState)
 			throws MessageEncodingException, SecurityException {
-		// TODO: implement
+		
+		try {
+			X509Credential credentials = CredentialProvider
+					.getIDPAssertionSigningCredential();
+
+			Logger.debug("create SAML RedirectBinding response");
+			
+			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+					resp, true);
+			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+			SingleSignOnService service = new SingleSignOnServiceBuilder()
+					.buildObject();
+			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+			service.setLocation(targetLocation);
+			context.setOutboundSAMLMessageSigningCredential(credentials);
+			context.setPeerEntityEndpoint(service);
+			context.setOutboundSAMLMessage(request);
+			context.setOutboundMessageTransport(responseAdapter);
+			context.setRelayState(relayState);
+
+			encoder.encode(context);
+		} catch (CredentialsNotAvailableException e) {
+			e.printStackTrace();
+			throw new SecurityException(e);
+		}
 	}
 
 	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -85,10 +115,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			service.setLocation(targetLocation);
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
 			context.setOutboundSAMLMessage(response);
 			context.setOutboundMessageTransport(responseAdapter);
-
+			context.setRelayState(relayState);
+			
 			encoder.encode(context);
 		} catch (CredentialsNotAvailableException e) {
 			e.printStackTrace();
@@ -96,80 +126,64 @@ public class RedirectBinding implements IDecoder, IEncoder {
 		}
 	}
 
-	public MOARequest decodeRequest(HttpServletRequest req,
+	public InboundMessageInterface decode(HttpServletRequest req,
 			HttpServletResponse resp) throws MessageDecodingException,
 			SecurityException {
 
 		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
 				new BasicParserPool());
 		decode.setURIComparator(new MOAURICompare());
-		BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>();
+		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 		messageContext
 				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
 
+		decode.decode(messageContext);
+		
 		messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
+				
 		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
 				TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
 		SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
-		
-		
 		BasicSecurityPolicy policy = new BasicSecurityPolicy();
 		policy.getPolicyRules().add(signatureRule);
-		policy.getPolicyRules().add(signedRole);
-		
+		policy.getPolicyRules().add(signedRole);		
 		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);
-		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+				policy);		
 		messageContext.setSecurityPolicyResolver(resolver);
 		
-		decode.decode(messageContext);
-
-		signatureRule.evaluate(messageContext);
-
-		RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-				.getInboundMessage();
-		MOARequest request = new MOARequest(inboundMessage);
-		request.setVerified(true);
-		request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		return request;
-	}
-
-	public MOAResponse decodeRespone(HttpServletRequest req,
-			HttpServletResponse resp) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
-				new BasicParserPool());
-		BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
-		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
-				TrustEngineFactory.getSignatureKnownKeysTrustEngine());
-
-		// signatureRule.evaluate(messageContext);
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(signatureRule);
-		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);
-		messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		messageContext.setSecurityPolicyResolver(resolver);
-		MOAMetadataProvider provider = null;
-
-		provider = MOAMetadataProvider.getInstance();
+		InboundMessage msg = null;
+		
+		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {
+			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+			
+			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
+					.getInboundMessage();			
+			msg = new MOARequest(inboundMessage);
+			
+			
+		} else if (messageContext.getInboundMessage() instanceof Response){
+			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+			
+			Response inboundMessage = (Response) messageContext.getInboundMessage();			
+			msg = new MOAResponse(inboundMessage);
+			
+		} else 
+			//create empty container if request type is unknown
+			msg = new InboundMessage();
 
-		messageContext.setMetadataProvider(provider);
+		signatureRule.evaluate(messageContext);		
+		msg.setVerified(true);
 
 		decode.decode(messageContext);
-
-		Response inboundMessage = (Response) messageContext.getInboundMessage();
-
-		MOAResponse moaResponse = new MOAResponse(inboundMessage);
-		moaResponse.setVerified(true);
-		moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata());
-		return moaResponse;
+		if (messageContext.getPeerEntityMetadata() != null)
+			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+		
+		else
+			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
+		
+		msg.setRelayState(messageContext.getRelayState());
+		
+		return msg;
 	}
 
 	public boolean handleDecode(String action, HttpServletRequest req) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index d2a4d4f60..ec24a2a0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -42,12 +42,14 @@ import org.opensaml.xml.security.credential.Credential;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 
 public class SoapBinding implements IDecoder, IEncoder {
 
-	public MOARequest decodeRequest(HttpServletRequest req,
+	public InboundMessageInterface decode(HttpServletRequest req,
 			HttpServletResponse resp) throws MessageDecodingException,
 			SecurityException, PVP2Exception {
 		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder();
@@ -66,12 +68,6 @@ public class SoapBinding implements IDecoder, IEncoder {
 		return request;
 	}
 
-	public MOAResponse decodeRespone(HttpServletRequest req,
-			HttpServletResponse resp) throws MessageDecodingException,
-			SecurityException, PVP2Exception {
-		throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response");
-	}
-
 	public boolean handleDecode(String action, HttpServletRequest req) {
 		return (action.equals(PVP2XProtocol.SOAP));
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
new file mode 100644
index 000000000..332caf967
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import java.io.Serializable;
+
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InboundMessage implements InboundMessageInterface, Serializable{
+
+	private static final long serialVersionUID = 2395131650841669663L;
+	
+	private Element samlMessage = null;
+	private boolean verified = false;
+	private String entityID = null;
+	private String relayState = null;
+	
+	
+	public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
+		
+		try {
+			return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+			
+		} catch (MetadataProviderException e) {
+			Logger.warn("No Metadata for EntitiyID " + entityID);
+			throw new NoMetadataInformationException();
+		}			
+	}
+	
+	/**
+	 * @param entitiyID the entitiyID to set
+	 */
+	public void setEntityID(String entitiyID) {
+		this.entityID = entitiyID;
+	}
+	
+	public void setVerified(boolean verified) {
+		this.verified = verified;
+	}
+		
+	/**
+	 * @param relayState the relayState to set
+	 */
+	public void setRelayState(String relayState) {
+		this.relayState = relayState;
+	}
+	
+	public void setSAMLMessage(Element msg) {
+		this.samlMessage = msg;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
+	 */
+	@Override
+	public String getRelayState() {
+		return relayState;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
+	 */
+	@Override
+	public String getEntityID() {
+		return entityID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
+	 */
+	@Override
+	public boolean isVerified() {
+		return verified;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
+	 */
+	@Override
+	public Element getInboundMessage() {
+		return samlMessage;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
new file mode 100644
index 000000000..60a6f069a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface InboundMessageInterface {
+	
+	public String getRelayState();
+	public String getEntityID();
+	public boolean isVerified();
+	public Element getInboundMessage();
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
new file mode 100644
index 000000000..75442ebb6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
@@ -0,0 +1,58 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOARequest extends InboundMessage{
+	
+	private static final long serialVersionUID = 8613921176727607896L;
+
+	public MOARequest(RequestAbstractType inboundMessage) {
+		setSAMLMessage(inboundMessage.getDOM());	
+		
+	}
+	
+	public RequestAbstractType getSamlRequest() {
+		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+		
+		try {
+			return (RequestAbstractType) unmashaller.unmarshall(getInboundMessage());
+			
+		} catch (UnmarshallingException e) {
+			Logger.warn("AuthnRequest Unmarshaller error", e);
+			return null;
+		}
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
new file mode 100644
index 000000000..870273cf3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
@@ -0,0 +1,56 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MOAResponse extends InboundMessage {
+		
+	private static final long serialVersionUID = -1133012928130138501L;
+
+	public MOAResponse(Response response) {
+		setSAMLMessage(response.getDOM());
+	}
+
+	public Response getResponse() {		
+		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
+		
+		try {
+			return (Response) unmashaller.unmarshall(getInboundMessage());
+			
+		} catch (UnmarshallingException e) {
+			Logger.warn("AuthnResponse Unmarshaller error", e);
+			return null;
+		}
+		
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index f5fc01b2c..210cb6be8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 0e4cd679b..92c2cd585 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -64,7 +64,7 @@ import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 6c4f460f1..9356eb6ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 
 public interface IRequestHandler {
 	public boolean handleObject(MOARequest obj);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index 264802f09..59353b9ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -32,7 +32,7 @@ import javax.servlet.http.HttpServletResponse;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
 
 public class RequestManager {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index ac222ee54..e4ae01066 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.security.MetadataCriteria;
 import org.opensaml.security.SAMLSignatureProfileValidator;
@@ -35,8 +36,23 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 import org.opensaml.xml.validation.ValidationException;
 
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+
 public class SAMLVerificationEngine {
 
+	
+	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
+		if (msg instanceof MOARequest)
+			verifyRequest(((MOARequest)msg).getSamlRequest(), sigTrustEngine);
+		
+		else
+			verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+		
+	}
+	
+	
 	public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
 		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
 		try {
@@ -48,7 +64,7 @@ public class SAMLVerificationEngine {
 
 		CriteriaSet criteriaSet = new CriteriaSet();
 		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+		criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
 		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
 
 		try {
-- 
cgit v1.2.3