From 8d0c3d8aa27084b4c1e195cf06601d0d920d176f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 7 Mar 2014 11:45:58 +0100
Subject: if an error occurs remove MOASession

---
 .../gv/egovernment/moa/id/entrypoints/DispatcherServlet.java |  4 ++++
 .../gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 12 +++++++-----
 .../pvp2x/builder/assertion/PVP2AssertionBuilder.java        |  2 +-
 .../protocols/pvp2x/requestHandler/AuthnRequestHandler.java  |  7 ++++++-
 4 files changed, 18 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index d58b7b267..31c6f43c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -157,6 +157,10 @@ public class DispatcherServlet extends AuthServlet{
 										StatisticLogger logger = StatisticLogger.getInstance();
 										logger.logErrorOperation(throwable, errorRequest);
 										
+										//remove MOASession
+										AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID);
+										AuthenticationManager.getInstance().logout(req, resp, moaSession.getSessionID());
+										
 										return;
 									}
 								}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 804688de5..1d85f29bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -278,23 +278,23 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
 		if(e instanceof NoPassivAuthenticationException) {
 			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
-			statusMessage.setMessage(e.getLocalizedMessage());	
+			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));	
 			
 		} else if (e instanceof NameIDFormatNotSupportedException) {
 			statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
-			statusMessage.setMessage(e.getLocalizedMessage());
+			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
 			
 		} else if(e instanceof PVP2Exception) {
 			PVP2Exception ex = (PVP2Exception) e;
 			statusCode.setValue(ex.getStatusCodeValue());
 			String statusMessageValue = ex.getStatusMessageValue();
 			if(statusMessageValue != null) {
-				statusMessage.setMessage(statusMessageValue);
+				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
 			}
 			
 		} else {
 			statusCode.setValue(StatusCode.RESPONDER_URI);
-			statusMessage.setMessage(e.getLocalizedMessage());
+			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
 		}
 		
 		status.setStatusCode(statusCode);
@@ -302,7 +302,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			status.setStatusMessage(statusMessage);
 		}
 		samlResponse.setStatus(status);
-		
+		String remoteSessionID = SAML2Utils.getSecureIdentifier();
+		samlResponse.setID(remoteSessionID);
+				
 		IEncoder encoder = null;
 		
 		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 7f5e2420e..51f3cf4a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -324,7 +324,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 					} else if (NameID.TRANSIENT.equals(el.getFormat()) ||
 							NameID.UNSPECIFIED.equals(el.getFormat()))
 						break;
-										
+					
 				}				
 			}
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 229158778..4d143058b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -102,6 +102,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		authResponse.setIssuer(nissuer);
 		authResponse.setInResponseTo(authnRequest.getID());
 
+		//set responseID
+		String remoteSessionID = SAML2Utils.getSecureIdentifier();
+		authResponse.setID(remoteSessionID);
+		
 		
 		//SAML2 response required IssueInstant
 		authResponse.setIssueInstant(date);
@@ -150,7 +154,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			
 		}
 	
-		if (encryptionCredentials != null) {
+		//TODO: insert!!!!!!
+		if (encryptionCredentials != null && false) {
 			//encrypt SAML2 assertion
 				
 			try {
-- 
cgit v1.2.3