From 6b6c98ae7af48c15e86b189e0db9e39bc1d14edb Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Thu, 5 Mar 2015 12:31:17 +0100
Subject: null safe assignment

---
 .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index fd7c7f237..c638c6324 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
@@ -1729,7 +1730,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			boolean globallyMandatory = false;
 			for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
 				if (current.getName().equals(currentGlobalAttribute.getName())) {
-					globallyMandatory = currentGlobalAttribute.isMandatory();
+					globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.isMandatory());
 					break;
 				}
 
-- 
cgit v1.2.3


From 8d60f92b63ae39c6e9d308938004f77c29078215 Mon Sep 17 00:00:00 2001
From: Alexander Marsalek <amarsalek@iaik.tugraz.at>
Date: Tue, 17 Mar 2015 08:44:18 +0100
Subject: Added mapping AT => Other Countries, request from Thomas K.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

> ·         „Other Countries“ (dabei handelt es sich um den
> Österreichischen Fall, bei dem MOCCA die Signatur mit ausländischen
> Karten durchführt)
---
 .../src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index db8b4dd80..5223a181d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -149,7 +149,9 @@ public interface MOAIDAuthConstants {
 			Collections.unmodifiableMap(new HashMap<String, String>() {
 				private static final long serialVersionUID = 1L;
 				{
+					put("AT", "Other Countries");//"Workaround for PEPS Simulator"
 					put("BE", "Belgi&euml;/Belgique");
+					//put("CH", "Schweiz");
 					put("EE", "Eesti");
 					put("ES", "Espa&ntilde;a");
 					put("FI", "Suomi");
-- 
cgit v1.2.3


From e98bdf2b39ecb9100e64c8077752ed7c4ed883b3 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 24 Mar 2015 12:18:49 +0100
Subject: escaped attribute values for saml1 responses

---
 .../gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java   | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index ea1526ff0..3809ec4bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -39,6 +39,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
 import javax.xml.transform.stream.StreamSource;
 
 import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -286,6 +287,12 @@ public class STORKResponseProcessor {
 			Object attributeValue = attribute.getValue();
 			if (null == attributeValue)
 				attributeValue = attribute.getComplexValue();
+
+			// escape attributeValue
+			attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+			// and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+			attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+
 			ExtendedSAMLAttribute extendedSAMLAttribute = 
 				new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
 			moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
-- 
cgit v1.2.3


From e1c2c42aabf3b1207547dd40b91dc93921303c4a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 7 Apr 2015 10:19:21 +0200
Subject: add configuration property to deactivate PVP metadata schema
 validation

---
 .../data/deploy/conf/moa-id-configuration/moa-id-configtool.properties  | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'id/server')

diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index 7c71fadcb..b10913d69 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
@@ -15,6 +15,8 @@ general.ssl.truststore=certs/truststore
 
 general.moaconfig.key=ConfigurationEncryptionKey
 
+general.pvp.schemavalidation=true
+
 ##Mail
 general.mail.host=smtp.localhost...
 #general.mail.host.port=
-- 
cgit v1.2.3


From 8400b9d9734f45d53ac722e85e04c599fdccfe0d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 9 Apr 2015 12:41:11 +0200
Subject: fix wrong PVP attribute friendly names

---
 .../java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 1f3e86ff6..168f2362a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -237,12 +237,12 @@ public interface PVPConstants {
 	
 	public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
 	public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
-	public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID";
+	public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID";
 	public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
 	
 	public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
 	public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
-	public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION";
+	public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION";
 	public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
 	
 	public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
-- 
cgit v1.2.3


From a6189a32a78d2b3ed096356f6b7e0049c8870b21 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 14 Apr 2015 16:59:25 +0200
Subject: update error handling in PVP metadata verification filter
 implemetations

---
 .../filter/SchemaValidationException.java          | 43 ++++++++++++++++
 .../filter/SignatureValidationException.java       | 58 ++++++++++++++++++++++
 .../pvp2x/metadata/MOAMetadataProvider.java        | 14 +++++-
 .../metadata/MetadataSignatureFilter.java          |  5 +-
 .../metadata/SchemaValidationFilter.java           |  7 ++-
 5 files changed, 119 insertions(+), 8 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
new file mode 100644
index 000000000..8da5edeed
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationException extends FilterException {
+
+	/**
+	 * @param string
+	 */
+	public SchemaValidationException(String string) {
+		super(string);
+		
+	}
+
+	private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
new file mode 100644
index 000000000..86a6a777b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureValidationException extends FilterException {
+
+	/**
+	 * @param string
+	 */
+	public SignatureValidationException(String string) {
+		super(string);
+		
+	}
+
+	/**
+	 * @param e
+	 */
+	public SignatureValidationException(Exception e) {
+		super(e);
+	}
+
+	/**
+	 * @param string
+	 * @param object
+	 */
+	public SignatureValidationException(String string, Exception e) {
+		super(string, e);
+	}
+
+	private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 12afa14bc..d493ef9e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -55,6 +55,8 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -380,10 +382,18 @@ public class MOAMetadataProvider implements MetadataProvider {
 			
 			return httpProvider;
 						
-		} catch (Throwable e) {
+		} catch (Throwable e) {			
 			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
 				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);				
+						+ metadataURL + " not trusted.", e);
+				
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+				Logger.warn("Signature verification for metadata" 
+						+ metadataURL + " FAILED.", e);
+			
+			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+				Logger.warn("Schema validation for metadata " 
+						+ metadataURL + " FAILED.", e);								
 			}
 			
 			Logger.error(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 0405fa114..6dac4bba1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -126,7 +127,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
 		desc.getEntityDescriptors().addAll(verifiedEntIT);
 	}
 	
-	public void doFilter(XMLObject metadata) throws FilterException {
+	public void doFilter(XMLObject metadata) throws SignatureValidationException {
 		try {
 			if (metadata instanceof EntitiesDescriptor) {
 				EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
@@ -155,7 +156,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
 			Logger.info("Metadata signature policy check done OK");
 		} catch (MOAIDException e) {
 			Logger.warn("Metadata signature policy check FAILED.", e);
-			throw new FilterException(e);
+			throw new SignatureValidationException(e);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
index 382adb108..f73b541bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -22,8 +22,6 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
-import java.io.IOException;
-
 import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
@@ -38,6 +36,7 @@ import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -69,7 +68,7 @@ public class SchemaValidationFilter implements MetadataFilter {
 	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
 	 */
 	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
+	public void doFilter(XMLObject arg0) throws SchemaValidationException {
 		
 		String errString = null;
 		
@@ -100,7 +99,7 @@ public class SchemaValidationFilter implements MetadataFilter {
 				
 			}
 			
-			throw new FilterException("Metadata Schema validation FAILED with message: "+ errString);
+			throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
 			
 		} else		
 			Logger.info("Metadata Schema validation check is DEACTIVATED!");
-- 
cgit v1.2.3


From 945c4d28535724f0a54d220f9eb0ebd25b8227c4 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 14 Apr 2015 13:58:27 +0200
Subject: respect multi-part stork responses

---
 ...onnectorHandleResponseWithoutSignatureTask.java | 18 +++++++++++------
 .../modules/stork/tasks/PepsConnectorTask.java     | 23 ++++++++++++++--------
 2 files changed, 27 insertions(+), 14 deletions(-)

(limited to 'id/server')

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 3338804b4..e2c3880ac 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -136,7 +136,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			try {
 				// validate SAML Token
 				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
 				Logger.info("SAML response succesfully verified!");
 			} catch (STORKSAMLEngineException e) {
 				Logger.error("Failed to verify STORK SAML Response", e);
@@ -211,10 +211,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 
 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 
-			// //////////// incorporate gender from parameters if not in stork response
 
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+			// first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+			// with ALL attributes when there is more than one assertion in the SAML2 STORK message.  
+			IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+			// if the list is empty, there was just one assertion... probably
+			if(attributeList.isEmpty())
+				attributeList = authnResponse.getPersonalAttributeList();
 
+			// //////////// incorporate gender from parameters if not in stork response
 			// but first, check if we have a representation case
 			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
 					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
@@ -233,7 +239,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 						tmp.add(gendervalue);
 						gender.setValue(tmp);
 
-						authnResponse.getPersonalAttributeList().add(gender);
+						attributeList.add(gender);
 					}
 				}
 			}
@@ -246,7 +252,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			// extract signed doc element and citizen signature
 			String citizenSignature = null;
 			try {
-				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+				PersonalAttribute signedDoc = attributeList.get("signedDoc");
 				String signatureInfo = null;
 				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
 				if (signedDoc != null) {
@@ -259,7 +265,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 					// store authnResponse
 
 					// moaSession.setAuthnResponse(authnResponse);//not serializable
-					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+					moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
 
 					String authnContextClassRef = null;
 					try {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 6e0bd19ff..9df0ff37b 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -162,7 +162,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			try {
 				// validate SAML Token
 				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
 				Logger.info("SAML response succesfully verified!");
 			} catch (STORKSAMLEngineException e) {
 				Logger.error("Failed to verify STORK SAML Response", e);
@@ -297,9 +297,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			
 			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
 
-			// //////////// incorporate gender from parameters if not in stork response
 
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+			// first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+			// with ALL attributes when there is more than one assertion in the SAML2 STORK message.  
+			IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+			// if the list is empty, there was just one assertion... probably
+			if(attributeList.isEmpty())
+				attributeList = authnResponse.getPersonalAttributeList();
+
+			// //////////// incorporate gender from parameters if not in stork response
 
 			// but first, check if we have a representation case
 			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
@@ -320,7 +327,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 						tmp.add(gendervalue);
 						gender.setValue(tmp);
 
-						authnResponse.getPersonalAttributeList().add(gender);
+						attributeList.add(gender);
 					}
 				}
 			}
@@ -336,15 +343,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			// extract signed doc element and citizen signature
 			try {
 
-				if (authnResponse.getPersonalAttributeList().get("signedDoc") == null 
-						|| authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null
-						|| authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) {
+				if (attributeList.get("signedDoc") == null 
+						|| attributeList.get("signedDoc").getValue() == null
+						|| attributeList.get("signedDoc").getValue().get(0) == null) {
 					Logger.info("STORK Response include NO signedDoc attribute!");
 					throw new STORKException("STORK Response include NO signedDoc attribute.");
 					
 				}
 				
-				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+				String signatureInfo = attributeList.get("signedDoc").getValue().get(0);
 					
 									
 				Logger.debug("signatureInfo:" + signatureInfo);
-- 
cgit v1.2.3


From bd491504c9b77941cdc9a210856142472473d610 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:19:59 +0200
Subject: update TrustStore and CertStore with A-Trust-Test-xxx-05 certificates

---
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 ...remium-Enc-05.20141215-20141209.SerNo165fb7.crt | 36 ++++++++++++++++++++++
 ...remium-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++++++++++++++++
 3 files changed, 108 insertions(+)
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
 create mode 100644 id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt

(limited to 'id/server')

diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
new file mode 100644
index 000000000..9ea6d0c1c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri
+jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq
+/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss
+6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL
+7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr
+23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z
+/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww
+tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B
+kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0
+ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV
+Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV
+KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO
+GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu
+L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b
+GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K
+nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a
+0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex
+htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB
+j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS
+/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV
++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV
+sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42
+cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS
+UBU+/OTtSQGrLe+kMKP6uBO/cMhv
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
-- 
cgit v1.2.3


From d28e5b6e0d0793558f3328c5a420c17bdd606104 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:48:50 +0200
Subject: update library versions

---
 id/server/idserverlib/pom.xml        | 12 ++++++++++--
 id/server/moa-id-commons/pom.xml     |  9 ++++-----
 id/server/stork2-commons/pom.xml     |  3 +--
 id/server/stork2-saml-engine/pom.xml |  5 -----
 4 files changed, 15 insertions(+), 14 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index dbfc19b68..9465b56d1 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -113,8 +113,6 @@
 		   <dependency>
             <groupId>at.gv.util</groupId>
             <artifactId>egovutils</artifactId>
-            <!-- <version>1.0.7</version> -->
-            <version>2.0.0</version>
             <exclusions>
                 <exclusion>
                     <groupId>com.sun</groupId>
@@ -142,6 +140,16 @@
                 </exclusion>
             </exclusions>
         </dependency>
+				
+		  <dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-frontend-jaxws</artifactId>
+    	</dependency>
+    	<dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-transports-http</artifactId>
+    	</dependency>
+		
 		
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index c504a7f0c..27beeaaf3 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -46,23 +46,22 @@
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-core</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-c3p0</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-entitymanager</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.3.2</version>
         </dependency>
 				<dependency>
 					<groupId>commons-httpclient</groupId>
@@ -122,7 +121,7 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <version>5.1.34</version>
+            <version>${mysql-connector.java}</version>
         </dependency>
     </dependencies>
 
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index 81f2cf4e5..1a8dfd786 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -34,7 +34,7 @@
 		<dependency>
 			<groupId>joda-time</groupId>
 			<artifactId>joda-time</artifactId>
-			<version>2.3</version>
+			<version>${jodatime.version}</version>
 		</dependency>
 
 		<!-- Log4J -->
@@ -113,7 +113,6 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index e5d3dc1f4..36df747e4 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -96,7 +96,6 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -106,7 +105,6 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jcl-over-slf4j</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -116,13 +114,11 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jul-to-slf4j</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.4</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
@@ -133,7 +129,6 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
-- 
cgit v1.2.3


From f573c30e5b7e3f029baf96a287f7f14fdeb19012 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:49:58 +0200
Subject: update pom

---
 id/server/pom.xml | 4 ----
 1 file changed, 4 deletions(-)

(limited to 'id/server')

diff --git a/id/server/pom.xml b/id/server/pom.xml
index 9d34cce78..2341552cc 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -14,10 +14,6 @@
     <name>MOA ID Server</name>
 
 	<properties>
-		<junit.version>4.11</junit.version>
-		<org.apache.commons.io.version>2.4</org.apache.commons.io.version>
-		<org.apache.commons.lang3.version>3.3.2</org.apache.commons.lang3.version>
-		<org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
 		<repositoryPath>${basedir}/../../repository</repositoryPath>
 	</properties>
 
-- 
cgit v1.2.3


From 72903418d83b984c8d2c9bb0b55d7cde0f19227a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:50:41 +0200
Subject: update handbook and history add readme_2.2.1.txt

---
 id/server/doc/handbook/config/config.html | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'id/server')

diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index f5292f76a..18be88951 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -227,6 +227,12 @@
     <td><p>Passwort zum Verschl&uuml;sseln von Konfigurationsteilen welche in der Datenbank abgelegt werden. Hierbei kann jede beliebige Zeichenfolge aus Buchstaben, Zahlen und Sonderzeichen verwendet werden.</p>
     <p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im <a href="#basisconfig_moa_id_auth_param_general">Modul MOA-ID-Auth</a> hinterlegten Passwort sein.</p></td>
   </tr>
+  <tr>
+    <td>general.pvp.schemavalidation</td>
+    <td>true / false</td>
+    <td><p>Hiermit kann die Schemavalidierung f&uuml;r konfigurierte PVP Metadaten deaktiviert werden.</p>
+      <strong>Hinweis:</strong> Standardm&auml;&szlig;ig ist die Schemavalidierung aktiv.</td>
+  </tr>
   <tr>
     <td>general.userrequests.cleanup.delay</td>
     <td>18</td>
-- 
cgit v1.2.3


From 9a41161d236612bc0c53e91473c21e94de2da5a8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 17 Apr 2015 11:12:27 +0200
Subject: update version to 2.2.1

---
 id/server/doc/handbook/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server')

diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index 1f71d56e2..497120fec 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -29,7 +29,7 @@
   </div>
 
 <div class="container">
-  <h2>&Uuml;bersicht zur Dokumentation der Version 2.1.2 </h2>
+  <h2>&Uuml;bersicht zur Dokumentation der Version 2.2.1 </h2>
   
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
-- 
cgit v1.2.3


From e449a5704e520ca00cbb0451e78f69c5bbd0144c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 20 Apr 2015 13:45:24 +0200
Subject: first fix to solve problems with errorhandling and process managment

---
 .../id/auth/modules/TaskExecutionException.java    | 57 ++++++++++++++++++++++
 .../internal/tasks/CertificateReadRequestTask.java | 18 ++++---
 .../internal/tasks/CreateIdentityLinkFormTask.java | 15 +++---
 .../modules/internal/tasks/GetForeignIDTask.java   | 11 +++--
 .../internal/tasks/GetMISSessionIDTask.java        | 14 +++---
 .../tasks/PrepareAuthBlockSignatureTask.java       |  6 ++-
 .../tasks/VerifyAuthenticationBlockTask.java       | 20 +++++---
 .../internal/tasks/VerifyCertificateTask.java      | 21 ++++----
 .../internal/tasks/VerifyIdentityLinkTask.java     | 14 +++---
 .../moa/id/auth/servlet/AuthServlet.java           | 45 ++++++++++-------
 .../auth/servlet/ProcessEngineSignalServlet.java   |  7 ++-
 .../moa/id/process/ProcessEngineImpl.java          |  1 +
 .../at/gv/egovernment/moa/id/process/api/Task.java |  4 +-
 .../moa/id/process/springweb/MoaIdTask.java        |  5 +-
 .../spring/test/task/CreateSAML1AssertionTask.java |  7 ++-
 .../spring/test/task/GetIdentityLinkTask.java      |  6 ++-
 .../spring/test/task/SignAuthBlockTask.java        |  7 ++-
 .../test/task/ValidateSignedAuthBlockTask.java     |  3 +-
 18 files changed, 181 insertions(+), 80 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
new file mode 100644
index 000000000..3e9f4cf14
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TaskExecutionException extends ProcessExecutionException {
+
+	private static final long serialVersionUID = 1L;
+	Throwable originalException = null;
+	
+	/**
+	 * @param message
+	 * @param cause
+	 */
+	public TaskExecutionException(String message, Throwable cause) {
+		super(message, cause);
+		originalException = cause;
+		
+	}
+
+	/**
+	 * Get the original internal exception from task
+	 * 
+	 * @return the originalException
+	 */
+	public Throwable getOriginalException() {
+		return originalException;
+	}
+	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index bc73a9f2f..ed3089a41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -2,6 +2,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
 import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
 
+import java.io.IOException;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -16,6 +18,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -47,15 +50,12 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
 		Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
 
-		setNoCachingHeaders(resp);
-
-		String pendingRequestID = null;
-		
+		setNoCachingHeaders(resp);		
 		try {
 		
 			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
@@ -65,8 +65,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
 			}
 
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
 			boolean useMandate = session.getUseMandate();
@@ -91,7 +89,11 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 					AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
 		
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
+					
+		} catch (IOException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
 		} finally {
 			ConfigurationDBUtils.closeSession();
 		}		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index 4cd1ea94e..ee6f0d5a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -60,9 +61,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
-		String pendingRequestID = null;
 		String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
 		AuthenticationSession moasession = null;
 		try {
@@ -72,9 +72,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.18", new Object[] {});
 			}
 			
-			try {
-			
-				pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+			try {			
 				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 				AuthenticationSessionStoreage.changeSessionID(moasession);
 				executionContext.remove(PARAM_SESSIONID);
@@ -100,14 +98,17 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			}
 			
 		} catch (WrongParametersException ex) {
-			handleWrongParameters(ex, req, resp);
+//			handleWrongParameters(ex, req, resp);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 		}
 
 		catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+//			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (Exception e) {
 			Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 4771628a3..6bf68e2eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -24,6 +24,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -66,7 +67,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		Logger.debug("POST GetForeignIDServlet");
 
@@ -76,9 +77,10 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 
 		try {
 			parameters = getParameters(req);
-		} catch (FileUploadException e) {
+			
+		} catch (FileUploadException | IOException e) {
 			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-			throw new IOException(e.getMessage());
+			throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
 		}
 		
 		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
@@ -170,10 +172,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 			}
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (Exception e) {
 			Logger.error("GetForeignIDServlet has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index f08f96782..4ff5672bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -21,6 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -62,7 +63,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 		
 		Logger.debug("POST GetMISSessionIDServlet");
 
@@ -154,22 +155,23 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			Logger.debug("REDIRECT TO: " + redirectURL);
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 			
 		} catch (GeneralSecurityException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 			
 		} catch (PKIException e) {
-			handleError(null, e, req, resp, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 			
 		} catch (SAXException e) {
-			handleError(null, e, req, resp, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 			
 		} catch (ParserConfigurationException e) {
-			handleError(null, e, req, resp, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 			
 	    } catch (Exception e) {
 	    	Logger.error("MISMandateValidation has an interal Error.", e);
+	    	throw new TaskExecutionException(e.getMessage(), e);
 	       
 	    }
 	    finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index dcea3a1dd..3ae35bc24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -12,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -45,7 +46,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
 
 		Logger.debug("Process IdentityLink");
@@ -88,10 +89,11 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 					"VerifyIdentityLink");
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (Exception e) {
 			Logger.error("IdentityLinkValidation has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 		}
 
 		finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 1e1a4df89..64dcb0f41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -77,7 +78,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
 		
@@ -89,12 +90,13 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 	    try 
 	    {
 	      parameters = getParameters(req);
-	    } catch (FileUploadException e) 
+	      
+	    } catch (FileUploadException | IOException e) 
 	    {
 	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	      
+	      throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
 	    }
+	      
 			String sessionID = req.getParameter(PARAM_SESSIONID);
 			String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
 
@@ -219,19 +221,21 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 			}
 	    
 			catch (MOAIDException ex) {
-				handleError(null, ex, req, resp, pendingRequestID);
+				throw new TaskExecutionException(ex.getMessage(), ex);
 				
 			} catch (GeneralSecurityException e) {
-				handleError(null, e, req, resp, pendingRequestID);
+				throw new TaskExecutionException(e.getMessage(), e);
 				
 			} catch (PKIException e) {
-				handleError(null, e, req, resp, pendingRequestID);
+				throw new TaskExecutionException(e.getMessage(), e);
 				
 			} catch (TransformerException e) {
-				handleError(null, e, req, resp, pendingRequestID);
+				throw new TaskExecutionException(e.getMessage(), e);
 				
 		    } catch (Exception e) {
 		    	Logger.error("AuthBlockValidation has an interal Error.", e);
+		    	throw new TaskExecutionException(e.getMessage(), e);
+		    	
 		    }
 		       
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 32ea7fe3a..607641532 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -57,30 +58,26 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
 
 		Logger.debug("POST VerifyCertificateServlet");
-		
-		String pendingRequestID = null;
-		
+				
 		Map<String, String> parameters;
 	    try 
 	    {
 	      parameters = getParameters(req);
-	    } catch (FileUploadException e) 
+	    } catch (FileUploadException | IOException e) 
 	    {
 	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	     	}
+	      throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+	     }
 	    String sessionID = req.getParameter(PARAM_SESSIONID);
 	    
 	    // escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
-		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-		
+				
 	    AuthenticationSession session = null;
 	    try {
 	       // check parameter
@@ -148,10 +145,12 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    	}	    		    	 
 	    }
 	    catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp, pendingRequestID);
+	    	throw new TaskExecutionException(ex.getMessage(), ex);
 	      
 	    } catch (Exception e) {
 	    	Logger.error("CertificateValidation has an interal Error.", e);
+	    	throw new TaskExecutionException(e.getMessage(), e);
+	    	
 	    }
 	       
 	    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index bf10b3681..44557453a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -16,6 +16,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -50,7 +51,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
 
@@ -59,13 +60,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		setNoCachingHeaders(resp);
 		
 		Map<String, String> parameters;
-		String pendingRequestID = null;
 
 		try {
 			parameters = getParameters(req);
 		} catch (Exception e) {
 			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-			throw new IOException(e.getMessage());
+			throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
 		}
 		
 		try {
@@ -75,8 +75,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
 				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
 			}
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
 			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
@@ -85,13 +83,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			executionContext.put("identityLinkAvailable", identityLinkAvailable);
 
 		} catch (ParseException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (Exception e) {
 			Logger.error("IdentityLinkValidation has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
 		}
 
 		finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 331a7653a..c4c4b2691 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -77,9 +77,11 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
 import at.gv.egovernment.moa.id.storage.IExceptionStore;
 import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -185,29 +187,36 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 	protected void handleError(String errorMessage, Throwable exceptionThrown,
 			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
 
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
+		Throwable loggedException = null;
+		
+		if (exceptionThrown != null 
+				&& exceptionThrown instanceof ProcessExecutionException) {
+			ProcessExecutionException procExc = 
+					(ProcessExecutionException) exceptionThrown;
+			if (procExc.getCause() != null && 
+					procExc.getCause() instanceof TaskExecutionException) {
+				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+				loggedException = taskExc.getOriginalException();	
+				if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+					Logger.error(exceptionThrown.getMessage(), exceptionThrown);
+					
+				} else
+					Logger.error(exceptionThrown.getMessage());
+								
+			}			
 		}
+		
+		if (loggedException == null)
+			loggedException = exceptionThrown;
+		
 
-		if (!(exceptionThrown instanceof MOAIDException)) {
-			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+		if (!(loggedException instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
 			
 		}
 		
 		IExceptionStore store = DBExceptionStoreImpl.getStore();
-		String id = store.storeException(exceptionThrown);
+		String id = store.storeException(loggedException);
 
 		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
 		
@@ -228,7 +237,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 		} else {
 			
 			//Exception can not be stored in database
-			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+			handleErrorNoRedirect(errorMessage, loggedException, req, resp);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index d670cbe8a..43b6c03d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 
 /**
@@ -54,7 +55,8 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
 
-		setNoCachingHeaders(resp);
+		setNoCachingHeaders(resp);		
+		String pendingRequestID = null;
 		try {
 			
 			if (sessionID == null) {
@@ -62,6 +64,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 			}
 
 			// retrieve moa session
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
 			// process instance is mandatory
@@ -73,7 +76,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 			getProcessEngine().signal(session.getProcessInstanceId());
 
 		} catch (Exception ex) {
-			handleError(null, ex, req, resp, null);
+			handleError(null, ex, req, resp, pendingRequestID);
 		} finally {
 			MOASessionDBUtils.closeSession();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 0ffa22ec3..096e5ee9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -13,6 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
index 6401b1d5d..343b8fe0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.process.api;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+
 
 /**
  * Represents a single task to be performed upon process execution.
@@ -16,6 +18,6 @@ public interface Task {
 	 *            Provides execution related information.
 	 * @throws Exception An exception upon task execution.
 	 */
-	void execute(ExecutionContext executionContext) throws Exception;
+	void execute(ExecutionContext executionContext) throws TaskExecutionException;
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
index bae6391ec..fb75fc8d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
@@ -8,6 +8,7 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.filter.RequestContextFilter;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
@@ -52,10 +53,10 @@ public abstract class MoaIdTask implements Task {
 	 *             Thrown in case of error executing the task.
 	 */
 	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws Exception;
+			HttpServletResponse response) throws TaskExecutionException;
 
 	@Override
-	public void execute(ExecutionContext executionContext) throws Exception {
+	public void execute(ExecutionContext executionContext) throws TaskExecutionException {
 		RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
 		if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
 			HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
index 7e56071bd..ebda3c5c3 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.process.spring.test.task;
 
+import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.Charset;
 import java.util.Objects;
@@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
@@ -37,7 +39,7 @@ public class CreateSAML1AssertionTask implements Task {
 	private Logger log = LoggerFactory.getLogger(getClass());
 
 	@Override
-	public void execute(ExecutionContext executionContext) throws Exception {
+	public void execute(ExecutionContext executionContext) throws TaskExecutionException {
 		Objects.requireNonNull(executionContext.get("IdentityLink"));
 		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
 		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
@@ -47,6 +49,9 @@ public class CreateSAML1AssertionTask implements Task {
 
 		try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) {
 			executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8")));
+			
+		} catch (IOException e) {
+			throw new TaskExecutionException("", e);
 		}
 
 	}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
index 412fb0123..bd08ec6a1 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
@@ -9,6 +9,7 @@ import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
@@ -37,13 +38,16 @@ public class GetIdentityLinkTask implements Task {
 	private Logger log = LoggerFactory.getLogger(getClass());
 
 	@Override
-	public void execute(ExecutionContext executionContext) throws IOException {
+	public void execute(ExecutionContext executionContext) throws TaskExecutionException {
 		Objects.requireNonNull(executionContext.get("bkuURL"));
 
 		log.debug("Using bkuURL in order to retrieve IdentityLink.");
 
 		try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) {
 			executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8")));
+			
+		} catch (IOException e) {
+			throw new TaskExecutionException("", e);
 		}
 	}
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
index 8099c0f98..8f9b72cea 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.process.spring.test.task;
 
+import java.io.IOException;
 import java.io.InputStream;
 import java.nio.charset.Charset;
 import java.util.Objects;
@@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
@@ -38,7 +40,7 @@ public class SignAuthBlockTask implements Task {
 	private Logger log = LoggerFactory.getLogger(getClass());
 
 	@Override
-	public void execute(ExecutionContext executionContext) throws Exception {
+	public void execute(ExecutionContext executionContext) throws TaskExecutionException {
 		Objects.requireNonNull(executionContext.get("IdentityLink"));
 		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
 		Objects.requireNonNull(executionContext.get("bkuURL"));
@@ -46,6 +48,9 @@ public class SignAuthBlockTask implements Task {
 		log.debug("Using validated IdentityLink and bkuURL in order to sign auth block.");
 		try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) {
 			executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8")));
+		} catch (IOException e) {
+			throw new TaskExecutionException("", e);
+			
 		}
 	}
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
index 07b2ea69c..cece373d4 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
@@ -5,6 +5,7 @@ import java.util.Objects;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
@@ -33,7 +34,7 @@ public class ValidateSignedAuthBlockTask implements Task {
 	private Logger log = LoggerFactory.getLogger(getClass());
 
 	@Override
-	public void execute(ExecutionContext executionContext) throws Exception {
+	public void execute(ExecutionContext executionContext) throws TaskExecutionException {
 		Objects.requireNonNull(executionContext.get("IdentityLink"));
 		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
 		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-- 
cgit v1.2.3


From bc41be7e1478e4b213c0357135a24572fce5f21d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 20 Apr 2015 13:52:25 +0200
Subject: update STORK authentication module

---
 .../modules/stork/tasks/CreateStorkAuthRequestFormTask.java  |  8 +++++---
 .../tasks/PepsConnectorHandleLocalSignResponseTask.java      | 12 +++++++-----
 .../PepsConnectorHandleResponseWithoutSignatureTask.java     | 12 +++++++-----
 .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java   |  8 +++++---
 4 files changed, 24 insertions(+), 16 deletions(-)

(limited to 'id/server')

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index f8cc17b93..021ee62cf 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -63,7 +64,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
+			throws TaskExecutionException {
 
 		String pendingRequestID = null;
 		String sessionID = null;
@@ -97,11 +98,12 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
 			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
 
 		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			throw new TaskExecutionException(ex.getMessage(), ex);
 
 		} catch (Exception e) {
 			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
-			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+			throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e);
+			
 		}
 
 		finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 077bb2dee..1ae66f24e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.stork.STORKException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
@@ -79,7 +80,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
+			throws TaskExecutionException {
 		String moaSessionID = request.getParameter("moaSessionID");
 		String signResponse = request.getParameter("signresponse");
 		Logger.info("moaSessionID:" + moaSessionID);
@@ -90,13 +91,13 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			handleSignResponse(executionContext, request, response);
 		} else {
 			// should not occur
-			throw new IOException("should not occur");
+			throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
 		}
 		return;
 	}
 
 	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
+			HttpServletResponse response) throws TaskExecutionException {
 		Logger.info("handleSignResponse started");
 		String moaSessionID = request.getParameter("moaSessionID");
 		String signResponse = request.getParameter("signresponse");
@@ -199,13 +200,14 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
 			Logger.info("REDIRECT TO: " + redirectURL);
 
 		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (Exception e) {
 			Logger.error("PEPSConnector has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 		}
 
 		finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index e2c3880ac..08da21460 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
 import at.gv.egovernment.moa.id.auth.stork.STORKException;
 import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
@@ -83,7 +84,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
+			throws TaskExecutionException {
 		String moaSessionID = request.getParameter("moaSessionID");
 		String signResponse = request.getParameter("signresponse");
 		Logger.info("moaSessionID:" + moaSessionID);
@@ -95,13 +96,13 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 
 		} else {
 			// should not occur
-			throw new IOException("should not occur");
+			throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
 		}
 		return;
 	}
 
 	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
+			HttpServletResponse response) throws TaskExecutionException {
 		Logger.info("handleSAMLResponse started");
 		String pendingRequestID = null;
 
@@ -399,13 +400,14 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 			Logger.info("REDIRECT TO: " + redirectURL);
 
 		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (Exception e) {
 			Logger.error("PEPSConnector has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 		}
 
 		finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 9df0ff37b..81c7c3a7b 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
 import at.gv.egovernment.moa.id.auth.stork.STORKException;
@@ -128,7 +129,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
+			throws TaskExecutionException {
 		String pendingRequestID = null;
 
 		setNoCachingHeaders(response);
@@ -613,13 +614,14 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			Logger.info("REDIRECT TO: " + redirectURL);
 
 		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
+			throw new TaskExecutionException(e.getMessage(), e);
 
 		} catch (Exception e) {
 			Logger.error("PEPSConnector has an interal Error.", e);
+			throw new TaskExecutionException(e.getMessage(), e);
 		}
 
 		finally {
-- 
cgit v1.2.3


From 4707d0408674020f3c0f82ab08c605cef3e4932e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 20 Apr 2015 14:35:13 +0200
Subject: update handbook

---
 id/server/doc/handbook/install/install.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'id/server')

diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html
index aa508183e..f669af2a6 100644
--- a/id/server/doc/handbook/install/install.html
+++ b/id/server/doc/handbook/install/install.html
@@ -87,13 +87,13 @@
   <p> Die Basisinstallation der Module MOA-ID-Auth und MOA-ID-Configuration stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID dar, andererseits dient sie als Ausgangspunkt f&uuml;r optionale <a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsm&ouml;glichkeiten</a>.</p>
   <p>Die <strong>Mindestanforderungen</strong> f&uuml;r die Basisinstallation sind: </p>
   <ul>
-    <li><a href="#referenziertesoftware">Java SE 6 oder h&ouml;her</a></li>
-    <li><a href="#referenziertesoftware">Apache Tomcat 6 oder h&ouml;her </a></li>
+    <li><a href="#referenziertesoftware">Java SE 7 oder h&ouml;her</a></li>
+    <li><a href="#referenziertesoftware">Apache Tomcat 7 oder h&ouml;her </a></li>
   </ul>
   <p>Wir <strong>empfehlen</strong> jedoch jeweils aktuelle Version zu verwenden:</p>
   <ul>
     <li><a href="#referenziertesoftware">Java SE Update SE 7 (neuestes Update) bzw. Java SE 8 (neuestes Update)</a><a href="#referenziertesoftware"></a></li>
-    <li><a href="#referenziertesoftware">Apache Tomcat 7.0.50 bzw. Apache Tomcat 8.0.3</a>  </li>
+    <li><a href="#referenziertesoftware">Apache Tomcat 7 (neuestes Update) bzw. Apache Tomcat 8</a><a href="#referenziertesoftware"> (neuestes Update)</a></li>
 </ul>
   <p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module k&ouml;nnen sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. F&uuml;r den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgef&uuml;hrt werden. In beiden F&auml;llen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.</p>
 <h4><a name="webservice_basisinstallation_installation" id="webservice_basisinstallation_installation"></a>2.1.2 Installation</h4>
-- 
cgit v1.2.3


From ae570bf65585de05db08dd50d87352fc2027c624 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 12:58:29 +0200
Subject: fixed attribute forwarding when using STORK2 SAML for SP

---
 .../moa/id/protocols/stork2/MOAAttributeProvider.java          | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 3ab4ec4a1..d3a5a1085 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -99,6 +99,16 @@ public class MOAAttributeProvider {
                 Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
                 e.printStackTrace();
             }
+        } else if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+            Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
+            try {
+                PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+                attributeList.add((PersonalAttribute) tmp.clone());
+            } catch(Exception e) {
+                Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
+                if(Logger.isDebugEnabled())
+                    e.printStackTrace();
+            }
         } else {
             Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
         }
-- 
cgit v1.2.3


From 7d8b6f80bb6faf33c4a19aac2d23784a8dbbddc2 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 13:01:43 +0200
Subject: refactored some code regarding multi-part SAML responses

---
 .../stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java  | 2 +-
 .../moa/id/auth/modules/stork/tasks/PepsConnectorTask.java            | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'id/server')

diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 08da21460..aff69aa9c 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -342,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
 
 			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
 			try {
-				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+				SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions()
 						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
 						.getAuthnContextClassRef(), citizenSignature);
 			} catch (STORKException e) {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 81c7c3a7b..6eabc0538 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -506,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 					Logger.debug("Starting connecting SZR Gateway");
 				
 					identityLink = STORKResponseProcessor.connectToSZRGateway(
-							authnResponse.getPersonalAttributeList(),
+							attributeList,
 							oaParam.getFriendlyName(), 
 							targetType, 
 							null, 
@@ -560,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
 			moaSession.setIdentityLink(identityLink);
 
 			Logger.debug("Adding addtional STORK attributes to MOA session");
-			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+			moaSession.setStorkAttributes(attributeList);
 
 			Logger.debug("Add full STORK AuthnResponse to MOA session");
 			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
-- 
cgit v1.2.3


From 4df561f9f19966c92cd658efa0cd3942a0a091d4 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:10:56 +0200
Subject: moved consent request before attributes are being collected

---
 .../auth/src/main/webapp/WEB-INF/urlrewrite.xml    |  2 +-
 .../id/protocols/stork2/AttributeCollector.java    | 12 ++-----
 .../id/protocols/stork2/AuthenticationRequest.java |  7 +++-
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 42 ++++++++++++++--------
 4 files changed, 38 insertions(+), 25 deletions(-)

(limited to 'id/server')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 54debca81..8f01ca22b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -74,7 +74,7 @@
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
     </rule>
     <rule match-type="regex">
-        <from>^/stork2/CompleteAuthentication$</from>
+        <from>^/stork2/GetConsent$</from>
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
     </rule>
     <rule match-type="regex">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1e6cf6910..704f8b8a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -186,7 +182,8 @@ public class AttributeCollector implements IAction {
         List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
         for (PersonalAttribute current : requestAttributeList)
             if (!responseAttributeList.containsKey(current.getName()))
-                missingAttributes.add(current);
+                if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value())))
+                    missingAttributes.add(current);
 
         Logger.info("collecting attributes...");
 		Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -253,10 +250,7 @@ public class AttributeCollector implements IAction {
             Logger.info("collecting attributes done");
             
             // ask for consent if necessary
-            if(oaParam.isRequireConsentForStorkAttributes())
-            	new ConsentEvaluator().requestConsent(container, response, oaParam);
-            else
-            	new ConsentEvaluator().generateSTORKResponse(response, container);
+            new ConsentEvaluator().generateSTORKResponse(response, container);
 
             return null; // AssertionId
                             // TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 859f4900b..e0c4b3d16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
 
             Logger.debug("Data container prepared");
 
-            return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            if(oaParam.isRequireConsentForStorkAttributes())
+                new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+            else
+                new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+            return null;
         }
 //        // check if we are getting request for citizen of some other country
 //        else if (req instanceof MOASTORKRequest) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2c5728798..51e731e8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
 import java.util.ArrayList;
 import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 
 import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
 		DataContainer container;
 		try {
 			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+			req = container.getRequest();
 		} catch (MOADatabaseException e) {
 			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
 			throw new MOAIDException("stork.17", null);
 		}
 
 		// evaluate response
-		for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+		for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
 			if(null == httpReq.getParameter(current.getName())) {
-				current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+				current.setStatus(AttributeStatusType.WITHHELD.value());
 				current.setValue(new ArrayList<String>());
 				current.setComplexValue(new HashMap<String, String>());
 			}
 		}
 
-        // build and send response
-        generateSTORKResponse(httpResp, container);
-        
+        //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+		if (oaParam == null)
+			throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+		new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
         return null; // AssertionId
     }
 
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
 	 * Fills the given HttpResponse with the required web page.
 	 *
 	 * @param container the container
+	 * @param authData 
 	 * @param response the response
 	 * @param oaParam the oa param
 	 * @return the string
 	 * @throws MOAIDException the mOAID exception
 	 */
-	public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+	public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+		//check if we need to collect consent
+        if(!oaParam.isRequireConsentForStorkAttributes()) {
+            (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            return "";
+        }
+
 		// prepare redirect
 		String newArtifactId;
 		try {
@@ -130,13 +145,12 @@ public class ConsentEvaluator implements IAction {
 			Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
 			VelocityContext context = new VelocityContext();
 
-			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
 
 			// assemble table
 			String table = "";
-			for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
-				if ("Available".equals(current.getStatus()))
-					table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+			for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
 
 			context.put("tablecontent", table);
 
-- 
cgit v1.2.3


From d086e2f7c278b0b5034d058fe8deff34927bf811 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:12:06 +0200
Subject: consent request cosmetics

---
 .../moa/id/protocols/stork2/ConsentEvaluator.java    |  2 ++
 .../resources/templates/stork2_consent.html          | 20 ++++++++++++--------
 2 files changed, 14 insertions(+), 8 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 51e731e8a..865cec5a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -153,6 +153,8 @@ public class ConsentEvaluator implements IAction {
 				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
 
 			context.put("tablecontent", table);
+			for(Entry<String, String> current : oaParam.getFormCustomizaten().entrySet())
+				context.put(current.getKey().replace("#", ""), current.getValue());
 
 			StringWriter writer = new StringWriter();
 			template.merge(context, writer);
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
index e21a61665..0ab41f146 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
@@ -80,6 +80,7 @@
 				  overflow:auto;	
           min-width: 190px;
           height: 260px;
+          padding: 20px;
 			  }
       
         h2#tabheader{
@@ -134,6 +135,7 @@
         
         #bkulogin {
         min-height: 150px;
+        padding: 20px;
         } 
       }
 
@@ -146,6 +148,7 @@
         
         #bkulogin {
           height: 180px;
+          padding: 20px;
         }  
       }
 
@@ -175,7 +178,7 @@
 					color : #000;
 			  	text-align: center;
           font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
+			  	background-color: ${MAIN_BACKGOUNDCOLOR};
 				}
         				
 			  #page {
@@ -230,6 +233,7 @@
        	#bkulogin {	
           min-width: 190px;
           height: 155px;	
+          padding: 20px;
 			 }
         
 			 .setAssertionButton_full {
@@ -249,7 +253,7 @@
 			* {
 				margin: 0;
 				padding: 0;
-        font-family: #FONTTYPE#;
+        font-family: ${FONTTYPE};
 			}
 							      			
 			#selectArea {
@@ -333,13 +337,13 @@
 			}
 			
 			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
+				background-color : ${MAIN_BACKGOUNDCOLOR};
+        color: ${MAIN_COLOR};	
 			}
 			
 			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
+				background-color: ${HEADER_BACKGROUNDCOLOR};
+        color: ${HEADER_COLOR};
 			}
 			      
 			.main_header {
@@ -404,7 +408,7 @@
       
     }
 	</script>
-<title>#HEADER_TEXT#</title>
+<title>Informationsfreigabe</title>
 </head>
 <body onload="onChangeChecks();" onresize="onChangeChecks();">
 	<div id="page">
@@ -417,7 +421,7 @@
 							<h2 id="tabheader" class="dunkel" role="heading">STORK Informationsfreigabe</h2>
 						</div>
 						<div id="bkulogin" class="hell" role="form">
-							Alle angehakten Daten werden an das fragende Drittland &uuml;bermittelt.
+							W&auml;hlen Sie jene Daten, die, wenn verf&uuml;gbar, an ein Drittland weitergegeben werden sollen:</br>
 	  						<table>
 	  							${tablecontent}
 							</table>
-- 
cgit v1.2.3


From b4e8abf78acf92e6a40606ddd02d381e73a0d487 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:34:30 +0200
Subject: added required status to consent list

---
 .../at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 865cec5a3..baa2f1b40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -150,7 +150,7 @@ public class ConsentEvaluator implements IAction {
 			// assemble table
 			String table = "";
 			for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
-				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + (current.isRequired() ? "" : " (optional)") + "</td></tr>\n";
 
 			context.put("tablecontent", table);
 			for(Entry<String, String> current : oaParam.getFormCustomizaten().entrySet())
-- 
cgit v1.2.3


From b110b9d1acd557e103ea4afc88499f2271d4c855 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:35:38 +0200
Subject: fix: gather any attribute from STORK2 response first if available

---
 .../id/protocols/stork2/MOAAttributeProvider.java  | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index d3a5a1085..3b2fae0d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -79,7 +79,17 @@ public class MOAAttributeProvider {
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
         String storkAttribute = requestedAttribute.getName();
-        if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
+        if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+            Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
+            try {
+                PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+                attributeList.add((PersonalAttribute) tmp.clone());
+            } catch(Exception e) {
+                Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
+                if(Logger.isDebugEnabled())
+                    e.printStackTrace();
+            }
+        } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
             Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
             try {
                 Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
@@ -99,16 +109,6 @@ public class MOAAttributeProvider {
                 Logger.error("Could not found MOA extraction method while getting attribute: " + storkAttribute);
                 e.printStackTrace();
             }
-        } else if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
-            Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
-            try {
-                PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
-                attributeList.add((PersonalAttribute) tmp.clone());
-            } catch(Exception e) {
-                Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
-                if(Logger.isDebugEnabled())
-                    e.printStackTrace();
-            }
         } else {
             Logger.debug("MOA method for extraction of attribute " + storkAttribute + " not defined.");
         }
-- 
cgit v1.2.3


From 637e57f15061232351b30a53a50825de51522142 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 6 May 2015 09:15:39 +0200
Subject: fixed nullpointerex during attribute extraction

---
 .../gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java | 4 ++--
 .../gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index e0c4b3d16..01f84125f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -499,11 +499,11 @@ public class AuthenticationRequest implements IAction {
                 Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
                 moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
             	 } catch (Exception e) {
-                     Logger.error("Exception, attributes: " + e.getMessage());
+                     Logger.error("Exception, attributes: " + e.getMessage(), e);
                  }
             }
         } catch (Exception e) {
-            Logger.error("Exception, attributes: " + e.getMessage());
+            Logger.error("Exception, attributes: " + e.getMessage(), e);
         }
 
         Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 3b2fae0d5..9a6206947 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -79,7 +79,7 @@ public class MOAAttributeProvider {
 
     public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
         String storkAttribute = requestedAttribute.getName();
-        if (authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+        if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
             Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
             try {
                 PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
-- 
cgit v1.2.3


From e694549a0e77265f77651b68c7b6adfa6d8f1c30 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 6 May 2015 09:16:41 +0200
Subject: fixed compilation issues

---
 .../at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java     | 2 +-
 .../gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index baa2f1b40..3acd1039f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -158,7 +158,7 @@ public class ConsentEvaluator implements IAction {
 
 			StringWriter writer = new StringWriter();
 			template.merge(context, writer);
-			response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+			httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
 		} catch (Exception e) {
 			Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index ed8480ccb..b24c0df4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -211,7 +211,7 @@ public class MandateRetrievalRequest implements IAction {
 
         // ask for consent if necessary
         if (oaParam.isRequireConsentForStorkAttributes())
-            new ConsentEvaluator().requestConsent(container, httpResp, oaParam);
+            new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
         else
             new ConsentEvaluator().generateSTORKResponse(httpResp, container);
 
-- 
cgit v1.2.3


From c621447906a77c5d457ce2ee854c08586509626a Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 6 May 2015 09:28:20 +0200
Subject: remove unselected attributes from result set

---
 .../moa/id/protocols/stork2/AttributeCollector.java       | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 704f8b8a9..371cfb1d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -180,10 +180,21 @@ public class AttributeCollector implements IAction {
         IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
         IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
         List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+        Logger.debug("aquire list of missing attributes");
         for (PersonalAttribute current : requestAttributeList)
-            if (!responseAttributeList.containsKey(current.getName()))
-                if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value())))
+            if (!responseAttributeList.containsKey(current.getName())) {
+                if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) {
+                    // add the ones we need
                     missingAttributes.add(current);
+                    Logger.debug("add " + current.getName() + " to the list of missing attributes");
+                }
+            } else {
+                // remove the ones we do not want to share from the response list
+                if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) {
+                    responseAttributeList.remove(current.getName());
+                    Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data");
+                }
+            }
 
         Logger.info("collecting attributes...");
 		Logger.debug("found " + missingAttributes.size() + " missing attributes");
-- 
cgit v1.2.3


From c230145208b7fbe53b7bf2d6aff49a24301559eb Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Wed, 6 May 2015 12:46:10 +0200
Subject: fixed samlengine transient issue

---
 .../src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server')

diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
index 5d8281445..15803fb68 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
@@ -69,7 +69,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
   /**
    * Is the personal attribute mandatory?
    */
-  private transient boolean required;
+  private boolean required;
   
   /**
    * Returned status of the attribute from the IdP.
-- 
cgit v1.2.3