feat(core): add method parameter to define custom max. age for pendingRequestId

7 files changed, 93 insertions, 9 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
index db13bf71..1bc40720 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
@@ -47,13 +47,19 @@ public class RequestStorage implements IRequestStorage {
   @Autowired(required = true)
   IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy;
 
-  @Override
   public IRequest getPendingRequest(final String pendingReqID)
       throws PendingReqIdValidationException {
+    return getPendingRequest(pendingReqID, -1);
+
+  }
+
+  @Override
+  public IRequest getPendingRequest(final String pendingReqID, int maxPendingRequestIdAge)
+      throws PendingReqIdValidationException {
 
     try {
       final String internalPendingReqId =
-          pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingReqID);
+          pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingReqID, maxPendingRequestIdAge);
       log.debug("PendingReqId is valid");
 
       // get pending-request from storage
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
index 17d240cb..706b8fb2 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java
@@ -29,6 +29,7 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.IStatusMessenger;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
@@ -62,7 +63,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 
       }
 
-      pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+      pendingReq = requestStorage.getPendingRequest(pendingRequestID, getMaxPendingReqIdAge());
       if (pendingReq == null) {
         log.info("No PendingRequest with Id: " + pendingRequestID
             + " Maybe, a transaction timeout occure.");
@@ -102,6 +103,20 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
   }
 
 
+  /**
+   * Defines max. age of pendingrequestId for validation.
+   * 
+   * <p>
+   * Default implementation set -1 and uses default value of
+   * {@link IPendingRequestIdGenerationStrategy}
+   * </p>
+   * 
+   * @return max. age in seconds, or -1 if default value should be used
+   */
+  protected int getMaxPendingReqIdAge() {
+    return -1;
+
+  }
 
   /**
    * Retrieves the current pending-request id from the HttpServletRequest
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
index 93ce5695..fa9e2252 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java
@@ -42,6 +42,18 @@ public interface IRequestStorage {
   IRequest getPendingRequest(String pendingReqID) throws PendingReqIdValidationException;
 
   /**
+   * Get a pending-request from storage.
+   *
+   * @param pendingReqID           Id of the pending request
+   * @param maxPendingRequestIdAge Maximum token life-time in seconds. In case of
+   *                               < 0, default value will be used
+   * @return Pending Request Object
+   * @throws PendingReqIdValidationException if the pendingRequestId was invalid
+   */
+  IRequest getPendingRequest(String pendingReqID, int maxPendingRequestIdAge)
+      throws PendingReqIdValidationException;
+
+  /**
    * Store a pending-request in storage.
    *
    * @param pendingRequest Pending-Request object to store
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/utils/IPendingRequestIdGenerationStrategy.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/utils/IPendingRequestIdGenerationStrategy.java
index d5dc8aca..ddf3b291 100644
--- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/utils/IPendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/utils/IPendingRequestIdGenerationStrategy.java
@@ -1,10 +1,9 @@
 package at.gv.egiz.eaaf.core.api.utils;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+import jakarta.annotation.Nonnull;
+import jakarta.annotation.Nullable;
 
 public interface IPendingRequestIdGenerationStrategy {
 
@@ -28,6 +27,19 @@ public interface IPendingRequestIdGenerationStrategy {
   String validateAndGetPendingRequestId(@Nullable String pendingReqId) throws PendingReqIdValidationException;
 
   /**
+   * Validate a pendingRequestId according to implemented strategy.
+   *
+   * @param pendingReqId pending-request Id that should be validated
+   * @param maxTokenAge  Maximum token life-time in seconds. In case of < 0,
+   *                     default value will be used
+   * @return internalPendingRequestId
+   * @throws PendingReqIdValidationException In case of a token validation error
+   */
+  @Nonnull
+  String validateAndGetPendingRequestId(@Nullable String pendingReqId, @Nonnull int maxTokenAge)
+      throws PendingReqIdValidationException;
+
+  /**
    * Get the internal pendingReqId without any validation.
    *
    * @param externalPendingReqId pending-request Id that should be validated
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
index e5003e2f..6ae5ee18 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java
@@ -116,6 +116,13 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
   @Override
   public String validateAndGetPendingRequestId(final String externalPendingReqId)
       throws PendingReqIdValidationException {
+    return validateAndGetPendingRequestId(externalPendingReqId, maxPendingRequestIdLifeTime);
+
+  }
+
+  @Override
+  public String validateAndGetPendingRequestId(String externalPendingReqId, int maxTokenAge)
+      throws PendingReqIdValidationException {
     try {                  
       String stringToken = getDecryptedExternalPendingRequestId(externalPendingReqId);
       log.debug("Token decryption successful");
@@ -133,7 +140,7 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
 
       log.trace("Checking valid period ... ");
       final DateTime now = DateTime.now();
-      if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime)
+      if (timeStamp.withFieldAdded(DurationFieldType.seconds(), getMaxTokenAgeValue(maxTokenAge))
           .isBefore(now)) {
         log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now);
         throw new PendingReqIdValidationException(internalPendingReqId,
@@ -199,6 +206,11 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
     
   }
   
+  private int getMaxTokenAgeValue(int overrideValue) {
+    return overrideValue < 0 ? maxPendingRequestIdLifeTime : overrideValue;
+
+  }
+
   private String selectKeyWrappingAlgorithm(SecretKey first) {
     if ("AES".equals(first.getAlgorithm())) {
       return KeyManagementAlgorithmIdentifiers.A128GCMKW;
@@ -277,5 +289,4 @@ public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy
         .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8));
     
   }
-  
 }
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index 8da773f8..1eae05e9 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -101,6 +101,13 @@ public class SecurePendingRequestIdGenerationStrategy
   @Override
   public String validateAndGetPendingRequestId(final String externalPendingReqId)
       throws PendingReqIdValidationException {
+    return validateAndGetPendingRequestId(externalPendingReqId, maxPendingRequestIdLifeTime);
+
+  }
+
+  @Override
+  public String validateAndGetPendingRequestId(final String externalPendingReqId, int maxTokenAge)
+      throws PendingReqIdValidationException {
     try {
       final String[] tokenElements = extractTokens(externalPendingReqId);
       final String internalPendingReqId = tokenElements[1];
@@ -120,7 +127,7 @@ public class SecurePendingRequestIdGenerationStrategy
 
       log.trace("Checking valid period ... ");
       final DateTime now = DateTime.now();
-      if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime)
+      if (timeStamp.withFieldAdded(DurationFieldType.seconds(), getMaxTokenAgeValue(maxTokenAge))
           .isBefore(now)) {
         log.warn("Token exceeds the valid period");
         log.debug("Token: {} | Now: {}", timeStamp, now);
@@ -235,6 +242,10 @@ public class SecurePendingRequestIdGenerationStrategy
           new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e);
 
     }
+  }
+
+  private int getMaxTokenAgeValue(int overrideValue) {
+    return overrideValue < 0 ? maxPendingRequestIdLifeTime : overrideValue;
 
   }
 
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
index 78f0cdec..22c15fbd 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
@@ -28,6 +28,23 @@ public class SimplePendingRequestIdGenerationStrategy
 
   }
 
+  /**
+   * Validate a pendingRequestId according to implemented strategy.
+   * 
+   * <p>
+   * Simple strategy does not implement validation.
+   * </p>
+   * 
+   * @param maxTokenAge SimplePendingRequestIdGenerationStrategy implements NO
+   *                    timestamp validation on tokens
+   */
+  @Override
+  public String validateAndGetPendingRequestId(String pendingReqId, int maxTokenAge)
+      throws PendingReqIdValidationException {
+    return getPendingRequestIdWithOutChecks(pendingReqId);
+
+  }
+
   @Override
   public String getPendingRequestIdWithOutChecks(final String externalPendingReqId)
       throws PendingReqIdValidationException {