5 files changed, 507 insertions, 0 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java
new file mode 100644
index 00000000..82f87f49
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java
@@ -0,0 +1,72 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IAuthenticationManager {
+	
+	//TODO
+	public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = -1;
+	public static int EVENT_AUTHENTICATION_PROCESS_STARTED = -1;
+	public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = -1;
+	public static int EVENT_AUTHENTICATION_PROCESS_ERROR = -1;
+	
+		
+	/**
+	 * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
+	 * 
+	 * @param httpReqParam http parameter name, but never null
+	 */
+	void addParameterNameToWhiteList(String httpReqParam);
+
+	/**
+	 * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
+	 * 
+	 * @param httpReqParam http header name, but never null
+	 */
+	void addHeaderNameToWhiteList(String httpReqParam);
+	
+
+	/**
+	 * Starts an authentication process for a specific pending request
+	 * 
+	 * @param httpReq http servlet request
+	 * @param httpResp http servlet response
+	 * @param pendingReq Pending request for that an authentication is required
+	 * @return true if the pending request is already authenticated, otherwise false
+	 * @throws EAAFException
+	 */
+	boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IRequest pendingReq) throws EAAFException;
+	
+	/**
+	 * Close an active authenticated session on IDP side
+	 * 
+	 * @param request http servlet request
+	 * @param response http servlet response
+	 * @param pendingReq ReqPending request for that an authentication session should be closed
+	 */
+	void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq);
+	
+		
+	/**
+	 * Close an active authenticated session on IDP side and get a list authenticated service providers
+	 * 
+	 * @param request http servlet request
+	 * @param response http servlet response
+	 * @param pendingReq ReqPending request for that an authentication session should be closed
+	 * @param internalSSOId internal SSO session identifier 
+	 * @return A container that contains all active SP sessions
+	 * @throws EAAFException
+	 */
+	ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException;
+
+	
+}
+\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
new file mode 100644
index 00000000..9c7a7320
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
@@ -0,0 +1,92 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+
+public interface ISSOManager {
+	
+	//TODO
+	public static int EVENT_SSO_SESSION_INVALID = -1;
+	public static int EVENT_SSO_SESSION_VALID = -1;
+	
+	
+	public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
+	public static final String AUTH_DATA_SSO_SESSIONID	= "eaaf_authdata_sso_sessionId";
+	
+	
+	/**
+	 * Check if there is an active and valid SSO session for the current pending request.
+	 * <br>
+	 * If there is an active SSO session, the pending request will be populated with eID information from SSO session 
+	 * 
+	 * @param pendingReq Current incoming pending request
+	 * @param httpReq http Servlet request
+	 * @param httpResp http Servlet response
+	 * @return true if there is a valid SSO session, otherwise false
+	 * @throws EAAFSSOException
+	 */
+	public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException;
+	
+	/**
+	 * Populate service provider specific SSO settings
+	 * 
+	 * Check if Single Sign-On is allowed for the current pending request and the requested service provider 
+	 * 
+	 * @param pendingReq Current incoming pending request
+	 * @param httpReq http Servlet request
+	 * @return true if SSO is allowed for this service provider, otherwise false
+	 */
+	public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq);
+	
+	
+	/**
+	 * Populate the current pending request with eID information from an existing SSO session 
+	 * 
+	 * @param pendingReq pending request that should be populated by SSO session
+	 * @throws EAAFSSOException if pending request contains no SSO information or population failed
+	 */
+	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException;
+	
+	
+	/**
+	 * Destroy an active SSO session on IDP site only
+	 * 
+	 * @param httpReq http servlet request
+	 * @param httpResp http servlet response
+	 * @param pendingReq 
+	 * @return true if a SSO session was closed successfully, otherwise false
+	 * @throws EAAFSSOException in case of an internal processing error
+	 */
+	public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException;
+	
+	
+	
+	// ************************* old ***************************************************	
+	String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq)  throws EAAFSSOException;
+
+	
+	void createNewSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException;
+//	{
+//		internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq);				
+//		authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), 
+//				newSSOSessionId, sloInformation, pendingReq);	
+//
+//	}
+
+
+	void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation)  throws EAAFSSOException;
+//	{
+//		authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), 
+//				newSSOSessionId, sloInformation, pendingReq);
+//	}
+
+
+
+
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
new file mode 100644
index 00000000..743c7797
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -0,0 +1,144 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.data;
+
+import java.util.Date;
+import java.util.Map;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+public interface IAuthProcessDataContainer {
+
+	/**
+	 * Returns the issuing time of the AUTH-Block SAML assertion.
+	 * 
+	 * @return The issuing time of the AUTH-Block SAML assertion.
+	 */
+	String getIssueInstant();
+
+	/**
+	 * Sets the issuing time of the AUTH-Block SAML assertion.
+	 * 
+	 * @param issueInstant
+	 *            The issueInstant to set.
+	 */
+	void setIssueInstant(String issueInstant);
+	
+	/**
+	 * Indicate if the authentication process is finished
+	 * 
+	 * @return
+	 */
+	boolean isAuthenticated();
+
+	/**
+	 * Mark the authentication as authenticated, which means that the authenication process is completed
+	 * 
+	 * @param authenticated
+	 */
+	void setAuthenticated(boolean authenticated);
+	
+	/**
+	 * Returns the identityLink.
+	 * 
+	 * @return IdentityLink
+	 */
+	IIdentityLink getIdentityLink();
+	
+	/**
+	 * Sets the identityLink.
+	 * 
+	 * @param identityLink
+	 *            The identityLink to set
+	 */
+	void setIdentityLink(IIdentityLink identityLink);
+	
+
+	/**
+	 * Indicate that mandates was used in this auth. process
+	 * 
+	 * @return
+	 */
+	boolean isMandateUsed();
+	
+	/**
+	 * Mark that mandates was used in this auth. process
+	 * 
+	 * @param useMandates
+	 */
+	void setUseMandates(boolean useMandates);
+
+	/**
+	 * Indicate that the auth. process was performed by a foreigner
+	 * 
+	 * @return
+	 */
+	boolean isForeigner();
+
+	/**
+	 * Mark that the auth. process was done by a foreigner
+	 * 
+	 * @param isForeigner
+	 */
+	void setForeigner(boolean isForeigner);
+	
+	/**
+	 * Indicate that the auth. process was performed by an official representatives 
+	 * 
+	 * @return is official representatives 
+	 */
+	boolean isOW();
+
+	/**
+	 * Mark that the auth. process was done by an official representatives 
+	 *            
+	 */
+	void setOW(boolean isOW);
+	
+	/**
+	 * eIDAS QAA level
+	 * 
+	 * @return the qAALevel
+	 */
+	String getQAALevel();
+
+	/**
+	 * set QAA level in eIDAS form
+	 * 
+	 * @param qAALevel the qAALevel to set
+	 */
+	void setQAALevel(String qAALevel);
+
+	/**
+	 * @return the sessionCreated
+	 */
+	Date getSessionCreated();
+
+	Map<String, Object> getGenericSessionDataStorage();
+
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	Object getGenericDataFromSession(String key);
+
+	/**
+	 * Returns a generic session-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the session-data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The session-data object or null if no data is found with this key
+	 */
+	<T> T getGenericDataFromSession(String key, Class<T> clazz);
+
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	void setGenericDataToSession(String key, Object object) throws EAAFStorageException;
+}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
new file mode 100644
index 00000000..ca1f145d
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java
@@ -0,0 +1,155 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.data;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IIdentityLink {
+
+	/**
+	   * Returns the dateOfBirth.
+	   * @return Calendar
+	   */
+	String getDateOfBirth();
+
+	/**
+	   * Returns the familyName.
+	   * @return String
+	   */
+	String getFamilyName();
+
+	/**
+	   * Returns the givenName.
+	   * @return String
+	   */
+	String getGivenName();
+
+	/**
+	   * Returns the name.
+	   * @return The name.
+	   */
+	String getName();
+
+	/**
+	   * Returns the identificationValue.
+		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+	   * @return String
+	   */
+	String getIdentificationValue();
+
+	/**
+	 * Returns the identificationType.
+	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+	 * @return String
+	 */
+	String getIdentificationType();
+
+	/**
+	   * Sets the dateOfBirth.
+	   * @param dateOfBirth The dateOfBirth to set
+	   */
+	void setDateOfBirth(String dateOfBirth);
+
+	/**
+	   * Sets the familyName.
+	   * @param familyName The familyName to set
+	   */
+	void setFamilyName(String familyName);
+
+	/**
+	   * Sets the givenName.
+	   * @param givenName The givenName to set
+	   */
+	void setGivenName(String givenName);
+
+	/**
+	   * Sets the identificationValue.
+		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+	   * @param identificationValue The identificationValue to set
+	   */
+	void setIdentificationValue(String identificationValue);
+
+	/**
+	 * Sets the Type of the identificationValue.
+	 * @param identificationType The type of identificationValue to set
+	 */
+	void setIdentificationType(String identificationType);
+
+	/**
+	   * Returns the samlAssertion.
+	   * @return Element
+	   */
+	Element getSamlAssertion();
+
+	/**
+	   * Returns the samlAssertion.
+	   * @return Element
+	   */
+	String getSerializedSamlAssertion();
+
+	/**
+	   * Sets the samlAssertion and the serializedSamlAssertion.
+	   * @param samlAssertion The samlAssertion to set
+	   */
+	void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
+
+	/**
+	   * Returns the dsigReferenceTransforms.
+	   * @return Element[]
+	   */
+	Element[] getDsigReferenceTransforms();
+
+	/**
+	   * Sets the dsigReferenceTransforms.
+	   * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+	   */
+	void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
+
+	/**
+	   * Returns the publicKey.
+	   * @return PublicKey[]
+	   */
+	PublicKey[] getPublicKey();
+
+	/**
+	   * Sets the publicKey.
+	   * @param publicKey The publicKey to set
+	   */
+	void setPublicKey(PublicKey[] publicKey);
+
+	/**
+	   * Returns the prPerson.
+	   * @return Element
+	   */
+	Element getPrPerson();
+
+	/**
+	   * Sets the prPerson.
+	   * @param prPerson The prPerson to set
+	   */
+	void setPrPerson(Element prPerson);
+
+	/**
+	   * Returns the issuing time of the identity link SAML assertion.
+	   *
+	   * @return The issuing time of the identity link SAML assertion.
+	   */
+	String getIssueInstant();
+
+	/**
+	   * Sets the issuing time of the identity link SAML assertion.
+	   *
+	   * @param issueInstant The issueInstant to set.
+	   */
+	void setIssueInstant(String issueInstant);
+
+}
+\ No newline at end of file
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java
new file mode 100644
index 00000000..d8f15aff
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.modules;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition;
+
+/**
+ * Provides metadata of a certain module. Uses for module discovery and process selection.
+ */
+public interface AuthModule {
+
+	/**
+	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
+	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
+	 * handle.
+	 * <p/>
+	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
+	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
+	 * your modules behind default modules.
+	 * 
+	 * @return the priority of the module.
+	 */
+	int getPriority();
+
+	/**
+	 * Selects a process (description), referenced by its unique id, which is able to perform authentication with the
+	 * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within
+	 * this module.
+	 * 
+	 * @param context
+	 *            an ExecutionContext for a process.
+	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
+	 */
+	String selectProcess(ExecutionContext context);
+
+	/**
+	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
+	 * 
+	 * @return an array of resource uris of the processes included in this module.
+	 */
+	String[] getProcessDefinitions();
+
+}