1 files changed, 178 insertions, 0 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
new file mode 100644
index 00000000..3659ff4f
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
@@ -0,0 +1,178 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.impl.idp.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.components.eventlog.api.EventConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IStatusMessager;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class ProtocolFinalizationController extends AbstractAuthProtocolModulController {
+	private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class);
+	
+	@RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET})
+	public void errorHandling(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+		//receive an authentication error
+		String errorid = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_ERROR_CODE));
+		if (errorid != null) {
+			IRequest pendingReq = null;
+			try {				
+				//load stored exception from database
+				ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class);								
+				if (container != null) {					
+					//remove exception if it was found
+					transactionStorage.remove(errorid);
+					
+					Throwable throwable = container.getExceptionThrown();
+					pendingReq = container.getPendingRequest();
+					
+					if (pendingReq != null) {													
+						//build protocol-specific error message if possible
+						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
+																
+						//remove active user-session
+						transactionStorage.remove(pendingReq.getPendingRequestId());
+	
+						return;
+	
+					} else {
+						handleErrorNoRedirect(throwable, req, resp, true);
+	
+					}
+				} else {
+					handleErrorNoRedirect(
+							new EAAFException(
+									IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, 
+									null, 
+									"NO Error with this Id found" 
+								), req, resp, false);
+					
+				}
+				
+			} catch (Throwable e) {
+				log.error(e.getMessage(), e);				
+				handleErrorNoRedirect(e, req, resp, false);
+			
+			} finally {
+				//remove pending-request
+				if (pendingReq != null) {
+					requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
+					revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
+					
+				}
+				
+			}
+			
+		} else {
+			log.debug("Request contains NO ErrorId");
+			handleErrorNoRedirect(
+					new EAAFException(
+							IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, 
+							null, 
+							"Request containts NO error id." 
+						), req, resp, false);
+			
+		}
+		
+	}
+	
+	
+	@RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET})
+	public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException {
+		
+		//read pendingRequest from http request
+		Object idObject = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
+		IRequest pendingReq = null;
+		String pendingRequestID = null;
+		if (idObject != null && (idObject instanceof String)) {
+			pendingRequestID = (String) idObject;
+			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+			
+		}
+ 						
+		if (pendingReq == null) {
+			log.error("No PendingRequest with ID " + pendingRequestID + " found.!");		
+			handleErrorNoRedirect(
+					new EAAFException(
+							IStatusMessager.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, 
+							new Object[]{pendingRequestID,
+							},
+								"No pendigReq with Id: " + pendingRequestID), req, resp, false);							
+			
+		} else {
+			try {
+				log.debug("Finalize PendingRequest with ID " + pendingRequestID);
+							
+				//check if pending-request has 'abortedByUser' flag set
+				if (pendingReq.isAbortedByUser()) {
+					//send authentication aborted error to Service Provider
+					buildProtocolSpecificErrorResponse(
+							new EAAFAuthenticationException(
+									IStatusMessager.CODES_INTERNAL_ERROR_AUTH_USERSTOP, 
+									new Object[] {},
+									"User stops authentication process"), 
+							req, resp, pendingReq);
+					
+					//do not remove the full active SSO-Session 
+					// in case of only one Service-Provider authentication request is aborted   
+					if ( !pendingReq.needSingleSignOnFunctionality())  {
+						transactionStorage.remove(pendingReq.getPendingRequestId());
+						
+					}							
+
+					//check if pending-request are authenticated					
+				} else if (pendingReq.isAuthenticated()) {				
+					finalizeAuthenticationProcess(req, resp, pendingReq);
+
+				} else {
+					//suspect state: pending-request is not aborted but also are not authenticated 
+					log.error("PendingRequest is NOT authenticated --> Abort authentication process!");		
+					handleErrorNoRedirect(
+							new EAAFException(
+									"auth.20",
+									null,
+									"PendingRequest is NOT authenticated --> Abort authentication process!"
+								), req, resp, true);							
+									
+				}
+							
+			} catch (Exception e) {
+				log.error("Finalize authentication protocol FAILED." , e);
+				buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+				
+				if (pendingReq != null)
+					transactionStorage.remove(pendingReq.getPendingRequestId());
+				
+			}		
+		}
+		
+		//remove pending-request
+		if (pendingReq != null) {
+			requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
+			revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
+			
+		}
+		
+	}
+	
+}