1 files changed, 127 insertions, 0 deletions

diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
new file mode 100644
index 00000000..a0734684
--- /dev/null
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
+
+public interface ISsoManager {
+
+  // TODO
+  public static int EVENT_SSO_SESSION_INVALID = -1;
+  public static int EVENT_SSO_SESSION_VALID = -1;
+
+
+  public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
+  public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId";
+
+
+  /**
+   * Check if there is an active and valid SSO session for the current pending request. <br>
+   * If there is an active SSO session, the pending request will be populated with eID information
+   * from SSO session
+   *
+   * @param pendingReq Current incoming pending request
+   * @param httpReq http Servlet request
+   * @param httpResp http Servlet response
+   * @return true if there is a valid SSO session, otherwise false
+   * @throws EaafSsoException In case of an internal error
+   */
+  public boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq,
+      HttpServletResponse httpResp) throws EaafSsoException;
+
+  /**
+   * Populate service provider specific SSO settings.
+   *
+   * <p>
+   * Check if Single Sign-On is allowed for the current pending request and the requested service
+   * provider Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed
+   * </p>
+   *
+   * @param pendingReq Current incoming pending request
+   * @param httpReq http Servlet request
+   */
+  public void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq);
+
+
+  /**
+   * Populate the current pending request with eID information from an existing SSO session.
+   *
+   * @param pendingReq pending request that should be populated by SSO session
+   * @throws EaafSsoException if pending request contains no SSO information or population failed
+   */
+  public void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException;
+
+
+  /**
+   * Destroy an active SSO session on IDP site only.
+   *
+   * @param httpReq http servlet request
+   * @param httpResp http servlet response
+   * @param pendingReq current pending request
+   * @return true if a SSO session was closed successfully, otherwise false
+   * @throws EaafSsoException in case of an internal processing error
+   */
+  public boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq,
+      HttpServletResponse httpResp, IRequest pendingReq) throws EaafSsoException;
+
+
+
+  /**
+   * Create a new SSO session-cookie for a specific pendingRequest and add it into http response.
+   *
+   * @param req http Request
+   * @param resp http Response
+   * @param pendingReq Current open PendingRequest
+   * @return new created SSO identifier
+   * @throws EaafSsoException In case of an internal error
+   */
+  public String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp,
+      IRequest pendingReq) throws EaafSsoException;
+
+
+  /**
+   * Create a new SSO session in database.
+   *
+   * @param pendingReq current pending request
+   * @param newSsoSessionId new SSO sessionId
+   * @throws EaafSsoException In case of an internal error
+   */
+  public void createNewSsoSession(IRequest pendingReq, String newSsoSessionId)
+      throws EaafSsoException;
+
+
+  /**
+   * Updateing an existing SSO session in database.
+   *
+   * @param pendingReq current pending request
+   * @param newSsoSessionId new SSO session Id
+   * @param sloInformation SLO information container
+   * @throws EaafSsoException In case of an internal error
+   */
+  public void updateSsoSession(IRequest pendingReq, String newSsoSessionId,
+      SloInformationInterface sloInformation) throws EaafSsoException;
+
+
+
+}