From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 11:03:48 +0200 Subject: initial commit --- .../core/api/idp/EAAFAuthProcessDataConstants.java | 21 +++ .../java/at/gv/egiz/eaaf/core/api/idp/IAction.java | 43 +++++ .../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 32 ++++ .../eaaf/core/api/idp/IAttributeGenerator.java | 39 ++++ .../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 198 +++++++++++++++++++++ .../core/api/idp/IAuthenticationDataBuilder.java | 14 ++ .../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 108 +++++++++++ .../at/gv/egiz/eaaf/core/api/idp/IModulInfo.java | 75 ++++++++ .../eaaf/core/api/idp/IPVPAttributeBuilder.java | 9 + .../egiz/eaaf/core/api/idp/ISPConfiguration.java | 131 ++++++++++++++ .../core/api/idp/auth/IAuthenticationManager.java | 72 ++++++++ .../egiz/eaaf/core/api/idp/auth/ISSOManager.java | 92 ++++++++++ .../idp/auth/data/IAuthProcessDataContainer.java | 144 +++++++++++++++ .../eaaf/core/api/idp/auth/data/IIdentityLink.java | 155 ++++++++++++++++ .../eaaf/core/api/idp/auth/modules/AuthModule.java | 44 +++++ .../core/api/idp/process/ExecutionContext.java | 65 +++++++ .../idp/process/ExpressionEvaluationContext.java | 25 +++ .../core/api/idp/process/ExpressionEvaluator.java | 27 +++ .../eaaf/core/api/idp/process/ProcessEngine.java | 114 ++++++++++++ .../api/idp/process/ProcessInstanceStoreDAO.java | 47 +++++ .../at/gv/egiz/eaaf/core/api/idp/process/Task.java | 28 +++ .../core/api/idp/slo/ISLOInformationContainer.java | 68 +++++++ .../core/api/idp/slo/SLOInformationInterface.java | 80 +++++++++ 23 files changed, 1631 insertions(+) create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java create mode 100644 eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java new file mode 100644 index 00000000..f7a9a847 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java @@ -0,0 +1,21 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface EAAFAuthProcessDataConstants { + + public static final String GENERIC_PREFIX = "generic_"; + + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; + + public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; + public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; + public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; + public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + + public static final String VALUE_IDENTITYLINK = "direct_idl"; + public static final String VALUE_QAALEVEL = "direct_qaaLevel"; + public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java new file mode 100644 index 00000000..c8d55b96 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java @@ -0,0 +1,43 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + + +/** + * Basic interface of a specific operation that is requested by an authentication protocol implementation + * + * @author tlenz + * + */ +public interface IAction { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) + throws EAAFException; + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + + public String getDefaultActionName(); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java new file mode 100644 index 00000000..ded9731c --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java @@ -0,0 +1,32 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public interface IAttributeBuilder { + public String getName(); + + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException; + + public ATT buildEmpty(final IAttributeGenerator g); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java new file mode 100644 index 00000000..01bb68cc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java @@ -0,0 +1,39 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface IAttributeGenerator { + /** + * + * @param friendlyName FriendlyName + * @param name Name + * @param value value + * @return + */ + public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); + + public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + + public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); + + public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java new file mode 100644 index 00000000..888b6e92 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -0,0 +1,198 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp; + +import java.util.Date; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; + +/** + * @author tlenz + * + */ +public interface IAuthData { + + /** + * BaseId transfer policy + * + * @return true if baseID transfer to service provider is allowed, otherwise false + */ + boolean isBaseIDTransferRestrication(); + + /** + * Identifier of the IDP that authenicates the user + * + * @return + */ + String getAuthenticationIssuer(); + + /** + * Timestamp of the authentication process + * + * @return + */ + Date getAuthenticationIssueInstant(); + + /** + * Get string formated timestamp of the authentication process + * + * @return + */ + String getAuthenticationIssueInstantString(); + + + /** + * Familyname of the user + * + * @return + */ + String getFamilyName(); + + /** + * Givenname of the user + * + * @return + */ + String getGivenName(); + + /** + * Date of birth of the user + * + * @return date of birth or null no data of birth is available + */ + Date getDateOfBirth(); + + /** + * String formated date of birth of the user with pattern yyyy-MM-dd + * + * + * @return date of birth or '2999-12-31' if no data of birth is available + */ + String getFormatedDateOfBirth(); + + /** + * Get bPK of the user + * + * @return + */ + String getBPK(); + + /** + * Get sector for user's bPK + * + * + * @return Sector identifier with prefix + */ + String getBPKType(); + + /** + * Get baseId of this user + * + * @return + */ + String getIdentificationValue(); + + /** + * Get type identifier of the baseId + * By default, this type is urn:publicid:gv.at:baseid + * + * @return + */ + String getIdentificationType(); + + + /** + * Get the identityLink for the authenticated user + * + * @return IDL, or NULL if no IDL is available + */ + IIdentityLink getIdentityLink(); + + /** + * Return LoA for this user authentication + * + * @return eIDAS LoA URI + */ + public String getEIDASQAALevel(); + + + /** + * Indicates that the user is a foreigner + * + * @return true if the user is foreigner, otherwise false + */ + boolean isForeigner(); + + /** + * Code of the citizen country of the authenticated user + * + * @return + */ + String getCiticenCountryCode(); + + + /** + * Indicate that the authentication was done by using an active single sign-on session + * + * @return true if it an SSO session was used, otherwise false + */ + boolean isSsoSession(); + + /** + * Date, up to which the SSO that was used for authentication is valid to + * + * @return + */ + Date getSsoSessionValidTo(); + + + /** + * SessionIndex, if it was an reauthentication on a service provider by using the same SSO session + * + * @return + */ + String getSessionIndex(); + + /** + * SAML2 NameID for the user + * + * @return + */ + String getNameID(); + + /** + * Format of the SAML2 NameID + * + * @return + */ + String getNameIDFormat(); + + + /** + * Get generic information for this authenticated user + * + * @param key Identifier for the generic data + * @param clazz Type of the generic data + * @return return the generic data of specific type, otherwise null + */ + public T getGenericData(String key, final Class clazz); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java new file mode 100644 index 00000000..4bdefb06 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java @@ -0,0 +1,14 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; + +public interface IAuthenticationDataBuilder { + + IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException; + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java new file mode 100644 index 00000000..6aac90f8 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -0,0 +1,108 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.net.URI; +import java.net.URL; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IConfiguration { + + public static final String CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE = "configuration.auth.default.countrycode"; + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @return configuration value or null if it is not found + */ + public String getBasicConfiguration(final String key); + + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @param defaultValue Default value if no value with this key is found + * @return configuration value + */ + public String getBasicConfiguration(final String key, final String defaultValue); + + /** + * Get a set of configuration values from file based configuration that starts with this prefix + *

+ * Important: The configuration values must be of type String! + * + * @param prefix Prefix of the configuration key + * @return Map without prefix, but never null + */ + public Map getBasicMOAIDConfigurationWithPrefix(final String prefix); + + + /** + * Get a boolean value from basic MOA-ID configuration file + * + * @param key Configuration key + * @param defaultValue Default result + * @return returns the value of the configuration key, or the default value if the key is not set + */ + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); + + /** + * Get a configuration entry for a specific Service Provider + * + * @param uniqueID Unique identifier of the Service Provider + * @return + * @throws EAAFConfigurationException + */ + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) throws EAAFConfigurationException; + + + /** + * Get a configuration entry for a specific Service Provider that is decorated by a Object + * + * @param spIdentifier EntityID of a Service Provider + * @param decorator Decorator that should be used to decorate the result. + * This decorator has to be implement or extend the {@link ISPConfiguration} interface + * @return + * @throws EAAFConfigurationException + */ + public T getServiceProviderConfiguration(String spIdentifier, final Class decorator) throws EAAFConfigurationException; + + /** + * Get the full configuration properties object + * + * @return + */ + public Properties getFullConfigurationProperties(); + + /** + * Get the root directory of the configuration folder + * + * @return + */ + public URI getConfigurationRootDirectory(); + + + /** + * Get the path to EAAFCore configuration that is internally used + * + * @return + */ + public URI getConfigurationFilePath(); + + + /** + * Validate a URL if it it is allowed by configuration. + * + * @param authReqUrl URL for validation + * @return URL of the application context if the authReqUrl was valid, otherwise null + */ + public String validateIDPURL(URL authReqUrl) throws EAAFException; + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java new file mode 100644 index 00000000..03a761f2 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java @@ -0,0 +1,75 @@ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * Basic interface of an authentication protocol implementation on IDP side + * + * @author tlenz + * + */ +public interface IModulInfo { + + /** + * Name of this IDP authentication module + * + * @return + */ + public String getName(); + + /** + * Authentication protocol identifier for this module + * + * @return + */ + public String getAuthProtocolIdentifier(); + + /** + * Generates a protocol specific error message + * + * + * @param e Exception that contains the error message + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param protocolRequest incoming protocol request + * @return return true if a protocol specific error message was generated, otherwise false + * @throws Throwable + */ + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + /** + * additional validation of a incoming authentication request + * + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param pending incoming protocol request + * @return return true if the incoming request is valid, otherwise false + */ + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java new file mode 100644 index 00000000..33693647 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java @@ -0,0 +1,9 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public interface IPVPAttributeBuilder extends PVPAttributeDefinitions, IAttributeBuilder { + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java new file mode 100644 index 00000000..82e4bd1e --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java @@ -0,0 +1,131 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.io.Serializable; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +public interface ISPConfiguration extends Serializable { + + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing"; + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission"; + + /** + * Get the full key/value configuration for this Service Provider + * + * @return an unmodifiable map of key/value pairs + */ + public Map getFullConfiguration(); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return The configuration value {String} or null if the key does not exist + */ + public String getConfigurationValue(String key); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return The configuration value {String} or defaultValue if the key does not exist + */ + public String getConfigurationValue(String key, String defaultValue); + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return true / false, or null if the key does not exist + */ + public Boolean isConfigurationValue(String key); + + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return true / false, or defaultValue if the key does not exist + */ + public boolean isConfigurationValue(String key, boolean defaultValue); + + /** + * Check if a configuration key is available in this Service Provider configuration + * + * @param key The key identifier of a configuration value + * @return true if the configuration key exists, otherwise false + */ + boolean containsConfigurationKey(String key); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getUniqueIdentifier(); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getFriendlyName(); + + /** + * Indicates if this service provider has private area restrictions that disallow baseId processing in general + * * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdInternalProcessingRestriction(); + + + /** + * Indicates if this service provider has private area restrictions that disallow baseId transfer to SP + * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdTransferRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID processing restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.idpProcessing" + * + * @return + */ + public List getTargetsWithNoBaseIdInternalProcessingRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID transfer restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.spTransmission" + * + * @return + */ + public List getTargetsWithNoBaseIdTransferRestriction(); + + /** + * Get the minimum eIDAS LoA that is required by this service provider + * + * {@link EAAFConstants.EIDAS_QAA_LOW} + * {@link EAAFConstants.EIDAS_QAA_SUBSTANTIAL} + * {@link EAAFConstants.EIDAS_QAA_HIGH} + * + * @return return eIDAS LoA + */ + public String getMinimumLevelOfAssurence(); + + /** + * Get the full area-identifier for this service provider to calculate the + * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). + * This identifier always contains the full prefix + * + * @return area identifier with prefix + */ + public String getAreaSpecificTargetIdentifier(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java new file mode 100644 index 00000000..82f87f49 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java @@ -0,0 +1,72 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IAuthenticationManager { + + //TODO + public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = -1; + public static int EVENT_AUTHENTICATION_PROCESS_STARTED = -1; + public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = -1; + public static int EVENT_AUTHENTICATION_PROCESS_ERROR = -1; + + + /** + * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http parameter name, but never null + */ + void addParameterNameToWhiteList(String httpReqParam); + + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + void addHeaderNameToWhiteList(String httpReqParam); + + + /** + * Starts an authentication process for a specific pending request + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq Pending request for that an authentication is required + * @return true if the pending request is already authenticated, otherwise false + * @throws EAAFException + */ + boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws EAAFException; + + /** + * Close an active authenticated session on IDP side + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + */ + void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq); + + + /** + * Close an active authenticated session on IDP side and get a list authenticated service providers + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + * @param internalSSOId internal SSO session identifier + * @return A container that contains all active SP sessions + * @throws EAAFException + */ + ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException; + + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java new file mode 100644 index 00000000..9c7a7320 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java @@ -0,0 +1,92 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; + +public interface ISSOManager { + + //TODO + public static int EVENT_SSO_SESSION_INVALID = -1; + public static int EVENT_SSO_SESSION_VALID = -1; + + + public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; + + + /** + * Check if there is an active and valid SSO session for the current pending request. + *
+ * If there is an active SSO session, the pending request will be populated with eID information from SSO session + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @param httpResp http Servlet response + * @return true if there is a valid SSO session, otherwise false + * @throws EAAFSSOException + */ + public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException; + + /** + * Populate service provider specific SSO settings + * + * Check if Single Sign-On is allowed for the current pending request and the requested service provider + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @return true if SSO is allowed for this service provider, otherwise false + */ + public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq); + + + /** + * Populate the current pending request with eID information from an existing SSO session + * + * @param pendingReq pending request that should be populated by SSO session + * @throws EAAFSSOException if pending request contains no SSO information or population failed + */ + public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException; + + + /** + * Destroy an active SSO session on IDP site only + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq + * @return true if a SSO session was closed successfully, otherwise false + * @throws EAAFSSOException in case of an internal processing error + */ + public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException; + + + + // ************************* old *************************************************** + String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException; + + + void createNewSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; +// { +// internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq); +// authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), +// newSSOSessionId, sloInformation, pendingReq); +// +// } + + + void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; +// { +// authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), +// newSSOSessionId, sloInformation, pendingReq); +// } + + + + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java new file mode 100644 index 00000000..743c7797 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -0,0 +1,144 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.util.Date; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public interface IAuthProcessDataContainer { + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * Indicate if the authentication process is finished + * + * @return + */ + boolean isAuthenticated(); + + /** + * Mark the authentication as authenticated, which means that the authenication process is completed + * + * @param authenticated + */ + void setAuthenticated(boolean authenticated); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + IIdentityLink getIdentityLink(); + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + void setIdentityLink(IIdentityLink identityLink); + + + /** + * Indicate that mandates was used in this auth. process + * + * @return + */ + boolean isMandateUsed(); + + /** + * Mark that mandates was used in this auth. process + * + * @param useMandates + */ + void setUseMandates(boolean useMandates); + + /** + * Indicate that the auth. process was performed by a foreigner + * + * @return + */ + boolean isForeigner(); + + /** + * Mark that the auth. process was done by a foreigner + * + * @param isForeigner + */ + void setForeigner(boolean isForeigner); + + /** + * Indicate that the auth. process was performed by an official representatives + * + * @return is official representatives + */ + boolean isOW(); + + /** + * Mark that the auth. process was done by an official representatives + * + */ + void setOW(boolean isOW); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + T getGenericDataFromSession(String key, Class clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage + */ + void setGenericDataToSession(String key, Object object) throws EAAFStorageException; +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java new file mode 100644 index 00000000..ca1f145d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -0,0 +1,155 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IIdentityLink { + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * @return String + */ + String getGivenName(); + + /** + * Returns the name. + * @return The name. + */ + String getName(); + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java new file mode 100644 index 00000000..d8f15aff --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java @@ -0,0 +1,44 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.modules; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; + +/** + * Provides metadata of a certain module. Uses for module discovery and process selection. + */ +public interface AuthModule { + + /** + * Returns the priority of the module. The priority defines the order of the respective module within the chain of + * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can + * handle. + *

+ * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE}) + * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put + * your modules behind default modules. + * + * @return the priority of the module. + */ + int getPriority(); + + /** + * Selects a process (description), referenced by its unique id, which is able to perform authentication with the + * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within + * this module. + * + * @param context + * an ExecutionContext for a process. + * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}. + */ + String selectProcess(ExecutionContext context); + + /** + * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. + * + * @return an array of resource uris of the processes included in this module. + */ + String[] getProcessDefinitions(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java new file mode 100644 index 00000000..e5e2011b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java @@ -0,0 +1,65 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import java.io.Serializable; +import java.util.Set; + +/** + * Encapsulates data needed for or provided by task execution. + * + * @author tknall + * + */ +public interface ExecutionContext extends Serializable { + + /** + * Returns the identifier of underlying process instance. + * + * @return The identifier of the process instance. + */ + String getProcessInstanceId(); + + /** + * Sets the identifier of underlying process instance. + * + * @param processInstanceId + * The identifier of the process instance. + */ + void setProcessInstanceId(String processInstanceId); + + /** + * Stores a serializable object using {@code key}. + * + * @param key + * The key under that the {@code object} should be stored. + * @param object The object to be stored. + */ + void put(String key, Serializable object); + + /** + * Returns an serializable object stored within this process context using {@code key}. + * + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself + * was {@code null}. + */ + Serializable get(String key); + + /** + * Removes the object stored using {@code key}. + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object that has been removed or {@code null} there was no object stored using {@code key}. + */ + Serializable remove(String key); + + /** + * Returns an unmodifiable set containing the stored keys. + * + * @return The keyset (never {@code null}). + */ + Set keySet(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java new file mode 100644 index 00000000..6e976422 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluationContext.java @@ -0,0 +1,25 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import java.io.Serializable; +import java.util.Map; + +import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; + +/** + * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}. + * + * @author tknall + * + */ +public interface ExpressionEvaluationContext extends Serializable { + + /** + * Returns the context data map used for expression evaluation. + * + * @return An unmodifiable map (never {@code null}). + */ + Map getCtx(); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java new file mode 100644 index 00000000..eda6b3cb --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExpressionEvaluator.java @@ -0,0 +1,27 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +/** + * Evaluates a given {@code expression} returning a boolean value. + * + * @author tknall + */ +public interface ExpressionEvaluator { + + /** + * Evaluates a given {@code expression} returning a boolean value. + * + * @param expressionContext + * The context which can be used for evaluation of the expression. + * @param expression + * The expression resulting in a boolean (must not be {@code null}). + * @return A boolean value. + * @throws IllegalArgumentException + * In case of an invalid {@code expression}. + * @throws NullPointerException + * In case of a {@code null} expression. + */ + boolean evaluate(ExpressionEvaluationContext expressionContext, String expression); + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java new file mode 100644 index 00000000..523eb8dc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessEngine.java @@ -0,0 +1,114 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + + +import java.io.InputStream; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessDefinitionParserException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; +import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessDefinition; + +/** + * Process engine providing means for starting and resuming processes. + * + * @author tknall + */ +public interface ProcessEngine { + + /** + * Registers a new process definition. Note that existing definitions with the same identifier will be replaced. + * + * @param processDefinition + * The process definition to be registered. + */ + void registerProcessDefinition(ProcessDefinition processDefinition); + + /** + * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced. + * + * @param processDefinitionInputStream The input stream to the definition to be registered. + * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition. + * @return The process definition's identifier. + */ + String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException; + + /** + * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. + *

+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue + * process execution after asynchronous task execution (refer to {@link #start(String)} and + * {@link #signal(String)} for further information). + * + * @param processDefinitionId + * The identifier of the respective process definition. + * @param executionContext The execution context (may be {@code null}). + * @return The id of the newly created process instance (never {@code null}). + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. + */ + String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException; + + /** + * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier. + *

+ * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue + * process execution after asynchronous task execution (refer to {@link #start(String)} and + * {@link #signal(String)} for further information). + * + * @param processDefinitionId + * The identifier of the respective process definition. + * @return The id of the newly created process instance (never {@code null}). + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist. + */ + String createProcessInstance(String processDefinitionId) throws ProcessExecutionException; + + + /** + * Delete a process instance + * + * @param processInstanceId + * The identifier of the respective process. + * @throws ProcessExecutionException + * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist. + */ + void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException; + + /** + * Returns the process instance with a given {@code processInstanceId}. + * + * @param processInstanceId + * The process instance id. + * @return The process instance (never {@code null}). + * @throws IllegalArgumentException + * In case the process instance does not/no longer exist. + * @throws RuntimeException + * In case the process instance could not be retrieved from persistence. + */ + ProcessInstance getProcessInstance(String processInstanceId); + + /** + * Starts the process using the given {@code pendingReq}. + * + * @param pendingReq + * The protocol request for which a process should be started. + * @throws ProcessExecutionException + * Thrown in case of error. + */ + void start(IRequest pendingReq) throws ProcessExecutionException; + + + /** + * Resumes process execution after an asynchronous task has been executed. + * + * @param pendingReq + * The process instance id. + * @throws ProcessExecutionException + * Thrown in case of error. + */ + void signal(IRequest pendingReq) throws ProcessExecutionException; + +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java new file mode 100644 index 00000000..1242620b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ProcessInstanceStoreDAO.java @@ -0,0 +1,47 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.idp.process.ProcessInstance; +import at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStore; + +public interface ProcessInstanceStoreDAO { + + /** + * Stores a {@link ProcessInstance} defined by {@code pIStore} in the + * database. + * + * @param pIStore + * the {@link ProcessInstanceStore} to persist. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + void saveOrUpdate(ProcessInstanceStore pIStore) throws EAAFException; + + /** + * Returns a {@link ProcessInstanceStore}, defined by + * {@code processInstanceID} from the database, or {@code null} if the + * object could not be found. + * + * @param processInstanceId + * the id of the {@code ProcessInstanceStore} to retrieve. + * @return a ProcessInstanceStore, or {@code null}. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + ProcessInstanceStore load(String processInstanceId) throws EAAFException; + + /** + * Deletes the {@link ProcessInstance} corresponding with the + * {@code processInstanceId}. + * + * @param processInstanceId + * the id of the {@code ProcessInstance} to be deleted. + * @throws EAAFStorageException + * is thrown if a problem occurs while accessing the database. + */ + void remove(String processInstanceId) throws EAAFException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java new file mode 100644 index 00000000..ff28b714 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/Task.java @@ -0,0 +1,28 @@ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; + + +/** + * Represents a single task to be performed upon process execution. + * + * @author tknall + * + */ +public interface Task { + + /** + * Executes this task. + * @param pendingReq + * Provides the current processed protocol request + * @param executionContext + * Provides execution related information. + * @return The pending-request object, because Process-management works recursive + * @throws Exception An exception upon task execution. + */ + IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException; + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java new file mode 100644 index 00000000..b5798f7b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java @@ -0,0 +1,68 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +import java.util.Iterator; +import java.util.List; +import java.util.Map.Entry; +import java.util.Set; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public interface ISLOInformationContainer { + + boolean hasFrontChannelOA(); + + Set> getFrontChannelOASessionDescriptions(); + + void removeFrontChannelOA(String oaID); + + Iterator getNextBackChannelOA(); + + SLOInformationInterface getBackChannelOASessionDescripten(String oaID); + + void removeBackChannelOA(String oaID); + + /** + * @return the sloRequest + */ + IRequest getSloRequest(); + + /** + * @param sloRequest the sloRequest to set + */ + void setSloRequest(IRequest sloRequest); + + /** + * @return the sloFailedOAs + */ + List getSloFailedOAs(); + + void putFailedOA(String oaID); + + public String getTransactionID(); + + public String getSessionID(); +} \ No newline at end of file diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java new file mode 100644 index 00000000..bd630c0a --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java @@ -0,0 +1,80 @@ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +/** + * @author tlenz + * + */ +public interface SLOInformationInterface{ + + + /** + * get AssertionID which was used for Service Provider Single LogOut request + * + * @return + * SessionID (SessionIndex in case of SAML2) + */ + public String getSessionIndex(); + + /** + * get user identifier which was used + * + * @return + * bPK / wbPK (nameID in case of SAML2) + */ + public String getUserNameIdentifier(); + + + /** + * get protocol type which was used for authentication + * + * @return + * return authentication protocol type + */ + public String getProtocolType(); + + /** + * @return + */ + public String getUserNameIDFormat(); + + /** + * Get the unique entityID of this Service-Provider + * + * @return unique identifier, but never null + */ + public String getSpEntityID(); + + public String getAuthURL(); + + public String getServiceURL(); + + public String getBinding(); + + public void setUserNameIdentifier(String subjectNameId); + + public void setNameIDFormat(String format); + + public void setSessionIndex(String sessionIndex); + + +} -- cgit v1.2.3