From 75fe6d2b738245a3fbe6432b1e542beead5dcbf2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 17 May 2019 12:21:00 +0200 Subject: refactor EAAF core to split API and Implementation --- .../core/api/idp/EAAFAuthProcessDataConstants.java | 46 ++++ .../java/at/gv/egiz/eaaf/core/api/idp/IAction.java | 67 ++++++ .../egiz/eaaf/core/api/idp/IAttributeBuilder.java | 56 +++++ .../eaaf/core/api/idp/IAttributeGenerator.java | 63 ++++++ .../at/gv/egiz/eaaf/core/api/idp/IAuthData.java | 251 +++++++++++++++++++++ .../core/api/idp/IAuthenticationDataBuilder.java | 38 ++++ .../gv/egiz/eaaf/core/api/idp/IConfiguration.java | 136 +++++++++++ .../at/gv/egiz/eaaf/core/api/idp/IModulInfo.java | 99 ++++++++ .../eaaf/core/api/idp/IPVPAttributeBuilder.java | 33 +++ .../egiz/eaaf/core/api/idp/ISPConfiguration.java | 168 ++++++++++++++ .../core/api/idp/auth/IAuthenticationManager.java | 94 ++++++++ .../egiz/eaaf/core/api/idp/auth/ISSOManager.java | 130 +++++++++++ .../idp/auth/data/IAuthProcessDataContainer.java | 185 +++++++++++++++ .../eaaf/core/api/idp/auth/data/IIdentityLink.java | 182 +++++++++++++++ .../eaaf/core/api/idp/auth/modules/AuthModule.java | 67 ++++++ .../services/IProtocolAuthenticationService.java | 89 ++++++++ .../core/api/idp/process/ExecutionContext.java | 89 ++++++++ .../core/api/idp/slo/ISLOInformationContainer.java | 93 ++++++++ .../core/api/idp/slo/SLOInformationInterface.java | 104 +++++++++ 19 files changed, 1990 insertions(+) create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java create mode 100644 eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java (limited to 'eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp') diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java new file mode 100644 index 00000000..7ce24cf4 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/EAAFAuthProcessDataConstants.java @@ -0,0 +1,46 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface EAAFAuthProcessDataConstants { + + public static final String GENERIC_PREFIX = "generic_"; + + public static final String VALUE_ISSUEINSTANT = "direct_issueInstant"; + + public static final String FLAG_IS_AUTHENTICATED = "direct_flagIsAuth"; + public static final String FLAG_IS_FOREIGNER = "direct_flagIsForeigner"; + public static final String FLAG_USE_MANDATE = "direct_flagUseMandate"; + public static final String FLAG_IS_ORGANWALTER = "direct_flagOrganwalter"; + public static final String FLAG_IS_NEW_EID_PROCESS = "direct_flagIsNewEID"; + + @Deprecated public static final String VALUE_IDENTITYLINK = "direct_idl"; + public static final String VALUE_QAALEVEL = "direct_qaaLevel"; + @Deprecated public static final String VALUE_MISMANDATE = "direct_MIS_Mandate"; + + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java new file mode 100644 index 00000000..a40394b3 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAction.java @@ -0,0 +1,67 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + + +/** + * Basic interface of a specific operation that is requested by an authentication protocol implementation + * + * @author tlenz + * + */ +public interface IAction { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) + throws EAAFException; + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + + public String getDefaultActionName(); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java new file mode 100644 index 00000000..902aabbe --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeBuilder.java @@ -0,0 +1,56 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public interface IAttributeBuilder { + public String getName(); + + public ATT build(final ISPConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator g) throws AttributeBuilderException; + + public ATT buildEmpty(final IAttributeGenerator g); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java new file mode 100644 index 00000000..3591e313 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAttributeGenerator.java @@ -0,0 +1,63 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +public interface IAttributeGenerator { + /** + * + * @param friendlyName FriendlyName + * @param name Name + * @param value value + * @return + */ + public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value); + + public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value); + + public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value); + + public abstract ATT buildEmptyAttribute(final String friendlyName, final String name); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java new file mode 100644 index 00000000..e9d86efa --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -0,0 +1,251 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp; + +import java.util.Date; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +/** + * @author tlenz + * + */ +public interface IAuthData { + + /** + * BaseId transfer policy + * + * @return true if baseID transfer to service provider is allowed, otherwise false + */ + boolean isBaseIDTransferRestrication(); + + /** + * Identifier of the IDP that authenicates the user + * + * @return + */ + String getAuthenticationIssuer(); + + /** + * Timestamp of the authentication process + * + * @return + */ + Date getAuthenticationIssueInstant(); + + /** + * Get string formated timestamp of the authentication process + * + * @return + */ + String getAuthenticationIssueInstantString(); + + + /** + * Familyname of the user + * + * @return + */ + String getFamilyName(); + + /** + * Givenname of the user + * + * @return + */ + String getGivenName(); + + /** + * Date of birth of the user + * + * @return date of birth or null no data of birth is available + */ + Date getDateOfBirth(); + + /** + * String formated date of birth of the user with pattern yyyy-MM-dd + * + * + * @return date of birth or '2999-12-31' if no data of birth is available + */ + String getFormatedDateOfBirth(); + + /** + * Get the encrypted SourceId (vSZ) from new E-ID scheme + * + * @return + */ + String getEncryptedSourceId(); + + /** + * Get the type identifier of encrypted SourceId + * + * @return + */ + String getEncryptedSourceIdType(); + + /** + * Return LoA for this user authentication + * + * @return eIDAS LoA URI + */ + public String getEIDASQAALevel(); + + + /** + * Indicates that the user is a foreigner + * + * @return true if the user is foreigner, otherwise false + */ + boolean isForeigner(); + + /** + * Code of the citizen country of the authenticated user + * + * @return + */ + String getCiticenCountryCode(); + + + /** + * Indicate that the authentication was done by using an active single sign-on session + * + * @return true if it an SSO session was used, otherwise false + */ + boolean isSsoSession(); + + /** + * Date, up to which the SSO that was used for authentication is valid to + * + * @return + */ + Date getSsoSessionValidTo(); + + + /** + * SessionIndex, if it was an reauthentication on a service provider by using the same SSO session + * + * @return + */ + String getSessionIndex(); + + /** + * SAML2 NameID for the user + * + * @return + */ + String getNameID(); + + /** + * Format of the SAML2 NameID + * + * @return + */ + String getNameIDFormat(); + + + /** + * Get generic information for this authenticated user + * + * @param key Identifier for the generic data + * @param clazz Type of the generic data + * @return return the generic data of specific type, otherwise null + */ + public T getGenericData(String key, final Class clazz); + + + /** + * Get bPK of the user + * + * @return + */ + @Deprecated + String getBPK(); + + /** + * Get sector for user's bPK + * + * + * @return Sector identifier with prefix + */ + @Deprecated + String getBPKType(); + + + /** + * Get List of bPK/bPKType tuples for this service provider + * @return List of Pairs + */ + @Deprecated + List> getAdditionalbPKs(); + + /** + * Get baseId of this user + * + * @return + */ + @Deprecated + String getIdentificationValue(); + + /** + * Get type identifier of the baseId + * By default, this type is urn:publicid:gv.at:baseid + * + * @return + */ + @Deprecated + String getIdentificationType(); + + + /** + * Get the identityLink for the authenticated user + * + * @return IDL, or NULL if no IDL is available + */ + @Deprecated + IIdentityLink getIdentityLink(); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java new file mode 100644 index 00000000..2e67f2a8 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthenticationDataBuilder.java @@ -0,0 +1,38 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; + +public interface IAuthenticationDataBuilder { + + IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException; + + + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java new file mode 100644 index 00000000..7615f2d5 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IConfiguration.java @@ -0,0 +1,136 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.net.URI; +import java.net.URL; +import java.util.Map; +import java.util.Properties; + +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IConfiguration { + + public static final String CONFIG_PROPS_AUTH_DEFAULT_COUNTRYCODE = "configuration.auth.default.countrycode"; + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @return configuration value or null if it is not found + */ + public String getBasicConfiguration(final String key); + + + /** + * Get a configuration value from file based configuration + * + * @param key configuration key + * @param defaultValue Default value if no value with this key is found + * @return configuration value + */ + public String getBasicConfiguration(final String key, final String defaultValue); + + /** + * Get a set of configuration values from file based configuration that starts with this prefix + *

+ * Important: The configuration values must be of type String! + * + * @param prefix Prefix of the configuration key + * @return Map without prefix, but never null + */ + public Map getBasicMOAIDConfigurationWithPrefix(final String prefix); + + + /** + * Get a boolean value from basic MOA-ID configuration file + * + * @param key Configuration key + * @param defaultValue Default result + * @return returns the value of the configuration key, or the default value if the key is not set + */ + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue); + + /** + * Get a configuration entry for a specific Service Provider + * + * @param uniqueID Unique identifier of the Service Provider + * @return {@link ISPConfiguration} or null if no SP configuration was found + * @throws EAAFConfigurationException + */ + @Nullable + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) throws EAAFConfigurationException; + + + /** + * Get a configuration entry for a specific Service Provider that is decorated by a Object + * + * @param spIdentifier EntityID of a Service Provider + * @param decorator Decorator that should be used to decorate the result. + * This decorator has to be implement or extend the {@link ISPConfiguration} interface + * @return T or null if no SP configuration was found + * @throws EAAFConfigurationException + */ + @Nullable + public T getServiceProviderConfiguration(String spIdentifier, final Class decorator) throws EAAFConfigurationException; + + /** + * Get the full configuration properties object + * + * @return + */ + public Properties getFullConfigurationProperties(); + + /** + * Get the root directory of the configuration folder + * + * @return + */ + public URI getConfigurationRootDirectory(); + + + /** + * Get the path to EAAFCore configuration that is internally used + * + * @return + */ + public URI getConfigurationFilePath(); + + + /** + * Validate a URL if it it is allowed by configuration. + * + * @param authReqUrl URL for validation + * @return URL of the application context if the authReqUrl was valid, otherwise null + */ + public String validateIDPURL(URL authReqUrl) throws EAAFException; + + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java new file mode 100644 index 00000000..06aed047 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IModulInfo.java @@ -0,0 +1,99 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * Basic interface of an authentication protocol implementation on IDP side + * + * @author tlenz + * + */ +public interface IModulInfo { + + /** + * Name of this IDP authentication module + * + * @return + */ + public String getName(); + + /** + * Authentication protocol identifier for this module + * + * @return + */ + public String getAuthProtocolIdentifier(); + + /** + * Generates a protocol specific error message + * + * + * @param e Exception that contains the error message + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param protocolRequest incoming protocol request + * @return return true if a protocol specific error message was generated, otherwise false + * @throws Throwable + */ + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + /** + * additional validation of a incoming authentication request + * + * @param request httpRequest object from servlet container + * @param response httpResponse object from servlet container + * @param pending incoming protocol request + * @return return true if the incoming request is valid, otherwise false + */ + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java new file mode 100644 index 00000000..eab7af9b --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IPVPAttributeBuilder.java @@ -0,0 +1,33 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public interface IPVPAttributeBuilder extends PVPAttributeDefinitions, IAttributeBuilder { + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java new file mode 100644 index 00000000..9d92b713 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISPConfiguration.java @@ -0,0 +1,168 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp; + +import java.io.Serializable; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; + +public interface ISPConfiguration extends Serializable { + + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing"; + public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission"; + + public static final String CONFIG_KEY_RESTRICTIONS_EID_DEMO_MODE = "configuration.restrictions.eIDTestMode"; + + /** + * Get the full key/value configuration for this Service Provider + * + * @return an unmodifiable map of key/value pairs + */ + public Map getFullConfiguration(); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return The configuration value {String} or null if the key does not exist + */ + public String getConfigurationValue(String key); + + /** + * Get a configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return The configuration value {String} or defaultValue if the key does not exist + */ + public String getConfigurationValue(String key, String defaultValue); + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @return true / false, or null if the key does not exist + */ + public Boolean isConfigurationValue(String key); + + + /** + * Get a boolean configuration value from Service Provider key/value configuration + * + * @param key The key identifier of a configuration value + * @param defaultValue Default value if key does not exist + * @return true / false, or defaultValue if the key does not exist + */ + public boolean isConfigurationValue(String key, boolean defaultValue); + + /** + * Check if a configuration key is available in this Service Provider configuration + * + * @param key The key identifier of a configuration value + * @return true if the configuration key exists, otherwise false + */ + boolean containsConfigurationKey(String key); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getUniqueIdentifier(); + + /** + * Return the unique identifier of this Service Provider + * + * @return + */ + public String getFriendlyName(); + + /** + * Indicates if this service provider has private area restrictions that disallow baseId processing in general + * * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdInternalProcessingRestriction(); + + + /** + * Indicates if this service provider has private area restrictions that disallow baseId transfer to SP + * + * @return true if there is a restriction, otherwise false + */ + public boolean hasBaseIdTransferRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID processing restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.idpProcessing" + * + * @return + */ + public List getTargetsWithNoBaseIdInternalProcessingRestriction(); + + /** + * Get the {@link List} of identifier's that indicates no baseID transfer restriction exists.
+ * This list can be configured by key: "configuration.restrictions.baseID.spTransmission" + * + * @return + */ + public List getTargetsWithNoBaseIdTransferRestriction(); + + /** + * Get the List eIDAS LoA that are required by this service provider + * + * {@link EAAFConstants.EIDAS_LOA_LOW} + * {@link EAAFConstants.EIDAS_LOA_SUBSTANTIAL} + * {@link EAAFConstants.EIDAS_LOA_HIGH} + * or any other non-notified LoA scheme + * + * @return return List of eIDAS LoAs + */ + public List getRequiredLoA(); + + /** + * Get required matching mode for LoAs + * {@link EIDAS_LOA_MATCHING_MINIMUM} + * {@link EIDAS_LOA_MATCHING_EXACT} + * + * @return + */ + public String getLoAMatchingMode(); + + + /** + * Get the full area-identifier for this service provider to calculate the + * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). + * This identifier always contains the full prefix + * + * @return area identifier with prefix + */ + public String getAreaSpecificTargetIdentifier(); + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java new file mode 100644 index 00000000..4381211d --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java @@ -0,0 +1,94 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IAuthenticationManager { + + public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = 4003; + public static int EVENT_AUTHENTICATION_PROCESS_STARTED = 4000; + public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = 4001; + public static int EVENT_AUTHENTICATION_PROCESS_ERROR = 4002; + + + /** + * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http parameter name, but never null + */ + void addParameterNameToWhiteList(String httpReqParam); + + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + void addHeaderNameToWhiteList(String httpReqParam); + + + /** + * Starts an authentication process for a specific pending request + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq Pending request for that an authentication is required + * @return true if the pending request is already authenticated, otherwise false + * @throws EAAFException + */ + boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws EAAFException; + + /** + * Close an active authenticated session on IDP side + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + */ + void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq); + + + /** + * Close an active authenticated session on IDP side and get a list authenticated service providers + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + * @param internalSSOId internal SSO session identifier + * @return A container that contains all active SP sessions + * @throws EAAFException + */ + ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException; + + +} \ No newline at end of file diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java new file mode 100644 index 00000000..5481fd52 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java @@ -0,0 +1,130 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; + +public interface ISSOManager { + + //TODO + public static int EVENT_SSO_SESSION_INVALID = -1; + public static int EVENT_SSO_SESSION_VALID = -1; + + + public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; + + + /** + * Check if there is an active and valid SSO session for the current pending request. + *
+ * If there is an active SSO session, the pending request will be populated with eID information from SSO session + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @param httpResp http Servlet response + * @return true if there is a valid SSO session, otherwise false + * @throws EAAFSSOException + */ + public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException; + + /** + * Populate service provider specific SSO settings + * + * Check if Single Sign-On is allowed for the current pending request and the requested service provider + * Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + */ + public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq); + + + /** + * Populate the current pending request with eID information from an existing SSO session + * + * @param pendingReq pending request that should be populated by SSO session + * @throws EAAFSSOException if pending request contains no SSO information or population failed + */ + public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException; + + + /** + * Destroy an active SSO session on IDP site only + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq + * @return true if a SSO session was closed successfully, otherwise false + * @throws EAAFSSOException in case of an internal processing error + */ + public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException; + + + + /** + * Create a new SSO session-cookie for a specific pendingRequest and add it into http response + * + * @param req http Request + * @param resp http Response + * @param pendingReq Current open PendingRequest + * @return new created SSO identifier + * @throws EAAFSSOException + */ + public String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException; + + + /** + * Create a new SSO session in database + * + * @param pendingReq + * @param newSSOSessionId + * @throws EAAFSSOException + */ + public void createNewSSOSession(IRequest pendingReq, String newSSOSessionId) throws EAAFSSOException; + + + /** + * Updateing an existing SSO session in database + * + * @param pendingReq + * @param newSSOSessionId + * @param sloInformation + * @throws EAAFSSOException + */ + public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; + + + + + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java new file mode 100644 index 00000000..17ec6445 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -0,0 +1,185 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.util.Date; +import java.util.Map; + +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; + +public interface IAuthProcessDataContainer { + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * Indicate if the authentication process is finished + * + * @return + */ + boolean isAuthenticated(); + + /** + * Mark the authentication as authenticated, which means that the authenication process is completed + * + * @param authenticated + */ + void setAuthenticated(boolean authenticated); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + @Deprecated + IIdentityLink getIdentityLink(); + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + @Deprecated + void setIdentityLink(IIdentityLink identityLink); + + + /** + * Flag marks the authentication process as new E-ID process + * + * @return true if E-ID process, otherwise false + */ + boolean isEIDProcess(); + + + /** + * Set the flag to make the process as new E-ID process + * + * @param value true if new E-ID process, otherwise false + */ + void setEIDProcess(boolean value); + + /** + * Indicate that mandates was used in this auth. process + * + * @return + */ + boolean isMandateUsed(); + + /** + * Mark that mandates was used in this auth. process + * + * @param useMandates + */ + void setUseMandates(boolean useMandates); + + /** + * Indicate that the auth. process was performed by a foreigner + * + * @return + */ + boolean isForeigner(); + + /** + * Mark that the auth. process was done by a foreigner + * + * @param isForeigner + */ + void setForeigner(boolean isForeigner); + + /** + * Indicate that the auth. process was performed by an official representatives + * + * @return is official representatives + */ + boolean isOW(); + + /** + * Mark that the auth. process was done by an official representatives + * + */ + void setOW(boolean isOW); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + T getGenericDataFromSession(String key, Class clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface + * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage + */ + void setGenericDataToSession(String key, Object object) throws EAAFStorageException; +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java new file mode 100644 index 00000000..df71b30a --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -0,0 +1,182 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface IIdentityLink { + + /** + * Returns the dateOfBirth. + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * @return String + */ + String getGivenName(); + + /** + * Return the name as 'givenName + " " + familyName'
+ * This method should be used any more. Use getFamilyName() and getGivenName() separately. + * + * @return The name. + */ + @Deprecated + String getName(); + + /** + * Returns the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. + * "identificationType" type of the identificationValue in the IdentityLink. + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. + * "identificationValue" is the translation of "Stammzahl". + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +} \ No newline at end of file diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java new file mode 100644 index 00000000..16df7231 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java @@ -0,0 +1,67 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.modules; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; + +/** + * Provides metadata of a certain module. Uses for module discovery and process selection. + */ +public interface AuthModule { + + /** + * Returns the priority of the module. The priority defines the order of the respective module within the chain of + * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can + * handle. + *

+ * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE}) + * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put + * your modules behind default modules. + * + * @return the priority of the module. + */ + int getPriority(); + + /** + * Selects a process (description), referenced by its unique id, which is able to perform authentication with the + * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within + * this module. + * + * @param context + * an ExecutionContext for a process. + * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}. + */ + String selectProcess(ExecutionContext context); + + /** + * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. + * + * @return an array of resource uris of the processes included in this module. + */ + String[] getProcessDefinitions(); + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java new file mode 100644 index 00000000..de5eb036 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java @@ -0,0 +1,89 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.auth.services; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; + +public interface IProtocolAuthenticationService { + + public String PARAM_GUI_ERROMSG = "errorMsg"; + public String PARAM_GUI_ERRORCODE = "errorCode"; + public String PARAM_GUI_ERRORCODEPARAMS = "errorParams"; + public String PARAM_GUI_ERRORSTACKTRACE = "stacktrace"; + + + /** + * Initialize an authentication process for this protocol request + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws IOException + * @throws EAAFException + */ + void performAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) + throws IOException, EAAFException; + + /** + * Finalize the requested protocol operation + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param protocolRequest Authentication request which is actually in process + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EAAFException If an internal error occur + */ + void finalizeAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFException, IOException; + + /** + * @param throwable Exception that should be handled + * @param req Current open http request as {@link HttpServletRequest} + * @param resp Current open http response as {@link HttpServletResponse} + * @param pendingReq Authentication request which is actually in process + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EAAFException If an internal error occur + */ + void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq) throws IOException, EAAFException; + + /** + * Handles all exceptions with no pending request. + * Therefore, the error is written to the users browser + * + * @param throwable Exception that should be handled + * @param req Current open http request as {@link HttpServletRequest} + * @param resp Current open http response as {@link HttpServletResponse} + * @param writeExceptionToStatisticLog if true, the exception get logged into {@link IStatisticLogger} + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EAAFException If an internal error occure + */ + void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException, EAAFException; + +} \ No newline at end of file diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java new file mode 100644 index 00000000..38a66d4c --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/process/ExecutionContext.java @@ -0,0 +1,89 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +package at.gv.egiz.eaaf.core.api.idp.process; + +import java.io.Serializable; +import java.util.Set; + +/** + * Encapsulates data needed for or provided by task execution. + * + * @author tknall + * + */ +public interface ExecutionContext extends Serializable { + + /** + * Returns the identifier of underlying process instance. + * + * @return The identifier of the process instance. + */ + String getProcessInstanceId(); + + /** + * Sets the identifier of underlying process instance. + * + * @param processInstanceId + * The identifier of the process instance. + */ + void setProcessInstanceId(String processInstanceId); + + /** + * Stores a serializable object using {@code key}. + * + * @param key + * The key under that the {@code object} should be stored. + * @param object The object to be stored. + */ + void put(String key, Serializable object); + + /** + * Returns an serializable object stored within this process context using {@code key}. + * + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself + * was {@code null}. + */ + Serializable get(String key); + + /** + * Removes the object stored using {@code key}. + * @param key + * The key that has been used to store the serializable object (may be {@code null}). + * @return The object that has been removed or {@code null} there was no object stored using {@code key}. + */ + Serializable remove(String key); + + /** + * Returns an unmodifiable set containing the stored keys. + * + * @return The keyset (never {@code null}). + */ + Set keySet(); + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java new file mode 100644 index 00000000..419765c4 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/ISLOInformationContainer.java @@ -0,0 +1,93 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +import java.io.Serializable; +import java.util.Iterator; +import java.util.List; +import java.util.Map.Entry; +import java.util.Set; + +import at.gv.egiz.eaaf.core.api.IRequest; + +/** + * @author tlenz + * + */ +public interface ISLOInformationContainer extends Serializable { + + boolean hasFrontChannelOA(); + + Set> getFrontChannelOASessionDescriptions(); + + void removeFrontChannelOA(String oaID); + + Iterator getNextBackChannelOA(); + + SLOInformationInterface getBackChannelOASessionDescripten(String oaID); + + void removeBackChannelOA(String oaID); + + /** + * @return the sloRequest + */ + IRequest getSloRequest(); + + /** + * @param sloRequest the sloRequest to set + */ + void setSloRequest(IRequest sloRequest); + + /** + * @return the sloFailedOAs + */ + List getSloFailedOAs(); + + void putFailedOA(String oaID); + + public String getTransactionID(); + + public String getSessionID(); +} \ No newline at end of file diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java new file mode 100644 index 00000000..f17745f3 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/slo/SLOInformationInterface.java @@ -0,0 +1,104 @@ +/******************************************************************************* + * Copyright 2017 Graz University of Technology + * EAAF-Core Components has been developed in a cooperation between EGIZ, + * A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/******************************************************************************* + *******************************************************************************/ +/** + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.eaaf.core.api.idp.slo; + +/** + * @author tlenz + * + */ +public interface SLOInformationInterface{ + + + /** + * get AssertionID which was used for Service Provider Single LogOut request + * + * @return + * SessionID (SessionIndex in case of SAML2) + */ + public String getSessionIndex(); + + /** + * get user identifier which was used + * + * @return + * bPK / wbPK (nameID in case of SAML2) + */ + public String getUserNameIdentifier(); + + + /** + * get protocol type which was used for authentication + * + * @return + * return authentication protocol type + */ + public String getProtocolType(); + + /** + * @return + */ + public String getUserNameIDFormat(); + + /** + * Get the unique entityID of this Service-Provider + * + * @return unique identifier, but never null + */ + public String getSpEntityID(); + + public String getAuthURL(); + + public String getServiceURL(); + + public String getBinding(); + + public void setUserNameIdentifier(String subjectNameId); + + public void setNameIDFormat(String format); + + public void setSessionIndex(String sessionIndex); + + +} -- cgit v1.2.3