SSO Nachtragbefore_ConfigDB

1 files changed, 182 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
new file mode 100644
index 000000000..d55482e95
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.List;
+import java.util.Set;
+
+import iaik.util.logging.Log;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class SSOManager {
+	
+	private static final String SSOCOOKIE = "MOA_ID_SSO";
+	
+	private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
+	
+	private static SSOManager instance = null;
+	private static int sso_timeout;
+	
+	
+	public static SSOManager getInstance() {
+		if (instance == null) {
+			instance = new SSOManager();
+			
+			//TODO: move to config based timeout!
+			sso_timeout = DEFAULTSSOTIMEOUT;		
+		}
+		
+		return instance;
+	}
+	
+	public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+				
+		//search SSO Session
+		if (ssoSessionID == null) {
+			Logger.info("No SSO Session cookie found.");
+			return false;		
+		}
+		
+		String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+				AuthenticationManager.MOA_SESSION, null);
+		return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId);	
+		
+	}
+	
+	public String existsOldSSOSession(String ssoId) {
+		
+		  Logger.trace("Check that the SSOID has already been used");
+		  Session session = HibernateUtil.getCurrentSession();
+		  
+		  List<OldSSOSessionIDStore> result;
+		  
+		  synchronized (session) {
+			  session.beginTransaction();
+			  Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
+			  query.setString("sessionid", ssoId);
+			  result = query.list();
+			  
+			  //send transaction
+			  
+		  }
+		  
+		  Logger.trace("Found entries: " + result.size());
+		  
+		  //Assertion requires an unique artifact
+		  if (result.size() == 0) {
+			  session.getTransaction().commit();
+			  return null;  
+		  }
+		  
+		  OldSSOSessionIDStore oldSSOSession = result.get(0);
+		  
+		  AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
+
+		  if (correspondingMoaSession == null) {
+				Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
+				//TODO: ist der OldSSOSessionStore zum Aufräumen?
+				return null;
+		  }
+		  
+		  
+		  String moasessionid = correspondingMoaSession.getSessionid();
+		  
+		  session.getTransaction().commit();
+			
+		  return moasessionid;
+
+	}
+	
+	public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+		
+		//TODO: use secure random number generation!!!!!
+		String newSSOId = Random.nextRandom();
+		
+		
+		System.out.println("generate new SSO Tokken (" + newSSOId + ")");
+		
+		if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
+			Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!");
+			return null;
+		}
+		
+		try {
+			AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
+			
+			return newSSOId;			
+			
+		} catch (AuthenticationException e) {
+			Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
+			return null;
+		}
+	}
+	
+	
+	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
+		Cookie[] cookies = httpReq.getCookies();
+		
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (cookie.getName().equals(SSOCOOKIE)) {
+					cookie.setValue(ssoId);
+					cookie.setMaxAge(sso_timeout);
+					cookie.setSecure(true);
+					httpResp.addCookie(cookie);
+					return;
+				}
+			}
+			
+		}
+		Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
+		cookie.setMaxAge(sso_timeout);
+		cookie.setSecure(true);
+		httpResp.addCookie(cookie);
+		return;
+		
+	}
+		
+	
+	
+	public String getSSOSessionID(HttpServletRequest httpReq) {
+	Cookie[] cookies = httpReq.getCookies();
+		
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				
+				//TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) 
+				//if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+				
+				if (cookie.getName().equals(SSOCOOKIE)) {
+					return cookie.getValue();
+				}
+			}
+		}
+		return null;
+	}
+	
+	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		Cookie[] cookies = httpReq.getCookies();		
+				
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				if (!cookie.getName().equals(SSOCOOKIE))	
+					httpResp.addCookie(cookie);
+			}
+		}
+	}
+}
+