more refactoring staff

1 files changed, 189 insertions, 3 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 718f730b0..bded1943b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -33,12 +33,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -46,12 +54,15 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("MOAID_SSOManager")
-public class SSOManager {	
+public class SSOManager implements ISSOManager {	
+	
 	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
 	private static final String HTMLTEMPLATEFULL = "slo_template.html";
 	public static String CONTEXTPATH = "contextPath";
@@ -62,9 +73,160 @@ public class SSOManager {
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
-	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private AuthConfiguration authConfig;
+	@Autowired private IRevisionLogger revisionsLogger;
+	
+	
 	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
+	
+	public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException {
+		try {
+			//get SSO cookie from http request
+			String ssoId = getSSOSessionID(httpReq);
+		
+			//check if interfederation IDP is requested
+			checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
+			
+			//check if SSO session cookie is already used
+			if (ssoId != null) {
+				String correspondingMOASession = existsOldSSOSession(ssoId);
+				
+				if (correspondingMOASession != null) {
+					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+					
+					revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_INVALID);
+					
+					//destroy internal SSO-session object and SSO-session cooky
+					authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
+					deleteSSOSessionID(httpReq, httpResp);
+				}
+			}
+
+			//check if SSO Session is valid
+			boolean isSSOValid = isValidSSOSession(ssoId, pendingReq);
+						
+			if (isSSOValid)
+				pendingReq.setSSOSessionIdentifier(ssoId);
+			
+			return isSSOValid;
+						
+			
+		} catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+			Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
+			Logger.info("All SSO session will be ignored.");
+			
+		}
+		
+		return false;
+				
+	}
+	
+	
+	
+	public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) {
+		// check if Service-Provider allows SSO sessions
+		IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+		boolean useSSOOA = oaConfig.useSSO() || oaConfig.isInderfederationIDP();		
+				
+		//if a legacy request is used SSO should not be allowed in case of mandate authentication
+		boolean isUseMandateRequested = false;
+		try {
+			isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
+
+			//check if SSO is allowed for the actually executed request
+			//INFO: Actually, useMandate disables SSO functionality!!!!!
+			pendingReq.setNeedSingleSignOnFunctionality((useSSOOA  && !isUseMandateRequested));
+			
+			//check if current service provider needs user consent for SSO
+			pendingReq.setNeedUserConsent(oaConfig.useSSOQuestion());
+						
+		} catch (WrongParametersException e) {
+			Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage());
+			
+		}
+		
+	}
+	
+	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {				
+		//populate pending request with eID data from SSO session if no userConsent is required
+		try {
+			AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+			
+			if (ssoMOASession == null)
+				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
+			
+			else {
+				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
+				revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
+				
+				Logger.trace("Populatint pending request with SSO session information .... ");						
+				pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+				pendingReq.setAuthenticated(true);
+							
+			}
+			
+		} catch (EAAFStorageException e) {
+			Logger.warn("Can NOT populate pending request from SSO session.", e);
+			throw new EAAFSSOException("", new Object[] {},
+					"Can NOT populate pending request from SSO session", e);
+			
+		}
+
+	}
+	
+	
+	@Override
+	public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException {
+		//get SSO token from request
+		String ssoid = null;
+		if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getSSOSessionIdentifier())) {
+			ssoid = pendingReq.getSSOSessionIdentifier();
+			
+		} else {
+			ssoid = getSSOSessionID(httpReq);
+			
+		}
+		try {
+			if (isValidSSOSession(ssoid, null)) {
+		
+				//delete SSO session and MOA session
+				AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+		
+				if (ssoSession == null) {
+					Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+					return false;
+				
+				}
+			
+													
+				ssoSession.setAuthenticated(false);
+
+				//log Session_Destroy to reversionslog
+				AuthenticationSessionExtensions sessionExtensions = 
+						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+				authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+			}
+			
+		} catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+			Logger.info("NO MOA Authentication data for ID " + ssoid);
+			return false;
+			
+		}
+
+
+		//Remove SSO token
+		deleteSSOSessionID(httpReq, httpResp);
+				
+		return true;
+		
+	}
+	
+	
+	//*********************************** old **************************************
+	
 	/**
 	 * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
 	 * Set the requested interfederation IDP as attribte of the {protocolRequest}
@@ -209,7 +371,7 @@ public class SSOManager {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
 				AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
 				if (moaSession != null) {
-					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
@@ -336,4 +498,28 @@ public class SSOManager {
 		setCookie(httpReq, httpResp, cookieName, "", 0);
 	}
 
+
+
+	@Override
+	public void createNewSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		
+	}
+
+
+
+	@Override
+	public String createNewSSOSessionCookie(HttpServletRequest arg0, HttpServletResponse arg1, IRequest arg2)
+			throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+	@Override
+	public void updateSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		
+	}
+
 }