update SSO session-transfer modul

4 files changed, 46 insertions, 248 deletions

diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
deleted file mode 100644
index 0bc4a4839..000000000
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Date;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.VelocityContext;
-
-import com.google.gson.JsonObject;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.MiscUtil;
-import net.glxn.qrgen.QRCode;
-import net.glxn.qrgen.image.ImageType;
-
-
-
-/**
- * @author tlenz
- *
- */
-@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession")
-public class SSOTransferGUIServlet extends AuthServlet {
-
-	private static final long serialVersionUID = 3974201828186450839L;
-
-	public SSOTransferGUIServlet() {
-		super();
-		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'.");
-	}
-
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		super.doGet(req, resp);
-		
-		//search SSO session
-		SSOManager ssomanager = SSOManager.getInstance();		
-		String ssoid = ssomanager.getSSOSessionID(req);
-		
-		VelocityContext context = new VelocityContext();
-		
-		try {
-			if (ssomanager.isValidSSOSession(ssoid, null)) {
-				Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		
-				if (createQRObj != null && createQRObj instanceof Integer) {
-					
-					
-					
-				} else {
-					//create first step of SSO Transfer GUI
-					String authURL = HTTPUtils.extractAuthURLFromRequest(req);
-					if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
-							contains(authURL)) {						
-						Logger.warn("Requested URL is not allowed.");;
-						resp.sendError(500, "Requested URL is not allowed.");
-						
-					}
-					
-					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
-					if (MiscUtil.isNotEmpty(moaSessionID)) {					
-						AuthenticationSession authSession = AuthenticationSessionStoreage
-								.getSession(moaSessionID);
-						if(authSession != null) {
-							Date now = new Date();
-							String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now);
-							
-							String token = Random.nextRandom();
-							AssertionStorage.getInstance().put(token, encodedSSOContainer);
-							
-							String containerURL = authURL
-									+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
-									+ "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
-							
-							JsonObject qrResult = new JsonObject();
-							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
-									SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
-							qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
-
-							ByteArrayOutputStream qrStream = 
-									QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
-							String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							
-							context.put("QRImage", base64EncodedImage);
-							
-							context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
-							
-							GUIUtils.printSSOTransferGUI(context, resp);
-							
-						}
-					}
-				}
-								
-			} else {
-				context.put("errorMsg", 
-						"No active Single Sign-On session found! SSO Session transfer is not possible.");
-				GUIUtils.printSSOTransferGUI(context, resp);
-			}
-			
-		} catch (MOAIDException | MOADatabaseException e) {
-			e.printStackTrace();
-			resp.sendError(500, e.getMessage());
-		
-		}
-							
-	}
-	
-	
-}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index b53916338..0b3bd892a 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -27,11 +27,15 @@ import java.io.IOException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -53,4 +57,45 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
 		signalProcessManagement(req, resp);
 
 	}
+	
+	@Override
+	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
+		
+		try {	
+			if (pendingRequestID == null) {
+				throw new IllegalStateException("Unable to determine MOA pending-request id.");
+			}
+			
+			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+				
+			}
+						
+			//add transactionID and unique sessionID to Logger
+			TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
+			TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
+			
+			// process instance is mandatory
+			if (pendingReq.getProcessInstanceId() == null) {
+				throw new IllegalStateException("MOA session does not provide process instance id.");
+			}
+
+			// wake up next task
+			processEngine.signal(pendingReq);
+			
+		} catch (Exception ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} finally {
+			//MOASessionDBUtils.closeSession();
+			TransactionIDUtils.removeTransactionId();
+			TransactionIDUtils.removeSessionId();
+			
+		}
+		
+		
+	}
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
deleted file mode 100644
index 8ea15f985..000000000
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession")
-public class TransferToSmartPhoneServlet extends AuthServlet {
-
-	private static final long serialVersionUID = 4323605569040872262L;
-	
-	private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes
-	
-	public TransferToSmartPhoneServlet() {
-		super();
-		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'.");
-	}
-	
-	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			throws ServletException, IOException {
-		super.doGet(req, resp);
-	
-		Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);		
-		if (tokenObj != null && tokenObj instanceof String) {
-			String token = (String)tokenObj;
-			try {						
-				String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut);
-				if (MiscUtil.isNotEmpty(signedEncSession)) {
-					resp.setContentType("text/html;charset=UTF-8");
-					PrintWriter out = new PrintWriter(resp.getOutputStream()); 
-					out.print(signedEncSession);
-					out.flush(); 
-					
-				} else {
-					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
-							token + ", which references an empty data object.");
-					resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object.");
-					
-				}
-												
-			} catch (MOADatabaseException e) {
-				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
-						token + ", which is UNKNOWN.");
-				resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:");
-				
-				
-			} catch (AuthenticationException e) {
-				Logger.info("Servlet " + getClass().getName() + " receive a token:" +
-						token + ", which has a timeout.");
-				resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more.");
-				
-			}
-		
-		} else {
-			Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
-			resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid.");
-			
-		}
-		
-	}
-
-}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 6ba29fe3a..1d37b916c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -131,6 +131,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 					}
 			    		
 			    	executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
+			    	executionContext.put("sessionRestoreFinished", false);	
 			    					    				    	
 			    } else {
 			    	Logger.info("Received SSO session-data is from IDP: " + entityID