1 files changed, 144 insertions, 40 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 684c6630a..f4f89a4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse;
 import org.hibernate.Query;
 import org.hibernate.Session;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class SSOManager {
 	
 	private static final String SSOCOOKIE = "MOA_ID_SSO";
+	private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
 	
 	private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
 	
+	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+	
 	private static SSOManager instance = null;
 	private static int sso_timeout;
 	
@@ -68,7 +75,46 @@ public class SSOManager {
 		return instance;
 	}
 	
-	public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IRequest protocolRequest) {
+		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
+
+		if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
+			Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+			
+		}
+		
+		if (protocolRequest instanceof RequestImpl) {						
+			//check if IDP is requested									
+			RequestImpl moaReq = (RequestImpl) protocolRequest;
+			if (MiscUtil.isNotEmpty(interIDP)) {
+				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
+				moaReq.setRequestedIDP(interIDP);
+				
+			} else {
+				//check if IDP cookie is set
+				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+				if (MiscUtil.isNotEmpty(cookie)) {
+					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
+					moaReq.setRequestedIDP(cookie);
+				
+					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
+				}				
+			}
+						
+		} else {
+			Logger.warn("Request is not of type RequestImpl");
+			
+		}		
+	}
+	
+	public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
+		setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+		
+	}
+	
+	
+	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
 		
 		// search SSO Session
 		if (ssoSessionID == null) {
@@ -76,15 +122,43 @@ public class SSOManager {
 			return false;
 		}
 		
-		// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
-		// AuthenticationManager.MOA_SESSION, null);
+		AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
 		
-		return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+		if (storedSession == null)
+			return false;
+		
+		else {
+			if (protocolRequest != null && 
+					protocolRequest instanceof RequestImpl &&
+					storedSession.isInterfederatedSSOSession() &&
+					!storedSession.isAuthenticated()) {
+
+				if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
+					InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+
+					if (selectedIDP != null) {				
+						//no local SSO session exist -> request interfederated IDP
+						((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+						
+					} else {
+						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+						MOASessionDBUtils.delete(storedSession);
+					
+					}
+				}
+				
+				return false;
+									 				
+			}
+						
+			return true;
+		}
 		
 	}
 	
 	public String getMOASession(String ssoSessionID) {
-		return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+		return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+		
 	}
 	
 	public String existsOldSSOSession(String ssoId) {
@@ -95,24 +169,10 @@ public class SSOManager {
 		List<OldSSOSessionIDStore> result;
 		
 		synchronized (session) {
-			
-//			try {
-//				session.getTransaction().rollback();
-//			}
-//			catch (Exception e) {
-//				e.printStackTrace();
-//			}
-//			try {
-//				session.getSessionFactory().openSession();
-//			}
-//			catch (Exception e) {
-//				e.printStackTrace();
-//			}
-			// session.getTransaction().begin();
-			
+						
 			session.beginTransaction();
 			Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
-			query.setString("sessionid", ssoId);
+			query.setParameter("sessionid", ssoId);
 			result = query.list();
 			
 			// send transaction
@@ -156,22 +216,58 @@ public class SSOManager {
 		return newSSOId;
 		
 	}
-	
+
 	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
-		Cookie[] cookies = httpReq.getCookies();
+		setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout);
 		
-		if (cookies != null) {
-			deleteSSOSessionID(httpReq, httpResp);
-		}
+	}
 		
-		Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
-		cookie.setMaxAge(sso_timeout);
-		cookie.setSecure(true);
-		cookie.setPath(httpReq.getContextPath());
-		httpResp.addCookie(cookie);
+	public String getSSOSessionID(HttpServletRequest httpReq) {
+		return getValueFromCookie(httpReq, SSOCOOKIE);
+		
+	}
+		
+	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		deleteCookie(httpReq, httpResp, SSOCOOKIE);
 	}
 	
-	public String getSSOSessionID(HttpServletRequest httpReq) {
+	/**
+	 * @param entityID
+	 * @param request
+	 */
+	public boolean removeInterfederatedSSOIDP(String entityID,
+			HttpServletRequest request) {
+		
+		String ssoSessionID = getSSOSessionID(request);
+		
+		if (MiscUtil.isNotEmpty(ssoSessionID)) {
+			
+			AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+			
+			if (storedSession == null)
+				return false;
+			
+			InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+
+			if (selectedIDP != null) {				
+				//no local SSO session exist -> request interfederated IDP
+				Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix() 
+						+ " from MOASession " + storedSession.getSessionid());
+				MOASessionDBUtils.delete(selectedIDP);
+				
+			} else {
+				Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
+				
+			}
+			
+			return true;
+			
+		} else
+			return false;
+		
+	}
+	
+	private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
 		Cookie[] cookies = httpReq.getCookies();
 		
 		if (cookies != null) {
@@ -181,7 +277,7 @@ public class SSOManager {
 				// (firefox)
 				// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
 				
-				if (cookie.getName().equals(SSOCOOKIE)) {
+				if (cookie.getName().equals(cookieName)) {
 					return cookie.getValue();
 				}
 			}
@@ -189,13 +285,21 @@ public class SSOManager {
 		return null;
 	}
 	
-	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		Cookie[] cookies = httpReq.getCookies();
+	private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, 
+			String cookieName, String cookieValue, int maxAge) {
 		
-		if (cookies != null) {
-			for (Cookie cookie : cookies) {
-				if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
-			}
-		}
+		Cookie cookie = new Cookie(cookieName, cookieValue);
+		cookie.setMaxAge(maxAge);
+		cookie.setSecure(true);
+		
+		//TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+		cookie.setPath(httpReq.getContextPath());
+		
+		httpResp.addCookie(cookie);
+	}
+	
+	private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+		setCookie(httpReq, httpResp, cookieName, "", 1);
 	}
+
 }