diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java | 266 |
1 files changed, 130 insertions, 136 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java index 424c4431..40cbdeb0 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/AbstractMetadataSignatureFilter.java @@ -1,35 +1,30 @@ -/******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; import java.util.ArrayList; import java.util.Iterator; import java.util.List; - +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataFilter; @@ -37,118 +32,117 @@ import org.opensaml.xml.XMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import at.gv.egiz.eaaf.core.exceptions.EAAFException; -import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; - public abstract class AbstractMetadataSignatureFilter implements MetadataFilter { - private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class); - - public void doFilter(XMLObject metadata) throws SignatureValidationException { - try { - if (metadata instanceof EntitiesDescriptor) { - EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; - if(entitiesDescriptor.getSignature() == null) { - throw new PVP2MetadataException("pvp2.26", - new Object[] {"Root element of metadata file has to be signed"}); - } - processEntitiesDescriptor(entitiesDescriptor); - - - if (entitiesDescriptor.getEntityDescriptors().size() == 0) { - throw new PVP2MetadataException("pvp2.26", - new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()}); - } - - - } else if (metadata instanceof EntityDescriptor) { - EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; - processEntityDescriptorr(entityDescriptor); - - } else - throw new PVP2MetadataException("pvp2.26", - new Object[] {"Invalid Metadata file Root element is unknown"}); - - - - log.info("Metadata signature policy check done OK"); - } catch (EAAFException e) { - log.warn("Metadata signature policy check FAILED.", e); - throw new SignatureValidationException(e); - - } - } - - /** - * Signature verification of a SAML2 EntityDescriptor element - * - * @param desc - * @throws PVP2MetadataException if the signature is not valid or can not verified - */ - protected abstract void verify(EntityDescriptor desc) throws PVP2MetadataException; - - /** - * Signature verification of a SAML2 EntitiesDescriptor element - * - * @param desc - * @throws PVP2MetadataException if the signature is not valid or can not verified - */ - protected abstract void verify(EntitiesDescriptor desc) throws PVP2MetadataException; - - /** - * Verify a EntityDescriptor element of an EntitiesDescriptor - * - * @param entity EntityDescriptor to verify - * @param desc Full EntitiesDescriptor that contains the EntityDescriptor - * @throws PVP2MetadataException - */ - protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) throws PVP2MetadataException; - - - private void processEntityDescriptorr(EntityDescriptor desc) throws EAAFException { - verify(desc); - - } - - private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException { - Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); - - if(desc.getSignature() != null) { - verify(desc); - - } - - while(entID.hasNext()) { - processEntitiesDescriptor(entID.next()); - } - - Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); - List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>(); - - //check every Entity - while(entIT.hasNext()) { - EntityDescriptor entity = entIT.next(); - log.debug("Validate metadata for entityID: " + entity.getEntityID() + " ..... "); - try { - verify(entity, desc); - - //add entity to verified entity-list - verifiedEntIT.add(entity); - log.debug("Metadata for entityID: " + entity.getEntityID() + " valid"); - - - } catch (Exception e) { - //remove entity of signature can not be verified. - log.info("Entity " + entity.getEntityID() + " is removed from metadata " - + desc.getName() + ". Entity verification error: " + e.getMessage()); - - } - - } - - //set only verified entity elements - desc.getEntityDescriptors().clear(); - desc.getEntityDescriptors().addAll(verifiedEntIT); - } + private static final Logger log = LoggerFactory.getLogger(AbstractMetadataSignatureFilter.class); + + @Override + public void doFilter(final XMLObject metadata) throws SignatureValidationException { + try { + if (metadata instanceof EntitiesDescriptor) { + final EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if (entitiesDescriptor.getSignature() == null) { + throw new Pvp2MetadataException("pvp2.26", + new Object[] {"Root element of metadata file has to be signed"}); + } + processEntitiesDescriptor(entitiesDescriptor); + + + if (entitiesDescriptor.getEntityDescriptors().size() == 0) { + throw new Pvp2MetadataException("pvp2.26", + new Object[] {"No valid entity in metadata " + entitiesDescriptor.getName()}); + } + + + } else if (metadata instanceof EntityDescriptor) { + final EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; + processEntityDescriptorr(entityDescriptor); + + } else { + throw new Pvp2MetadataException("pvp2.26", + new Object[] {"Invalid Metadata file Root element is unknown"}); + } + + + + log.info("Metadata signature policy check done OK"); + } catch (final EaafException e) { + log.warn("Metadata signature policy check FAILED.", e); + throw new SignatureValidationException(e); + + } + } + + /** + * Signature verification of a SAML2 EntityDescriptor element. + * + * @param desc EntityDescriptor + * @throws Pvp2MetadataException if the signature is not valid or can not verified + */ + protected abstract void verify(EntityDescriptor desc) throws Pvp2MetadataException; + + /** + * Signature verification of a SAML2 EntitiesDescriptor element. + * + * @param desc EntitiesDescriptor + * @throws Pvp2MetadataException if the signature is not valid or can not verified + */ + protected abstract void verify(EntitiesDescriptor desc) throws Pvp2MetadataException; + + /** + * Verify a EntityDescriptor element of an EntitiesDescriptor. + * + * @param entity EntityDescriptor to verify + * @param desc Full EntitiesDescriptor that contains the EntityDescriptor + * @throws Pvp2MetadataException In case of an verification error + */ + protected abstract void verify(EntityDescriptor entity, EntitiesDescriptor desc) + throws Pvp2MetadataException; + + + private void processEntityDescriptorr(final EntityDescriptor desc) throws EaafException { + verify(desc); + + } + + private void processEntitiesDescriptor(final EntitiesDescriptor desc) throws EaafException { + final Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if (desc.getSignature() != null) { + verify(desc); + + } + + while (entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + final Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + final List<EntityDescriptor> verifiedEntIT = new ArrayList<>(); + + // check every Entity + while (entIT.hasNext()) { + final EntityDescriptor entity = entIT.next(); + log.debug("Validate metadata for entityID: " + entity.getEntityID() + " ..... "); + try { + verify(entity, desc); + + // add entity to verified entity-list + verifiedEntIT.add(entity); + log.debug("Metadata for entityID: " + entity.getEntityID() + " valid"); + + + } catch (final Exception e) { + // remove entity of signature can not be verified. + log.info("Entity " + entity.getEntityID() + " is removed from metadata " + desc.getName() + + ". Entity verification error: " + e.getMessage()); + + } + + } + + // set only verified entity elements + desc.getEntityDescriptors().clear(); + desc.getEntityDescriptors().addAll(verifiedEntIT); + } } |