aboutsummaryrefslogtreecommitdiff
path: root/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
diff options
context:
space:
mode:
Diffstat (limited to 'connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java')
-rw-r--r--connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java46
1 files changed, 34 insertions, 12 deletions
diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
index 0edc5fcd..57f6e373 100644
--- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
@@ -8,6 +8,7 @@ import java.util.List;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
import org.slf4j.Logger;
@@ -18,11 +19,14 @@ import org.springframework.stereotype.Service;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+import at.gv.egiz.eidas.specific.connector.verification.MetadataSignatureVerificationFilter;
@Service("PVPMetadataProvider")
public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
@@ -47,14 +51,31 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
throws EAAFConfigurationException, IOException, CertificateException {
ISPConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
if (spConfig != null) {
- String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
- String trustStoreUrl = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE);
- return createNewSimpleMetadataProvider(metadataURL,
- buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl),
- spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
- getTimer(),
- new BasicParserPool(),
- createHttpClient(metadataURL));
+ try {
+ String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
+ if (StringUtils.isEmpty(metadataURL)) {
+ log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
+ metadataURL = entityId;
+
+ }
+ String trustStoreUrl = FileUtils.makeAbsoluteURL(
+ spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE),
+ authConfig.getConfigurationRootDirectory());
+ String trustStorePassword = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD);
+
+ return createNewSimpleMetadataProvider(metadataURL,
+ buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl, trustStorePassword),
+ spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
+ getTimer(),
+ new BasicParserPool(),
+ createHttpClient(metadataURL));
+
+ } catch (PVP2MetadataException e) {
+ log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
+ throw new EAAFConfigurationException(
+ "Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage(), e);
+
+ }
} else
log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
@@ -77,14 +98,15 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
}
- private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl) throws CertificateException{
+ private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, PVP2MetadataException{
MetadataFilterChain filterChain = new MetadataFilterChain();
filterChain.getFilters().add(new SchemaValidationFilter(
basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true)));
+
+ filterChain.getFilters().add(
+ new MetadataSignatureVerificationFilter(
+ trustStoreUrl, trustStorePassword, metadataURL));
- //TODO: add signature validation filter
-
-
filterChain.getFilters().add(new PVPEntityCategoryFilter(
basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true)));
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-02 00:46:23 +0000