From 2945c875bda2c8236d0b3fd630358fcaca85f4a8 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 2 Jul 2018 18:12:22 +0200
Subject: add requested PVP S-Profile attribute handling

---
 .../connector/provider/PVPMetadataProvider.java    | 46 ++++++++++++++++------
 1 file changed, 34 insertions(+), 12 deletions(-)

(limited to 'connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java')

diff --git a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
index 0edc5fcd..57f6e373 100644
--- a/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
+++ b/connector/src/main/java/at/gv/egiz/eidas/specific/connector/provider/PVPMetadataProvider.java
@@ -8,6 +8,7 @@ import java.util.List;
 
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.params.HttpClientParams;
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.slf4j.Logger;
@@ -18,11 +19,14 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
 import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egiz.eidas.specific.connector.MSeIDASNodeConstants;
+import at.gv.egiz.eidas.specific.connector.verification.MetadataSignatureVerificationFilter;
 
 @Service("PVPMetadataProvider")
 public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
@@ -47,14 +51,31 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
 			throws EAAFConfigurationException, IOException, CertificateException {
 		ISPConfiguration spConfig = basicConfig.getServiceProviderConfiguration(entityId);
 		if (spConfig != null) {
-			String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
-			String trustStoreUrl = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE);
-			return createNewSimpleMetadataProvider(metadataURL, 								 
-					buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl), 
-					spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
-					getTimer(),
-					new BasicParserPool(),
-					createHttpClient(metadataURL));
+			try {
+				String metadataURL = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_URL);
+				if (StringUtils.isEmpty(metadataURL)) {
+					log.debug("Use EntityId: " + entityId + " instead of explicite metadataURL ... ");
+					metadataURL = entityId;
+					
+				}				
+				String trustStoreUrl = FileUtils.makeAbsoluteURL(
+						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE), 
+						authConfig.getConfigurationRootDirectory());
+				String trustStorePassword = spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_PVP2_METADATA_TRUSTSTORE_PASSWORD);
+
+				return createNewSimpleMetadataProvider(metadataURL, 								 
+						buildMetadataFilterChain(spConfig, metadataURL, trustStoreUrl, trustStorePassword), 
+						spConfig.getConfigurationValue(MSeIDASNodeConstants.PROP_CONFIG_SP_UNIQUEIDENTIFIER),
+						getTimer(),
+						new BasicParserPool(),
+						createHttpClient(metadataURL));
+				
+			} catch (PVP2MetadataException e) {
+				log.info("Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage());
+				throw new EAAFConfigurationException(
+						"Can NOT initialize Metadata signature-verification filter. Reason: " + e.getMessage(), e);
+				
+			}
 			
 		} else
 			log.info("No ServiceProvider with entityId: " + entityId + " in configuration.");
@@ -77,14 +98,15 @@ public class PVPMetadataProvider extends AbstractChainingMetadataProvider{
 				
 	}
 	
-	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl) throws CertificateException{
+	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, String trustStoreUrl, String trustStorePassword) throws CertificateException, PVP2MetadataException{
 		MetadataFilterChain filterChain = new MetadataFilterChain();		
 		filterChain.getFilters().add(new SchemaValidationFilter(
 				basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_SCHEME_VALIDATION, true)));
+					
+		filterChain.getFilters().add(
+				new MetadataSignatureVerificationFilter(
+						trustStoreUrl, trustStorePassword, metadataURL));
 				
-		//TODO: add signature validation filter
-		
-		
 		filterChain.getFilters().add(new PVPEntityCategoryFilter(
 				basicConfig.getBasicMOAIDConfigurationBoolean(MSeIDASNodeConstants.PROP_CONFIG_PVP_ENABLE_ENTITYCATEGORIES, true)));
 		
-- 
cgit v1.2.3