aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 16:28:22 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 16:28:22 +0200
commit26822fcf41e37e0fedca87489b60304496c9d0f0 (patch)
treec782966221b43642976e91bd53a918cd04d03c35
parent44cb2c6299c247a9836150c68ba45b206c6499aa (diff)
downloadmoa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.tar.gz
moa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.tar.bz2
moa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.zip
check SAML2 metadata URL against publicService flag
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java12
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties3
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties3
5 files changed, 27 insertions, 15 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
index 7dad12477..5db9029bd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
@@ -114,17 +114,7 @@ public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData {
log.info("AttributeQuery URL is not valid");
errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request));
- }
-
- boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(queryURL);
- if (!publicServiceAllowed && !general.isBusinessService()) {
- log.info("AttributQuery Service URL " + queryURL + " does not allow PublicService.");
- errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.publicservice",
- new Object[] {queryURL}, request ));
- general.setBusinessService(true);
-
- }
-
+ }
}
if (inboundSSO && MiscUtil.isEmpty(queryURL)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 4c0830ae9..7a05d6497 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
@@ -219,6 +220,17 @@ public class InterfederationIDPAction extends BasicOAAction {
for (IOnlineApplicationData form : formList.values())
errors.addAll(form.validate(getGeneralOA(), authUser, request));
+
+ boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL());
+ if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) {
+ log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService.");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice",
+ new Object[] {getPvp2OA().getMetaDataURL()}, request ));
+ getGeneralOA().setBusinessService(true);
+
+ }
+
+
if (errors.size() > 0) {
log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
for (String el : errors)
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 98d500526..62fc83ab9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -30,6 +30,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Timer;
+import javax.net.ssl.SSLHandshakeException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
@@ -142,8 +143,15 @@ public class OAPVP2ConfigValidation {
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request));
} catch (MetadataProviderException e) {
- log.info("MetaDate verification failed");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
+
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
+ }
} finally {
if (httpProvider != null)
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 8e58f4f1d..acadde847 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -458,13 +458,14 @@ validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten kei
validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf.
validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
+validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig.
validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich.
validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf.
validation.interfederation.moaidp.queryurl.valid=Die URL zum zum AttributQuery Service wei\u00DFt kein g\u00FCltiges Format auf.
validation.interfederation.moaidp.queryurl.empty=Die URL zum zum AttributQuery Service muss f\u00FCr eingehende Single Sign-On Interfederation konfiguriert werden.
-validation.interfederation.moaidp.queryurl.publicservice=Die Domain des AttributQuery Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich.
+validation.interfederation.moaidp.metadataurl.publicservice=Die Domain des Metadaten Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich.
validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index e15f44d87..2871c24e4 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -456,13 +456,14 @@ validation.pvp2.metadataurl.read=No information could be found under provided UR
validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate.
validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format.
validation.pvp2.certificate.notfound=There is no PVP2 inserted.
+validation.pvp2.metadata.ssl=The SSL server certificate is not trusted.
validation.sso.logouturl.empty=URL for Single Log-Out Service is necessary.
validation.sso.logouturl.valid=URL for Single Log-Out Service has incorrect format.
validation.interfederation.moaidp.queryurl.valid=URL for AttributQuery Service has incorrect format.
validation.interfederation.moaidp.queryurl.empty=URL for AttributQuery Service is necessary for inbound Single Sign-On interfederation.
-validation.interfederation.moaidp.queryurl.publicservice=The domain of AttributQuery service for that IDP permits private sector only.
+validation.interfederation.moaidp.metadataurl.publicservice=The domain of Metadata service for that IDP permits private sector only.
validation.saml1.providestammzahl=ProvideSourcePIN cannot be combined with applications from private sector.