diff options
| author | zwattenb <zwattenb@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-08-14 07:31:28 +0000 | 
|---|---|---|
| committer | zwattenb <zwattenb@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2012-08-14 07:31:28 +0000 | 
| commit | a8cc85ab0b641e06e43214ffb700703638469231 (patch) | |
| tree | f67bde304dc3a699d704d640f66ffd655cd1181d | |
| parent | 860fa0a0b1e2928b8b39784bce9785c192bde1d6 (diff) | |
| download | moa-id-spss-a8cc85ab0b641e06e43214ffb700703638469231.tar.gz moa-id-spss-a8cc85ab0b641e06e43214ffb700703638469231.tar.bz2 moa-id-spss-a8cc85ab0b641e06e43214ffb700703638469231.zip | |
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1296 d688527b-c9ab-4aba-bd8d-4036d912da1d
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java | 197 | 
1 files changed, 103 insertions, 94 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java index 2deeb2aae..637e46200 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java @@ -1,55 +1,55 @@ -/* - * Copyright 2011 by Graz University of Technology, Austria - * The Austrian STORK Modules have been developed by the E-Government - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery - * Austria and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - +/*
 + * Copyright 2011 by Graz University of Technology, Austria
 + * The Austrian STORK Modules have been developed by the E-Government
 + * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 + * Austria and Graz University of Technology.
 + *
 + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 + * the European Commission - subsequent versions of the EUPL (the "Licence");
 + * You may not use this work except in compliance with the Licence.
 + * You may obtain a copy of the Licence at:
 + * http://www.osor.eu/eupl/
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the Licence is distributed on an "AS IS" basis,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the Licence for the specific language governing permissions and
 + * limitations under the Licence.
 + *
 + * This product combines work with different licenses. See the "NOTICE" text
 + * file for details on the various modules and licenses.
 + * The "NOTICE" text file is part of the distribution. Any derivative works
 + * that you distribute must include a readable copy of the "NOTICE" text file.
 + */
 +
 +
  /**
   * 
   */
  package at.gv.egovernment.moa.id.auth.stork;
 - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.ParseException; -import at.gv.egovernment.moa.id.ServiceException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import eu.stork.mw.messages.saml.STORKResponse; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; +
 +import org.w3c.dom.Element;
 +
 +import at.gv.egovernment.moa.id.BuildException;
 +import at.gv.egovernment.moa.id.ParseException;
 +import at.gv.egovernment.moa.id.ServiceException;
 +import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 +import at.gv.egovernment.moa.id.config.ConfigurationException;
 +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 +import at.gv.egovernment.moa.logging.Logger;
 +import at.gv.egovernment.moa.util.Constants;
 +import eu.stork.mw.messages.saml.STORKResponse;
 +import eu.stork.vidp.messages.exception.SAMLValidationException;
 +import eu.stork.vidp.messages.util.SAMLUtil;
 +import eu.stork.vidp.messages.util.XMLUtil;
  /**
 - * Verifies the SMAL response according to the STORK specification + * Verifies the SMAL response according to the STORK specification
   * @author bzwattendorfer
   *
   */
 @@ -74,44 +74,53 @@ public class PEPSConnectorResponseVerifier implements ResponseVerifier {  	private void verifySignature(STORKResponse response) throws SecurityException {
  		//validate Signature
  		try {
 -			if (response.isSigned()) {		 -				 -				String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID(); -				 -				Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID); +			if (response.isSigned()) {		
 +				
 +				String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
 +				
 +				Logger.trace("Starting validation of Signature references");
 +				try {
 +					SAMLUtil.validateSignatureReferences(response);
 +				} catch (ValidationException e) {
 +					Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
 +					throw new SecurityException(e);
 +				}
 +				Logger.debug("XML Signature references are OK.");
 +				
 +				Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
 +				
 +				// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
 +				Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
 +						.build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
 +
 +				Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
 -				// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP -				Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() -						.build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID); - -				Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); -				 -				Logger.trace("Calling MOA-SP"); -				// invokes the call -				Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() -						.verifyXMLSignature(domVerifyXMLSignatureRequest);								 -				 -				// parses the <VerifyXMLSignatureResponse> -				VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( -						domVerifyXMLSignatureResponse).parseData(); -				 -				Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); - -				if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { -					String msg = "Signature of SAMLResponse not valid"; -					Logger.error(msg);					 -					throw new SecurityException(msg); -				} -				 -				Logger.debug("Signature of SAML response successfully verified"); -				 -				if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { -					String msg = "Certificate of SAMLResponse not valid"; -					Logger.error(msg);					 -					throw new SecurityException(msg); -				} -				 -				Logger.debug("Signing certificate of SAML response succesfully verified"); +				Logger.trace("Calling MOA-SP");
 +				// invokes the call
 +				Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
 +						.verifyXMLSignature(domVerifyXMLSignatureRequest);								
 +				
 +				// parses the <VerifyXMLSignatureResponse>
 +				VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
 +						domVerifyXMLSignatureResponse).parseData();
 +				
 +				Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
 +
 +				if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
 +					String msg = "Signature of SAMLResponse not valid";
 +					Logger.error(msg);					
 +					throw new SecurityException(msg);
 +				}
 +				
 +				Logger.debug("Signature of SAML response successfully verified");
 +				
 +				if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
 +					String msg = "Certificate of SAMLResponse not valid";
 +					Logger.error(msg);					
 +					throw new SecurityException(msg);
 +				}
 +				
 +				Logger.debug("Signing certificate of SAML response succesfully verified");
  			} else {
  				String msg = "SAML Response is not signed.";
 @@ -122,18 +131,18 @@ public class PEPSConnectorResponseVerifier implements ResponseVerifier {  			String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
  			Logger.error(msg, e);
  			throw new SecurityException(msg, e);
 -		} catch (ParseException e) { -			String msg = "Unable to parse VerifyXMLSignature Request or Response."; -			Logger.error(msg, e); -			throw new SecurityException(msg, e); -		} catch (BuildException e) { -			String msg = "Unable to parse VerifyXMLSignature Request or Response."; -			Logger.error(msg, e); -			throw new SecurityException(msg, e); -		} catch (ServiceException e) { -			String msg = "Unable to invoke MOA-SP."; -			Logger.error(msg, e); -			throw new SecurityException(msg, e); +		} catch (ParseException e) {
 +			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
 +			Logger.error(msg, e);
 +			throw new SecurityException(msg, e);
 +		} catch (BuildException e) {
 +			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
 +			Logger.error(msg, e);
 +			throw new SecurityException(msg, e);
 +		} catch (ServiceException e) {
 +			String msg = "Unable to invoke MOA-SP.";
 +			Logger.error(msg, e);
 +			throw new SecurityException(msg, e);
  		} 			
  	}
 | 
