diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 16:19:00 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-09-19 16:19:00 +0200 |
| commit | a27cf61551c129aee48ea533ad73f2ade37a757a (patch) | |
| tree | c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java | |
| parent | 2c7d70f182b554321b6baf3e225139a883d61035 (diff) | |
| download | moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2 moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip | |
ConfigWebTool Version 0.9.5
--PVP2 Login
--PVP2 Users to UserDatabase functionality
--Mailaddress verification
--Mail status messages to users and admin
--add List with OpenRequests for admins
--change OA Target configuration
--add cleanUp Thread to remove old unused UserAccount requests
--update UserDatabase to support PVP2 logins
--add formID element validate received forms
-- add first classes for STORK configuration
make some Bugfixes
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java')
| -rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java new file mode 100644 index 000000000..d08354c43 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws FilterException { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + + if(entitiesDescriptor.getSignature() == null) { + throw new FilterException("Root element of metadata file has to be signed", null); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (MOAIDException e) { + throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + EntityVerifier.verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + EntityVerifier.verify(entity); + } + } + +} |