diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-07 16:28:22 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-07 16:28:22 +0200 |
| commit | 26822fcf41e37e0fedca87489b60304496c9d0f0 (patch) | |
| tree | c782966221b43642976e91bd53a918cd04d03c35 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa | |
| parent | 44cb2c6299c247a9836150c68ba45b206c6499aa (diff) | |
| download | moa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.tar.gz moa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.tar.bz2 moa-id-spss-26822fcf41e37e0fedca87489b60304496c9d0f0.zip | |
check SAML2 metadata URL against publicService flag
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa')
3 files changed, 23 insertions, 13 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java index 7dad12477..5db9029bd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -114,17 +114,7 @@ public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { log.info("AttributeQuery URL is not valid"); errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); - } - - boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(queryURL); - if (!publicServiceAllowed && !general.isBusinessService()) { - log.info("AttributQuery Service URL " + queryURL + " does not allow PublicService."); - errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.publicservice", - new Object[] {queryURL}, request )); - general.setBusinessService(true); - - } - + } } if (inboundSSO && MiscUtil.isEmpty(queryURL)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java index 4c0830ae9..7a05d6497 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.data.OAListElement; @@ -219,6 +220,17 @@ public class InterfederationIDPAction extends BasicOAAction { for (IOnlineApplicationData form : formList.values()) errors.addAll(form.validate(getGeneralOA(), authUser, request)); + + boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] {getPvp2OA().getMetaDataURL()}, request )); + getGeneralOA().setBusinessService(true); + + } + + if (errors.size() > 0) { log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); for (String el : errors) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 98d500526..62fc83ab9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -30,6 +30,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; @@ -142,8 +143,15 @@ public class OAPVP2ConfigValidation { errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); } catch (MetadataProviderException e) { - log.info("MetaDate verification failed"); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); + + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); + } } finally { if (httpProvider != null) |