aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-04-14 16:59:25 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-04-14 16:59:25 +0200
commita6189a32a78d2b3ed096356f6b7e0049c8870b21 (patch)
treeb2157d1aec857bd405ff1a3950a1e6e418564c8a /id/ConfigWebTool/src/main/java/at/gv
parent1b019f2d114b158676b8fa4acc0e2f1c06beeac2 (diff)
downloadmoa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.tar.gz
moa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.tar.bz2
moa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.zip
update error handling in PVP metadata verification filter implemetations
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java31
2 files changed, 30 insertions, 13 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 7bf2cf93f..104ea51f5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
public class MetaDataVerificationFilter implements MetadataFilter {
@@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter {
}
- public void doFilter(XMLObject metadata) throws FilterException {
+ public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
if(entitiesDescriptor.getSignature() == null) {
- throw new FilterException("Root element of metadata file has to be signed", null);
+ throw new SignatureValidationException("Root element of metadata file has to be signed");
}
try {
processEntitiesDescriptor(entitiesDescriptor);
} catch (MOAIDException e) {
- throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
}
} if (metadata instanceof EntityDescriptor) {
@@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter {
EntityVerifier.verify(entity, this.credential);
else
- throw new FilterException("Root element of metadata file has to be signed", null);
+ throw new SignatureValidationException("Root element of metadata file has to be signed", null);
} catch (MOAIDException e) {
- throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
}
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index ba77b601b..37a170267 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -181,15 +183,28 @@ public class OAPVP2ConfigValidation {
} catch (MetadataProviderException e) {
-
- //TODO: check exception handling
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- log.info("SSL Server certificate not trusted.", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+ try {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+ }
+
+ } catch (Exception e1) {
+ log.info("MetaDate verification failed", e1);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
- } else {
- log.info("MetaDate verification failed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
}
} finally {