aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-07-17 10:25:02 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-07-17 10:25:02 +0200
commit91d38d59b42ee77346b0d33315f403d8fa678576 (patch)
tree00fe72e62c6dddbeb2ed60e230ff02e97a507be4 /id/ConfigWebTool/src/main/java/at
parent3e2575cfe85ac8f3076f0470a82191d9f1dae636 (diff)
downloadmoa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.tar.gz
moa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.tar.bz2
moa-id-spss-91d38d59b42ee77346b0d33315f403d8fa678576.zip
update MOA SAML2 metadata provider to support metadata located on file system
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java105
1 files changed, 54 insertions, 51 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 61a380188..79e7e9252 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -111,81 +111,84 @@ public class OAPVP2ConfigValidation {
log.info("MetaDataURL has no valid form.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
- } else {
-
+ } else {
if (certSerialized == null) {
log.info("No certificate for metadata validation");
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
- } else {
-
- X509Certificate cert = new X509Certificate(certSerialized);
- BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityCertificate(cert);
+ } else {
+ if (form.getMetaDataURL().startsWith("http")) {
+ X509Certificate cert = new X509Certificate(certSerialized);
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
- timer = new Timer();
- httpClient = new MOAHttpClient();
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
- if (form.getMetaDataURL().startsWith("https:"))
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
- ConfigurationProvider.getInstance().getCertStoreDirectory(),
- ConfigurationProvider.getInstance().getTrustStoreDirectory(),
- null,
- "pkix",
- true,
- new String[]{"crl"},
- false);
+ if (form.getMetaDataURL().startsWith("https:"))
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true,
+ new String[]{"crl"},
+ false);
- httpClient.setCustomSSLTrustStore(
- form.getMetaDataURL(),
- protoSocketFactory);
+ httpClient.setCustomSSLTrustStore(
+ form.getMetaDataURL(),
+ protoSocketFactory);
- } catch (MOAHttpProtocolSocketFactoryException e) {
- log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
- } catch (ConfigurationException e) {
- log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
+ } catch (ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
- }
+ }
- List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
- filterList.add(new MetaDataVerificationFilter(credential));
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
- try {
- filterList.add(new SchemaValidationFilter(
- ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+ try {
+ filterList.add(new SchemaValidationFilter(
+ ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
- } catch (ConfigurationException e) {
- log.warn("Configuration access FAILED!", e);
+ } catch (ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
- }
+ }
+
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.setFilters(filterList);
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
- httpProvider =
- new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(filter);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ httpProvider.setRequireValidMetadata(true);
- httpProvider.setRequireValidMetadata(true);
+ httpProvider.initialize();
- httpProvider.initialize();
+ if (httpProvider.getMetadata() == null) {
+ log.info("Metadata could be received but validation FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ }
- if (httpProvider.getMetadata() == null) {
- log.info("Metadata could be received but validation FAILED.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ } else {
+ log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL());
+
}
-
}
}
}