diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-04-14 16:59:25 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-04-14 16:59:25 +0200 |
commit | a6189a32a78d2b3ed096356f6b7e0049c8870b21 (patch) | |
tree | b2157d1aec857bd405ff1a3950a1e6e418564c8a /id/ConfigWebTool/src | |
parent | 1b019f2d114b158676b8fa4acc0e2f1c06beeac2 (diff) | |
download | moa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.tar.gz moa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.tar.bz2 moa-id-spss-a6189a32a78d2b3ed096356f6b7e0049c8870b21.zip |
update error handling in PVP metadata verification filter implemetations
Diffstat (limited to 'id/ConfigWebTool/src')
4 files changed, 36 insertions, 15 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 7bf2cf93f..104ea51f5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; public class MetaDataVerificationFilter implements MetadataFilter { @@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter { } - public void doFilter(XMLObject metadata) throws FilterException { + public void doFilter(XMLObject metadata) throws SignatureValidationException { + if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if(entitiesDescriptor.getSignature() == null) { - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed"); } try { processEntitiesDescriptor(entitiesDescriptor); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); } } if (metadata instanceof EntityDescriptor) { @@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter { EntityVerifier.verify(entity, this.credential); else - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed", null); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index ba77b601b..37a170267 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; @@ -181,15 +183,28 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { - - //TODO: check exception handling - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); } } finally { diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 072f44981..c888a2d77 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -487,7 +487,9 @@ validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00F validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. -validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.metadata.verify.sig=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. +validation.pvp2.metadata.verify.schema=Die Schema-Validierung der Metadaten ist fehlgeschlagen. +validation.pvp2.metadata.verify.general=Bei der Validierung der Metadaten ist ein allgemeiner Fehler aufgetreten. validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index b717377e0..43dcfeac8 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -485,7 +485,9 @@ validation.stork.ap.attributes.valid=Invalid attribute configuration for Attribu validation.pvp2.metadataurl.empty=There is no metadata URL provided. validation.pvp2.metadataurl.valid=The metadata URL has invalid URL format . validation.pvp2.metadataurl.read=No information could be found under provided URL. -validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate. +validation.pvp2.metadata.verify.sig=The metadata could not be verified with the provided certificate. +validation.pvp2.metadata.verify.schema=Metadata schema validation FAILED. +validation.pvp2.metadata.verify.general=Metadata validation has an generic error. validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format. validation.pvp2.certificate.notfound=There is no PVP2 inserted. validation.pvp2.metadata.ssl=The SSL server certificate is not trusted. |