add additional errorcodes if SAML request validation failed

1 files changed, 24 insertions, 5 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 8732409b5..863bfe501 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,8 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import iaik.pkcs.pkcs11.objects.Object;
-
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -52,12 +50,15 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeConsumingService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.ws.security.SecurityPolicyException;
 import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.signature.SignableXMLObject;
 
 import edu.emory.mathcs.backport.java.util.Arrays;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -191,16 +192,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 			return null;
 		}
 		try {
-
 			InboundMessage msg = (InboundMessage) decoder.decode(request, response);
 			
+			if (MiscUtil.isEmpty(msg.getEntityID())) {
+				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+				
+			}
+			
 			if(!msg.isVerified()) {
 				SAMLVerificationEngine engine = new SAMLVerificationEngine();
 				engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
 				msg.setVerified(true);
 				
 			}
-			
+							
 			if (msg instanceof MOARequest && 
 					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
 				return preProcessAuthRequest(request, response, (MOARequest) msg);
@@ -252,9 +257,23 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
 			
-
 		} catch (PVP2Exception e) {
 			throw e;
+		
+		} catch (SecurityPolicyException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			
+		} catch (SecurityException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			
+		} catch (InvalidProtocolRequestException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			throw e;
 			
 		} catch (Throwable e) {			
 			String samlRequest = request.getParameter("SAMLRequest");