diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-30 14:36:39 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-30 14:36:39 +0200 |
commit | ecf9de84e76dde785ced8c1632c7909d1d57f94a (patch) | |
tree | ef32ed58461f520a790f53f1a049e566458482a0 /id/server/idserverlib/src/main/java/at | |
parent | 52ad604e54cb91073503d708cd0c50ff0121174a (diff) | |
download | moa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.tar.gz moa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.tar.bz2 moa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.zip |
add error handling and some more validation to SL2.0 module
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
3 files changed, 29 insertions, 9 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 05bb16d0d..5b1d952ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -196,6 +196,12 @@ public class AssertionAttributeExtractor { // } + public String getAssertionID() { + return assertion.getID(); + + } + + public String getNameID() throws AssertionAttributeExtractorExeption { if (assertion.getSubject() != null) { Subject subject = assertion.getSubject(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 28a85b4af..da4b54a5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -31,9 +31,13 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.metadata.AssertionConsumerService; @@ -47,6 +51,7 @@ import org.opensaml.xml.io.MarshallingException; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; public class SAML2Utils { @@ -142,4 +147,20 @@ public class SAML2Utils { return envelope; } + + public static void schemeValidation(XMLObject xmlObject) throws Exception { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(xmlObject.getDOM()); + val.validate(source); + Logger.debug("SAML2 Scheme validation successful"); + return; + + } catch (Exception e) { + Logger.warn("SAML2 scheme validation FAILED.", e); + throw e; + + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index 83a2b61d2..489d2fb4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -22,11 +22,6 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; - -import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.xml.sax.SAXException; @@ -34,6 +29,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -71,10 +67,7 @@ public class SchemaValidationFilter implements MetadataFilter { if (isActive) { try { - Schema test = SAMLSchemaBuilder.getSAML11Schema(); - Validator val = test.newValidator(); - DOMSource source = new DOMSource(arg0.getDOM()); - val.validate(source); + SAML2Utils.schemeValidation(arg0); Logger.info("Metadata Schema validation check done OK"); return; |