aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-05-30 14:36:39 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-05-30 14:36:39 +0200
commitecf9de84e76dde785ced8c1632c7909d1d57f94a (patch)
treeef32ed58461f520a790f53f1a049e566458482a0 /id/server/idserverlib/src/main
parent52ad604e54cb91073503d708cd0c50ff0121174a (diff)
downloadmoa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.tar.gz
moa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.tar.bz2
moa-id-spss-ecf9de84e76dde785ced8c1632c7909d1d57f94a.zip
add error handling and some more validation to SL2.0 module
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java11
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties4
5 files changed, 35 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 05bb16d0d..5b1d952ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -196,6 +196,12 @@ public class AssertionAttributeExtractor {
// }
+ public String getAssertionID() {
+ return assertion.getID();
+
+ }
+
+
public String getNameID() throws AssertionAttributeExtractorExeption {
if (assertion.getSubject() != null) {
Subject subject = assertion.getSubject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 28a85b4af..da4b54a5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -31,9 +31,13 @@ import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.metadata.AssertionConsumerService;
@@ -47,6 +51,7 @@ import org.opensaml.xml.io.MarshallingException;
import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
public class SAML2Utils {
@@ -142,4 +147,20 @@ public class SAML2Utils {
return envelope;
}
+
+ public static void schemeValidation(XMLObject xmlObject) throws Exception {
+ try {
+ Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ Validator val = test.newValidator();
+ DOMSource source = new DOMSource(xmlObject.getDOM());
+ val.validate(source);
+ Logger.debug("SAML2 Scheme validation successful");
+ return;
+
+ } catch (Exception e) {
+ Logger.warn("SAML2 scheme validation FAILED.", e);
+ throw e;
+
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
index 83a2b61d2..489d2fb4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -22,11 +22,6 @@
*/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import org.xml.sax.SAXException;
@@ -34,6 +29,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -71,10 +67,7 @@ public class SchemaValidationFilter implements MetadataFilter {
if (isActive) {
try {
- Schema test = SAMLSchemaBuilder.getSAML11Schema();
- Validator val = test.newValidator();
- DOMSource source = new DOMSource(arg0.getDOM());
- val.validate(source);
+ SAML2Utils.schemeValidation(arg0);
Logger.info("Metadata Schema validation check done OK");
return;
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9cc4b0b5e..84fd93773 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -344,4 +344,5 @@ sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0}
sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer.
sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}.
sl20.06=Http transport-binding error. Reason: {0}
-
+sl20.07=Fehler beim Validieren der eID information. Type: {0} Reason: {1}
+sl20.08=SL2.0 Teilnehmer antwortet mit einem Fehler. Code: {0} Reason: {1}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 6de581cae..d77ea437b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -258,6 +258,10 @@ sl20.01=14000
sl20.02=14001
sl20.03=14800
sl20.04=14001
+sl20.05=xxxxx
+sl20.06=xxxxx
+sl20.07=xxxxx
+sl20.08=xxxxx
##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
mis.301=1005