aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-11-04 09:51:26 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-11-04 09:51:26 +0100
commit72e86431b59c466673214d330bbd9baa295449cf (patch)
treef6e17783d0fe6250974e95c052b2c3afcf1bbd2e /id/server/idserverlib
parent518839d9ade1e97d878e494903e088a5b0cf0359 (diff)
downloadmoa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.tar.gz
moa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.tar.bz2
moa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.zip
add hostname validation to httpclient 3.1, which is assumed by openSAML 2.x
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java6
2 files changed, 9 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index c0ba1d96d..d5c7d9100 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -66,13 +66,16 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
if (metadataURL.startsWith("https:")) {
try {
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
- AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 0d1f54249..e02ecb662 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -70,6 +71,7 @@ public class MOASAMLSOAPClient {
HttpClientBuilder clientBuilder = new HttpClientBuilder();
if (destination.startsWith("https")) {
try {
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
PVPConstants.SSLSOCKETFACTORYNAME,
@@ -77,7 +79,9 @@ public class MOASAMLSOAPClient {
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
- AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
+ AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
} catch (MOAHttpProtocolSocketFactoryException e) {