aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-11-04 09:51:26 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-11-04 09:51:26 +0100
commit72e86431b59c466673214d330bbd9baa295449cf (patch)
treef6e17783d0fe6250974e95c052b2c3afcf1bbd2e /id/server/modules/moa-id-module-eIDAS
parent518839d9ade1e97d878e494903e088a5b0cf0359 (diff)
downloadmoa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.tar.gz
moa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.tar.bz2
moa-id-spss-72e86431b59c466673214d330bbd9baa295449cf.zip
add hostname validation to httpclient 3.1, which is assumed by openSAML 2.x
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java5
1 files changed, 4 insertions, 1 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 0cb6228a7..ffa74b92b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -204,13 +204,16 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
if (metadataURL.startsWith("https:")) {
try {
+ //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
Constants.SSLSOCKETFACTORYNAME,
authConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
authConfig.isTrustmanagerrevoationchecking(),
- authConfig.getRevocationMethodOrder());
+ authConfig.getRevocationMethodOrder(),
+ authConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);