Merge remote-tracking branch 'remotes/origin/vidp' into moa2_0_tlenz

Conflicts:
	id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
	id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
	id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
	id/server/moa-id-commons/pom.xml
	id/server/stork2-saml-engine/pom.xml
	pom.xml
	repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.jar
	repository/iaik/iaik_tsl/1.0/iaik_tsl-1.0.pom

1 files changed, 80 insertions, 0 deletions

diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
new file mode 100644
index 000000000..72639c8ee
--- /dev/null
+++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/validator/MultipleAssertionResponseValidator.java
@@ -0,0 +1,80 @@
+package eu.stork.peps.auth.engine.core.validator;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.xml.validation.ValidationException;
+import org.opensaml.xml.validation.Validator;
+
+
+public class MultipleAssertionResponseValidator implements Validator<Response> {
+	
+	/**
+	 * Validate action.
+	 * 
+	 * @param response the response to validate
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	public final void validate(final Response response) throws ValidationException {
+		validateAssertion(response);
+		validateConsent(response);
+		validateDestination(response);		
+		validateTime(response);
+		validateId(response);
+	}
+
+
+	/**
+	 * Validate assertion.
+	 * 
+	 * @param response the attribute query
+	 * 
+	 * @throws ValidationException the validation exception
+	 */
+	protected final void validateAssertion(final Response response)
+	throws ValidationException {
+		if (response.getAssertions() == null || response.getAssertions().size() < 2) {
+			throw new ValidationException("Multiple assertions must be specified.");
+		}
+	}
+	
+	/**
+	 * Validate the Consent
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateConsent(Response response) throws ValidationException {
+        if (response.getConsent() == null)
+            throw new ValidationException("Consent is required");
+    }
+	
+	/**
+	 * Validate the destination
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateDestination(Response response) throws ValidationException {
+        if (response.getDestination() == null)
+            throw new ValidationException("Destination is required");
+    }
+	
+	/**
+	 * Validate issue times
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateTime(Response response) throws ValidationException {		
+        if (response.getIssueInstant().isAfterNow())
+            throw new ValidationException("Issue time is in the futue");
+    }
+	
+	/**
+	 * Validate ids
+	 * @param response the response to validate
+	 * @throws ValidationException the validation exception
+	 */
+	protected void validateId(Response response) throws ValidationException {		
+        if (response.getID() == null || response.getInResponseTo() == null)
+            throw new ValidationException("Id and response id is required");
+    }
+
+}