aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java11
3 files changed, 16 insertions, 9 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 216d7a8b1..cdb85c563 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -259,6 +259,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
} catch (MOAIDException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.info("Receive INVALID protocol request: " + samlRequest);
throw e;
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 679bdd10f..589713c4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-import iaik.x509.X509Certificate;
-
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
@@ -31,16 +29,15 @@ import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.x509.X509Certificate;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -87,8 +84,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
//CHECK if Entity also match MetaData signature.
/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
+ Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-
+
if (entityCert != null) {
X509Certificate cert;
@@ -99,8 +97,10 @@ public class MetadataSignatureFilter implements MetadataFilter {
EntityVerifier.verify(desc, entityCrendential);
- //add entity to verified entity-list
+ //add entity to verified entity-list
verifiedEntIT.add(entity);
+ Logger.debug("Metadata for entityID: " + entityID + " valid");
+
} catch (Exception e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
index ed96f1962..caabfea30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
@@ -112,6 +112,7 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
if (extensions != null) {
List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
if (listOfExt != null && !listOfExt.isEmpty()) {
+ Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
for (XMLObject el : listOfExt) {
Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
if (el instanceof EntityAttributes) {
@@ -150,9 +151,13 @@ public class PVPEntityCategoryFilter implements MetadataFilter {
Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
}
- }
- }
- }
+ }
+
+ } else
+ Logger.trace("'Extension' element is 'null' or empty");
+
+ } else
+ Logger.trace("No 'Extension' element found");
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-29 09:37:21 +0000