aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java21
1 files changed, 19 insertions, 2 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 40e243d0b..8e1dd6e64 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallerFactory;
@@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -126,17 +129,29 @@ public class OAPVP2ConfigValidation {
} catch (ConfigurationException e) {
log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
- }
+ }
+
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+ filterList.add(new SchemaValidationFilter());
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
httpProvider =
new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential));
+ httpProvider.setMetadataFilter(filter);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+
+ httpProvider.setRequireValidMetadata(true);
+
httpProvider.initialize();
+
+
+
if (httpProvider.getMetadata() == null) {
log.info("Metadata could be received but validation FAILED.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
@@ -157,6 +172,8 @@ public class OAPVP2ConfigValidation {
} catch (MetadataProviderException e) {
+
+ //TODO: check exception handling
if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
log.info("SSL Server certificate not trusted.", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-22 00:30:39 +0000