1 files changed, 49 insertions, 8 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 40e243d0b..37a170267 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.httpclient.MOAHttpClient;
 import org.apache.log4j.Logger;
 import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.io.MarshallerFactory;
@@ -58,6 +60,9 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class OAPVP2ConfigValidation {
@@ -126,17 +131,38 @@ public class OAPVP2ConfigValidation {
 							} catch (ConfigurationException e) {
 								log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
 								
-							}
+							} 
+
+						List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+						filterList.add(new MetaDataVerificationFilter(credential));
+						
+						try {
+							filterList.add(new SchemaValidationFilter(
+									ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+							
+						} catch (ConfigurationException e) {
+							log.warn("Configuration access FAILED!", e);
+							
+						}
+						
+						MetadataFilterChain filter = new MetadataFilterChain();
+						filter.setFilters(filterList);
 						
 						httpProvider = 
 								new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
 						httpProvider.setParserPool(new BasicParserPool());
 						httpProvider.setRequireValidMetadata(true); 
-						httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential));
+						httpProvider.setMetadataFilter(filter);
 						httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
 						httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+						
+						httpProvider.setRequireValidMetadata(true);
+						
 						httpProvider.initialize();
 						
+						
+						
+						
 						if (httpProvider.getMetadata() == null) {
 							log.info("Metadata could be received but validation FAILED.");
 							errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
@@ -157,13 +183,28 @@ public class OAPVP2ConfigValidation {
 			
 		} catch (MetadataProviderException e) {
 			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				log.info("SSL Server certificate not trusted.", e);
-				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+			try {
+				if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+					log.info("SSL Server certificate not trusted.", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+				} else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
+				
+				} else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
+								
+				} else {			
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+				}
+				
+			} catch (Exception e1) {
+				log.info("MetaDate verification failed", e1);
+				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
 				
-			} else {			
-				log.info("MetaDate verification failed", e);
-				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
 			}
 			
 		} finally {