diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa')
2 files changed, 20 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index fd40bd447..fd4226c5b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -147,12 +147,14 @@ public class OAAuthenticationDataValidation { } } - if (form.isEnableTestCredentials()) { + if (form.isEnableTestCredentials() + && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) { for (String el : form.getTestCredialOIDList()) { - if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) + if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) { log.warn("Test credential OID does not start with test credential root OID"); errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid", new Object[] {el}, request )); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index d122b6bde..8e1dd6e64 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataFilterChain; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallerFactory; @@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { @@ -127,16 +130,28 @@ public class OAPVP2ConfigValidation { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); } + + List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); + filterList.add(new MetaDataVerificationFilter(credential)); + filterList.add(new SchemaValidationFilter()); + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential)); + httpProvider.setMetadataFilter(filter); httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + + httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); + + + if (httpProvider.getMetadata() == null) { log.info("Metadata could be received but validation FAILED."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); |