aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool/src/main')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java17
2 files changed, 17 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 332adaa80..7bf2cf93f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -46,7 +46,6 @@ public class MetaDataVerificationFilter implements MetadataFilter {
public void doFilter(XMLObject metadata) throws FilterException {
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-
if(entitiesDescriptor.getSignature() == null) {
throw new FilterException("Root element of metadata file has to be signed", null);
}
@@ -57,7 +56,7 @@ public class MetaDataVerificationFilter implements MetadataFilter {
throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
- } if (metadata instanceof EntityDescriptor) {
+ } if (metadata instanceof EntityDescriptor) {
try {
EntityDescriptor entity = (EntityDescriptor) metadata;
if (entity.getSignature() != null)
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 40e243d0b..a64a0eaf1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallerFactory;
@@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -127,16 +130,28 @@ public class OAPVP2ConfigValidation {
log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
}
+
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+ filterList.add(new SchemaValidationFilter());
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
httpProvider =
new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential));
+ httpProvider.setMetadataFilter(filter);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+
+ httpProvider.setRequireValidMetadata(true);
+
httpProvider.initialize();
+
+
+
if (httpProvider.getMetadata() == null) {
log.info("Metadata could be received but validation FAILED.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));