7 files changed, 72 insertions, 33 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 7bf2cf93f..104ea51f5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
 public class MetaDataVerificationFilter implements MetadataFilter {
@@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 	}
 	
 	
-	public void doFilter(XMLObject metadata) throws FilterException {
+	public void doFilter(XMLObject metadata) throws SignatureValidationException {
+		
 		if (metadata instanceof EntitiesDescriptor) {
 			EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
 			if(entitiesDescriptor.getSignature() == null) {
-				throw new FilterException("Root element of metadata file has to be signed", null);
+				throw new SignatureValidationException("Root element of metadata file has to be signed");
 			}
 			try {
 				processEntitiesDescriptor(entitiesDescriptor);
 				
 			} catch (MOAIDException e) {
-				throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
 			}
 			
 		} if (metadata instanceof EntityDescriptor) {									
@@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 					EntityVerifier.verify(entity, this.credential);
 				
 				else
-					throw new FilterException("Root element of metadata file has to be signed", null);
+					throw new SignatureValidationException("Root element of metadata file has to be signed", null);
 				
 			} catch (MOAIDException e) {
-				throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
 			}				
 		}
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index e6000319e..8ac7b40d4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -462,6 +462,11 @@ public class ConfigurationProvider {
 				
 	}
 	
+	public boolean isPVPMetadataSchemaValidationActive() {
+		return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
+				
+	}
+	
 	private void initalPVP2Login() throws ConfigurationException {
 		try {
 					
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index d13696d51..8ddeb9ebc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -134,21 +134,20 @@ public class AuthenticationFilter implements Filter{
         
 		log.trace("Request URL: " + requestURL);
 		
-		AuthenticationManager authManager = AuthenticationManager.getInstance();
-		if (!authManager.isActiveUser(authuser)) {
-			//user is not active anymore. Invalidate session and reauthenticate user
-			String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
-			session.invalidate();
-			authuser = null;
+		AuthenticationManager authManager = AuthenticationManager.getInstance();				
+		if (!authManager.isActiveUser(authuser) && !this.isExcluded(requestURL)) {			
+			if (!this.isExcluded(requestURL)) {
+				//user is not active anymore. Invalidate session and reauthenticate user
+				String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+				session.invalidate();
+				authuser = null;
 			
-			//TODO: set infotext
-			
-			session = httpServletRequest.getSession(true);
-			session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
-		}
-				
-		if (authuser == null && !this.isExcluded(requestURL)) {
+				//TODO: set infotext
 			
+				session = httpServletRequest.getSession(true);
+				session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
+			}
+						
 			if (config.isLoginDeaktivated()) {
 				//add dummy Daten
 				log.warn("Authentication is deaktivated. Dummy authentication-information are used!");
@@ -178,6 +177,7 @@ public class AuthenticationFilter implements Filter{
 	              }
 				
 			} else {
+												
 	            if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
 	                log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\".");
 	                
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 26d97484b..82390c49c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -291,13 +291,17 @@ public class BasicOAAction extends BasicAction {
 	                
 	            } else {
 	
-	                if (oaid == -1) {	                		                	
+	                if (oaid == -1) {	                	
 	                	List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
-	                	for (OnlineApplication el : oaList) {
-	                		if (el.getPublicURLPrefix().startsWith(oaidentifier) )
-	                		onlineapplication = el;
+	                	
+	                	if (oaList != null) {
+	                		for (OnlineApplication el : oaList) {
+	                			if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+	                				onlineapplication = el;
 	                		
+	                		}
 	                	}
+	                	
 	                	if (onlineapplication == null) {	                	
 	                		onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
 	                		
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 8e1dd6e64..37a170267 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -133,7 +135,16 @@ public class OAPVP2ConfigValidation {
 
 						List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
 						filterList.add(new MetaDataVerificationFilter(credential));
-						filterList.add(new SchemaValidationFilter());
+						
+						try {
+							filterList.add(new SchemaValidationFilter(
+									ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+							
+						} catch (ConfigurationException e) {
+							log.warn("Configuration access FAILED!", e);
+							
+						}
+						
 						MetadataFilterChain filter = new MetadataFilterChain();
 						filter.setFilters(filterList);
 						
@@ -172,15 +183,28 @@ public class OAPVP2ConfigValidation {
 			
 		} catch (MetadataProviderException e) {
 			
-			
-			//TODO: check exception handling
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				log.info("SSL Server certificate not trusted.", e);
-				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+			try {
+				if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+					log.info("SSL Server certificate not trusted.", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+				} else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
+				
+				} else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
+								
+				} else {			
+					log.info("MetaDate verification failed", e);
+					errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+				}
+				
+			} catch (Exception e1) {
+				log.info("MetaDate verification failed", e1);
+				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
 				
-			} else {			
-				log.info("MetaDate verification failed", e);
-				errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
 			}
 			
 		} finally {			
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 072f44981..c888a2d77 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -487,7 +487,9 @@ validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00F
 validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben.
 validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf.
 validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden.
-validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
+validation.pvp2.metadata.verify.sig=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
+validation.pvp2.metadata.verify.schema=Die Schema-Validierung der Metadaten ist fehlgeschlagen.
+validation.pvp2.metadata.verify.general=Bei der Validierung der Metadaten ist ein allgemeiner Fehler aufgetreten.
 validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. 
 validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
 validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index b717377e0..43dcfeac8 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -485,7 +485,9 @@ validation.stork.ap.attributes.valid=Invalid attribute configuration for Attribu
 validation.pvp2.metadataurl.empty=There is no metadata URL provided.
 validation.pvp2.metadataurl.valid=The metadata URL has invalid URL format .
 validation.pvp2.metadataurl.read=No information could be found under provided URL.
-validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate.
+validation.pvp2.metadata.verify.sig=The metadata could not be verified with the provided certificate.
+validation.pvp2.metadata.verify.schema=Metadata schema validation FAILED.
+validation.pvp2.metadata.verify.general=Metadata validation has an generic error.
 validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format.
 validation.pvp2.certificate.notfound=There is no PVP2 inserted.
 validation.pvp2.metadata.ssl=The SSL server certificate is not trusted.