diff options
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java')
-rw-r--r-- | id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java new file mode 100644 index 000000000..2b4e20ba0 --- /dev/null +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java @@ -0,0 +1,54 @@ +package at.gv.egovernment.moa.id.demoOA.utils; + +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws FilterException { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + + if(entitiesDescriptor.getSignature() == null) { + throw new FilterException("IDP metadata is not signed", null); + } + + Signature sign = entitiesDescriptor.getSignature(); + + try { + + //Validate signature + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + + //Verify signature + SignatureValidator sigValidator = new SignatureValidator(credential); + sigValidator.validate(sign); + + } catch (ValidationException e) { + throw new FilterException("IDP metadata validation error", e); + + } + + } + } + +} |