aboutsummaryrefslogtreecommitdiff
path: root/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java')
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java54
1 files changed, 54 insertions, 0 deletions
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java
new file mode 100644
index 000000000..2b4e20ba0
--- /dev/null
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java
@@ -0,0 +1,54 @@
+package at.gv.egovernment.moa.id.demoOA.utils;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureValidator;
+import org.opensaml.xml.validation.ValidationException;
+
+public class MetaDataVerificationFilter implements MetadataFilter {
+
+ BasicX509Credential credential;
+
+ public MetaDataVerificationFilter(BasicX509Credential credential) {
+ this.credential = credential;
+ }
+
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new FilterException("IDP metadata is not signed", null);
+ }
+
+ Signature sign = entitiesDescriptor.getSignature();
+
+ try {
+
+ //Validate signature
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ profileValidator.validate(sign);
+
+
+ //Verify signature
+ SignatureValidator sigValidator = new SignatureValidator(credential);
+ sigValidator.validate(sign);
+
+ } catch (ValidationException e) {
+ throw new FilterException("IDP metadata validation error", e);
+
+ }
+
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 03:26:18 +0000