diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 587d8e935..81863f48f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -33,7 +33,6 @@ import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule; import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; @@ -48,7 +47,6 @@ import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -63,7 +61,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class RedirectBinding implements IDecoder, IEncoder { @@ -173,11 +171,32 @@ public class RedirectBinding implements IDecoder, IEncoder { else messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - decode.decode(messageContext); + try { + decode.decode(messageContext); - //check signature - signatureRule.evaluate(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } catch (SecurityException e) { + if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) { + throw e; + + } + Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId()); + if (!MOAMetadataProvider.getInstance().refreshMetadataProvider(messageContext.getInboundMessageIssuer())) + throw e; + + else { + Logger.trace("PVP2X metadata reload finished. Check validate message again."); + decode.decode(messageContext); + //check signature + signatureRule.evaluate(messageContext); + + } + Logger.trace("Second PVP2X message validation finished"); + } + InboundMessage msg = null; if (messageContext.getInboundMessage() instanceof RequestAbstractType) { RequestAbstractType inboundMessage = (RequestAbstractType) messageContext |