diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index f2e3e7cb1..aa61172d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; import java.util.Date; @@ -48,7 +49,9 @@ import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -156,11 +159,14 @@ public class MOAMetadataProvider implements MetadataProvider { } else if ( MiscUtil.isNotEmpty(metadataurl) && !providersinuse.containsKey(metadataurl) ) { //PVP2 OA is new, add it to MOAMetadataProvider + Logger.info("Loading metadata for: " + oa.getFriendlyName()); httpProvider = createNewHTTPMetaDataProvider( pvp2Config.getMetadataURL(), pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataurl, httpProvider); @@ -266,7 +272,9 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider = createNewHTTPMetaDataProvider( metadataURL, pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, metadataURL, + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataURL, httpProvider); @@ -305,7 +313,19 @@ public class MOAMetadataProvider implements MetadataProvider { timestamp = new Date(); } - private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) { + private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException { + MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); + + if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) { + Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType())); + + } + + return filterChain; + } + + private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) { HTTPMetadataProvider httpProvider = null; Timer timer= null; @@ -321,8 +341,9 @@ public class MOAMetadataProvider implements MetadataProvider { // TODO: use proper SSL checking - MetadataFilter filter = new MetadataSignatureFilter( - metadataURL, certificate); + if (filter == null) { + filter = new MetadataFilterChain(metadataURL, certificate); + } httpProvider.setMetadataFilter(filter); httpProvider.initialize(); |