diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index d3acf9351..42282f208 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.util.List; + import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.security.SAMLSignatureProfileValidator; @@ -53,18 +55,31 @@ public class EntityVerifier { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); } + + List<EntityDescriptor> entities = entityDescriptor.getEntityDescriptors(); - Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getName()); - if(credential == null) { - throw new NoCredentialsException("moaID IDP"); - } + if (entities.size() > 0) { + + if (entities.size() > 1) { + Logger.warn("More then one EntityID in Metadatafile with Name " + + entityDescriptor.getName() + " defined. Actually only the first" + + " entryID is used to select the certificate to perform Metadata verification."); + } + + Credential credential = CredentialProvider.getSPTrustedCredential(entities.get(0).getEntityID()); + + if(credential == null) { + throw new NoCredentialsException("moaID IDP"); + } - SignatureValidator sigValidator = new SignatureValidator(credential); - try { - sigValidator.validate(entityDescriptor.getSignature()); - } catch (ValidationException e) { - Logger.error("Failed to verfiy Signature", e); - throw new SAMLRequestNotSignedException(e); + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(entityDescriptor.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } } } |