1 files changed, 55 insertions, 103 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 public class EntityVerifier {
 
-	public static byte[] fetchSavedCredential(String entityID) {
-//		List<OnlineApplication> oaList = ConfigurationDBRead
-//				.getAllActiveOnlineApplications();
-		try { 
-			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-		
-			if (oa == null) {
-				Logger.debug("No OnlineApplication with EntityID: " + entityID);
-				return null;
-				
-			}
-			
-			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-			if (MiscUtil.isNotEmpty(certBase64)) {
-				return Base64Utils.decode(certBase64, false);
-			
-			}
-			
-		} catch (ConfigurationException | EAAFConfigurationException e) {
-			Logger.error("Access MOA-ID configuration FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-			
-		}
-		
-		return null;
-	}
-
 	public static void verify(EntityDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
+			throws EAAFException {
+		
 		Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
 		if (credential == null) {
 			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
-
-		SignatureValidator sigValidator = new SignatureValidator(credential);
-		try {
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to verfiy Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
+		
+		verify(entityDescriptor, credential);
+	
 	}
 
 	public static void verify(EntityDescriptor entityDescriptor, Credential cred)
-			throws MOAIDException {
+			throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -131,7 +86,7 @@ public class EntityVerifier {
 	}
 
 	public static void verify(EntitiesDescriptor entityDescriptor,
-			Credential cred) throws MOAIDException {
+			Credential cred) throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -153,55 +108,11 @@ public class EntityVerifier {
 			throw new SAMLRequestNotSignedException(e);
 		}
 	}
-
-	public static void verify(EntitiesDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
-		List<EntityDescriptor> entities = entityDescriptor
-				.getEntityDescriptors();
-
-		if (entities.size() > 0) {
-
-			if (entities.size() > 1) {
-				Logger.warn("More then one EntityID in Metadatafile with Name "
-						+ entityDescriptor.getName()
-						+ " defined. Actually only the first"
-						+ " entryID is used to select the certificate to perform Metadata verification.");
-			}
-
-			Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
-			if (credential == null) {
-				throw new NoCredentialsException("moaID IDP");
-			}
-
-			SignatureValidator sigValidator = new SignatureValidator(credential);
-			try {
-				sigValidator.validate(entityDescriptor.getSignature());
-
-			} catch (ValidationException e) {
-				Logger.error("Failed to verfiy Signature", e);
-				throw new SAMLRequestNotSignedException(e);
-			}
-		}
-	}
-	
+		
 	public static Credential getSPTrustedCredential(String entityID)
 			throws CredentialsNotAvailableException {
 
-		iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
-				.getTrustEntityCertificate(entityID);
+		iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
 		
 		if (cert == null) {
 			throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
 
 		return credential;
 	}
+	
+	private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+		
+		try {
+			Logger.trace("Load metadata signing certificate for online application " + entityID);
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
+			if (oaParam == null) {
+				Logger.info("Online Application with ID " + entityID + " not found!");
+				return null;
+			}
+		
+			String pvp2MetadataCertificateString = 
+					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
+			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+				return null;
+				
+			}	
+			
+			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+			return cert;
+			
+		} catch (CertificateException e) {
+			Logger.warn("Metadata signer certificate is not parsed.", e);
+			return null;
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		} catch (IOException e) {
+			Logger.warn("Metadata signer certificate is not decodeable.", e);
+			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		}
+	}
 
 }