aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java115
1 files changed, 94 insertions, 21 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 42282f208..b78c2f264 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.util.Iterator;
import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
@@ -10,13 +11,34 @@ import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.logging.Logger;
public class EntityVerifier {
- public static void verify(EntityDescriptor entityDescriptor) throws MOAIDException {
+
+ public static byte[] fetchSavedCredential(String entityID) {
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ OnlineApplication oa = oaIt.next();
+ if (oa.getPublicURLPrefix().equals(entityID)) {
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null) {
+ return pvp2Config.getCertificate();
+ }
+ }
+ }
+ return null;
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor)
+ throws MOAIDException {
if (entityDescriptor.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
@@ -28,22 +50,71 @@ public class EntityVerifier {
Logger.error("Failed to validate Signature", e);
throw new SAMLRequestNotSignedException(e);
}
-
- Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getEntityID());
- if(credential == null) {
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entityDescriptor.getEntityID());
+ if (credential == null) {
throw new NoCredentialsException(entityDescriptor.getEntityID());
}
-
+
SignatureValidator sigValidator = new SignatureValidator(credential);
try {
- sigValidator.validate(entityDescriptor.getSignature());
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntityDescriptor entityDescriptor, Credential cred)
+ throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to verfiy Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+ }
+
+ public static void verify(EntitiesDescriptor entityDescriptor,
+ Credential cred) throws MOAIDException {
+ if (entityDescriptor.getSignature() == null) {
+ throw new SAMLRequestNotSignedException();
+ }
+
+ try {
+ SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entityDescriptor.getSignature());
+ } catch (ValidationException e) {
+ Logger.error("Failed to validate Signature", e);
+ throw new SAMLRequestNotSignedException(e);
+ }
+
+ SignatureValidator sigValidator = new SignatureValidator(cred);
+ try {
+ sigValidator.validate(entityDescriptor.getSignature());
+
} catch (ValidationException e) {
Logger.error("Failed to verfiy Signature", e);
throw new SAMLRequestNotSignedException(e);
}
}
-
- public static void verify(EntitiesDescriptor entityDescriptor) throws MOAIDException {
+
+ public static void verify(EntitiesDescriptor entityDescriptor)
+ throws MOAIDException {
if (entityDescriptor.getSignature() == null) {
throw new SAMLRequestNotSignedException();
}
@@ -56,32 +127,34 @@ public class EntityVerifier {
throw new SAMLRequestNotSignedException(e);
}
- List<EntityDescriptor> entities = entityDescriptor.getEntityDescriptors();
-
+ List<EntityDescriptor> entities = entityDescriptor
+ .getEntityDescriptors();
+
if (entities.size() > 0) {
-
+
if (entities.size() > 1) {
Logger.warn("More then one EntityID in Metadatafile with Name "
- + entityDescriptor.getName() + " defined. Actually only the first"
+ + entityDescriptor.getName()
+ + " defined. Actually only the first"
+ " entryID is used to select the certificate to perform Metadata verification.");
}
-
- Credential credential = CredentialProvider.getSPTrustedCredential(entities.get(0).getEntityID());
-
- if(credential == null) {
+
+ Credential credential = CredentialProvider
+ .getSPTrustedCredential(entities.get(0).getEntityID());
+
+ if (credential == null) {
throw new NoCredentialsException("moaID IDP");
}
-
+
SignatureValidator sigValidator = new SignatureValidator(credential);
try {
sigValidator.validate(entityDescriptor.getSignature());
-
+
} catch (ValidationException e) {
Logger.error("Failed to verfiy Signature", e);
throw new SAMLRequestNotSignedException(e);
- }
+ }
}
}
-
-
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 10:45:29 +0000