diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java | 115 |
1 files changed, 94 insertions, 21 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java index 42282f208..b78c2f264 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.util.Iterator; import java.util.List; import org.opensaml.saml2.metadata.EntitiesDescriptor; @@ -10,13 +11,34 @@ import org.opensaml.xml.signature.SignatureValidator; import org.opensaml.xml.validation.ValidationException; import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.logging.Logger; public class EntityVerifier { - public static void verify(EntityDescriptor entityDescriptor) throws MOAIDException { + + public static byte[] fetchSavedCredential(String entityID) { + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); + while (oaIt.hasNext()) { + OnlineApplication oa = oaIt.next(); + if (oa.getPublicURLPrefix().equals(entityID)) { + OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); + if (pvp2Config != null) { + return pvp2Config.getCertificate(); + } + } + } + return null; + } + + public static void verify(EntityDescriptor entityDescriptor) + throws MOAIDException { if (entityDescriptor.getSignature() == null) { throw new SAMLRequestNotSignedException(); } @@ -28,22 +50,71 @@ public class EntityVerifier { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); } - - Credential credential = CredentialProvider.getSPTrustedCredential(entityDescriptor.getEntityID()); - if(credential == null) { + + Credential credential = CredentialProvider + .getSPTrustedCredential(entityDescriptor.getEntityID()); + if (credential == null) { throw new NoCredentialsException(entityDescriptor.getEntityID()); } - + SignatureValidator sigValidator = new SignatureValidator(credential); try { - sigValidator.validate(entityDescriptor.getSignature()); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntityDescriptor entityDescriptor, Credential cred) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntitiesDescriptor entityDescriptor, + Credential cred) throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { Logger.error("Failed to verfiy Signature", e); throw new SAMLRequestNotSignedException(e); } } - - public static void verify(EntitiesDescriptor entityDescriptor) throws MOAIDException { + + public static void verify(EntitiesDescriptor entityDescriptor) + throws MOAIDException { if (entityDescriptor.getSignature() == null) { throw new SAMLRequestNotSignedException(); } @@ -56,32 +127,34 @@ public class EntityVerifier { throw new SAMLRequestNotSignedException(e); } - List<EntityDescriptor> entities = entityDescriptor.getEntityDescriptors(); - + List<EntityDescriptor> entities = entityDescriptor + .getEntityDescriptors(); + if (entities.size() > 0) { - + if (entities.size() > 1) { Logger.warn("More then one EntityID in Metadatafile with Name " - + entityDescriptor.getName() + " defined. Actually only the first" + + entityDescriptor.getName() + + " defined. Actually only the first" + " entryID is used to select the certificate to perform Metadata verification."); } - - Credential credential = CredentialProvider.getSPTrustedCredential(entities.get(0).getEntityID()); - - if(credential == null) { + + Credential credential = CredentialProvider + .getSPTrustedCredential(entities.get(0).getEntityID()); + + if (credential == null) { throw new NoCredentialsException("moaID IDP"); } - + SignatureValidator sigValidator = new SignatureValidator(credential); try { sigValidator.validate(entityDescriptor.getSignature()); - + } catch (ValidationException e) { Logger.error("Failed to verfiy Signature", e); throw new SAMLRequestNotSignedException(e); - } + } } } - - + } |