aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java41
1 files changed, 36 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index fb1f08132..ffc3f9b29 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -14,6 +14,8 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -48,11 +50,37 @@ public class MetadataSignatureFilter implements MetadataFilter {
}
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
-
-
- //TODO: check this!!!!
- while(entID.hasNext()) {
- processEntityDescriptorr(entIT.next());
+
+ //check every Entity
+ while(entIT.hasNext()) {
+
+ EntityDescriptor entity = entIT.next();
+ String entityID = entity.getEntityID();
+
+ //CHECK if Entity also match MetaData signature.
+ /*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
+ byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
+
+ if (entityCert != null) {
+
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(entityCert);
+ BasicX509Credential entityCrendential = new BasicX509Credential();
+ entityCrendential.setEntityCertificate(cert);
+
+ EntityVerifier.verify(desc, entityCrendential);
+
+ } catch (Exception e) {
+ throw new MOAIDException("The App", null, e);
+ }
+
+ } else {
+ throw new NoCredentialsException("NO Certificate found for OA " + entityID);
+ }
+
+ //TODO: insert to support signed Entity-Elements
+ //processEntityDescriptorr(entIT.next());
}
}
@@ -70,6 +98,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
} */else {
throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
+
+ ConfigurationDBUtils.closeSession();
+
Logger.info("Metadata Filter done OK");
} catch (MOAIDException e) {
e.printStackTrace();
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 17:04:29 +0000