aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java30
1 files changed, 26 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index 19176af1f..36dc2442c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -1,5 +1,8 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import iaik.x509.X509Certificate;
+
+import java.security.cert.CertificateException;
import java.util.Iterator;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
@@ -7,13 +10,29 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
+ private String metadataURL;
+ private BasicX509Credential savedCredential;
+
+ public MetadataSignatureFilter(String url, byte[] certificate)
+ throws CertificateException {
+ this.metadataURL = url;
+ X509Certificate cert = new X509Certificate(certificate);
+ savedCredential = new BasicX509Credential();
+ savedCredential.setEntityCertificate(cert);
+ }
+
public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
+
+ String entityID = desc.getEntityID();
+
EntityVerifier.verify(desc);
}
@@ -21,7 +40,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
if(desc.getSignature() != null) {
- EntityVerifier.verify(desc);
+ EntityVerifier.verify(desc, this.savedCredential);
}
while(entID.hasNext()) {
@@ -39,12 +58,15 @@ public class MetadataSignatureFilter implements MetadataFilter {
try {
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new MOAIDException("Root element of metadata file has to be signed", null);
+ }
processEntitiesDescriptor(entitiesDescriptor);
- } else if (metadata instanceof EntityDescriptor) {
+ } /*else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);
- } else {
- throw new MOAIDException("Invalid Metadata file", null);
+ } */else {
+ throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
Logger.info("Metadata Filter done OK");
} catch (MOAIDException e) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 23:54:23 +0000