diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index 19176af1f..36dc2442c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -1,5 +1,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import iaik.x509.X509Certificate; + +import java.security.cert.CertificateException; import java.util.Iterator; import org.opensaml.saml2.metadata.EntitiesDescriptor; @@ -7,13 +10,29 @@ import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.logging.Logger; public class MetadataSignatureFilter implements MetadataFilter { + private String metadataURL; + private BasicX509Credential savedCredential; + + public MetadataSignatureFilter(String url, byte[] certificate) + throws CertificateException { + this.metadataURL = url; + X509Certificate cert = new X509Certificate(certificate); + savedCredential = new BasicX509Credential(); + savedCredential.setEntityCertificate(cert); + } + public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException { + + String entityID = desc.getEntityID(); + EntityVerifier.verify(desc); } @@ -21,7 +40,7 @@ public class MetadataSignatureFilter implements MetadataFilter { Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); if(desc.getSignature() != null) { - EntityVerifier.verify(desc); + EntityVerifier.verify(desc, this.savedCredential); } while(entID.hasNext()) { @@ -39,12 +58,15 @@ public class MetadataSignatureFilter implements MetadataFilter { try { if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new MOAIDException("Root element of metadata file has to be signed", null); + } processEntitiesDescriptor(entitiesDescriptor); - } else if (metadata instanceof EntityDescriptor) { + } /*else if (metadata instanceof EntityDescriptor) { EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; processEntityDescriptorr(entityDescriptor); - } else { - throw new MOAIDException("Invalid Metadata file", null); + } */else { + throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); } Logger.info("Metadata Filter done OK"); } catch (MOAIDException e) { |