aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java78
1 files changed, 78 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
new file mode 100644
index 000000000..36dc2442c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+
+import iaik.x509.X509Certificate;
+
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class MetadataSignatureFilter implements MetadataFilter {
+
+ private String metadataURL;
+ private BasicX509Credential savedCredential;
+
+ public MetadataSignatureFilter(String url, byte[] certificate)
+ throws CertificateException {
+ this.metadataURL = url;
+ X509Certificate cert = new X509Certificate(certificate);
+ savedCredential = new BasicX509Credential();
+ savedCredential.setEntityCertificate(cert);
+ }
+
+ public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
+
+ String entityID = desc.getEntityID();
+
+ EntityVerifier.verify(desc);
+ }
+
+ public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ EntityVerifier.verify(desc, this.savedCredential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entID.hasNext()) {
+ processEntityDescriptorr(entIT.next());
+ }
+ }
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ try {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new MOAIDException("Root element of metadata file has to be signed", null);
+ }
+ processEntitiesDescriptor(entitiesDescriptor);
+ } /*else if (metadata instanceof EntityDescriptor) {
+ EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
+ processEntityDescriptorr(entityDescriptor);
+ } */else {
+ throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ }
+ Logger.info("Metadata Filter done OK");
+ } catch (MOAIDException e) {
+ e.printStackTrace();
+ throw new FilterException(e);
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 08:54:02 +0000