aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java41
1 files changed, 34 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index f0ae6f446..ed0cf9c62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -25,7 +25,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import iaik.x509.X509Certificate;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -69,13 +71,17 @@ public class MetadataSignatureFilter implements MetadataFilter {
while(entID.hasNext()) {
processEntitiesDescriptor(entID.next());
}
-
+
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
-
- //check every Entity
+
+ List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
+
+ //check every Entity
+
while(entIT.hasNext()) {
EntityDescriptor entity = entIT.next();
+
String entityID = entity.getEntityID();
//CHECK if Entity also match MetaData signature.
@@ -92,17 +98,31 @@ public class MetadataSignatureFilter implements MetadataFilter {
EntityVerifier.verify(desc, entityCrendential);
+ //add entity to verified entity-list
+ verifiedEntIT.add(entity);
+
} catch (Exception e) {
- throw new MOAIDException("The App", null, e);
+
+ //remove entity of signature can not be verified.
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity verification error: " + e.getMessage());
+// throw new MOAIDException("The App", null, e);
}
} else {
- throw new NoCredentialsException("NO Certificate found for OA " + entityID);
+ //remove entity if it is not registrated as OA
+ Logger.info("Entity " + entityID + " is removed from metadata "
+ + desc.getName() + ". Entity is not registrated or no certificate is found!");
+// throw new NoCredentialsException("NO Certificate found for OA " + entityID);
}
-
+
//TODO: insert to support signed Entity-Elements
//processEntityDescriptorr(entIT.next());
- }
+ }
+
+ //set only verified entity elements
+ desc.getEntityDescriptors().clear();
+ desc.getEntityDescriptors().addAll(verifiedEntIT);
}
public void doFilter(XMLObject metadata) throws FilterException {
@@ -114,6 +134,13 @@ public class MetadataSignatureFilter implements MetadataFilter {
}
processEntitiesDescriptor(entitiesDescriptor);
+
+ if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
+ throw new MOAIDException("No valid entity in metadata "
+ + entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
+ }
+
+
} else if (metadata instanceof EntityDescriptor) {
EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
processEntityDescriptorr(entityDescriptor);