2 files changed, 11 insertions, 7 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.util.Collection;
+
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Response;
 import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+	public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallResponse(responseBytes);
+			return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 			
 		} catch (EIDASSAMLEngineException e) {
 			if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 				
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
-					return super.unmarshallResponse(responseBytes);
+					return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 					
 				}
 				Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+	public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallRequest(requestBytes);
+			return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 			
 			
 		} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
-					return super.unmarshallRequest(requestBytes);
+					return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index aca818532..feeff6f84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -440,7 +440,9 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider imp
 					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
 					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
+							PVPConstants.SSLSOCKETFACTORYNAME,
+							basicConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
 							moaAuthConfig.getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE,