3 files changed, 23 insertions, 7 deletions

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
index f347022b8..d5b1a9e4e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAProtocolEngine.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.util.Collection;
+
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Response;
 import org.w3c.dom.Document;
@@ -26,9 +28,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public Correlated unmarshallResponse(byte[] responseBytes) throws EIDASSAMLEngineException {
+	public Correlated unmarshallResponse(byte[] responseBytes, Collection<String> metadataWhitelist, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallResponse(responseBytes);
+			return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 			
 		} catch (EIDASSAMLEngineException e) {
 			if (responseBytes != null ) {
@@ -45,7 +47,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 				
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Response ...");
-					return super.unmarshallResponse(responseBytes);
+					return super.unmarshallResponse(responseBytes, metadataWhitelist, checkWhitelist);
 					
 				}
 				Logger.info("eIDAS metadata refresh not possible or not successful.");
@@ -61,9 +63,9 @@ public class MOAProtocolEngine extends ProtocolEngine {
 	 * 
 	 */
 	@Override
-	public AuthnRequest unmarshallRequest(byte[] requestBytes) throws EIDASSAMLEngineException {
+	public AuthnRequest unmarshallRequest(byte[] requestBytes, Collection<String> whitelistMetadata, boolean checkWhitelist) throws EIDASSAMLEngineException {
 		try {
-			return super.unmarshallRequest(requestBytes);
+			return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 			
 			
 		} catch (EIDASSAMLEngineException e) {
@@ -81,7 +83,7 @@ public class MOAProtocolEngine extends ProtocolEngine {
 
 				if (startInternalMetadataRefesh(entityID)) {
 					Logger.debug("Metadata refresh success. Revalidate eIDAS Authn. Request ...");
-					return super.unmarshallRequest(requestBytes);
+					return super.unmarshallRequest(requestBytes, whitelistMetadata, checkWhitelist);
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 1788facf0..274a23674 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -57,11 +57,14 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 						
 			//validate SAML token
+			//TODO: maybe add whitelist
 			IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, 
 					request.getRemoteHost(), 
 					Constants.CONFIG_PROPS_SKEWTIME_BEFORE, 
 					Constants.CONFIG_PROPS_SKEWTIME_AFTER,
-					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+					pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA,
+					null,
+					false);
 												
 			if (samlResp.isEncrypted()) {
 				Logger.info("Received encrypted eIDAS SAML-Response.");
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 6d20caa4b..b000c317e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eid4u.api.attributes.Definitions;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -112,6 +113,16 @@ public class SAMLEngineUtils {
 				SAMLSchemaBuilder.addExtensionSchema(
 						at.gv.egovernment.moa.util.Constants.SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
 				
+				//add eID4U schemes
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_CORE_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_PERSON_EXTENSIONS_SCHEMA_LOCATION);
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_STUDIES_EXTENSIONS_SCHEMA_LOCATION);				
+				SAMLSchemaBuilder.addExtensionSchema(
+						Definitions.SAML2_eID4U_EXT_EUROPASS3_EXTENSIONS_SCHEMA_LOCATION);
+				
 				eIDASEngine = engine;
 				
 			} catch (EIDASSAMLEngineException | ConfigurationException e) {