aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-eIDAS/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at')
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java3
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java132
2 files changed, 2 insertions, 133 deletions
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 965abcde1..55504dcb0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -178,7 +179,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
//add Metadata filters
MetadataFilterChain filter = new MetadataFilterChain();
- filter.addFilter(new MOAeIDASMetadataSignatureFilter(
+ filter.addFilter(new MOASPMetadataSignatureFilter(
authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
httpProvider.setMetadataFilter(filter);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
deleted file mode 100644
index c9f3e5bcd..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataSignatureFilter.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
-
-import java.io.IOException;
-import java.io.StringWriter;
-
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAeIDASMetadataSignatureFilter implements MetadataFilter {
-
- private String trustProfileID = null;
-
- /**
- *
- */
- public MOAeIDASMetadataSignatureFilter(String trustProfileID) {
- this.trustProfileID = trustProfileID;
-
- }
-
-
- /* (non-Javadoc)
- * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
- */
- @Override
- public void doFilter(XMLObject metadata) throws FilterException {
- if (metadata instanceof EntityDescriptor) {
- if (((EntityDescriptor) metadata).isSigned()) {
- EntityDescriptor entityDes = (EntityDescriptor) metadata;
- //check signature;
- try {
- Transformer transformer = TransformerFactory.newInstance()
- .newTransformer();
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(metadata.getDOM());
- transformer.transform(source, sr);
- sw.close();
- String metadataXML = sw.toString();
-
- SignatureVerificationUtils sigVerify =
- new SignatureVerificationUtils();
- VerifyXMLSignatureResponse result = sigVerify.verify(
- metadataXML.getBytes(), trustProfileID);
-
- //check signature-verification result
- if (result.getSignatureCheckCode() != 0) {
- Logger.warn("eIDAS Metadata signature-verification FAILED!"
- + " Metadata: " + entityDes.getEntityID()
- + " StatusCode:" + result.getSignatureCheckCode());
- throw new FilterException("eIDAS Metadata signature-verification FAILED!"
- + " Metadata: " + entityDes.getEntityID()
- + " StatusCode:" + result.getSignatureCheckCode());
-
- }
-
- if (result.getCertificateCheckCode() != 0) {
- Logger.warn("eIDAS Metadata certificate-verification FAILED!"
- + " Metadata: " + entityDes.getEntityID()
- + " StatusCode:" + result.getCertificateCheckCode());
- throw new FilterException("eIDAS Metadata certificate-verification FAILED!"
- + " Metadata: " + entityDes.getEntityID()
- + " StatusCode:" + result.getCertificateCheckCode());
-
- }
-
-
- } catch (MOAIDException | TransformerFactoryConfigurationError | TransformerException | IOException e) {
- Logger.error("eIDAS Metadata verification has an interal error.", e);
- throw new FilterException("eIDAS Metadata verification has an interal error."
- + " Message:" + e.getMessage());
-
- }
-
-
- } else {
- Logger.warn("eIDAS Metadata root-element MUST be signed.");
- throw new FilterException("eIDAS Metadata root-element MUST be signed.'");
-
- }
-
- } else {
- Logger.warn("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
- throw new FilterException("eIDAS Metadata root-element is not of type 'EntityDescriptor'");
-
- }
-
- }
-
-}