From 6b79e38bc56d239ad4d1b3f4d52a2e74e6daf45d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 7 Feb 2017 12:27:50 +0100
Subject: fix some bugs in eIDAS SAML-engine metadata generator

---
 .../id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java   | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
index 171d5c8e2..8faaf1874 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAeIDASMetadataGenerator.java
@@ -477,7 +477,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
 
         X509Certificate decryptionCertificate = engine.getDecryptionCertificate();
         if (null != decryptionCertificate) {
-            params.setEncryptionCredential(CertificateUtil.toCredential(decryptionCertificate));
+            params.setSpEncryptionCredential(CertificateUtil.toCredential(decryptionCertificate));
         }
         params.setSigningCredential(CertificateUtil.toCredential(engine.getSigningCertificate()));
         params.setIdpEngine(engine);
@@ -542,7 +542,10 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
             Set<String> signatureMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
             Set<String> digestMethods = new HashSet<String>();
             for (String signatureMethod : signatureMethods) {
-                digestMethods.add(CertificateUtil.validateDigestAlgorithm(signatureMethod));
+            	
+            	//BUGFIX: eIDAS implementation does not allow MGF1 signature schemes
+            	digestMethods.add(signatureMethod);
+            	//digestMethods.add(CertificateUtil.validateDigestAlgorithm(signatureMethod));
             }
             for (String digestMethod : digestMethods) {
                 final DigestMethod dm = (DigestMethod) BuilderFactoryUtil.buildXmlObject(DigestMethod.DEF_ELEMENT_NAME);
@@ -581,7 +584,7 @@ public class MOAeIDASMetadataGenerator extends MetadataGenerator {
         generateDigest(eidasExtensions);
 
         if (!StringUtils.isEmpty(params.getSigningMethods())) {
-            Set<String> signMethods = EIDASUtil.parseSemicolonSeparatedList(params.getDigestMethods());
+            Set<String> signMethods = EIDASUtil.parseSemicolonSeparatedList(params.getSigningMethods());
             for (String signMethod : signMethods) {
                 final SigningMethod sm =
                         (SigningMethod) BuilderFactoryUtil.buildXmlObject(SigningMethod.DEF_ELEMENT_NAME);
-- 
cgit v1.2.3