From f18f6318f7233b336ea2653f183460f17d6562f0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Nov 2017 08:13:51 +0100 Subject: update logging --- .../gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 2 ++ .../pvp2x/verification/metadata/MetadataSignatureFilter.java | 12 ++++++------ .../pvp2x/verification/metadata/PVPEntityCategoryFilter.java | 11 ++++++++--- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 216d7a8b1..cdb85c563 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -259,6 +259,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); } catch (MOAIDException e) { + String samlRequest = req.getParameter("SAMLRequest"); + Logger.info("Receive INVALID protocol request: " + samlRequest); throw e; } catch (Throwable e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index 679bdd10f..589713c4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -22,8 +22,6 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; -import iaik.x509.X509Certificate; - import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Iterator; @@ -31,16 +29,15 @@ import java.util.List; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; import at.gv.egovernment.moa.logging.Logger; +import iaik.x509.X509Certificate; public class MetadataSignatureFilter implements MetadataFilter { @@ -87,8 +84,9 @@ public class MetadataSignatureFilter implements MetadataFilter { //CHECK if Entity also match MetaData signature. /*This check is necessary to prepend declaration of counterfeit OA metadata!!*/ + Logger.debug("Validate metadata for entityID: " + entityID + " ..... "); byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID); - + if (entityCert != null) { X509Certificate cert; @@ -99,8 +97,10 @@ public class MetadataSignatureFilter implements MetadataFilter { EntityVerifier.verify(desc, entityCrendential); - //add entity to verified entity-list + //add entity to verified entity-list verifiedEntIT.add(entity); + Logger.debug("Metadata for entityID: " + entityID + " valid"); + } catch (Exception e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java index ed96f1962..caabfea30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java @@ -112,6 +112,7 @@ public class PVPEntityCategoryFilter implements MetadataFilter { if (extensions != null) { List listOfExt = extensions.getUnknownXMLObjects(); if (listOfExt != null && !listOfExt.isEmpty()) { + Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements "); for (XMLObject el : listOfExt) { Logger.trace("Find ExtensionElement: " + el.getElementQName().toString()); if (el instanceof EntityAttributes) { @@ -150,9 +151,13 @@ public class PVPEntityCategoryFilter implements MetadataFilter { Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!"); } - } - } - } + } + + } else + Logger.trace("'Extension' element is 'null' or empty"); + + } else + Logger.trace("No 'Extension' element found"); } -- cgit v1.2.3