From a6189a32a78d2b3ed096356f6b7e0049c8870b21 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Apr 2015 16:59:25 +0200 Subject: update error handling in PVP metadata verification filter implemetations --- .../auth/pvp2/MetaDataVerificationFilter.java | 12 +++++---- .../validation/oa/OAPVP2ConfigValidation.java | 31 ++++++++++++++++------ 2 files changed, 30 insertions(+), 13 deletions(-) (limited to 'id/ConfigWebTool/src/main/java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java index 7bf2cf93f..104ea51f5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; public class MetaDataVerificationFilter implements MetadataFilter { @@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter { } - public void doFilter(XMLObject metadata) throws FilterException { + public void doFilter(XMLObject metadata) throws SignatureValidationException { + if (metadata instanceof EntitiesDescriptor) { EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; if(entitiesDescriptor.getSignature() == null) { - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed"); } try { processEntitiesDescriptor(entitiesDescriptor); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor"); } } if (metadata instanceof EntityDescriptor) { @@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter { EntityVerifier.verify(entity, this.credential); else - throw new FilterException("Root element of metadata file has to be signed", null); + throw new SignatureValidationException("Root element of metadata file has to be signed", null); } catch (MOAIDException e) { - throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index ba77b601b..37a170267 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.util.MiscUtil; @@ -181,15 +183,28 @@ public class OAPVP2ConfigValidation { } catch (MetadataProviderException e) { - - //TODO: check exception handling - if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { - log.info("SSL Server certificate not trusted.", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + try { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request)); + + } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); + } + + } catch (Exception e1) { + log.info("MetaDate verification failed", e1); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request)); - } else { - log.info("MetaDate verification failed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); } } finally { -- cgit v1.2.3