From 2f880e1903fb24a32979d894967666b9406820a3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 12 Aug 2016 11:51:33 +0200 Subject: workaround for eIDAS metadata signature validation during reload operation. (Because metadata isSigned() flag in MOASPMetadataSignatureFilter.class is always false, if already loaded metadata are checked) --- .../modules/eidas/engine/MOAeIDASChainingMetadataProvider.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv') diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index ca36b5ee5..7fb0dbb5f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -18,7 +18,6 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; -import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; @@ -151,9 +150,11 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi List nonValidMetadataProvider = new ArrayList(); for (HTTPMetadataProvider provider : loadedproviders.values()) { try { - provider.getMetadataFilter().doFilter(provider.getMetadata()); + provider.refresh(); - } catch (FilterException | MetadataProviderException e) { + //provider.getMetadataFilter().doFilter(provider.getMetadata()); + + } catch (MetadataProviderException e) { Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI() + " is not valid any more. Reason:" + e.getMessage()); if (Logger.isDebugEnabled()) -- cgit v1.2.3