SAML SP metadata validation error #529 - fix

GluuFederation · May 3, 2017 · 764d5fc · 764d5fc
1 parent d310b28
commit 764d5fc
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 17 deletions.
diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/MetadataValidationTimer.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/MetadataValidationTimer.java
@@ -4,9 +4,6 @@
  * Copyright (c) 2014, Gluu
  */
 
-/**
- * 
- */
 package org.gluu.oxtrust.ldap.service;
 
 import java.io.File;
@@ -139,10 +136,10 @@ private boolean validateMetadata(String shib3IdpTempmetadataFolder, String shib3
 				tr.setValidationStatus(GluuValidationStatus.VALIDATION);
 				TrustService.instance().updateTrustRelationship(tr);
 
-				GluuErrorHandler handler = null;
+				GluuErrorHandler errorHandler = null;
 				List<String> validationLog = null;
 				try {
-					handler = Shibboleth3ConfService.validateMetadata(new FileInputStream(metadata));
+					errorHandler = Shibboleth3ConfService.validateMetadata(new FileInputStream(metadata));
 				} catch (Exception e) {
 					tr.setValidationStatus(GluuValidationStatus.VALIDATION_FAILED);
 					tr.setStatus(GluuStatus.INACTIVE);
@@ -154,8 +151,8 @@ private boolean validateMetadata(String shib3IdpTempmetadataFolder, String shib3
 
 					return false;
 				}
-				if (handler.isValid()) {
-					tr.setValidationLog(handler.getLog());
+				if (errorHandler.isValid()) {
+					tr.setValidationLog(errorHandler.getLog());
 					tr.setValidationStatus(GluuValidationStatus.VALIDATION_SUCCESS);
 					if (((!target.exists()) || target.delete()) && (!metadata.renameTo(target))) {
 						log.error("Failed to move metadata file to location:" + target.getAbsolutePath());
@@ -198,8 +195,8 @@ private boolean validateMetadata(String shib3IdpTempmetadataFolder, String shib3
 
 					TrustService.instance().updateTrustRelationship(tr);
 					result = true;
-				}else if(applicationConfiguration.isIgnoreValidation()){
-					tr.setValidationLog(new ArrayList<String>(new HashSet<String>(handler.getLog())));
+				} else if(applicationConfiguration.isIgnoreValidation() || errorHandler.isInternalError()){
+					tr.setValidationLog(new ArrayList<String>(new HashSet<String>(errorHandler.getLog())));
 					tr.setValidationStatus(GluuValidationStatus.VALIDATION_FAILED);
 					if( (( ! target.exists() ) ||  target.delete()) && ( ! metadata.renameTo(target) )){
 						log.error("Failed to move metadata file to location:" + target.getAbsolutePath());
@@ -228,10 +225,21 @@ private boolean validateMetadata(String shib3IdpTempmetadataFolder, String shib3
 					if(! duplicatesSet.isEmpty()){
 						validationLog.add("This metadata contains multiple instances of entityId: " + Arrays.toString(duplicatesSet.toArray()));
 					}
-					TrustService.instance().updateTrustRelationship(tr);
+
+                                        if (errorHandler.isInternalError()) {
+                                            validationLog = tr.getValidationLog();
+
+                                            validationLog.add("Warning: cannot validate metadata. Check internet connetion ans www.w3.org availability.");
+
+                                            // update log with warning
+                                            for (String warningLogMessage : errorHandler.getLog()) 
+                                                validationLog.add("Warning: " + warningLogMessage);
+                                        }
+
+                                        TrustService.instance().updateTrustRelationship(tr);
 					result = true;
 				} else {
-					tr.setValidationLog(new ArrayList<String>(new HashSet<String>(handler.getLog())));
+					tr.setValidationLog(new ArrayList<String>(new HashSet<String>(errorHandler.getLog())));
 					tr.setValidationStatus(GluuValidationStatus.VALIDATION_FAILED);
 					tr.setStatus(GluuStatus.INACTIVE);
 					TrustService.instance().updateTrustRelationship(tr);

diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth3ConfService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth3ConfService.java
@@ -1382,12 +1382,20 @@ public boolean generateMetadataFiles(GluuSAMLTrustRelationship gluuSP) {
          * @return GluuErrorHandler
 	 */
 	public static GluuErrorHandler validateMetadata(InputStream stream) throws ParserConfigurationException, SAXException, IOException {
-
-		String idpTemplatesLocation = OxTrustConfiguration.instance().getIDPTemplatesLocation();
-		// String schemaDir = OxTrustConfiguration.DIR + "shibboleth3" + File.separator + "idp" + File.separator + "schema" + File.separator;
-		String schemaDir = idpTemplatesLocation + "shibboleth3" + File.separator + "idp" + File.separator + "schema" + File.separator;
-		Schema schema = SchemaBuilder.buildSchema(SchemaLanguage.XML, schemaDir);
-
+                Schema schema;
+                try {
+                    String idpTemplatesLocation = OxTrustConfiguration.instance().getIDPTemplatesLocation();
+                    // String schemaDir = OxTrustConfiguration.DIR + "shibboleth3" + File.separator + "idp" + File.separator + "schema" + File.separator;
+                    String schemaDir = idpTemplatesLocation + "shibboleth3" + File.separator + "idp" + File.separator + "schema" + File.separator;
+                    schema = SchemaBuilder.buildSchema(SchemaLanguage.XML, schemaDir);
+                } catch (Exception e) {
+                    // Schema build error 
+                    final List<String> validationLog = new ArrayList<String>();
+                    validationLog.add(GluuErrorHandler.SCHEMA_CREATING_ERROR_MESSAGE);
+                    validationLog.add(e.getMessage());
+                    // return internal error
+                    return new GluuErrorHandler(false, true, validationLog);
+                }
 		return XMLValidator.validateMetadata(stream, schema);
 	}