diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-21 12:14:24 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-21 12:14:24 +0100 |
commit | 902bfea4afd98046fd1327942b8f5de96edaceb3 (patch) | |
tree | 0d6c3cf18f148b1c5956272eef01772545362678 | |
parent | 740e0755f8093fb0a14a8273b487379c04ec19d3 (diff) | |
download | moa-id-spss-902bfea4afd98046fd1327942b8f5de96edaceb3.tar.gz moa-id-spss-902bfea4afd98046fd1327942b8f5de96edaceb3.tar.bz2 moa-id-spss-902bfea4afd98046fd1327942b8f5de96edaceb3.zip |
add QC validation
2 files changed, 5 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 0d39a4bc5..5f39abf73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -130,6 +130,10 @@ public class VerifyXMLSignatureResponseValidator { throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); } + //check QC + if (!verifyXMLSignatureResponse.isQualifiedCertificate()) + throw new ValidateException("validator.71", null); + if (ignoreManifestValidationResult) { Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); } else { diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index ec787d745..0cb431df1 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -192,6 +192,7 @@ validator.67=Der Specialtext ({0}) stimmt nicht mit dem f\u00FCr diese Applikati validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.
validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).
validator.70=Das einmale Tokken im signierten AuthBlock ({0}) stimmt nicht mit dem von generierten Tokken ({1}) \u00FCberein.
+validator.71=Das Signaturzertifikat ist nicht qualifiziert.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
|