diff options
| author | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2007-01-18 14:29:56 +0000 |
|---|---|---|
| committer | harald.bratko <harald.bratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2007-01-18 14:29:56 +0000 |
| commit | c51641d057e5db708ef90bee2da271532da6d939 (patch) | |
| tree | af9ab7e97d38c90cc315642b7f18ddc47e89f145 /id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | |
| parent | 64967f241e637a13f157f207f6b132efe1383f3d (diff) | |
| download | moa-id-spss-c51641d057e5db708ef90bee2da271532da6d939.tar.gz moa-id-spss-c51641d057e5db708ef90bee2da271532da6d939.tar.bz2 moa-id-spss-c51641d057e5db708ef90bee2da271532da6d939.zip | |
.) OID check for identity link signer certificates (needed for certificates after february 19th 2007)
.) hard coded subjectDN check for identity link signer certificates (for certificates before february 19th 2007) to make configuration entries optional
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@788 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java')
| -rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 15d21b4b9..190b2cef9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -1,5 +1,8 @@ package at.gv.egovernment.moa.id.auth; +import iaik.asn1.ObjectID; + + /** * Constants used throughout moa-id-auth component. * @@ -50,6 +53,24 @@ public interface MOAIDAuthConstants { public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate"; /** Header Value for controlling the caching mechanism of the browser */ public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0"; - + /** + * the identity link signer X509Subject names of those identity link signer certificates + * not including the identity link signer OID. The authorisation for signing the identity + * link must be checked by using their issuer names. After february 19th 2007 the OID of + * the certificate will be used fo checking the authorisation for signing identity links. + */ + public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = + new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", + "CN=zmr,OU=BMI-IV-2,O=BMI,C=AT", + "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; + /** + * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" + */ + public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; + /** + * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); + * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 + */ + public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); } |