.) OID check for identity link signer certificates (needed for certificates after february 19th 2007)

.) hard coded subjectDN check for identity link signer certificates (for certificates before february 19th 2007) to make configuration entries optional


git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@788 d688527b-c9ab-4aba-bd8d-4036d912da1d

2 files changed, 21 insertions, 12 deletions

diff --git a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
index 6a9aee0ca..ebb29c26d 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -22,6 +22,7 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.Schema;
 import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -383,13 +384,13 @@ public class ConfigurationBuilder {
 
 
   /**
-   * Return a string array containing all X509 Subject Names 
+   * Returns a list containing all X509 Subject Names 
    * of the Identity Link Signers
-   * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+   * @return a list containing the configured identity-link signer X509 subject names
    */
-  public String[] getIdentityLink_X509SubjectNames() {
+  public List getIdentityLink_X509SubjectNames() {
 
-    List x509SubjectNameList = new ArrayList();
+    Vector x509SubjectNameList = new Vector();
     NodeIterator x509Iter =
       XPathUtils.selectNodeIterator(
         configElem_,
@@ -397,14 +398,20 @@ public class ConfigurationBuilder {
     Element x509Elem;
 
     while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
-
       String vtInfoIDs = DOMUtils.getText(x509Elem);
       x509SubjectNameList.add(vtInfoIDs);
     }
-    String[] result = new String[x509SubjectNameList.size()];
-    x509SubjectNameList.toArray(result);
-
-    return result;
+    
+    // now add the default identity link signers
+    String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
+    for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
+      String identityLinkSigner = identityLinkSignersWithoutOID[i];
+      if (!x509SubjectNameList.contains(identityLinkSigner)) {
+        x509SubjectNameList.add(identityLinkSigner);
+      }
+    }
+   
+    return x509SubjectNameList;
   }
 
   /**
diff --git a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index e45d7cba8..b4af6592c 100644
--- a/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id.server/src/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -6,6 +6,8 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.MalformedURLException;
+import java.util.List;
+
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
@@ -117,7 +119,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   /**
    * X509 SubjectNames which will be trusted
    */
-  private String[] identityLinkX509SubjectNames;
+  private List identityLinkX509SubjectNames;
   /**
    * default parameters for verifying additional infoboxes.
    */
@@ -370,9 +372,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 
   /**
    * Returns the identityLinkX509SubjectNames.
-   * @return String[]
+   * @return List
    */
-  public String[] getIdentityLinkX509SubjectNames() {
+  public List getIdentityLinkX509SubjectNames() {
     return identityLinkX509SubjectNames;
   }