diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-13 08:53:18 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-13 08:53:18 +0200 |
commit | f7d20da1c2ab2a952ae64a9447f189bfafd4e2a5 (patch) | |
tree | bbad40cfa5fcb16a0fafce92a3b5d59e79bd7a9e /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | |
parent | f274f348b3989b9b46e6ab596a60e6846495c3d3 (diff) | |
download | moa-id-spss-f7d20da1c2ab2a952ae64a9447f189bfafd4e2a5.tar.gz moa-id-spss-f7d20da1c2ab2a952ae64a9447f189bfafd4e2a5.tar.bz2 moa-id-spss-f7d20da1c2ab2a952ae64a9447f189bfafd4e2a5.zip |
new test credentials include a certificate with a test OID as x509 extension
add test OID checks
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e7abf0f9a..44453afe3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -414,17 +414,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = (oaParam.getBusinessService()) ? true - : false; - // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - ignoreManifestValidationResult); + oaParam); session.setIdentityLink(identityLink); // now validate the extended infoboxes @@ -1214,10 +1209,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - false); + oaParam); // Compare AuthBlock Data with information stored in session, especially // date and time |