Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-08-22 09:27:06 +0000
committer: hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2007-08-22 09:27:06 +0000
commit: d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f (patch)
tree: aa500c11c631ea575ad950a234c2501c2b4e06c8 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator
parent: 00121a68675e85aa30c38036bc15e118e08b920f (diff)
download: moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.gz
moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.bz2
moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 1f2ebc37c..d5650b897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator {
     }
     
     
-    // TODO See Bug #322
-    // Check result of SignatureManifestCheck
-    
+    // Check the signature manifest only when verifying the signed AUTHBlock
+    if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
+      if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
+        throw new ValidateException("validator.50", null);
+      }
+    }
     
     //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
     if (identityLinkSignersSubjectDNNames != null) {
author	hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-08-22 09:27:06 +0000
committer	hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2007-08-22 09:27:06 +0000
commit	d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f (patch)
tree	aa500c11c631ea575ad950a234c2501c2b4e06c8 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator
parent	00121a68675e85aa30c38036bc15e118e08b920f (diff)
download	moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.gz moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.bz2 moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.zip