aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorhbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-08-22 09:27:06 +0000
committerhbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-08-22 09:27:06 +0000
commitd9b88fbf8fb8afacf1701c6558ca6177ccc6e17f (patch)
treeaa500c11c631ea575ad950a234c2501c2b4e06c8 /id/server/idserverlib/src/main
parent00121a68675e85aa30c38036bc15e118e08b920f (diff)
downloadmoa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.gz
moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.bz2
moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.zip
Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java9
1 files changed, 6 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 1f2ebc37c..d5650b897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator {
}
- // TODO See Bug #322
- // Check result of SignatureManifestCheck
-
+ // Check the signature manifest only when verifying the signed AUTHBlock
+ if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
+ if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
+ throw new ValidateException("validator.50", null);
+ }
+ }
//Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
if (identityLinkSignersSubjectDNNames != null) {