diff options
author | hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2007-08-22 09:27:06 +0000 |
---|---|---|
committer | hbratko <hbratko@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2007-08-22 09:27:06 +0000 |
commit | d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f (patch) | |
tree | aa500c11c631ea575ad950a234c2501c2b4e06c8 /id/server/idserverlib/src | |
parent | 00121a68675e85aa30c38036bc15e118e08b920f (diff) | |
download | moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.gz moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.tar.bz2 moa-id-spss-d9b88fbf8fb8afacf1701c6558ca6177ccc6e17f.zip |
Evaluate result from signature manifest check and throw exception if an error code is returned (tranforms within signature do not match expected transforms from profile) - only in the case of AUTHBlock verification.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@923 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 1f2ebc37c..d5650b897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -92,9 +92,12 @@ public class VerifyXMLSignatureResponseValidator { } - // TODO See Bug #322 - // Check result of SignatureManifestCheck - + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not if (identityLinkSignersSubjectDNNames != null) { |