diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-07-02 12:44:45 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-07-02 12:44:45 +0200 |
commit | 37ffa16c121e5be8ad3c060b007ed200359007ea (patch) | |
tree | 003d47d4e6fb14141ac2237f304bb8357a035fb9 /id/server/idserverlib | |
parent | 7886beb95d7aeeb6439d81c09f297f0c4fceeb8c (diff) | |
download | moa-id-spss-37ffa16c121e5be8ad3c060b007ed200359007ea.tar.gz moa-id-spss-37ffa16c121e5be8ad3c060b007ed200359007ea.tar.bz2 moa-id-spss-37ffa16c121e5be8ad3c060b007ed200359007ea.zip |
actually, STORK response processing does not verify the signature of signedDoc attribute
--> check if signature verification response exists.
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c0e1dd3ca..9af2f5ee5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); + + if (verifyXMLSigResp != null) { + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + + } else { + Logger.warn("No signature verfication response found!"); + + } + authData.setBkuURL(session.getBkuURL()); authData.setStorkAttributes(session.getStorkAttributes()); |