add additional validation to SL20 module

1 files changed, 4 insertions, 1 deletions

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 698546a4f..90e19326e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
@@ -128,11 +129,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				
 				//TODO: validate results
+				IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+				
 				
 				
 				//add into session
 				defaultTaskInitialization(request, executionContext);
-				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
+				moasession.setIdentityLink(idl);
 				moasession.setBkuURL(ccsURL);
 				//TODO: from AuthBlock
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));