aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java5
2 files changed, 13 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 5f39abf73..ccaa7bbbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -101,12 +103,13 @@ public class VerifyXMLSignatureResponseValidator {
* manifest has to be ignored (identityLink validation if
* the OA is a business service) or not
* @throws ValidateException on any validation error
+ * @throws ConfigurationException
*/
public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
List<String> identityLinkSignersSubjectDNNames,
String whatToCheck,
boolean ignoreManifestValidationResult)
- throws ValidateException {
+ throws ValidateException, ConfigurationException {
if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
throw new ValidateException("validator.06", null);
@@ -130,8 +133,10 @@ public class VerifyXMLSignatureResponseValidator {
throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
}
- //check QC
- if (!verifyXMLSignatureResponse.isQualifiedCertificate())
+ //check QC
+ if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() &&
+ !whatToCheck.equals(CHECK_IDENTITY_LINK) &&
+ !verifyXMLSignatureResponse.isQualifiedCertificate())
throw new ValidateException("validator.71", null);
if (ignoreManifestValidationResult) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8d1fc7979..8b5c8d796 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1003,6 +1003,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return Boolean.valueOf(prop);
}
+ public boolean isCertifiacteQCActive() {
+ String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
+ return !Boolean.valueOf(prop);
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 06:53:58 +0000