2 files changed, 13 insertions, 3 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 5f39abf73..ccaa7bbbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -101,12 +103,13 @@ public class VerifyXMLSignatureResponseValidator {
    *                                       manifest has to be ignored (identityLink validation if
    *                                       the OA is a business service) or not
    * @throws ValidateException on any validation error
+ * @throws ConfigurationException 
    */
   public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
                        List<String> identityLinkSignersSubjectDNNames, 
                        String whatToCheck,
                        boolean ignoreManifestValidationResult)
-    throws ValidateException {
+    throws ValidateException, ConfigurationException {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
       throw new ValidateException("validator.06", null);
@@ -130,8 +133,10 @@ public class VerifyXMLSignatureResponseValidator {
         throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
     }
     
-    //check QC
-    if (!verifyXMLSignatureResponse.isQualifiedCertificate())
+    //check QC 
+    if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() &&
+    		!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
+    		!verifyXMLSignatureResponse.isQualifiedCertificate())
         throw new ValidateException("validator.71", null);
     
     if (ignoreManifestValidationResult) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 8d1fc7979..8b5c8d796 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1003,6 +1003,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  return Boolean.valueOf(prop);
   }
   
+  public boolean isCertifiacteQCActive() {
+	  String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false");
+	  return !Boolean.valueOf(prop);	  
+  }
+  
   /**
    * Retruns the STORK Configuration
    * @return STORK Configuration