diff options
Diffstat (limited to 'id/server/idserverlib/src')
2 files changed, 13 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 5f39abf73..ccaa7bbbb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -101,12 +103,13 @@ public class VerifyXMLSignatureResponseValidator { * manifest has to be ignored (identityLink validation if * the OA is a business service) or not * @throws ValidateException on any validation error + * @throws ConfigurationException */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, List<String> identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) - throws ValidateException { + throws ValidateException, ConfigurationException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) throw new ValidateException("validator.06", null); @@ -130,8 +133,10 @@ public class VerifyXMLSignatureResponseValidator { throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); } - //check QC - if (!verifyXMLSignatureResponse.isQualifiedCertificate()) + //check QC + if (AuthConfigurationProvider.getInstance().isCertifiacteQCActive() && + !whatToCheck.equals(CHECK_IDENTITY_LINK) && + !verifyXMLSignatureResponse.isQualifiedCertificate()) throw new ValidateException("validator.71", null); if (ignoreManifestValidationResult) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 8d1fc7979..8b5c8d796 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -1003,6 +1003,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return Boolean.valueOf(prop); } + public boolean isCertifiacteQCActive() { + String prop = props.getProperty("configuration.validation.certificate.QC.ignore", "false"); + return !Boolean.valueOf(prop); + } + /** * Retruns the STORK Configuration * @return STORK Configuration |