From 37ffa16c121e5be8ad3c060b007ed200359007ea Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 2 Jul 2014 12:44:45 +0200 Subject: actually, STORK response processing does not verify the signature of signedDoc attribute --> check if signature verification response exists. --- .../moa/id/auth/builder/AuthenticationDataBuilder.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index c0e1dd3ca..9af2f5ee5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants { authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); + + if (verifyXMLSigResp != null) { + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + + } else { + Logger.warn("No signature verfication response found!"); + + } + authData.setBkuURL(session.getBkuURL()); authData.setStorkAttributes(session.getStorkAttributes()); -- cgit v1.2.3