From 23201ce112d9aa132783f984e0765c0cacca95a5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jun 2018 06:25:12 +0200
Subject: update SL20 module and add an additional jUnit test

---
 .../id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java |  2 +-
 .../modules/sl20_auth/sl20/SL20JSONExtractorUtils.java    | 15 ++++++---------
 .../auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java  |  9 +++++++++
 3 files changed, 16 insertions(+), 10 deletions(-)

(limited to 'id/server/modules/moa-id-module-sl20_authentication/src/main/java')

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index c95e0b731..a5696d36d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -148,7 +148,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			jws.setKey(signPrivKey);
 			
 			//TODO:
-			//jws.setCertificateChainHeaderValue(signCertChain);
+			jws.setCertificateChainHeaderValue(signCertChain);
 			jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]);
 						
 			return jws.getCompactSerialization();
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index fa52634a3..0dc2e762d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -172,16 +172,10 @@ public class SL20JSONExtractorUtils {
 		
 		if (result == null && encryptedResult == null)
 			throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");		
-		
-		else if (result == null && encryptedResult == null) 
-			throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice");
-		
+				
 		else if (encryptedResult == null && mustBeEncrypted)
 			throw new SLCommandoParserException("result MUST be signed.");
-		
-		else if (result != null)
-			return result;
-		
+				
 		else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) {
 			try {
 				return decrypter.decryptPayload(encryptedResult.getAsString());
@@ -200,7 +194,10 @@ public class SL20JSONExtractorUtils {
 					throw e;	
 				
 			}
-			
+
+		} else if (result != null) {
+				return result;
+
 		} else
 			throw new SLCommandoParserException("Internal build error");
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index bb66f452a..2f062b71d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -140,6 +140,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					String ccsURL  = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL);					
 					String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA);
 					
+					
+					
+					if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) 
+							|| MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) {
+						Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes.");
+						throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes.");
+						
+					}
+					
 					//cache qualified eID data into pending request
 					pendingReq.setGenericDataToSession(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
-- 
cgit v1.2.3