From 37ffa16c121e5be8ad3c060b007ed200359007ea Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 2 Jul 2014 12:44:45 +0200
Subject: actually, STORK response processing does not verify the signature of
 signedDoc attribute  --> check if signature verification response exists.

---
 .../moa/id/auth/builder/AuthenticationDataBuilder.java | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index c0e1dd3ca..9af2f5ee5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -478,11 +478,19 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
 		authData.setGivenName(identityLink.getGivenName());
 		authData.setFamilyName(identityLink.getFamilyName());
 		authData.setDateOfBirth(identityLink.getDateOfBirth());
-		authData.setQualifiedCertificate(verifyXMLSigResp
-				.isQualifiedCertificate());
-		authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
-		authData.setPublicAuthorityCode(verifyXMLSigResp
-				.getPublicAuthorityCode());
+		
+		if (verifyXMLSigResp != null) {
+			authData.setQualifiedCertificate(verifyXMLSigResp
+					.isQualifiedCertificate());
+			authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+			authData.setPublicAuthorityCode(verifyXMLSigResp
+					.getPublicAuthorityCode());
+			
+		} else {
+			Logger.warn("No signature verfication response found!");
+			
+		}
+		
 		authData.setBkuURL(session.getBkuURL());
 		
 		authData.setStorkAttributes(session.getStorkAttributes());
-- 
cgit v1.2.3