From 902bfea4afd98046fd1327942b8f5de96edaceb3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 21 Mar 2014 12:14:24 +0100
Subject: add QC validation

---
 .../moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java    | 4 ++++
 .../src/main/resources/resources/properties/id_messages_de.properties | 1 +
 2 files changed, 5 insertions(+)

(limited to 'id/server')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 0d39a4bc5..5f39abf73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -130,6 +130,10 @@ public class VerifyXMLSignatureResponseValidator {
         throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
     }
     
+    //check QC
+    if (!verifyXMLSignatureResponse.isQualifiedCertificate())
+        throw new ValidateException("validator.71", null);
+    
     if (ignoreManifestValidationResult) {
       Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
     } else {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index ec787d745..0cb431df1 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -192,6 +192,7 @@ validator.67=Der Specialtext ({0}) stimmt nicht mit dem f\u00FCr diese Applikati
 validator.68=SigningTime im AUTH-Block konnte nicht eruiert werden.
 validator.69=SigningTime im AUTH-Block und Serverzeit weichen zu stark ab ({0}).
 validator.70=Das einmale Tokken im signierten AuthBlock ({0}) stimmt nicht mit dem von generierten Tokken ({1}) \u00FCberein.
+validator.71=Das Signaturzertifikat ist nicht qualifiziert.
 
 ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
 
-- 
cgit v1.2.3