aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-03 14:36:08 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-04-03 14:36:08 +0200
commit28f2f98fa819bee7aab0c6ec0c8327f53417a3b5 (patch)
treeea36647e2cfd393be060a397467135ea4ef5a65b /moaSig/moa-sig-lib/src/main/java/at/gv
parent0e561e112e26057903ef995896340c1e5632913d (diff)
downloadmoa-sig-28f2f98fa819bee7aab0c6ec0c8327f53417a3b5.tar.gz
moa-sig-28f2f98fa819bee7aab0c6ec0c8327f53417a3b5.tar.bz2
moa-sig-28f2f98fa819bee7aab0c6ec0c8327f53417a3b5.zip
fix possible nullPointerException CAdES verification lib in case of CAdES signature contains no certificate
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java46
1 files changed, 26 insertions, 20 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 2b2e2cf..37abc58 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -85,12 +85,10 @@ public class VerifyCMSSignatureResponseBuilder {
public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults,
ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
throws MOAException {
+
- CertificateValidationResult certResult =
- result.getCertificateValidationResult();
- int signatureCheckCode =
- result.getSignatureValueVerificationCode().intValue();
- int certificateCheckCode = certResult.getValidationResultCode().intValue();
+ int signatureCheckCode = result.getSignatureValueVerificationCode().intValue();
+ CertificateValidationResult certResult = result.getCertificateValidationResult();
VerifyCMSSignatureResponseElement responseElement;
SignerInfo signerInfo;
@@ -101,23 +99,31 @@ public class VerifyCMSSignatureResponseBuilder {
//add signature algorithm name in case of extended validation
String sigAlgName = null;
- if (extendedVerification)
+ if (extendedVerification) {
sigAlgName = result.getSignatureAlgorithmName();
+
+ }
+
+ //set code 99 if not certcheckresult exists
+ int certificateCheckCode = 99;
+ if (certResult != null) {
+ certificateCheckCode = certResult.getValidationResultCode().intValue();
+
+ // add SignerInfo element
+ signerInfo =
+ factory.createSignerInfo(
+ (X509Certificate) certResult.getCertificateChain().get(0),
+ qualifiedCertificate,
+ qcSourceTSL,
+ certResult.isPublicAuthorityCertificate(),
+ certResult.getPublicAuthorityID(),
+ checkSSCD,
+ sscdSourceTSL,
+ issuerCountryCode,
+ result.getSigningTime(),
+ tslInfos);
+ }
- // add SignerInfo element
- signerInfo =
- factory.createSignerInfo(
- (X509Certificate) certResult.getCertificateChain().get(0),
- qualifiedCertificate,
- qcSourceTSL,
- certResult.isPublicAuthorityCertificate(),
- certResult.getPublicAuthorityID(),
- checkSSCD,
- sscdSourceTSL,
- issuerCountryCode,
- result.getSigningTime(),
- tslInfos);
-
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);