From 28f2f98fa819bee7aab0c6ec0c8327f53417a3b5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 3 Apr 2020 14:36:08 +0200
Subject: fix possible nullPointerException CAdES verification lib in case of
 CAdES signature contains no certificate

---
 .../invoke/VerifyCMSSignatureResponseBuilder.java  | 46 ++++++++++++----------
 1 file changed, 26 insertions(+), 20 deletions(-)

(limited to 'moaSig')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 2b2e2cf..37abc58 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -85,12 +85,10 @@ public class VerifyCMSSignatureResponseBuilder {
   public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode, List adesResults, 
 		  ExtendedCertificateCheckResult extendedCertificateCheckResult, TslInfos tslInfos, boolean extendedVerification)
     throws MOAException {
+	
 	  
-    CertificateValidationResult certResult =
-      result.getCertificateValidationResult();
-    int signatureCheckCode =
-      result.getSignatureValueVerificationCode().intValue();
-    int certificateCheckCode = certResult.getValidationResultCode().intValue();
+	int signatureCheckCode = result.getSignatureValueVerificationCode().intValue();
+    CertificateValidationResult certResult = result.getCertificateValidationResult();    
          
     VerifyCMSSignatureResponseElement responseElement;
     SignerInfo signerInfo;
@@ -101,23 +99,31 @@ public class VerifyCMSSignatureResponseBuilder {
     
   //add signature algorithm name in case of extended validation
     String sigAlgName = null;
-    if (extendedVerification)
+    if (extendedVerification) {
     	sigAlgName = result.getSignatureAlgorithmName();
+    	
+    }
+    
+    //set code 99 if not certcheckresult exists
+    int certificateCheckCode = 99;
+    if (certResult != null) {
+    	certificateCheckCode = certResult.getValidationResultCode().intValue();
+           
+    	// add SignerInfo element
+    	signerInfo =
+    			factory.createSignerInfo(
+    					(X509Certificate) certResult.getCertificateChain().get(0),
+    					qualifiedCertificate,
+    					qcSourceTSL,
+    					certResult.isPublicAuthorityCertificate(),
+    					certResult.getPublicAuthorityID(),
+    					checkSSCD,
+    					sscdSourceTSL,
+    					issuerCountryCode,
+    					result.getSigningTime(),
+    					tslInfos);
+    }
     
-    // add SignerInfo element
-    signerInfo =
-      factory.createSignerInfo(
-        (X509Certificate) certResult.getCertificateChain().get(0),
-        qualifiedCertificate,
-        qcSourceTSL,
-        certResult.isPublicAuthorityCertificate(),
-        certResult.getPublicAuthorityID(),
-        checkSSCD,
-        sscdSourceTSL,
-        issuerCountryCode,
-        result.getSigningTime(),
-        tslInfos);
-
     // add SignatureCheck element
     signatureCheck = factory.createCheckResult(signatureCheckCode, null);
 
-- 
cgit v1.2.3