diff options
-rw-r--r-- | src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java | 83 |
1 files changed, 74 insertions, 9 deletions
diff --git a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java index 6fffa84..8855b86 100644 --- a/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java +++ b/src/main/java/at/knowcenter/wag/egov/egiz/sig/SignatureObject.java @@ -749,15 +749,26 @@ public class SignatureObject implements Serializable }
// take rdn from textual representation
RDNValuePair rdnVP = (RDNValuePair) rdnList.get(i);
- result.append(rdnVP.getRdn()).append("=");
- // take value from certificate but make sure that we do not have a BER encoding
- if (rdnVP.getValue().startsWith("#")) {
- // BER encoding -> take value from text representation
- result.append(rdnVP.getValue());
- } else {
- // no BER encoding -> take value from certificate
- result.append(values[values.length - 1 - i].getAVA().getValueAsString());
- }
+ // Note: Do not take RDN from extraction but from certificate
+ // (Bug-Fix for EMAIL/EMAILADDRESS problem in ZID documents)
+
+ // take value from certificate but make sure that we do not have a
+ // BER encoding
+ if (rdnVP.getValue().startsWith("#")) {
+
+ // take rdn from textual representation
+ result.append(rdnVP.getRdn()).append("=");
+ // BER encoding -> take value from text representation
+ result.append(rdnVP.getValue());
+ } else {
+ // no BER encoding -> take value from certificate
+ // also take RDN from certificate if possible
+ String certValue = values[values.length - 1 - i].getAVA()
+ .getValueAsString();
+ String rdn = resolveRDN(nameFromCertificate, certValue, rdnVP.getRdn());
+ result.append(rdn + "=").append(certValue);
+ }
+
}
String merged = result.toString();
if (logger_.isDebugEnabled()) {
@@ -776,6 +787,60 @@ public class SignatureObject implements Serializable }
/**
+ * This method tries to resolve the RDN corresponding to a given value from the certificate String.
+ * As values might occur multiple times for different RDNs, an unambiguous resolving cannot be assured.
+ * In case of ambiguity, the RDN extracted from text is returned by default.
+ *
+ * This method is a bug fix for a problem that caused the verification of ZID documents to fail as the RDN
+ * from the extracted text ("EMAILADDRESS") was different to the RDN in the certificate ("EMAIL")
+ *
+ * @param certString
+ * The String obtained from the certificate
+ * @param value
+ * The RDN's value
+ * @param extractedRDN
+ * The RDN extracted from the given text
+ * @return
+ * The resolved RDN from the certificate, or the RDN from text extraction
+ */
+ private static String resolveRDN(String certString, String value, String extractedRDN) {
+
+ if(!certString.contains(value)) {
+
+ // given value cannot be found in certificate string
+ return extractedRDN;
+ }
+
+ if(certString.indexOf(value) != certString.lastIndexOf(value)) {
+
+ // given value is ambiguous - cannot resolve RDN from certificate string
+ return extractedRDN;
+ }
+
+ String[] parts = certString.split(",|;");
+ String val = value.trim();
+
+ for(int i=0; i<parts.length; i++) {
+
+ String part = parts[i].trim();
+
+ if(part.endsWith(val)) {
+
+ // found entry - extract RDN
+ String[] components = part.split("=");
+ if(components.length != 2) {
+ // unexpected format - return default
+ return extractedRDN;
+ }
+ String rdn = components[0].trim();
+ return rdn;
+ }
+ }
+ // default
+ return extractedRDN;
+ }
+
+ /**
* @return Returns the SignationIssuer.
*/
public String getSignationIssuer()
|