Commit 13c0a6bd authored by Tobias Wich's avatar Tobias Wich
Browse files

Rename eservice cert check to eid server cert check

parent acda274c
......@@ -33,7 +33,7 @@ import org.openecard.crypto.tls.CertificateVerifier;
*
* @author Tobias Wich
*/
public class SaveEServiceCertHandler implements CertificateVerifier {
public class SaveEidServerCertHandler implements CertificateVerifier {
boolean firstCert = true;
......@@ -42,7 +42,7 @@ public class SaveEServiceCertHandler implements CertificateVerifier {
if (firstCert) {
firstCert = false;
DynamicContext dynCtx = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
dynCtx.put(TR03112Keys.ESERVICE_CERTIFICATE, chain);
dynCtx.put(TR03112Keys.EIDSERVER_CERTIFICATE, chain);
}
}
......
......@@ -38,7 +38,7 @@ public class TR03112Keys {
public static final String CONNECTION_HANDLE = "connection_handle";
public static final String SAME_CHANNEL = "same_channel";
public static final String ESERVICE_CERTIFICATE_DESC = "eservice_certificate_description";
public static final String ESERVICE_CERTIFICATE = "eservice_certificate";
public static final String EIDSERVER_CERTIFICATE = "eservice_certificate";
public static final String TCTOKEN_URL = "TCTokenURL";
public static final String TCTOKEN_SERVER_CERTIFICATES = "tctoken_server_certificates";
public static final String IS_REFRESH_URL_VALID = "is_refresh_url_valid";
......
......@@ -175,7 +175,7 @@ public class TlsConnectionHandler {
// make sure nobody changes the server when the connection gets reestablished
tlsAuth.addCertificateVerifier(new SameCertVerifier());
// save eService certificate for use in EAC
tlsAuth.addCertificateVerifier(new SaveEServiceCertHandler());
tlsAuth.addCertificateVerifier(new SaveEidServerCertHandler());
// set the authentication class in the tls client
tlsClient.setAuthentication(tlsAuth);
......
......@@ -436,7 +436,7 @@ public class PACEStep implements ProtocolStep<DIDAuthenticate, DIDAuthenticateRe
/**
* Perform all checks as described in BSI TR-03112-7 3.4.4.
*
* @param certDescription CertificateDescription of the eService Certificate
* @param certDescription CertificateDescription of the eService CV Certificate
* @param dynCtx Dynamic Context
* @return a {@link Result} set according to the results of the checks
*/
......@@ -444,9 +444,9 @@ public class PACEStep implements ProtocolStep<DIDAuthenticate, DIDAuthenticateRe
Object tokenChecks = dynCtx.get(TR03112Keys.TCTOKEN_CHECKS);
// omit these checks if explicitly disabled
if (convertToBoolean(tokenChecks)) {
boolean checkPassed = checkEserviceCertificate(certDescription, dynCtx);
boolean checkPassed = checkEidServerCertificate(certDescription, dynCtx);
if (! checkPassed) {
String msg = "Hash of eService certificate is NOT contained in the CertificateDescription.";
String msg = "Hash of eID-Server certificate is NOT contained in the CertificateDescription.";
// TODO check for the correct minor type
Result r = WSHelper.makeResultError(ECardConstants.Minor.SAL.PREREQUISITES_NOT_SATISFIED, msg);
return r;
......@@ -492,17 +492,17 @@ public class PACEStep implements ProtocolStep<DIDAuthenticate, DIDAuthenticateRe
}
}
private boolean checkEserviceCertificate(CertificateDescription certDescription, DynamicContext dynCtx) {
private boolean checkEidServerCertificate(CertificateDescription certDescription, DynamicContext dynCtx) {
Boolean sameChannel = (Boolean) dynCtx.get(TR03112Keys.SAME_CHANNEL);
if (Boolean.TRUE.equals(sameChannel)) {
LOG.debug("eService certificate is not check explicitly due to attached eID-Server case.");
LOG.debug("eID-Server certificate is not check explicitly due to attached eID-Server case.");
return true;
} else {
TlsServerCertificate certificate = (TlsServerCertificate) dynCtx.get(TR03112Keys.ESERVICE_CERTIFICATE);
TlsServerCertificate certificate = (TlsServerCertificate) dynCtx.get(TR03112Keys.EIDSERVER_CERTIFICATE);
if (certificate != null) {
return TR03112Utils.isInCommCertificates(certificate, certDescription.getCommCertificates(), "eService");
return TR03112Utils.isInCommCertificates(certificate, certDescription.getCommCertificates(), "eID-Server");
} else {
LOG.error("No eService TLS Certificate set in Dynamic Context.");
LOG.error("No eID-Server TLS Certificate set in Dynamic Context.");
return false;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment