diff --git a/pom.xml b/pom.xml index 9739035..ff4bc68 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ 17 3.2.5 - 3.0.1 + 3.0.2-SNAPSHOT 5.3.0 1.44 3.4.2 diff --git a/src/main/java/eu/webeid/example/security/WebEidAuthentication.java b/src/main/java/eu/webeid/example/security/WebEidAuthentication.java index 59ab2a7..c039007 100644 --- a/src/main/java/eu/webeid/example/security/WebEidAuthentication.java +++ b/src/main/java/eu/webeid/example/security/WebEidAuthentication.java @@ -22,15 +22,16 @@ package eu.webeid.example.security; +import eu.webeid.security.certificate.CertificateData; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; -import eu.webeid.security.certificate.CertificateData; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.List; import java.util.Objects; +import java.util.Optional; public class WebEidAuthentication extends PreAuthenticatedAuthenticationToken implements Authentication { @@ -38,7 +39,8 @@ public class WebEidAuthentication extends PreAuthenticatedAuthenticationToken im public static Authentication fromCertificate(X509Certificate userCertificate, List authorities) throws CertificateEncodingException { final String principalName = getPrincipalNameFromCertificate(userCertificate); - final String idCode = Objects.requireNonNull(CertificateData.getSubjectIdCode(userCertificate)); + final String idCode = CertificateData.getSubjectIdCode(userCertificate) + .orElseThrow(() -> new CertificateEncodingException("Certificate does not contain subject ID code")); return new WebEidAuthentication(principalName, idCode, authorities); } @@ -52,12 +54,15 @@ private WebEidAuthentication(String principalName, String idCode, List givenName = CertificateData.getSubjectGivenName(userCertificate); + final Optional surname = CertificateData.getSubjectSurname(userCertificate); + + if (givenName.isPresent() && surname.isPresent()) { + return givenName.get() + ' ' + surname.get(); + } else { // Organization certificates do not have given name and surname fields. - return Objects.requireNonNull(CertificateData.getSubjectCN(userCertificate)); + return CertificateData.getSubjectCN(userCertificate) + .orElseThrow(() -> new CertificateEncodingException("Certificate does not contain subject CN")); } } diff --git a/src/main/java/eu/webeid/example/service/SigningService.java b/src/main/java/eu/webeid/example/service/SigningService.java index e96af33..507b4b3 100644 --- a/src/main/java/eu/webeid/example/service/SigningService.java +++ b/src/main/java/eu/webeid/example/service/SigningService.java @@ -90,15 +90,17 @@ private HttpSession currentSession() { * @return data to be signed */ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentication authentication) throws CertificateException, NoSuchAlgorithmException, IOException { - X509Certificate certificate = certificateDTO.toX509Certificate(); - if (!authentication.getIdCode().equals(CertificateData.getSubjectIdCode(certificate))) { + final X509Certificate certificate = certificateDTO.toX509Certificate(); + final String signingIdCode = CertificateData.getSubjectIdCode(certificate) + .orElseThrow(() -> new RuntimeException("Certificate does not contain subject ID code")); + if (!signingIdCode.equals(authentication.getIdCode())) { throw new IllegalArgumentException("Authenticated subject ID code differs from " + "signing certificate subject ID code"); } - FileDTO fileDTO = FileDTO.getExampleForSigningFromResources(); - Container containerToSign = getContainerToSign(fileDTO); - String containerName = generateContainerName(fileDTO.getName()); + final FileDTO fileDTO = FileDTO.getExampleForSigningFromResources(); + final Container containerToSign = getContainerToSign(fileDTO); + final String containerName = generateContainerName(fileDTO.getName()); currentSession().setAttribute(SESSION_ATTR_CONTAINER, containerToSign); currentSession().setAttribute(SESSION_ATTR_FILE, fileDTO); @@ -113,7 +115,7 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic "' is not supported. Supported algorithms are: " + String.join(", ", certificateDTO.getSupportedHashFunctionNames())); } - DataToSign dataToSign = SignatureBuilder + final DataToSign dataToSign = SignatureBuilder .aSignature(containerToSign) .withSignatureProfile(SignatureProfile.LT) // AIA OCSP is supported for signatures with LT or LTA profile. .withSigningCertificate(certificate) @@ -127,7 +129,7 @@ public DigestDTO prepareContainer(CertificateDTO certificateDTO, WebEidAuthentic final byte[] digest = signatureDigestAlgorithm.getDssDigestAlgorithm().getMessageDigest() .digest(dataToSign.getDataToSign()); - DigestDTO digestDTO = new DigestDTO(); + final DigestDTO digestDTO = new DigestDTO(); digestDTO.setHash(DatatypeConverter.printBase64Binary(digest)); digestDTO.setHashFunction(digestAlgorithmName);