Skip to content

NFC-171 Validate signing cert chain, formats and configured origin#121

Open
SanderKondratjevNortal wants to merge 2 commits into
web-eid-mobilefrom
NFC-171
Open

NFC-171 Validate signing cert chain, formats and configured origin#121
SanderKondratjevNortal wants to merge 2 commits into
web-eid-mobilefrom
NFC-171

Conversation

@SanderKondratjevNortal

@SanderKondratjevNortal SanderKondratjevNortal commented Jun 15, 2026

Copy link
Copy Markdown

Signed-off-by: Sander Kondratjev sander.kondratjev@nortal.com

@SanderKondratjevNortal
NFC-171 Validate signing cert chain, formats and configured origin
7e05359 
Signed-off-by: Sander Kondratjev <sander.kondratjev@nortal.com>
@SanderKondratjevNortal SanderKondratjevNortal changed the base branch from main to web-eid-mobile June 15, 2026 12:29
mrts
mrts requested changes Jun 16, 2026
View reviewed changes
Comment thread example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java

var challenge = nonceGenerator.generateAndStoreNonce();

String loginUri = ServletUriComponentsBuilder.fromCurrentContextPath()

@mrts mrts Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without .fromCurrentContextPath() deploying the example under a non-root context path will no longer work. If this is intended, it should be documented in README.

@SanderKondratjevNortal SanderKondratjevNortal Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will be added to readme in different task: The mobile authentication and signing example uses the configured web-eid-auth-token.validation.local-origin value when constructing mobile callback URIs. The example assumes that the application is deployed under the root context path (/). If deploying under a non-root context path, adjust the callback URI construction accordingly.

Comment thread src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion1Validator.java

@Override
public boolean supports(String format) {
return format != null && format.startsWith(getSupportedFormatPrefix());

@mrts mrts Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As documented in README.md, minor versions must be backward-compatible within the major version, this will reject future compatible web-eid:1.x tokens.

@SanderKondratjevNortal SanderKondratjevNortal Jun 17, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, updated the code and tests.

@SanderKondratjevNortal
NFC-171 Allow compatible Web eID minor versions
134adf4 
Signed-off-by: Sander Kondratjev <sander.kondratjev@nortal.com>
@sonarqubecloud

sonarqubecloud Bot commented Jun 17, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrts mrts Awaiting requested review from mrts

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SanderKondratjevNortal @mrts