Skip to content

NFC-171 Validate signing cert chain, formats and configured origin#121

Open
SanderKondratjevNortal wants to merge 1 commit into
web-eid-mobilefrom
NFC-171
Open

NFC-171 Validate signing cert chain, formats and configured origin#121
SanderKondratjevNortal wants to merge 1 commit into
web-eid-mobilefrom
NFC-171

Conversation

@SanderKondratjevNortal

@SanderKondratjevNortal SanderKondratjevNortal commented Jun 15, 2026

Copy link
Copy Markdown

Signed-off-by: Sander Kondratjev sander.kondratjev@nortal.com

@SanderKondratjevNortal
NFC-171 Validate signing cert chain, formats and configured origin
7e05359 
Signed-off-by: Sander Kondratjev <sander.kondratjev@nortal.com>
@SanderKondratjevNortal SanderKondratjevNortal changed the base branch from main to web-eid-mobile June 15, 2026 12:29
@sonarqubecloud

sonarqubecloud Bot commented Jun 15, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

mrts
mrts requested changes Jun 16, 2026
View reviewed changes
Comment thread example/src/main/java/eu/webeid/example/security/WebEidMobileAuthInitFilter.java

var challenge = nonceGenerator.generateAndStoreNonce();

String loginUri = ServletUriComponentsBuilder.fromCurrentContextPath()

@mrts mrts Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without .fromCurrentContextPath() deploying the example under a non-root context path will no longer work. If this is intended, it should be documented in README.

Comment thread src/main/java/eu/webeid/security/validator/versionvalidators/AuthTokenVersion1Validator.java

@Override
public boolean supports(String format) {
return format != null && format.startsWith(getSupportedFormatPrefix());

@mrts mrts Jun 16, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As documented in README.md, minor versions must be backward-compatible within the major version, this will reject future compatible web-eid:1.x tokens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrts mrts mrts requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SanderKondratjevNortal @mrts