zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

app sig key

Browse source
This commit is contained in:
anhefti 2022-11-14 15:06:30 +01:00
parent d34d4ae22b
commit 9381cf7eb0
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/institution/impl/SecurityKeyServiceImpl.java
View file

@ -14,6 +14,7 @@ import java.util.List;
import java.util.Objects; import java.util.Objects;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -183,8 +184,19 @@ public class SecurityKeyServiceImpl implements SecurityKeyService {
saveSignatureKeyForConnection(clientConnection, appSignatureKey); saveSignatureKeyForConnection(clientConnection, appSignatureKey);
} }
// no signature, no check, no grant // check can only be applied if exam is known, no signature, no check, no grant
if (StringUtils.isBlank(signature)) { if (clientConnection.examId == null || StringUtils.isBlank(signature)) {
return false;
}
// if signature check is not enabled, skip
if (!this.additionalAttributesDAO.getAdditionalAttribute(
EntityType.EXAM,
clientConnection.examId,
ADDITIONAL_ATTR_SIGNATURE_KEY_CHECK_ENABLED)
.map(attr -> BooleanUtils.toBoolean(attr.getValue()))
.getOr(false).booleanValue()) {
return false; return false;
} }