From 8e5e6d652d1f141daa5f289cedfc4e49ac232e64 Mon Sep 17 00:00:00 2001
From: Thomas Burnett <thburnett@users.noreply.github.com>
Date: Tue, 16 Apr 2024 15:28:16 +0200
Subject: [PATCH 1/2] Tillater TRANSFORM_C14N_EXCL_OMIT_COMMENTS i tillegg til
 TRANSFORM_C14N_OMIT_COMMENTS

---
 .../no/nav/emottak/ebms/validation/SignaturValidator.kt     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/validation/SignaturValidator.kt b/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/validation/SignaturValidator.kt
index 5ee4e416..c70fc7ba 100644
--- a/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/validation/SignaturValidator.kt
+++ b/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/validation/SignaturValidator.kt
@@ -100,7 +100,11 @@ private fun SignedInfo.validateReferences() {
                 }
                 if (!this.contains(Transforms.TRANSFORM_ENVELOPED_SIGNATURE)) throw SignatureException("Transform: ${Transforms.TRANSFORM_ENVELOPED_SIGNATURE} mangler! $this")
                 if (!this.contains(Transforms.TRANSFORM_XPATH)) log.warn("Transform: ${Transforms.TRANSFORM_XPATH} mangler! $this") // throw SignatureException(("Transform 2 har feil uri! ${reference.transforms.item(1).uri}"))
-                if (!this.contains(Transforms.TRANSFORM_C14N_OMIT_COMMENTS)) throw SignatureException(("Transform: ${Transforms.TRANSFORM_C14N_OMIT_COMMENTS} mangler! $this"))
+                if (!this.contains(Transforms.TRANSFORM_C14N_OMIT_COMMENTS) &&
+                    !this.contains(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)
+                ) {
+                    throw SignatureException(("Transform: ${Transforms.TRANSFORM_C14N_OMIT_COMMENTS} og ${Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS} mangler! $this"))
+                }
             }
         } else if (!uri.startsWith(CID_PREFIX)) throw SignatureException("Ugyldig URI $uri! Kun reference uri som starter med $CID_PREFIX er tillatt")
     }

From c6e0ab4ac1a1f0369c6f9d6c7500f6f370ff30d1 Mon Sep 17 00:00:00 2001
From: Ivan Skodje <ivanskodje@protonmail.com>
Date: Tue, 16 Apr 2024 16:01:55 +0200
Subject: [PATCH 2/2] added accessPolity to send-in prod

---
 .nais/ebms-send-in-prod.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.nais/ebms-send-in-prod.yaml b/.nais/ebms-send-in-prod.yaml
index f012981f..98125857 100644
--- a/.nais/ebms-send-in-prod.yaml
+++ b/.nais/ebms-send-in-prod.yaml
@@ -44,4 +44,7 @@ spec:
     paths:
         - kvPath: /serviceuser/data/dev/srvtokt
           mountPath: /secret/serviceuser
-
+  accessPolicy:
+    inbound:
+      rules:
+        - application: ebms-provider
\ No newline at end of file