javacommons/security/src/midpauthenticationmoduleimpl.cpp
branchRCL_3
changeset 65 ae942d28ec0e
parent 60 6c158198356e
child 66 2455ef1f5bbc
equal deleted inserted replaced
60:6c158198356e 65:ae942d28ec0e
   478             // allow installing with not yet valid certificates
   478             // allow installing with not yet valid certificates
   479             if (KCertNotYetValidFailure == ret_code)
   479             if (KCertNotYetValidFailure == ret_code)
   480             {
   480             {
   481                 if (JavaCommonUtils::isFirstBoot())
   481                 if (JavaCommonUtils::isFirstBoot())
   482                 {
   482                 {
   483                     ret_code = KCertAndSignatureOk;
   483                     // from the underlaying/openssl services point of view this
       
   484                     // is a failure. In order to behave like everything is ok,
       
   485                     // compute the root hash now so there is no need later to 
       
   486                     // contact the underlaying/openssl services 
       
   487                     // -> treat the last certificate from the chain as the user 
       
   488                     // certificate
       
   489                     X509 *user_cert = NULL;
       
   490                     if (no_certs > 0)
       
   491                     {
       
   492                         user_cert = SecurityUtils::readCert(cert_chain[no_certs-1], strlen(cert_chain[no_certs-1]), PEM);
       
   493                     }
       
   494                     if (user_cert != NULL)
       
   495                     {
       
   496                         sprintf(root_hash,"%08lX",X509_issuer_name_hash(user_cert));
       
   497                         X509_free(user_cert);
       
   498                         ret_code = KCertAndSignatureOk;
       
   499                     }
   484                 }
   500                 }
   485             }
   501             }
   486 
   502 
   487             if (KCertAndSignatureOk != ret_code)
   503             if (KCertAndSignatureOk != ret_code)
   488             {
   504             {
   517                 break;
   533                 break;
   518             }
   534             }
   519         }
   535         }
   520 
   536 
   521         // compute the root hash value if requested
   537         // compute the root hash value if requested
   522         sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer));
   538         if (x509_ctx->current_issuer != NULL)
       
   539         {
       
   540             sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer));
       
   541         }
   523         // add the '\0'
   542         // add the '\0'
   524         root_hash[MD5_DIGEST_LEN] = '\0';
   543         root_hash[MD5_DIGEST_LEN] = '\0';
   525 
   544 
   526         // 1. get the public key of the signing cert
   545         // 1. get the public key of the signing cert
   527         // 2. decode the provided signature using the signing cert's public key
   546         // 2. decode the provided signature using the signing cert's public key