equal
deleted
inserted
replaced
13 * |
13 * |
14 * Description: |
14 * Description: |
15 * |
15 * |
16 */ |
16 */ |
17 |
17 |
18 |
18 #include "javacommonutils.h" |
19 #include "javajniutils.h" |
19 #include "javajniutils.h" |
20 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h" |
20 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h" |
21 #include "midpauthenticationmodule.h" |
21 #include "midpauthenticationmodule.h" |
22 #include "midpauthenticationmoduleimpl.h" |
22 #include "midpauthenticationmoduleimpl.h" |
23 #include "storagehandler.h" |
23 #include "storagehandler.h" |
470 |
470 |
471 // verify certificate |
471 // verify certificate |
472 if (X509_verify_cert(x509_ctx) != 1) |
472 if (X509_verify_cert(x509_ctx) != 1) |
473 { |
473 { |
474 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
474 ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx)); |
475 break; |
475 // If the secure time of the device has not yet been set |
|
476 // to correct value (This can happen some times during |
|
477 // the first device boot), |
|
478 // allow installing with not yet valid certificates |
|
479 if (KCertNotYetValidFailure == ret_code) |
|
480 { |
|
481 if (JavaCommonUtils::isFirstBoot()) |
|
482 { |
|
483 ret_code = KCertAndSignatureOk; |
|
484 } |
|
485 } |
|
486 |
|
487 if (KCertAndSignatureOk != ret_code) |
|
488 { |
|
489 break; |
|
490 } |
476 } |
491 } |
477 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
492 // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing) |
478 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
493 // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension) |
479 EXTENDED_KEY_USAGE *extKeyUsage; |
494 EXTENDED_KEY_USAGE *extKeyUsage; |
480 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |
495 if ((extKeyUsage=(EXTENDED_KEY_USAGE*)X509_get_ext_d2i(end_entity_cert, NID_ext_key_usage, NULL, NULL)) != NULL) |