equal
deleted
inserted
replaced
478 // allow installing with not yet valid certificates |
478 // allow installing with not yet valid certificates |
479 if (KCertNotYetValidFailure == ret_code) |
479 if (KCertNotYetValidFailure == ret_code) |
480 { |
480 { |
481 if (JavaCommonUtils::isFirstBoot()) |
481 if (JavaCommonUtils::isFirstBoot()) |
482 { |
482 { |
483 ret_code = KCertAndSignatureOk; |
483 // from the underlaying/openssl services point of view this |
|
484 // is a failure. In order to behave like everything is ok, |
|
485 // compute the root hash now so there is no need later to |
|
486 // contact the underlaying/openssl services |
|
487 // -> treat the last certificate from the chain as the user |
|
488 // certificate |
|
489 X509 *user_cert = NULL; |
|
490 if (no_certs > 0) |
|
491 { |
|
492 user_cert = SecurityUtils::readCert(cert_chain[no_certs-1], strlen(cert_chain[no_certs-1]), PEM); |
|
493 } |
|
494 if (user_cert != NULL) |
|
495 { |
|
496 sprintf(root_hash,"%08lX",X509_issuer_name_hash(user_cert)); |
|
497 X509_free(user_cert); |
|
498 ret_code = KCertAndSignatureOk; |
|
499 } |
484 } |
500 } |
485 } |
501 } |
486 |
502 |
487 if (KCertAndSignatureOk != ret_code) |
503 if (KCertAndSignatureOk != ret_code) |
488 { |
504 { |
517 break; |
533 break; |
518 } |
534 } |
519 } |
535 } |
520 |
536 |
521 // compute the root hash value if requested |
537 // compute the root hash value if requested |
522 sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer)); |
538 if (x509_ctx->current_issuer != NULL) |
|
539 { |
|
540 sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer)); |
|
541 } |
523 // add the '\0' |
542 // add the '\0' |
524 root_hash[MD5_DIGEST_LEN] = '\0'; |
543 root_hash[MD5_DIGEST_LEN] = '\0'; |
525 |
544 |
526 // 1. get the public key of the signing cert |
545 // 1. get the public key of the signing cert |
527 // 2. decode the provided signature using the signing cert's public key |
546 // 2. decode the provided signature using the signing cert's public key |