javacommons/security/src/midpauthenticationmoduleimpl.cpp
branchRCL_3
changeset 26 2455ef1f5bbc
parent 25 ae942d28ec0e
child 27 d5e927d5853b
equal deleted inserted replaced
25:ae942d28ec0e 26:2455ef1f5bbc
   478             // allow installing with not yet valid certificates
   478             // allow installing with not yet valid certificates
   479             if (KCertNotYetValidFailure == ret_code)
   479             if (KCertNotYetValidFailure == ret_code)
   480             {
   480             {
   481                 if (JavaCommonUtils::isFirstBoot())
   481                 if (JavaCommonUtils::isFirstBoot())
   482                 {
   482                 {
   483                     // from the underlaying/openssl services point of view this
   483                     ret_code = KCertAndSignatureOk;
   484                     // is a failure. In order to behave like everything is ok,
       
   485                     // compute the root hash now so there is no need later to 
       
   486                     // contact the underlaying/openssl services 
       
   487                     // -> treat the last certificate from the chain as the user 
       
   488                     // certificate
       
   489                     X509 *user_cert = NULL;
       
   490                     if (no_certs > 0)
       
   491                     {
       
   492                         user_cert = SecurityUtils::readCert(cert_chain[no_certs-1], strlen(cert_chain[no_certs-1]), PEM);
       
   493                     }
       
   494                     if (user_cert != NULL)
       
   495                     {
       
   496                         sprintf(root_hash,"%08lX",X509_issuer_name_hash(user_cert));
       
   497                         X509_free(user_cert);
       
   498                         ret_code = KCertAndSignatureOk;
       
   499                     }
       
   500                 }
   484                 }
   501             }
   485             }
   502 
   486 
   503             if (KCertAndSignatureOk != ret_code)
   487             if (KCertAndSignatureOk != ret_code)
   504             {
   488             {
   533                 break;
   517                 break;
   534             }
   518             }
   535         }
   519         }
   536 
   520 
   537         // compute the root hash value if requested
   521         // compute the root hash value if requested
   538         if (x509_ctx->current_issuer != NULL)
   522         sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer));
   539         {
       
   540             sprintf(root_hash,"%08lX",X509_issuer_name_hash(x509_ctx->current_issuer));
       
   541         }
       
   542         // add the '\0'
   523         // add the '\0'
   543         root_hash[MD5_DIGEST_LEN] = '\0';
   524         root_hash[MD5_DIGEST_LEN] = '\0';
   544 
   525 
   545         // 1. get the public key of the signing cert
   526         // 1. get the public key of the signing cert
   546         // 2. decode the provided signature using the signing cert's public key
   527         // 2. decode the provided signature using the signing cert's public key