javacommons/security/src/midpauthenticationmoduleimpl.cpp
branchRCL_3
changeset 24 6c158198356e
parent 21 4376525cdefb
child 25 ae942d28ec0e
--- a/javacommons/security/src/midpauthenticationmoduleimpl.cpp	Thu Jul 15 18:31:06 2010 +0300
+++ b/javacommons/security/src/midpauthenticationmoduleimpl.cpp	Thu Aug 19 09:48:13 2010 +0300
@@ -15,7 +15,7 @@
 *
 */
 
-
+#include "javacommonutils.h"
 #include "javajniutils.h"
 #include "com_nokia_mj_impl_security_midp_authentication_AuthenticationModule.h"
 #include "midpauthenticationmodule.h"
@@ -40,6 +40,7 @@
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 #include <string.h>
+#include <errno.h>
 
 using namespace java::security;
 using namespace java::storage;
@@ -252,6 +253,13 @@
         jar_hash_value = NULL;
         return hash;
     }
+    else
+    {
+        if (errno == ENOENT)
+        {
+            SecurityUtils::throw_exception(env, "JAR_NOT_FOUND");
+        }
+    }
     return NULL;
 }
 
@@ -464,7 +472,22 @@
         if (X509_verify_cert(x509_ctx) != 1)
         {
             ret_code = getErrCode(X509_STORE_CTX_get_error(x509_ctx));
-            break;
+            // If the secure time of the device has not yet been set
+            // to correct value (This can happen some times during
+            // the first device boot),
+            // allow installing with not yet valid certificates
+            if (KCertNotYetValidFailure == ret_code)
+            {
+                if (JavaCommonUtils::isFirstBoot())
+                {
+                    ret_code = KCertAndSignatureOk;
+                }
+            }
+
+            if (KCertAndSignatureOk != ret_code)
+            {
+                break;
+            }
         }
         // verify the extended key usage: it must point to id-kp-codeSigning (RFC3280 code signing)
         // or 1.3.6.1.4.1.94.1.49.1.2.2.3 (Nokia Java Code Signing Extension)