diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java index 8b2cc88c..300e7ae4 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java @@ -39,7 +39,6 @@ import hirs.validation.CredentialValidator; import hirs.validation.SupplyChainCredentialValidator; import hirs.validation.SupplyChainValidatorException; import org.apache.logging.log4j.Level; -import hirs.validation.SupplyChainValidatorException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.bouncycastle.util.encoders.Hex; @@ -462,32 +461,6 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe break; } } - //Validate signing cert - Set allCerts = - CertificateAuthorityCredential.select(certificateManager).getCertificates(); - CertificateAuthorityCredential signingCert = null; - for (CertificateAuthorityCredential cert : allCerts) { - if (Arrays.equals(cert.getEncodedPublicKey(), - referenceManifestValidator.getPublicKey().getEncoded())) { - signingCert = cert; - KeyStore keyStore = getCaChain(signingCert); - try { - X509Certificate x509Cert = signingCert.getX509Certificate(); - if (!SupplyChainCredentialValidator.verifyCertificate(x509Cert, keyStore)) { - passed = false; - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: invalid certificate path."); - } - } catch (IOException e) { - LOGGER.error("Error getting X509 cert from manager: " + e.getMessage()); - } catch (SupplyChainValidatorException e) { - LOGGER.error("Error validating cert against keystore: " + e.getMessage()); - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: invalid certificate path."); - } - break; - } - } if (signingCert == null) { passed = false;