mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
ReferenceManifestValidator trustStore not populated during provision
This commit is contained in:
parent
7b465ed9ee
commit
c84d67dfd7
@ -23,9 +23,8 @@ import java.nio.charset.StandardCharsets;
|
|||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.util.HashMap;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.LinkedList;
|
import java.util.*;
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
|
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
|
||||||
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
|
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
|
||||||
@ -106,6 +105,19 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
|
|||||||
signingCert = cert;
|
signingCert = cert;
|
||||||
KeyStore keyStore = ValidationService.getCaChain(signingCert,
|
KeyStore keyStore = ValidationService.getCaChain(signingCert,
|
||||||
caCredentialRepository);
|
caCredentialRepository);
|
||||||
|
Set<CertificateAuthorityCredential> set = ValidationService.getCaChainRec(signingCert,
|
||||||
|
Collections.emptySet(),
|
||||||
|
caCredentialRepository);
|
||||||
|
ArrayList<X509Certificate> certs = new ArrayList<>(set.size());
|
||||||
|
for (CertificateAuthorityCredential cac : set) {
|
||||||
|
try {
|
||||||
|
certs.add(cac.getX509Certificate());
|
||||||
|
} catch (IOException e) {
|
||||||
|
log.error("Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": "
|
||||||
|
+ e.getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
referenceManifestValidator.setTrustStore(certs);
|
||||||
try {
|
try {
|
||||||
if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(),
|
if (referenceManifestValidator.validateXmlSignature(signingCert.getX509Certificate().getPublicKey(),
|
||||||
signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) {
|
signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) {
|
||||||
|
Loading…
Reference in New Issue
Block a user