security: fixing bugs and adding methods
1. changing getCertificate to take only one argument, now validation checking is always enforced.
2. changing KSK-... DSK-... to lower case ksk-..., dsk-...
3. adding a addCertificateAsSystemDefault method to facilitate setting default certificate of the system.
4. using static_cast<int> (rather than floor) to round time.
5. sanity checking for key name in SecPublicInfo and SecPublicInfoSqlite3.
Change-Id: Id67af9873efef3df92458ed7a87623f22167c558
diff --git a/src/security/certificate/identity-certificate.cpp b/src/security/certificate/identity-certificate.cpp
index aa2ad9c..1deb46f 100644
--- a/src/security/certificate/identity-certificate.cpp
+++ b/src/security/certificate/identity-certificate.cpp
@@ -59,17 +59,31 @@
{
int i = certificateName.size() - 1;
string idString("ID-CERT");
+ bool foundIdString = false;
for (; i >= 0; i--) {
if (certificateName.get(i).toEscapedString() == idString)
- break;
+ {
+ foundIdString = true;
+ break;
+ }
}
+
+ if(!foundIdString)
+ throw Error("Incorrect identity certificate name " + certificateName.toUri());
Name tmpName = certificateName.getSubName(0, i);
string keyString("KEY");
+ bool foundKeyString = false;
for (i = 0; i < tmpName.size(); i++) {
if (tmpName.get(i).toEscapedString() == keyString)
- break;
+ {
+ foundKeyString = true;
+ break;
+ }
}
+
+ if(!foundKeyString)
+ throw Error("Incorrect identity certificate name " + certificateName.toUri());
return tmpName.getSubName(0, i).append(tmpName.getSubName(i + 1, tmpName.size() - i - 1));
}