If any of our signatures match, then we're good to go. Further investigation is

needed to make sure this isn't badness but for whatever reason all of a sudden
it started trying to check our applet signature against Thawte's cert signing
cert which did not work.
This commit is contained in:
Michael Bayne
2007-02-01 03:23:09 +00:00
parent 5aa5de0aa0
commit 67ed6fea56
@@ -69,6 +69,9 @@ public class GetdownApplet extends JApplet
imgpath = "";
}
Log.info("App Base: " + appbase);
Log.info("App Name: " + appname);
File appdir = null;
try {
appdir = initGetdown(appbase, appname, imgpath);
@@ -198,7 +201,10 @@ public class GetdownApplet extends JApplet
if (signature == null) {
signature = "";
}
Log.info("Verifying signature '" + signature + "'.");
String params = appbase + appname + imgpath;
int validated = 0;
for (Object signer : signers) {
if (signer instanceof Certificate) {
Certificate cert = (Certificate)signer;
@@ -207,13 +213,18 @@ public class GetdownApplet extends JApplet
sig.initVerify(cert);
sig.update(params.getBytes());
if (!sig.verify(Base64.decodeBase64(signature.getBytes()))) {
throw new Exception("m.corrupt_param_signature_error");
Log.info("Signature does not match '" + cert.getPublicKey() + "'.");
}
validated++;
} catch (GeneralSecurityException gse) {
throw new Exception("m.corrupt_param_signature_error");
// no problem!
}
}
}
// if we couldn't find a key that validates our parameters, we are the hosed!
if (validated == 0) {
throw new Exception("m.corrupt_param_signature_error");
}
}
// pass through properties parameters