If any of our signatures match, then we're good to go. Further investigation is
needed to make sure this isn't badness but for whatever reason all of a sudden it started trying to check our applet signature against Thawte's cert signing cert which did not work.
This commit is contained in:
@@ -69,6 +69,9 @@ public class GetdownApplet extends JApplet
|
||||
imgpath = "";
|
||||
}
|
||||
|
||||
Log.info("App Base: " + appbase);
|
||||
Log.info("App Name: " + appname);
|
||||
|
||||
File appdir = null;
|
||||
try {
|
||||
appdir = initGetdown(appbase, appname, imgpath);
|
||||
@@ -198,7 +201,10 @@ public class GetdownApplet extends JApplet
|
||||
if (signature == null) {
|
||||
signature = "";
|
||||
}
|
||||
|
||||
Log.info("Verifying signature '" + signature + "'.");
|
||||
String params = appbase + appname + imgpath;
|
||||
int validated = 0;
|
||||
for (Object signer : signers) {
|
||||
if (signer instanceof Certificate) {
|
||||
Certificate cert = (Certificate)signer;
|
||||
@@ -207,13 +213,18 @@ public class GetdownApplet extends JApplet
|
||||
sig.initVerify(cert);
|
||||
sig.update(params.getBytes());
|
||||
if (!sig.verify(Base64.decodeBase64(signature.getBytes()))) {
|
||||
throw new Exception("m.corrupt_param_signature_error");
|
||||
Log.info("Signature does not match '" + cert.getPublicKey() + "'.");
|
||||
}
|
||||
validated++;
|
||||
} catch (GeneralSecurityException gse) {
|
||||
throw new Exception("m.corrupt_param_signature_error");
|
||||
// no problem!
|
||||
}
|
||||
}
|
||||
}
|
||||
// if we couldn't find a key that validates our parameters, we are the hosed!
|
||||
if (validated == 0) {
|
||||
throw new Exception("m.corrupt_param_signature_error");
|
||||
}
|
||||
}
|
||||
|
||||
// pass through properties parameters
|
||||
|
||||
Reference in New Issue
Block a user