sim-card
/
pysim
mirror of https://gerrit.osmocom.org/pysim
10
0
Fork 1
Code Issues Releases Wiki Activity

osmo-smdpp: Constrain selection of CI certificate 

We can only choose a CI certificate which is supported both by the eUICC
as well as which has signed our own SM-DP+ certificates.

Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4
This commit is contained in:
Harald Welte 2024-01-25 15:50:20 +01:00
parent 18d0a7de96
commit 9fd4bbe42e
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
osmo-smdpp.py
View File

@ -218,8 +218,13 @@ class SmDppHttpServer:
ci_cert = None
for x in pkid_list:
ci_cert = self.ci_get_cert_for_pkid(x)
if ci_cert:
# we already support multiple CI certificates but only one set of DPauth + DPpb keys. So we must
# make sure we choose a CI key-id which has issued both the eUICC as well as our own SM-DP side
# certs.
if ci_cert and cert_get_subject_key_id(ci_cert) == self.dp_auth.get_authority_key_identifier().key_identifier:
break
else:
ci_cert = None
if not ci_cert:
raise ApiError('8.8.2', '3.1', 'None of the proposed Public Key Identifiers is supported by the SM-DP+')