[S] Change in pysim[master]: osmo-smdpp: Constrain selection of CI certificate - gerrit-log

25 Jan 2024

laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/35685?usp=email )
Change subject: osmo-smdpp: Constrain selection of CI certificate
......................................................................
osmo-smdpp: Constrain selection of CI certificate
We can only choose a CI certificate which is supported both by the eUICC
as well as which has signed our own SM-DP+ certificates.
Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4
---
M osmo-smdpp.py
1 file changed, 18 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/85/35685/1

diff --git a/osmo-smdpp.py b/osmo-smdpp.py
index 58b83ff..2992bd7 100755
--- a/osmo-smdpp.py
+++ b/osmo-smdpp.py
@@ -218,8 +218,13 @@
         ci_cert = None
         for x in pkid_list:
             ci_cert = self.ci_get_cert_for_pkid(x)
-            if ci_cert:
+            # we already support multiple CI cerfiticates but only one set of DPauth + DPpb keys. So we must
+            # make sure we choose a CI key-id which has issued both the eUICC as well as our own SM-DP side
+            # certs.
+            if ci_cert and cert_get_subject_key_id(ci_cert) == self.dp_auth.get_authority_key_identifier().key_identifier:
                 break
+            else:
+                ci_cert = None
         if not ci_cert:
            raise ApiError('8.8.2', '3.1', 'None of the proposed Public Key Identifiers is supported by the SM-DP+')
-- 
To view, visit https://gerrit.osmocom.org/c/pysim/+/35685?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4
Gerrit-Change-Number: 35685
Gerrit-PatchSet: 1
Gerrit-Owner: laforge laforge@osmocom.org
Gerrit-MessageType: newchange



    