laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/35685?usp=email ) Change subject: osmo-smdpp: Constrain selection of CI certificate ...................................................................... osmo-smdpp: Constrain selection of CI certificate We can only choose a CI certificate which is supported both by the eUICC as well as which has signed our own SM-DP+ certificates. Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4 --- M osmo-smdpp.py 1 file changed, 18 insertions(+), 1 deletion(-) Approvals: Jenkins Builder: Verified fixeria: Looks good to me, but someone else must approve laforge: Looks good to me, approved diff --git a/osmo-smdpp.py b/osmo-smdpp.py index 58b83ff..cfcd5f8 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -218,8 +218,13 @@ ci_cert = None for x in pkid_list: ci_cert = self.ci_get_cert_for_pkid(x) - if ci_cert: + # we already support multiple CI certificates but only one set of DPauth + DPpb keys. So we must + # make sure we choose a CI key-id which has issued both the eUICC as well as our own SM-DP side + # certs. + if ci_cert and cert_get_subject_key_id(ci_cert) == self.dp_auth.get_authority_key_identifier().key_identifier: break + else: + ci_cert = None if not ci_cert: raise ApiError('8.8.2', '3.1', 'None of the proposed Public Key Identifiers is supported by the SM-DP+') -- To view, visit https://gerrit.osmocom.org/c/pysim/+/35685?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4 Gerrit-Change-Number: 35685 Gerrit-PatchSet: 2 Gerrit-Owner: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-MessageType: merged