in java/remoteprovisioning/EekCertChainDeserializer.java [42:75]
public EekCertChainDeserializer(byte[] cborEncodedEekCertChain)
throws CborException, CryptoException {
try {
signingKeyChain = new ArrayList<>();
signingKeyChainP256 = new ArrayList<>();
CBORObject eekChain = CBORObject.DecodeFromBytes(cborEncodedEekCertChain);
CborUtil.checkArrayMinLength(eekChain, 2, "EekChain");
alg = getSigningAlg(eekChain.get(0));
for (int i = 1; i < eekChain.size(); i++) {
if (!CryptoUtil.verifyCert(eekChain.get(i - 1), eekChain.get(i))) {
throw new CryptoException(
"Certificate " + (i - 1) + " verification of certificate " + i + " fails.",
CryptoException.VERIFICATION_FAILURE);
}
if (alg == -7) {
OneKey pubKey =
new OneKey(CBORObject.DecodeFromBytes(eekChain.get(i - 1).get(2).GetByteString()));
signingKeyChainP256.add((ECPublicKey) pubKey.AsPublicKey());
if (i == eekChain.size() - 1) {
pubKey = new OneKey(CBORObject.DecodeFromBytes(eekChain.get(i).get(2).GetByteString()));
eekP256 = (ECPublicKey) pubKey.AsPublicKey();
}
} else {
signingKeyChain.add(CryptoUtil.getEd25519PublicKeyFromCert(eekChain.get(i - 1)));
if (i == eekChain.size() - 1) {
eek = CryptoUtil.getX25519PublicKeyFromCert(eekChain.get(i));
}
}
}
} catch (CoseException e) {
throw new CborException("Failed to deserialize SignedEek key payload",
e, CborException.DESERIALIZATION_ERROR);
}
}