check all generated user creds (not just the very recent) when verify…

…ing images.
eucalyptus · Sep 28, 2010 · 8e5636c · 8e5636c
1 parent fc67ec7
commit 8e5636c
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java b/clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java
@@ -232,11 +232,12 @@ private String decryptImage(String bucketName, String objectKey, String userId,
 						try {
 							boolean verified = false;
 							for(User user:Users.listAllUsers( )) {
-								X509Certificate cert = user.getX509Certificate( );
-								if(cert != null)
-									verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
-								if(verified)
-									break;
+								for (X509Certificate cert : user.getAllX509Certificates()) {
+									if(cert != null)
+										verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+									if(verified)
+										break;
+								}
 							}
 							if(!verified) {
 								X509Certificate cert = SystemCredentialProvider.getCredentialProvider(Component.eucalyptus).getCertificate();
@@ -260,8 +261,13 @@ private String decryptImage(String bucketName, String objectKey, String userId,
 							throw new AccessDeniedException(userId,e);            
 						}         
 						try {
-							X509Certificate cert = user.getX509Certificate( );
-							signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+							for(X509Certificate cert : user.getAllX509Certificates()) {
+								if(cert != null) {
+									signatureVerified = canVerifySignature(sigVerifier, cert, signature, verificationString);
+								}
+								if(signatureVerified)
+									break;
+							}
 						} catch(Exception ex) {
 							db.rollback();
 							LOG.error(ex, ex);