release-request-276f9f52-87fd-4915-bd79-9a2f0ee77433-for-git_oc-release-4090213 snap-temp-L31600000073091223
Change-Id: Ia1ae130f20c39380743bb31084d67618911b9a8e
diff --git a/asymmetric_key.cpp b/asymmetric_key.cpp
index 782e87b..35406e6 100644
--- a/asymmetric_key.cpp
+++ b/asymmetric_key.cpp
@@ -290,19 +290,10 @@
!X509_set_serialNumber(certificate.get(), serialNumber.get() /* Don't release; copied */))
return TranslateLastOpenSslError();
- // TODO(swillden): Find useful values (if possible) for issuerName and subjectName.
- X509_NAME_Ptr issuerName(X509_NAME_new());
- if (!issuerName.get() ||
- !X509_NAME_add_entry_by_txt(issuerName.get(), "CN", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("Android Keymaster"),
- -1 /* len */, -1 /* loc */, 0 /* set */) ||
- !X509_set_issuer_name(certificate.get(), issuerName.get() /* Don't release; copied */))
- return TranslateLastOpenSslError();
-
X509_NAME_Ptr subjectName(X509_NAME_new());
if (!subjectName.get() ||
!X509_NAME_add_entry_by_txt(subjectName.get(), "CN", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("A Keymaster Key"),
+ reinterpret_cast<const uint8_t*>("Android Keystore Key"),
-1 /* len */, -1 /* loc */, 0 /* set */) ||
!X509_set_subject_name(certificate.get(), subjectName.get() /* Don't release; copied */))
return TranslateLastOpenSslError();
@@ -354,6 +345,15 @@
return TranslateLastOpenSslError();
}
+ // Set issuer to subject of batch certificate.
+ X509_NAME* issuerSubject = X509_get_subject_name(signing_cert.get());
+ if (!issuerSubject) {
+ return KM_ERROR_UNKNOWN_ERROR;
+ }
+ if (!X509_set_issuer_name(certificate.get(), issuerSubject)) {
+ return TranslateLastOpenSslError();
+ }
+
UniquePtr<X509V3_CTX> x509v3_ctx(new X509V3_CTX);
*x509v3_ctx = {};
X509V3_set_ctx(x509v3_ctx.get(), signing_cert.get(), certificate.get(), nullptr /* req */,