Remove getpubkeyecc signer restriction

Removing the requirement that the requestor has signing authority of the requested project in order to retrieve the public key. Anyone with signing server access can retrieve all public keys.
author: Chris Engel <cjengel@us.ibm.com> 2017-10-25 14:30:47 -0400
committer: Chris Engel <cjengel@us.ibm.com> 2017-10-25 14:30:47 -0400
commit: 9a02e528c8e650c572ef05559cc922531f8633d0 (patch)
tree: d782967fcc92beb8a7e0bf7e84b5cd830ed7dcbd /src
parent: d205627edb53abe0ee3c0fe548e8a4cbee7843ed (diff)
download: sb-signing-framework-9a02e528c8e650c572ef05559cc922531f8633d0.tar.gz
sb-signing-framework-9a02e528c8e650c572ef05559cc922531f8633d0.zip
1 files changed, 0 insertions, 36 deletions
diff --git a/src/signframework/getpubkeyecc.c b/src/signframework/getpubkeyecc.c
index 8e12d6c..f79c585 100644
--- a/src/signframework/getpubkeyecc.c
+++ b/src/signframework/getpubkeyecc.c
@@ -170,42 +170,6 @@ int main(int argc, char** argv)
         if (verbose) fprintf(messageFile, "Signing key file %s\n",
                              keyFileName);
     }
-    /* check the sender authorization */
-    /* NOTE: There's nothing really secret about the public key.  Anyone can read it.  This step is
-       more a demo of how a project program could check secondary authorization. */
-    /* determine whether senders are needed */
-    if (rc == 0) {
-        rc = File_MapNameToBool(&(projectConfig.needSenders),
-                                "needsenders",
-                                lineBuffer,
-                                MAX_LINE_SIZE,
-                                projectConfigFile);
-    }
-    if (rc == 0) {
-        if (verbose) fprintf(messageFile,
-                             "Signing project needs senders: %d\n", projectConfig. needSenders);
-    }
-    /* read the list of authorized senders */
-    if (rc == 0) {
-        rc = File_GetNameValueArray(&(projectConfig.senders),	/* freed by caller */
-                                    &(projectConfig.senderemails),	/* freed by caller */
-                                    &(projectConfig.sendersCount), /* number of authorized senders */
-                                    lineBuffer,
-                                    MAX_LINE_SIZE,
-                                    projectConfigFile);
-    }
-    /* check the sender authorization */
-    if (rc == 0) {
-        rc = ProjectConfig_ValidateSender(sender,
-                                          &projectConfig, NULL);
-        if (rc != 0) {
-            File_Printf(projectLogFile, messageFile,
-                        "ERROR1018: %s is not authorized for project: %s\n",
-                        sender, signproject);
-            fprintf(messageFile,
-                    "Contact framework administrator\n");
-        }
-    }
     /* get the key token */
     if (rc == 0) {
         if (verbose) fprintf(messageFile, "Key token at %s\n",
author	Chris Engel <cjengel@us.ibm.com>	2017-10-25 14:30:47 -0400
committer	Chris Engel <cjengel@us.ibm.com>	2017-10-25 14:30:47 -0400
commit	9a02e528c8e650c572ef05559cc922531f8633d0 (patch)
tree	d782967fcc92beb8a7e0bf7e84b5cd830ed7dcbd /src
parent	d205627edb53abe0ee3c0fe548e8a4cbee7843ed (diff)
download	sb-signing-framework-9a02e528c8e650c572ef05559cc922531f8633d0.tar.gz sb-signing-framework-9a02e528c8e650c572ef05559cc922531f8633d0.zip