From f9ea804866c015c153e081f6500c29ada3f2ccab Mon Sep 17 00:00:00 2001
From: Laurent Bonnans <laurent.bonnans@here.com>
Date: Wed, 12 Feb 2020 15:14:44 +0100
Subject: [PATCH] Be more careful with secondary public keys

If we did not store a secondary public key (migrated from old storage
for example):
- store it later when we get it
- do not compare against the actual one, but do it on subsequent tries

Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com>
---
 src/libaktualizr-posix/ipuptanesecondary.cc  | 9 ++++++---
 src/libaktualizr/primary/sotauptaneclient.cc | 7 +++++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/libaktualizr-posix/ipuptanesecondary.cc b/src/libaktualizr-posix/ipuptanesecondary.cc
index e8ab9c1495..f5bad879fa 100644
--- a/src/libaktualizr-posix/ipuptanesecondary.cc
+++ b/src/libaktualizr-posix/ipuptanesecondary.cc
@@ -72,9 +72,12 @@ SecondaryInterface::Ptr IpUptaneSecondary::connectAndCheck(const std::string& ad
         return nullptr;
       }
       auto p = sec->getPublicKey();
-      if (p != pub_key) {
-        LOG_WARNING << "Mismatch between public keys " << p.Value() << " and " << pub_key.Value() << " for secondary "
-                    << serial;
+      if (pub_key.Type() == KeyType::kUnknown) {
+        LOG_INFO << "Secondary " << s << " do not have a known public key";
+      } else if (p != pub_key) {
+        LOG_ERROR << "Mismatch between public keys " << p.Value() << " and " << pub_key.Value() << " for secondary "
+                  << serial;
+        return nullptr;
       }
       return sec;
     }
diff --git a/src/libaktualizr/primary/sotauptaneclient.cc b/src/libaktualizr/primary/sotauptaneclient.cc
index 38549400b1..fa84d7b4a7 100644
--- a/src/libaktualizr/primary/sotauptaneclient.cc
+++ b/src/libaktualizr/primary/sotauptaneclient.cc
@@ -28,11 +28,14 @@ void SotaUptaneClient::addSecondary(const std::shared_ptr<Uptane::SecondaryInter
   Uptane::EcuSerial serial = sec->getSerial();
 
   SecondaryInfo info;
-  if (!storage->loadSecondaryInfo(serial, &info) || info.type == "") {
+  if (!storage->loadSecondaryInfo(serial, &info) || info.type == "" || info.pub_key.Type() == KeyType::kUnknown) {
     info.serial = serial;
     info.hw_id = sec->getHwId();
     info.type = sec->Type();
-    info.pub_key = sec->getPublicKey();
+    const PublicKey &p = sec->getPublicKey();
+    if (p.Type() != KeyType::kUnknown) {
+      info.pub_key = sec->getPublicKey();
+    }
     storage->saveSecondaryInfo(info.serial, info.type, info.pub_key);
   }