Walrus signature verification in image decryption bug

Problem Summary:
The decryptImage(String, String, String, boolean) method of class WalrusImageManager attempts to verify the image signature before decrypting the image with the cloud private-key. The bug is that the signature is only checked against the latest user certificate. So, if multiple certificates have been generated (using "Download Credentials" from https://<cloud-ip>:8443/), any images bundled using previous certificates will fail upon signature verification.

Applies To:
Eucalyptus 2.0.0
06f8168cfc54215662fe5a9ac9fe77c5 ./eucalyptus-2.0.0-src-offline.tar.gz

Steps to Reproduce:
From a clean installation, the bug can be reproduced as follows:
1) Login to the admin site https://<cloud-ip>:8443/ and "Download Credentials"
2) Bundle, upload, and register a kernel, ramdisk, and machine image (such as the Eucalyptus-certified, x86_64 CentOS)
3) * Do not run an instance yet *
4) Login to the admin site again and "Download Credentials"
5) Now, euca-run-instance for the image

The Fix:
I have attached a zip containing the patch for WalrusImageManager.java. Essentially, in ./clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java, instead of checking only the latest certificate like this:

{code}
  X509Certificate cert = user.getX509Certificate( );
  verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
{/code}

check all certificates, like this:

{code}
  for(X509Certificate cert:user.getAllX509Certificates( )){
    verified = canVerifySignature(sigVerifier, cert, signature, verificationString);
    if(verified)
      break;
  }
{/code}