Resolve logic in generating the root certificate

project-chip · Mar 29, 2022 · 1c143e3 · 1c143e3
1 parent 74beee2
commit 1c143e3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h
@@ -79,7 +79,8 @@ class CHIPOperationalCredentialsDelegate : public chip::Controller::OperationalC
     chip::NodeId mNextRequestedNodeId = 1;
     chip::FabricId mNextFabricId = 1;
     bool mNodeIdRequested = false;
-    bool mGenerateRootCert = false;
+    bool mForceRootCertRegeneration = false;
+    bool haveRootCert = false;
 };
 
 NS_ASSUME_NONNULL_END
diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm
@@ -162,7 +162,7 @@ static BOOL isRunningTests(void)
     }
 
     NSLog(@"Stored the keys");
-    mGenerateRootCert = true;
+    mForceRootCertRegeneration = true;
     return CHIP_NO_ERROR;
 }
 
@@ -203,11 +203,12 @@ static BOOL isRunningTests(void)
         return CHIP_ERROR_INTERNAL;
     }
 
+    uint16_t rcacBufLen = static_cast<uint16_t>(std::min(rcac.size(), static_cast<size_t>(UINT16_MAX)));
+    PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key,
+        haveRootCert = mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen) == CHIP_NO_ERROR);
+
     ChipDN rcac_dn;
-    if (!mGenerateRootCert) {
-        uint16_t rcacBufLen = static_cast<uint16_t>(std::min(rcac.size(), static_cast<size_t>(UINT16_MAX)));
-        PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key,
-            ReturnErrorOnFailure(mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen)));
+    if (!mForceRootCertRegeneration && haveRootCert) {
         rcac.reduce_size(rcacBufLen);
         ReturnErrorOnFailure(ExtractSubjectDNFromX509Cert(rcac, rcac_dn));
     } else {
@@ -222,7 +223,8 @@ static BOOL isRunningTests(void)
         PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key,
             ReturnErrorOnFailure(mStorage->SyncSetKeyValue(key, rcac.data(), static_cast<uint16_t>(rcac.size()))));
 
-        mGenerateRootCert = false;
+        mForceRootCertRegeneration = false;
+        haveRootCert = true;
     }
 
     icac.reduce_size(0);