From 1c143e3ad79b1d41330cf2625b6feeed29037836 Mon Sep 17 00:00:00 2001 From: krypton36 Date: Tue, 29 Mar 2022 10:31:09 -0700 Subject: [PATCH] Resolve logic in generating the root certificate --- .../CHIP/CHIPOperationalCredentialsDelegate.h | 3 ++- .../CHIP/CHIPOperationalCredentialsDelegate.mm | 14 ++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h index 0d038673093835..44e0296a52ef20 100644 --- a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h +++ b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h @@ -79,7 +79,8 @@ class CHIPOperationalCredentialsDelegate : public chip::Controller::OperationalC chip::NodeId mNextRequestedNodeId = 1; chip::FabricId mNextFabricId = 1; bool mNodeIdRequested = false; - bool mGenerateRootCert = false; + bool mForceRootCertRegeneration = false; + bool haveRootCert = false; }; NS_ASSUME_NONNULL_END diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm index 988dea237afc82..28d49636455e6d 100644 --- a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm +++ b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm @@ -162,7 +162,7 @@ static BOOL isRunningTests(void) } NSLog(@"Stored the keys"); - mGenerateRootCert = true; + mForceRootCertRegeneration = true; return CHIP_NO_ERROR; } @@ -203,11 +203,12 @@ static BOOL isRunningTests(void) return CHIP_ERROR_INTERNAL; } + uint16_t rcacBufLen = static_cast(std::min(rcac.size(), static_cast(UINT16_MAX))); + PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key, + haveRootCert = mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen) == CHIP_NO_ERROR); + ChipDN rcac_dn; - if (!mGenerateRootCert) { - uint16_t rcacBufLen = static_cast(std::min(rcac.size(), static_cast(UINT16_MAX))); - PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key, - ReturnErrorOnFailure(mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen))); + if (!mForceRootCertRegeneration && haveRootCert) { rcac.reduce_size(rcacBufLen); ReturnErrorOnFailure(ExtractSubjectDNFromX509Cert(rcac, rcac_dn)); } else { @@ -222,7 +223,8 @@ static BOOL isRunningTests(void) PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key, ReturnErrorOnFailure(mStorage->SyncSetKeyValue(key, rcac.data(), static_cast(rcac.size())))); - mGenerateRootCert = false; + mForceRootCertRegeneration = false; + haveRootCert = true; } icac.reduce_size(0);