Skip to content

Commit

Permalink
Updated ConvertToNOCResponseStatus() Function Implementation. (#18588)
Browse files Browse the repository at this point in the history
  • Loading branch information
emargolis authored May 24, 2022
1 parent 09bb6fd commit 37129df
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -593,18 +593,18 @@ OperationalCertStatus ConvertToNOCResponseStatus(CHIP_ERROR err)
{
return OperationalCertStatus::kInvalidPublicKey;
}
if (err == CHIP_ERROR_INVALID_FABRIC_INDEX || err == CHIP_ERROR_WRONG_NODE_ID)
if (err == CHIP_ERROR_WRONG_NODE_ID)
{
return OperationalCertStatus::kInvalidNodeOpId;
}
if (err == CHIP_ERROR_CA_CERT_NOT_FOUND || err == CHIP_ERROR_CERT_PATH_LEN_CONSTRAINT_EXCEEDED ||
err == CHIP_ERROR_CERT_PATH_TOO_LONG || err == CHIP_ERROR_CERT_USAGE_NOT_ALLOWED || err == CHIP_ERROR_CERT_EXPIRED ||
err == CHIP_ERROR_CERT_NOT_VALID_YET || err == CHIP_ERROR_UNSUPPORTED_CERT_FORMAT ||
err == CHIP_ERROR_UNSUPPORTED_ELLIPTIC_CURVE || err == CHIP_ERROR_CERT_LOAD_FAILED || err == CHIP_ERROR_CERT_NOT_TRUSTED ||
err == CHIP_ERROR_WRONG_CERT_DN)
if (err == CHIP_ERROR_UNSUPPORTED_CERT_FORMAT)
{
return OperationalCertStatus::kInvalidNOC;
}
if (err == CHIP_ERROR_INCORRECT_STATE)
{
return OperationalCertStatus::kMissingCsr;
}
if (err == CHIP_ERROR_NO_MEMORY)
{
return OperationalCertStatus::kTableFull;
Expand All @@ -613,6 +613,10 @@ OperationalCertStatus ConvertToNOCResponseStatus(CHIP_ERROR err)
{
return OperationalCertStatus::kFabricConflict;
}
if (err == CHIP_ERROR_INVALID_FABRIC_INDEX)
{
return OperationalCertStatus::kInvalidFabricIndex;
}

return OperationalCertStatus::kInvalidNOC;
}
Expand Down
6 changes: 3 additions & 3 deletions src/credentials/CHIPCert.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -637,7 +637,7 @@ CHIP_ERROR ChipDN::GetCertType(uint8_t & certType) const
else if (rdn[i].mAttrOID == kOID_AttributeType_MatterNodeId)
{
VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN);
VerifyOrReturnError(IsOperationalNodeId(rdn[i].mChipVal), CHIP_ERROR_WRONG_CERT_DN);
VerifyOrReturnError(IsOperationalNodeId(rdn[i].mChipVal), CHIP_ERROR_WRONG_NODE_ID);
lCertType = kCertType_Node;
}
else if (rdn[i].mAttrOID == kOID_AttributeType_MatterFirmwareSigningId)
Expand Down Expand Up @@ -791,7 +791,7 @@ CHIP_ERROR ChipDN::DecodeFromTLV(TLVReader & reader)
ReturnErrorOnFailure(reader.Get(chipAttr));
if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId)
{
VerifyOrReturnError(IsOperationalNodeId(attrOID), CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrReturnError(IsOperationalNodeId(attrOID), CHIP_ERROR_WRONG_NODE_ID);
}
else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId)
{
Expand Down Expand Up @@ -946,7 +946,7 @@ CHIP_ERROR ChipDN::DecodeFromASN1(ASN1Reader & reader)

if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId)
{
VerifyOrReturnError(IsOperationalNodeId(chipAttr), CHIP_ERROR_WRONG_CERT_DN);
VerifyOrReturnError(IsOperationalNodeId(chipAttr), CHIP_ERROR_WRONG_NODE_ID);
}
else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId)
{
Expand Down
11 changes: 8 additions & 3 deletions src/credentials/FabricTable.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -586,13 +586,18 @@ CHIP_ERROR FabricInfo::SetFabricInfo(FabricInfo & newFabric)
PeerId operationalId;
FabricId fabricId;
ChipLogProgress(Discovery, "Verifying the received credentials");
ReturnErrorOnFailure(VerifyCredentials(newFabric.mNOCCert, newFabric.mICACert, newFabric.mRootCert, validContext, operationalId,
fabricId, pubkey));
CHIP_ERROR err = VerifyCredentials(newFabric.mNOCCert, newFabric.mICACert, newFabric.mRootCert, validContext, operationalId,
fabricId, pubkey);
if (err != CHIP_NO_ERROR && err != CHIP_ERROR_WRONG_NODE_ID)
{
err = CHIP_ERROR_UNSUPPORTED_CERT_FORMAT;
}
ReturnErrorOnFailure(err);

auto * operationalKey = newFabric.GetOperationalKey();
if (operationalKey == nullptr)
{
return CHIP_ERROR_INVALID_ARGUMENT;
return CHIP_ERROR_INCORRECT_STATE;
}

// Verify that public key in NOC matches public key generated by node and sent in CSRResponse message.
Expand Down

0 comments on commit 37129df

Please sign in to comment.