From 6907eaa5fc59bcbedf16a900ec1d56f1f77b59fb Mon Sep 17 00:00:00 2001 From: C Freeman Date: Wed, 6 Dec 2023 16:25:38 -0500 Subject: [PATCH] Opcreds: Check for invalid admin subject (#30826) Moving this check to before the fabric gets added so that the changes do not have to be backed out if this is invalid. see #30799 This will be checked in TC-OPCREDS-3.1 (under development) --- .../operational-credentials-server.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp index 4ed4f681d211d4..459c42fcbcc8b3 100644 --- a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp +++ b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp @@ -641,6 +641,10 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co // missing root. Let's early-bail with InvalidNOC. VerifyOrExit(failSafeContext.AddTrustedRootCertHasBeenInvoked(), nocResponse = NodeOperationalCertStatusEnum::kInvalidNOC); + // Check this explicitly before adding the fabric so we don't need to back out changes if this is an error. + VerifyOrExit(IsOperationalNodeId(commandData.caseAdminSubject) || IsCASEAuthTag(commandData.caseAdminSubject), + nocResponse = NodeOperationalCertStatusEnum::kInvalidAdminSubject); + err = fabricTable.AddNewPendingFabricWithOperationalKeystore(NOCValue, ICACValue.ValueOr(ByteSpan{}), adminVendorId, &newFabricIndex); VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err));