Resolve logic in generating the root certificate (#16788)

project-chip · Feb 1, 2024 · 9851081 · 9851081
1 parent 7fd9c3f
commit 9851081
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.h
@@ -79,7 +79,7 @@ class CHIPOperationalCredentialsDelegate : public chip::Controller::OperationalC
     chip::NodeId mNextRequestedNodeId = 1;
     chip::FabricId mNextFabricId = 1;
     bool mNodeIdRequested = false;
-    bool mGenerateRootCert = false;
+    bool mForceRootCertRegeneration = false;
 };
 
 NS_ASSUME_NONNULL_END
diff --git a/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm b/src/darwin/Framework/CHIP/CHIPOperationalCredentialsDelegate.mm
@@ -162,7 +162,7 @@ static BOOL isRunningTests(void)
     }
 
     NSLog(@"Stored the keys");
-    mGenerateRootCert = true;
+    mForceRootCertRegeneration = true;
     return CHIP_NO_ERROR;
 }
 
@@ -192,6 +192,7 @@ static BOOL isRunningTests(void)
     MutableByteSpan & noc)
 {
     uint32_t validityStart, validityEnd;
+    bool haveRootCert = false;
 
     if (!ToChipEpochTime(0, validityStart)) {
         NSLog(@"Failed in computing certificate validity start date");
@@ -204,13 +205,16 @@ static BOOL isRunningTests(void)
     }
 
     ChipDN rcac_dn;
-    if (!mGenerateRootCert) {
+    if (!mForceRootCertRegeneration) {
         uint16_t rcacBufLen = static_cast<uint16_t>(std::min(rcac.size(), static_cast<size_t>(UINT16_MAX)));
         PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key,
-            ReturnErrorOnFailure(mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen)));
-        rcac.reduce_size(rcacBufLen);
-        ReturnErrorOnFailure(ExtractSubjectDNFromX509Cert(rcac, rcac_dn));
-    } else {
+            haveRootCert = (mStorage->SyncGetKeyValue(key, rcac.data(), rcacBufLen) == CHIP_NO_ERROR));
+        if (haveRootCert) {
+            rcac.reduce_size(rcacBufLen);
+            ReturnErrorOnFailure(ExtractSubjectDNFromX509Cert(rcac, rcac_dn));
+        }
+    }
+    if (!haveRootCert) {
         ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipRootId, mIssuerId));
         ReturnErrorOnFailure(rcac_dn.AddAttribute(chip::ASN1::kOID_AttributeType_ChipFabricId, fabricId));
 
@@ -222,7 +226,7 @@ static BOOL isRunningTests(void)
         PERSISTENT_KEY_OP(fabricId, kOperationalCredentialsRootCertificateStorage, key,
             ReturnErrorOnFailure(mStorage->SyncSetKeyValue(key, rcac.data(), static_cast<uint16_t>(rcac.size()))));
 
-        mGenerateRootCert = false;
+        mForceRootCertRegeneration = false;
     }
 
     icac.reduce_size(0);