security: CA cert arrives in publicData 83/21983/3
authorDan Mihai <Daniel.Mihai@microsoft.com>
Thu, 17 Aug 2017 19:57:41 +0000 (12:57 -0700)
committerNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Fri, 18 Aug 2017 21:44:29 +0000 (21:44 +0000)
GetCaCert must pick up this cert from the publicData of the credential
sent by CTT/OBT, rather than optionalData.

This behavior is clarified by OCF Security WG CR1938.

This patch allows CT1.7.8.5: DTLS handshake to make progress. The
handshake still fails later on, for different reasons that are being
investigated.

Change-Id: I76962e9f116ad7acb80a6da6c85fb089ebba3481
https://jira.iotivity.org/browse/IOT-2621
Signed-off-by: Dan Mihai <Daniel.Mihai@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/21983
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
resource/csdk/security/src/credresource.c

index 4ecab9e..2a78f49 100644 (file)
@@ -3367,9 +3367,9 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
             (0 == strcmp(temp->credUsage, usage)) && (false == temp->optionalData.revstat))
         {
 
-            if ((OIC_ENCODING_BASE64 != temp->optionalData.encoding) &&
-                (OIC_ENCODING_PEM != temp->optionalData.encoding) &&
-                (OIC_ENCODING_DER != temp->optionalData.encoding))
+            if ((OIC_ENCODING_BASE64 != temp->publicData.encoding) &&
+                (OIC_ENCODING_PEM != temp->publicData.encoding) &&
+                (OIC_ENCODING_DER != temp->publicData.encoding))
             {
                 OIC_LOG_V(WARNING, TAG, "%s: Unknown encoding type", __func__);
                 continue;
@@ -3377,12 +3377,12 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
 
             if (OIC_ENCODING_DER == desiredEncoding)
             {
-                if ((OIC_ENCODING_BASE64 == temp->optionalData.encoding) ||
-                    (OIC_ENCODING_PEM == temp->optionalData.encoding))
+                if ((OIC_ENCODING_BASE64 == temp->publicData.encoding) ||
+                    (OIC_ENCODING_PEM == temp->publicData.encoding))
                 {
                     uint8_t* buf = NULL;
                     size_t outSize = 0;
-                    int ret = ConvertPemCertToDer((const char*)temp->optionalData.data, temp->optionalData.len, &buf, &outSize);
+                    int ret = ConvertPemCertToDer((const char*)temp->publicData.data, temp->publicData.len, &buf, &outSize);
                     if (0 > ret)
                     {
                         OIC_LOG(ERROR, TAG, "Could not convert PEM cert to DER");
@@ -3405,15 +3405,15 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
                 else
                 {
                     uint8_t *savePtr = crt->data;
-                    crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
+                    crt->data = OICRealloc(crt->data, crt->len + temp->publicData.len);
                     if (NULL == crt->data)
                     {
                         OIC_LOG(ERROR, TAG, "No memory reallocating crt->data");
                         OICFree(savePtr);
                         return OC_STACK_NO_MEMORY;
                     }
-                    memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
-                    crt->len += temp->optionalData.len;
+                    memcpy(crt->data + crt->len, temp->publicData.data, temp->publicData.len);
+                    crt->len += temp->publicData.len;
                 }
                 OIC_LOG_V(DEBUG, TAG, "%s found", usage);
             }
@@ -3422,15 +3422,15 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
                 /* PEM/Base64 */
                 uint8_t *pem = NULL;
                 size_t pemLen = 0;
-                if ((OIC_ENCODING_BASE64 == temp->optionalData.encoding) ||
-                    (OIC_ENCODING_PEM == temp->optionalData.encoding))
+                if ((OIC_ENCODING_BASE64 == temp->publicData.encoding) ||
+                    (OIC_ENCODING_PEM == temp->publicData.encoding))
                 {
-                    pem = temp->optionalData.data;
-                    pemLen = temp->optionalData.len;
+                    pem = temp->publicData.data;
+                    pemLen = temp->publicData.len;
                 }
                 else
                 {
-                    int ret = ConvertDerCertToPem(temp->optionalData.data, temp->optionalData.len, &pem);
+                    int ret = ConvertDerCertToPem(temp->publicData.data, temp->publicData.len, &pem);
                     if (0 > ret)
                     {
                         OIC_LOG_V(ERROR, TAG, "Failed converting DER cert to PEM: %d", ret);