[IOT-3256] uuid with no prefix 00/27900/9
authorOleksii Beketov <ol.beketov@samsung.com>
Wed, 6 Feb 2019 14:50:06 +0000 (16:50 +0200)
committerAleksey Volkov <a.volkov@samsung.com>
Thu, 7 Feb 2019 08:34:33 +0000 (08:34 +0000)
If CN has no "uuid:" or "userid:" prefix, treat whole CN as uuid

Change-Id: I3e90f2a65f3a82c861c28284ca32fd95e9a4cd23
Signed-off-by: Oleksii Beketov <ol.beketov@samsung.com>
Bug: https://jira.iotivity.org/browse/IOT-3256

resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c

index a57e4d9..3661cbf 100644 (file)
@@ -2403,6 +2403,7 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
                     char uuid[UUID_STRING_SIZE] = { 0 };
                     const unsigned char * uuidPos = NULL;
                     const unsigned char * userIdPos = NULL;
+                    uint8_t uuid_found = 0;
 
                     uuidPos = (const unsigned char*)memmem(name->val.p, name->val.len,
                                                            UUID_PREFIX, sizeof(UUID_PREFIX) - 1);
@@ -2414,33 +2415,41 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
                         (name->val.len >= ((uuidPos - name->val.p) + (sizeof(UUID_PREFIX) - 1) + uuidBufLen)))
                     {
                         memcpy(uuid, uuidPos + sizeof(UUID_PREFIX) - 1, uuidBufLen);
-                        OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s", uuid);
-                        ret = (OCConvertStringToUuid(uuid, peer->sep.identity.id)) ? 0 : -1;
-                        if (!checkSslOperation(peer,
-                                               ret,
-                                               "Failed to convert subject",
-                                               MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT))
-                        {
-                            oc_mutex_unlock(g_sslContextMutex);
-                            OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
-                            return CA_STATUS_FAILED;
-                        }
+                        OIC_LOG(INFO, NET_SSL_TAG, "uuid tag found");
+                        uuid_found = 1;
                     }
                     else
                     {
-                        OIC_LOG(WARNING, NET_SSL_TAG, "uuid not found");
+                        OIC_LOG(WARNING, NET_SSL_TAG, "uuid tag not found");
                     }
 
+                    userIdPos = (const unsigned char*)memmem(name->val.p, name->val.len,
+                                                             USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
+
                     /* If USERID_PREFIX is present, ensure there's enough data for the prefix plus an entire
                      * UUID, to make sure we don't read past the end of the buffer.
                      */
-                    userIdPos = (const unsigned char*)memmem(name->val.p, name->val.len,
-                                                             USERID_PREFIX, sizeof(USERID_PREFIX) - 1);
                     if ((NULL != userIdPos) &&
                         (name->val.len >= ((userIdPos - name->val.p) + (sizeof(USERID_PREFIX) - 1) + uuidBufLen)))
                     {
                         memcpy(uuid, userIdPos + sizeof(USERID_PREFIX) - 1, uuidBufLen);
-                        ret = (OCConvertStringToUuid(uuid, peer->sep.userId.id)) ? 0 : -1;
+                        OIC_LOG(INFO, NET_SSL_TAG, "userid tag found");
+                        uuid_found = 1;
+                    }
+                    else
+                    {
+                        OIC_LOG(WARNING, NET_SSL_TAG, "userid tag not found");
+                    }
+
+                    if (!uuid_found && name->val.len > sizeof(UUID_PREFIX))
+                    {
+                        memcpy(uuid, name->val.p, name->val.len);
+                        uuid_found = 1;
+                    }
+                    else if (uuid_found)
+                    {
+                        OIC_LOG_V(DEBUG, NET_SSL_TAG, "certificate uuid string: %s", uuid);
+                        ret = (OCConvertStringToUuid(uuid, peer->sep.identity.id)) ? 0 : -1;
                         if (!checkSslOperation(peer,
                                                ret,
                                                "Failed to convert subject alt name",
@@ -2453,7 +2462,7 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
                     }
                     else
                     {
-                        OIC_LOG(WARNING, NET_SSL_TAG, "Subject alternative name not found");
+                        OIC_LOG(WARNING, NET_SSL_TAG, "neither uuid nor userid not found");
                     }
                 }
             }