From 1420472e79e9c7437b7c7fd682de6f3db8f792ed Mon Sep 17 00:00:00 2001 From: Evgeny Margolis Date: Tue, 24 May 2022 08:56:18 -0700 Subject: [PATCH] Updated ConvertToNOCResponseStatus() Function Implementation. (#18588) --- .../operational-credentials-server.cpp | 16 ++++++++++------ src/credentials/CHIPCert.cpp | 6 +++--- src/credentials/FabricTable.cpp | 11 ++++++++--- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp index 4f4a7c4e0709ba..ef3ed7d04995d8 100644 --- a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp +++ b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp @@ -593,18 +593,18 @@ OperationalCertStatus ConvertToNOCResponseStatus(CHIP_ERROR err) { return OperationalCertStatus::kInvalidPublicKey; } - if (err == CHIP_ERROR_INVALID_FABRIC_INDEX || err == CHIP_ERROR_WRONG_NODE_ID) + if (err == CHIP_ERROR_WRONG_NODE_ID) { return OperationalCertStatus::kInvalidNodeOpId; } - if (err == CHIP_ERROR_CA_CERT_NOT_FOUND || err == CHIP_ERROR_CERT_PATH_LEN_CONSTRAINT_EXCEEDED || - err == CHIP_ERROR_CERT_PATH_TOO_LONG || err == CHIP_ERROR_CERT_USAGE_NOT_ALLOWED || err == CHIP_ERROR_CERT_EXPIRED || - err == CHIP_ERROR_CERT_NOT_VALID_YET || err == CHIP_ERROR_UNSUPPORTED_CERT_FORMAT || - err == CHIP_ERROR_UNSUPPORTED_ELLIPTIC_CURVE || err == CHIP_ERROR_CERT_LOAD_FAILED || err == CHIP_ERROR_CERT_NOT_TRUSTED || - err == CHIP_ERROR_WRONG_CERT_DN) + if (err == CHIP_ERROR_UNSUPPORTED_CERT_FORMAT) { return OperationalCertStatus::kInvalidNOC; } + if (err == CHIP_ERROR_INCORRECT_STATE) + { + return OperationalCertStatus::kMissingCsr; + } if (err == CHIP_ERROR_NO_MEMORY) { return OperationalCertStatus::kTableFull; @@ -613,6 +613,10 @@ OperationalCertStatus ConvertToNOCResponseStatus(CHIP_ERROR err) { return OperationalCertStatus::kFabricConflict; } + if (err == CHIP_ERROR_INVALID_FABRIC_INDEX) + { + return OperationalCertStatus::kInvalidFabricIndex; + } return OperationalCertStatus::kInvalidNOC; } diff --git a/src/credentials/CHIPCert.cpp b/src/credentials/CHIPCert.cpp index ed37870c108246..32fbc21129a326 100644 --- a/src/credentials/CHIPCert.cpp +++ b/src/credentials/CHIPCert.cpp @@ -637,7 +637,7 @@ CHIP_ERROR ChipDN::GetCertType(uint8_t & certType) const else if (rdn[i].mAttrOID == kOID_AttributeType_MatterNodeId) { VerifyOrExit(lCertType == kCertType_NotSpecified, err = CHIP_ERROR_WRONG_CERT_DN); - VerifyOrReturnError(IsOperationalNodeId(rdn[i].mChipVal), CHIP_ERROR_WRONG_CERT_DN); + VerifyOrReturnError(IsOperationalNodeId(rdn[i].mChipVal), CHIP_ERROR_WRONG_NODE_ID); lCertType = kCertType_Node; } else if (rdn[i].mAttrOID == kOID_AttributeType_MatterFirmwareSigningId) @@ -791,7 +791,7 @@ CHIP_ERROR ChipDN::DecodeFromTLV(TLVReader & reader) ReturnErrorOnFailure(reader.Get(chipAttr)); if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId) { - VerifyOrReturnError(IsOperationalNodeId(attrOID), CHIP_ERROR_INVALID_ARGUMENT); + VerifyOrReturnError(IsOperationalNodeId(attrOID), CHIP_ERROR_WRONG_NODE_ID); } else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId) { @@ -946,7 +946,7 @@ CHIP_ERROR ChipDN::DecodeFromASN1(ASN1Reader & reader) if (attrOID == chip::ASN1::kOID_AttributeType_MatterNodeId) { - VerifyOrReturnError(IsOperationalNodeId(chipAttr), CHIP_ERROR_WRONG_CERT_DN); + VerifyOrReturnError(IsOperationalNodeId(chipAttr), CHIP_ERROR_WRONG_NODE_ID); } else if (attrOID == chip::ASN1::kOID_AttributeType_MatterFabricId) { diff --git a/src/credentials/FabricTable.cpp b/src/credentials/FabricTable.cpp index 56991dce12d88b..3f15c7b7f91a2b 100644 --- a/src/credentials/FabricTable.cpp +++ b/src/credentials/FabricTable.cpp @@ -586,13 +586,18 @@ CHIP_ERROR FabricInfo::SetFabricInfo(FabricInfo & newFabric) PeerId operationalId; FabricId fabricId; ChipLogProgress(Discovery, "Verifying the received credentials"); - ReturnErrorOnFailure(VerifyCredentials(newFabric.mNOCCert, newFabric.mICACert, newFabric.mRootCert, validContext, operationalId, - fabricId, pubkey)); + CHIP_ERROR err = VerifyCredentials(newFabric.mNOCCert, newFabric.mICACert, newFabric.mRootCert, validContext, operationalId, + fabricId, pubkey); + if (err != CHIP_NO_ERROR && err != CHIP_ERROR_WRONG_NODE_ID) + { + err = CHIP_ERROR_UNSUPPORTED_CERT_FORMAT; + } + ReturnErrorOnFailure(err); auto * operationalKey = newFabric.GetOperationalKey(); if (operationalKey == nullptr) { - return CHIP_ERROR_INVALID_ARGUMENT; + return CHIP_ERROR_INCORRECT_STATE; } // Verify that public key in NOC matches public key generated by node and sent in CSRResponse message.