Commit 21f372c6 authored by garciay's avatar garciay
Browse files

STF507: Bug fixed in decodeCertificate method

parent 7b1508fd
......@@ -212,7 +212,7 @@ public class SecurityHelper {
if (p_headerfields[signerInfoTypeIndex] == 0x02) { // SignerInfo Type: Certificate (2)
signerInfoTypeIndex += 1;
// Extract certificate because of it is an Other message profile
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, p_keys);
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, p_keys, p_enforceSecurityCheck);
if (certificate == null) {
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Certificate not decoded");
if (p_enforceSecurityCheck) {
......@@ -261,7 +261,7 @@ public class SecurityHelper {
do {
// Extract certificate because of it is an Other message profile
keys = new ByteArrayOutputStream();
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, keys);
byte[] certificate = decodeCertificate(p_headerfields, signerInfoTypeIndex, keys, p_enforceSecurityCheck);
if (certificate == null) {
// Drop it
System.err.println("SecurityHelper.checkHeaderfields: Drop packet - Failed to decode chain of certificate");
......@@ -345,7 +345,7 @@ public class SecurityHelper {
return true;
}
public byte[] decodeCertificate(final byte[] p_headerfields, final int p_offset, final ByteArrayOutputStream p_keys) {
public byte[] decodeCertificate(final byte[] p_headerfields, final int p_offset, final ByteArrayOutputStream p_keys, final boolean p_enforceSecurityCheck) {
System.out.println(">>> SecurityHelper.decodeCertificate: " + ByteHelper.byteArrayToString(ByteHelper.extract(p_headerfields, p_offset, p_headerfields.length - p_offset)));
ByteArrayInputStream headerfields = new ByteArrayInputStream(p_headerfields, p_offset, p_headerfields.length - p_offset);
......@@ -356,7 +356,10 @@ public class SecurityHelper {
cert.write((byte)headerfields.read());
if (cert.toByteArray()[0] != 0x02) {
System.err.println("SecurityHelper.decodeCertificate: Wrong version number");
return null;
if (p_enforceSecurityCheck) {
// Drop it
return null;
} // else continue
}
// SignerInfo type
byte signerInfoType = (byte)headerfields.read();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment