security: Handle certificate decoding error in validation process Change-Id: I6365db2d9fd58c4dd5d7e1f840cc85253381e03c Refs: #2212

commit: 80979bacc4cf933ef8867fc3ef6bec335aba7771 [log] [tgz]
author: Yingdi Yu <yuyingdi@gmail.com> Tue Nov 25 14:38:36 2014 -0800
committer: Yingdi Yu <yuyingdi@gmail.com> Wed Nov 26 12:03:08 2014 -0800
tree: 16d32116cb70bfb1c21554294a034e75fe643164
parent: dfb8a61aa6005b5184196257a9671656b7f274ad [diff] [blame]
diff --git a/src/security/certificate.cpp b/src/security/certificate.cpp
index 3af9bf9..67c440b 100644
--- a/src/security/certificate.cpp
+++ b/src/security/certificate.cpp

@@ -30,9 +30,15 @@
 #include "cryptopp.hpp"
 #include "../encoding/cryptopp/asn_ext.hpp"
 #include "../encoding/buffer-stream.hpp"
+#include "../util/concepts.hpp"
 
 namespace ndn {
 
+BOOST_CONCEPT_ASSERT((WireEncodable<Certificate>));
+BOOST_CONCEPT_ASSERT((WireDecodable<Certificate>));
+static_assert(std::is_base_of<tlv::Error, Certificate::Error>::value,
+              "Certificate::Error must inherit from tlv::Error");
+
 Certificate::Certificate()
   : m_notBefore(time::system_clock::TimePoint::max())
   , m_notAfter(time::system_clock::TimePoint::min())
@@ -46,9 +52,21 @@
   decode();
 }
 
+Certificate::Certificate(const Block& block)
+  : Data(block)
+{
+  decode();
+}
+
 Certificate::~Certificate()
 {
-  //TODO:
+}
+
+void
+Certificate::wireDecode(const Block& wire)
+{
+  Data::wireDecode(wire);
+  decode();
 }
 
 bool
@@ -177,66 +195,71 @@
 {
   using namespace CryptoPP;
 
-  OBufferStream os;
-  StringSource source(getContent().value(), getContent().value_size(), true);
+  try {
+    OBufferStream os;
+    StringSource source(getContent().value(), getContent().value_size(), true);
 
-  // idCert ::= SEQUENCE {
-  //     validity            Validity,
-  //     subject             Name,
-  //     subjectPubKeyInfo   SubjectPublicKeyInfo,
-  //     extension           Extensions OPTIONAL   }
-  BERSequenceDecoder idCert(source);
-  {
-    // Validity ::= SEQUENCE {
-    //       notBefore           Time,
-    //       notAfter            Time   }
-    BERSequenceDecoder validity(idCert);
+    // idCert ::= SEQUENCE {
+    //     validity            Validity,
+    //     subject             Name,
+    //     subjectPubKeyInfo   SubjectPublicKeyInfo,
+    //     extension           Extensions OPTIONAL   }
+    BERSequenceDecoder idCert(source);
     {
-      BERDecodeTime(validity, m_notBefore);
-      BERDecodeTime(validity, m_notAfter);
-    }
-    validity.MessageEnd();
-
-    // Name ::= CHOICE {
-    //     RDNSequence   }
-    //
-    // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-    m_subjectDescriptionList.clear();
-    BERSequenceDecoder name(idCert);
-    {
-      while (!name.EndReached())
-        {
-          m_subjectDescriptionList.push_back(CertificateSubjectDescription(name));
-        }
-    }
-    name.MessageEnd();
-
-    // SubjectPublicKeyInfo ::= SEQUENCE {
-    //     algorithm           AlgorithmIdentifier
-    //     keybits             BIT STRING   }
-    m_key.decode(idCert);
-
-    // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-    //
-    // Extension ::= SEQUENCE {
-    //        extnID      OBJECT IDENTIFIER,
-    //        critical    BOOLEAN DEFAULT FALSE,
-    //        extnValue   OCTET STRING  }
-    m_extensionList.clear();
-    if (!idCert.EndReached())
+      // Validity ::= SEQUENCE {
+      //       notBefore           Time,
+      //       notAfter            Time   }
+      BERSequenceDecoder validity(idCert);
       {
-        BERSequenceDecoder extensions(idCert);
-        {
-          while (!extensions.EndReached())
-            {
-              m_extensionList.push_back(CertificateExtension(extensions));
-            }
-        }
-        extensions.MessageEnd();
+        BERDecodeTime(validity, m_notBefore);
+        BERDecodeTime(validity, m_notAfter);
       }
-  }
+      validity.MessageEnd();
 
-  idCert.MessageEnd();
+      // Name ::= CHOICE {
+      //     RDNSequence   }
+      //
+      // RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+      m_subjectDescriptionList.clear();
+      BERSequenceDecoder name(idCert);
+      {
+        while (!name.EndReached())
+          {
+            m_subjectDescriptionList.push_back(CertificateSubjectDescription(name));
+          }
+      }
+      name.MessageEnd();
+
+      // SubjectPublicKeyInfo ::= SEQUENCE {
+      //     algorithm           AlgorithmIdentifier
+      //     keybits             BIT STRING   }
+      m_key.decode(idCert);
+
+      // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+      //
+      // Extension ::= SEQUENCE {
+      //        extnID      OBJECT IDENTIFIER,
+      //        critical    BOOLEAN DEFAULT FALSE,
+      //        extnValue   OCTET STRING  }
+      m_extensionList.clear();
+      if (!idCert.EndReached())
+        {
+          BERSequenceDecoder extensions(idCert);
+          {
+            while (!extensions.EndReached())
+              {
+                m_extensionList.push_back(CertificateExtension(extensions));
+              }
+          }
+          extensions.MessageEnd();
+        }
+    }
+
+    idCert.MessageEnd();
+  }
+  catch (CryptoPP::BERDecodeErr&) {
+    throw Error("Certificate Decoding Error");
+  }
 }
 
 void
@@ -320,4 +343,12 @@
 
 }
 
+std::ostream&
+operator<<(std::ostream& os, const Certificate& cert)
+{
+  cert.printCertificate(os);
+  return os;
+}
+
+
 } // namespace ndn
commit	80979bacc4cf933ef8867fc3ef6bec335aba7771	[log] [tgz]
author	Yingdi Yu <yuyingdi@gmail.com>	Tue Nov 25 14:38:36 2014 -0800
committer	Yingdi Yu <yuyingdi@gmail.com>	Wed Nov 26 12:03:08 2014 -0800
tree	16d32116cb70bfb1c21554294a034e75fe643164
parent	dfb8a61aa6005b5184196257a9671656b7f274ad [diff] [blame]