security: Handle certificate decoding error in validation process
Change-Id: I6365db2d9fd58c4dd5d7e1f840cc85253381e03c
Refs: #2212
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index b55cf69..149c5dc 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -593,16 +593,17 @@
return onValidationFailed(interest.shared_from_this(),
"No valid KeyLocator");
}
- catch (tlv::Error& e)
- {
- return onValidationFailed(interest.shared_from_this(),
- "Cannot decode signature");
- }
catch (IdentityCertificate::Error& e)
{
return onValidationFailed(interest.shared_from_this(),
"Cannot determine the signing key");
}
+
+ catch (tlv::Error& e)
+ {
+ return onValidationFailed(interest.shared_from_this(),
+ "Cannot decode signature");
+ }
}
void
@@ -831,8 +832,20 @@
const OnValidated& onValidated,
const OnFailed& onValidationFailed)
{
- shared_ptr<IdentityCertificate> certificate =
- make_shared<IdentityCertificate>(*signCertificate);
+ if (signCertificate->getContentType() != tlv::ContentType_Key)
+ return onValidationFailed(packet,
+ "Cannot retrieve signer's cert: " +
+ signCertificate->getName().toUri());
+
+ shared_ptr<IdentityCertificate> certificate;
+ try {
+ certificate = make_shared<IdentityCertificate>(*signCertificate);
+ }
+ catch (tlv::Error&) {
+ return onValidationFailed(packet,
+ "Cannot decode signer's cert: " +
+ signCertificate->getName().toUri());
+ }
if (!certificate->isTooLate() && !certificate->isTooEarly())
{