From e3cb235a806f9da339f4bb9ae07f5ac5cd8b25f3 Mon Sep 17 00:00:00 2001
From: Sachin Agrawal <sachin.agrawal@intel.com>
Date: Fri, 25 Sep 2015 08:36:48 -0700
Subject: [PATCH] Removed the filter to add 'identity' info on selective
 connections

Ir-respective of the end-point being a SERVER or CLIENT, it may be
useful for RI and upper layers to know the true identity of the sender
of the message. Therefore, removed the filter which was checking for
'SERVER' only mode.

Change-Id: I21cda0a645d79df6df3a3a4113cccbac4a7ae8d6
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/2949
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
---
 .../src/adapter_util/caadapternetdtls.c            | 62 +++++++++++-----------
 1 file changed, 32 insertions(+), 30 deletions(-)

diff --git a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
index 0359cca..4ef1397 100644
--- a/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
+++ b/resource/csdk/connectivity/src/adapter_util/caadapternetdtls.c
@@ -573,22 +573,18 @@ static int32_t CAGetPskCredentials(dtls_context_t *ctx,
         {
             if (memcmp(desc, credInfo->creds[index].id, DTLS_PSK_ID_LEN) == 0)
             {
-                if(NULL != ctx->peers && DTLS_SERVER == ctx->peers->role )
+                // TODO SRM needs identity of the remote end-point with every data packet to
+                // perform access control management. tinyDTLS 'frees' the handshake parameters
+                // data structure when handshake completes. Therefore, currently this is a
+                // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
+                stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+                char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+                uint16_t port = 0;
+                CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
+
+                if(CA_STATUS_OK != CAAddIdToPeerInfoList(peerAddr, port, desc, descLen) )
                 {
-                    // TODO SRM needs identity of the remote end-point with every data packet to
-                    // perform access control management. tinyDTLS 'frees' the handshake parameters
-                    // data structure when handshake completes. Therefore, currently this is a
-                    // workaround to cache remote end-point identity when tinyDTLS asks for PSK.
-                    stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
-                    char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
-                    uint16_t port = 0;
-                    CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
-                    CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port, desc, descLen);
-                    if(CA_STATUS_OK != result )
-                    {
-                        OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
-                    }
+                    OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
                 }
                 memcpy(result, credInfo->creds[index].psk, DTLS_PSK_PSK_LEN);
                 ret = DTLS_PSK_PSK_LEN;
@@ -940,6 +936,11 @@ static int CAVerifyCertificate(struct dtls_context_t *ctx, const session_t *sess
     ByteArray caPubKey = BYTE_ARRAY_INITIALIZER;
     unsigned char ca_pub_key[PUBLIC_KEY_SIZE];
 
+    if ( !ctx ||  !session ||  !cert || !x || !y)
+    {
+        return -PKI_NULL_PASSED;
+    }
+
     CAGetRootKey (&ca_pub_x, &ca_pub_y);
 
     certDerCode.data = (uint8_t *)cert;
@@ -968,26 +969,27 @@ static int CAVerifyCertificate(struct dtls_context_t *ctx, const session_t *sess
     memcpy(x, crtChain[0].pubKey.data, xLen);
     memcpy(y, crtChain[0].pubKey.data + PUBLIC_KEY_SIZE / 2, yLen);
 
+    stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
+    char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
+    uint16_t port = 0;
+    CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
 
-    if (NULL != ctx->peers && DTLS_SERVER == ctx->peers->role )
+    CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port,
+            crtChain[0].subject.data + DER_SUBJECT_HEADER_LEN + 2, crtChain[0].subject.data[DER_SUBJECT_HEADER_LEN + 1]);
+    if (CA_STATUS_OK != result )
     {
-        stCADtlsAddrInfo_t *addrInfo = (stCADtlsAddrInfo_t *)session;
-        char peerAddr[MAX_ADDR_STR_SIZE_CA] = { 0 };
-        uint16_t port = 0;
-        CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
-
-        CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port,
-        crtChain[0].subject.data + DER_SUBJECT_HEADER_LEN + 2, crtChain[0].subject.data[DER_SUBJECT_HEADER_LEN + 1]);
-        if (CA_STATUS_OK != result )
-        {
-            OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
-        }
+        OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
     }
 
-
 exit:
-    if (ret != 0) OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification FAILED\n");
-    else OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification SUCCESS\n");
+    if (ret != 0)
+    {
+        OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification FAILED\n");
+    }
+    else
+    {
+        OIC_LOG(DEBUG, NET_DTLS_TAG, "Certificate verification SUCCESS\n");
+    }
     return -ret;
 }
 
-- 
2.7.4