search

arduino / WiFi101-FirmwareUpdater-Plugin

WiFi101 Firmware Updater Tool for Arduino IDE
13 stars 23 forks source link

Wrong SHA1 name hash for certain certificates. #23

Closed cruxic closed 5 years ago

cruxic commented 5 years ago

WiFi101Certificate.getSubjectValueHash() gives the wrong SHA1 hash for certain certificates. This causes the WINC1500 to abort the connection because it looks up root certificates based on the SHA1 hash.

The fix is to insert the following code to WiFi101Certificate.extractPrintableString().

if (obj instanceof DERUTF8String) {
    DERUTF8String s = (DERUTF8String) obj;
    return s.getString().getBytes();
}

I have attached a root certificate which has this problem. The Subject is: Subject: C = US, ST = Oregon, O = Videx Inc, CN = AdamRoot14

Without the above fix the hash only includes the "US" field. After the fix the hash should be: ff 30 42 29 25 45 fe 91 34 0b 35 e9 8e 0a 07 e0 07 fd e2 5a

One more note: I'm using WiFi101Certificate.java in a stand-alone program (outside of any Arduino plugin). I'm using bouncy-castle version 160.

cruxic commented 5 years ago

public certificate in PEM format: -----BEGIN CERTIFICATE----- MIIDZDCCAkygAwIBAgIJAME8k1m8si2eMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNV BAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xEjAQBgNVBAoMCVZpZGV4IEluYzETMBEG A1UEAwwKQWRhbVJvb3QxNDAeFw0xODA5MDYyMDA3NTJaFw0yMzA5MDYyMDA3NTJa MEcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xEjAQBgNVBAoMCVZpZGV4 IEluYzETMBEGA1UEAwwKQWRhbVJvb3QxNDCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBANchXG1T+uNZpcrOnhvkJyuPewIqacjGd55axU1eCcc4d3h7E3KG 7nr79o5basCKSEGkL6kQ3bJfMQrLr4UeeRiqqzioSvmY/ojOVOV1JrA1IunemKFj BF89Cfb6pyeSYhlWmJUSGgAObz2T1wS+Q/zWLVRtNdycsE09H7svIMVbRjxT8sfR vet7WZIp/6E3ydNCUy9dPoPaL/+DzzqB+VLgV4fFqeJodoG1E9OxEToSM5KKsdrD t42kGGlBf+Cs0sjDIlQpaYNAKKR7QAqO2ZU1AUAKYKulYe7Q9wbB4WKld/HbPF0s nHNeL/HKb4dPJ8yOgUEWe0fBC2saGCet6S8CAwEAAaNTMFEwHQYDVR0OBBYEFJKw stqY5pnHaThNH0r4MHGjS4VZMB8GA1UdIwQYMBaAFJKwstqY5pnHaThNH0r4MHGj S4VZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGbgDnIecGjg EHX0fRjRtE7DsGT+j71kE/vOIvdNL4JkU9YK2g2yCflNWPUMwaACl1xx8OVIW+9p KeGqgC38QT/k4mr4wr6ZEyIn1APFt8fRC7ibfAWvEZfe/qh07dJOltHeUu7HafWZ ZYm/Szu1zhyh602odTpHKVRgjPyrhSaCDofqvOB0jLwYj9h/E0pOLh8RU42FQ3be PF6a4KVAMeX/nUyj0kSU/67B92Co4pmwqUXxyxIbewvzSFHaGVdQhdEwCItKiAXM +zzDdAwLvu8eEUfa79NNaEJdJ8GmC7Rx1YFVviMTeKNCUT9BwqllDKQ7u33N+V26 vMlo0Kfjgv4= -----END CERTIFICATE-----

sandeepmistry commented 5 years ago

Hi @cruxic,

Thanks for reporting this! Would you be interested in opening a pull request for your suggested change?

sandeepmistry commented 5 years ago

Closed via #24.