From 9a16b51c28f5e60816026c1111703a1622e534f0 Mon Sep 17 00:00:00 2001
From: stephb9959 <stephane.bourque@gmail.com>
Date: Thu, 16 Mar 2023 21:59:31 -0700
Subject: [PATCH] https://telecominfraproject.atlassian.net/browse/WIFI-12337

Signed-off-by: stephb9959 <stephane.bourque@gmail.com>
---
 build                      |  2 +-
 src/rttys/RTTYS_server.cpp | 51 +++++++++++++++++++++++++-------------
 2 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/build b/build
index eaf7a13d..7730ef7f 100644
--- a/build
+++ b/build
@@ -1 +1 @@
-87
\ No newline at end of file
+89
\ No newline at end of file
diff --git a/src/rttys/RTTYS_server.cpp b/src/rttys/RTTYS_server.cpp
index f8c4fbee..4f922987 100644
--- a/src/rttys/RTTYS_server.cpp
+++ b/src/rttys/RTTYS_server.cpp
@@ -185,7 +185,7 @@ namespace OpenWifi {
 			Poco::Net::SocketAddress Client;
 			Poco::Net::StreamSocket NewSocket = pNf->socket().impl()->acceptConnection(Client);
 			if (NewSocket.impl()->secure()) {
-				auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl());
+/*				auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(NewSocket.impl());
 				auto PeerAddress_ = SS->peerAddress().host();
 				auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
 				poco_debug(Logger(),fmt::format("Completing TLS handshake: {}", CId_));
@@ -213,6 +213,7 @@ namespace OpenWifi {
 					AddNewSocket(NewSocket);
 					return;
 				}
+				*/
 				AddNewSocket(NewSocket);
 				return;
 			}
@@ -329,25 +330,41 @@ namespace OpenWifi {
 			}
 			if (ConnectionEp->mTLS_) {
 				poco_information(Logger(),fmt::format("{}: Validation of certificate in progress.", ConnectionEp->SerialNumber_));
-				auto SS = dynamic_cast<Poco::Net::SecureSocketImpl *>(Socket.impl());
-				auto CId_ = SS->getPeerHostName();
-//				auto PeerAddress_ = SS->peerAddress().host();
-//				auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
-//				if (SS->havePeerCertificate()) {
-					Poco::Crypto::X509Certificate PeerCert(SS->peerCertificate());
-					auto CN = Poco::trim(Poco::toLower(PeerCert.commonName()));
-					if (AP_WS_Server()->ValidateCertificate(CId_, PeerCert)) {
-						poco_information(
-							Logger(),
-							fmt::format("Device mTLS {} has been validated from {}.", CN, CId_));
+				if(Socket.secure()) {
+					auto SS = dynamic_cast<Poco::Net::SecureStreamSocketImpl *>(Socket.impl());
+					if (SS != nullptr) {
+						auto PeerAddress_ = SS->peerAddress().host();
+						auto CId_ = Utils::FormatIPv6(SS->peerAddress().toString());
+						if (SS->havePeerCertificate()) {
+							Poco::Crypto::X509Certificate PeerCert(SS->peerCertificate());
+							auto CN = Poco::trim(Poco::toLower(PeerCert.commonName()));
+							if (AP_WS_Server()->ValidateCertificate(CId_, PeerCert)) {
+								poco_information(
+									Logger(),
+									fmt::format("Device mTLS {} has been validated from {}.", CN,
+												CId_));
+							} else {
+								poco_warning(Logger(),
+											 fmt::format("Device failed mTLS validation {}. Certificate fails validation.",
+														 CId_));
+								return false;
+							}
+						} else {
+							poco_warning(
+								Logger(),
+								fmt::format("Device failed mTLS validation {} (no certificate).",
+											CId_));
+							return false;
+						}
 					} else {
-						poco_warning(Logger(), fmt::format("Device failed mTLS validation {}. Certificate fails validation.", CId_));
+						poco_error(Logger(), fmt::format("{}: Cannot convert to secure stream",
+														 ConnectionEp->SerialNumber_));
 						return false;
 					}
-//				} else {
-//					poco_warning(Logger(), fmt::format("Device failed mTLS validation {} (no certificate).", CId_));
-//					return false;
-//				}
+				} else {
+					poco_error(Logger(),fmt::format("{}: Socket is not secure", ConnectionEp->SerialNumber_));
+					return false;
+				}
 			}
 
 			ConnectionEp->Device_fd = fd;