From 1357224cbc32f5ef25af90dc252899d400f6db20 Mon Sep 17 00:00:00 2001 From: joonhaengHeo <85541460+joonhaengHeo@users.noreply.github.com> Date: Sat, 3 Feb 2024 02:39:48 +0900 Subject: [PATCH] [Android] Add skipAttestationCertificateValidation (#31848) * Add Android skipAttestationCertificateValidation * Restyled by google-java-format * Restyled by clang-format --------- Co-authored-by: Restyled.io --- .../java/AndroidDeviceControllerWrapper.cpp | 14 +++++++++--- .../java/AndroidDeviceControllerWrapper.h | 2 +- .../java/CHIPDeviceController-JNI.cpp | 16 ++++++++++---- .../devicecontroller/ControllerParams.java | 22 +++++++++++++++++++ 4 files changed, 46 insertions(+), 8 deletions(-) diff --git a/src/controller/java/AndroidDeviceControllerWrapper.cpp b/src/controller/java/AndroidDeviceControllerWrapper.cpp index 29f055560527d6..b02e93ba48c8a7 100644 --- a/src/controller/java/AndroidDeviceControllerWrapper.cpp +++ b/src/controller/java/AndroidDeviceControllerWrapper.cpp @@ -104,7 +104,8 @@ AndroidDeviceControllerWrapper * AndroidDeviceControllerWrapper::AllocateNew( #endif jobject keypairDelegate, jbyteArray rootCertificate, jbyteArray intermediateCertificate, jbyteArray nodeOperationalCertificate, jbyteArray ipkEpochKey, uint16_t listenPort, uint16_t controllerVendorId, uint16_t failsafeTimerSeconds, - bool attemptNetworkScanWiFi, bool attemptNetworkScanThread, bool skipCommissioningComplete, CHIP_ERROR * errInfoOnFailure) + bool attemptNetworkScanWiFi, bool attemptNetworkScanThread, bool skipCommissioningComplete, + bool skipAttestationCertificateValidation, CHIP_ERROR * errInfoOnFailure) { if (errInfoOnFailure == nullptr) { @@ -168,8 +169,15 @@ AndroidDeviceControllerWrapper * AndroidDeviceControllerWrapper::AllocateNew( #endif // Initialize device attestation verifier - const chip::Credentials::AttestationTrustStore * testingRootStore = chip::Credentials::GetTestAttestationTrustStore(); - chip::Credentials::SetDeviceAttestationVerifier(GetDefaultDACVerifier(testingRootStore)); + if (skipAttestationCertificateValidation) + { + chip::Credentials::SetDeviceAttestationVerifier(wrapper->GetPartialDACVerifier()); + } + else + { + const chip::Credentials::AttestationTrustStore * testingRootStore = chip::Credentials::GetTestAttestationTrustStore(); + chip::Credentials::SetDeviceAttestationVerifier(GetDefaultDACVerifier(testingRootStore)); + } *errInfoOnFailure = wrapper->mICDClientStorage.Init(wrapperStorage, &wrapper->mSessionKeystore); if (*errInfoOnFailure != CHIP_NO_ERROR) diff --git a/src/controller/java/AndroidDeviceControllerWrapper.h b/src/controller/java/AndroidDeviceControllerWrapper.h index 69a7fe75c0bf0b..d5b07cf7164a75 100644 --- a/src/controller/java/AndroidDeviceControllerWrapper.h +++ b/src/controller/java/AndroidDeviceControllerWrapper.h @@ -184,7 +184,7 @@ class AndroidDeviceControllerWrapper : public chip::Controller::DevicePairingDel jobject keypairDelegate, jbyteArray rootCertificate, jbyteArray intermediateCertificate, jbyteArray nodeOperationalCertificate, jbyteArray ipkEpochKey, uint16_t listenPort, uint16_t controllerVendorId, uint16_t failsafeTimerSeconds, bool attemptNetworkScanWiFi, bool attemptNetworkScanThread, - bool skipCommissioningComplete, CHIP_ERROR * errInfoOnFailure); + bool skipCommissioningComplete, bool skipAttestationCertificateValidation, CHIP_ERROR * errInfoOnFailure); void Shutdown(); diff --git a/src/controller/java/CHIPDeviceController-JNI.cpp b/src/controller/java/CHIPDeviceController-JNI.cpp index b32c207fcf92f9..10d98089d5d9f4 100644 --- a/src/controller/java/CHIPDeviceController-JNI.cpp +++ b/src/controller/java/CHIPDeviceController-JNI.cpp @@ -323,6 +323,11 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr &getSkipCommissioningComplete); SuccessOrExit(err); + jmethodID getSkipAttestationCertificateValidation; + err = chip::JniReferences::GetInstance().FindMethod(env, controllerParams, "getSkipAttestationCertificateValidation", "()Z", + &getSkipAttestationCertificateValidation); + SuccessOrExit(err); + jmethodID getCountryCode; err = chip::JniReferences::GetInstance().FindMethod(env, controllerParams, "getCountryCode", "()Ljava/util/Optional;", &getCountryCode); @@ -372,9 +377,11 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr uint16_t failsafeTimerSeconds = static_cast(env->CallIntMethod(controllerParams, getFailsafeTimerSeconds)); uint16_t caseFailsafeTimerSeconds = static_cast(env->CallIntMethod(controllerParams, getCASEFailsafeTimerSeconds)); - bool attemptNetworkScanWiFi = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanWiFi); - bool attemptNetworkScanThread = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanThread); - bool skipCommissioningComplete = env->CallBooleanMethod(controllerParams, getSkipCommissioningComplete); + bool attemptNetworkScanWiFi = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanWiFi); + bool attemptNetworkScanThread = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanThread); + bool skipCommissioningComplete = env->CallBooleanMethod(controllerParams, getSkipCommissioningComplete); + bool skipAttestationCertificateValidation = + env->CallBooleanMethod(controllerParams, getSkipAttestationCertificateValidation); uint64_t adminSubject = static_cast(env->CallLongMethod(controllerParams, getAdminSubject)); jobject countryCodeOptional = env->CallObjectMethod(controllerParams, getCountryCode); jobject regulatoryLocationOptional = env->CallObjectMethod(controllerParams, getRegulatoryLocation); @@ -390,7 +397,8 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr sJVM, self, kLocalDeviceId, fabricId, chip::kUndefinedCATs, &DeviceLayer::SystemLayer(), DeviceLayer::TCPEndPointManager(), DeviceLayer::UDPEndPointManager(), std::move(opCredsIssuer), keypairDelegate, rootCertificate, intermediateCertificate, operationalCertificate, ipk, listenPort, controllerVendorId, - failsafeTimerSeconds, attemptNetworkScanWiFi, attemptNetworkScanThread, skipCommissioningComplete, &err); + failsafeTimerSeconds, attemptNetworkScanWiFi, attemptNetworkScanThread, skipCommissioningComplete, + skipAttestationCertificateValidation, &err); SuccessOrExit(err); if (caseFailsafeTimerSeconds > 0) diff --git a/src/controller/java/src/chip/devicecontroller/ControllerParams.java b/src/controller/java/src/chip/devicecontroller/ControllerParams.java index c52147f73b83b1..ca41cf900902af 100644 --- a/src/controller/java/src/chip/devicecontroller/ControllerParams.java +++ b/src/controller/java/src/chip/devicecontroller/ControllerParams.java @@ -14,6 +14,7 @@ public final class ControllerParams { private final boolean attemptNetworkScanWiFi; private final boolean attemptNetworkScanThread; private final boolean skipCommissioningComplete; + private final boolean skipAttestationCertificateValidation; private final Optional countryCode; private final Optional regulatoryLocationType; @Nullable private final KeypairDelegate keypairDelegate; @@ -33,6 +34,7 @@ private ControllerParams(Builder builder) { this.attemptNetworkScanWiFi = builder.attemptNetworkScanWiFi; this.attemptNetworkScanThread = builder.attemptNetworkScanThread; this.skipCommissioningComplete = builder.skipCommissioningComplete; + this.skipAttestationCertificateValidation = builder.skipAttestationCertificateValidation; this.countryCode = builder.countryCode; this.regulatoryLocationType = builder.regulatoryLocationType; this.keypairDelegate = builder.keypairDelegate; @@ -76,6 +78,10 @@ public boolean getSkipCommissioningComplete() { return skipCommissioningComplete; } + public boolean getSkipAttestationCertificateValidation() { + return skipAttestationCertificateValidation; + } + public Optional getCountryCode() { return countryCode; } @@ -137,6 +143,7 @@ public static class Builder { private boolean attemptNetworkScanWiFi = false; private boolean attemptNetworkScanThread = false; private boolean skipCommissioningComplete = false; + private boolean skipAttestationCertificateValidation = false; private Optional countryCode = Optional.empty(); private Optional regulatoryLocationType = Optional.empty(); @Nullable private KeypairDelegate keypairDelegate = null; @@ -257,6 +264,21 @@ public Builder setSkipCommissioningComplete(boolean skipCommissioningComplete) { return this; } + /** + * Used when the Commissioner disables Attestation Certificate Validation. + * + *

Specifically, this sets SkipAttestationCertificateValidation in the + * CommissioningParameters passed to the CommissioningDelegate. + * + * @param skipAttestationCertificateValidation + * @return + */ + public Builder setSkipAttestationCertificateValidation( + boolean skipAttestationCertificateValidation) { + this.skipAttestationCertificateValidation = skipAttestationCertificateValidation; + return this; + } + /** * Sets the Regulatory Location country code passed to ChipDeviceCommissioner's * CommissioningParameters.