[Android] Add to set CD trust keys (#31708)

* Add to set CD trust keys * Restyled by google-java-format * Restyled by clang-format --------- Co-authored-by: Restyled.io <[email protected]>
project-chip · Apr 11, 2024 · 1958977 · 1958977
1 parent 5c8f11b
commit 1958977
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 6 deletions.
diff --git a/src/controller/java/AndroidDeviceControllerWrapper.cpp b/src/controller/java/AndroidDeviceControllerWrapper.cpp
@@ -543,7 +543,8 @@ CHIP_ERROR AndroidDeviceControllerWrapper::UpdateDeviceAttestationDelegateBridge
     return err;
 }
 
-CHIP_ERROR AndroidDeviceControllerWrapper::UpdateAttestationTrustStoreBridge(jobject attestationTrustStoreDelegate)
+CHIP_ERROR AndroidDeviceControllerWrapper::UpdateAttestationTrustStoreBridge(jobject attestationTrustStoreDelegate,
+                                                                             jobject cdTrustKeys)
 {
     CHIP_ERROR err = CHIP_NO_ERROR;
 
@@ -566,6 +567,29 @@ CHIP_ERROR AndroidDeviceControllerWrapper::UpdateAttestationTrustStoreBridge(job
     }
     mDeviceAttestationVerifier = deviceAttestationVerifier;
 
+    if (cdTrustKeys != nullptr)
+    {
+        WellKnownKeysTrustStore * cdTrustStore = mDeviceAttestationVerifier->GetCertificationDeclarationTrustStore();
+        VerifyOrExit(cdTrustStore != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
+
+        jint size;
+        err = JniReferences::GetInstance().GetListSize(cdTrustKeys, size);
+        VerifyOrExit(err == CHIP_NO_ERROR, err = CHIP_ERROR_INVALID_ARGUMENT);
+
+        for (jint i = 0; i < size; i++)
+        {
+            jobject jTrustKey = nullptr;
+            err               = JniReferences::GetInstance().GetListItem(cdTrustKeys, i, jTrustKey);
+
+            VerifyOrExit(err == CHIP_NO_ERROR, err = CHIP_ERROR_INVALID_ARGUMENT);
+
+            JNIEnv * env = JniReferences::GetInstance().GetEnvForCurrentThread();
+            JniByteArray jniTrustKey(env, static_cast<jbyteArray>(jTrustKey));
+            err = cdTrustStore->AddTrustedKey(jniTrustKey.byteSpan());
+            VerifyOrExit(err == CHIP_NO_ERROR, err = CHIP_ERROR_INVALID_ARGUMENT);
+        }
+    }
+
     mController->SetDeviceAttestationVerifier(mDeviceAttestationVerifier);
 
 exit:

diff --git a/src/controller/java/AndroidDeviceControllerWrapper.h b/src/controller/java/AndroidDeviceControllerWrapper.h
@@ -202,7 +202,7 @@ class AndroidDeviceControllerWrapper : public chip::Controller::DevicePairingDel
     CHIP_ERROR UpdateDeviceAttestationDelegateBridge(jobject deviceAttestationDelegate, chip::Optional<uint16_t> expiryTimeoutSecs,
                                                      bool shouldWaitAfterDeviceAttestation);
 
-    CHIP_ERROR UpdateAttestationTrustStoreBridge(jobject attestationTrustStoreDelegate);
+    CHIP_ERROR UpdateAttestationTrustStoreBridge(jobject attestationTrustStoreDelegate, jobject cdTrustKeys);
 
     CHIP_ERROR StartOTAProvider(jobject otaProviderDelegate);
 

diff --git a/src/controller/java/CHIPDeviceController-JNI.cpp b/src/controller/java/CHIPDeviceController-JNI.cpp
@@ -533,7 +533,7 @@ JNI_METHOD(void, setDeviceAttestationDelegate)
 }
 
 JNI_METHOD(void, setAttestationTrustStoreDelegate)
-(JNIEnv * env, jobject self, jlong handle, jobject attestationTrustStoreDelegate)
+(JNIEnv * env, jobject self, jlong handle, jobject attestationTrustStoreDelegate, jobject cdTrustKeys)
 {
     chip::DeviceLayer::StackLock lock;
     CHIP_ERROR err                           = CHIP_NO_ERROR;
@@ -544,7 +544,7 @@ JNI_METHOD(void, setAttestationTrustStoreDelegate)
     if (attestationTrustStoreDelegate != nullptr)
     {
         jobject attestationTrustStoreDelegateRef = env->NewGlobalRef(attestationTrustStoreDelegate);
-        err                                      = wrapper->UpdateAttestationTrustStoreBridge(attestationTrustStoreDelegateRef);
+        err = wrapper->UpdateAttestationTrustStoreBridge(attestationTrustStoreDelegateRef, cdTrustKeys);
         SuccessOrExit(err);
     }
 

diff --git a/src/controller/java/src/chip/devicecontroller/ChipDeviceController.java b/src/controller/java/src/chip/devicecontroller/ChipDeviceController.java
@@ -19,6 +19,7 @@
 
 import android.bluetooth.BluetoothGatt;
 import android.util.Log;
+import chip.devicecontroller.ChipDeviceController.CompletionListener;
 import chip.devicecontroller.GetConnectedDeviceCallbackJni.GetConnectedDeviceCallback;
 import chip.devicecontroller.model.AttributeWriteRequest;
 import chip.devicecontroller.model.ChipAttributePath;
@@ -117,10 +118,18 @@ public void setDeviceAttestationDelegate(
    * paa certificates before commissioning.
    *
    * @param attestationTrustStoreDelegate Delegate for attestation trust store
+   * @param cdTrustKeys certification Declaration Trust Keys
    */
+  public void setAttestationTrustStoreDelegate(
+      AttestationTrustStoreDelegate attestationTrustStoreDelegate,
+      @Nullable List<byte[]> cdTrustKeys) {
+    setAttestationTrustStoreDelegate(
+        deviceControllerPtr, attestationTrustStoreDelegate, cdTrustKeys);
+  }
+
   public void setAttestationTrustStoreDelegate(
       AttestationTrustStoreDelegate attestationTrustStoreDelegate) {
-    setAttestationTrustStoreDelegate(deviceControllerPtr, attestationTrustStoreDelegate);
+    setAttestationTrustStoreDelegate(deviceControllerPtr, attestationTrustStoreDelegate, null);
   }
 
   /**
@@ -1367,7 +1376,9 @@ private native void setDeviceAttestationDelegate(
       long deviceControllerPtr, int failSafeExpiryTimeoutSecs, DeviceAttestationDelegate delegate);
 
   private native void setAttestationTrustStoreDelegate(
-      long deviceControllerPtr, AttestationTrustStoreDelegate delegate);
+      long deviceControllerPtr,
+      AttestationTrustStoreDelegate delegate,
+      @Nullable List<byte[]> cdTrustKeys);
 
   private native void startOTAProvider(long deviceControllerPtr, OTAProviderDelegate delegate);