From 2061522a7c6991d92ff5ae202947425243d2fcbf Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Wed, 7 Dec 2022 11:57:13 -0500 Subject: [PATCH] Stop using the "cd", "paa", "certs" abbreviations in Darwin APIs. (#23937) Fixes https://github.com/project-chip/connectedhomeip/issues/23915 --- .../commands/common/CHIPCommandBridge.mm | 2 +- .../CHIP/MTRDeviceControllerFactory.h | 22 +++++++++---- .../CHIP/MTRDeviceControllerFactory.mm | 33 +++++++++++++++---- 3 files changed, 44 insertions(+), 13 deletions(-) diff --git a/examples/darwin-framework-tool/commands/common/CHIPCommandBridge.mm b/examples/darwin-framework-tool/commands/common/CHIPCommandBridge.mm index e886eed2c56b0c..613a7737181b52 100644 --- a/examples/darwin-framework-tool/commands/common/CHIPCommandBridge.mm +++ b/examples/darwin-framework-tool/commands/common/CHIPCommandBridge.mm @@ -124,7 +124,7 @@ NSArray * paaCertResults; ReturnLogErrorOnFailure(GetPAACertsFromFolder(&paaCertResults)); if ([paaCertResults count] > 0) { - params.paaCerts = paaCertResults; + params.productAttestationAuthorityCertificates = paaCertResults; } NSError * error; diff --git a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.h b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.h index 2169aede2861a9..34dc57bee7b47f 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.h +++ b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.h @@ -21,6 +21,7 @@ */ #import +#import NS_ASSUME_NONNULL_BEGIN @@ -52,16 +53,21 @@ MTR_NEWLY_AVAILABLE /* * The Product Attestation Authority certificates that are trusted to sign - * device attestation information. Defaults to nil. + * device attestation information (and in particular to sign Product Attestation + * Intermediate certificates, which then sign Device Attestation Certificates). * + * Defaults to nil. */ -@property (nonatomic, copy, nullable) NSArray * paaCerts; +@property (nonatomic, copy, nullable) NSArray * productAttestationAuthorityCertificates; /* - * The Certificate Declaration certificates that are trusted to sign - * device attestation information. Defaults to nil. + * The Certification Declaration certificates whose public keys correspond to + * private keys that are trusted to sign certification declarations. Defaults + * to nil. * + * These certificates are used in addition to, not replacing, the default set of + * well-known certification declaration signing keys. */ -@property (nonatomic, copy, nullable) NSArray * cdCerts; +@property (nonatomic, copy, nullable) NSArray * certificationDeclarationCertificates; /* * The network port to bind to. If not specified, an ephemeral port will be * used. @@ -145,7 +151,11 @@ MTR_NEWLY_DEPRECATED("Please use MTRDeviceControllerFactoryParams") @interface MTRControllerFactoryParams : MTRDeviceControllerFactoryParams @property (nonatomic, strong, readonly) id storageDelegate MTR_NEWLY_DEPRECATED( "Please use the storage property"); -@property (nonatomic, assign) BOOL startServer; +@property (nonatomic, assign) BOOL startServer MTR_NEWLY_DEPRECATED("Please use shouldStartServer"); +@property (nonatomic, copy, nullable) + NSArray * paaCerts MTR_NEWLY_DEPRECATED("Please use productAttestationAuthorityCertificates"); +@property (nonatomic, copy, nullable) + NSArray * cdCerts MTR_NEWLY_DEPRECATED("Please use certificationDeclarationCertificates"); @end MTR_NEWLY_DEPRECATED("Please use MTRDeviceControllerFactory") diff --git a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm index f089a000fdd41c..d0040a2caf54ba 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm +++ b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm @@ -324,8 +324,9 @@ - (BOOL)startControllerFactory:(MTRDeviceControllerFactoryParams *)startupParams // Initialize device attestation verifier const Credentials::AttestationTrustStore * trustStore; - if (startupParams.paaCerts) { - _attestationTrustStoreBridge = new MTRAttestationTrustStoreBridge(startupParams.paaCerts); + if (startupParams.productAttestationAuthorityCertificates) { + _attestationTrustStoreBridge + = new MTRAttestationTrustStoreBridge(startupParams.productAttestationAuthorityCertificates); if (_attestationTrustStoreBridge == nullptr) { MTR_LOG_ERROR("Error: %@", kErrorAttestationTrustStoreInit); errorCode = CHIP_ERROR_NO_MEMORY; @@ -343,7 +344,7 @@ - (BOOL)startControllerFactory:(MTRDeviceControllerFactoryParams *)startupParams return; } - if (startupParams.cdCerts) { + if (startupParams.certificationDeclarationCertificates) { auto cdTrustStore = _deviceAttestationVerifier->GetCertificationDeclarationTrustStore(); if (cdTrustStore == nullptr) { MTR_LOG_ERROR("Error: %@", kErrorCDCertStoreInit); @@ -351,7 +352,7 @@ - (BOOL)startControllerFactory:(MTRDeviceControllerFactoryParams *)startupParams return; } - for (NSData * cdSigningCert in startupParams.cdCerts) { + for (NSData * cdSigningCert in startupParams.certificationDeclarationCertificates) { errorCode = cdTrustStore->AddTrustedKey(AsByteSpan(cdSigningCert)); if (errorCode != CHIP_NO_ERROR) { MTR_LOG_ERROR("Error: %@", kErrorCDCertStoreInit); @@ -771,8 +772,8 @@ - (instancetype)initWithStorage:(id)storage _storage = storage; _otaProviderDelegate = nil; - _paaCerts = nil; - _cdCerts = nil; + _productAttestationAuthorityCertificates = nil; + _certificationDeclarationCertificates = nil; _port = nil; _shouldStartServer = NO; @@ -845,4 +846,24 @@ - (void)setStartServer:(BOOL)startServer self.shouldStartServer = startServer; } +- (nullable NSArray *)paaCerts +{ + return self.productAttestationAuthorityCertificates; +} + +- (void)setPaaCerts:(nullable NSArray *)paaCerts +{ + self.productAttestationAuthorityCertificates = paaCerts; +} + +- (nullable NSArray *)cdCerts +{ + return self.certificationDeclarationCertificates; +} + +- (void)setCdCerts:(nullable NSArray *)cdCerts +{ + self.certificationDeclarationCertificates = cdCerts; +} + @end