Skip to content

Commit

Permalink
Stop using the "cd", "paa", "certs" abbreviations in Darwin APIs. (#2…
Browse files Browse the repository at this point in the history
  • Loading branch information
bzbarsky-apple authored and pull[bot] committed Oct 11, 2023
1 parent 57e5acf commit 4a78ded
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@
NSArray<NSData *> * paaCertResults;
ReturnLogErrorOnFailure(GetPAACertsFromFolder(&paaCertResults));
if ([paaCertResults count] > 0) {
params.paaCerts = paaCertResults;
params.productAttestationAuthorityCertificates = paaCertResults;
}

NSError * error;
Expand Down
22 changes: 16 additions & 6 deletions src/darwin/Framework/CHIP/MTRDeviceControllerFactory.h
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
*/

#import <Foundation/Foundation.h>
#import <Matter/MTRCertificates.h>

NS_ASSUME_NONNULL_BEGIN

Expand Down Expand Up @@ -52,16 +53,21 @@ MTR_NEWLY_AVAILABLE

/*
* The Product Attestation Authority certificates that are trusted to sign
* device attestation information. Defaults to nil.
* device attestation information (and in particular to sign Product Attestation
* Intermediate certificates, which then sign Device Attestation Certificates).
*
* Defaults to nil.
*/
@property (nonatomic, copy, nullable) NSArray<NSData *> * paaCerts;
@property (nonatomic, copy, nullable) NSArray<MTRCertificateDERBytes> * productAttestationAuthorityCertificates;
/*
* The Certificate Declaration certificates that are trusted to sign
* device attestation information. Defaults to nil.
* The Certification Declaration certificates whose public keys correspond to
* private keys that are trusted to sign certification declarations. Defaults
* to nil.
*
* These certificates are used in addition to, not replacing, the default set of
* well-known certification declaration signing keys.
*/
@property (nonatomic, copy, nullable) NSArray<NSData *> * cdCerts;
@property (nonatomic, copy, nullable) NSArray<MTRCertificateDERBytes> * certificationDeclarationCertificates;
/*
* The network port to bind to. If not specified, an ephemeral port will be
* used.
Expand Down Expand Up @@ -145,7 +151,11 @@ MTR_NEWLY_DEPRECATED("Please use MTRDeviceControllerFactoryParams")
@interface MTRControllerFactoryParams : MTRDeviceControllerFactoryParams
@property (nonatomic, strong, readonly) id<MTRPersistentStorageDelegate> storageDelegate MTR_NEWLY_DEPRECATED(
"Please use the storage property");
@property (nonatomic, assign) BOOL startServer;
@property (nonatomic, assign) BOOL startServer MTR_NEWLY_DEPRECATED("Please use shouldStartServer");
@property (nonatomic, copy, nullable)
NSArray<NSData *> * paaCerts MTR_NEWLY_DEPRECATED("Please use productAttestationAuthorityCertificates");
@property (nonatomic, copy, nullable)
NSArray<NSData *> * cdCerts MTR_NEWLY_DEPRECATED("Please use certificationDeclarationCertificates");
@end

MTR_NEWLY_DEPRECATED("Please use MTRDeviceControllerFactory")
Expand Down
33 changes: 27 additions & 6 deletions src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm
Original file line number Diff line number Diff line change
Expand Up @@ -324,8 +324,9 @@ - (BOOL)startControllerFactory:(MTRDeviceControllerFactoryParams *)startupParams

// Initialize device attestation verifier
const Credentials::AttestationTrustStore * trustStore;
if (startupParams.paaCerts) {
_attestationTrustStoreBridge = new MTRAttestationTrustStoreBridge(startupParams.paaCerts);
if (startupParams.productAttestationAuthorityCertificates) {
_attestationTrustStoreBridge
= new MTRAttestationTrustStoreBridge(startupParams.productAttestationAuthorityCertificates);
if (_attestationTrustStoreBridge == nullptr) {
MTR_LOG_ERROR("Error: %@", kErrorAttestationTrustStoreInit);
errorCode = CHIP_ERROR_NO_MEMORY;
Expand All @@ -343,15 +344,15 @@ - (BOOL)startControllerFactory:(MTRDeviceControllerFactoryParams *)startupParams
return;
}

if (startupParams.cdCerts) {
if (startupParams.certificationDeclarationCertificates) {
auto cdTrustStore = _deviceAttestationVerifier->GetCertificationDeclarationTrustStore();
if (cdTrustStore == nullptr) {
MTR_LOG_ERROR("Error: %@", kErrorCDCertStoreInit);
errorCode = CHIP_ERROR_INCORRECT_STATE;
return;
}

for (NSData * cdSigningCert in startupParams.cdCerts) {
for (NSData * cdSigningCert in startupParams.certificationDeclarationCertificates) {
errorCode = cdTrustStore->AddTrustedKey(AsByteSpan(cdSigningCert));
if (errorCode != CHIP_NO_ERROR) {
MTR_LOG_ERROR("Error: %@", kErrorCDCertStoreInit);
Expand Down Expand Up @@ -771,8 +772,8 @@ - (instancetype)initWithStorage:(id<MTRStorage>)storage

_storage = storage;
_otaProviderDelegate = nil;
_paaCerts = nil;
_cdCerts = nil;
_productAttestationAuthorityCertificates = nil;
_certificationDeclarationCertificates = nil;
_port = nil;
_shouldStartServer = NO;

Expand Down Expand Up @@ -845,4 +846,24 @@ - (void)setStartServer:(BOOL)startServer
self.shouldStartServer = startServer;
}

- (nullable NSArray<NSData *> *)paaCerts
{
return self.productAttestationAuthorityCertificates;
}

- (void)setPaaCerts:(nullable NSArray<NSData *> *)paaCerts
{
self.productAttestationAuthorityCertificates = paaCerts;
}

- (nullable NSArray<NSData *> *)cdCerts
{
return self.certificationDeclarationCertificates;
}

- (void)setCdCerts:(nullable NSArray<NSData *> *)cdCerts
{
self.certificationDeclarationCertificates = cdCerts;
}

@end

0 comments on commit 4a78ded

Please sign in to comment.