Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TC-OPCREDS 3.5: Automate #34345

Merged
merged 33 commits into from
Dec 6, 2024
Merged
Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
65c76cf
chore(TC_OPCREDS_3.4): skeleton class
gvargas-csa May 22, 2024
64c0cdf
Merge branch 'master' into TC_OPCREDS_3_4
gvargas-csa Jun 5, 2024
440adc1
chore(TC_OPCREDS_3.4): implementation until step CSRRequest IsForUpda…
gvargas-csa Jul 10, 2024
c74e99b
chore(TC_OPCREDS_3.4): All test step are implement using the old way …
gvargas-csa Jul 15, 2024
5c4222b
chore(TC_OPCREDS_3.4): patch from restyled code
gvargas-csa Jul 15, 2024
3987fab
chore(TC_OPCREDS_3.4): restyled by autopep8
gvargas-csa Jul 15, 2024
b32e562
chore(TC_OPCREDS_3.5): first implementation of test steps
gvargas-csa Jul 16, 2024
0c015a3
Merge remote-tracking branch 'gvargas/TC_OPCREDS_3_4' into HEAD
gvargas-csa Jul 16, 2024
bc91a9c
chore(TC_OPCREDS_3.5): ICAC modification of subjects on-hold
gvargas-csa Jul 16, 2024
fe49d16
Merge branch 'master' into HEAD
gvargas-csa Nov 20, 2024
354f982
chore(TC_OPCREDS_3.5): revert changes on commissioningBuildingBlocks
gvargas-csa Nov 21, 2024
a07c872
chore(TC_OPCREDS_3.5): revert changes on TC_OPCREDS_3_2
gvargas-csa Nov 21, 2024
aebc2d3
chore(TC_OPCREDS_3.5): revert changes on TC_OPCREDS_3_4
gvargas-csa Nov 21, 2024
d08ea3f
chore(TC_OPCREDS_3.5): draft -> flow to modify the validity of certif…
gvargas-csa Nov 22, 2024
e8377ae
chore(TC_OPCREDS_3.5): expose certificateValidityPeriod method outsid…
gvargas-csa Nov 26, 2024
7668bb3
OPCREDS-3.5: fix and add rest of steps
cecille Nov 26, 2024
c02fea5
Expire sessions properly
cecille Nov 27, 2024
bb107e9
Fix up test steps
cecille Nov 27, 2024
424b081
Merge pull request #1 from cecille/cecille_opcreds_3_5
gvargas-csa Nov 28, 2024
a548286
chore(TC_OPCREDS_3.5): remove comments and dependencies unused
gvargas-csa Nov 28, 2024
b98337e
chore(TC_OPCREDS_3.5): restyled by clang-format and isort
gvargas-csa Nov 28, 2024
5edcb01
chore(TC_OPCREDS_3.5): restyled by isort
gvargas-csa Nov 28, 2024
192fb33
chore(TC_OPCREDS_3.5): add assert validation for step 3
gvargas-csa Nov 28, 2024
cb80ad0
chore(TC_OPCREDS_3.5): modify step 3 verify that at least one of the …
gvargas-csa Nov 28, 2024
0fe9b9c
chore(TC_OPCREDS_3.5): fix restyled by autopep8
gvargas-csa Nov 28, 2024
6dd26b7
chore(TC_OPCREDS_3.5): fix validation to one or more entries in step 3
gvargas-csa Nov 28, 2024
96d4117
chore(TC_OPCREDS_3.5): fix beecause there is not guaranteed order for…
gvargas-csa Nov 29, 2024
597b3dc
chore(TC_OPCREDS_3.5): restyled by autopep8
gvargas-csa Nov 29, 2024
fe9e45a
Update src/python_testing/TC_OPCREDS_3_5.py
gvargas-csa Nov 29, 2024
91968f2
chore(TC_OPCREDS_3.5): restyled by autopep8
gvargas-csa Nov 29, 2024
cb7a159
chore(TC_OPCREDS_3.5): add 'Sec' suffix to certificate validity settings
gvargas-csa Dec 5, 2024
a64b66a
chore(TC_OPCREDS_3.5): restyled by autopep8
gvargas-csa Dec 5, 2024
1d53a69
Merge branch 'master' into TC_OPCREDS_3_5
gvargas-csa Dec 6, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/controller/python/OpCredsBinding.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ class OperationalCredentialsAdapter : public OperationalCredentialsDelegate

void SetMaximallyLargeCertsUsed(bool enabled) { mExampleOpCredsIssuer.SetMaximallyLargeCertsUsed(enabled); }

void SetCertificateValidityPeriod(uint32_t validity) { mExampleOpCredsIssuer.SetCertificateValidityPeriod(validity); }

private:
CHIP_ERROR GenerateNOCChain(const ByteSpan & csrElements, const ByteSpan & csrNonce, const ByteSpan & attestationSignature,
const ByteSpan & attestationChallenge, const ByteSpan & DAC, const ByteSpan & PAI,
Expand Down Expand Up @@ -605,6 +607,15 @@ PyChipError pychip_OpCreds_SetMaximallyLargeCertsUsed(OpCredsContext * context,
return ToPyChipError(CHIP_NO_ERROR);
}

PyChipError pychip_OpCreds_SetCertificateValidityPeriod(OpCredsContext * context, uint32_t validity)
{
VerifyOrReturnError(context != nullptr && context->mAdapter != nullptr, ToPyChipError(CHIP_ERROR_INCORRECT_STATE));

context->mAdapter->SetCertificateValidityPeriod(validity);

return ToPyChipError(CHIP_NO_ERROR);
}

void pychip_OpCreds_FreeDelegate(OpCredsContext * context)
{
Platform::Delete(context);
Expand Down
27 changes: 26 additions & 1 deletion src/controller/python/chip/CertificateAuthority.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,16 @@ def __init__(self, chipStack: ChipStack.ChipStack, caIndex: int, persistentStora
self._Handle().pychip_OpCreds_SetMaximallyLargeCertsUsed.restype = PyChipError
self._Handle().pychip_OpCreds_SetMaximallyLargeCertsUsed.argtypes = [ctypes.c_void_p, ctypes.c_bool]

self._Handle().pychip_OpCreds_SetCertificateValidityPeriod.restype = PyChipError
self._Handle().pychip_OpCreds_SetCertificateValidityPeriod.argtypes = [ctypes.c_void_p, ctypes.c_uint32]

if (persistentStorage is None):
persistentStorage = self._chipStack.GetStorageManager()

self._persistentStorage = persistentStorage
self._maximizeCertChains = False
# By default, let's set validity to 10 years
self._certificateValidityPeriod = 365 * 24 * 60 * 60 * 10
andy31415 marked this conversation as resolved.
Show resolved Hide resolved

self._closure = self._chipStack.Call(
lambda: self._Handle().pychip_OpCreds_InitializeDelegate(
Expand Down Expand Up @@ -189,6 +194,10 @@ def adminList(self) -> list[FabricAdmin.FabricAdmin]:
def maximizeCertChains(self) -> bool:
return self._maximizeCertChains

@property
def certificateValidityPeriod(self) -> int:
return self._certificateValidityPeriod

@maximizeCertChains.setter
def maximizeCertChains(self, enabled: bool):
self._chipStack.Call(
Expand All @@ -197,6 +206,17 @@ def maximizeCertChains(self, enabled: bool):

self._maximizeCertChains = enabled

@certificateValidityPeriod.setter
def certificateValidityPeriod(self, validity: int):
andy31415 marked this conversation as resolved.
Show resolved Hide resolved
if validity < 0:
raise ValueError("Validity period must be a non-negative integer")

self._chipStack.Call(
lambda: self._Handle().pychip_OpCreds_SetCertificateValidityPeriod(ctypes.c_void_p(self._closure), ctypes.c_uint32(validity))
).raise_on_error()

self._certificateValidityPeriod = validity

def __del__(self):
self.Shutdown()

Expand Down Expand Up @@ -258,7 +278,7 @@ def LoadAuthoritiesFromStorage(self):
ca = self.NewCertificateAuthority(int(caIndex))
ca.LoadFabricAdminsFromStorage()

def NewCertificateAuthority(self, caIndex: Optional[int] = None, maximizeCertChains: bool = False):
def NewCertificateAuthority(self, caIndex: Optional[int] = None, maximizeCertChains: bool = False, certificateValidityPeriod: Optional[int] = None):
''' Creates a new CertificateAuthority instance with the provided CA Index and the PersistentStorage
instance previously setup in the constructor.

Expand All @@ -282,8 +302,13 @@ def NewCertificateAuthority(self, caIndex: Optional[int] = None, maximizeCertCha
caList[str(caIndex)] = []
self._persistentStorage.SetReplKey(key='caList', value=caList)

if (certificateValidityPeriod is None):
gvargas-csa marked this conversation as resolved.
Show resolved Hide resolved
# By default, let's set validity to 10 years
certificateValidityPeriod = 365 * 24 * 60 * 60 * 10

ca = CertificateAuthority(chipStack=self._chipStack, caIndex=caIndex, persistentStorage=self._persistentStorage)
ca.maximizeCertChains = maximizeCertChains
ca.certificateValidityPeriod = certificateValidityPeriod
self._activeCaList.append(ca)

return ca
Expand Down
16 changes: 7 additions & 9 deletions src/controller/python/chip/utils/CommissioningBuildingBlocks.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
import typing

import chip.clusters as Clusters
from chip.ChipDeviceCtrl import ChipDeviceController as ChipDeviceController
from chip.ChipDeviceCtrl import ChipDeviceController, NOCChain
from chip.clusters import GeneralCommissioning as generalCommissioning
from chip.clusters import OperationalCredentials as opCreds
from chip.clusters.Types import NullValue
Expand Down Expand Up @@ -144,7 +144,7 @@ async def CreateControllersOnFabric(fabricAdmin: FabricAdmin,
return controllerList


async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl, existingNodeId, newNodeId):
async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl, existingNodeId, newNodeId) -> tuple[bool, typing.Optional[Clusters.OperationalCredentials.Commands.NOCResponse], typing.Optional[NOCChain]]:
''' Perform sequence to commission new fabric using existing commissioned fabric.

Args:
Expand All @@ -156,7 +156,7 @@ async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl,
newNodeId (int): Node ID to use for the target node on the new fabric.

Return:
tuple: (bool, Optional[nocResp], Optional[rcacResp]: True if successful, False otherwise, along with nocResp, rcacResp value.
tuple: (bool, Optional[nocResp], Optional[NOCChain]: True if successful, False otherwise, along with nocResp, rcacResp value.

'''
nocResp = None
Expand All @@ -173,7 +173,7 @@ async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl,
chainForAddNOC.nocBytes is None or chainForAddNOC.ipkBytes is None):
# Expiring the failsafe timer in an attempt to clean up.
await commissionerDevCtrl.SendCommand(existingNodeId, 0, generalCommissioning.Commands.ArmFailSafe(0))
return False, nocResp
return False, nocResp, None

await commissionerDevCtrl.SendCommand(existingNodeId, 0, opCreds.Commands.AddTrustedRootCertificate(chainForAddNOC.rcacBytes))
nocResp = await commissionerDevCtrl.SendCommand(existingNodeId,
Expand All @@ -184,8 +184,6 @@ async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl,
newFabricDevCtrl.nodeId,
newFabricDevCtrl.fabricAdmin.vendorId))

rcacResp = chainForAddNOC.rcacBytes

if nocResp.statusCode is not opCreds.Enums.NodeOperationalCertStatusEnum.kOk:
# Expiring the failsafe timer in an attempt to clean up.
await commissionerDevCtrl.SendCommand(existingNodeId, 0, generalCommissioning.Commands.ArmFailSafe(0))
Expand All @@ -196,12 +194,12 @@ async def AddNOCForNewFabricFromExisting(commissionerDevCtrl, newFabricDevCtrl,
if resp.errorCode is not generalCommissioning.Enums.CommissioningErrorEnum.kOk:
# Expiring the failsafe timer in an attempt to clean up.
await commissionerDevCtrl.SendCommand(existingNodeId, 0, generalCommissioning.Commands.ArmFailSafe(0))
return False, nocResp
return False, nocResp, chainForAddNOC

if not await _IsNodeInFabricList(newFabricDevCtrl, newNodeId):
return False, nocResp
return False, nocResp, chainForAddNOC

return True, nocResp, rcacResp
return True, nocResp, chainForAddNOC


async def UpdateNOC(devCtrl, existingNodeId, newNodeId):
Expand Down
6 changes: 4 additions & 2 deletions src/python_testing/TC_OPCREDS_3_2.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,10 +94,11 @@ async def test_TC_OPCREDS_3_2(self):

cr2_new_admin_ctrl = cr2_new_fabric_admin.NewController(
nodeId=cr2_nodeid)
success, nocResp, rcacResp = await CommissioningBuildingBlocks.AddNOCForNewFabricFromExisting(
success, nocResp, chain = await CommissioningBuildingBlocks.AddNOCForNewFabricFromExisting(
commissionerDevCtrl=dev_ctrl, newFabricDevCtrl=cr2_new_admin_ctrl,
existingNodeId=self.dut_node_id, newNodeId=cr2_dut_node_id
)
rcacResp = chain.rcacBytes

fabric_index_CR2 = nocResp.fabricIndex
tlvReaderRCAC_CR2 = TLVReader(rcacResp).get()["Any"]
Expand All @@ -114,10 +115,11 @@ async def test_TC_OPCREDS_3_2(self):

cr3_new_admin_ctrl = cr3_new_fabric_admin.NewController(
nodeId=cr3_nodeid)
success, nocResp, rcacResp = await CommissioningBuildingBlocks.AddNOCForNewFabricFromExisting(
success, nocResp, chain = await CommissioningBuildingBlocks.AddNOCForNewFabricFromExisting(
commissionerDevCtrl=dev_ctrl, newFabricDevCtrl=cr3_new_admin_ctrl,
existingNodeId=self.dut_node_id, newNodeId=cr3_dut_node_id
)
rcacResp = chain.rcacBytes

fabric_index_CR3 = nocResp.fabricIndex
tlvReaderRCAC_CR3 = TLVReader(rcacResp).get()["Any"]
Expand Down
Loading
Loading