-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support passing csr nonce into commissioning flow #7696
Support passing csr nonce into commissioning flow #7696
Conversation
/rebase |
(#5098) We should pass the Command Object and EndpointId to the cluster callbacks.connectedhomeip/examples/window-app/common/gen/IMClusterCommandHandler.cpp Lines 1453 to 1463 in 4b68052
This comment was generated by todo based on a
|
Use Android keystore system instead of direct storage of private key and add specific errors to check if a specified item is not found in the keystore.connectedhomeip/src/controller/java/AndroidDeviceControllerWrapper.cpp Lines 191 to 201 in 329efbb
This comment was generated by todo based on a
|
jbyteArray argument; | ||
GetEnvForCurrentThread()->ExceptionClear(); | ||
N2J_ByteArray(GetEnvForCurrentThread(), csr.data(),csr.size(),argument); | ||
GetEnvForCurrentThread()->CallVoidMethod(mJavaObjectRef, method, argument); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if generateCert failed? is this still OK to be called?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently, the method CHIPCert.NewNodeOperationalX509Cert will generate a CHIP_Error if the cert generation fails and so will GenerateNodeOperationalCertificate. But the whole relevance of adding this method here for my use case is to trigger the generation of OpCSR using the passed nonce. The generated cert is not useful. Ideally the generated CSRNonce will be exchanged to get an OpCert which needs to be written to the device in a different api call (after the PairDevice completes and that api does not exist today).
It would have been ideal to have a separate api to just pass the CSRNonce and get the CSRResponse but with current sdk support this is the only possible path.
Lemme know if this makes sense.
Refactor this API to match latest spec, so that GenerateNodeOperationalCertificate receives the full CSR Elements data payload.connectedhomeip/src/controller/java/AndroidDeviceControllerWrapper.cpp Lines 153 to 163 in 2955ad9
This comment was generated by todo based on a
|
Abstract the CSRNonce generation from the CHIPDevice and let the controller always provide it.connectedhomeip/src/controller/CHIPDeviceController.cpp Lines 835 to 842 in b04a179
This comment was generated by todo based on a
|
env->SetByteArrayRegion(outArray, 0, inArrayLen, (jbyte *) inArray); | ||
VerifyOrExit(!env->ExceptionCheck(), err = CHIP_JNI_ERROR_EXCEPTION_THROWN); | ||
|
||
exit: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer using Return macros instead of goto exit
macros when there is no cleanup to be done in the exit block. Saves some scoping and helps readability.
…_Commissioning_flow
…tps://github.com/ritikananda27/connectedhomeip into Support_Passing_CSRNonce_into_Commissioning_flow
…tps://github.com/ritikananda27/connectedhomeip into Support_Passing_CSRNonce_into_Commissioning_flow
…tps://github.com/ritikananda27/connectedhomeip into Support_Passing_CSRNonce_into_Commissioning_flow
…_Commissioning_flow
…_Commissioning_flow
…tps://github.com/ritikananda27/connectedhomeip into Support_Passing_CSRNonce_into_Commissioning_flow
Needs to be rebased on top of #7933 once that lands... |
/rebase |
…_Commissioning_flow
Size increase report for "nrfconnect-example-build" from 5ab12fe
Full report output
|
Size increase report for "esp32-example-build" from 5ab12fe
Full report output
|
Size increase report for "gn_qpg6100-example-build" from 5ab12fe
Full report output
|
* Retrieving OpCSR from the Chip Device after passing the CSRNonce. * Retrieving OpCSR from the Chip Device after passing the CSRNonce. Co-authored-by: Ritika Nanda <[email protected]>
Problem
Accepting a CSRNonce during the Commissioning process instead of auto generating it.
Solution
Passing the OpCSRNonce as part of RendezvousParameters.h to be used in the commissioning process. If the OpCSRNonce is not passed, a random value is generated and used.