Skip to content

Commit

Permalink
Add a Darwin utility to convert Matter TLV certificates to DER.
Browse files Browse the repository at this point in the history
We have one for going DER -> TLV, but nothing for TLV -> DER.
  • Loading branch information
bzbarsky-apple committed Nov 16, 2022
1 parent 6519b91 commit 584d260
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/darwin/Framework/CHIP/MTRCertificates.h
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,16 @@ NS_ASSUME_NONNULL_BEGIN
*/
+ (MTRCertificateTLVBytes _Nullable)convertX509Certificate:(MTRCertificateDERBytes)x509Certificate;

/**
* Convert the given Matter TLV encoded certificate to the X.509v3 DER encoded
* format.
*
* Returns nil if the conversion fails (e.g. if the input data cannot be parsed
* as a Matter TLV encoded certificate, or if the certificate cannot be
* represented in the X.509v3 DER format).
*/
+ (MTRCertificateDERBytes _Nullable)convertMatterCertificate:(MTRCertificateTLVBytes)matterCertificate MTR_NEWLY_AVAILABLE;

@end

@interface MTRCertificates (Deprecated)
Expand Down
17 changes: 17 additions & 0 deletions src/darwin/Framework/CHIP/MTRCertificates.mm
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,23 @@ + (MTRCertificateTLVBytes _Nullable)convertX509Certificate:(MTRCertificateDERByt
return AsData(chipCertBytes);
}

+ (MTRCertificateDERBytes _Nullable)convertMatterCertificate:(MTRCertificateTLVBytes)matterCertificate
{
chip::ByteSpan tlvCertBytes = AsByteSpan(matterCertificate);

uint8_t derCertBuffer[chip::Controller::kMaxCHIPDERCertLength];
chip::MutableByteSpan derCertBytes(derCertBuffer);

CHIP_ERROR errorCode = chip::Credentials::ConvertChipCertToX509Cert(tlvCertBytes, derCertBytes);

if (errorCode != CHIP_NO_ERROR) {
MTR_LOG_ERROR("ConvertChipCertToX509Cert: %{public}s", chip::ErrorStr(errorCode));
return nil;
}

return AsData(derCertBytes);
}

@end

@implementation MTRCertificates (Deprecated)
Expand Down
36 changes: 36 additions & 0 deletions src/darwin/Framework/CHIPTests/MTRCertificateTests.m
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,15 @@ - (void)testGenerateRootCert

__auto_type * rootCert = [MTRCertificates createRootCertificate:testKeys issuerID:nil fabricID:nil error:nil];
XCTAssertNotNil(rootCert);

// Test round-trip through TLV format.
__auto_type * tlvCert = [MTRCertificates convertX509Certificate:rootCert];
XCTAssertNotNil(tlvCert);

__auto_type * derCert = [MTRCertificates convertMatterCertificate:tlvCert];
XCTAssertNotNil(derCert);

XCTAssertEqualObjects(rootCert, derCert);
}

- (void)testGenerateIntermediateCert
Expand All @@ -54,6 +63,15 @@ - (void)testGenerateIntermediateCert
fabricID:nil
error:nil];
XCTAssertNotNil(intermediateCert);

// Test round-trip through TLV format.
__auto_type * tlvCert = [MTRCertificates convertX509Certificate:intermediateCert];
XCTAssertNotNil(tlvCert);

__auto_type * derCert = [MTRCertificates convertMatterCertificate:tlvCert];
XCTAssertNotNil(derCert);

XCTAssertEqualObjects(intermediateCert, derCert);
}

- (void)testGenerateOperationalCertNoIntermediate
Expand Down Expand Up @@ -81,6 +99,15 @@ - (void)testGenerateOperationalCertNoIntermediate
caseAuthenticatedTags:cats
error:nil];
XCTAssertNotNil(operationalCert);

// Test round-trip through TLV format.
__auto_type * tlvCert = [MTRCertificates convertX509Certificate:operationalCert];
XCTAssertNotNil(tlvCert);

__auto_type * derCert = [MTRCertificates convertMatterCertificate:tlvCert];
XCTAssertNotNil(derCert);

XCTAssertEqualObjects(operationalCert, derCert);
}

- (void)testGenerateOperationalCertWithIntermediate
Expand Down Expand Up @@ -113,6 +140,15 @@ - (void)testGenerateOperationalCertWithIntermediate
caseAuthenticatedTags:nil
error:nil];
XCTAssertNotNil(operationalCert);

// Test round-trip through TLV format.
__auto_type * tlvCert = [MTRCertificates convertX509Certificate:operationalCert];
XCTAssertNotNil(tlvCert);

__auto_type * derCert = [MTRCertificates convertMatterCertificate:tlvCert];
XCTAssertNotNil(derCert);

XCTAssertEqualObjects(operationalCert, derCert);
}

- (void)testGenerateOperationalCertErrorCases
Expand Down

0 comments on commit 584d260

Please sign in to comment.