Create CHIPAttestationTrustStoreBridge when we know we have PAA certs. (

#17783) Fixes #17746
project-chip · Apr 27, 2022 · a690115 · a690115
1 parent afe0fef
commit a690115
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 22 deletions.
diff --git a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h
@@ -22,15 +22,17 @@ NS_ASSUME_NONNULL_BEGIN
 
 class CHIPAttestationTrustStoreBridge : public chip::Credentials::AttestationTrustStore {
 public:
+    CHIPAttestationTrustStoreBridge(NSArray<NSData *> * paaCerts)
+        : mPaaCerts(paaCerts)
+    {
+    }
     ~CHIPAttestationTrustStoreBridge() {};
 
-    void Init(NSArray<NSData *> * paaCerts);
-
     CHIP_ERROR GetProductAttestationAuthorityCert(
         const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const override;
 
 private:
-    NSArray<NSData *> * _Nullable mPaaCerts;
+    NSArray<NSData *> * mPaaCerts;
 };
 
 NS_ASSUME_NONNULL_END
diff --git a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm
@@ -19,8 +19,6 @@
 
 static chip::ByteSpan asByteSpan(NSData * value) { return chip::ByteSpan(static_cast<const uint8_t *>(value.bytes), value.length); }
 
-void CHIPAttestationTrustStoreBridge::Init(NSArray<NSData *> * paaCerts) { mPaaCerts = paaCerts; }
-
 CHIP_ERROR CHIPAttestationTrustStoreBridge::GetProductAttestationAuthorityCert(
     const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const
 {

diff --git a/src/darwin/Framework/CHIP/MatterControllerFactory.mm b/src/darwin/Framework/CHIP/MatterControllerFactory.mm
@@ -86,11 +86,6 @@ - (instancetype)init
         return nil;
     }
 
-    _attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge();
-    if ([self checkForInitError:(_attestationTrustStoreBridge != nullptr) logMsg:kErrorAttestationTrustStoreInit]) {
-        return nil;
-    }
-
     _groupStorageDelegate = new chip::TestPersistentStorageDelegate();
     if ([self checkForInitError:(_groupStorageDelegate != nullptr) logMsg:kErrorGroupProviderInit]) {
         return nil;
@@ -118,7 +113,8 @@ - (instancetype)init
 
 - (void)dealloc
 {
-    [self cleanupOwnedObjects];
+    [self shutdown];
+    [self cleanupInitObjects];
 }
 
 - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
@@ -129,12 +125,12 @@ - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
 
     CHIP_LOG_ERROR("Error: %@", logMsg);
 
-    [self cleanupOwnedObjects];
+    [self cleanupInitObjects];
 
     return YES;
 }
 
-- (void)cleanupOwnedObjects
+- (void)cleanupInitObjects
 {
     _controllers = nil;
 
@@ -149,6 +145,11 @@ - (void)cleanupOwnedObjects
         _groupStorageDelegate = nullptr;
     }
 
+    Platform::MemoryShutdown();
+}
+
+- (void)cleanupStartupObjects
+{
     if (_attestationTrustStoreBridge) {
         delete _attestationTrustStoreBridge;
         _attestationTrustStoreBridge = nullptr;
@@ -158,8 +159,6 @@ - (void)cleanupOwnedObjects
         delete _persistentStorageDelegateBridge;
         _persistentStorageDelegateBridge = nullptr;
     }
-
-    Platform::MemoryShutdown();
 }
 
 - (BOOL)startup:(MatterControllerFactoryParams *)startupParams
@@ -186,7 +185,11 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams
 
         // Initialize device attestation verifier
         if (startupParams.paaCerts) {
-            _attestationTrustStoreBridge->Init(startupParams.paaCerts);
+            _attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge(startupParams.paaCerts);
+            if (_attestationTrustStoreBridge == nullptr) {
+                CHIP_LOG_ERROR("Error: %@", kErrorAttestationTrustStoreInit);
+                return;
+            }
             chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier(_attestationTrustStoreBridge));
         } else {
             // TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available
@@ -216,6 +219,10 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams
     // Make sure to stop the event loop again before returning, so we are not running it while we don't have any controllers.
     DeviceLayer::PlatformMgrImpl().StopEventLoopTask();
 
+    if (![self isRunning]) {
+        [self cleanupStartupObjects];
+    }
+
     return [self isRunning];
 }
 
@@ -232,13 +239,10 @@ - (void)shutdown
     CHIP_LOG_DEBUG("%@", kInfoFactoryShutdown);
     _controllerFactory->Shutdown();
 
-    if (_persistentStorageDelegateBridge) {
-        delete _persistentStorageDelegateBridge;
-        _persistentStorageDelegateBridge = nullptr;
-    }
+    [self cleanupStartupObjects];
 
-    // NOTE: we do not call cleanupOwnedObjects because we can be restarted, and
-    // that does not re-create the owned objects that we create inside init.
+    // NOTE: we do not call cleanupInitObjects because we can be restarted, and
+    // that does not re-create the objects that we create inside init.
     // Maybe we should be creating them in startup?
 
     _isRunning = NO;