From a69011579910f52952b502e90ce481804e879b4f Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Wed, 27 Apr 2022 10:20:10 -0400 Subject: [PATCH] Create CHIPAttestationTrustStoreBridge when we know we have PAA certs. (#17783) Fixes https://github.com/project-chip/connectedhomeip/issues/17746 --- .../CHIP/CHIPAttestationTrustStoreBridge.h | 8 ++-- .../CHIP/CHIPAttestationTrustStoreBridge.mm | 2 - .../Framework/CHIP/MatterControllerFactory.mm | 38 ++++++++++--------- 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h index b24657b5b67448..e0082c4ba56b8f 100644 --- a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h +++ b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h @@ -22,15 +22,17 @@ NS_ASSUME_NONNULL_BEGIN class CHIPAttestationTrustStoreBridge : public chip::Credentials::AttestationTrustStore { public: + CHIPAttestationTrustStoreBridge(NSArray * paaCerts) + : mPaaCerts(paaCerts) + { + } ~CHIPAttestationTrustStoreBridge() {}; - void Init(NSArray * paaCerts); - CHIP_ERROR GetProductAttestationAuthorityCert( const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const override; private: - NSArray * _Nullable mPaaCerts; + NSArray * mPaaCerts; }; NS_ASSUME_NONNULL_END diff --git a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm index c224ed77e4bca5..861413c9ab36b1 100644 --- a/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm +++ b/src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm @@ -19,8 +19,6 @@ static chip::ByteSpan asByteSpan(NSData * value) { return chip::ByteSpan(static_cast(value.bytes), value.length); } -void CHIPAttestationTrustStoreBridge::Init(NSArray * paaCerts) { mPaaCerts = paaCerts; } - CHIP_ERROR CHIPAttestationTrustStoreBridge::GetProductAttestationAuthorityCert( const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const { diff --git a/src/darwin/Framework/CHIP/MatterControllerFactory.mm b/src/darwin/Framework/CHIP/MatterControllerFactory.mm index 0d585bb4684ab1..780a1e3ba11596 100644 --- a/src/darwin/Framework/CHIP/MatterControllerFactory.mm +++ b/src/darwin/Framework/CHIP/MatterControllerFactory.mm @@ -86,11 +86,6 @@ - (instancetype)init return nil; } - _attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge(); - if ([self checkForInitError:(_attestationTrustStoreBridge != nullptr) logMsg:kErrorAttestationTrustStoreInit]) { - return nil; - } - _groupStorageDelegate = new chip::TestPersistentStorageDelegate(); if ([self checkForInitError:(_groupStorageDelegate != nullptr) logMsg:kErrorGroupProviderInit]) { return nil; @@ -118,7 +113,8 @@ - (instancetype)init - (void)dealloc { - [self cleanupOwnedObjects]; + [self shutdown]; + [self cleanupInitObjects]; } - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg @@ -129,12 +125,12 @@ - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg CHIP_LOG_ERROR("Error: %@", logMsg); - [self cleanupOwnedObjects]; + [self cleanupInitObjects]; return YES; } -- (void)cleanupOwnedObjects +- (void)cleanupInitObjects { _controllers = nil; @@ -149,6 +145,11 @@ - (void)cleanupOwnedObjects _groupStorageDelegate = nullptr; } + Platform::MemoryShutdown(); +} + +- (void)cleanupStartupObjects +{ if (_attestationTrustStoreBridge) { delete _attestationTrustStoreBridge; _attestationTrustStoreBridge = nullptr; @@ -158,8 +159,6 @@ - (void)cleanupOwnedObjects delete _persistentStorageDelegateBridge; _persistentStorageDelegateBridge = nullptr; } - - Platform::MemoryShutdown(); } - (BOOL)startup:(MatterControllerFactoryParams *)startupParams @@ -186,7 +185,11 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams // Initialize device attestation verifier if (startupParams.paaCerts) { - _attestationTrustStoreBridge->Init(startupParams.paaCerts); + _attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge(startupParams.paaCerts); + if (_attestationTrustStoreBridge == nullptr) { + CHIP_LOG_ERROR("Error: %@", kErrorAttestationTrustStoreInit); + return; + } chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier(_attestationTrustStoreBridge)); } else { // TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available @@ -216,6 +219,10 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams // Make sure to stop the event loop again before returning, so we are not running it while we don't have any controllers. DeviceLayer::PlatformMgrImpl().StopEventLoopTask(); + if (![self isRunning]) { + [self cleanupStartupObjects]; + } + return [self isRunning]; } @@ -232,13 +239,10 @@ - (void)shutdown CHIP_LOG_DEBUG("%@", kInfoFactoryShutdown); _controllerFactory->Shutdown(); - if (_persistentStorageDelegateBridge) { - delete _persistentStorageDelegateBridge; - _persistentStorageDelegateBridge = nullptr; - } + [self cleanupStartupObjects]; - // NOTE: we do not call cleanupOwnedObjects because we can be restarted, and - // that does not re-create the owned objects that we create inside init. + // NOTE: we do not call cleanupInitObjects because we can be restarted, and + // that does not re-create the objects that we create inside init. // Maybe we should be creating them in startup? _isRunning = NO;