Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create CHIPAttestationTrustStoreBridge when we know we have PAA certs. #17783

Merged
merged 1 commit into from
Apr 27, 2022
+26 −22
Merged

Create CHIPAttestationTrustStoreBridge when we know we have PAA certs. #17783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,17 @@ NS_ASSUME_NONNULL_BEGIN

class CHIPAttestationTrustStoreBridge : public chip::Credentials::AttestationTrustStore {
public:
CHIPAttestationTrustStoreBridge(NSArray<NSData *> * paaCerts)
: mPaaCerts(paaCerts)
{
}
~CHIPAttestationTrustStoreBridge() {};

void Init(NSArray<NSData *> * paaCerts);

CHIP_ERROR GetProductAttestationAuthorityCert(
const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const override;

private:
NSArray<NSData *> * _Nullable mPaaCerts;
NSArray<NSData *> * mPaaCerts;
};

NS_ASSUME_NONNULL_END
2 changes: 0 additions & 2 deletions src/darwin/Framework/CHIP/CHIPAttestationTrustStoreBridge.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@

static chip::ByteSpan asByteSpan(NSData * value) { return chip::ByteSpan(static_cast<const uint8_t *>(value.bytes), value.length); }

void CHIPAttestationTrustStoreBridge::Init(NSArray<NSData *> * paaCerts) { mPaaCerts = paaCerts; }

CHIP_ERROR CHIPAttestationTrustStoreBridge::GetProductAttestationAuthorityCert(
const chip::ByteSpan & skid, chip::MutableByteSpan & outPaaDerBuffer) const
{
Expand Down
38 changes: 21 additions & 17 deletions src/darwin/Framework/CHIP/MatterControllerFactory.mm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,11 +87,6 @@ - (instancetype)init
return nil;
}

_attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge();
if ([self checkForInitError:(_attestationTrustStoreBridge != nullptr) logMsg:kErrorAttestationTrustStoreInit]) {
return nil;
}

_groupStorageDelegate = new chip::TestPersistentStorageDelegate();
if ([self checkForInitError:(_groupStorageDelegate != nullptr) logMsg:kErrorGroupProviderInit]) {
return nil;
Expand Down Expand Up @@ -119,7 +114,8 @@ - (instancetype)init

- (void)dealloc
{
[self cleanupOwnedObjects];
[self shutdown];
[self cleanupInitObjects];
}

- (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg
Expand All @@ -130,12 +126,12 @@ - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg

CHIP_LOG_ERROR("Error: %@", logMsg);

[self cleanupOwnedObjects];
[self cleanupInitObjects];

return YES;
}

- (void)cleanupOwnedObjects
- (void)cleanupInitObjects
{
_controllers = nil;

Expand All @@ -150,6 +146,11 @@ - (void)cleanupOwnedObjects
_groupStorageDelegate = nullptr;
}

Platform::MemoryShutdown();
}

- (void)cleanupStartupObjects
{
if (_attestationTrustStoreBridge) {
delete _attestationTrustStoreBridge;
_attestationTrustStoreBridge = nullptr;
Expand All @@ -159,8 +160,6 @@ - (void)cleanupOwnedObjects
delete _persistentStorageDelegateBridge;
_persistentStorageDelegateBridge = nullptr;
}

Platform::MemoryShutdown();
}

- (BOOL)startup:(MatterControllerFactoryParams *)startupParams
Expand Down Expand Up @@ -196,7 +195,11 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams

// Initialize device attestation verifier
if (startupParams.paaCerts) {
_attestationTrustStoreBridge->Init(startupParams.paaCerts);
_attestationTrustStoreBridge = new CHIPAttestationTrustStoreBridge(startupParams.paaCerts);
if (_attestationTrustStoreBridge == nullptr) {
bzbarsky-apple marked this conversation as resolved.
Show resolved Hide resolved
CHIP_LOG_ERROR("Error: %@", kErrorAttestationTrustStoreInit);
return;
}
chip::Credentials::SetDeviceAttestationVerifier(chip::Credentials::GetDefaultDACVerifier(_attestationTrustStoreBridge));
} else {
// TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available
Expand Down Expand Up @@ -226,6 +229,10 @@ - (BOOL)startup:(MatterControllerFactoryParams *)startupParams
// Make sure to stop the event loop again before returning, so we are not running it while we don't have any controllers.
DeviceLayer::PlatformMgrImpl().StopEventLoopTask();

if (![self isRunning]) {
[self cleanupStartupObjects];
}

return [self isRunning];
}

Expand All @@ -242,13 +249,10 @@ - (void)shutdown
CHIP_LOG_DEBUG("%@", kInfoFactoryShutdown);
_controllerFactory->Shutdown();

if (_persistentStorageDelegateBridge) {
delete _persistentStorageDelegateBridge;
_persistentStorageDelegateBridge = nullptr;
}
[self cleanupStartupObjects];

// NOTE: we do not call cleanupOwnedObjects because we can be restarted, and
// that does not re-create the owned objects that we create inside init.
// NOTE: we do not call cleanupInitObjects because we can be restarted, and
// that does not re-create the objects that we create inside init.
// Maybe we should be creating them in startup?

_isRunning = NO;
Expand Down