Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Java callbacks for NOC Generation #21522

Merged
merged 12 commits into from
Aug 4, 2022
Merged

Add Java callbacks for NOC Generation #21522

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
4d34512
Draft: Add Java callbacks for NOC Generation
chrisdecenzo Aug 2, 2022
efa15c8
address feedback
chrisdecenzo Aug 3, 2022
44a7cba
address feedback
chrisdecenzo Aug 3, 2022
b75ecbe
add missing fields for complete attestation validation
chrisdecenzo Aug 3, 2022
915ce31
address comments, use adminSubject and ipk from earlier setup if not …
chrisdecenzo Aug 3, 2022
7f052ac
address comments
chrisdecenzo Aug 3, 2022
dda1ad3
address comments
chrisdecenzo Aug 3, 2022
60248f3
address comments
chrisdecenzo Aug 3, 2022
ef83d86
address comments
chrisdecenzo Aug 3, 2022
61c820f
address comments
chrisdecenzo Aug 3, 2022
681c686
address comments
chrisdecenzo Aug 3, 2022
19f4783
Restyle Draft: Add Java callbacks for NOC Generation (#21523)
restyled-io[bot] Aug 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 32 additions & 18 deletions src/controller/java/src/chip/devicecontroller/ChipDeviceController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,19 +197,26 @@ public void resumeCommissioning() {
}

/**
* When a NOCChainIssuer is set for this controller, then onNOCChainGenerationNeeded
* will be called when the NOC CSR needs to be signed. This allows for custom credentials
* issuer implementations, for example, when a proprietary cloud API will perform the
* CSR signing.
*
* The following fields on the ControllerParams object must be populated:
* - ipk
* - rootCertificate
* - intermediateCertificate
* - operationalCertificate
* - adminSubject
* The commissioning workflow will stop upon the onNOCChainGenerationNeeded callback
* and resume once onNOCChainGeneration is called.
*
* The following fields on the ControllerParams object MUST be populated:
* rootCertificate, intermediateCertificate, operationalCertificate
*
* If ipk and adminSubject are set on the ControllerParams object, then they will be used
* in the AddNOC command set to the commissionee. If they are not populated, then the values
* provided in the ChipDeviceController initialization will be used.
*
* @param params
* @return
* @return CHIP_ERROR error code (0 is no error)
*/
public int setNOCChain(ControllerParams params) {
return setNOCChain(deviceControllerPtr, params);
public int onNOCChainGeneration(ControllerParams params) {
return onNOCChainGeneration(deviceControllerPtr, params);
}


Expand Down Expand Up @@ -685,7 +692,7 @@ private native boolean openPairingWindowWithPINCallback(
private native void updateCommissioningNetworkCredentials(
long deviceControllerPtr, NetworkCredentials networkCredentials);

private native int setNOCChain(long deviceControllerPtr, ControllerParams params);
private native int onNOCChainGeneration(long deviceControllerPtr, ControllerParams params);

private native void shutdownSubscriptions(long deviceControllerPtr, long devicePtr);

Expand All @@ -708,15 +715,22 @@ protected void finalize() throws Throwable {
/** Interface to implement custom operational credentials issuer (NOC chain generation). */
public interface NOCChainIssuer {
/**
* Notifies when operational cert generation is needed.
* When a NOCChainIssuer is set for this controller, then onNOCChainGenerationNeeded
* will be called when the NOC CSR needs to be signed. This allows for custom credentials
* issuer implementations, for example, when a proprietary cloud API will perform the
* CSR signing.
*
* The commissioning workflow will stop upon the onNOCChainGenerationNeeded callback
* and resume once onNOCChainGeneration is called.
*
* The following fields on the ControllerParams object passed to onNOCChainGeneration
* MUST be populated: rootCertificate, intermediateCertificate, operationalCertificate
*
* If ipk and adminSubject are set on the ControllerParams object, then they will be used
* in the AddNOC command set to the commissionee. If they are not populated, then the values
* provided in the ChipDeviceController initialization will be used.
*
* Once generated, implementor should populate the following fields on the ControllerParams object
* and call setNOCChain():
* - ipk
* - rootCertificate
* - intermediateCertificate
* - operationalCertificate
* - adminSubject
* All csr and attestation fields are provided to allow for custom attestestation checks.
*/
void onNOCChainGenerationNeeded(
byte[] csrElements,
Expand Down
3 changes: 3 additions & 0 deletions src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,9 @@ void DefaultDACVerifier::VerifyAttestationInformation(const DeviceAttestationVer
DeviceAttestationVendorReservedDeconstructor vendorReserved;
ByteSpan certificationDeclarationPayload;

ChipLogProgress(Support, " ----- DefaultDACVerifier::VerifyAttestationInformation vendorId=0x%04X productId=0x%04X",
tcarmelveilleux marked this conversation as resolved.
Show resolved Hide resolved
info.vendorId, info.productId);

DeviceInfoForAttestation deviceInfo{
.vendorId = info.vendorId,
.productId = info.productId,
Expand Down