project-chip · shubhamdp · Dec 7, 2024
diff --git a/examples/chip-tool/commands/common/CHIPCommand.cpp b/examples/chip-tool/commands/common/CHIPCommand.cpp
@@ -50,8 +50,8 @@ constexpr chip::FabricId kIdentityOtherFabricId = 4;
 constexpr char kPAATrustStorePathVariable[]     = "CHIPTOOL_PAA_TRUST_STORE_PATH";
 constexpr char kCDTrustStorePathVariable[]      = "CHIPTOOL_CD_TRUST_STORE_PATH";
 
-const chip::Credentials::AttestationTrustStore * CHIPCommand::sTrustStore                 = nullptr;
-chip::Credentials::DeviceAttestationRevocationDelegate * CHIPCommand::sRevocationDelegate = nullptr;
+const chip::Credentials::AttestationTrustStore * CHIPCommand::sTrustStore                                            = nullptr;
+chip::Credentials::DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * CHIPCommand::sRevocationDelegate = nullptr;
 
 chip::Credentials::GroupDataProviderImpl CHIPCommand::sGroupDataProvider{ kMaxGroupsPerFabric, kMaxGroupKeysPerFabric };
 // All fabrics share the same ICD client storage.
@@ -91,8 +91,9 @@ CHIP_ERROR GetAttestationTrustStore(const char * paaTrustStorePath, const chip::
     return CHIP_NO_ERROR;
 }
 
-CHIP_ERROR GetAttestationRevocationDelegate(const char * revocationSetPath,
-                                            chip::Credentials::DeviceAttestationRevocationDelegate ** revocationDelegate)
+CHIP_ERROR GetAttestationRevocationDelegate(
+    const char * revocationSetPath,
+    chip::Credentials::DeviceAttestationVerifier::DeviceAttestationRevocationDelegate ** revocationDelegate)
 {
     if (revocationSetPath == nullptr)
     {

diff --git a/examples/chip-tool/commands/common/CHIPCommand.h b/examples/chip-tool/commands/common/CHIPCommand.h
@@ -234,7 +234,7 @@ class CHIPCommand : public Command
 
     // Cached DAC revocation delegate, this can be set using "--dac-revocation-set-path" argument
     // Once set this will be used by all commands.
-    static chip::Credentials::DeviceAttestationRevocationDelegate * sRevocationDelegate;
+    static chip::Credentials::DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * sRevocationDelegate;
 
     static void RunQueuedCommand(intptr_t commandArg);
     typedef decltype(RunQueuedCommand) MatterWorkCallback;

diff --git a/examples/chip-tool/commands/common/CredentialIssuerCommands.h b/examples/chip-tool/commands/common/CredentialIssuerCommands.h
@@ -61,9 +61,9 @@ class CredentialIssuerCommands
      *
      * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error code.
      */
-    virtual CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams,
-                                              const chip::Credentials::AttestationTrustStore * trustStore,
-                                              chip::Credentials::DeviceAttestationRevocationDelegate * revocationDelegate) = 0;
+    virtual CHIP_ERROR SetupDeviceAttestation(
+        chip::Controller::SetupParams & setupParams, const chip::Credentials::AttestationTrustStore * trustStore,
+        chip::Credentials::DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * revocationDelegate) = 0;
 
     /**
      * @brief Add a list of additional non-default CD verifying keys (by certificate)

diff --git a/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h b/examples/chip-tool/commands/example/ExampleCredentialIssuerCommands.h
@@ -33,9 +33,9 @@ class ExampleCredentialIssuerCommands : public CredentialIssuerCommands
     {
         return mOpCredsIssuer.Initialize(storage);
     }
-    CHIP_ERROR SetupDeviceAttestation(chip::Controller::SetupParams & setupParams,
-                                      const chip::Credentials::AttestationTrustStore * trustStore,
-                                      chip::Credentials::DeviceAttestationRevocationDelegate * revocationDelegate) override
+    CHIP_ERROR SetupDeviceAttestation(
+        chip::Controller::SetupParams & setupParams, const chip::Credentials::AttestationTrustStore * trustStore,
+        chip::Credentials::DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * revocationDelegate) override
     {
         chip::Credentials::SetDeviceAttestationCredentialsProvider(chip::Credentials::Examples::GetExampleDACProvider());
 

diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.cpp
@@ -696,8 +696,9 @@ const AttestationTrustStore * GetTestAttestationTrustStore()
     return &gTestAttestationTrustStore.get();
 }
 
-DeviceAttestationVerifier * GetDefaultDACVerifier(const AttestationTrustStore * paaRootStore,
-                                                  DeviceAttestationRevocationDelegate * revocationDelegate)
+DeviceAttestationVerifier *
+GetDefaultDACVerifier(const AttestationTrustStore * paaRootStore,
+                      DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * revocationDelegate)
 {
     static DefaultDACVerifier defaultDACVerifier{ paaRootStore, revocationDelegate };
 

diff --git a/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h b/src/credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h
@@ -122,8 +122,9 @@ const AttestationTrustStore * GetTestAttestationTrustStore();
  *          process lifetime.  In particular, after the first call it's not
  *          possible to change which AttestationTrustStore is used by this verifier.
  */
-DeviceAttestationVerifier * GetDefaultDACVerifier(const AttestationTrustStore * paaRootStore,
-                                                  DeviceAttestationRevocationDelegate * revocationDelegate = nullptr);
+DeviceAttestationVerifier *
+GetDefaultDACVerifier(const AttestationTrustStore * paaRootStore,
+                      DeviceAttestationVerifier::DeviceAttestationRevocationDelegate * revocationDelegate = nullptr);
 
 } // namespace Credentials
 } // namespace chip
diff --git a/src/credentials/attestation_verifier/DeviceAttestationVerifier.h b/src/credentials/attestation_verifier/DeviceAttestationVerifier.h
@@ -333,6 +333,28 @@ class DeviceAttestationVerifier
     typedef void (*OnAttestationInformationVerification)(void * context, const AttestationInfo & info,
                                                          AttestationVerificationResult result);
 
+    /**
+     * @brief Interface for checking the device attestation revocation status
+     *
+     */
+    class DeviceAttestationRevocationDelegate
+    {
+    public:
+        DeviceAttestationRevocationDelegate()          = default;
+        virtual ~DeviceAttestationRevocationDelegate() = default;
+
+        /**
+         * @brief Verify whether or not the given DAC chain is revoked.
+         *
+         * @param[in] info All of the information required to check for revoked DAC chain.
+         * @param[in] onCompletion Callback handler to provide Attestation Information Verification result to the caller of
+         *                         CheckForRevokedDACChain().
+         */
+        virtual void CheckForRevokedDACChain(
+            const DeviceAttestationVerifier::AttestationInfo & info,
+            Callback::Callback<DeviceAttestationVerifier::OnAttestationInformationVerification> * onCompletion) = 0;
+    };
+
     /**
      * @brief Verify an attestation information payload against a DAC/PAI chain.
      *
@@ -419,28 +441,6 @@ class DeviceAttestationVerifier
     bool mEnableCdTestKeySupport = true;
 };
 
-/**
- * @brief Interface for checking the device attestation revocation status
- *
- */
-class DeviceAttestationRevocationDelegate
-{
-public:
-    DeviceAttestationRevocationDelegate()          = default;
-    virtual ~DeviceAttestationRevocationDelegate() = default;
-
-    /**
-     * @brief Verify whether or not the given DAC chain is revoked.
-     *
-     * @param[in] info All of the information required to check for revoked DAC chain.
-     * @param[in] onCompletion Callback handler to provide Attestation Information Verification result to the caller of
-     *                         CheckForRevokedDACChain().
-     */
-    virtual void
-    CheckForRevokedDACChain(const DeviceAttestationVerifier::AttestationInfo & info,
-                            Callback::Callback<DeviceAttestationVerifier::OnAttestationInformationVerification> * onCompletion) = 0;
-};
-
 /**
  * Instance getter for the global DeviceAttestationVerifier.
  *

diff --git a/src/credentials/attestation_verifier/TestDACRevocationDelegateImpl.h b/src/credentials/attestation_verifier/TestDACRevocationDelegateImpl.h
@@ -26,7 +26,7 @@
 namespace chip {
 namespace Credentials {
 
-class TestDACRevocationDelegateImpl : public DeviceAttestationRevocationDelegate
+class TestDACRevocationDelegateImpl : public DeviceAttestationVerifier::DeviceAttestationRevocationDelegate
 {
 public:
     TestDACRevocationDelegateImpl()  = default;