forked from project-chip/connectedhomeip
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMTRDeviceControllerStartupParams_Internal.h
182 lines (148 loc) · 7.85 KB
/
MTRDeviceControllerStartupParams_Internal.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
/**
* Copyright (c) 2022 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#import "MTRDeviceControllerStartupParams.h"
#import <Foundation/Foundation.h>
#import <Matter/MTRDefines.h>
#import <Matter/MTRDeviceController.h>
#import <Matter/MTRDeviceControllerParameters.h>
#include <crypto/CHIPCryptoPAL.h>
#include <lib/core/DataModelTypes.h>
#include <lib/core/Optional.h>
// MTRDeviceController_Concrete.h imports this header, so we can't import it.
@class MTRDeviceController_Concrete;
namespace chip {
class FabricTable;
namespace Crypto {
class OperationalKeystore;
} // namespace Crypto
} // namespace chip
NS_ASSUME_NONNULL_BEGIN
@interface MTRDeviceControllerStartupParams ()
// We want to be able to write to operationalCertificate in
// MTRDeviceControllerStartupParamsInternal.
@property (nonatomic, copy, nullable) MTRCertificateDERBytes operationalCertificate;
// uniqueIdentifier, so that we always have one.
@property (nonatomic, strong, readonly) NSUUID * uniqueIdentifier;
// Init method that just copies the values of all our ivars.
- (instancetype)initWithParams:(MTRDeviceControllerStartupParams *)params;
@end
@interface MTRDeviceControllerAbstractParameters ()
// Allow init from our subclasses.
- (instancetype)_initInternal;
@end
@interface MTRDeviceControllerParameters ()
- (instancetype)initWithStorageDelegate:(id<MTRDeviceControllerStorageDelegate>)storageDelegate
storageDelegateQueue:(dispatch_queue_t)storageDelegateQueue
uniqueIdentifier:(NSUUID *)uniqueIdentifier
ipk:(NSData *)ipk
vendorID:(NSNumber *)vendorID
operationalKeypair:(id<MTRKeypair>)operationalKeypair
operationalCertificate:(MTRCertificateDERBytes)operationalCertificate
intermediateCertificate:(MTRCertificateDERBytes _Nullable)intermediateCertificate
rootCertificate:(MTRCertificateDERBytes)rootCertificate;
// When we have other subclasses of MTRDeviceControllerParameters, we may
// need to make more things nullable here and/or add more fields. But for now
// we know exactly what information we have.
@property (nonatomic, copy, readonly) NSData * ipk;
@property (nonatomic, copy, readonly) NSNumber * vendorID;
@property (nonatomic, copy, readonly) MTRCertificateDERBytes rootCertificate;
@property (nonatomic, copy, readonly, nullable) MTRCertificateDERBytes intermediateCertificate;
@property (nonatomic, copy, readonly) MTRCertificateDERBytes operationalCertificate;
@property (nonatomic, strong, readonly) id<MTRKeypair> operationalKeypair;
@property (nonatomic, strong, nullable, readonly) id<MTROperationalCertificateIssuer> operationalCertificateIssuer;
@property (nonatomic, strong, nullable, readonly) dispatch_queue_t operationalCertificateIssuerQueue;
@property (nonatomic, strong, readonly) id<MTRDeviceControllerStorageDelegate> storageDelegate;
@property (nonatomic, strong, readonly) dispatch_queue_t storageDelegateQueue;
@property (nonatomic, strong, readonly) NSUUID * uniqueIdentifier;
@property (nonatomic, strong, readonly, nullable) id<MTROTAProviderDelegate> otaProviderDelegate;
@property (nonatomic, strong, readonly, nullable) dispatch_queue_t otaProviderDelegateQueue;
+ (nullable NSNumber *)nodeIDFromNOC:(MTRCertificateDERBytes)noc;
+ (nullable NSNumber *)fabricIDFromNOC:(MTRCertificateDERBytes)noc;
+ (nullable NSData *)publicKeyFromCertificate:(MTRCertificateDERBytes)certificate;
@end
@interface MTRDeviceControllerStartupParamsInternal : MTRDeviceControllerStartupParams
// Fabric table we can use to do things like allocate operational keys.
@property (nonatomic, assign, readonly) chip::FabricTable * fabricTable;
// Fabric index we're starting on. Only has a value when starting against an
// existing fabric table entry.
@property (nonatomic, assign, readonly) chip::Optional<chip::FabricIndex> fabricIndex;
// Key store we're using with our fabric table, for sanity checks.
@property (nonatomic, assign, readonly) chip::Crypto::OperationalKeystore * keystore;
@property (nonatomic, assign, readonly) BOOL advertiseOperational;
@property (nonatomic, assign, readonly) BOOL allowMultipleControllersPerFabric;
@property (nonatomic, nullable) NSArray<MTRCertificateDERBytes> * productAttestationAuthorityCertificates;
@property (nonatomic, nullable) NSArray<MTRCertificateDERBytes> * certificationDeclarationCertificates;
/**
* A storage delegate that can be provided when initializing the startup params.
* This must be provided if and only if the controller factory was initialized
* without storage.
*/
@property (nonatomic, strong, nullable, readonly) id<MTRDeviceControllerStorageDelegate> storageDelegate;
/**
* The queue to use for storageDelegate. This will be nil if and only if
* storageDelegate is nil.
*/
@property (nonatomic, strong, nullable, readonly) dispatch_queue_t storageDelegateQueue;
/**
* Helper method that checks that our keypairs match our certificates.
* Specifically:
*
* 1) If we have a nocSigner keypair, its public key matches the intermediate
* cert (if there is one) or the root cert (if there is no intermediate
* cert). Returns YES if we have no nocSigner or if the keys match, NO if
* the keys do not match or if we can't even extract public keys from the
* certs and nocSigner.
* 2) If we have both an operationalKeypair and an operationalCertificate,
* their public keys match.
*/
- (BOOL)keypairsMatchCertificates;
/**
* Initialize for controller bringup on a new fabric.
*/
- (instancetype)initForNewFabric:(chip::FabricTable *)fabricTable
keystore:(chip::Crypto::OperationalKeystore *)keystore
advertiseOperational:(BOOL)advertiseOperational
params:(MTRDeviceControllerStartupParams *)params;
/**
* Initialize for controller bringup on an existing fabric.
*/
- (instancetype)initForExistingFabric:(chip::FabricTable *)fabricTable
fabricIndex:(chip::FabricIndex)fabricIndex
keystore:(chip::Crypto::OperationalKeystore *)keystore
advertiseOperational:(BOOL)advertiseOperational
params:(MTRDeviceControllerStartupParams *)params;
/**
* Initialize for controller bringup with per-controller storage.
*/
- (instancetype)initForNewController:(MTRDeviceController_Concrete *)controller
fabricTable:(chip::FabricTable *)fabricTable
keystore:(chip::Crypto::OperationalKeystore *)keystore
advertiseOperational:(BOOL)advertiseOperational
params:(MTRDeviceControllerParameters *)params
error:(CHIP_ERROR &)error;
/**
* Should use initForExistingFabric or initForNewFabric or initForController to initialize
* internally.
*/
- (instancetype)initWithIPK:(NSData *)ipk fabricID:(NSNumber *)fabricID nocSigner:(id<MTRKeypair>)nocSigner NS_UNAVAILABLE;
- (instancetype)initWithIPK:(NSData *)ipk
operationalKeypair:(id<MTRKeypair>)operationalKeypair
operationalCertificate:(MTRCertificateDERBytes)operationalCertificate
intermediateCertificate:(MTRCertificateDERBytes _Nullable)intermediateCertificate
rootCertificate:(MTRCertificateDERBytes)rootCertificate NS_UNAVAILABLE;
@end
NS_ASSUME_NONNULL_END