Skip to content

Commit

Permalink
[Android] Add skipAttestationCertificateValidation (#31848)
Browse files Browse the repository at this point in the history
* Add Android skipAttestationCertificateValidation

* Restyled by google-java-format

* Restyled by clang-format

---------

Co-authored-by: Restyled.io <commits@restyled.io>
  • Loading branch information
2 people authored and pull[bot] committed Mar 28, 2024
1 parent fa1e324 commit 1257275
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 8 deletions.
14 changes: 11 additions & 3 deletions src/controller/java/AndroidDeviceControllerWrapper.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,8 @@ AndroidDeviceControllerWrapper * AndroidDeviceControllerWrapper::AllocateNew(
#endif
jobject keypairDelegate, jbyteArray rootCertificate, jbyteArray intermediateCertificate, jbyteArray nodeOperationalCertificate,
jbyteArray ipkEpochKey, uint16_t listenPort, uint16_t controllerVendorId, uint16_t failsafeTimerSeconds,
bool attemptNetworkScanWiFi, bool attemptNetworkScanThread, bool skipCommissioningComplete, CHIP_ERROR * errInfoOnFailure)
bool attemptNetworkScanWiFi, bool attemptNetworkScanThread, bool skipCommissioningComplete,
bool skipAttestationCertificateValidation, CHIP_ERROR * errInfoOnFailure)
{
if (errInfoOnFailure == nullptr)
{
Expand Down Expand Up @@ -168,8 +169,15 @@ AndroidDeviceControllerWrapper * AndroidDeviceControllerWrapper::AllocateNew(
#endif

// Initialize device attestation verifier
const chip::Credentials::AttestationTrustStore * testingRootStore = chip::Credentials::GetTestAttestationTrustStore();
chip::Credentials::SetDeviceAttestationVerifier(GetDefaultDACVerifier(testingRootStore));
if (skipAttestationCertificateValidation)
{
chip::Credentials::SetDeviceAttestationVerifier(wrapper->GetPartialDACVerifier());
}
else
{
const chip::Credentials::AttestationTrustStore * testingRootStore = chip::Credentials::GetTestAttestationTrustStore();
chip::Credentials::SetDeviceAttestationVerifier(GetDefaultDACVerifier(testingRootStore));
}

*errInfoOnFailure = wrapper->mICDClientStorage.Init(wrapperStorage, &wrapper->mSessionKeystore);
if (*errInfoOnFailure != CHIP_NO_ERROR)
Expand Down
2 changes: 1 addition & 1 deletion src/controller/java/AndroidDeviceControllerWrapper.h
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ class AndroidDeviceControllerWrapper : public chip::Controller::DevicePairingDel
jobject keypairDelegate, jbyteArray rootCertificate, jbyteArray intermediateCertificate,
jbyteArray nodeOperationalCertificate, jbyteArray ipkEpochKey, uint16_t listenPort, uint16_t controllerVendorId,
uint16_t failsafeTimerSeconds, bool attemptNetworkScanWiFi, bool attemptNetworkScanThread,
bool skipCommissioningComplete, CHIP_ERROR * errInfoOnFailure);
bool skipCommissioningComplete, bool skipAttestationCertificateValidation, CHIP_ERROR * errInfoOnFailure);

void Shutdown();

Expand Down
16 changes: 12 additions & 4 deletions src/controller/java/CHIPDeviceController-JNI.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,11 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr
&getSkipCommissioningComplete);
SuccessOrExit(err);

jmethodID getSkipAttestationCertificateValidation;
err = chip::JniReferences::GetInstance().FindMethod(env, controllerParams, "getSkipAttestationCertificateValidation", "()Z",
&getSkipAttestationCertificateValidation);
SuccessOrExit(err);

jmethodID getCountryCode;
err = chip::JniReferences::GetInstance().FindMethod(env, controllerParams, "getCountryCode", "()Ljava/util/Optional;",
&getCountryCode);
Expand Down Expand Up @@ -372,9 +377,11 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr
uint16_t failsafeTimerSeconds = static_cast<uint16_t>(env->CallIntMethod(controllerParams, getFailsafeTimerSeconds));
uint16_t caseFailsafeTimerSeconds =
static_cast<uint16_t>(env->CallIntMethod(controllerParams, getCASEFailsafeTimerSeconds));
bool attemptNetworkScanWiFi = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanWiFi);
bool attemptNetworkScanThread = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanThread);
bool skipCommissioningComplete = env->CallBooleanMethod(controllerParams, getSkipCommissioningComplete);
bool attemptNetworkScanWiFi = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanWiFi);
bool attemptNetworkScanThread = env->CallBooleanMethod(controllerParams, getAttemptNetworkScanThread);
bool skipCommissioningComplete = env->CallBooleanMethod(controllerParams, getSkipCommissioningComplete);
bool skipAttestationCertificateValidation =
env->CallBooleanMethod(controllerParams, getSkipAttestationCertificateValidation);
uint64_t adminSubject = static_cast<uint64_t>(env->CallLongMethod(controllerParams, getAdminSubject));
jobject countryCodeOptional = env->CallObjectMethod(controllerParams, getCountryCode);
jobject regulatoryLocationOptional = env->CallObjectMethod(controllerParams, getRegulatoryLocation);
Expand All @@ -390,7 +397,8 @@ JNI_METHOD(jlong, newDeviceController)(JNIEnv * env, jobject self, jobject contr
sJVM, self, kLocalDeviceId, fabricId, chip::kUndefinedCATs, &DeviceLayer::SystemLayer(),
DeviceLayer::TCPEndPointManager(), DeviceLayer::UDPEndPointManager(), std::move(opCredsIssuer), keypairDelegate,
rootCertificate, intermediateCertificate, operationalCertificate, ipk, listenPort, controllerVendorId,
failsafeTimerSeconds, attemptNetworkScanWiFi, attemptNetworkScanThread, skipCommissioningComplete, &err);
failsafeTimerSeconds, attemptNetworkScanWiFi, attemptNetworkScanThread, skipCommissioningComplete,
skipAttestationCertificateValidation, &err);
SuccessOrExit(err);

if (caseFailsafeTimerSeconds > 0)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ public final class ControllerParams {
private final boolean attemptNetworkScanWiFi;
private final boolean attemptNetworkScanThread;
private final boolean skipCommissioningComplete;
private final boolean skipAttestationCertificateValidation;
private final Optional<String> countryCode;
private final Optional<Integer> regulatoryLocationType;
@Nullable private final KeypairDelegate keypairDelegate;
Expand All @@ -33,6 +34,7 @@ private ControllerParams(Builder builder) {
this.attemptNetworkScanWiFi = builder.attemptNetworkScanWiFi;
this.attemptNetworkScanThread = builder.attemptNetworkScanThread;
this.skipCommissioningComplete = builder.skipCommissioningComplete;
this.skipAttestationCertificateValidation = builder.skipAttestationCertificateValidation;
this.countryCode = builder.countryCode;
this.regulatoryLocationType = builder.regulatoryLocationType;
this.keypairDelegate = builder.keypairDelegate;
Expand Down Expand Up @@ -76,6 +78,10 @@ public boolean getSkipCommissioningComplete() {
return skipCommissioningComplete;
}

public boolean getSkipAttestationCertificateValidation() {
return skipAttestationCertificateValidation;
}

public Optional<String> getCountryCode() {
return countryCode;
}
Expand Down Expand Up @@ -137,6 +143,7 @@ public static class Builder {
private boolean attemptNetworkScanWiFi = false;
private boolean attemptNetworkScanThread = false;
private boolean skipCommissioningComplete = false;
private boolean skipAttestationCertificateValidation = false;
private Optional<String> countryCode = Optional.empty();
private Optional<Integer> regulatoryLocationType = Optional.empty();
@Nullable private KeypairDelegate keypairDelegate = null;
Expand Down Expand Up @@ -257,6 +264,21 @@ public Builder setSkipCommissioningComplete(boolean skipCommissioningComplete) {
return this;
}

/**
* Used when the Commissioner disables Attestation Certificate Validation.
*
* <p>Specifically, this sets SkipAttestationCertificateValidation in the
* CommissioningParameters passed to the CommissioningDelegate.
*
* @param skipAttestationCertificateValidation
* @return
*/
public Builder setSkipAttestationCertificateValidation(
boolean skipAttestationCertificateValidation) {
this.skipAttestationCertificateValidation = skipAttestationCertificateValidation;
return this;
}

/**
* Sets the Regulatory Location country code passed to ChipDeviceCommissioner's
* CommissioningParameters.
Expand Down

0 comments on commit 1257275

Please sign in to comment.