From d8c92dea50c4f55dc3bbab4291ec48d5253a2235 Mon Sep 17 00:00:00 2001 From: "Restyled.io" Date: Wed, 15 Jun 2022 21:03:16 +0000 Subject: [PATCH] Restyled by clang-format --- src/credentials/OperationalCertificateStore.h | 5 +- .../PersistentStorageOpCertStore.cpp | 188 +++++----- .../PersistentStorageOpCertStore.h | 8 +- .../TestPersistentStorageOpCertStore.cpp | 354 +++++++++--------- 4 files changed, 286 insertions(+), 269 deletions(-) diff --git a/src/credentials/OperationalCertificateStore.h b/src/credentials/OperationalCertificateStore.h index 3ed1ac005b3387..4540da9d99621e 100644 --- a/src/credentials/OperationalCertificateStore.h +++ b/src/credentials/OperationalCertificateStore.h @@ -31,7 +31,7 @@ class OperationalCertificateStore { kRcac = 0, kIcac = 1, - kNoc = 2 + kNoc = 2 }; virtual ~OperationalCertificateStore() {} @@ -240,7 +240,8 @@ class OperationalCertificateStore * @retval CHIP_ERROR_INVALID_FABRIC_INDEX if the fabricIndex is invalid. * @retval other CHIP_ERROR value on internal storage errors. */ - virtual CHIP_ERROR GetCertificate(FabricIndex fabricIndex, CertChainElement element, MutableByteSpan & outCertificate) const = 0; + virtual CHIP_ERROR GetCertificate(FabricIndex fabricIndex, CertChainElement element, + MutableByteSpan & outCertificate) const = 0; }; } // namespace Credentials diff --git a/src/credentials/PersistentStorageOpCertStore.cpp b/src/credentials/PersistentStorageOpCertStore.cpp index 091fba706500b7..5cebd3adc430a1 100644 --- a/src/credentials/PersistentStorageOpCertStore.cpp +++ b/src/credentials/PersistentStorageOpCertStore.cpp @@ -41,17 +41,17 @@ const char * GetStorageKeyForCert(DefaultStorageKeyAllocator & keyAllocator, Fab switch (element) { - case CertChainElement::kNoc: - storageKey = keyAllocator.FabricNOC(fabricIndex); - break; - case CertChainElement::kIcac: - storageKey = keyAllocator.FabricICAC(fabricIndex); - break; - case CertChainElement::kRcac: - storageKey = keyAllocator.FabricRCAC(fabricIndex); - break; - default: - break; + case CertChainElement::kNoc: + storageKey = keyAllocator.FabricNOC(fabricIndex); + break; + case CertChainElement::kIcac: + storageKey = keyAllocator.FabricICAC(fabricIndex); + break; + case CertChainElement::kRcac: + storageKey = keyAllocator.FabricRCAC(fabricIndex); + break; + default: + break; } return storageKey; @@ -85,13 +85,14 @@ bool StorageHasCertificate(PersistentStorageDelegate * storage, FabricIndex fabr return false; } -CHIP_ERROR LoadCertFromStorage(PersistentStorageDelegate * storage, FabricIndex fabricIndex, CertChainElement element, MutableByteSpan & outCert) +CHIP_ERROR LoadCertFromStorage(PersistentStorageDelegate * storage, FabricIndex fabricIndex, CertChainElement element, + MutableByteSpan & outCert) { DefaultStorageKeyAllocator keyAllocator; const char * storageKey = GetStorageKeyForCert(keyAllocator, fabricIndex, element); uint16_t keySize = static_cast(outCert.size()); - CHIP_ERROR err = storage->SyncGetKeyValue(storageKey, outCert.data(), keySize); + CHIP_ERROR err = storage->SyncGetKeyValue(storageKey, outCert.data(), keySize); // Not finding an ICAC means we don't have one, so adjust to meet the API contract, where // outCert.empty() will be true; @@ -115,7 +116,8 @@ CHIP_ERROR LoadCertFromStorage(PersistentStorageDelegate * storage, FabricIndex return err; } -CHIP_ERROR SaveCertToStorage(PersistentStorageDelegate * storage, FabricIndex fabricIndex, CertChainElement element, const ByteSpan & cert) +CHIP_ERROR SaveCertToStorage(PersistentStorageDelegate * storage, FabricIndex fabricIndex, CertChainElement element, + const ByteSpan & cert) { DefaultStorageKeyAllocator keyAllocator; const char * storageKey = GetStorageKeyForCert(keyAllocator, fabricIndex, element); @@ -150,7 +152,6 @@ bool PersistentStorageOpCertStore::HasPendingRootCert() const return false; } - return (mPendingRcac.Get() != nullptr) && mStateFlags.Has(StateFlags::kAddNewTrustedRootCalled); } @@ -164,7 +165,6 @@ bool PersistentStorageOpCertStore::HasPendingNocChain() const return (mPendingNoc.Get() != nullptr) && mStateFlags.HasAny(StateFlags::kAddNewOpCertsCalled, StateFlags::kUpdateOpCertsCalled); } - bool PersistentStorageOpCertStore::HasCertificateForFabric(FabricIndex fabricIndex, CertChainElement element) const { if ((mStorage == nullptr) || !IsValidFabricIndex(fabricIndex)) @@ -177,32 +177,32 @@ bool PersistentStorageOpCertStore::HasCertificateForFabric(FabricIndex fabricInd { switch (element) { - case CertChainElement::kRcac: - if (mPendingRcac.Get() != nullptr) - { - return true; - } - break; - case CertChainElement::kIcac: - if (mPendingIcac.Get() != nullptr) - { - return true; - } - // If we have a pending NOC and no pending ICAC, don't delegate to storage, return not found here - // since in the pending state, there truly is nothing. - if (mPendingNoc.Get() != nullptr) - { - return false; - } - break; - case CertChainElement::kNoc: - if (mPendingNoc.Get() != nullptr) - { - return true; - } - break; - default: + case CertChainElement::kRcac: + if (mPendingRcac.Get() != nullptr) + { + return true; + } + break; + case CertChainElement::kIcac: + if (mPendingIcac.Get() != nullptr) + { + return true; + } + // If we have a pending NOC and no pending ICAC, don't delegate to storage, return not found here + // since in the pending state, there truly is nothing. + if (mPendingNoc.Get() != nullptr) + { return false; + } + break; + case CertChainElement::kNoc: + if (mPendingNoc.Get() != nullptr) + { + return true; + } + break; + default: + return false; } } @@ -215,14 +215,16 @@ CHIP_ERROR PersistentStorageOpCertStore::AddNewTrustedRootCertForFabric(FabricIn ReturnErrorCodeIf(!IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX); ReturnErrorCodeIf(rcac.empty() || (rcac.size() > Credentials::kMaxCHIPCertLength), CHIP_ERROR_INVALID_ARGUMENT); - ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kUpdateOpCertsCalled, StateFlags::kAddNewTrustedRootCalled, StateFlags::kAddNewOpCertsCalled), CHIP_ERROR_INCORRECT_STATE); + ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kUpdateOpCertsCalled, StateFlags::kAddNewTrustedRootCalled, + StateFlags::kAddNewOpCertsCalled), + CHIP_ERROR_INCORRECT_STATE); ReturnErrorCodeIf(StorageHasCertificate(mStorage, fabricIndex, CertChainElement::kRcac), CHIP_ERROR_INCORRECT_STATE); Platform::ScopedMemoryBuffer rcacBuf; ReturnErrorCodeIf(!rcacBuf.Alloc(rcac.size()), CHIP_ERROR_NO_MEMORY); memcpy(rcacBuf.Get(), rcac.data(), rcac.size()); - mPendingRcac = std::move(rcacBuf); + mPendingRcac = std::move(rcacBuf); mPendingRcacSize = static_cast(rcac.size()); mPendingFabricIndex = fabricIndex; @@ -231,7 +233,8 @@ CHIP_ERROR PersistentStorageOpCertStore::AddNewTrustedRootCertForFabric(FabricIn return CHIP_NO_ERROR; } -CHIP_ERROR PersistentStorageOpCertStore::AddNewOpCertsForFabric(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac) +CHIP_ERROR PersistentStorageOpCertStore::AddNewOpCertsForFabric(FabricIndex fabricIndex, const ByteSpan & noc, + const ByteSpan & icac) { ReturnErrorCodeIf(mStorage == nullptr, CHIP_ERROR_INCORRECT_STATE); ReturnErrorCodeIf(!IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX); @@ -239,7 +242,8 @@ CHIP_ERROR PersistentStorageOpCertStore::AddNewOpCertsForFabric(FabricIndex fabr ReturnErrorCodeIf(icac.size() > Credentials::kMaxCHIPCertLength, CHIP_ERROR_INVALID_ARGUMENT); // Can't have called UpdateOpCertsForFabric first, or called with pending certs - ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kUpdateOpCertsCalled, StateFlags::kAddNewOpCertsCalled), CHIP_ERROR_INCORRECT_STATE); + ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kUpdateOpCertsCalled, StateFlags::kAddNewOpCertsCalled), + CHIP_ERROR_INCORRECT_STATE); // Need to have trusted roots installed to make the chain valid ReturnErrorCodeIf(!mStateFlags.Has(StateFlags::kAddNewTrustedRootCalled), CHIP_ERROR_INCORRECT_STATE); @@ -262,10 +266,10 @@ CHIP_ERROR PersistentStorageOpCertStore::AddNewOpCertsForFabric(FabricIndex fabr memcpy(icacBuf.Get(), icac.data(), icac.size()); } - mPendingNoc = std::move(nocBuf); + mPendingNoc = std::move(nocBuf); mPendingNocSize = static_cast(noc.size()); - mPendingIcac = std::move(icacBuf); + mPendingIcac = std::move(icacBuf); mPendingIcacSize = static_cast(icac.size()); mPendingFabricIndex = fabricIndex; @@ -275,7 +279,8 @@ CHIP_ERROR PersistentStorageOpCertStore::AddNewOpCertsForFabric(FabricIndex fabr return CHIP_NO_ERROR; } -CHIP_ERROR PersistentStorageOpCertStore::UpdateOpCertsForFabric(FabricIndex fabricIndex, const ByteSpan & noc, const ByteSpan & icac) +CHIP_ERROR PersistentStorageOpCertStore::UpdateOpCertsForFabric(FabricIndex fabricIndex, const ByteSpan & noc, + const ByteSpan & icac) { ReturnErrorCodeIf(mStorage == nullptr, CHIP_ERROR_INCORRECT_STATE); ReturnErrorCodeIf(!IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX); @@ -283,7 +288,8 @@ CHIP_ERROR PersistentStorageOpCertStore::UpdateOpCertsForFabric(FabricIndex fabr ReturnErrorCodeIf(icac.size() > Credentials::kMaxCHIPCertLength, CHIP_ERROR_INVALID_ARGUMENT); // Can't have called AddNewOpCertsForFabric first, and should never get here after AddNewTrustedRootCertForFabric. - ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kAddNewOpCertsCalled, StateFlags::kAddNewTrustedRootCalled), CHIP_ERROR_INCORRECT_STATE); + ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kAddNewOpCertsCalled, StateFlags::kAddNewTrustedRootCalled), + CHIP_ERROR_INCORRECT_STATE); // Can't have already pending NOC from UpdateOpCerts not yet committed ReturnErrorCodeIf(mStateFlags.HasAny(StateFlags::kUpdateOpCertsCalled), CHIP_ERROR_INCORRECT_STATE); @@ -308,10 +314,10 @@ CHIP_ERROR PersistentStorageOpCertStore::UpdateOpCertsForFabric(FabricIndex fabr memcpy(icacBuf.Get(), icac.data(), icac.size()); } - mPendingNoc = std::move(nocBuf); + mPendingNoc = std::move(nocBuf); mPendingNocSize = static_cast(noc.size()); - mPendingIcac = std::move(icacBuf); + mPendingIcac = std::move(icacBuf); mPendingIcacSize = static_cast(icac.size()); // For NOC update, UpdateOpCertsForFabric is what determines the pending fabric index, @@ -340,24 +346,24 @@ CHIP_ERROR PersistentStorageOpCertStore::CommitOpCertsForFabric(FabricIndex fabr // TODO: Handle transaction marking to revert partial certs at next boot if we get interrupted by reboot. // Start committing NOC first so we don't have dangling roots if one was added. - ByteSpan pendingNocSpan{mPendingNoc.Get(), mPendingNocSize}; + ByteSpan pendingNocSpan{ mPendingNoc.Get(), mPendingNocSize }; CHIP_ERROR nocErr = SaveCertToStorage(mStorage, mPendingFabricIndex, CertChainElement::kNoc, pendingNocSpan); // ICAC storage handles deleting on empty/missing - ByteSpan pendingIcacSpan{mPendingIcac.Get(), mPendingIcacSize}; + ByteSpan pendingIcacSpan{ mPendingIcac.Get(), mPendingIcacSize }; CHIP_ERROR icacErr = SaveCertToStorage(mStorage, mPendingFabricIndex, CertChainElement::kIcac, pendingIcacSpan); CHIP_ERROR rcacErr = CHIP_NO_ERROR; if (HasPendingRootCert()) { - ByteSpan pendingRcacSpan{mPendingRcac.Get(), mPendingRcacSize}; + ByteSpan pendingRcacSpan{ mPendingRcac.Get(), mPendingRcacSize }; rcacErr = SaveCertToStorage(mStorage, mPendingFabricIndex, CertChainElement::kRcac, pendingRcacSpan); } // Remember which was the first error, and if any error occurred. CHIP_ERROR stickyErr = nocErr; - stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : icacErr; - stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : rcacErr; + stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : icacErr; + stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : rcacErr; if (stickyErr != CHIP_NO_ERROR) { @@ -365,12 +371,12 @@ CHIP_ERROR PersistentStorageOpCertStore::CommitOpCertsForFabric(FabricIndex fabr // failure. if (mStateFlags.Has(StateFlags::kAddNewOpCertsCalled)) { - (void)DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kNoc); - (void)DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kIcac); + (void) DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kNoc); + (void) DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kIcac); } if (mStateFlags.Has(StateFlags::kAddNewTrustedRootCalled)) { - (void)DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kRcac); + (void) DeleteCertFromStorage(mStorage, mPendingFabricIndex, CertChainElement::kRcac); } if (mStateFlags.Has(StateFlags::kUpdateOpCertsCalled)) { @@ -392,8 +398,8 @@ bool PersistentStorageOpCertStore::HasAnyCertificateForFabric(FabricIndex fabric bool rcacMissing = !StorageHasCertificate(mStorage, fabricIndex, CertChainElement::kRcac); bool icacMissing = !StorageHasCertificate(mStorage, fabricIndex, CertChainElement::kIcac); - bool nocMissing = !StorageHasCertificate(mStorage, fabricIndex, CertChainElement::kNoc); - bool anyPending = (mPendingRcac.Get() != nullptr) || (mPendingIcac.Get() != nullptr) || (mPendingNoc.Get() != nullptr); + bool nocMissing = !StorageHasCertificate(mStorage, fabricIndex, CertChainElement::kNoc); + bool anyPending = (mPendingRcac.Get() != nullptr) || (mPendingIcac.Get() != nullptr) || (mPendingNoc.Get() != nullptr); // If there was *no* state, pending or persisted, we have an error if (rcacMissing && icacMissing && nocMissing && !anyPending) @@ -416,24 +422,25 @@ CHIP_ERROR PersistentStorageOpCertStore::RemoveOpCertsForFabric(FabricIndex fabr RevertPendingOpCerts(); // Remove all persisted certs for the given fabric, blindly - CHIP_ERROR nocErr = DeleteCertFromStorage(mStorage, fabricIndex, CertChainElement::kNoc); + CHIP_ERROR nocErr = DeleteCertFromStorage(mStorage, fabricIndex, CertChainElement::kNoc); CHIP_ERROR icacErr = DeleteCertFromStorage(mStorage, fabricIndex, CertChainElement::kIcac); CHIP_ERROR rcacErr = DeleteCertFromStorage(mStorage, fabricIndex, CertChainElement::kRcac); // Ignore missing cert errors - nocErr = (nocErr == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND) ? CHIP_NO_ERROR : nocErr; + nocErr = (nocErr == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND) ? CHIP_NO_ERROR : nocErr; icacErr = (icacErr == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND) ? CHIP_NO_ERROR : icacErr; rcacErr = (rcacErr == CHIP_ERROR_PERSISTED_STORAGE_VALUE_NOT_FOUND) ? CHIP_NO_ERROR : rcacErr; // Find the first error and return that CHIP_ERROR stickyErr = nocErr; - stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : icacErr; - stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : rcacErr; + stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : icacErr; + stickyErr = (stickyErr != CHIP_NO_ERROR) ? stickyErr : rcacErr; return stickyErr; } -CHIP_ERROR PersistentStorageOpCertStore::GetPendingCertificate(FabricIndex fabricIndex, CertChainElement element, MutableByteSpan & outCertificate) const +CHIP_ERROR PersistentStorageOpCertStore::GetPendingCertificate(FabricIndex fabricIndex, CertChainElement element, + MutableByteSpan & outCertificate) const { if (fabricIndex != mPendingFabricIndex) { @@ -443,35 +450,36 @@ CHIP_ERROR PersistentStorageOpCertStore::GetPendingCertificate(FabricIndex fabri // FabricIndex matches pending, we MAY have some pending data switch (element) { - case CertChainElement::kRcac: - if (mPendingRcac.Get() != nullptr) - { - ByteSpan rcacSpan{mPendingRcac.Get(), static_cast(mPendingRcacSize)}; - return CopySpanToMutableSpan(rcacSpan, outCertificate); - } - break; - case CertChainElement::kIcac: - if (mPendingIcac.Get() != nullptr) - { - ByteSpan icacSpan{mPendingIcac.Get(), static_cast(mPendingIcacSize)}; - return CopySpanToMutableSpan(icacSpan, outCertificate); - } - break; - case CertChainElement::kNoc: - if (mPendingNoc.Get() != nullptr) - { - ByteSpan nocSpan{mPendingNoc.Get(), static_cast(mPendingNocSize)}; - return CopySpanToMutableSpan(nocSpan, outCertificate); - } - break; - default: - return CHIP_ERROR_INVALID_ARGUMENT; + case CertChainElement::kRcac: + if (mPendingRcac.Get() != nullptr) + { + ByteSpan rcacSpan{ mPendingRcac.Get(), static_cast(mPendingRcacSize) }; + return CopySpanToMutableSpan(rcacSpan, outCertificate); + } + break; + case CertChainElement::kIcac: + if (mPendingIcac.Get() != nullptr) + { + ByteSpan icacSpan{ mPendingIcac.Get(), static_cast(mPendingIcacSize) }; + return CopySpanToMutableSpan(icacSpan, outCertificate); + } + break; + case CertChainElement::kNoc: + if (mPendingNoc.Get() != nullptr) + { + ByteSpan nocSpan{ mPendingNoc.Get(), static_cast(mPendingNocSize) }; + return CopySpanToMutableSpan(nocSpan, outCertificate); + } + break; + default: + return CHIP_ERROR_INVALID_ARGUMENT; } return CHIP_ERROR_NOT_FOUND; } -CHIP_ERROR PersistentStorageOpCertStore::GetCertificate(FabricIndex fabricIndex, CertChainElement element, MutableByteSpan & outCertificate) const +CHIP_ERROR PersistentStorageOpCertStore::GetCertificate(FabricIndex fabricIndex, CertChainElement element, + MutableByteSpan & outCertificate) const { VerifyOrReturnError(mStorage != nullptr, CHIP_ERROR_INCORRECT_STATE); VerifyOrReturnError(IsValidFabricIndex(fabricIndex), CHIP_ERROR_INVALID_FABRIC_INDEX); diff --git a/src/credentials/PersistentStorageOpCertStore.h b/src/credentials/PersistentStorageOpCertStore.h index 3fcbe12cafa814..3c2f36e7c53802 100644 --- a/src/credentials/PersistentStorageOpCertStore.h +++ b/src/credentials/PersistentStorageOpCertStore.h @@ -88,7 +88,7 @@ class PersistentStorageOpCertStore : public OperationalCertificateStore mPendingRcacSize = 0; mPendingIcacSize = 0; - mPendingNocSize = 0; + mPendingNocSize = 0; mPendingFabricIndex = kUndefinedFabricIndex; mStateFlags.ClearAll(); @@ -100,9 +100,9 @@ class PersistentStorageOpCertStore : public OperationalCertificateStore enum class StateFlags : uint8_t { // Below are flags to assist interlock logic - kAddNewOpCertsCalled = (1u << 0), + kAddNewOpCertsCalled = (1u << 0), kAddNewTrustedRootCalled = (1u << 1), - kUpdateOpCertsCalled = (1u << 2), + kUpdateOpCertsCalled = (1u << 2), }; // Returns CHIP_ERROR_NOT_FOUND if a pending certificate couldn't be found, otherwise status of pending copy @@ -122,7 +122,7 @@ class PersistentStorageOpCertStore : public OperationalCertificateStore uint16_t mPendingRcacSize = 0; uint16_t mPendingIcacSize = 0; - uint16_t mPendingNocSize = 0; + uint16_t mPendingNocSize = 0; BitFlags mStateFlags; }; diff --git a/src/credentials/tests/TestPersistentStorageOpCertStore.cpp b/src/credentials/tests/TestPersistentStorageOpCertStore.cpp index 7937f824a07104..c917cdb1e5a47d 100644 --- a/src/credentials/tests/TestPersistentStorageOpCertStore.cpp +++ b/src/credentials/tests/TestPersistentStorageOpCertStore.cpp @@ -33,19 +33,19 @@ using CertChainElement = OperationalCertificateStore::CertChainElement; namespace { -constexpr FabricIndex kFabricIndex1 = 1; -constexpr FabricIndex kFabricIndex2 = 2; +constexpr FabricIndex kFabricIndex1 = 1; +constexpr FabricIndex kFabricIndex2 = 2; constexpr FabricIndex kOtherFabricIndex = static_cast(kFabricIndex1 + 10u); // The PersistentStorageOpCertStore does not validate cert contents, so we can use simple constants -const uint8_t kTestRcacBuf[] = {'r', 'c', 'a', 'c'}; -const ByteSpan kTestRcacSpan{kTestRcacBuf}; +const uint8_t kTestRcacBuf[] = { 'r', 'c', 'a', 'c' }; +const ByteSpan kTestRcacSpan{ kTestRcacBuf }; -const uint8_t kTestIcacBuf[] = {'i', 'c', 'a', 'c'}; -const ByteSpan kTestIcacSpan{kTestIcacBuf}; +const uint8_t kTestIcacBuf[] = { 'i', 'c', 'a', 'c' }; +const ByteSpan kTestIcacSpan{ kTestIcacBuf }; -const uint8_t kTestNocBuf[] = {'n', 'o', 'c'}; -const ByteSpan kTestNocSpan{kTestNocBuf}; +const uint8_t kTestNocBuf[] = { 'n', 'o', 'c' }; +const ByteSpan kTestNocSpan{ kTestNocBuf }; void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) { @@ -64,27 +64,28 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) // Manually add existing root for the FabricIndex, should fail AddNewTrustedRootCertForFabric for // same fabric but succeed GetCertificate. - const uint8_t kTestRcacBufExists[] = {'r', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; + const uint8_t kTestRcacBufExists[] = { 'r', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; err = storageDelegate.SyncSetKeyValue(keyAllocator.FabricRCAC(kFabricIndex1), kTestRcacBufExists, sizeof(kTestRcacBufExists)); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 1); - NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kRcac) == true); //< From manual add + NL_TEST_ASSERT(inSuite, + opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kRcac) == true); //< From manual add err = opCertStore.AddNewTrustedRootCertForFabric(kFabricIndex1, kTestRcacSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_INCORRECT_STATE); uint8_t largeBuf[400]; - MutableByteSpan largeSpan{largeBuf}; + MutableByteSpan largeSpan{ largeBuf }; err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); - largeSpan = MutableByteSpan{largeBuf}; + largeSpan = MutableByteSpan{ largeBuf }; err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacBufExists })); // Adding root for another FabricIndex should work err = opCertStore.AddNewTrustedRootCertForFabric(kUndefinedFabricIndex, kTestRcacSpan); @@ -97,10 +98,10 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, opCertStore.HasPendingRootCert() == true); // Should be able to read pending RCAC right away - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); // Trying to commit with pending RCAC but no NOC should fail but leave everything as-is err = opCertStore.CommitOpCertsForFabric(kFabricIndex2); @@ -119,8 +120,8 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) // Trying to do AddNewOpCertsForFabric for same fabric as that with pending RCAC should fail // if there are already existing NOC chain elements for the given fabric. - const uint8_t kTestIcacBufExists[] = {'i', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; - const uint8_t kTestNocBufExists[] = {'n', 'o', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; + const uint8_t kTestIcacBufExists[] = { 'i', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; + const uint8_t kTestNocBufExists[] = { 'n', 'o', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; err = storageDelegate.SyncSetKeyValue(keyAllocator.FabricICAC(kFabricIndex2), kTestIcacBufExists, sizeof(kTestIcacBufExists)); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -130,7 +131,8 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 2); - NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex2, CertChainElement::kIcac) == true); //< From manual add + NL_TEST_ASSERT(inSuite, + opCertStore.HasCertificateForFabric(kFabricIndex2, CertChainElement::kIcac) == true); //< From manual add NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex2, CertChainElement::kNoc) == true); //< From manual add err = opCertStore.AddNewOpCertsForFabric(kFabricIndex2, kTestNocSpan, kTestIcacSpan); @@ -150,15 +152,15 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 0); //< Storage count did not yet increase // Should be able to get the pending cert even if not in persisted storage - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); // Trying to do AddNewOpCertsForFabric a second time after success before commit should fail, // but leave state as-is @@ -168,15 +170,15 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, opCertStore.HasPendingRootCert() == true); // Should be able to get the pending cert even if not in persisted storage, after an API error - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); // Trying to commit with wrong FabricIndex should fail err = opCertStore.CommitOpCertsForFabric(kOtherFabricIndex); @@ -193,20 +195,20 @@ void TestAddNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 3); //< All certs now committed // Should be able to get the committed certs - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex2, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); opCertStore.Finish(); } @@ -246,44 +248,49 @@ void TestUpdateNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 0); //< Storage count did not yet increase // Manually add root, ICAC and NOC to validate update since existing chain required - const uint8_t kTestRcacBufExists[] = {'r', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; - const uint8_t kTestIcacBufExists[] = {'i', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; - const uint8_t kTestNocBufExists[] = {'n', 'o', 'c', ' ', 'e', 'x', 'i', 's', 't', 's'}; + const uint8_t kTestRcacBufExists[] = { 'r', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; + const uint8_t kTestIcacBufExists[] = { 'i', 'c', 'a', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; + const uint8_t kTestNocBufExists[] = { 'n', 'o', 'c', ' ', 'e', 'x', 'i', 's', 't', 's' }; uint8_t largeBuf[400]; - MutableByteSpan largeSpan{largeBuf}; + MutableByteSpan largeSpan{ largeBuf }; { - err = storageDelegate.SyncSetKeyValue(keyAllocator.FabricRCAC(kFabricIndex1), kTestRcacBufExists, sizeof(kTestRcacBufExists)); + err = + storageDelegate.SyncSetKeyValue(keyAllocator.FabricRCAC(kFabricIndex1), kTestRcacBufExists, sizeof(kTestRcacBufExists)); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 1); - NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kRcac) == true); //< From manual add + NL_TEST_ASSERT(inSuite, + opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kRcac) == true); //< From manual add - err = storageDelegate.SyncSetKeyValue(keyAllocator.FabricICAC(kFabricIndex1), kTestIcacBufExists, sizeof(kTestIcacBufExists)); + err = + storageDelegate.SyncSetKeyValue(keyAllocator.FabricICAC(kFabricIndex1), kTestIcacBufExists, sizeof(kTestIcacBufExists)); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 2); - NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kIcac) == true); //< From manual add + NL_TEST_ASSERT(inSuite, + opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kIcac) == true); //< From manual add err = storageDelegate.SyncSetKeyValue(keyAllocator.FabricNOC(kFabricIndex1), kTestNocBufExists, sizeof(kTestNocBufExists)); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 3); - NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kNoc) == true); //< From manual add + NL_TEST_ASSERT(inSuite, + opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kNoc) == true); //< From manual add // Test that we can manually stored certs - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacBufExists })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacBufExists })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocBufExists })); } // Update fails on fabric with wrong FabricIndex @@ -300,21 +307,21 @@ void TestUpdateNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 3); // Can read back existing root unchanged - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacBufExists })); // NOC chain elements see the pending updated certs - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacBuf})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacBuf })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocBuf})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocBuf })); // Trying update again fails err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, kTestNocSpan, kTestIcacSpan); @@ -340,7 +347,7 @@ void TestUpdateNocFlow(nlTestSuite * inSuite, void * inContext) // Committing writes the new values (we even "background-remove" the old ICAC/NOC before commit) storageDelegate.SyncDeleteKeyValue(keyAllocator.FabricICAC(kFabricIndex1)); storageDelegate.SyncDeleteKeyValue(keyAllocator.FabricNOC(kFabricIndex1)); - NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 1); //< Root remains + NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 1); //< Root remains err = opCertStore.CommitOpCertsForFabric(kFabricIndex1); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -349,40 +356,40 @@ void TestUpdateNocFlow(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 3); //< All certs now committed // Should be able to get the committed cert even if not in persisted storage, after an API error - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacBufExists })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); // Calling revert doesn't undo the work we just did opCertStore.RevertPendingOpCerts(); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 3); //< All certs now committed // Verify the revert after commit left all data alone - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacBufExists})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacBufExists })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); // Verify that RemoveOpCertsForFabric fails on fabric with no data err = opCertStore.RemoveOpCertsForFabric(kFabricIndex2); @@ -414,7 +421,7 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Add a new pending trusted root uint8_t largeBuf[400]; - MutableByteSpan largeSpan{largeBuf}; + MutableByteSpan largeSpan{ largeBuf }; err = opCertStore.AddNewTrustedRootCertForFabric(kFabricIndex1, kTestRcacSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); @@ -423,8 +430,8 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, !opCertStore.HasPendingNocChain()); // Verify we can see the new trusted root - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestRcacSpan)); @@ -433,8 +440,8 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) NL_TEST_ASSERT(inSuite, !opCertStore.HasPendingRootCert()); NL_TEST_ASSERT(inSuite, storageDelegate.GetNumKeys() == 0); //< Storage count did not yet increase - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); { @@ -455,18 +462,18 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Make sure we can see all pending certs before revert { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestRcacSpan)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestIcacSpan)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestNocSpan)); } @@ -479,16 +486,16 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Verify that after revert, we can't see the root or chain anymore { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); } @@ -519,26 +526,26 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Should be able to get the committed certs { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); } - const uint8_t kNewNoc[] = {'n', 'o', 'c', ' ', 'n', 'e', 'w'}; + const uint8_t kNewNoc[] = { 'n', 'o', 'c', ' ', 'n', 'e', 'w' }; // Updating certs should work (NO ICAC) - err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{kNewNoc}, ByteSpan{}); + err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{ kNewNoc }, ByteSpan{}); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, !opCertStore.HasPendingRootCert()); NL_TEST_ASSERT(inSuite, opCertStore.HasPendingNocChain()); @@ -546,20 +553,20 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Should see committed root, pending NOC, absent ICAC { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); NL_TEST_ASSERT(inSuite, !opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kIcac)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewNoc})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewNoc })); } // Revert, should be back at previous state @@ -570,24 +577,24 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Should be able to get the previously committed certs { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestIcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestIcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestNocSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestNocSpan })); } // Try again to update with missing ICAC and commit - err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{kNewNoc}, ByteSpan{}); + err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{ kNewNoc }, ByteSpan{}); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, !opCertStore.HasPendingRootCert()); NL_TEST_ASSERT(inSuite, opCertStore.HasPendingNocChain()); @@ -601,21 +608,21 @@ void TestReverts(nlTestSuite * inSuite, void * inContext) // Should see committed root, new NOC, absent ICAC { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kRcac)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); NL_TEST_ASSERT(inSuite, !opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kIcac)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewNoc})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewNoc })); NL_TEST_ASSERT(inSuite, opCertStore.HasCertificateForFabric(kFabricIndex1, CertChainElement::kNoc)); } @@ -634,7 +641,7 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) // Add a new pending trusted root uint8_t largeBuf[400]; - MutableByteSpan largeSpan{largeBuf}; + MutableByteSpan largeSpan{ largeBuf }; { // Add new root @@ -654,17 +661,17 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) // Make sure we get expected pending state before revert { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestRcacSpan)); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_NOT_FOUND); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, largeSpan.data_equal(kTestNocSpan)); } @@ -699,11 +706,11 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) } // Update to add an ICAC - const uint8_t kNewIcac[] = {'i', 'c', 'a', 'c', ' ', 'n', 'e', 'w'}; - const uint8_t kNewNoc[] = {'n', 'o', 'c', ' ', 'n', 'e', 'w'}; + const uint8_t kNewIcac[] = { 'i', 'c', 'a', 'c', ' ', 'n', 'e', 'w' }; + const uint8_t kNewNoc[] = { 'n', 'o', 'c', ' ', 'n', 'e', 'w' }; // Updating certs should work (NO ICAC) - err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{kNewNoc}, ByteSpan{kNewIcac}); + err = opCertStore.UpdateOpCertsForFabric(kFabricIndex1, ByteSpan{ kNewNoc }, ByteSpan{ kNewIcac }); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); NL_TEST_ASSERT(inSuite, !opCertStore.HasPendingRootCert()); NL_TEST_ASSERT(inSuite, opCertStore.HasPendingNocChain()); @@ -711,20 +718,20 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) // Should see committed root, pending NOC, pending ICAC { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewIcac})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewIcac })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewNoc})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewNoc })); } // Commit, should see the new ICAC appear. @@ -736,20 +743,20 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) // Should see committed root, new NOC, new ICAC { - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kRcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kTestRcacSpan})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kTestRcacSpan })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kIcac, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewIcac})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewIcac })); - largeSpan = MutableByteSpan{largeBuf}; - err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); + largeSpan = MutableByteSpan{ largeBuf }; + err = opCertStore.GetCertificate(kFabricIndex1, CertChainElement::kNoc, largeSpan); NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR); - NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{kNewNoc})); + NL_TEST_ASSERT(inSuite, largeSpan.data_equal(ByteSpan{ kNewNoc })); } opCertStore.Finish(); @@ -758,11 +765,12 @@ void TestRevertAddNoc(nlTestSuite * inSuite, void * inContext) /** * Test Suite. It lists all the test functions. */ -static const nlTest sTests[] = { NL_TEST_DEF("Test AddNOC-like flows PersistentStorageOpCertStore", TestAddNocFlow), - NL_TEST_DEF("Test UpdateNOC-like flows PersistentStorageOpCertStore", TestUpdateNocFlow), - NL_TEST_DEF("Test revert operations of PersistentStorageOpCertStore", TestReverts), - NL_TEST_DEF("Test revert operations with AddNOC of PersistentStorageOpCertStore", TestRevertAddNoc), - NL_TEST_SENTINEL() }; +static const nlTest sTests[] = { + NL_TEST_DEF("Test AddNOC-like flows PersistentStorageOpCertStore", TestAddNocFlow), + NL_TEST_DEF("Test UpdateNOC-like flows PersistentStorageOpCertStore", TestUpdateNocFlow), + NL_TEST_DEF("Test revert operations of PersistentStorageOpCertStore", TestReverts), + NL_TEST_DEF("Test revert operations with AddNOC of PersistentStorageOpCertStore", TestRevertAddNoc), NL_TEST_SENTINEL() +}; /** * Set up the test suite.