blob: 79751cc95362e829fa3b6fd3de3c9288bb5995d1 [file] [log] [blame]
/**
* Copyright (c) 2022 Project CHIP Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#import "MTRDeviceControllerStartupParams.h"
#import <Foundation/Foundation.h>
#include <crypto/CHIPCryptoPAL.h>
#include <lib/core/DataModelTypes.h>
#include <lib/core/Optional.h>
namespace chip {
class FabricTable;
namespace Crypto {
class OperationalKeystore;
} // namespace Crypto
} // namespace chip
NS_ASSUME_NONNULL_BEGIN
@interface MTRDeviceControllerStartupParams ()
// We want to be able to write to operationalCertificate in
// MTRDeviceControllerStartupParamsInternal.
@property (nonatomic, copy, nullable) MTRCertificateDERBytes operationalCertificate;
// Init method that just copies the values of all our ivars.
- (instancetype)initWithParams:(MTRDeviceControllerStartupParams *)params;
@end
@interface MTRDeviceControllerStartupParamsInternal : MTRDeviceControllerStartupParams
// Fabric table we can use to do things like allocate operational keys.
@property (nonatomic, assign, readonly) chip::FabricTable * fabricTable;
// Fabric index we're starting on. Only has a value when starting on an
// existing fabric.
@property (nonatomic, assign, readonly) chip::Optional<chip::FabricIndex> fabricIndex;
// Key store we're using with our fabric table, for sanity checks.
@property (nonatomic, assign, readonly) chip::Crypto::OperationalKeystore * keystore;
/**
* Helper method that checks that our keypairs match our certificates.
* Specifically:
*
* 1) If we have a nocSigner keypair, its public key matches the intermediate
* cert (if there is one) or the root cert (if there is no intermediate
* cert). Returns YES if we have no nocSigner or if the keys match, NO if
* the keys do not match or if we can't even extract public keys from the
* certs and nocSigner.
* 2) If we have both an operationalKeypair and an operationalCertificate,
* their public keys match.
*/
- (BOOL)keypairsMatchCertificates;
/**
* Initialize for controller bringup on a new fabric.
*/
- (instancetype)initForNewFabric:(chip::FabricTable *)fabricTable
keystore:(chip::Crypto::OperationalKeystore *)keystore
params:(MTRDeviceControllerStartupParams *)params;
/**
* Initialize for controller bringup on an existing fabric.
*/
- (instancetype)initForExistingFabric:(chip::FabricTable *)fabricTable
fabricIndex:(chip::FabricIndex)fabricIndex
keystore:(chip::Crypto::OperationalKeystore *)keystore
params:(MTRDeviceControllerStartupParams *)params;
/**
* Should use initForExistingFabric or initForNewFabric to initialize
* internally.
*/
- (instancetype)initWithIPK:(NSData *)ipk fabricID:(NSNumber *)fabricID nocSigner:(id<MTRKeypair>)nocSigner NS_UNAVAILABLE;
- (instancetype)initWithIPK:(NSData *)ipk
operationalKeypair:(id<MTRKeypair>)operationalKeypair
operationalCertificate:(MTRCertificateDERBytes)operationalCertificate
intermediateCertificate:(MTRCertificateDERBytes _Nullable)intermediateCertificate
rootCertificate:(MTRCertificateDERBytes)rootCertificate NS_UNAVAILABLE;
@end
NS_ASSUME_NONNULL_END