Line data Source code
1 : /*
2 : * Copyright (c) 2025 Project CHIP Authors
3 : * All rights reserved.
4 : *
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 :
18 : #pragma once
19 :
20 : #include <cstdint>
21 : #include <string>
22 :
23 : #include <app-common/zap-generated/cluster-objects.h>
24 : #include <credentials/CHIPCert.h>
25 : #include <credentials/FabricTable.h>
26 : #include <credentials/jcm/TrustVerification.h>
27 : #include <crypto/CHIPCryptoPAL.h>
28 : #include <lib/core/CHIPCore.h>
29 : #include <lib/core/CHIPError.h>
30 : #include <lib/core/CHIPVendorIdentifiers.hpp>
31 : #include <lib/support/DLLUtil.h>
32 : #include <messaging/ExchangeMgr.h>
33 :
34 : #include <functional>
35 :
36 : namespace chip {
37 : namespace Credentials {
38 : namespace JCM {
39 :
40 : /**
41 : * A client that handles Vendor ID verification
42 : */
43 : class DLL_EXPORT VendorIdVerificationClient
44 : {
45 : public:
46 24 : virtual ~VendorIdVerificationClient() = default;
47 :
48 : // Used to obtain SessionHandles from VerifyVendorId callers. SessionHandles cannot be stored, so we must retrieve them
49 : // dynamically with a callback.
50 : using SessionGetterFunc = std::function<Optional<SessionHandle>()>;
51 :
52 : CHIP_ERROR VerifyVendorId(Messaging::ExchangeManager * exchangeMgr, const SessionGetterFunc getSession,
53 : TrustVerificationInfo * info);
54 :
55 : protected:
56 : virtual CHIP_ERROR OnLookupOperationalTrustAnchor(VendorId vendorID, CertificateKeyId & subjectKeyId,
57 : ByteSpan & globallyTrustedRootSpan) = 0;
58 : virtual void OnVendorIdVerificationComplete(const CHIP_ERROR & err) = 0;
59 :
60 : private:
61 : CHIP_ERROR VerifyNOCCertificateChain(const ByteSpan & nocSpan, const ByteSpan & icacSpan, const ByteSpan & rcacSpan);
62 :
63 : CHIP_ERROR
64 : Verify(TrustVerificationInfo * info, const ByteSpan clientChallengeSpan, ByteSpan attestationChallengeSpan,
65 : const app::Clusters::OperationalCredentials::Commands::SignVIDVerificationResponse::DecodableType responseData);
66 : };
67 :
68 : } // namespace JCM
69 : } // namespace Credentials
70 : } // namespace chip
|
