@matter/protocol 0.13.1-alpha.0-20250504-87f265a2e → 0.13.1-alpha.0-20250508-047aa0277
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificate/AttestationCertificateManager.d.ts +7 -13
- package/dist/cjs/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/cjs/certificate/AttestationCertificateManager.js +37 -29
- package/dist/cjs/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.d.ts +1 -6
- package/dist/cjs/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.js +56 -38
- package/dist/cjs/certificate/CertificateAuthority.js.map +1 -1
- package/dist/cjs/certificate/CertificateManager.d.ts +8 -8
- package/dist/cjs/certificate/CertificateManager.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateManager.js +20 -16
- package/dist/cjs/certificate/CertificateManager.js.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.d.ts +1 -1
- package/dist/cjs/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.js +24 -26
- package/dist/cjs/certificate/DeviceCertification.js.map +2 -2
- package/dist/cjs/common/FailsafeContext.d.ts +2 -2
- package/dist/cjs/common/FailsafeContext.d.ts.map +1 -1
- package/dist/cjs/common/FailsafeContext.js +20 -13
- package/dist/cjs/common/FailsafeContext.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +8 -6
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +15 -9
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/fabric/FabricAuthority.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricAuthority.js +5 -3
- package/dist/cjs/fabric/FabricAuthority.js.map +1 -1
- package/dist/cjs/fabric/FabricManager.d.ts +1 -1
- package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricManager.js +2 -2
- package/dist/cjs/fabric/FabricManager.js.map +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.js +2 -2
- package/dist/cjs/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.js +7 -2
- package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
- package/dist/cjs/session/SessionManager.d.ts +4 -0
- package/dist/cjs/session/SessionManager.d.ts.map +1 -1
- package/dist/cjs/session/SessionManager.js +11 -2
- package/dist/cjs/session/SessionManager.js.map +1 -1
- package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseClient.js +13 -10
- package/dist/cjs/session/case/CaseClient.js.map +1 -1
- package/dist/cjs/session/case/CaseServer.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseServer.js +11 -8
- package/dist/cjs/session/case/CaseServer.js.map +1 -1
- package/dist/cjs/session/pase/PaseClient.js +1 -1
- package/dist/cjs/session/pase/PaseClient.js.map +1 -1
- package/dist/cjs/session/pase/PaseServer.js +1 -1
- package/dist/cjs/session/pase/PaseServer.js.map +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.d.ts +7 -13
- package/dist/esm/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.js +37 -29
- package/dist/esm/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.d.ts +1 -6
- package/dist/esm/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.js +57 -38
- package/dist/esm/certificate/CertificateAuthority.js.map +1 -1
- package/dist/esm/certificate/CertificateManager.d.ts +8 -8
- package/dist/esm/certificate/CertificateManager.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateManager.js +20 -16
- package/dist/esm/certificate/CertificateManager.js.map +1 -1
- package/dist/esm/certificate/DeviceCertification.d.ts +1 -1
- package/dist/esm/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/esm/certificate/DeviceCertification.js +24 -26
- package/dist/esm/certificate/DeviceCertification.js.map +2 -2
- package/dist/esm/common/FailsafeContext.d.ts +2 -2
- package/dist/esm/common/FailsafeContext.d.ts.map +1 -1
- package/dist/esm/common/FailsafeContext.js +28 -14
- package/dist/esm/common/FailsafeContext.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +8 -6
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +15 -9
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/fabric/FabricAuthority.d.ts.map +1 -1
- package/dist/esm/fabric/FabricAuthority.js +5 -3
- package/dist/esm/fabric/FabricAuthority.js.map +1 -1
- package/dist/esm/fabric/FabricManager.d.ts +1 -1
- package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
- package/dist/esm/fabric/FabricManager.js +2 -2
- package/dist/esm/fabric/FabricManager.js.map +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.js +2 -2
- package/dist/esm/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/esm/protocol/ExchangeManager.js +7 -2
- package/dist/esm/protocol/ExchangeManager.js.map +1 -1
- package/dist/esm/session/SessionManager.d.ts +4 -0
- package/dist/esm/session/SessionManager.d.ts.map +1 -1
- package/dist/esm/session/SessionManager.js +11 -2
- package/dist/esm/session/SessionManager.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
- package/dist/esm/session/case/CaseClient.js +13 -10
- package/dist/esm/session/case/CaseClient.js.map +1 -1
- package/dist/esm/session/case/CaseServer.d.ts.map +1 -1
- package/dist/esm/session/case/CaseServer.js +11 -8
- package/dist/esm/session/case/CaseServer.js.map +1 -1
- package/dist/esm/session/pase/PaseClient.js +1 -1
- package/dist/esm/session/pase/PaseClient.js.map +1 -1
- package/dist/esm/session/pase/PaseServer.js +1 -1
- package/dist/esm/session/pase/PaseServer.js.map +1 -1
- package/package.json +6 -6
- package/src/certificate/AttestationCertificateManager.ts +37 -27
- package/src/certificate/CertificateAuthority.ts +60 -38
- package/src/certificate/CertificateManager.ts +20 -16
- package/src/certificate/DeviceCertification.ts +28 -32
- package/src/common/FailsafeContext.ts +29 -14
- package/src/fabric/Fabric.ts +17 -9
- package/src/fabric/FabricAuthority.ts +5 -4
- package/src/fabric/FabricManager.ts +2 -2
- package/src/peer/ControllerCommissioningFlow.ts +2 -2
- package/src/protocol/ExchangeManager.ts +7 -5
- package/src/session/SessionManager.ts +13 -2
- package/src/session/case/CaseClient.ts +13 -10
- package/src/session/case/CaseServer.ts +11 -8
- package/src/session/pase/PaseClient.ts +1 -1
- package/src/session/pase/PaseServer.ts +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/session/pase/PaseServer.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAWO;AAEP,mBAAuE;AAGvE,oCAA2C;AAC3C,2BAAwE;AAvBxE;AAAA;AAAA;AAAA;AAAA;AAyBA,MAAM,EAAE,gBAAgB,IAAI;AAE5B,MAAM,SAAS,sBAAO,IAAI,YAAY;AAEtC,MAAM,0BAA0B;AAChC,MAAM,gCAAgC;AAE/B,MAAM,6CAA6C,+BAAgB;AAAC;AAEpE,MAAM,WAAsC;AAAA,EAsB/C,YACY,UACS,IACA,GACA,iBACnB;AAJU;AACS;AACA;AACA;AAAA,EAClB;AAAA,EA1BM,KAAK;AAAA,EACL,wBAAwB;AAAA,EAEjC;AAAA,EACA,iBAAiB;AAAA,EAEjB,aAAa,QAAQ,UAA0B,cAAsB,iBAAkC;AACnG,UAAM,EAAE,IAAI,EAAE,IAAI,MAAM,uBAAQ,WAAW,iBAAiB,YAAY;AACxE,WAAO,IAAI,WAAW,UAAU,IAAI,GAAG,eAAe;AAAA,EAC1D;AAAA,EAEA,OAAO,sBACH,UACA,mBACA,iBACF;AACE,UAAM,KAAK,gBAAgB,kBAAkB,MAAM,GAAG,EAAE,CAAC;AACzD,UAAM,IAAI,kBAAkB,MAAM,IAAI,KAAK,EAAE;AAC7C,WAAO,IAAI,WAAW,UAAU,IAAI,GAAG,eAAe;AAAA,EAC1D;AAAA,EASA,MAAM,cAAc,UAA2B;AAC3C,UAAM,YAAY,IAAI,yCAAoB,QAAQ;AAClD,QAAI;AAKA,UAAI,KAAK,SAAS,eAAe,GAAG;AAChC,eAAO,KAAK,wFAAwF;AAAA,MACxG,WAAW,KAAK,eAAe,WAAW;AACtC,eAAO;AAAA,UACH;AAAA,QACJ;AAAA,MACJ,OAAO;AAEH,cAAM,KAAK,qBAAqB,SAAS;AAAA,MAC7C;AAAA,IACJ,SAAS,OAAO;AACZ,WAAK;AACL,aAAO;AAAA,QACH,oDAAoD,KAAK,cAAc,IAAI,6BAA6B;AAAA,QACxG;AAAA,MACJ;AAGA,YAAM,YAAY,EAAE,iBAAiB;AACrC,YAAM,KAAK,cAAc,WAAW,SAAS;AAE7C,UAAI,KAAK,kBAAkB,+BAA+B;AACtD,cAAM,IAAI;AAAA,UACN;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ,UAAE;AAEE,YAAM,SAAS,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,MAAc,qBAAqB,WAAgC;AAC/D,WAAO,KAAK,iCAAiC,UAAU,eAAe,CAAC,GAAG;AAE1E,SAAK,gBAAgB,oBAAK;AAAA,MAAS;AAAA,MAAwB;AAAA,MAAyB,MAChF,KAAK,cAAc,SAAS;AAAA,IAChC,EAAE,MAAM;AAGR,UAAM;AAAA,MACF;AAAA,MACA,SAAS;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,oBAAoB;AAAA,MACxB;AAAA,IACJ,IAAI,MAAM,UAAU,sBAAsB;AAC1C,QAAI,eAAe,0CAAqB;AACpC,YAAM,IAAI,mCAAoB,2BAA2B,UAAU,GAAG;AAAA,IAC1E;AAEA,UAAM,qBAAqB,MAAM,KAAK,SAAS,0BAA0B;AACzE,UAAM,kBAAkB,sBAAO,UAAU;AAEzC,UAAM,yBAAyB,KAAK,SAAS;AAC7C,UAAM,eACF,uBAAuB,qBAAqB,aAC5C,uBAAuB,qBAAqB,aAC5C;AACJ,UAAM,kBAAkB,MAAM,UAAU,uBAAuB;AAAA,MAC3D;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,qBAAqB,SAAY,KAAK;AAAA,MACvD,wBAAwB;AAAA,QACpB,GAAG;AAAA;AAAA;AAAA,QAGH,mBAAmB,eAAe,uBAAuB,oBAAoB;AAAA,MACjF;AAAA,IACJ,CAAC;AAGD,UAAM,UAAU,uBAAQ,OAAO,sBAAO,KAAK,CAAC,oCAAe,gBAAgB,eAAe,CAAC,GAAG,KAAK,EAAE;
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAWO;AAEP,mBAAuE;AAGvE,oCAA2C;AAC3C,2BAAwE;AAvBxE;AAAA;AAAA;AAAA;AAAA;AAyBA,MAAM,EAAE,gBAAgB,IAAI;AAE5B,MAAM,SAAS,sBAAO,IAAI,YAAY;AAEtC,MAAM,0BAA0B;AAChC,MAAM,gCAAgC;AAE/B,MAAM,6CAA6C,+BAAgB;AAAC;AAEpE,MAAM,WAAsC;AAAA,EAsB/C,YACY,UACS,IACA,GACA,iBACnB;AAJU;AACS;AACA;AACA;AAAA,EAClB;AAAA,EA1BM,KAAK;AAAA,EACL,wBAAwB;AAAA,EAEjC;AAAA,EACA,iBAAiB;AAAA,EAEjB,aAAa,QAAQ,UAA0B,cAAsB,iBAAkC;AACnG,UAAM,EAAE,IAAI,EAAE,IAAI,MAAM,uBAAQ,WAAW,iBAAiB,YAAY;AACxE,WAAO,IAAI,WAAW,UAAU,IAAI,GAAG,eAAe;AAAA,EAC1D;AAAA,EAEA,OAAO,sBACH,UACA,mBACA,iBACF;AACE,UAAM,KAAK,gBAAgB,kBAAkB,MAAM,GAAG,EAAE,CAAC;AACzD,UAAM,IAAI,kBAAkB,MAAM,IAAI,KAAK,EAAE;AAC7C,WAAO,IAAI,WAAW,UAAU,IAAI,GAAG,eAAe;AAAA,EAC1D;AAAA,EASA,MAAM,cAAc,UAA2B;AAC3C,UAAM,YAAY,IAAI,yCAAoB,QAAQ;AAClD,QAAI;AAKA,UAAI,KAAK,SAAS,eAAe,GAAG;AAChC,eAAO,KAAK,wFAAwF;AAAA,MACxG,WAAW,KAAK,eAAe,WAAW;AACtC,eAAO;AAAA,UACH;AAAA,QACJ;AAAA,MACJ,OAAO;AAEH,cAAM,KAAK,qBAAqB,SAAS;AAAA,MAC7C;AAAA,IACJ,SAAS,OAAO;AACZ,WAAK;AACL,aAAO;AAAA,QACH,oDAAoD,KAAK,cAAc,IAAI,6BAA6B;AAAA,QACxG;AAAA,MACJ;AAGA,YAAM,YAAY,EAAE,iBAAiB;AACrC,YAAM,KAAK,cAAc,WAAW,SAAS;AAE7C,UAAI,KAAK,kBAAkB,+BAA+B;AACtD,cAAM,IAAI;AAAA,UACN;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ,UAAE;AAEE,YAAM,SAAS,QAAQ,QAAQ;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,MAAc,qBAAqB,WAAgC;AAC/D,WAAO,KAAK,iCAAiC,UAAU,eAAe,CAAC,GAAG;AAE1E,SAAK,gBAAgB,oBAAK;AAAA,MAAS;AAAA,MAAwB;AAAA,MAAyB,MAChF,KAAK,cAAc,SAAS;AAAA,IAChC,EAAE,MAAM;AAGR,UAAM;AAAA,MACF;AAAA,MACA,SAAS;AAAA,QACL;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,oBAAoB;AAAA,MACxB;AAAA,IACJ,IAAI,MAAM,UAAU,sBAAsB;AAC1C,QAAI,eAAe,0CAAqB;AACpC,YAAM,IAAI,mCAAoB,2BAA2B,UAAU,GAAG;AAAA,IAC1E;AAEA,UAAM,qBAAqB,MAAM,KAAK,SAAS,0BAA0B;AACzE,UAAM,kBAAkB,sBAAO,UAAU;AAEzC,UAAM,yBAAyB,KAAK,SAAS;AAC7C,UAAM,eACF,uBAAuB,qBAAqB,aAC5C,uBAAuB,qBAAqB,aAC5C;AACJ,UAAM,kBAAkB,MAAM,UAAU,uBAAuB;AAAA,MAC3D;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,qBAAqB,SAAY,KAAK;AAAA,MACvD,wBAAwB;AAAA,QACpB,GAAG;AAAA;AAAA;AAAA,QAGH,mBAAmB,eAAe,uBAAuB,oBAAoB;AAAA,MACjF;AAAA,IACJ,CAAC;AAGD,UAAM,UAAU,uBAAQ,OAAO,MAAM,sBAAO,KAAK,CAAC,oCAAe,gBAAgB,eAAe,CAAC,GAAG,KAAK,EAAE;AAC3G,UAAM,EAAE,GAAG,EAAE,IAAI,MAAM,UAAU,cAAc;AAC/C,UAAM,IAAI,QAAQ,SAAS;AAC3B,UAAM,EAAE,IAAI,KAAK,IAAI,IAAI,MAAM,QAAQ,+BAA+B,KAAK,GAAG,GAAG,CAAC;AAClF,UAAM,UAAU,cAAc,EAAE,GAAG,GAAG,UAAU,IAAI,CAAC;AAGrD,UAAM,EAAE,SAAS,IAAI,MAAM,UAAU,cAAc;AACnD,QAAI,CAAC,qBAAM,SAAS,UAAU,GAAG,GAAG;AAChC,YAAM,IAAI,mCAAoB,yDAAyD;AAAA,IAC3F;AAGA,UAAM,KAAK,SAAS,oBAAoB;AAAA,MACpC,WAAW;AAAA,MACX,QAAQ;AAAA,MACR,YAAY,oBAAO;AAAA,MACnB;AAAA,MACA,cAAc;AAAA,MACd,MAAM,IAAI,WAAW,CAAC;AAAA,MACtB,aAAa;AAAA,MACb,cAAc;AAAA,MACd,uBAAuB;AAAA,IAC3B,CAAC;AACD,WAAO,KAAK,WAAW,kBAAkB,iBAAiB,UAAU,eAAe,CAAC,GAAG;AAEvF,UAAM,UAAU,YAAY;AAC5B,UAAM,UAAU,MAAM;AAEtB,SAAK,eAAe,KAAK;AACzB,SAAK,gBAAgB;AAAA,EACzB;AAAA,EAEA,MAAM,cAAc,WAAgC,YAAY,MAAM;AAClE,SAAK,eAAe,KAAK;AACzB,SAAK,gBAAgB;AAErB,QAAI,WAAW;AACX,YAAM,UAAU,UAAU,gCAAmB,YAAY;AAAA,IAC7D;AACA,UAAM,UAAU,MAAM;AAAA,EAC1B;AAAA,EAEA,MAAM,QAAQ;AAAA,EAEd;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -6,23 +6,17 @@
|
|
|
6
6
|
import { PrivateKey } from "#general";
|
|
7
7
|
import { VendorId } from "#types";
|
|
8
8
|
export declare class AttestationCertificateManager {
|
|
9
|
-
private
|
|
9
|
+
#private;
|
|
10
10
|
private paaCertId;
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
private readonly paiKeyIdentifier;
|
|
16
|
-
private readonly paiCertBytes;
|
|
17
|
-
private nextCertificateId;
|
|
18
|
-
constructor(vendorId: VendorId);
|
|
19
|
-
getPAICert(): Uint8Array<ArrayBufferLike>;
|
|
20
|
-
getDACert(productId: number): {
|
|
11
|
+
constructor(vendorId: VendorId, paiKeyPair: PrivateKey, paiKeyIdentifier: Uint8Array);
|
|
12
|
+
static create(vendorId: VendorId): Promise<AttestationCertificateManager>;
|
|
13
|
+
getPAICert(): Promise<Uint8Array<ArrayBufferLike>>;
|
|
14
|
+
getDACert(productId: number): Promise<{
|
|
21
15
|
keyPair: PrivateKey;
|
|
22
16
|
dac: Uint8Array<ArrayBufferLike>;
|
|
23
|
-
}
|
|
17
|
+
}>;
|
|
24
18
|
private generatePAACert;
|
|
25
19
|
private generatePAICert;
|
|
26
|
-
generateDaCert(publicKey: Uint8Array, vendorId: VendorId, productId: number): Uint8Array<ArrayBufferLike
|
|
20
|
+
generateDaCert(publicKey: Uint8Array, vendorId: VendorId, productId: number): Promise<Uint8Array<ArrayBufferLike>>;
|
|
27
21
|
}
|
|
28
22
|
//# sourceMappingURL=AttestationCertificateManager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttestationCertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/AttestationCertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAiB,UAAU,EAAe,MAAM,UAAU,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAuBlC,qBAAa,6BAA6B
|
|
1
|
+
{"version":3,"file":"AttestationCertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/AttestationCertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAiB,UAAU,EAAe,MAAM,UAAU,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAuBlC,qBAAa,6BAA6B;;IACtC,OAAO,CAAC,SAAS,CAAa;gBAelB,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,UAAU;WAOvE,MAAM,CAAC,QAAQ,EAAE,QAAQ;IAMtC,UAAU;IAIJ,SAAS,CAAC,SAAS,EAAE,MAAM;;;;IAWjC,OAAO,CAAC,eAAe;IAkCvB,OAAO,CAAC,eAAe;IAkCjB,cAAc,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;CAiCpF"}
|
|
@@ -20,30 +20,38 @@ function getPaaCommonName() {
|
|
|
20
20
|
return "Matter Test PAA";
|
|
21
21
|
}
|
|
22
22
|
class AttestationCertificateManager {
|
|
23
|
-
constructor(vendorId) {
|
|
24
|
-
this.vendorId = vendorId;
|
|
25
|
-
this.paiCertBytes = this.generatePAICert(vendorId);
|
|
26
|
-
}
|
|
27
23
|
paaCertId = BigInt(0);
|
|
28
24
|
// We use the official PAA cert for now because else pairing with Chip tool do not work because
|
|
29
25
|
// only this one is the Certificate store
|
|
30
|
-
paaKeyPair = PrivateKey(TestCert_PAA_NoVID_PrivateKey, {
|
|
26
|
+
#paaKeyPair = PrivateKey(TestCert_PAA_NoVID_PrivateKey, {
|
|
31
27
|
publicKey: TestCert_PAA_NoVID_PublicKey
|
|
32
28
|
});
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
29
|
+
#vendorId;
|
|
30
|
+
#paiKeyPair;
|
|
31
|
+
#paiKeyIdentifier;
|
|
32
|
+
#paaKeyIdentifier = TestCert_PAA_NoVID_SKID;
|
|
33
|
+
#paiCertId = BigInt(1);
|
|
34
|
+
#paiCertBytes;
|
|
35
|
+
#nextCertificateId = 2;
|
|
36
|
+
constructor(vendorId, paiKeyPair, paiKeyIdentifier) {
|
|
37
|
+
this.#vendorId = vendorId;
|
|
38
|
+
this.#paiKeyPair = paiKeyPair;
|
|
39
|
+
this.#paiKeyIdentifier = paiKeyIdentifier;
|
|
40
|
+
this.#paiCertBytes = this.generatePAICert(vendorId);
|
|
41
|
+
}
|
|
42
|
+
static async create(vendorId) {
|
|
43
|
+
const key = await Crypto.createKeyPair();
|
|
44
|
+
const identifier = await Crypto.hash(key.publicKey);
|
|
45
|
+
return new AttestationCertificateManager(vendorId, key, identifier.slice(0, 20));
|
|
46
|
+
}
|
|
39
47
|
getPAICert() {
|
|
40
|
-
return this
|
|
48
|
+
return this.#paiCertBytes;
|
|
41
49
|
}
|
|
42
|
-
getDACert(productId) {
|
|
43
|
-
const dacKeyPair = Crypto.createKeyPair();
|
|
50
|
+
async getDACert(productId) {
|
|
51
|
+
const dacKeyPair = await Crypto.createKeyPair();
|
|
44
52
|
return {
|
|
45
53
|
keyPair: dacKeyPair,
|
|
46
|
-
dac: this.generateDaCert(dacKeyPair.publicKey, this
|
|
54
|
+
dac: await this.generateDaCert(dacKeyPair.publicKey, this.#vendorId, productId)
|
|
47
55
|
};
|
|
48
56
|
}
|
|
49
57
|
// Method unused for now because we use the official Matter Test PAA, but is functional
|
|
@@ -66,7 +74,7 @@ class AttestationCertificateManager {
|
|
|
66
74
|
commonName: getPaaCommonName(),
|
|
67
75
|
vendorId
|
|
68
76
|
},
|
|
69
|
-
ellipticCurvePublicKey: this
|
|
77
|
+
ellipticCurvePublicKey: this.#paaKeyPair.publicKey,
|
|
70
78
|
extensions: {
|
|
71
79
|
basicConstraints: {
|
|
72
80
|
isCa: true,
|
|
@@ -76,16 +84,16 @@ class AttestationCertificateManager {
|
|
|
76
84
|
keyCertSign: true,
|
|
77
85
|
cRLSign: true
|
|
78
86
|
},
|
|
79
|
-
subjectKeyIdentifier: this
|
|
80
|
-
authorityKeyIdentifier: this
|
|
87
|
+
subjectKeyIdentifier: this.#paaKeyIdentifier,
|
|
88
|
+
authorityKeyIdentifier: this.#paaKeyIdentifier
|
|
81
89
|
}
|
|
82
90
|
};
|
|
83
|
-
return CertificateManager.productAttestationAuthorityCertToAsn1(unsignedCertificate, this
|
|
91
|
+
return CertificateManager.productAttestationAuthorityCertToAsn1(unsignedCertificate, this.#paaKeyPair);
|
|
84
92
|
}
|
|
85
93
|
generatePAICert(vendorId, productId) {
|
|
86
94
|
const now = Time.get().now();
|
|
87
95
|
const unsignedCertificate = {
|
|
88
|
-
serialNumber: Bytes.fromHex(toHex(this
|
|
96
|
+
serialNumber: Bytes.fromHex(toHex(this.#paiCertId)),
|
|
89
97
|
signatureAlgorithm: 1,
|
|
90
98
|
publicKeyAlgorithm: 1,
|
|
91
99
|
ellipticCurveIdentifier: 1,
|
|
@@ -99,7 +107,7 @@ class AttestationCertificateManager {
|
|
|
99
107
|
vendorId,
|
|
100
108
|
productId
|
|
101
109
|
},
|
|
102
|
-
ellipticCurvePublicKey: this
|
|
110
|
+
ellipticCurvePublicKey: this.#paiKeyPair.publicKey,
|
|
103
111
|
extensions: {
|
|
104
112
|
basicConstraints: {
|
|
105
113
|
isCa: true,
|
|
@@ -109,15 +117,15 @@ class AttestationCertificateManager {
|
|
|
109
117
|
keyCertSign: true,
|
|
110
118
|
cRLSign: true
|
|
111
119
|
},
|
|
112
|
-
subjectKeyIdentifier: this
|
|
113
|
-
authorityKeyIdentifier: this
|
|
120
|
+
subjectKeyIdentifier: this.#paiKeyIdentifier,
|
|
121
|
+
authorityKeyIdentifier: this.#paaKeyIdentifier
|
|
114
122
|
}
|
|
115
123
|
};
|
|
116
|
-
return CertificateManager.productAttestationIntermediateCertToAsn1(unsignedCertificate, this
|
|
124
|
+
return CertificateManager.productAttestationIntermediateCertToAsn1(unsignedCertificate, this.#paaKeyPair);
|
|
117
125
|
}
|
|
118
|
-
generateDaCert(publicKey, vendorId, productId) {
|
|
126
|
+
async generateDaCert(publicKey, vendorId, productId) {
|
|
119
127
|
const now = Time.get().now();
|
|
120
|
-
const certId = this
|
|
128
|
+
const certId = this.#nextCertificateId++;
|
|
121
129
|
const unsignedCertificate = {
|
|
122
130
|
serialNumber: Bytes.fromHex(toHex(certId)),
|
|
123
131
|
signatureAlgorithm: 1,
|
|
@@ -142,11 +150,11 @@ class AttestationCertificateManager {
|
|
|
142
150
|
keyUsage: {
|
|
143
151
|
digitalSignature: true
|
|
144
152
|
},
|
|
145
|
-
subjectKeyIdentifier: Crypto.hash(publicKey).slice(0, 20),
|
|
146
|
-
authorityKeyIdentifier: this
|
|
153
|
+
subjectKeyIdentifier: (await Crypto.hash(publicKey)).slice(0, 20),
|
|
154
|
+
authorityKeyIdentifier: this.#paiKeyIdentifier
|
|
147
155
|
}
|
|
148
156
|
};
|
|
149
|
-
return CertificateManager.deviceAttestationCertToAsn1(unsignedCertificate, this
|
|
157
|
+
return CertificateManager.deviceAttestationCertToAsn1(unsignedCertificate, this.#paiKeyPair);
|
|
150
158
|
}
|
|
151
159
|
}
|
|
152
160
|
export {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/AttestationCertificateManager.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,YAAY,MAAM,aAAa;AAEvD,SAAS,oBAAoB,sBAAsB;AACnD;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP,SAAS,iBAAiB,UAAoB,WAAoB;AAC9D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,IAC/D,cAAc,SAAY,WAAW,KAAK,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC,EAClF;AACJ;AAEA,SAAS,iBAAiB,UAAoB,WAAmB;AAC7D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,MAAM,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC;AACjH;AAEA,SAAS,mBAAmB;AAExB,SAAO;AACX;AAEO,MAAM,8BAA8B;AAAA,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,OAAO,QAAQ,YAAY,MAAM,aAAa;AAEvD,SAAS,oBAAoB,sBAAsB;AACnD;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP,SAAS,iBAAiB,UAAoB,WAAoB;AAC9D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,IAC/D,cAAc,SAAY,WAAW,KAAK,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC,EAClF;AACJ;AAEA,SAAS,iBAAiB,UAAoB,WAAmB;AAC7D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,MAAM,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC;AACjH;AAEA,SAAS,mBAAmB;AAExB,SAAO;AACX;AAEO,MAAM,8BAA8B;AAAA,EAC/B,YAAY,OAAO,CAAC;AAAA;AAAA;AAAA,EAInB,cAAc,WAAW,+BAA+B;AAAA,IAC7D,WAAW;AAAA,EACf,CAAC;AAAA,EACQ;AAAA,EACA;AAAA,EACA;AAAA,EACA,oBAAoB;AAAA,EACpB,aAAa,OAAO,CAAC;AAAA,EACrB;AAAA,EACT,qBAAqB;AAAA,EAErB,YAAY,UAAoB,YAAwB,kBAA8B;AAClF,SAAK,YAAY;AACjB,SAAK,cAAc;AACnB,SAAK,oBAAoB;AACzB,SAAK,gBAAgB,KAAK,gBAAgB,QAAQ;AAAA,EACtD;AAAA,EAEA,aAAa,OAAO,UAAoB;AACpC,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,aAAa,MAAM,OAAO,KAAK,IAAI,SAAS;AAClD,WAAO,IAAI,8BAA8B,UAAU,KAAK,WAAW,MAAM,GAAG,EAAE,CAAC;AAAA,EACnF;AAAA,EAEA,aAAa;AACT,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,MAAM,UAAU,WAAmB;AAC/B,UAAM,aAAa,MAAM,OAAO,cAAc;AAC9C,WAAO;AAAA,MACH,SAAS;AAAA,MACT,KAAK,MAAM,KAAK,eAAe,WAAW,WAAW,KAAK,WAAW,SAAS;AAAA,IAClF;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAgB,UAAqB;AACzC,UAAM,MAAM,KAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAsB;AAAA,MACxB,cAAc,MAAM,QAAQ,MAAM,KAAK,SAAS,CAAC;AAAA,MACjD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ;AAAA,QACJ,YAAY,iBAAiB;AAAA,QAC7B;AAAA,MACJ;AAAA,MACA,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS;AAAA,QACL,YAAY,iBAAiB;AAAA,QAC7B;AAAA,MACJ;AAAA,MACA,wBAAwB,KAAK,YAAY;AAAA,MACzC,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,UACN,SAAS;AAAA,QACb;AAAA,QACA,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,mBAAmB,sCAAsC,qBAAqB,KAAK,WAAW;AAAA,EACzG;AAAA,EAEQ,gBAAgB,UAAoB,WAAoB;AAC5D,UAAM,MAAM,KAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAsB;AAAA,MACxB,cAAc,MAAM,QAAQ,MAAM,KAAK,UAAU,CAAC;AAAA,MAClD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ;AAAA,QACJ,YAAY,iBAAiB;AAAA,MACjC;AAAA,MACA,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS;AAAA,QACL,YAAY,iBAAiB,UAAU,SAAS;AAAA,QAChD;AAAA,QACA;AAAA,MACJ;AAAA,MACA,wBAAwB,KAAK,YAAY;AAAA,MACzC,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,UACN,SAAS;AAAA,QACb;AAAA,QACA,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,mBAAmB,yCAAyC,qBAAqB,KAAK,WAAW;AAAA,EAC5G;AAAA,EAEA,MAAM,eAAe,WAAuB,UAAoB,WAAmB;AAC/E,UAAM,MAAM,KAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,SAAS,KAAK;AACpB,UAAM,sBAAsB;AAAA,MACxB,cAAc,MAAM,QAAQ,MAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,QAAQ;AAAA,QACJ,YAAY,iBAAiB,QAAQ;AAAA,QACrC;AAAA,MACJ;AAAA,MACA,SAAS;AAAA,QACL,YAAY,iBAAiB,UAAU,SAAS;AAAA,QAChD;AAAA,QACA;AAAA,MACJ;AAAA,MACA,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,QACV;AAAA,QACA,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,uBAAuB,MAAM,OAAO,KAAK,SAAS,GAAG,MAAM,GAAG,EAAE;AAAA,QAChE,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,mBAAmB,4BAA4B,qBAAqB,KAAK,WAAW;AAAA,EAC/F;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -11,18 +11,13 @@ import { CaseAuthenticatedTag, FabricId, NodeId } from "#types";
|
|
|
11
11
|
*/
|
|
12
12
|
export declare class CertificateAuthority {
|
|
13
13
|
#private;
|
|
14
|
-
private rootCertId;
|
|
15
|
-
private rootKeyPair;
|
|
16
|
-
private rootKeyIdentifier;
|
|
17
|
-
private rootCertBytes;
|
|
18
|
-
private nextCertificateId;
|
|
19
14
|
get construction(): Construction<CertificateAuthority>;
|
|
20
15
|
static create(options: StorageContext | CertificateAuthority.Configuration): Promise<CertificateAuthority>;
|
|
21
16
|
constructor(options: StorageContext | CertificateAuthority.Configuration);
|
|
22
17
|
static [Environmental.create](env: Environment): CertificateAuthority;
|
|
23
18
|
get rootCert(): Uint8Array<ArrayBufferLike>;
|
|
24
19
|
get config(): CertificateAuthority.Configuration;
|
|
25
|
-
generateNoc(publicKey: Uint8Array, fabricId: FabricId, nodeId: NodeId, caseAuthenticatedTags?: CaseAuthenticatedTag[]): Uint8Array<ArrayBufferLike
|
|
20
|
+
generateNoc(publicKey: Uint8Array, fabricId: FabricId, nodeId: NodeId, caseAuthenticatedTags?: CaseAuthenticatedTag[]): Promise<Uint8Array<ArrayBufferLike>>;
|
|
26
21
|
}
|
|
27
22
|
export declare namespace CertificateAuthority {
|
|
28
23
|
type Configuration = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EAEb,YAAY,EAEZ,WAAW,EACX,aAAa,
|
|
1
|
+
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EAEb,YAAY,EAEZ,WAAW,EACX,aAAa,EAIb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAahE;;;GAGG;AACH,qBAAa,oBAAoB;;IAQ7B,IAAI,YAAY,uCAEf;WAEY,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa;gBAIpE,OAAO,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa;IAuCxE,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,QAAQ,gCAEX;IAED,IAAI,MAAM,IAAI,oBAAoB,CAAC,aAAa,CAQ/C;IA+BK,WAAW,CACb,SAAS,EAAE,UAAU,EACrB,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,EACd,qBAAqB,CAAC,EAAE,oBAAoB,EAAE;CA8CrD;AAED,yBAAiB,oBAAoB,CAAC;IAClC,KAAY,aAAa,GAAG;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,aAAa,CAAC;QAC3B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,aAAa,EAAE,UAAU,CAAC;QAC1B,iBAAiB,EAAE,MAAM,CAAC;KAC7B,CAAC;CACL"}
|
|
@@ -8,6 +8,7 @@ import {
|
|
|
8
8
|
Construction,
|
|
9
9
|
Crypto,
|
|
10
10
|
Environmental,
|
|
11
|
+
InternalError,
|
|
11
12
|
Logger,
|
|
12
13
|
PrivateKey,
|
|
13
14
|
StorageContext,
|
|
@@ -24,11 +25,11 @@ import {
|
|
|
24
25
|
} from "./CertificateManager.js";
|
|
25
26
|
const logger = Logger.get("CertificateAuthority");
|
|
26
27
|
class CertificateAuthority {
|
|
27
|
-
rootCertId = BigInt(0);
|
|
28
|
-
rootKeyPair
|
|
29
|
-
rootKeyIdentifier
|
|
30
|
-
rootCertBytes
|
|
31
|
-
nextCertificateId = BigInt(1);
|
|
28
|
+
#rootCertId = BigInt(0);
|
|
29
|
+
#rootKeyPair;
|
|
30
|
+
#rootKeyIdentifier;
|
|
31
|
+
#rootCertBytes;
|
|
32
|
+
#nextCertificateId = BigInt(1);
|
|
32
33
|
#construction;
|
|
33
34
|
get construction() {
|
|
34
35
|
return this.#construction;
|
|
@@ -39,23 +40,26 @@ class CertificateAuthority {
|
|
|
39
40
|
constructor(options) {
|
|
40
41
|
this.#construction = Construction(this, async () => {
|
|
41
42
|
const certValues = options instanceof StorageContext ? await options.values() : options;
|
|
43
|
+
this.#rootKeyPair = await Crypto.createKeyPair();
|
|
44
|
+
this.#rootKeyIdentifier = (await Crypto.hash(this.#rootKeyPair.publicKey)).slice(0, 20);
|
|
45
|
+
this.#rootCertBytes = await this.#generateRootCert();
|
|
42
46
|
if ((typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (ArrayBuffer.isView(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && ArrayBuffer.isView(certValues.rootKeyIdentifier) && ArrayBuffer.isView(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint")) {
|
|
43
|
-
this
|
|
44
|
-
this
|
|
45
|
-
this
|
|
46
|
-
this
|
|
47
|
-
this
|
|
48
|
-
logger.info(`Loaded stored credentials with ID ${this
|
|
47
|
+
this.#rootCertId = BigInt(certValues.rootCertId);
|
|
48
|
+
this.#rootKeyPair = PrivateKey(certValues.rootKeyPair);
|
|
49
|
+
this.#rootKeyIdentifier = certValues.rootKeyIdentifier;
|
|
50
|
+
this.#rootCertBytes = certValues.rootCertBytes;
|
|
51
|
+
this.#nextCertificateId = BigInt(certValues.nextCertificateId);
|
|
52
|
+
logger.info(`Loaded stored credentials with ID ${this.#rootCertId}`);
|
|
49
53
|
return;
|
|
50
54
|
}
|
|
51
|
-
logger.info(`Created new credentials with ID ${this
|
|
55
|
+
logger.info(`Created new credentials with ID ${this.#rootCertId}`);
|
|
52
56
|
if (options instanceof StorageContext) {
|
|
53
57
|
await options.set({
|
|
54
|
-
rootCertId: this
|
|
55
|
-
rootKeyPair: this
|
|
56
|
-
rootKeyIdentifier: this
|
|
57
|
-
rootCertBytes: this
|
|
58
|
-
nextCertificateId: this
|
|
58
|
+
rootCertId: this.#rootCertId,
|
|
59
|
+
rootKeyPair: this.#rootKeyPair.keyPair,
|
|
60
|
+
rootKeyIdentifier: this.#rootKeyIdentifier,
|
|
61
|
+
rootCertBytes: this.#rootCertBytes,
|
|
62
|
+
nextCertificateId: this.#nextCertificateId
|
|
59
63
|
});
|
|
60
64
|
}
|
|
61
65
|
});
|
|
@@ -67,51 +71,54 @@ class CertificateAuthority {
|
|
|
67
71
|
return instance;
|
|
68
72
|
}
|
|
69
73
|
get rootCert() {
|
|
70
|
-
return this.rootCertBytes;
|
|
74
|
+
return this.#construction.assert("root cert", this.#rootCertBytes);
|
|
71
75
|
}
|
|
72
76
|
get config() {
|
|
73
77
|
return {
|
|
74
|
-
rootCertId: this
|
|
75
|
-
rootKeyPair: this.rootKeyPair.keyPair,
|
|
76
|
-
rootKeyIdentifier: this.rootKeyIdentifier,
|
|
77
|
-
rootCertBytes: this.rootCertBytes,
|
|
78
|
-
nextCertificateId: this
|
|
78
|
+
rootCertId: this.#rootCertId,
|
|
79
|
+
rootKeyPair: this.construction.assert("root key pair", this.#rootKeyPair).keyPair,
|
|
80
|
+
rootKeyIdentifier: this.construction.assert("root key identifier", this.#rootKeyIdentifier),
|
|
81
|
+
rootCertBytes: this.construction.assert("root cert bytes", this.#rootCertBytes),
|
|
82
|
+
nextCertificateId: this.#nextCertificateId
|
|
79
83
|
};
|
|
80
84
|
}
|
|
81
|
-
#generateRootCert() {
|
|
85
|
+
async #generateRootCert() {
|
|
82
86
|
const now = Time.get().now();
|
|
83
87
|
const unsignedCertificate = {
|
|
84
|
-
serialNumber: Bytes.fromHex(toHex(this
|
|
88
|
+
serialNumber: Bytes.fromHex(toHex(this.#rootCertId)),
|
|
85
89
|
signatureAlgorithm: 1,
|
|
86
90
|
publicKeyAlgorithm: 1,
|
|
87
91
|
ellipticCurveIdentifier: 1,
|
|
88
|
-
issuer: { rcacId: this
|
|
92
|
+
issuer: { rcacId: this.#rootCertId },
|
|
89
93
|
notBefore: jsToMatterDate(now, -1),
|
|
90
94
|
notAfter: jsToMatterDate(now, 10),
|
|
91
|
-
subject: { rcacId: this
|
|
92
|
-
ellipticCurvePublicKey: this.
|
|
95
|
+
subject: { rcacId: this.#rootCertId },
|
|
96
|
+
ellipticCurvePublicKey: this.#initializedRootKeyPair.publicKey,
|
|
93
97
|
extensions: {
|
|
94
98
|
basicConstraints: { isCa: true },
|
|
95
99
|
keyUsage: {
|
|
96
100
|
keyCertSign: true,
|
|
97
101
|
cRLSign: true
|
|
98
102
|
},
|
|
99
|
-
subjectKeyIdentifier: this
|
|
100
|
-
authorityKeyIdentifier: this
|
|
103
|
+
subjectKeyIdentifier: this.#initializedRootKeyIdentifier,
|
|
104
|
+
authorityKeyIdentifier: this.#initializedRootKeyIdentifier
|
|
101
105
|
}
|
|
102
106
|
};
|
|
103
|
-
const signature = Crypto.sign(
|
|
107
|
+
const signature = await Crypto.sign(
|
|
108
|
+
this.#initializedRootKeyPair,
|
|
109
|
+
CertificateManager.rootCertToAsn1(unsignedCertificate)
|
|
110
|
+
);
|
|
104
111
|
return TlvRootCertificate.encode({ ...unsignedCertificate, signature });
|
|
105
112
|
}
|
|
106
|
-
generateNoc(publicKey, fabricId, nodeId, caseAuthenticatedTags) {
|
|
113
|
+
async generateNoc(publicKey, fabricId, nodeId, caseAuthenticatedTags) {
|
|
107
114
|
const now = Time.get().now();
|
|
108
|
-
const certId = this
|
|
115
|
+
const certId = this.#nextCertificateId++;
|
|
109
116
|
const unsignedCertificate = {
|
|
110
117
|
serialNumber: Bytes.fromHex(toHex(certId)),
|
|
111
118
|
signatureAlgorithm: 1,
|
|
112
119
|
publicKeyAlgorithm: 1,
|
|
113
120
|
ellipticCurveIdentifier: 1,
|
|
114
|
-
issuer: { rcacId: this
|
|
121
|
+
issuer: { rcacId: this.#rootCertId },
|
|
115
122
|
notBefore: jsToMatterDate(now, -1),
|
|
116
123
|
notAfter: jsToMatterDate(now, 10),
|
|
117
124
|
subject: { fabricId, nodeId, caseAuthenticatedTags },
|
|
@@ -122,16 +129,28 @@ class CertificateAuthority {
|
|
|
122
129
|
digitalSignature: true
|
|
123
130
|
},
|
|
124
131
|
extendedKeyUsage: [2, 1],
|
|
125
|
-
subjectKeyIdentifier: Crypto.hash(publicKey).slice(0, 20),
|
|
126
|
-
authorityKeyIdentifier: this
|
|
132
|
+
subjectKeyIdentifier: (await Crypto.hash(publicKey)).slice(0, 20),
|
|
133
|
+
authorityKeyIdentifier: this.#initializedRootKeyIdentifier
|
|
127
134
|
}
|
|
128
135
|
};
|
|
129
|
-
const signature = Crypto.sign(
|
|
130
|
-
this
|
|
136
|
+
const signature = await Crypto.sign(
|
|
137
|
+
this.#initializedRootKeyPair,
|
|
131
138
|
CertificateManager.nodeOperationalCertToAsn1(unsignedCertificate)
|
|
132
139
|
);
|
|
133
140
|
return TlvOperationalCertificate.encode({ ...unsignedCertificate, signature });
|
|
134
141
|
}
|
|
142
|
+
get #initializedRootKeyPair() {
|
|
143
|
+
if (this.#rootKeyPair === void 0) {
|
|
144
|
+
throw new InternalError("CA private key is not installed");
|
|
145
|
+
}
|
|
146
|
+
return this.#rootKeyPair;
|
|
147
|
+
}
|
|
148
|
+
get #initializedRootKeyIdentifier() {
|
|
149
|
+
if (this.#rootKeyIdentifier === void 0) {
|
|
150
|
+
throw new InternalError("CA key identifier is not installed");
|
|
151
|
+
}
|
|
152
|
+
return this.#rootKeyIdentifier;
|
|
153
|
+
}
|
|
135
154
|
}
|
|
136
155
|
export {
|
|
137
156
|
CertificateAuthority
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/CertificateAuthority.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EAEI;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP;AAAA,EACI;AAAA,EAGA;AAAA,EACA;AAAA,EAEA;AAAA,OACG;AAEP,MAAM,SAAS,OAAO,IAAI,sBAAsB;AAMzC,MAAM,qBAAqB;AAAA,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EAEI;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAEP;AAAA,EACI;AAAA,EAGA;AAAA,EACA;AAAA,EAEA;AAAA,OACG;AAEP,MAAM,SAAS,OAAO,IAAI,sBAAsB;AAMzC,MAAM,qBAAqB;AAAA,EAC9B,cAAc,OAAO,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB,OAAO,CAAC;AAAA,EAC7B;AAAA,EAEA,IAAI,eAAe;AACf,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,aAAa,OAAO,SAA8D;AAC9E,WAAO,SAAS,sBAAsB,OAAO;AAAA,EACjD;AAAA,EAEA,YAAY,SAA8D;AACtE,SAAK,gBAAgB,aAAa,MAAM,YAAY;AAEhD,YAAM,aAAa,mBAAmB,iBAAiB,MAAM,QAAQ,OAAO,IAAI;AAEhF,WAAK,eAAe,MAAM,OAAO,cAAc;AAC/C,WAAK,sBAAsB,MAAM,OAAO,KAAK,KAAK,aAAa,SAAS,GAAG,MAAM,GAAG,EAAE;AACtF,WAAK,iBAAiB,MAAM,KAAK,kBAAkB;AAEnD,WACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,YAAY,OAAO,WAAW,WAAW,KAAK,OAAO,WAAW,gBAAgB,aACjF,YAAY,OAAO,WAAW,iBAAiB,KAC/C,YAAY,OAAO,WAAW,aAAa,MAC1C,OAAO,WAAW,sBAAsB,YAAY,OAAO,WAAW,sBAAsB,WAC/F;AACE,aAAK,cAAc,OAAO,WAAW,UAAU;AAC/C,aAAK,eAAe,WAAW,WAAW,WAA4B;AACtE,aAAK,qBAAqB,WAAW;AACrC,aAAK,iBAAiB,WAAW;AACjC,aAAK,qBAAqB,OAAO,WAAW,iBAAiB;AAC7D,eAAO,KAAK,qCAAqC,KAAK,WAAW,EAAE;AACnE;AAAA,MACJ;AAEA,aAAO,KAAK,mCAAmC,KAAK,WAAW,EAAE;AAEjE,UAAI,mBAAmB,gBAAgB;AACnC,cAAM,QAAQ,IAAI;AAAA,UACd,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK,aAAa;AAAA,UAC/B,mBAAmB,KAAK;AAAA,UACxB,eAAe,KAAK;AAAA,UACpB,mBAAmB,KAAK;AAAA,QAC5B,CAAC;AAAA,MACL;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,QAAQ,cAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,UAAU,IAAI,IAAI,cAAc,EAAE,cAAc,cAAc;AACpE,UAAM,WAAW,IAAI,qBAAqB,OAAO;AACjD,QAAI,IAAI,sBAAsB,QAAQ;AACtC,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,WAAW;AACX,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,cAAc;AAAA,EACrE;AAAA,EAEA,IAAI,SAA6C;AAC7C,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,YAAY,EAAE;AAAA,MAC1E,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,kBAAkB;AAAA,MAC1F,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,cAAc;AAAA,MAC9E,mBAAmB,KAAK;AAAA,IAC5B;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAoB;AACtB,UAAM,MAAM,KAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAiD;AAAA,MACnD,cAAc,MAAM,QAAQ,MAAM,KAAK,WAAW,CAAC;AAAA,MACnD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,KAAK,YAAY;AAAA,MACpC,wBAAwB,KAAK,wBAAwB;AAAA,MACrD,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,UAAM,YAAY,MAAM,OAAO;AAAA,MAC3B,KAAK;AAAA,MACL,mBAAmB,eAAe,mBAAmB;AAAA,IACzD;AACA,WAAO,mBAAmB,OAAO,EAAE,GAAG,qBAAqB,UAAU,CAAC;AAAA,EAC1E;AAAA,EAEA,MAAM,YACF,WACA,UACA,QACA,uBACF;AACE,UAAM,MAAM,KAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,SAAS,KAAK;AACpB,UAAM,sBAAwD;AAAA,MAC1D,cAAc,MAAM,QAAQ,MAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,WAAW,eAAe,KAAK,EAAE;AAAA,MACjC,UAAU,eAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,UAAU,QAAQ,sBAAsB;AAAA,MACnD,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,MAAM;AAAA,QAChC,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,kBAAkB,CAAC,GAAG,CAAC;AAAA,QACvB,uBAAuB,MAAM,OAAO,KAAK,SAAS,GAAG,MAAM,GAAG,EAAE;AAAA,QAChE,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AAEA,UAAM,YAAY,MAAM,OAAO;AAAA,MAC3B,KAAK;AAAA,MACL,mBAAmB,0BAA0B,mBAAmB;AAAA,IACpE;AAEA,WAAO,0BAA0B,OAAO,EAAE,GAAG,qBAAqB,UAAU,CAAC;AAAA,EACjF;AAAA,EAEA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,iBAAiB,QAAW;AACjC,YAAM,IAAI,cAAc,iCAAiC;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAAgC;AAChC,QAAI,KAAK,uBAAuB,QAAW;AACvC,YAAM,IAAI,cAAc,oCAAoC;AAAA,IAChE;AACA,WAAO,KAAK;AAAA,EAChB;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -544,9 +544,9 @@ export declare namespace CertificateManager {
|
|
|
544
544
|
function rootCertToAsn1(cert: Unsigned<RootCertificate>): Uint8Array<ArrayBufferLike>;
|
|
545
545
|
function intermediateCaCertToAsn1(cert: Unsigned<IntermediateCertificate>): Uint8Array<ArrayBufferLike>;
|
|
546
546
|
function nodeOperationalCertToAsn1(cert: Unsigned<OperationalCertificate>): Uint8Array<ArrayBufferLike>;
|
|
547
|
-
function deviceAttestationCertToAsn1(cert: Unsigned<DeviceAttestationCertificate>, key: Key): Uint8Array<ArrayBufferLike
|
|
548
|
-
function productAttestationIntermediateCertToAsn1(cert: Unsigned<ProductAttestationIntermediateCertificate>, key: Key): Uint8Array<ArrayBufferLike
|
|
549
|
-
function productAttestationAuthorityCertToAsn1(cert: Unsigned<ProductAttestationAuthorityCertificate>, key: Key): Uint8Array<ArrayBufferLike
|
|
547
|
+
function deviceAttestationCertToAsn1(cert: Unsigned<DeviceAttestationCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
548
|
+
function productAttestationIntermediateCertToAsn1(cert: Unsigned<ProductAttestationIntermediateCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
549
|
+
function productAttestationAuthorityCertToAsn1(cert: Unsigned<ProductAttestationAuthorityCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
550
550
|
function certificationDeclarationToAsn1(eContent: Uint8Array, subjectKeyIdentifier: Uint8Array, privateKey: JsonWebKey): Uint8Array<ArrayBufferLike>;
|
|
551
551
|
/**
|
|
552
552
|
* Validate general requirements a Matter certificate fields must fulfill.
|
|
@@ -557,19 +557,19 @@ export declare namespace CertificateManager {
|
|
|
557
557
|
* Verify requirements a Matter Root certificate must fulfill.
|
|
558
558
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
559
559
|
*/
|
|
560
|
-
function verifyRootCertificate(rootCert: RootCertificate): void
|
|
560
|
+
function verifyRootCertificate(rootCert: RootCertificate): Promise<void>;
|
|
561
561
|
/**
|
|
562
562
|
* Verify requirements a Matter Node Operational certificate must fulfill.
|
|
563
563
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
564
564
|
*/
|
|
565
|
-
function verifyNodeOperationalCertificate(nocCert: OperationalCertificate, rootCert: RootCertificate, icaCert?: IntermediateCertificate): void
|
|
565
|
+
function verifyNodeOperationalCertificate(nocCert: OperationalCertificate, rootCert: RootCertificate, icaCert?: IntermediateCertificate): Promise<void>;
|
|
566
566
|
/**
|
|
567
567
|
* Verify requirements a Matter Intermediate CA certificate must fulfill.
|
|
568
568
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
569
569
|
*/
|
|
570
|
-
function verifyIntermediateCaCertificate(rootCert: RootCertificate, icaCert: IntermediateCertificate): void
|
|
571
|
-
function createCertificateSigningRequest(key: Key): Uint8Array<ArrayBufferLike
|
|
572
|
-
function getPublicKeyFromCsr(csr: Uint8Array): Uint8Array<ArrayBufferLike
|
|
570
|
+
function verifyIntermediateCaCertificate(rootCert: RootCertificate, icaCert: IntermediateCertificate): Promise<void>;
|
|
571
|
+
function createCertificateSigningRequest(key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
572
|
+
function getPublicKeyFromCsr(csr: Uint8Array): Promise<Uint8Array<ArrayBufferLike>>;
|
|
573
573
|
}
|
|
574
574
|
export {};
|
|
575
575
|
//# sourceMappingURL=CertificateManager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAaH,GAAG,EAEH,WAAW,EASd,MAAM,UAAU,CAAC;AAClB,OAAO,EACH,OAAO,EAEP,oBAAoB,EACpB,QAAQ,EACR,MAAM,EAoBN,wBAAwB,EACxB,cAAc,EACd,QAAQ,EACX,MAAM,QAAQ,CAAC;AAIhB,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAcpD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,QAE1C;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,SAAI,UAItD;AAoDD,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuC,CAAC;AAElE,mEAAmE;AACnE,eAAO,MAAM,wBAAwB,0BAAuC,CAAC;AAE7E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,yDAAyD;AACzD,eAAO,MAAM,eAAe,4BAAyC,CAAC;AAEtE,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuD,CAAC;AAElF,uDAAuD;AACvD,eAAO,MAAM,eAAe,4BAA0D,CAAC;AAEvF,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,0BAAwD,CAAC;AA2DtF,QAAA,MAAM,uBAAuB;;;;;;;;;;CAU5B,CAAC;AA2DF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC;AAEH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAEH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAA0B,CAAC;AAEnD,UAAU,0BAA0B;IAChC,YAAY,EAAE,UAAU,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,EAAE,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,EAAE,CAAC;IACZ,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,sBAAsB,EAAE,UAAU,CAAC;IACnC,UAAU,EAAE;QACR,gBAAgB,EAAE;YACd,IAAI,EAAE,OAAO,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;SACpB,CAAC;QACF,QAAQ,EAAE,wBAAwB,CAAC,OAAO,uBAAuB,CAAC,CAAC;QACnE,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,oBAAoB,EAAE,UAAU,CAAC;QACjC,sBAAsB,EAAE,UAAU,CAAC;QACnC,eAAe,CAAC,EAAE,UAAU,EAAE,CAAC;KAClC,CAAC;IACF,SAAS,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,WAAW,4BAA6B,SAAQ,0BAA0B;IAC5E,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,yCAA0C,SAAQ,0BAA0B;IACzF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,sCAAuC,SAAQ,0BAA0B;IACtF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;CACL;AAED,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;EAgBtC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,uBAAuB,GAAG,cAAc,CAAC,OAAO,0BAA0B,CAAC,CAAC;AACxF,MAAM,MAAM,sBAAsB,GAAG,cAAc,CAAC,OAAO,yBAAyB,CAAC,CAAC;AACtF,MAAM,MAAM,QAAQ,CAAC,IAAI,IAAI;KAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;CAAE,CAAC;AAwL5G,yBAAiB,kBAAkB,CAAC;IA6ChC,SAAgB,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,eAAe,CAAC,+BAU7D;IAED,SAAgB,wBAAwB,CAAC,IAAI,EAAE,QAAQ,CAAC,uBAAuB,CAAC,+BAU/E;IAED,SAAgB,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,sBAAsB,CAAC,+BAe/E;IAED,
|
|
1
|
+
{"version":3,"file":"CertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAaH,GAAG,EAEH,WAAW,EASd,MAAM,UAAU,CAAC;AAClB,OAAO,EACH,OAAO,EAEP,oBAAoB,EACpB,QAAQ,EACR,MAAM,EAoBN,wBAAwB,EACxB,cAAc,EACd,QAAQ,EACX,MAAM,QAAQ,CAAC;AAIhB,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAcpD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,QAE1C;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,SAAI,UAItD;AAoDD,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuC,CAAC;AAElE,mEAAmE;AACnE,eAAO,MAAM,wBAAwB,0BAAuC,CAAC;AAE7E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,yDAAyD;AACzD,eAAO,MAAM,eAAe,4BAAyC,CAAC;AAEtE,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuD,CAAC;AAElF,uDAAuD;AACvD,eAAO,MAAM,eAAe,4BAA0D,CAAC;AAEvF,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,0BAAwD,CAAC;AA2DtF,QAAA,MAAM,uBAAuB;;;;;;;;;;CAU5B,CAAC;AA2DF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC;AAEH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAEH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAA0B,CAAC;AAEnD,UAAU,0BAA0B;IAChC,YAAY,EAAE,UAAU,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,EAAE,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,EAAE,CAAC;IACZ,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,sBAAsB,EAAE,UAAU,CAAC;IACnC,UAAU,EAAE;QACR,gBAAgB,EAAE;YACd,IAAI,EAAE,OAAO,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;SACpB,CAAC;QACF,QAAQ,EAAE,wBAAwB,CAAC,OAAO,uBAAuB,CAAC,CAAC;QACnE,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,oBAAoB,EAAE,UAAU,CAAC;QACjC,sBAAsB,EAAE,UAAU,CAAC;QACnC,eAAe,CAAC,EAAE,UAAU,EAAE,CAAC;KAClC,CAAC;IACF,SAAS,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,WAAW,4BAA6B,SAAQ,0BAA0B;IAC5E,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,yCAA0C,SAAQ,0BAA0B;IACzF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,sCAAuC,SAAQ,0BAA0B;IACtF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;CACL;AAED,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;EAgBtC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,uBAAuB,GAAG,cAAc,CAAC,OAAO,0BAA0B,CAAC,CAAC;AACxF,MAAM,MAAM,sBAAsB,GAAG,cAAc,CAAC,OAAO,yBAAyB,CAAC,CAAC;AACtF,MAAM,MAAM,QAAQ,CAAC,IAAI,IAAI;KAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;CAAE,CAAC;AAwL5G,yBAAiB,kBAAkB,CAAC;IA6ChC,SAAgB,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,eAAe,CAAC,+BAU7D;IAED,SAAgB,wBAAwB,CAAC,IAAI,EAAE,QAAQ,CAAC,uBAAuB,CAAC,+BAU/E;IAED,SAAgB,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,sBAAsB,CAAC,+BAe/E;IAED,SAAsB,2BAA2B,CAAC,IAAI,EAAE,QAAQ,CAAC,4BAA4B,CAAC,EAAE,GAAG,EAAE,GAAG,wCASvG;IAED,SAAsB,wCAAwC,CAC1D,IAAI,EAAE,QAAQ,CAAC,yCAAyC,CAAC,EACzD,GAAG,EAAE,GAAG,wCAUX;IAED,SAAsB,qCAAqC,CACvD,IAAI,EAAE,QAAQ,CAAC,sCAAsC,CAAC,EACtD,GAAG,EAAE,GAAG,wCAUX;IAED,SAAgB,8BAA8B,CAC1C,QAAQ,EAAE,UAAU,EACpB,oBAAoB,EAAE,UAAU,EAChC,UAAU,EAAE,UAAU,+BAoBzB;IAED;;;OAGG;IACH,SAAgB,gCAAgC,CAC5C,IAAI,EAAE,eAAe,GAAG,sBAAsB,GAAG,uBAAuB,QAsC3E;IAED;;;OAGG;IACH,SAAsB,qBAAqB,CAAC,QAAQ,EAAE,eAAe,iBAqFpE;IAED;;;OAGG;IACH,SAAsB,gCAAgC,CAClD,OAAO,EAAE,sBAAsB,EAC/B,QAAQ,EAAE,eAAe,EACzB,OAAO,CAAC,EAAE,uBAAuB,iBAuHpC;IAED;;;OAGG;IACH,SAAsB,+BAA+B,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,uBAAuB,iBAgHhH;IAED,SAAsB,+BAA+B,CAAC,GAAG,EAAE,GAAG,wCAa7D;IAED,SAAsB,mBAAmB,CAAC,GAAG,EAAE,UAAU,wCA+BxD;CACJ"}
|
|
@@ -502,34 +502,34 @@ var CertificateManager;
|
|
|
502
502
|
return genericCertToAsn1(cert);
|
|
503
503
|
}
|
|
504
504
|
CertificateManager2.nodeOperationalCertToAsn1 = nodeOperationalCertToAsn1;
|
|
505
|
-
function deviceAttestationCertToAsn1(cert, key) {
|
|
505
|
+
async function deviceAttestationCertToAsn1(cert, key) {
|
|
506
506
|
const certificate = genericBuildAsn1Structure(cert);
|
|
507
507
|
const certBytes = DerCodec.encode({
|
|
508
508
|
certificate,
|
|
509
509
|
signAlgorithm: X962.EcdsaWithSHA256,
|
|
510
|
-
signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
510
|
+
signature: BitByteArray(await Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
511
511
|
});
|
|
512
512
|
assertCertificateDerSize(certBytes);
|
|
513
513
|
return certBytes;
|
|
514
514
|
}
|
|
515
515
|
CertificateManager2.deviceAttestationCertToAsn1 = deviceAttestationCertToAsn1;
|
|
516
|
-
function productAttestationIntermediateCertToAsn1(cert, key) {
|
|
516
|
+
async function productAttestationIntermediateCertToAsn1(cert, key) {
|
|
517
517
|
const certificate = genericBuildAsn1Structure(cert);
|
|
518
518
|
const certBytes = DerCodec.encode({
|
|
519
519
|
certificate,
|
|
520
520
|
signAlgorithm: X962.EcdsaWithSHA256,
|
|
521
|
-
signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
521
|
+
signature: BitByteArray(await Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
522
522
|
});
|
|
523
523
|
assertCertificateDerSize(certBytes);
|
|
524
524
|
return certBytes;
|
|
525
525
|
}
|
|
526
526
|
CertificateManager2.productAttestationIntermediateCertToAsn1 = productAttestationIntermediateCertToAsn1;
|
|
527
|
-
function productAttestationAuthorityCertToAsn1(cert, key) {
|
|
527
|
+
async function productAttestationAuthorityCertToAsn1(cert, key) {
|
|
528
528
|
const certificate = genericBuildAsn1Structure(cert);
|
|
529
529
|
const certBytes = DerCodec.encode({
|
|
530
530
|
certificate,
|
|
531
531
|
signAlgorithm: X962.EcdsaWithSHA256,
|
|
532
|
-
signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
532
|
+
signature: BitByteArray(await Crypto.sign(key, DerCodec.encode(certificate), "der"))
|
|
533
533
|
});
|
|
534
534
|
assertCertificateDerSize(certBytes);
|
|
535
535
|
return certBytes;
|
|
@@ -580,7 +580,7 @@ var CertificateManager;
|
|
|
580
580
|
}
|
|
581
581
|
}
|
|
582
582
|
CertificateManager2.validateGeneralCertificateFields = validateGeneralCertificateFields;
|
|
583
|
-
function verifyRootCertificate(rootCert) {
|
|
583
|
+
async function verifyRootCertificate(rootCert) {
|
|
584
584
|
CertificateManager2.validateGeneralCertificateFields(rootCert);
|
|
585
585
|
if ("nodeId" in rootCert.subject) {
|
|
586
586
|
throw new CertificateError(`Root certificate must not contain a nodeId.`);
|
|
@@ -636,10 +636,10 @@ var CertificateManager;
|
|
|
636
636
|
`Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`
|
|
637
637
|
);
|
|
638
638
|
}
|
|
639
|
-
Crypto.verify(PublicKey(rootCert.ellipticCurvePublicKey), rootCertToAsn1(rootCert), rootCert.signature);
|
|
639
|
+
await Crypto.verify(PublicKey(rootCert.ellipticCurvePublicKey), rootCertToAsn1(rootCert), rootCert.signature);
|
|
640
640
|
}
|
|
641
641
|
CertificateManager2.verifyRootCertificate = verifyRootCertificate;
|
|
642
|
-
function verifyNodeOperationalCertificate(nocCert, rootCert, icaCert) {
|
|
642
|
+
async function verifyNodeOperationalCertificate(nocCert, rootCert, icaCert) {
|
|
643
643
|
CertificateManager2.validateGeneralCertificateFields(nocCert);
|
|
644
644
|
if (nocCert.subject.nodeId === void 0 || Array.isArray(nocCert.subject.nodeId)) {
|
|
645
645
|
throw new CertificateError(`Invalid nodeId in NoC certificate: ${Diagnostic.json(nocCert.subject.nodeId)}`);
|
|
@@ -711,14 +711,14 @@ var CertificateManager;
|
|
|
711
711
|
`Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`
|
|
712
712
|
);
|
|
713
713
|
}
|
|
714
|
-
Crypto.verify(
|
|
714
|
+
await Crypto.verify(
|
|
715
715
|
PublicKey((icaCert ?? rootCert).ellipticCurvePublicKey),
|
|
716
716
|
nodeOperationalCertToAsn1(nocCert),
|
|
717
717
|
nocCert.signature
|
|
718
718
|
);
|
|
719
719
|
}
|
|
720
720
|
CertificateManager2.verifyNodeOperationalCertificate = verifyNodeOperationalCertificate;
|
|
721
|
-
function verifyIntermediateCaCertificate(rootCert, icaCert) {
|
|
721
|
+
async function verifyIntermediateCaCertificate(rootCert, icaCert) {
|
|
722
722
|
CertificateManager2.validateGeneralCertificateFields(icaCert);
|
|
723
723
|
if ("nodeId" in icaCert.subject) {
|
|
724
724
|
throw new CertificateError(`Ica certificate must not contain a nodeId.`);
|
|
@@ -786,10 +786,14 @@ var CertificateManager;
|
|
|
786
786
|
`Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`
|
|
787
787
|
);
|
|
788
788
|
}
|
|
789
|
-
Crypto.verify(
|
|
789
|
+
await Crypto.verify(
|
|
790
|
+
PublicKey(rootCert.ellipticCurvePublicKey),
|
|
791
|
+
intermediateCaCertToAsn1(icaCert),
|
|
792
|
+
icaCert.signature
|
|
793
|
+
);
|
|
790
794
|
}
|
|
791
795
|
CertificateManager2.verifyIntermediateCaCertificate = verifyIntermediateCaCertificate;
|
|
792
|
-
function createCertificateSigningRequest(key) {
|
|
796
|
+
async function createCertificateSigningRequest(key) {
|
|
793
797
|
const request = {
|
|
794
798
|
version: 0,
|
|
795
799
|
subject: { organization: X520.OrganisationName("CSR") },
|
|
@@ -799,11 +803,11 @@ var CertificateManager;
|
|
|
799
803
|
return DerCodec.encode({
|
|
800
804
|
request,
|
|
801
805
|
signAlgorithm: X962.EcdsaWithSHA256,
|
|
802
|
-
signature: BitByteArray(Crypto.sign(key, DerCodec.encode(request), "der"))
|
|
806
|
+
signature: BitByteArray(await Crypto.sign(key, DerCodec.encode(request), "der"))
|
|
803
807
|
});
|
|
804
808
|
}
|
|
805
809
|
CertificateManager2.createCertificateSigningRequest = createCertificateSigningRequest;
|
|
806
|
-
function getPublicKeyFromCsr(csr) {
|
|
810
|
+
async function getPublicKeyFromCsr(csr) {
|
|
807
811
|
const { [DerKey.Elements]: rootElements } = DerCodec.decode(csr);
|
|
808
812
|
if (rootElements?.length !== 3) throw new CertificateError("Invalid CSR data");
|
|
809
813
|
const [requestNode, signAlgorithmNode, signatureNode] = rootElements;
|
|
@@ -821,7 +825,7 @@ var CertificateManager;
|
|
|
821
825
|
signAlgorithmNode[DerKey.Elements]?.[0]?.[DerKey.Bytes]
|
|
822
826
|
))
|
|
823
827
|
throw new CertificateError("Unsupported signature type");
|
|
824
|
-
Crypto.verify(PublicKey(publicKey), DerCodec.encode(requestNode), signatureNode[DerKey.Bytes], "der");
|
|
828
|
+
await Crypto.verify(PublicKey(publicKey), DerCodec.encode(requestNode), signatureNode[DerKey.Bytes], "der");
|
|
825
829
|
return publicKey;
|
|
826
830
|
}
|
|
827
831
|
CertificateManager2.getPublicKeyFromCsr = getPublicKeyFromCsr;
|