@matter/protocol 0.15.0-alpha.0-20250613-a55f991d4 → 0.15.0-alpha.0-20250616-4b3754906
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificate/AttestationCertificateManager.d.ts +3 -3
- package/dist/cjs/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/cjs/certificate/AttestationCertificateManager.js +12 -10
- package/dist/cjs/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.d.ts +5 -3
- package/dist/cjs/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.js +19 -11
- package/dist/cjs/certificate/CertificateAuthority.js.map +1 -1
- package/dist/cjs/certificate/CertificateManager.d.ts +18 -15
- package/dist/cjs/certificate/CertificateManager.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateManager.js +92 -83
- package/dist/cjs/certificate/CertificateManager.js.map +2 -2
- package/dist/cjs/certificate/CertificationDeclarationManager.d.ts +7 -1
- package/dist/cjs/certificate/CertificationDeclarationManager.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificationDeclarationManager.js +2 -2
- package/dist/cjs/certificate/CertificationDeclarationManager.js.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.d.ts +2 -2
- package/dist/cjs/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.js +10 -4
- package/dist/cjs/certificate/DeviceCertification.js.map +1 -1
- package/dist/cjs/common/FailsafeContext.js +1 -1
- package/dist/cjs/common/FailsafeContext.js.map +1 -1
- package/dist/cjs/fabric/Fabric.d.ts +6 -4
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +33 -20
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/fabric/FabricAuthority.d.ts +1 -1
- package/dist/cjs/fabric/FabricAuthority.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricAuthority.js +7 -7
- package/dist/cjs/fabric/FabricAuthority.js.map +1 -1
- package/dist/cjs/fabric/FabricManager.d.ts +3 -2
- package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
- package/dist/cjs/fabric/FabricManager.js +8 -3
- package/dist/cjs/fabric/FabricManager.js.map +1 -1
- package/dist/cjs/fabric/TestFabric.d.ts.map +1 -1
- package/dist/cjs/fabric/TestFabric.js +15 -19
- package/dist/cjs/fabric/TestFabric.js.map +1 -1
- package/dist/cjs/groups/FabricGroups.d.ts.map +1 -1
- package/dist/cjs/groups/FabricGroups.js +11 -7
- package/dist/cjs/groups/FabricGroups.js.map +1 -1
- package/dist/cjs/groups/KeySets.d.ts +2 -2
- package/dist/cjs/groups/KeySets.d.ts.map +1 -1
- package/dist/cjs/groups/KeySets.js +2 -2
- package/dist/cjs/groups/KeySets.js.map +1 -1
- package/dist/cjs/groups/MessagingState.d.ts +2 -2
- package/dist/cjs/groups/MessagingState.d.ts.map +1 -1
- package/dist/cjs/groups/MessagingState.js +4 -2
- package/dist/cjs/groups/MessagingState.js.map +1 -1
- package/dist/cjs/mdns/MdnsBroadcaster.d.ts +3 -3
- package/dist/cjs/mdns/MdnsBroadcaster.d.ts.map +1 -1
- package/dist/cjs/mdns/MdnsBroadcaster.js +7 -4
- package/dist/cjs/mdns/MdnsBroadcaster.js.map +1 -1
- package/dist/cjs/mdns/MdnsService.d.ts.map +1 -1
- package/dist/cjs/mdns/MdnsService.js +2 -1
- package/dist/cjs/mdns/MdnsService.js.map +1 -1
- package/dist/cjs/peer/ControllerCommissioner.js +1 -1
- package/dist/cjs/peer/ControllerCommissioner.js.map +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.d.ts +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.d.ts.map +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.js +3 -4
- package/dist/cjs/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/cjs/protocol/DeviceCommissioner.d.ts.map +1 -1
- package/dist/cjs/protocol/DeviceCommissioner.js +1 -1
- package/dist/cjs/protocol/DeviceCommissioner.js.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.d.ts +4 -2
- package/dist/cjs/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/cjs/protocol/ExchangeManager.js +11 -6
- package/dist/cjs/protocol/ExchangeManager.js.map +1 -1
- package/dist/cjs/protocol/MessageCounter.d.ts +4 -4
- package/dist/cjs/protocol/MessageCounter.d.ts.map +1 -1
- package/dist/cjs/protocol/MessageCounter.js +7 -6
- package/dist/cjs/protocol/MessageCounter.js.map +1 -1
- package/dist/cjs/session/GroupSession.d.ts.map +1 -1
- package/dist/cjs/session/GroupSession.js +7 -2
- package/dist/cjs/session/GroupSession.js.map +1 -1
- package/dist/cjs/session/InsecureSession.d.ts +2 -0
- package/dist/cjs/session/InsecureSession.d.ts.map +1 -1
- package/dist/cjs/session/InsecureSession.js +2 -2
- package/dist/cjs/session/InsecureSession.js.map +1 -1
- package/dist/cjs/session/NodeSession.d.ts +3 -1
- package/dist/cjs/session/NodeSession.d.ts.map +1 -1
- package/dist/cjs/session/NodeSession.js +21 -13
- package/dist/cjs/session/NodeSession.js.map +1 -1
- package/dist/cjs/session/SessionManager.d.ts +1 -0
- package/dist/cjs/session/SessionManager.d.ts.map +1 -1
- package/dist/cjs/session/SessionManager.js +13 -3
- package/dist/cjs/session/SessionManager.js.map +1 -1
- package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseClient.js +16 -15
- package/dist/cjs/session/case/CaseClient.js.map +1 -1
- package/dist/cjs/session/case/CaseServer.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseServer.js +22 -18
- package/dist/cjs/session/case/CaseServer.js.map +1 -1
- package/dist/cjs/session/pase/PaseClient.d.ts +4 -4
- package/dist/cjs/session/pase/PaseClient.d.ts.map +1 -1
- package/dist/cjs/session/pase/PaseClient.js +11 -9
- package/dist/cjs/session/pase/PaseClient.js.map +1 -1
- package/dist/cjs/session/pase/PaseServer.d.ts.map +1 -1
- package/dist/cjs/session/pase/PaseServer.js +6 -5
- package/dist/cjs/session/pase/PaseServer.js.map +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.d.ts +3 -3
- package/dist/esm/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.js +13 -11
- package/dist/esm/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.d.ts +5 -3
- package/dist/esm/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.js +19 -11
- package/dist/esm/certificate/CertificateAuthority.js.map +1 -1
- package/dist/esm/certificate/CertificateManager.d.ts +18 -15
- package/dist/esm/certificate/CertificateManager.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateManager.js +92 -84
- package/dist/esm/certificate/CertificateManager.js.map +2 -2
- package/dist/esm/certificate/CertificationDeclarationManager.d.ts +7 -1
- package/dist/esm/certificate/CertificationDeclarationManager.d.ts.map +1 -1
- package/dist/esm/certificate/CertificationDeclarationManager.js +2 -2
- package/dist/esm/certificate/CertificationDeclarationManager.js.map +1 -1
- package/dist/esm/certificate/DeviceCertification.d.ts +2 -2
- package/dist/esm/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/esm/certificate/DeviceCertification.js +11 -5
- package/dist/esm/certificate/DeviceCertification.js.map +1 -1
- package/dist/esm/common/FailsafeContext.js +1 -1
- package/dist/esm/common/FailsafeContext.js.map +1 -1
- package/dist/esm/fabric/Fabric.d.ts +6 -4
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +33 -21
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/fabric/FabricAuthority.d.ts +1 -1
- package/dist/esm/fabric/FabricAuthority.d.ts.map +1 -1
- package/dist/esm/fabric/FabricAuthority.js +8 -15
- package/dist/esm/fabric/FabricAuthority.js.map +1 -1
- package/dist/esm/fabric/FabricManager.d.ts +3 -2
- package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
- package/dist/esm/fabric/FabricManager.js +9 -3
- package/dist/esm/fabric/FabricManager.js.map +1 -1
- package/dist/esm/fabric/TestFabric.d.ts.map +1 -1
- package/dist/esm/fabric/TestFabric.js +16 -20
- package/dist/esm/fabric/TestFabric.js.map +1 -1
- package/dist/esm/groups/FabricGroups.d.ts.map +1 -1
- package/dist/esm/groups/FabricGroups.js +12 -8
- package/dist/esm/groups/FabricGroups.js.map +1 -1
- package/dist/esm/groups/KeySets.d.ts +2 -2
- package/dist/esm/groups/KeySets.d.ts.map +1 -1
- package/dist/esm/groups/KeySets.js +3 -3
- package/dist/esm/groups/KeySets.js.map +1 -1
- package/dist/esm/groups/MessagingState.d.ts +2 -2
- package/dist/esm/groups/MessagingState.d.ts.map +1 -1
- package/dist/esm/groups/MessagingState.js +4 -2
- package/dist/esm/groups/MessagingState.js.map +1 -1
- package/dist/esm/mdns/MdnsBroadcaster.d.ts +3 -3
- package/dist/esm/mdns/MdnsBroadcaster.d.ts.map +1 -1
- package/dist/esm/mdns/MdnsBroadcaster.js +7 -5
- package/dist/esm/mdns/MdnsBroadcaster.js.map +1 -1
- package/dist/esm/mdns/MdnsService.d.ts.map +1 -1
- package/dist/esm/mdns/MdnsService.js +3 -1
- package/dist/esm/mdns/MdnsService.js.map +1 -1
- package/dist/esm/peer/ControllerCommissioner.js +1 -1
- package/dist/esm/peer/ControllerCommissioner.js.map +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.d.ts +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.d.ts.map +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.js +3 -5
- package/dist/esm/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/esm/protocol/DeviceCommissioner.d.ts.map +1 -1
- package/dist/esm/protocol/DeviceCommissioner.js +1 -2
- package/dist/esm/protocol/DeviceCommissioner.js.map +1 -1
- package/dist/esm/protocol/ExchangeManager.d.ts +4 -2
- package/dist/esm/protocol/ExchangeManager.d.ts.map +1 -1
- package/dist/esm/protocol/ExchangeManager.js +11 -6
- package/dist/esm/protocol/ExchangeManager.js.map +1 -1
- package/dist/esm/protocol/MessageCounter.d.ts +4 -4
- package/dist/esm/protocol/MessageCounter.d.ts.map +1 -1
- package/dist/esm/protocol/MessageCounter.js +8 -7
- package/dist/esm/protocol/MessageCounter.js.map +1 -1
- package/dist/esm/session/GroupSession.d.ts.map +1 -1
- package/dist/esm/session/GroupSession.js +7 -3
- package/dist/esm/session/GroupSession.js.map +1 -1
- package/dist/esm/session/InsecureSession.d.ts +2 -0
- package/dist/esm/session/InsecureSession.d.ts.map +1 -1
- package/dist/esm/session/InsecureSession.js +2 -2
- package/dist/esm/session/InsecureSession.js.map +1 -1
- package/dist/esm/session/NodeSession.d.ts +3 -1
- package/dist/esm/session/NodeSession.d.ts.map +1 -1
- package/dist/esm/session/NodeSession.js +22 -14
- package/dist/esm/session/NodeSession.js.map +1 -1
- package/dist/esm/session/SessionManager.d.ts +1 -0
- package/dist/esm/session/SessionManager.d.ts.map +1 -1
- package/dist/esm/session/SessionManager.js +13 -4
- package/dist/esm/session/SessionManager.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
- package/dist/esm/session/case/CaseClient.js +17 -16
- package/dist/esm/session/case/CaseClient.js.map +1 -1
- package/dist/esm/session/case/CaseServer.d.ts.map +1 -1
- package/dist/esm/session/case/CaseServer.js +23 -19
- package/dist/esm/session/case/CaseServer.js.map +1 -1
- package/dist/esm/session/pase/PaseClient.d.ts +4 -4
- package/dist/esm/session/pase/PaseClient.d.ts.map +1 -1
- package/dist/esm/session/pase/PaseClient.js +12 -10
- package/dist/esm/session/pase/PaseClient.js.map +1 -1
- package/dist/esm/session/pase/PaseServer.d.ts.map +1 -1
- package/dist/esm/session/pase/PaseServer.js +6 -6
- package/dist/esm/session/pase/PaseServer.js.map +1 -1
- package/package.json +6 -6
- package/src/certificate/AttestationCertificateManager.ts +12 -10
- package/src/certificate/CertificateAuthority.ts +20 -11
- package/src/certificate/CertificateManager.ts +77 -72
- package/src/certificate/CertificationDeclarationManager.ts +3 -3
- package/src/certificate/DeviceCertification.ts +10 -4
- package/src/common/FailsafeContext.ts +1 -1
- package/src/fabric/Fabric.ts +36 -20
- package/src/fabric/FabricAuthority.ts +8 -16
- package/src/fabric/FabricManager.ts +10 -3
- package/src/fabric/TestFabric.ts +17 -22
- package/src/groups/FabricGroups.ts +20 -8
- package/src/groups/KeySets.ts +2 -2
- package/src/groups/MessagingState.ts +6 -3
- package/src/mdns/MdnsBroadcaster.ts +11 -4
- package/src/mdns/MdnsService.ts +3 -1
- package/src/peer/ControllerCommissioner.ts +1 -1
- package/src/peer/ControllerCommissioningFlow.ts +4 -6
- package/src/protocol/DeviceCommissioner.ts +1 -2
- package/src/protocol/ExchangeManager.ts +13 -6
- package/src/protocol/MessageCounter.ts +11 -3
- package/src/session/GroupSession.ts +7 -3
- package/src/session/InsecureSession.ts +4 -3
- package/src/session/NodeSession.ts +25 -14
- package/src/session/SessionManager.ts +14 -4
- package/src/session/case/CaseClient.ts +18 -16
- package/src/session/case/CaseServer.ts +22 -17
- package/src/session/pase/PaseClient.ts +11 -9
- package/src/session/pase/PaseServer.ts +6 -5
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { PrivateKey } from "#general";
|
|
6
|
+
import { Crypto, PrivateKey } from "#general";
|
|
7
7
|
import { VendorId } from "#types";
|
|
8
8
|
export declare class AttestationCertificateManager {
|
|
9
9
|
#private;
|
|
10
10
|
private paaCertId;
|
|
11
|
-
constructor(vendorId: VendorId, paiKeyPair: PrivateKey, paiKeyIdentifier: Uint8Array);
|
|
12
|
-
static create(vendorId: VendorId): Promise<AttestationCertificateManager>;
|
|
11
|
+
constructor(crypto: Crypto, vendorId: VendorId, paiKeyPair: PrivateKey, paiKeyIdentifier: Uint8Array);
|
|
12
|
+
static create(crypto: Crypto, vendorId: VendorId): Promise<AttestationCertificateManager>;
|
|
13
13
|
getPAICert(): Promise<Uint8Array<ArrayBufferLike>>;
|
|
14
14
|
getDACert(productId: number): Promise<{
|
|
15
15
|
keyPair: PrivateKey;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttestationCertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/AttestationCertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"AttestationCertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/AttestationCertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAS,MAAM,EAAE,UAAU,EAAe,MAAM,UAAU,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAuBlC,qBAAa,6BAA6B;;IACtC,OAAO,CAAC,SAAS,CAAa;gBAgBlB,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,gBAAgB,EAAE,UAAU;WAQvF,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAMtD,UAAU;IAIJ,SAAS,CAAC,SAAS,EAAE,MAAM;;;;IAWjC,OAAO,CAAC,eAAe;IAkCvB,OAAO,CAAC,eAAe;IAkCjB,cAAc,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;CAiCpF"}
|
|
@@ -45,6 +45,7 @@ class AttestationCertificateManager {
|
|
|
45
45
|
#paaKeyPair = (0, import_general.PrivateKey)(import_ChipPAAuthorities.TestCert_PAA_NoVID_PrivateKey, {
|
|
46
46
|
publicKey: import_ChipPAAuthorities.TestCert_PAA_NoVID_PublicKey
|
|
47
47
|
});
|
|
48
|
+
#certs;
|
|
48
49
|
#vendorId;
|
|
49
50
|
#paiKeyPair;
|
|
50
51
|
#paiKeyIdentifier;
|
|
@@ -52,22 +53,23 @@ class AttestationCertificateManager {
|
|
|
52
53
|
#paiCertId = BigInt(1);
|
|
53
54
|
#paiCertBytes;
|
|
54
55
|
#nextCertificateId = 2;
|
|
55
|
-
constructor(vendorId, paiKeyPair, paiKeyIdentifier) {
|
|
56
|
+
constructor(crypto, vendorId, paiKeyPair, paiKeyIdentifier) {
|
|
57
|
+
this.#certs = new import_CertificateManager.CertificateManager(crypto);
|
|
56
58
|
this.#vendorId = vendorId;
|
|
57
59
|
this.#paiKeyPair = paiKeyPair;
|
|
58
60
|
this.#paiKeyIdentifier = paiKeyIdentifier;
|
|
59
61
|
this.#paiCertBytes = this.generatePAICert(vendorId);
|
|
60
62
|
}
|
|
61
|
-
static async create(vendorId) {
|
|
62
|
-
const key = await
|
|
63
|
-
const identifier = await
|
|
64
|
-
return new AttestationCertificateManager(vendorId, key, identifier.slice(0, 20));
|
|
63
|
+
static async create(crypto, vendorId) {
|
|
64
|
+
const key = await crypto.createKeyPair();
|
|
65
|
+
const identifier = await crypto.computeSha256(key.publicKey);
|
|
66
|
+
return new AttestationCertificateManager(crypto, vendorId, key, identifier.slice(0, 20));
|
|
65
67
|
}
|
|
66
68
|
getPAICert() {
|
|
67
69
|
return this.#paiCertBytes;
|
|
68
70
|
}
|
|
69
71
|
async getDACert(productId) {
|
|
70
|
-
const dacKeyPair = await
|
|
72
|
+
const dacKeyPair = await this.#certs.crypto.createKeyPair();
|
|
71
73
|
return {
|
|
72
74
|
keyPair: dacKeyPair,
|
|
73
75
|
dac: await this.generateDaCert(dacKeyPair.publicKey, this.#vendorId, productId)
|
|
@@ -107,7 +109,7 @@ class AttestationCertificateManager {
|
|
|
107
109
|
authorityKeyIdentifier: this.#paaKeyIdentifier
|
|
108
110
|
}
|
|
109
111
|
};
|
|
110
|
-
return
|
|
112
|
+
return this.#certs.productAttestationAuthorityCertToAsn1(unsignedCertificate, this.#paaKeyPair);
|
|
111
113
|
}
|
|
112
114
|
generatePAICert(vendorId, productId) {
|
|
113
115
|
const now = import_general.Time.get().now();
|
|
@@ -140,7 +142,7 @@ class AttestationCertificateManager {
|
|
|
140
142
|
authorityKeyIdentifier: this.#paaKeyIdentifier
|
|
141
143
|
}
|
|
142
144
|
};
|
|
143
|
-
return
|
|
145
|
+
return this.#certs.productAttestationIntermediateCertToAsn1(unsignedCertificate, this.#paaKeyPair);
|
|
144
146
|
}
|
|
145
147
|
async generateDaCert(publicKey, vendorId, productId) {
|
|
146
148
|
const now = import_general.Time.get().now();
|
|
@@ -169,11 +171,11 @@ class AttestationCertificateManager {
|
|
|
169
171
|
keyUsage: {
|
|
170
172
|
digitalSignature: true
|
|
171
173
|
},
|
|
172
|
-
subjectKeyIdentifier: (await
|
|
174
|
+
subjectKeyIdentifier: (await this.#certs.crypto.computeSha256(publicKey)).slice(0, 20),
|
|
173
175
|
authorityKeyIdentifier: this.#paiKeyIdentifier
|
|
174
176
|
}
|
|
175
177
|
};
|
|
176
|
-
return
|
|
178
|
+
return this.#certs.deviceAttestationCertToAsn1(unsignedCertificate, this.#paiKeyPair);
|
|
177
179
|
}
|
|
178
180
|
}
|
|
179
181
|
//# sourceMappingURL=AttestationCertificateManager.js.map
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/AttestationCertificateManager.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAuD;AAEvD,gCAAmD;AACnD,+BAIO;AAbP;AAAA;AAAA;AAAA;AAAA;AAeA,SAAS,iBAAiB,UAAoB,WAAoB;AAC9D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,IAC/D,cAAc,SAAY,WAAW,KAAK,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC,EAClF;AACJ;AAEA,SAAS,iBAAiB,UAAoB,WAAmB;AAC7D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,MAAM,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC;AACjH;AAEA,SAAS,mBAAmB;AAExB,SAAO;AACX;AAEO,MAAM,8BAA8B;AAAA,EAC/B,YAAY,OAAO,CAAC;AAAA;AAAA;AAAA,EAInB,kBAAc,2BAAW,wDAA+B;AAAA,IAC7D,WAAW;AAAA,EACf,CAAC;AAAA,EACQ;AAAA,EACA;AAAA,EACA;AAAA,EACA,oBAAoB;AAAA,EACpB,aAAa,OAAO,CAAC;AAAA,EACrB;AAAA,EACT,qBAAqB;AAAA,EAErB,YAAY,UAAoB,YAAwB,kBAA8B;
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAuD;AAEvD,gCAAmD;AACnD,+BAIO;AAbP;AAAA;AAAA;AAAA;AAAA;AAeA,SAAS,iBAAiB,UAAoB,WAAoB;AAC9D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,IAC/D,cAAc,SAAY,WAAW,KAAK,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC,EAClF;AACJ;AAEA,SAAS,iBAAiB,UAAoB,WAAmB;AAC7D,SAAO,yBAAyB,SAAS,SAAS,EAAE,EAAE,YAAY,CAAC,MAAM,UAAU,SAAS,EAAE,EAAE,YAAY,CAAC;AACjH;AAEA,SAAS,mBAAmB;AAExB,SAAO;AACX;AAEO,MAAM,8BAA8B;AAAA,EAC/B,YAAY,OAAO,CAAC;AAAA;AAAA;AAAA,EAInB,kBAAc,2BAAW,wDAA+B;AAAA,IAC7D,WAAW;AAAA,EACf,CAAC;AAAA,EACQ;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,oBAAoB;AAAA,EACpB,aAAa,OAAO,CAAC;AAAA,EACrB;AAAA,EACT,qBAAqB;AAAA,EAErB,YAAY,QAAgB,UAAoB,YAAwB,kBAA8B;AAClG,SAAK,SAAS,IAAI,6CAAmB,MAAM;AAC3C,SAAK,YAAY;AACjB,SAAK,cAAc;AACnB,SAAK,oBAAoB;AACzB,SAAK,gBAAgB,KAAK,gBAAgB,QAAQ;AAAA,EACtD;AAAA,EAEA,aAAa,OAAO,QAAgB,UAAoB;AACpD,UAAM,MAAM,MAAM,OAAO,cAAc;AACvC,UAAM,aAAa,MAAM,OAAO,cAAc,IAAI,SAAS;AAC3D,WAAO,IAAI,8BAA8B,QAAQ,UAAU,KAAK,WAAW,MAAM,GAAG,EAAE,CAAC;AAAA,EAC3F;AAAA,EAEA,aAAa;AACT,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,MAAM,UAAU,WAAmB;AAC/B,UAAM,aAAa,MAAM,KAAK,OAAO,OAAO,cAAc;AAC1D,WAAO;AAAA,MACH,SAAS;AAAA,MACT,KAAK,MAAM,KAAK,eAAe,WAAW,WAAW,KAAK,WAAW,SAAS;AAAA,IAClF;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAgB,UAAqB;AACzC,UAAM,MAAM,oBAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAsB;AAAA,MACxB,cAAc,qBAAM,YAAQ,sBAAM,KAAK,SAAS,CAAC;AAAA,MACjD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ;AAAA,QACJ,YAAY,iBAAiB;AAAA,QAC7B;AAAA,MACJ;AAAA,MACA,eAAW,0CAAe,KAAK,EAAE;AAAA,MACjC,cAAU,0CAAe,KAAK,EAAE;AAAA,MAChC,SAAS;AAAA,QACL,YAAY,iBAAiB;AAAA,QAC7B;AAAA,MACJ;AAAA,MACA,wBAAwB,KAAK,YAAY;AAAA,MACzC,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,UACN,SAAS;AAAA,QACb;AAAA,QACA,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,KAAK,OAAO,sCAAsC,qBAAqB,KAAK,WAAW;AAAA,EAClG;AAAA,EAEQ,gBAAgB,UAAoB,WAAoB;AAC5D,UAAM,MAAM,oBAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAsB;AAAA,MACxB,cAAc,qBAAM,YAAQ,sBAAM,KAAK,UAAU,CAAC;AAAA,MAClD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ;AAAA,QACJ,YAAY,iBAAiB;AAAA,MACjC;AAAA,MACA,eAAW,0CAAe,KAAK,EAAE;AAAA,MACjC,cAAU,0CAAe,KAAK,EAAE;AAAA,MAChC,SAAS;AAAA,QACL,YAAY,iBAAiB,UAAU,SAAS;AAAA,QAChD;AAAA,QACA;AAAA,MACJ;AAAA,MACA,wBAAwB,KAAK,YAAY;AAAA,MACzC,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,UACN,SAAS;AAAA,QACb;AAAA,QACA,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,KAAK,OAAO,yCAAyC,qBAAqB,KAAK,WAAW;AAAA,EACrG;AAAA,EAEA,MAAM,eAAe,WAAuB,UAAoB,WAAmB;AAC/E,UAAM,MAAM,oBAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,SAAS,KAAK;AACpB,UAAM,sBAAsB;AAAA,MACxB,cAAc,qBAAM,YAAQ,sBAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,eAAW,0CAAe,KAAK,EAAE;AAAA,MACjC,cAAU,0CAAe,KAAK,EAAE;AAAA,MAChC,QAAQ;AAAA,QACJ,YAAY,iBAAiB,QAAQ;AAAA,QACrC;AAAA,MACJ;AAAA,MACA,SAAS;AAAA,QACL,YAAY,iBAAiB,UAAU,SAAS;AAAA,QAChD;AAAA,QACA;AAAA,MACJ;AAAA,MACA,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB;AAAA,UACd,MAAM;AAAA,QACV;AAAA,QACA,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,uBAAuB,MAAM,KAAK,OAAO,OAAO,cAAc,SAAS,GAAG,MAAM,GAAG,EAAE;AAAA,QACrF,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,KAAK,OAAO,4BAA4B,qBAAqB,KAAK,WAAW;AAAA,EACxF;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -3,17 +3,19 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { BinaryKeyPair, Construction, Environment, Environmental, StorageContext } from "#general";
|
|
6
|
+
import { BinaryKeyPair, Construction, Crypto, Environment, Environmental, StorageContext } from "#general";
|
|
7
7
|
import { CaseAuthenticatedTag, FabricId, NodeId } from "#types";
|
|
8
|
+
import { CertificateManager } from "./CertificateManager.js";
|
|
8
9
|
/**
|
|
9
10
|
* Manages the root key pair for a fabric owned by a local node.
|
|
10
11
|
* TODO: Add support for (optional) ICACs
|
|
11
12
|
*/
|
|
12
13
|
export declare class CertificateAuthority {
|
|
13
14
|
#private;
|
|
15
|
+
get certs(): CertificateManager;
|
|
14
16
|
get construction(): Construction<CertificateAuthority>;
|
|
15
|
-
static create(options?: StorageContext | CertificateAuthority.Configuration): Promise<CertificateAuthority>;
|
|
16
|
-
constructor(options?: StorageContext | CertificateAuthority.Configuration);
|
|
17
|
+
static create(crypto: Crypto, options?: StorageContext | CertificateAuthority.Configuration): Promise<CertificateAuthority>;
|
|
18
|
+
constructor(crypto: Crypto, options?: StorageContext | CertificateAuthority.Configuration);
|
|
17
19
|
static [Environmental.create](env: Environment): CertificateAuthority;
|
|
18
20
|
get rootCert(): Uint8Array<ArrayBufferLike>;
|
|
19
21
|
get config(): CertificateAuthority.Configuration;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EAEb,YAAY,
|
|
1
|
+
{"version":3,"file":"CertificateAuthority.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACH,aAAa,EAEb,YAAY,EACZ,MAAM,EACN,WAAW,EACX,aAAa,EAIb,cAAc,EAKjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChE,OAAO,EACH,kBAAkB,EAOrB,MAAM,yBAAyB,CAAC;AAIjC;;;GAGG;AACH,qBAAa,oBAAoB;;IAS7B,IAAI,KAAK,uBAER;IAED,IAAI,YAAY,uCAEf;WAEY,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa;gBAIrF,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAC,aAAa;IA2CzF,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAO9C,IAAI,QAAQ,gCAEX;IAED,IAAI,MAAM,IAAI,oBAAoB,CAAC,aAAa,CAQ/C;IA+BK,WAAW,CACb,SAAS,EAAE,UAAU,EACrB,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,EACd,qBAAqB,CAAC,EAAE,oBAAoB,EAAE;CA8CrD;AAED,yBAAiB,oBAAoB,CAAC;IAClC,KAAY,aAAa,GAAG;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,aAAa,CAAC;QAC3B,iBAAiB,EAAE,UAAU,CAAC;QAC9B,aAAa,EAAE,UAAU,CAAC;QAC1B,iBAAiB,EAAE,MAAM,CAAC;KAC7B,CAAC;CACL"}
|
|
@@ -30,23 +30,31 @@ var import_CertificateManager = require("./CertificateManager.js");
|
|
|
30
30
|
*/
|
|
31
31
|
const logger = import_general.Logger.get("CertificateAuthority");
|
|
32
32
|
class CertificateAuthority {
|
|
33
|
+
#certs;
|
|
33
34
|
#rootCertId = BigInt(0);
|
|
34
35
|
#rootKeyPair;
|
|
35
36
|
#rootKeyIdentifier;
|
|
36
37
|
#rootCertBytes;
|
|
37
38
|
#nextCertificateId = BigInt(1);
|
|
38
39
|
#construction;
|
|
40
|
+
get certs() {
|
|
41
|
+
return this.#certs;
|
|
42
|
+
}
|
|
39
43
|
get construction() {
|
|
40
44
|
return this.#construction;
|
|
41
45
|
}
|
|
42
|
-
static async create(options) {
|
|
43
|
-
return (0, import_general.asyncNew)(CertificateAuthority, options);
|
|
46
|
+
static async create(crypto, options) {
|
|
47
|
+
return (0, import_general.asyncNew)(CertificateAuthority, crypto, options);
|
|
44
48
|
}
|
|
45
|
-
constructor(options) {
|
|
49
|
+
constructor(crypto, options) {
|
|
50
|
+
this.#certs = new import_CertificateManager.CertificateManager(crypto);
|
|
46
51
|
this.#construction = (0, import_general.Construction)(this, async () => {
|
|
47
52
|
const certValues = options instanceof import_general.StorageContext ? await options.values() : options ?? {};
|
|
48
|
-
this.#rootKeyPair = await
|
|
49
|
-
this.#rootKeyIdentifier = (await
|
|
53
|
+
this.#rootKeyPair = await this.#certs.crypto.createKeyPair();
|
|
54
|
+
this.#rootKeyIdentifier = (await this.#certs.crypto.computeSha256(this.#rootKeyPair.publicKey)).slice(
|
|
55
|
+
0,
|
|
56
|
+
20
|
|
57
|
+
);
|
|
50
58
|
this.#rootCertBytes = await this.#generateRootCert();
|
|
51
59
|
if ((typeof certValues.rootCertId === "number" || typeof certValues.rootCertId === "bigint") && (ArrayBuffer.isView(certValues.rootKeyPair) || typeof certValues.rootKeyPair === "object") && ArrayBuffer.isView(certValues.rootKeyIdentifier) && ArrayBuffer.isView(certValues.rootCertBytes) && (typeof certValues.nextCertificateId === "number" || typeof certValues.nextCertificateId === "bigint")) {
|
|
52
60
|
this.#rootCertId = BigInt(certValues.rootCertId);
|
|
@@ -71,7 +79,7 @@ class CertificateAuthority {
|
|
|
71
79
|
}
|
|
72
80
|
static [import_general.Environmental.create](env) {
|
|
73
81
|
const storage = env.get(import_general.StorageManager).createContext("certificates");
|
|
74
|
-
const instance = new CertificateAuthority(storage);
|
|
82
|
+
const instance = new CertificateAuthority(env.get(import_general.Crypto), storage);
|
|
75
83
|
env.set(CertificateAuthority, instance);
|
|
76
84
|
return instance;
|
|
77
85
|
}
|
|
@@ -109,9 +117,9 @@ class CertificateAuthority {
|
|
|
109
117
|
authorityKeyIdentifier: this.#initializedRootKeyIdentifier
|
|
110
118
|
}
|
|
111
119
|
};
|
|
112
|
-
const signature = await
|
|
120
|
+
const signature = await this.#certs.crypto.signEcdsa(
|
|
113
121
|
this.#initializedRootKeyPair,
|
|
114
|
-
|
|
122
|
+
this.#certs.rootCertToAsn1(unsignedCertificate)
|
|
115
123
|
);
|
|
116
124
|
return import_CertificateManager.TlvRootCertificate.encode({ ...unsignedCertificate, signature });
|
|
117
125
|
}
|
|
@@ -134,13 +142,13 @@ class CertificateAuthority {
|
|
|
134
142
|
digitalSignature: true
|
|
135
143
|
},
|
|
136
144
|
extendedKeyUsage: [2, 1],
|
|
137
|
-
subjectKeyIdentifier: (await
|
|
145
|
+
subjectKeyIdentifier: (await this.#certs.crypto.computeSha256(publicKey)).slice(0, 20),
|
|
138
146
|
authorityKeyIdentifier: this.#initializedRootKeyIdentifier
|
|
139
147
|
}
|
|
140
148
|
};
|
|
141
|
-
const signature = await
|
|
149
|
+
const signature = await this.#certs.crypto.signEcdsa(
|
|
142
150
|
this.#initializedRootKeyPair,
|
|
143
|
-
|
|
151
|
+
this.#certs.nodeOperationalCertToAsn1(unsignedCertificate)
|
|
144
152
|
);
|
|
145
153
|
return import_CertificateManager.TlvOperationalCertificate.encode({ ...unsignedCertificate, signature });
|
|
146
154
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../src/certificate/CertificateAuthority.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAeO;AAEP,gCAQO;AA/BP;AAAA;AAAA;AAAA;AAAA;AAiCA,MAAM,SAAS,sBAAO,IAAI,sBAAsB;AAMzC,MAAM,qBAAqB;AAAA,EAC9B,cAAc,OAAO,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB,OAAO,CAAC;AAAA,EAC7B;AAAA,EAEA,IAAI,eAAe;AACf,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,aAAa,OAAO,SAA+D;AAC/
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAeO;AAEP,gCAQO;AA/BP;AAAA;AAAA;AAAA;AAAA;AAiCA,MAAM,SAAS,sBAAO,IAAI,sBAAsB;AAMzC,MAAM,qBAAqB;AAAA,EAC9B;AAAA,EACA,cAAc,OAAO,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA,qBAAqB,OAAO,CAAC;AAAA,EAC7B;AAAA,EAEA,IAAI,QAAQ;AACR,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,eAAe;AACf,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,aAAa,OAAO,QAAgB,SAA+D;AAC/F,eAAO,yBAAS,sBAAsB,QAAQ,OAAO;AAAA,EACzD;AAAA,EAEA,YAAY,QAAgB,SAA+D;AACvF,SAAK,SAAS,IAAI,6CAAmB,MAAM;AAC3C,SAAK,oBAAgB,6BAAa,MAAM,YAAY;AAEhD,YAAM,aAAa,mBAAmB,gCAAiB,MAAM,QAAQ,OAAO,IAAK,WAAW,CAAC;AAE7F,WAAK,eAAe,MAAM,KAAK,OAAO,OAAO,cAAc;AAC3D,WAAK,sBAAsB,MAAM,KAAK,OAAO,OAAO,cAAc,KAAK,aAAa,SAAS,GAAG;AAAA,QAC5F;AAAA,QACA;AAAA,MACJ;AACA,WAAK,iBAAiB,MAAM,KAAK,kBAAkB;AAEnD,WACK,OAAO,WAAW,eAAe,YAAY,OAAO,WAAW,eAAe,cAC9E,YAAY,OAAO,WAAW,WAAW,KAAK,OAAO,WAAW,gBAAgB,aACjF,YAAY,OAAO,WAAW,iBAAiB,KAC/C,YAAY,OAAO,WAAW,aAAa,MAC1C,OAAO,WAAW,sBAAsB,YAAY,OAAO,WAAW,sBAAsB,WAC/F;AACE,aAAK,cAAc,OAAO,WAAW,UAAU;AAC/C,aAAK,mBAAe,2BAAW,WAAW,WAA4B;AACtE,aAAK,qBAAqB,WAAW;AACrC,aAAK,iBAAiB,WAAW;AACjC,aAAK,qBAAqB,OAAO,WAAW,iBAAiB;AAC7D,eAAO,KAAK,qCAAqC,KAAK,WAAW,EAAE;AACnE;AAAA,MACJ;AAEA,aAAO,KAAK,mCAAmC,KAAK,WAAW,EAAE;AAEjE,UAAI,mBAAmB,+BAAgB;AACnC,cAAM,QAAQ,IAAI;AAAA,UACd,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK,aAAa;AAAA,UAC/B,mBAAmB,KAAK;AAAA,UACxB,eAAe,KAAK;AAAA,UACpB,mBAAmB,KAAK;AAAA,QAC5B,CAAC;AAAA,MACL;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,QAAQ,6BAAc,MAAM,EAAE,KAAkB;AAC5C,UAAM,UAAU,IAAI,IAAI,6BAAc,EAAE,cAAc,cAAc;AACpE,UAAM,WAAW,IAAI,qBAAqB,IAAI,IAAI,qBAAM,GAAG,OAAO;AAClE,QAAI,IAAI,sBAAsB,QAAQ;AACtC,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,WAAW;AACX,WAAO,KAAK,cAAc,OAAO,aAAa,KAAK,cAAc;AAAA,EACrE;AAAA,EAEA,IAAI,SAA6C;AAC7C,WAAO;AAAA,MACH,YAAY,KAAK;AAAA,MACjB,aAAa,KAAK,aAAa,OAAO,iBAAiB,KAAK,YAAY,EAAE;AAAA,MAC1E,mBAAmB,KAAK,aAAa,OAAO,uBAAuB,KAAK,kBAAkB;AAAA,MAC1F,eAAe,KAAK,aAAa,OAAO,mBAAmB,KAAK,cAAc;AAAA,MAC9E,mBAAmB,KAAK;AAAA,IAC5B;AAAA,EACJ;AAAA,EAEA,MAAM,oBAAoB;AACtB,UAAM,MAAM,oBAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,sBAAiD;AAAA,MACnD,cAAc,qBAAM,YAAQ,sBAAM,KAAK,WAAW,CAAC;AAAA,MACnD,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,eAAW,0CAAe,KAAK,EAAE;AAAA,MACjC,cAAU,0CAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,QAAQ,KAAK,YAAY;AAAA,MACpC,wBAAwB,KAAK,wBAAwB;AAAA,MACrD,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,KAAK;AAAA,QAC/B,UAAU;AAAA,UACN,aAAa;AAAA,UACb,SAAS;AAAA,QACb;AAAA,QACA,sBAAsB,KAAK;AAAA,QAC3B,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AACA,UAAM,YAAY,MAAM,KAAK,OAAO,OAAO;AAAA,MACvC,KAAK;AAAA,MACL,KAAK,OAAO,eAAe,mBAAmB;AAAA,IAClD;AACA,WAAO,6CAAmB,OAAO,EAAE,GAAG,qBAAqB,UAAU,CAAC;AAAA,EAC1E;AAAA,EAEA,MAAM,YACF,WACA,UACA,QACA,uBACF;AACE,UAAM,MAAM,oBAAK,IAAI,EAAE,IAAI;AAC3B,UAAM,SAAS,KAAK;AACpB,UAAM,sBAAwD;AAAA,MAC1D,cAAc,qBAAM,YAAQ,sBAAM,MAAM,CAAC;AAAA,MACzC,oBAAoB;AAAA,MACpB,oBAAoB;AAAA,MACpB,yBAAyB;AAAA,MACzB,QAAQ,EAAE,QAAQ,KAAK,YAAY;AAAA,MACnC,eAAW,0CAAe,KAAK,EAAE;AAAA,MACjC,cAAU,0CAAe,KAAK,EAAE;AAAA,MAChC,SAAS,EAAE,UAAU,QAAQ,sBAAsB;AAAA,MACnD,wBAAwB;AAAA,MACxB,YAAY;AAAA,QACR,kBAAkB,EAAE,MAAM,MAAM;AAAA,QAChC,UAAU;AAAA,UACN,kBAAkB;AAAA,QACtB;AAAA,QACA,kBAAkB,CAAC,GAAG,CAAC;AAAA,QACvB,uBAAuB,MAAM,KAAK,OAAO,OAAO,cAAc,SAAS,GAAG,MAAM,GAAG,EAAE;AAAA,QACrF,wBAAwB,KAAK;AAAA,MACjC;AAAA,IACJ;AAEA,UAAM,YAAY,MAAM,KAAK,OAAO,OAAO;AAAA,MACvC,KAAK;AAAA,MACL,KAAK,OAAO,0BAA0B,mBAAmB;AAAA,IAC7D;AAEA,WAAO,oDAA0B,OAAO,EAAE,GAAG,qBAAqB,UAAU,CAAC;AAAA,EACjF;AAAA,EAEA,IAAI,0BAA0B;AAC1B,QAAI,KAAK,iBAAiB,QAAW;AACjC,YAAM,IAAI,6BAAc,iCAAiC;AAAA,IAC7D;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,gCAAgC;AAChC,QAAI,KAAK,uBAAuB,QAAW;AACvC,YAAM,IAAI,6BAAc,oCAAoC;AAAA,IAChE;AACA,WAAO,KAAK;AAAA,EAChB;AACJ;",
|
|
5
5
|
"names": []
|
|
6
6
|
}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { Key, MatterError } from "#general";
|
|
6
|
+
import { Crypto, Key, MatterError } from "#general";
|
|
7
7
|
import { BitFlag, CaseAuthenticatedTag, FabricId, NodeId, TypeFromPartialBitSchema, TypeFromSchema, VendorId } from "#types";
|
|
8
8
|
export declare class CertificateError extends MatterError {
|
|
9
9
|
}
|
|
@@ -540,36 +540,39 @@ export type OperationalCertificate = TypeFromSchema<typeof TlvOperationalCertifi
|
|
|
540
540
|
export type Unsigned<Type> = {
|
|
541
541
|
[Property in keyof Type as Exclude<Property, "signature">]: Type[Property];
|
|
542
542
|
};
|
|
543
|
-
export declare
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
543
|
+
export declare class CertificateManager {
|
|
544
|
+
#private;
|
|
545
|
+
constructor(crypto: Crypto);
|
|
546
|
+
get crypto(): Crypto;
|
|
547
|
+
rootCertToAsn1(cert: Unsigned<RootCertificate>): Uint8Array<ArrayBufferLike>;
|
|
548
|
+
intermediateCaCertToAsn1(cert: Unsigned<IntermediateCertificate>): Uint8Array<ArrayBufferLike>;
|
|
549
|
+
nodeOperationalCertToAsn1(cert: Unsigned<OperationalCertificate>): Uint8Array<ArrayBufferLike>;
|
|
550
|
+
deviceAttestationCertToAsn1(cert: Unsigned<DeviceAttestationCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
551
|
+
productAttestationIntermediateCertToAsn1(cert: Unsigned<ProductAttestationIntermediateCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
552
|
+
productAttestationAuthorityCertToAsn1(cert: Unsigned<ProductAttestationAuthorityCertificate>, key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
553
|
+
certificationDeclarationToAsn1(eContent: Uint8Array, subjectKeyIdentifier: Uint8Array, privateKey: JsonWebKey): Promise<Uint8Array<ArrayBufferLike>>;
|
|
551
554
|
/**
|
|
552
555
|
* Validate general requirements a Matter certificate fields must fulfill.
|
|
553
556
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
554
557
|
*/
|
|
555
|
-
|
|
558
|
+
validateGeneralCertificateFields(cert: RootCertificate | OperationalCertificate | IntermediateCertificate): void;
|
|
556
559
|
/**
|
|
557
560
|
* Verify requirements a Matter Root certificate must fulfill.
|
|
558
561
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
559
562
|
*/
|
|
560
|
-
|
|
563
|
+
verifyRootCertificate(rootCert: RootCertificate): Promise<void>;
|
|
561
564
|
/**
|
|
562
565
|
* Verify requirements a Matter Node Operational certificate must fulfill.
|
|
563
566
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
564
567
|
*/
|
|
565
|
-
|
|
568
|
+
verifyNodeOperationalCertificate(nocCert: OperationalCertificate, rootCert: RootCertificate, icaCert?: IntermediateCertificate): Promise<void>;
|
|
566
569
|
/**
|
|
567
570
|
* Verify requirements a Matter Intermediate CA certificate must fulfill.
|
|
568
571
|
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
569
572
|
*/
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
+
verifyIntermediateCaCertificate(rootCert: RootCertificate, icaCert: IntermediateCertificate): Promise<void>;
|
|
574
|
+
createCertificateSigningRequest(key: Key): Promise<Uint8Array<ArrayBufferLike>>;
|
|
575
|
+
getPublicKeyFromCsr(csr: Uint8Array): Promise<Uint8Array<ArrayBufferLike>>;
|
|
573
576
|
}
|
|
574
577
|
export {};
|
|
575
578
|
//# sourceMappingURL=CertificateManager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"CertificateManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificateManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAIH,MAAM,EASN,GAAG,EAEH,WAAW,EASd,MAAM,UAAU,CAAC;AAClB,OAAO,EACH,OAAO,EAEP,oBAAoB,EACpB,QAAQ,EACR,MAAM,EAoBN,wBAAwB,EACxB,cAAc,EACd,QAAQ,EACX,MAAM,QAAQ,CAAC;AAIhB,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAcpD,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,QAE1C;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,SAAI,UAItD;AAoDD,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuC,CAAC;AAElE,mEAAmE;AACnE,eAAO,MAAM,wBAAwB,0BAAuC,CAAC;AAE7E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,uDAAuD;AACvD,eAAO,MAAM,aAAa,mCAAgD,CAAC;AAE3E,yDAAyD;AACzD,eAAO,MAAM,eAAe,4BAAyC,CAAC;AAEtE,uDAAuD;AACvD,eAAO,MAAM,aAAa,0BAAuD,CAAC;AAElF,uDAAuD;AACvD,eAAO,MAAM,eAAe,4BAA0D,CAAC;AAEvF,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,0BAAwD,CAAC;AA2DtF,QAAA,MAAM,uBAAuB;;;;;;;;;;CAU5B,CAAC;AA2DF,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM7B,CAAC;AAEH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAOpC,CAAC;AAEH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAMrC,CAAC;AAEH,QAAA,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAA0B,CAAC;AAEnD,UAAU,0BAA0B;IAChC,YAAY,EAAE,UAAU,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,EAAE,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,EAAE,CAAC;IACZ,kBAAkB,EAAE,MAAM,CAAC;IAC3B,uBAAuB,EAAE,MAAM,CAAC;IAChC,sBAAsB,EAAE,UAAU,CAAC;IACnC,UAAU,EAAE;QACR,gBAAgB,EAAE;YACd,IAAI,EAAE,OAAO,CAAC;YACd,OAAO,CAAC,EAAE,MAAM,CAAC;SACpB,CAAC;QACF,QAAQ,EAAE,wBAAwB,CAAC,OAAO,uBAAuB,CAAC,CAAC;QACnE,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC5B,oBAAoB,EAAE,UAAU,CAAC;QACjC,sBAAsB,EAAE,UAAU,CAAC;QACnC,eAAe,CAAC,EAAE,UAAU,EAAE,CAAC;KAClC,CAAC;IACF,SAAS,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,WAAW,4BAA6B,SAAQ,0BAA0B;IAC5E,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,yCAA0C,SAAQ,0BAA0B;IACzF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,QAAQ,CAAC;KACtB,CAAC;CACL;AAED,MAAM,WAAW,sCAAuC,SAAQ,0BAA0B;IACtF,MAAM,EAAE;QACJ,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;IACF,OAAO,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,QAAQ,CAAC;KACvB,CAAC;CACL;AAED,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;EAgBtC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACxE,MAAM,MAAM,uBAAuB,GAAG,cAAc,CAAC,OAAO,0BAA0B,CAAC,CAAC;AACxF,MAAM,MAAM,sBAAsB,GAAG,cAAc,CAAC,OAAO,yBAAyB,CAAC,CAAC;AACtF,MAAM,MAAM,QAAQ,CAAC,IAAI,IAAI;KAAG,QAAQ,IAAI,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC;CAAE,CAAC;AAoO5G,qBAAa,kBAAkB;;gBAGf,MAAM,EAAE,MAAM;IAI1B,IAAI,MAAM,WAET;IAED,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,eAAe,CAAC;IAY9C,wBAAwB,CAAC,IAAI,EAAE,QAAQ,CAAC,uBAAuB,CAAC;IAYhE,yBAAyB,CAAC,IAAI,EAAE,QAAQ,CAAC,sBAAsB,CAAC;IAiB1D,2BAA2B,CAAC,IAAI,EAAE,QAAQ,CAAC,4BAA4B,CAAC,EAAE,GAAG,EAAE,GAAG;IAYlF,wCAAwC,CAC1C,IAAI,EAAE,QAAQ,CAAC,yCAAyC,CAAC,EACzD,GAAG,EAAE,GAAG;IAaN,qCAAqC,CAAC,IAAI,EAAE,QAAQ,CAAC,sCAAsC,CAAC,EAAE,GAAG,EAAE,GAAG;IAWtG,8BAA8B,CAChC,QAAQ,EAAE,UAAU,EACpB,oBAAoB,EAAE,UAAU,EAChC,UAAU,EAAE,UAAU;IAsB1B;;;OAGG;IACH,gCAAgC,CAAC,IAAI,EAAE,eAAe,GAAG,sBAAsB,GAAG,uBAAuB;IAuCzG;;;OAGG;IACG,qBAAqB,CAAC,QAAQ,EAAE,eAAe;IA2FrD;;;OAGG;IACG,gCAAgC,CAClC,OAAO,EAAE,sBAAsB,EAC/B,QAAQ,EAAE,eAAe,EACzB,OAAO,CAAC,EAAE,uBAAuB;IAyHrC;;;OAGG;IACG,+BAA+B,CAAC,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,uBAAuB;IAkH3F,+BAA+B,CAAC,GAAG,EAAE,GAAG;IAexC,mBAAmB,CAAC,GAAG,EAAE,UAAU;CAqC5C"}
|
|
@@ -408,51 +408,57 @@ function extensionsToAsn1(extensions) {
|
|
|
408
408
|
});
|
|
409
409
|
return asn;
|
|
410
410
|
}
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
411
|
+
function genericBuildAsn1Structure({
|
|
412
|
+
serialNumber,
|
|
413
|
+
notBefore,
|
|
414
|
+
notAfter,
|
|
415
|
+
issuer,
|
|
416
|
+
subject,
|
|
417
|
+
ellipticCurvePublicKey,
|
|
418
|
+
extensions
|
|
419
|
+
}) {
|
|
420
|
+
const {
|
|
421
|
+
basicConstraints: { isCa, pathLen }
|
|
422
|
+
} = extensions;
|
|
423
|
+
if (!isCa && pathLen !== void 0) {
|
|
424
|
+
throw new CertificateError("Path length must be undefined for non-CA certificates.");
|
|
419
425
|
}
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
subject: subjectOrIssuerToAsn1(subject),
|
|
446
|
-
publicKey: import_general.X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),
|
|
447
|
-
extensions: (0, import_general.ContextTagged)(3, extensionsToAsn1(extensions))
|
|
448
|
-
};
|
|
426
|
+
return {
|
|
427
|
+
version: (0, import_general.ContextTagged)(0, 2),
|
|
428
|
+
// v3
|
|
429
|
+
serialNumber: (0, import_general.DatatypeOverride)(import_general.DerType.Integer, serialNumber),
|
|
430
|
+
signatureAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
431
|
+
issuer: subjectOrIssuerToAsn1(issuer),
|
|
432
|
+
validity: {
|
|
433
|
+
notBefore: matterToJsDate(notBefore),
|
|
434
|
+
notAfter: matterToJsDate(notAfter)
|
|
435
|
+
},
|
|
436
|
+
subject: subjectOrIssuerToAsn1(subject),
|
|
437
|
+
publicKey: import_general.X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),
|
|
438
|
+
extensions: (0, import_general.ContextTagged)(3, extensionsToAsn1(extensions))
|
|
439
|
+
};
|
|
440
|
+
}
|
|
441
|
+
function genericCertToAsn1(cert) {
|
|
442
|
+
const certBytes = import_general.DerCodec.encode(genericBuildAsn1Structure(cert));
|
|
443
|
+
assertCertificateDerSize(certBytes);
|
|
444
|
+
return certBytes;
|
|
445
|
+
}
|
|
446
|
+
function assertCertificateDerSize(certBytes) {
|
|
447
|
+
if (certBytes.length > MAX_DER_CERTIFICATE_SIZE) {
|
|
448
|
+
throw new import_general.ImplementationError(
|
|
449
|
+
`Certificate to generate is too big: ${certBytes.length} bytes instead of max ${MAX_DER_CERTIFICATE_SIZE} bytes`
|
|
450
|
+
);
|
|
449
451
|
}
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
452
|
+
}
|
|
453
|
+
class CertificateManager {
|
|
454
|
+
#crypto;
|
|
455
|
+
constructor(crypto) {
|
|
456
|
+
this.#crypto = crypto;
|
|
457
|
+
}
|
|
458
|
+
get crypto() {
|
|
459
|
+
return this.#crypto;
|
|
454
460
|
}
|
|
455
|
-
|
|
461
|
+
rootCertToAsn1(cert) {
|
|
456
462
|
const {
|
|
457
463
|
extensions: {
|
|
458
464
|
basicConstraints: { isCa }
|
|
@@ -463,8 +469,7 @@ var CertificateManager;
|
|
|
463
469
|
}
|
|
464
470
|
return genericCertToAsn1(cert);
|
|
465
471
|
}
|
|
466
|
-
|
|
467
|
-
function intermediateCaCertToAsn1(cert) {
|
|
472
|
+
intermediateCaCertToAsn1(cert) {
|
|
468
473
|
const {
|
|
469
474
|
extensions: {
|
|
470
475
|
basicConstraints: { isCa }
|
|
@@ -475,8 +480,7 @@ var CertificateManager;
|
|
|
475
480
|
}
|
|
476
481
|
return genericCertToAsn1(cert);
|
|
477
482
|
}
|
|
478
|
-
|
|
479
|
-
function nodeOperationalCertToAsn1(cert) {
|
|
483
|
+
nodeOperationalCertToAsn1(cert) {
|
|
480
484
|
const {
|
|
481
485
|
issuer: { icacId, rcacId },
|
|
482
486
|
extensions: {
|
|
@@ -491,10 +495,9 @@ var CertificateManager;
|
|
|
491
495
|
}
|
|
492
496
|
return genericCertToAsn1(cert);
|
|
493
497
|
}
|
|
494
|
-
|
|
495
|
-
async function deviceAttestationCertToAsn1(cert, key) {
|
|
498
|
+
async deviceAttestationCertToAsn1(cert, key) {
|
|
496
499
|
const certificate = genericBuildAsn1Structure(cert);
|
|
497
|
-
const signature = await
|
|
500
|
+
const signature = await this.#crypto.signEcdsa(key, import_general.DerCodec.encode(certificate), "der");
|
|
498
501
|
const certBytes = import_general.DerCodec.encode({
|
|
499
502
|
certificate,
|
|
500
503
|
signAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
@@ -503,10 +506,9 @@ var CertificateManager;
|
|
|
503
506
|
assertCertificateDerSize(certBytes);
|
|
504
507
|
return certBytes;
|
|
505
508
|
}
|
|
506
|
-
|
|
507
|
-
async function productAttestationIntermediateCertToAsn1(cert, key) {
|
|
509
|
+
async productAttestationIntermediateCertToAsn1(cert, key) {
|
|
508
510
|
const certificate = genericBuildAsn1Structure(cert);
|
|
509
|
-
const signature = await
|
|
511
|
+
const signature = await this.#crypto.signEcdsa(key, import_general.DerCodec.encode(certificate), "der");
|
|
510
512
|
const certBytes = import_general.DerCodec.encode({
|
|
511
513
|
certificate,
|
|
512
514
|
signAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
@@ -515,19 +517,17 @@ var CertificateManager;
|
|
|
515
517
|
assertCertificateDerSize(certBytes);
|
|
516
518
|
return certBytes;
|
|
517
519
|
}
|
|
518
|
-
|
|
519
|
-
async function productAttestationAuthorityCertToAsn1(cert, key) {
|
|
520
|
+
async productAttestationAuthorityCertToAsn1(cert, key) {
|
|
520
521
|
const certificate = genericBuildAsn1Structure(cert);
|
|
521
522
|
const certBytes = import_general.DerCodec.encode({
|
|
522
523
|
certificate,
|
|
523
524
|
signAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
524
|
-
signature: (0, import_general.DerBitString)(await
|
|
525
|
+
signature: (0, import_general.DerBitString)(await this.#crypto.signEcdsa(key, import_general.DerCodec.encode(certificate), "der"))
|
|
525
526
|
});
|
|
526
527
|
assertCertificateDerSize(certBytes);
|
|
527
528
|
return certBytes;
|
|
528
529
|
}
|
|
529
|
-
|
|
530
|
-
async function certificationDeclarationToAsn1(eContent, subjectKeyIdentifier, privateKey) {
|
|
530
|
+
async certificationDeclarationToAsn1(eContent, subjectKeyIdentifier, privateKey) {
|
|
531
531
|
const certificate = {
|
|
532
532
|
version: 3,
|
|
533
533
|
digestAlgorithm: [import_general.SHA256_CMS],
|
|
@@ -538,7 +538,7 @@ var CertificateManager;
|
|
|
538
538
|
subjectKeyIdentifier: (0, import_general.ContextTaggedBytes)(0, subjectKeyIdentifier),
|
|
539
539
|
digestAlgorithm: import_general.SHA256_CMS,
|
|
540
540
|
signatureAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
541
|
-
signature: await
|
|
541
|
+
signature: await this.#crypto.signEcdsa(privateKey, eContent, "der")
|
|
542
542
|
}
|
|
543
543
|
]
|
|
544
544
|
};
|
|
@@ -546,8 +546,11 @@ var CertificateManager;
|
|
|
546
546
|
assertCertificateDerSize(certBytes);
|
|
547
547
|
return certBytes;
|
|
548
548
|
}
|
|
549
|
-
|
|
550
|
-
|
|
549
|
+
/**
|
|
550
|
+
* Validate general requirements a Matter certificate fields must fulfill.
|
|
551
|
+
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
552
|
+
*/
|
|
553
|
+
validateGeneralCertificateFields(cert) {
|
|
551
554
|
if (cert.serialNumber.length > 20)
|
|
552
555
|
throw new CertificateError(
|
|
553
556
|
`Serial number must not be longer then 20 octets. Current serial number has ${cert.serialNumber.length} octets.`
|
|
@@ -571,9 +574,12 @@ var CertificateManager;
|
|
|
571
574
|
logger.warn(`Certificate notBefore date is in the future: ${cert.notBefore * 1e3} vs ${import_general.Time.nowMs()}`);
|
|
572
575
|
}
|
|
573
576
|
}
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
+
/**
|
|
578
|
+
* Verify requirements a Matter Root certificate must fulfill.
|
|
579
|
+
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
580
|
+
*/
|
|
581
|
+
async verifyRootCertificate(rootCert) {
|
|
582
|
+
this.validateGeneralCertificateFields(rootCert);
|
|
577
583
|
if ("nodeId" in rootCert.subject) {
|
|
578
584
|
throw new CertificateError(`Root certificate must not contain a nodeId.`);
|
|
579
585
|
}
|
|
@@ -628,15 +634,18 @@ var CertificateManager;
|
|
|
628
634
|
`Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`
|
|
629
635
|
);
|
|
630
636
|
}
|
|
631
|
-
await
|
|
637
|
+
await this.#crypto.verifyEcdsa(
|
|
632
638
|
(0, import_general.PublicKey)(rootCert.ellipticCurvePublicKey),
|
|
633
|
-
rootCertToAsn1(rootCert),
|
|
639
|
+
this.rootCertToAsn1(rootCert),
|
|
634
640
|
rootCert.signature
|
|
635
641
|
);
|
|
636
642
|
}
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
643
|
+
/**
|
|
644
|
+
* Verify requirements a Matter Node Operational certificate must fulfill.
|
|
645
|
+
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
646
|
+
*/
|
|
647
|
+
async verifyNodeOperationalCertificate(nocCert, rootCert, icaCert) {
|
|
648
|
+
this.validateGeneralCertificateFields(nocCert);
|
|
640
649
|
if (nocCert.subject.nodeId === void 0 || Array.isArray(nocCert.subject.nodeId)) {
|
|
641
650
|
throw new CertificateError(`Invalid nodeId in NoC certificate: ${import_general.Diagnostic.json(nocCert.subject.nodeId)}`);
|
|
642
651
|
}
|
|
@@ -707,15 +716,18 @@ var CertificateManager;
|
|
|
707
716
|
`Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`
|
|
708
717
|
);
|
|
709
718
|
}
|
|
710
|
-
await
|
|
719
|
+
await this.#crypto.verifyEcdsa(
|
|
711
720
|
(0, import_general.PublicKey)((icaCert ?? rootCert).ellipticCurvePublicKey),
|
|
712
|
-
nodeOperationalCertToAsn1(nocCert),
|
|
721
|
+
this.nodeOperationalCertToAsn1(nocCert),
|
|
713
722
|
nocCert.signature
|
|
714
723
|
);
|
|
715
724
|
}
|
|
716
|
-
|
|
717
|
-
|
|
718
|
-
|
|
725
|
+
/**
|
|
726
|
+
* Verify requirements a Matter Intermediate CA certificate must fulfill.
|
|
727
|
+
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
728
|
+
*/
|
|
729
|
+
async verifyIntermediateCaCertificate(rootCert, icaCert) {
|
|
730
|
+
this.validateGeneralCertificateFields(icaCert);
|
|
719
731
|
if ("nodeId" in icaCert.subject) {
|
|
720
732
|
throw new CertificateError(`Ica certificate must not contain a nodeId.`);
|
|
721
733
|
}
|
|
@@ -782,14 +794,13 @@ var CertificateManager;
|
|
|
782
794
|
`Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`
|
|
783
795
|
);
|
|
784
796
|
}
|
|
785
|
-
await
|
|
797
|
+
await this.#crypto.verifyEcdsa(
|
|
786
798
|
(0, import_general.PublicKey)(rootCert.ellipticCurvePublicKey),
|
|
787
|
-
intermediateCaCertToAsn1(icaCert),
|
|
799
|
+
this.intermediateCaCertToAsn1(icaCert),
|
|
788
800
|
icaCert.signature
|
|
789
801
|
);
|
|
790
802
|
}
|
|
791
|
-
|
|
792
|
-
async function createCertificateSigningRequest(key) {
|
|
803
|
+
async createCertificateSigningRequest(key) {
|
|
793
804
|
const request = {
|
|
794
805
|
version: 0,
|
|
795
806
|
subject: { organization: import_general.X520.OrganisationName("CSR") },
|
|
@@ -799,11 +810,10 @@ var CertificateManager;
|
|
|
799
810
|
return import_general.DerCodec.encode({
|
|
800
811
|
request,
|
|
801
812
|
signAlgorithm: import_general.X962.EcdsaWithSHA256,
|
|
802
|
-
signature: (0, import_general.DerBitString)(await
|
|
813
|
+
signature: (0, import_general.DerBitString)(await this.#crypto.signEcdsa(key, import_general.DerCodec.encode(request), "der"))
|
|
803
814
|
});
|
|
804
815
|
}
|
|
805
|
-
|
|
806
|
-
async function getPublicKeyFromCsr(csr) {
|
|
816
|
+
async getPublicKeyFromCsr(csr) {
|
|
807
817
|
const { [import_general.DerKey.Elements]: rootElements } = import_general.DerCodec.decode(csr);
|
|
808
818
|
if (rootElements?.length !== 3) throw new CertificateError("Invalid CSR data");
|
|
809
819
|
const [requestNode, signAlgorithmNode, signatureNode] = rootElements;
|
|
@@ -821,7 +831,7 @@ var CertificateManager;
|
|
|
821
831
|
signAlgorithmNode[import_general.DerKey.Elements]?.[0]?.[import_general.DerKey.Bytes]
|
|
822
832
|
))
|
|
823
833
|
throw new CertificateError("Unsupported signature type");
|
|
824
|
-
await
|
|
834
|
+
await this.#crypto.verifyEcdsa(
|
|
825
835
|
(0, import_general.PublicKey)(publicKey),
|
|
826
836
|
import_general.DerCodec.encode(requestNode),
|
|
827
837
|
signatureNode[import_general.DerKey.Bytes],
|
|
@@ -829,6 +839,5 @@ var CertificateManager;
|
|
|
829
839
|
);
|
|
830
840
|
return publicKey;
|
|
831
841
|
}
|
|
832
|
-
|
|
833
|
-
})(CertificateManager || (CertificateManager = {}));
|
|
842
|
+
}
|
|
834
843
|
//# sourceMappingURL=CertificateManager.js.map
|