@matter/protocol 0.15.0-alpha.0-20250617-f4d4cad23 → 0.15.0-alpha.0-20250620-16e218ed3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/action/client/index.d.ts +1 -1
- package/dist/cjs/action/client/index.js +1 -1
- package/dist/cjs/action/errors.d.ts +12 -0
- package/dist/cjs/action/errors.d.ts.map +1 -1
- package/dist/cjs/action/errors.js +13 -1
- package/dist/cjs/action/errors.js.map +1 -1
- package/dist/cjs/action/protocols.d.ts +1 -1
- package/dist/cjs/action/protocols.js +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.d.ts +1 -1
- package/dist/cjs/action/server/AttributeReadResponse.js +1 -1
- package/dist/cjs/action/server/AttributeSubscriptionResponse.d.ts +1 -1
- package/dist/cjs/action/server/AttributeSubscriptionResponse.js +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.d.ts +1 -1
- package/dist/cjs/action/server/AttributeWriteResponse.js +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.d.ts +1 -1
- package/dist/cjs/action/server/CommandInvokeResponse.js +1 -1
- package/dist/cjs/action/server/DataResponse.d.ts +1 -1
- package/dist/cjs/action/server/DataResponse.js +1 -1
- package/dist/cjs/action/server/EventReadResponse.d.ts +1 -1
- package/dist/cjs/action/server/EventReadResponse.js +1 -1
- package/dist/cjs/action/server/ServerInteraction.d.ts +1 -1
- package/dist/cjs/action/server/ServerInteraction.js +1 -1
- package/dist/cjs/action/server/index.d.ts +1 -1
- package/dist/cjs/action/server/index.js +1 -1
- package/dist/cjs/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/cjs/certificate/AttestationCertificateManager.js +26 -22
- package/dist/cjs/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.d.ts +1 -2
- package/dist/cjs/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/cjs/certificate/CertificateAuthority.js +22 -29
- package/dist/cjs/certificate/CertificateAuthority.js.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/cjs/certificate/DeviceCertification.js +2 -6
- package/dist/cjs/certificate/DeviceCertification.js.map +1 -1
- package/dist/cjs/certificate/index.d.ts +7 -2
- package/dist/cjs/certificate/index.d.ts.map +1 -1
- package/dist/cjs/certificate/index.js +14 -2
- package/dist/cjs/certificate/index.js.map +1 -1
- package/dist/cjs/certificate/kinds/AttestationCertificates.d.ts +34 -0
- package/dist/cjs/certificate/kinds/AttestationCertificates.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/AttestationCertificates.js +64 -0
- package/dist/cjs/certificate/kinds/AttestationCertificates.js.map +6 -0
- package/dist/cjs/certificate/kinds/CertificationDeclaration.d.ts +23 -0
- package/dist/cjs/certificate/kinds/CertificationDeclaration.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/CertificationDeclaration.js +86 -0
- package/dist/cjs/certificate/kinds/CertificationDeclaration.js.map +6 -0
- package/dist/cjs/certificate/kinds/Icac.d.ts +29 -0
- package/dist/cjs/certificate/kinds/Icac.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/Icac.js +138 -0
- package/dist/cjs/certificate/kinds/Icac.js.map +6 -0
- package/dist/cjs/certificate/kinds/Noc.d.ts +27 -0
- package/dist/cjs/certificate/kinds/Noc.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/Noc.js +148 -0
- package/dist/cjs/certificate/kinds/Noc.js.map +6 -0
- package/dist/cjs/certificate/kinds/OperationalBase.d.ts +24 -0
- package/dist/cjs/certificate/kinds/OperationalBase.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/OperationalBase.js +68 -0
- package/dist/cjs/certificate/kinds/OperationalBase.js.map +6 -0
- package/dist/cjs/certificate/kinds/Rcac.d.ts +25 -0
- package/dist/cjs/certificate/kinds/Rcac.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/Rcac.js +119 -0
- package/dist/cjs/certificate/kinds/Rcac.js.map +6 -0
- package/dist/cjs/certificate/kinds/X509Base.d.ts +92 -0
- package/dist/cjs/certificate/kinds/X509Base.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/X509Base.js +344 -0
- package/dist/cjs/certificate/kinds/X509Base.js.map +6 -0
- package/dist/cjs/certificate/kinds/common.d.ts +18 -0
- package/dist/cjs/certificate/kinds/common.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/common.js +42 -0
- package/dist/cjs/certificate/kinds/common.js.map +6 -0
- package/dist/cjs/certificate/kinds/definitions/asn.d.ts +25 -0
- package/dist/cjs/certificate/kinds/definitions/asn.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/definitions/asn.js +83 -0
- package/dist/cjs/certificate/kinds/definitions/asn.js.map +6 -0
- package/dist/cjs/certificate/kinds/definitions/attestation.d.ts +44 -0
- package/dist/cjs/certificate/kinds/definitions/attestation.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/definitions/attestation.js +22 -0
- package/dist/cjs/certificate/kinds/definitions/attestation.js.map +6 -0
- package/dist/cjs/certificate/kinds/definitions/base.d.ts +52 -0
- package/dist/cjs/certificate/kinds/definitions/base.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/definitions/base.js +43 -0
- package/dist/cjs/certificate/kinds/definitions/base.js.map +6 -0
- package/dist/cjs/certificate/kinds/definitions/certification-declaration.d.ts +18 -0
- package/dist/cjs/certificate/kinds/definitions/certification-declaration.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/definitions/certification-declaration.js +50 -0
- package/dist/cjs/certificate/kinds/definitions/certification-declaration.js.map +6 -0
- package/dist/cjs/certificate/kinds/definitions/operational.d.ts +368 -0
- package/dist/cjs/certificate/kinds/definitions/operational.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/definitions/operational.js +149 -0
- package/dist/cjs/certificate/kinds/definitions/operational.js.map +6 -0
- package/dist/cjs/certificate/kinds/index.d.ts +12 -0
- package/dist/cjs/certificate/kinds/index.d.ts.map +1 -0
- package/dist/cjs/certificate/kinds/index.js +29 -0
- package/dist/cjs/certificate/kinds/index.js.map +6 -0
- package/dist/cjs/fabric/Fabric.d.ts +1 -2
- package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
- package/dist/cjs/fabric/Fabric.js +28 -31
- package/dist/cjs/fabric/Fabric.js.map +1 -1
- package/dist/cjs/fabric/TestFabric.d.ts +1 -1
- package/dist/cjs/fabric/TestFabric.js +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.d.ts.map +1 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.js +2 -1
- package/dist/cjs/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/cjs/session/case/CaseClient.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseClient.js +3 -3
- package/dist/cjs/session/case/CaseClient.js.map +1 -1
- package/dist/cjs/session/case/CaseServer.d.ts.map +1 -1
- package/dist/cjs/session/case/CaseServer.js +2 -2
- package/dist/cjs/session/case/CaseServer.js.map +1 -1
- package/dist/esm/action/client/index.d.ts +1 -1
- package/dist/esm/action/client/index.js +1 -1
- package/dist/esm/action/errors.d.ts +12 -0
- package/dist/esm/action/errors.d.ts.map +1 -1
- package/dist/esm/action/errors.js +13 -1
- package/dist/esm/action/errors.js.map +1 -1
- package/dist/esm/action/protocols.d.ts +1 -1
- package/dist/esm/action/protocols.js +1 -1
- package/dist/esm/action/server/AttributeReadResponse.d.ts +1 -1
- package/dist/esm/action/server/AttributeReadResponse.js +1 -1
- package/dist/esm/action/server/AttributeSubscriptionResponse.d.ts +1 -1
- package/dist/esm/action/server/AttributeSubscriptionResponse.js +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.d.ts +1 -1
- package/dist/esm/action/server/AttributeWriteResponse.js +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.d.ts +1 -1
- package/dist/esm/action/server/CommandInvokeResponse.js +1 -1
- package/dist/esm/action/server/DataResponse.d.ts +1 -1
- package/dist/esm/action/server/DataResponse.js +1 -1
- package/dist/esm/action/server/EventReadResponse.d.ts +1 -1
- package/dist/esm/action/server/EventReadResponse.js +1 -1
- package/dist/esm/action/server/ServerInteraction.d.ts +1 -1
- package/dist/esm/action/server/ServerInteraction.js +1 -1
- package/dist/esm/action/server/index.d.ts +1 -1
- package/dist/esm/action/server/index.js +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.d.ts.map +1 -1
- package/dist/esm/certificate/AttestationCertificateManager.js +20 -16
- package/dist/esm/certificate/AttestationCertificateManager.js.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.d.ts +1 -2
- package/dist/esm/certificate/CertificateAuthority.d.ts.map +1 -1
- package/dist/esm/certificate/CertificateAuthority.js +18 -30
- package/dist/esm/certificate/CertificateAuthority.js.map +1 -1
- package/dist/esm/certificate/DeviceCertification.d.ts.map +1 -1
- package/dist/esm/certificate/DeviceCertification.js +2 -6
- package/dist/esm/certificate/DeviceCertification.js.map +1 -1
- package/dist/esm/certificate/index.d.ts +7 -2
- package/dist/esm/certificate/index.d.ts.map +1 -1
- package/dist/esm/certificate/index.js +10 -2
- package/dist/esm/certificate/index.js.map +1 -1
- package/dist/esm/certificate/kinds/AttestationCertificates.d.ts +34 -0
- package/dist/esm/certificate/kinds/AttestationCertificates.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/AttestationCertificates.js +44 -0
- package/dist/esm/certificate/kinds/AttestationCertificates.js.map +6 -0
- package/dist/esm/certificate/kinds/CertificationDeclaration.d.ts +23 -0
- package/dist/esm/certificate/kinds/CertificationDeclaration.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/CertificationDeclaration.js +66 -0
- package/dist/esm/certificate/kinds/CertificationDeclaration.js.map +6 -0
- package/dist/esm/certificate/kinds/Icac.d.ts +29 -0
- package/dist/esm/certificate/kinds/Icac.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/Icac.js +118 -0
- package/dist/esm/certificate/kinds/Icac.js.map +6 -0
- package/dist/esm/certificate/kinds/Noc.d.ts +27 -0
- package/dist/esm/certificate/kinds/Noc.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/Noc.js +128 -0
- package/dist/esm/certificate/kinds/Noc.js.map +6 -0
- package/dist/esm/certificate/kinds/OperationalBase.d.ts +24 -0
- package/dist/esm/certificate/kinds/OperationalBase.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/OperationalBase.js +48 -0
- package/dist/esm/certificate/kinds/OperationalBase.js.map +6 -0
- package/dist/esm/certificate/kinds/Rcac.d.ts +25 -0
- package/dist/esm/certificate/kinds/Rcac.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/Rcac.js +99 -0
- package/dist/esm/certificate/kinds/Rcac.js.map +6 -0
- package/dist/esm/certificate/kinds/X509Base.d.ts +92 -0
- package/dist/esm/certificate/kinds/X509Base.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/X509Base.js +347 -0
- package/dist/esm/certificate/kinds/X509Base.js.map +6 -0
- package/dist/esm/certificate/kinds/common.d.ts +18 -0
- package/dist/esm/certificate/kinds/common.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/common.js +22 -0
- package/dist/esm/certificate/kinds/common.js.map +6 -0
- package/dist/esm/certificate/kinds/definitions/asn.d.ts +25 -0
- package/dist/esm/certificate/kinds/definitions/asn.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/definitions/asn.js +63 -0
- package/dist/esm/certificate/kinds/definitions/asn.js.map +6 -0
- package/dist/esm/certificate/kinds/definitions/attestation.d.ts +44 -0
- package/dist/esm/certificate/kinds/definitions/attestation.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/definitions/attestation.js +6 -0
- package/dist/esm/certificate/kinds/definitions/attestation.js.map +6 -0
- package/dist/esm/certificate/kinds/definitions/base.d.ts +52 -0
- package/dist/esm/certificate/kinds/definitions/base.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/definitions/base.js +23 -0
- package/dist/esm/certificate/kinds/definitions/base.js.map +6 -0
- package/dist/esm/certificate/kinds/definitions/certification-declaration.d.ts +18 -0
- package/dist/esm/certificate/kinds/definitions/certification-declaration.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/definitions/certification-declaration.js +41 -0
- package/dist/esm/certificate/kinds/definitions/certification-declaration.js.map +6 -0
- package/dist/esm/certificate/kinds/definitions/operational.d.ts +368 -0
- package/dist/esm/certificate/kinds/definitions/operational.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/definitions/operational.js +148 -0
- package/dist/esm/certificate/kinds/definitions/operational.js.map +6 -0
- package/dist/esm/certificate/kinds/index.d.ts +12 -0
- package/dist/esm/certificate/kinds/index.d.ts.map +1 -0
- package/dist/esm/certificate/kinds/index.js +12 -0
- package/dist/esm/certificate/kinds/index.js.map +6 -0
- package/dist/esm/fabric/Fabric.d.ts +1 -2
- package/dist/esm/fabric/Fabric.d.ts.map +1 -1
- package/dist/esm/fabric/Fabric.js +28 -36
- package/dist/esm/fabric/Fabric.js.map +1 -1
- package/dist/esm/fabric/TestFabric.d.ts +1 -1
- package/dist/esm/fabric/TestFabric.js +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.d.ts.map +1 -1
- package/dist/esm/peer/ControllerCommissioningFlow.js +2 -1
- package/dist/esm/peer/ControllerCommissioningFlow.js.map +1 -1
- package/dist/esm/session/case/CaseClient.d.ts.map +1 -1
- package/dist/esm/session/case/CaseClient.js +3 -3
- package/dist/esm/session/case/CaseClient.js.map +1 -1
- package/dist/esm/session/case/CaseServer.d.ts.map +1 -1
- package/dist/esm/session/case/CaseServer.js +2 -2
- package/dist/esm/session/case/CaseServer.js.map +1 -1
- package/package.json +6 -6
- package/src/action/client/index.ts +1 -1
- package/src/action/errors.ts +19 -1
- package/src/action/protocols.ts +1 -1
- package/src/action/server/AttributeReadResponse.ts +1 -1
- package/src/action/server/AttributeSubscriptionResponse.ts +1 -1
- package/src/action/server/AttributeWriteResponse.ts +1 -1
- package/src/action/server/CommandInvokeResponse.ts +1 -1
- package/src/action/server/DataResponse.ts +1 -1
- package/src/action/server/EventReadResponse.ts +1 -1
- package/src/action/server/ServerInteraction.ts +1 -1
- package/src/action/server/index.ts +1 -1
- package/src/certificate/AttestationCertificateManager.ts +20 -16
- package/src/certificate/CertificateAuthority.ts +18 -35
- package/src/certificate/DeviceCertification.ts +2 -6
- package/src/certificate/index.ts +7 -2
- package/src/certificate/kinds/AttestationCertificates.ts +48 -0
- package/src/certificate/kinds/CertificationDeclaration.ts +91 -0
- package/src/certificate/kinds/Icac.ts +156 -0
- package/src/certificate/kinds/Noc.ts +164 -0
- package/src/certificate/kinds/OperationalBase.ts +72 -0
- package/src/certificate/kinds/Rcac.ts +126 -0
- package/src/certificate/kinds/X509Base.ts +380 -0
- package/src/certificate/kinds/common.ts +24 -0
- package/src/certificate/kinds/definitions/asn.ts +97 -0
- package/src/certificate/kinds/definitions/attestation.ts +46 -0
- package/src/certificate/kinds/definitions/base.ts +43 -0
- package/src/certificate/kinds/definitions/certification-declaration.ts +38 -0
- package/src/certificate/kinds/definitions/operational.ts +179 -0
- package/src/certificate/kinds/index.ts +12 -0
- package/src/fabric/Fabric.ts +28 -40
- package/src/fabric/TestFabric.ts +1 -1
- package/src/peer/ControllerCommissioningFlow.ts +2 -1
- package/src/session/case/CaseClient.ts +3 -3
- package/src/session/case/CaseServer.ts +2 -2
- package/dist/cjs/certificate/CertificateManager.d.ts +0 -578
- package/dist/cjs/certificate/CertificateManager.d.ts.map +0 -1
- package/dist/cjs/certificate/CertificateManager.js +0 -843
- package/dist/cjs/certificate/CertificateManager.js.map +0 -6
- package/dist/cjs/certificate/CertificationDeclarationManager.d.ts +0 -11
- package/dist/cjs/certificate/CertificationDeclarationManager.d.ts.map +0 -1
- package/dist/cjs/certificate/CertificationDeclarationManager.js +0 -54
- package/dist/cjs/certificate/CertificationDeclarationManager.js.map +0 -6
- package/dist/esm/certificate/CertificateManager.d.ts +0 -578
- package/dist/esm/certificate/CertificateManager.d.ts.map +0 -1
- package/dist/esm/certificate/CertificateManager.js +0 -870
- package/dist/esm/certificate/CertificateManager.js.map +0 -6
- package/dist/esm/certificate/CertificationDeclarationManager.d.ts +0 -11
- package/dist/esm/certificate/CertificationDeclarationManager.d.ts.map +0 -1
- package/dist/esm/certificate/CertificationDeclarationManager.js +0 -34
- package/dist/esm/certificate/CertificationDeclarationManager.js.map +0 -6
- package/src/certificate/CertificateManager.ts +0 -1176
- package/src/certificate/CertificationDeclarationManager.ts +0 -52
|
@@ -1,870 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @license
|
|
3
|
-
* Copyright 2022-2025 Matter.js Authors
|
|
4
|
-
* SPDX-License-Identifier: Apache-2.0
|
|
5
|
-
*/
|
|
6
|
-
import {
|
|
7
|
-
Bytes,
|
|
8
|
-
ContextTagged,
|
|
9
|
-
ContextTaggedBytes,
|
|
10
|
-
DatatypeOverride,
|
|
11
|
-
DerBitString,
|
|
12
|
-
DerCodec,
|
|
13
|
-
DerKey,
|
|
14
|
-
DerObject,
|
|
15
|
-
DerType,
|
|
16
|
-
Diagnostic,
|
|
17
|
-
ImplementationError,
|
|
18
|
-
Logger,
|
|
19
|
-
MatterError,
|
|
20
|
-
Pkcs7,
|
|
21
|
-
PublicKey,
|
|
22
|
-
RawBytes,
|
|
23
|
-
SHA256_CMS,
|
|
24
|
-
Time,
|
|
25
|
-
X509,
|
|
26
|
-
X520,
|
|
27
|
-
X962
|
|
28
|
-
} from "#general";
|
|
29
|
-
import {
|
|
30
|
-
BitFlag,
|
|
31
|
-
BitmapSchema,
|
|
32
|
-
CaseAuthenticatedTag,
|
|
33
|
-
FabricId,
|
|
34
|
-
NodeId,
|
|
35
|
-
TlvArray,
|
|
36
|
-
TlvBitmap,
|
|
37
|
-
TlvBoolean,
|
|
38
|
-
TlvByteString,
|
|
39
|
-
TlvCaseAuthenticatedTag,
|
|
40
|
-
TlvFabricId,
|
|
41
|
-
TlvField,
|
|
42
|
-
TlvNodeId,
|
|
43
|
-
TlvObject,
|
|
44
|
-
TlvObjectWithMaxSize,
|
|
45
|
-
TlvOptionalField,
|
|
46
|
-
TlvOptionalRepeatedField,
|
|
47
|
-
TlvString,
|
|
48
|
-
TlvTaggedList,
|
|
49
|
-
TlvUInt16,
|
|
50
|
-
TlvUInt32,
|
|
51
|
-
TlvUInt64,
|
|
52
|
-
TlvUInt8,
|
|
53
|
-
TlvVendorId
|
|
54
|
-
} from "#types";
|
|
55
|
-
const logger = Logger.get("CertificateManager");
|
|
56
|
-
class CertificateError extends MatterError {
|
|
57
|
-
}
|
|
58
|
-
const YEAR_S = 365 * 24 * 60 * 60;
|
|
59
|
-
const EPOCH_OFFSET_S = 10957 * 24 * 60 * 60;
|
|
60
|
-
const MAX_DER_CERTIFICATE_SIZE = 600;
|
|
61
|
-
const MAX_TLV_CERTIFICATE_SIZE = 400;
|
|
62
|
-
function matterToJsDate(date) {
|
|
63
|
-
return date === 0 ? X520.NON_WELL_DEFINED_DATE : new Date((date + EPOCH_OFFSET_S) * 1e3);
|
|
64
|
-
}
|
|
65
|
-
function jsToMatterDate(date, addYears = 0) {
|
|
66
|
-
return date.getTime() === X520.NON_WELL_DEFINED_DATE.getTime() ? 0 : Math.floor(date.getTime() / 1e3) - EPOCH_OFFSET_S + addYears * YEAR_S;
|
|
67
|
-
}
|
|
68
|
-
function intTo16Chars(value) {
|
|
69
|
-
const byteArray = new Uint8Array(8);
|
|
70
|
-
const dataView = Bytes.dataViewOf(byteArray);
|
|
71
|
-
dataView.setBigUint64(0, typeof value === "bigint" ? value : BigInt(value));
|
|
72
|
-
return Bytes.toHex(byteArray).toUpperCase();
|
|
73
|
-
}
|
|
74
|
-
function uInt16To8Chars(value) {
|
|
75
|
-
const byteArray = new Uint8Array(4);
|
|
76
|
-
const dataView = Bytes.dataViewOf(byteArray);
|
|
77
|
-
dataView.setUint32(0, value);
|
|
78
|
-
return Bytes.toHex(byteArray).toUpperCase();
|
|
79
|
-
}
|
|
80
|
-
function uInt16To4Chars(value) {
|
|
81
|
-
const byteArray = new Uint8Array(2);
|
|
82
|
-
const dataView = Bytes.dataViewOf(byteArray);
|
|
83
|
-
dataView.setUint16(0, value);
|
|
84
|
-
return Bytes.toHex(byteArray).toUpperCase();
|
|
85
|
-
}
|
|
86
|
-
const GenericMatterOpCertObject = (id, valueConverter) => (value) => [
|
|
87
|
-
DerObject(`2b0601040182a27c01${id.toString(16).padStart(2, "0")}`, {
|
|
88
|
-
value: (valueConverter ?? intTo16Chars)(value)
|
|
89
|
-
})
|
|
90
|
-
];
|
|
91
|
-
const GenericMatterAttCertObject = (id, valueConverter) => (value) => [
|
|
92
|
-
DerObject(`2b0601040182a27c02${id.toString(16).padStart(2, "0")}`, {
|
|
93
|
-
value: (valueConverter ?? intTo16Chars)(value)
|
|
94
|
-
})
|
|
95
|
-
];
|
|
96
|
-
const NodeId_Matter = GenericMatterOpCertObject(1);
|
|
97
|
-
const FirmwareSigningId_Matter = GenericMatterOpCertObject(2);
|
|
98
|
-
const IcacId_Matter = GenericMatterOpCertObject(3);
|
|
99
|
-
const RcacId_Matter = GenericMatterOpCertObject(4);
|
|
100
|
-
const FabricId_Matter = GenericMatterOpCertObject(5);
|
|
101
|
-
const NocCat_Matter = GenericMatterOpCertObject(6, uInt16To8Chars);
|
|
102
|
-
const VendorId_Matter = GenericMatterAttCertObject(1, uInt16To4Chars);
|
|
103
|
-
const ProductId_Matter = GenericMatterAttCertObject(2, uInt16To4Chars);
|
|
104
|
-
const AllowedSubjectAndIssuerMatterFields = {
|
|
105
|
-
nodeId: TlvOptionalField(17, TlvNodeId),
|
|
106
|
-
firmwareSigningId: TlvOptionalField(18, TlvUInt32),
|
|
107
|
-
icacId: TlvOptionalField(19, TlvUInt64),
|
|
108
|
-
rcacId: TlvOptionalField(20, TlvUInt64),
|
|
109
|
-
fabricId: TlvOptionalField(21, TlvFabricId),
|
|
110
|
-
caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 })
|
|
111
|
-
};
|
|
112
|
-
const TlvGenericMatterSubjectOrIssuerTaggedList = (matterFields) => {
|
|
113
|
-
const fields = {
|
|
114
|
-
// Standard DNs
|
|
115
|
-
commonName: TlvOptionalField(1, TlvString),
|
|
116
|
-
sureName: TlvOptionalField(2, TlvString),
|
|
117
|
-
serialNum: TlvOptionalField(3, TlvString),
|
|
118
|
-
countryName: TlvOptionalField(4, TlvString),
|
|
119
|
-
localityName: TlvOptionalField(5, TlvString),
|
|
120
|
-
stateOrProvinceName: TlvOptionalField(6, TlvString),
|
|
121
|
-
orgName: TlvOptionalField(7, TlvString),
|
|
122
|
-
orgUnitName: TlvOptionalField(8, TlvString),
|
|
123
|
-
title: TlvOptionalField(9, TlvString),
|
|
124
|
-
name: TlvOptionalField(10, TlvString),
|
|
125
|
-
givenName: TlvOptionalField(11, TlvString),
|
|
126
|
-
initials: TlvOptionalField(12, TlvString),
|
|
127
|
-
genQualifier: TlvOptionalField(13, TlvString),
|
|
128
|
-
dnQualifier: TlvOptionalField(14, TlvString),
|
|
129
|
-
pseudonym: TlvOptionalField(15, TlvString),
|
|
130
|
-
domainComponent: TlvOptionalField(16, TlvString),
|
|
131
|
-
// Matter specific DNs
|
|
132
|
-
...matterFields,
|
|
133
|
-
// Standard DNs when encoded as Printable String
|
|
134
|
-
commonNamePs: TlvOptionalField(129, TlvString),
|
|
135
|
-
sureNamePs: TlvOptionalField(130, TlvString),
|
|
136
|
-
serialNumPs: TlvOptionalField(131, TlvString),
|
|
137
|
-
countryNamePs: TlvOptionalField(132, TlvString),
|
|
138
|
-
localityNamePs: TlvOptionalField(133, TlvString),
|
|
139
|
-
stateOrProvinceNamePs: TlvOptionalField(134, TlvString),
|
|
140
|
-
orgNamePs: TlvOptionalField(135, TlvString),
|
|
141
|
-
orgUnitNamePs: TlvOptionalField(136, TlvString),
|
|
142
|
-
titlePs: TlvOptionalField(137, TlvString),
|
|
143
|
-
namePs: TlvOptionalField(138, TlvString),
|
|
144
|
-
givenNamePs: TlvOptionalField(139, TlvString),
|
|
145
|
-
initialsPs: TlvOptionalField(140, TlvString),
|
|
146
|
-
genQualifierPs: TlvOptionalField(141, TlvString),
|
|
147
|
-
dnQualifierPs: TlvOptionalField(142, TlvString),
|
|
148
|
-
pseudonymPs: TlvOptionalField(143, TlvString)
|
|
149
|
-
};
|
|
150
|
-
return TlvTaggedList(fields);
|
|
151
|
-
};
|
|
152
|
-
const ExtensionKeyUsageBitmap = {
|
|
153
|
-
digitalSignature: BitFlag(0),
|
|
154
|
-
nonRepudiation: BitFlag(1),
|
|
155
|
-
keyEncipherment: BitFlag(2),
|
|
156
|
-
dataEncipherment: BitFlag(3),
|
|
157
|
-
keyAgreement: BitFlag(4),
|
|
158
|
-
keyCertSign: BitFlag(5),
|
|
159
|
-
cRLSign: BitFlag(6),
|
|
160
|
-
encipherOnly: BitFlag(7),
|
|
161
|
-
decipherOnly: BitFlag(8)
|
|
162
|
-
};
|
|
163
|
-
const ExtensionKeyUsageSchema = BitmapSchema(ExtensionKeyUsageBitmap);
|
|
164
|
-
const BaseMatterCertificate = (matterFields) => TlvObjectWithMaxSize(
|
|
165
|
-
{
|
|
166
|
-
serialNumber: TlvField(1, TlvByteString.bound({ maxLength: 20 })),
|
|
167
|
-
signatureAlgorithm: TlvField(2, TlvUInt8),
|
|
168
|
-
issuer: TlvField(
|
|
169
|
-
3,
|
|
170
|
-
TlvGenericMatterSubjectOrIssuerTaggedList({
|
|
171
|
-
...AllowedSubjectAndIssuerMatterFields,
|
|
172
|
-
...matterFields?.issuer ?? {}
|
|
173
|
-
})
|
|
174
|
-
),
|
|
175
|
-
notBefore: TlvField(4, TlvUInt32),
|
|
176
|
-
notAfter: TlvField(5, TlvUInt32),
|
|
177
|
-
subject: TlvField(
|
|
178
|
-
6,
|
|
179
|
-
TlvGenericMatterSubjectOrIssuerTaggedList({
|
|
180
|
-
...AllowedSubjectAndIssuerMatterFields,
|
|
181
|
-
...matterFields?.subject ?? {}
|
|
182
|
-
})
|
|
183
|
-
),
|
|
184
|
-
publicKeyAlgorithm: TlvField(7, TlvUInt8),
|
|
185
|
-
ellipticCurveIdentifier: TlvField(8, TlvUInt8),
|
|
186
|
-
ellipticCurvePublicKey: TlvField(9, TlvByteString),
|
|
187
|
-
extensions: TlvField(
|
|
188
|
-
10,
|
|
189
|
-
TlvTaggedList({
|
|
190
|
-
basicConstraints: TlvField(
|
|
191
|
-
1,
|
|
192
|
-
TlvObject({
|
|
193
|
-
isCa: TlvField(1, TlvBoolean),
|
|
194
|
-
pathLen: TlvOptionalField(2, TlvUInt8)
|
|
195
|
-
})
|
|
196
|
-
),
|
|
197
|
-
keyUsage: TlvField(2, TlvBitmap(TlvUInt16, ExtensionKeyUsageBitmap)),
|
|
198
|
-
extendedKeyUsage: TlvOptionalField(3, TlvArray(TlvUInt8)),
|
|
199
|
-
subjectKeyIdentifier: TlvField(4, TlvByteString.bound({ length: 20 })),
|
|
200
|
-
authorityKeyIdentifier: TlvField(5, TlvByteString.bound({ length: 20 })),
|
|
201
|
-
futureExtension: TlvOptionalRepeatedField(6, TlvByteString)
|
|
202
|
-
})
|
|
203
|
-
),
|
|
204
|
-
signature: TlvField(11, TlvByteString)
|
|
205
|
-
},
|
|
206
|
-
MAX_TLV_CERTIFICATE_SIZE
|
|
207
|
-
);
|
|
208
|
-
const TlvRootCertificate = BaseMatterCertificate({
|
|
209
|
-
subject: {
|
|
210
|
-
rcacId: TlvField(20, TlvUInt64),
|
|
211
|
-
fabricId: TlvOptionalField(21, TlvFabricId)
|
|
212
|
-
},
|
|
213
|
-
issuer: AllowedSubjectAndIssuerMatterFields
|
|
214
|
-
});
|
|
215
|
-
const TlvOperationalCertificate = BaseMatterCertificate({
|
|
216
|
-
subject: {
|
|
217
|
-
nodeId: TlvField(17, TlvNodeId),
|
|
218
|
-
fabricId: TlvField(21, TlvFabricId),
|
|
219
|
-
caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 })
|
|
220
|
-
},
|
|
221
|
-
issuer: AllowedSubjectAndIssuerMatterFields
|
|
222
|
-
});
|
|
223
|
-
const TlvIntermediateCertificate = BaseMatterCertificate({
|
|
224
|
-
subject: {
|
|
225
|
-
icacId: TlvField(19, TlvUInt64),
|
|
226
|
-
fabricId: TlvOptionalField(21, TlvFabricId)
|
|
227
|
-
},
|
|
228
|
-
issuer: AllowedSubjectAndIssuerMatterFields
|
|
229
|
-
});
|
|
230
|
-
const TlvBaseCertificate = BaseMatterCertificate();
|
|
231
|
-
const TlvCertificationDeclaration = TlvObject({
|
|
232
|
-
formatVersion: TlvField(0, TlvUInt16),
|
|
233
|
-
vendorId: TlvField(1, TlvVendorId),
|
|
234
|
-
produceIdArray: TlvField(2, TlvArray(TlvUInt16, { minLength: 1, maxLength: 100 })),
|
|
235
|
-
deviceTypeId: TlvField(3, TlvUInt32),
|
|
236
|
-
certificateId: TlvField(4, TlvString.bound({ length: 19 })),
|
|
237
|
-
securityLevel: TlvField(5, TlvUInt8),
|
|
238
|
-
securityInformation: TlvField(6, TlvUInt16),
|
|
239
|
-
versionNumber: TlvField(7, TlvUInt16),
|
|
240
|
-
certificationType: TlvField(8, TlvUInt8),
|
|
241
|
-
dacOriginVendorId: TlvOptionalField(9, TlvVendorId),
|
|
242
|
-
dacOriginProductId: TlvOptionalField(10, TlvUInt16),
|
|
243
|
-
authorizedPaaList: TlvOptionalField(
|
|
244
|
-
11,
|
|
245
|
-
TlvArray(TlvByteString.bound({ length: 20 }), { minLength: 1, maxLength: 10 })
|
|
246
|
-
)
|
|
247
|
-
});
|
|
248
|
-
function subjectOrIssuerToAsn1(data) {
|
|
249
|
-
const asn = {};
|
|
250
|
-
Object.entries(data).forEach(([key, value]) => {
|
|
251
|
-
if (value === void 0) {
|
|
252
|
-
return;
|
|
253
|
-
}
|
|
254
|
-
switch (key) {
|
|
255
|
-
case "commonName":
|
|
256
|
-
asn.commonName = X520.CommonName(value);
|
|
257
|
-
break;
|
|
258
|
-
case "sureName":
|
|
259
|
-
asn.sureName = X520.SurName(value);
|
|
260
|
-
break;
|
|
261
|
-
case "serialNum":
|
|
262
|
-
asn.serialNum = X520.SerialNumber(value);
|
|
263
|
-
break;
|
|
264
|
-
case "countryName":
|
|
265
|
-
asn.countryName = X520.CountryName(value);
|
|
266
|
-
break;
|
|
267
|
-
case "localityName":
|
|
268
|
-
asn.localityName = X520.LocalityName(value);
|
|
269
|
-
break;
|
|
270
|
-
case "stateOrProvinceName":
|
|
271
|
-
asn.stateOrProvinceName = X520.StateOrProvinceName(value);
|
|
272
|
-
break;
|
|
273
|
-
case "orgName":
|
|
274
|
-
asn.orgName = X520.OrganisationName(value);
|
|
275
|
-
break;
|
|
276
|
-
case "orgUnitName":
|
|
277
|
-
asn.orgUnitName = X520.OrganizationalUnitName(value);
|
|
278
|
-
break;
|
|
279
|
-
case "title":
|
|
280
|
-
asn.title = X520.Title(value);
|
|
281
|
-
break;
|
|
282
|
-
case "name":
|
|
283
|
-
asn.name = X520.Name(value);
|
|
284
|
-
break;
|
|
285
|
-
case "givenName":
|
|
286
|
-
asn.givenName = X520.GivenName(value);
|
|
287
|
-
break;
|
|
288
|
-
case "initials":
|
|
289
|
-
asn.initials = X520.Initials(value);
|
|
290
|
-
break;
|
|
291
|
-
case "genQualifier":
|
|
292
|
-
asn.genQualifier = X520.GenerationQualifier(value);
|
|
293
|
-
break;
|
|
294
|
-
case "dnQualifier":
|
|
295
|
-
asn.dnQualifier = X520.DnQualifier(value);
|
|
296
|
-
break;
|
|
297
|
-
case "pseudonym":
|
|
298
|
-
asn.pseudonym = X520.Pseudonym(value);
|
|
299
|
-
break;
|
|
300
|
-
case "domainComponent":
|
|
301
|
-
asn.domainComponent = X520.DomainComponent(value);
|
|
302
|
-
break;
|
|
303
|
-
case "nodeId":
|
|
304
|
-
asn.nodeId = NodeId_Matter(value);
|
|
305
|
-
break;
|
|
306
|
-
case "firmwareSigningId":
|
|
307
|
-
asn.firmwareSigningId = FirmwareSigningId_Matter(value);
|
|
308
|
-
break;
|
|
309
|
-
case "icacId":
|
|
310
|
-
asn.icacId = IcacId_Matter(value);
|
|
311
|
-
break;
|
|
312
|
-
case "rcacId":
|
|
313
|
-
asn.rcacId = RcacId_Matter(value);
|
|
314
|
-
break;
|
|
315
|
-
case "fabricId":
|
|
316
|
-
asn.fabricId = FabricId_Matter(value);
|
|
317
|
-
break;
|
|
318
|
-
case "caseAuthenticatedTags":
|
|
319
|
-
const caseAuthenticatedTags = value;
|
|
320
|
-
CaseAuthenticatedTag.validateNocTagList(caseAuthenticatedTags);
|
|
321
|
-
const cat0 = caseAuthenticatedTags[0];
|
|
322
|
-
const cat1 = caseAuthenticatedTags[1];
|
|
323
|
-
const cat2 = caseAuthenticatedTags[2];
|
|
324
|
-
if (cat0 !== void 0) {
|
|
325
|
-
asn.caseAuthenticatedTag0 = NocCat_Matter(cat0);
|
|
326
|
-
}
|
|
327
|
-
if (cat1 !== void 0) {
|
|
328
|
-
asn.caseAuthenticatedTag1 = NocCat_Matter(cat1);
|
|
329
|
-
}
|
|
330
|
-
if (cat2 !== void 0) {
|
|
331
|
-
asn.caseAuthenticatedTag2 = NocCat_Matter(cat2);
|
|
332
|
-
}
|
|
333
|
-
break;
|
|
334
|
-
case "vendorId":
|
|
335
|
-
asn.vendorId = VendorId_Matter(value);
|
|
336
|
-
break;
|
|
337
|
-
case "productId":
|
|
338
|
-
asn.productId = ProductId_Matter(value);
|
|
339
|
-
break;
|
|
340
|
-
case "commonNamePs":
|
|
341
|
-
asn.commonNamePs = X520.CommonName(value, true);
|
|
342
|
-
break;
|
|
343
|
-
case "sureNamePs":
|
|
344
|
-
asn.sureNamePs = X520.SurName(value, true);
|
|
345
|
-
break;
|
|
346
|
-
case "serialNumPs":
|
|
347
|
-
asn.serialNumPs = X520.SerialNumber(value, true);
|
|
348
|
-
break;
|
|
349
|
-
case "countryNamePs":
|
|
350
|
-
asn.countryNamePs = X520.CountryName(value, true);
|
|
351
|
-
break;
|
|
352
|
-
case "localityNamePs":
|
|
353
|
-
asn.localityNamePs = X520.LocalityName(value, true);
|
|
354
|
-
break;
|
|
355
|
-
case "stateOrProvinceNamePs":
|
|
356
|
-
asn.stateOrProvinceNamePs = X520.StateOrProvinceName(value, true);
|
|
357
|
-
break;
|
|
358
|
-
case "orgNamePs":
|
|
359
|
-
asn.orgNamePs = X520.OrganisationName(value, true);
|
|
360
|
-
break;
|
|
361
|
-
case "orgUnitNamePs":
|
|
362
|
-
asn.orgUnitNamePs = X520.OrganizationalUnitName(value, true);
|
|
363
|
-
break;
|
|
364
|
-
case "titlePs":
|
|
365
|
-
asn.titlePs = X520.Title(value, true);
|
|
366
|
-
break;
|
|
367
|
-
case "namePs":
|
|
368
|
-
asn.namePs = X520.Name(value, true);
|
|
369
|
-
break;
|
|
370
|
-
case "givenNamePs":
|
|
371
|
-
asn.givenNamePs = X520.GivenName(value, true);
|
|
372
|
-
break;
|
|
373
|
-
case "initialsPs":
|
|
374
|
-
asn.initialsPs = X520.Initials(value, true);
|
|
375
|
-
break;
|
|
376
|
-
case "genQualifierPs":
|
|
377
|
-
asn.genQualifierPs = X520.GenerationQualifier(value, true);
|
|
378
|
-
break;
|
|
379
|
-
case "dnQualifierPs":
|
|
380
|
-
asn.dnQualifierPs = X520.DnQualifier(value, true);
|
|
381
|
-
break;
|
|
382
|
-
case "pseudonymPs":
|
|
383
|
-
asn.pseudonymPs = X520.Pseudonym(value, true);
|
|
384
|
-
break;
|
|
385
|
-
}
|
|
386
|
-
});
|
|
387
|
-
return asn;
|
|
388
|
-
}
|
|
389
|
-
function extensionsToAsn1(extensions) {
|
|
390
|
-
const asn = {};
|
|
391
|
-
Object.entries(extensions).forEach(([key, value]) => {
|
|
392
|
-
if (value === void 0) {
|
|
393
|
-
return;
|
|
394
|
-
}
|
|
395
|
-
switch (key) {
|
|
396
|
-
case "basicConstraints":
|
|
397
|
-
asn.basicConstraints = X509.BasicConstraints(value);
|
|
398
|
-
break;
|
|
399
|
-
case "keyUsage":
|
|
400
|
-
asn.keyUsage = X509.KeyUsage(
|
|
401
|
-
ExtensionKeyUsageSchema.encode(value)
|
|
402
|
-
);
|
|
403
|
-
break;
|
|
404
|
-
case "extendedKeyUsage":
|
|
405
|
-
asn.extendedKeyUsage = X509.ExtendedKeyUsage(value);
|
|
406
|
-
break;
|
|
407
|
-
case "subjectKeyIdentifier":
|
|
408
|
-
asn.subjectKeyIdentifier = X509.SubjectKeyIdentifier(value);
|
|
409
|
-
break;
|
|
410
|
-
case "authorityKeyIdentifier":
|
|
411
|
-
asn.authorityKeyIdentifier = X509.AuthorityKeyIdentifier(value);
|
|
412
|
-
break;
|
|
413
|
-
case "futureExtension":
|
|
414
|
-
asn.futureExtension = RawBytes(Bytes.concat(...value ?? []));
|
|
415
|
-
break;
|
|
416
|
-
}
|
|
417
|
-
});
|
|
418
|
-
return asn;
|
|
419
|
-
}
|
|
420
|
-
function genericBuildAsn1Structure({
|
|
421
|
-
serialNumber,
|
|
422
|
-
notBefore,
|
|
423
|
-
notAfter,
|
|
424
|
-
issuer,
|
|
425
|
-
subject,
|
|
426
|
-
ellipticCurvePublicKey,
|
|
427
|
-
extensions
|
|
428
|
-
}) {
|
|
429
|
-
const {
|
|
430
|
-
basicConstraints: { isCa, pathLen }
|
|
431
|
-
} = extensions;
|
|
432
|
-
if (!isCa && pathLen !== void 0) {
|
|
433
|
-
throw new CertificateError("Path length must be undefined for non-CA certificates.");
|
|
434
|
-
}
|
|
435
|
-
return {
|
|
436
|
-
version: ContextTagged(0, 2),
|
|
437
|
-
// v3
|
|
438
|
-
serialNumber: DatatypeOverride(DerType.Integer, serialNumber),
|
|
439
|
-
signatureAlgorithm: X962.EcdsaWithSHA256,
|
|
440
|
-
issuer: subjectOrIssuerToAsn1(issuer),
|
|
441
|
-
validity: {
|
|
442
|
-
notBefore: matterToJsDate(notBefore),
|
|
443
|
-
notAfter: matterToJsDate(notAfter)
|
|
444
|
-
},
|
|
445
|
-
subject: subjectOrIssuerToAsn1(subject),
|
|
446
|
-
publicKey: X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),
|
|
447
|
-
extensions: ContextTagged(3, extensionsToAsn1(extensions))
|
|
448
|
-
};
|
|
449
|
-
}
|
|
450
|
-
function genericCertToAsn1(cert) {
|
|
451
|
-
const certBytes = DerCodec.encode(genericBuildAsn1Structure(cert));
|
|
452
|
-
assertCertificateDerSize(certBytes);
|
|
453
|
-
return certBytes;
|
|
454
|
-
}
|
|
455
|
-
function assertCertificateDerSize(certBytes) {
|
|
456
|
-
if (certBytes.length > MAX_DER_CERTIFICATE_SIZE) {
|
|
457
|
-
throw new ImplementationError(
|
|
458
|
-
`Certificate to generate is too big: ${certBytes.length} bytes instead of max ${MAX_DER_CERTIFICATE_SIZE} bytes`
|
|
459
|
-
);
|
|
460
|
-
}
|
|
461
|
-
}
|
|
462
|
-
class CertificateManager {
|
|
463
|
-
#crypto;
|
|
464
|
-
constructor(crypto) {
|
|
465
|
-
this.#crypto = crypto;
|
|
466
|
-
}
|
|
467
|
-
get crypto() {
|
|
468
|
-
return this.#crypto;
|
|
469
|
-
}
|
|
470
|
-
rootCertToAsn1(cert) {
|
|
471
|
-
const {
|
|
472
|
-
extensions: {
|
|
473
|
-
basicConstraints: { isCa }
|
|
474
|
-
}
|
|
475
|
-
} = cert;
|
|
476
|
-
if (!isCa) {
|
|
477
|
-
throw new CertificateError("Root certificate must be a CA.");
|
|
478
|
-
}
|
|
479
|
-
return genericCertToAsn1(cert);
|
|
480
|
-
}
|
|
481
|
-
intermediateCaCertToAsn1(cert) {
|
|
482
|
-
const {
|
|
483
|
-
extensions: {
|
|
484
|
-
basicConstraints: { isCa }
|
|
485
|
-
}
|
|
486
|
-
} = cert;
|
|
487
|
-
if (!isCa) {
|
|
488
|
-
throw new CertificateError("Intermediate certificate must be a CA.");
|
|
489
|
-
}
|
|
490
|
-
return genericCertToAsn1(cert);
|
|
491
|
-
}
|
|
492
|
-
nodeOperationalCertToAsn1(cert) {
|
|
493
|
-
const {
|
|
494
|
-
issuer: { icacId, rcacId },
|
|
495
|
-
extensions: {
|
|
496
|
-
basicConstraints: { isCa }
|
|
497
|
-
}
|
|
498
|
-
} = cert;
|
|
499
|
-
if (icacId === void 0 && rcacId === void 0) {
|
|
500
|
-
throw new CertificateError("Issuer RCAC or ICAC ID must be defined for an operational certificate.");
|
|
501
|
-
}
|
|
502
|
-
if (isCa) {
|
|
503
|
-
throw new CertificateError("Node operational certificate must not be a CA.");
|
|
504
|
-
}
|
|
505
|
-
return genericCertToAsn1(cert);
|
|
506
|
-
}
|
|
507
|
-
async deviceAttestationCertToAsn1(cert, key) {
|
|
508
|
-
const certificate = genericBuildAsn1Structure(cert);
|
|
509
|
-
const signature = await this.#crypto.signEcdsa(key, DerCodec.encode(certificate), "der");
|
|
510
|
-
const certBytes = DerCodec.encode({
|
|
511
|
-
certificate,
|
|
512
|
-
signAlgorithm: X962.EcdsaWithSHA256,
|
|
513
|
-
signature: DerBitString(signature)
|
|
514
|
-
});
|
|
515
|
-
assertCertificateDerSize(certBytes);
|
|
516
|
-
return certBytes;
|
|
517
|
-
}
|
|
518
|
-
async productAttestationIntermediateCertToAsn1(cert, key) {
|
|
519
|
-
const certificate = genericBuildAsn1Structure(cert);
|
|
520
|
-
const signature = await this.#crypto.signEcdsa(key, DerCodec.encode(certificate), "der");
|
|
521
|
-
const certBytes = DerCodec.encode({
|
|
522
|
-
certificate,
|
|
523
|
-
signAlgorithm: X962.EcdsaWithSHA256,
|
|
524
|
-
signature: DerBitString(signature)
|
|
525
|
-
});
|
|
526
|
-
assertCertificateDerSize(certBytes);
|
|
527
|
-
return certBytes;
|
|
528
|
-
}
|
|
529
|
-
async productAttestationAuthorityCertToAsn1(cert, key) {
|
|
530
|
-
const certificate = genericBuildAsn1Structure(cert);
|
|
531
|
-
const certBytes = DerCodec.encode({
|
|
532
|
-
certificate,
|
|
533
|
-
signAlgorithm: X962.EcdsaWithSHA256,
|
|
534
|
-
signature: DerBitString(await this.#crypto.signEcdsa(key, DerCodec.encode(certificate), "der"))
|
|
535
|
-
});
|
|
536
|
-
assertCertificateDerSize(certBytes);
|
|
537
|
-
return certBytes;
|
|
538
|
-
}
|
|
539
|
-
async certificationDeclarationToAsn1(eContent, subjectKeyIdentifier, privateKey) {
|
|
540
|
-
const certificate = {
|
|
541
|
-
version: 3,
|
|
542
|
-
digestAlgorithm: [SHA256_CMS],
|
|
543
|
-
encapContentInfo: Pkcs7.Data(eContent),
|
|
544
|
-
signerInfo: [
|
|
545
|
-
{
|
|
546
|
-
version: 3,
|
|
547
|
-
subjectKeyIdentifier: ContextTaggedBytes(0, subjectKeyIdentifier),
|
|
548
|
-
digestAlgorithm: SHA256_CMS,
|
|
549
|
-
signatureAlgorithm: X962.EcdsaWithSHA256,
|
|
550
|
-
signature: await this.#crypto.signEcdsa(privateKey, eContent, "der")
|
|
551
|
-
}
|
|
552
|
-
]
|
|
553
|
-
};
|
|
554
|
-
const certBytes = DerCodec.encode(Pkcs7.SignedData(certificate));
|
|
555
|
-
assertCertificateDerSize(certBytes);
|
|
556
|
-
return certBytes;
|
|
557
|
-
}
|
|
558
|
-
/**
|
|
559
|
-
* Validate general requirements a Matter certificate fields must fulfill.
|
|
560
|
-
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
561
|
-
*/
|
|
562
|
-
validateGeneralCertificateFields(cert) {
|
|
563
|
-
if (cert.serialNumber.length > 20)
|
|
564
|
-
throw new CertificateError(
|
|
565
|
-
`Serial number must not be longer then 20 octets. Current serial number has ${cert.serialNumber.length} octets.`
|
|
566
|
-
);
|
|
567
|
-
if (cert.signatureAlgorithm !== 1) {
|
|
568
|
-
throw new CertificateError(`Unsupported signature algorithm: ${cert.signatureAlgorithm}`);
|
|
569
|
-
}
|
|
570
|
-
if (cert.publicKeyAlgorithm !== 1) {
|
|
571
|
-
throw new CertificateError(`Unsupported public key algorithm: ${cert.publicKeyAlgorithm}`);
|
|
572
|
-
}
|
|
573
|
-
if (cert.ellipticCurveIdentifier !== 1) {
|
|
574
|
-
throw new CertificateError(`Unsupported elliptic curve identifier: ${cert.ellipticCurveIdentifier}`);
|
|
575
|
-
}
|
|
576
|
-
if (Object.keys(cert.subject).length > 5) {
|
|
577
|
-
throw new CertificateError(`Certificate subject must not contain more than 5 RDNs.`);
|
|
578
|
-
}
|
|
579
|
-
if (Object.keys(cert.issuer).length > 5) {
|
|
580
|
-
throw new CertificateError(`Certificate issuer must not contain more than 5 RDNs.`);
|
|
581
|
-
}
|
|
582
|
-
if (cert.notBefore * 1e3 > Time.nowMs()) {
|
|
583
|
-
logger.warn(`Certificate notBefore date is in the future: ${cert.notBefore * 1e3} vs ${Time.nowMs()}`);
|
|
584
|
-
}
|
|
585
|
-
}
|
|
586
|
-
/**
|
|
587
|
-
* Verify requirements a Matter Root certificate must fulfill.
|
|
588
|
-
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
589
|
-
*/
|
|
590
|
-
async verifyRootCertificate(rootCert) {
|
|
591
|
-
this.validateGeneralCertificateFields(rootCert);
|
|
592
|
-
if ("nodeId" in rootCert.subject) {
|
|
593
|
-
throw new CertificateError(`Root certificate must not contain a nodeId.`);
|
|
594
|
-
}
|
|
595
|
-
if (rootCert.subject.fabricId !== void 0) {
|
|
596
|
-
if (Array.isArray(rootCert.subject.fabricId)) {
|
|
597
|
-
throw new CertificateError(
|
|
598
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(rootCert.subject.fabricId)}`
|
|
599
|
-
);
|
|
600
|
-
}
|
|
601
|
-
if (rootCert.subject.fabricId === FabricId(0)) {
|
|
602
|
-
throw new CertificateError(
|
|
603
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(rootCert.subject.fabricId)}`
|
|
604
|
-
);
|
|
605
|
-
}
|
|
606
|
-
}
|
|
607
|
-
if ("icacId" in rootCert.subject) {
|
|
608
|
-
throw new CertificateError(`Root certificate must not contain an icacId.`);
|
|
609
|
-
}
|
|
610
|
-
if (rootCert.subject.rcacId === void 0 || Array.isArray(rootCert.subject.rcacId)) {
|
|
611
|
-
throw new CertificateError(
|
|
612
|
-
`Invalid rcacId in Root certificate: ${Diagnostic.json(rootCert.subject.rcacId)}`
|
|
613
|
-
);
|
|
614
|
-
}
|
|
615
|
-
if ("caseAuthenticatedTags" in rootCert.subject) {
|
|
616
|
-
throw new CertificateError(`Root certificate must not contain a caseAuthenticatedTags.`);
|
|
617
|
-
}
|
|
618
|
-
if (rootCert.extensions.basicConstraints.isCa !== true) {
|
|
619
|
-
throw new CertificateError(`Root certificate must have isCa set to true.`);
|
|
620
|
-
}
|
|
621
|
-
if (ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 96 && ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 97) {
|
|
622
|
-
throw new CertificateError(
|
|
623
|
-
`Root certificate keyUsage must have keyCertSign and CRLSign and optionally digitalSignature set.`
|
|
624
|
-
);
|
|
625
|
-
}
|
|
626
|
-
if (rootCert.extensions.extendedKeyUsage !== void 0) {
|
|
627
|
-
throw new CertificateError(`Root certificate must not have extendedKeyUsage set.`);
|
|
628
|
-
}
|
|
629
|
-
if (rootCert.extensions.subjectKeyIdentifier === void 0) {
|
|
630
|
-
throw new CertificateError(`Root certificate must have subjectKeyIdentifier set.`);
|
|
631
|
-
}
|
|
632
|
-
if (rootCert.extensions.subjectKeyIdentifier.length !== 20) {
|
|
633
|
-
throw new CertificateError(`Root certificate subjectKeyIdentifier must be 160 bit.`);
|
|
634
|
-
}
|
|
635
|
-
if (rootCert.extensions.authorityKeyIdentifier === void 0) {
|
|
636
|
-
throw new CertificateError(`Root certificate must have authorityKeyIdentifier set.`);
|
|
637
|
-
}
|
|
638
|
-
if (rootCert.extensions.authorityKeyIdentifier.length !== 20) {
|
|
639
|
-
throw new CertificateError(`Root certificate authorityKeyIdentifier must be 160 bit.`);
|
|
640
|
-
}
|
|
641
|
-
if (!Bytes.areEqual(rootCert.extensions.authorityKeyIdentifier, rootCert.extensions.subjectKeyIdentifier)) {
|
|
642
|
-
throw new CertificateError(
|
|
643
|
-
`Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`
|
|
644
|
-
);
|
|
645
|
-
}
|
|
646
|
-
await this.#crypto.verifyEcdsa(
|
|
647
|
-
PublicKey(rootCert.ellipticCurvePublicKey),
|
|
648
|
-
this.rootCertToAsn1(rootCert),
|
|
649
|
-
rootCert.signature
|
|
650
|
-
);
|
|
651
|
-
}
|
|
652
|
-
/**
|
|
653
|
-
* Verify requirements a Matter Node Operational certificate must fulfill.
|
|
654
|
-
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
655
|
-
*/
|
|
656
|
-
async verifyNodeOperationalCertificate(nocCert, rootCert, icaCert) {
|
|
657
|
-
this.validateGeneralCertificateFields(nocCert);
|
|
658
|
-
if (nocCert.subject.nodeId === void 0 || Array.isArray(nocCert.subject.nodeId)) {
|
|
659
|
-
throw new CertificateError(`Invalid nodeId in NoC certificate: ${Diagnostic.json(nocCert.subject.nodeId)}`);
|
|
660
|
-
}
|
|
661
|
-
if (!NodeId.isOperationalNodeId(nocCert.subject.nodeId)) {
|
|
662
|
-
throw new CertificateError(`Invalid nodeId in NoC certificate: ${Diagnostic.json(nocCert.subject.nodeId)}`);
|
|
663
|
-
}
|
|
664
|
-
if (nocCert.subject.fabricId === void 0 || Array.isArray(nocCert.subject.fabricId)) {
|
|
665
|
-
throw new CertificateError(
|
|
666
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(nocCert.subject.fabricId)}`
|
|
667
|
-
);
|
|
668
|
-
}
|
|
669
|
-
if (nocCert.subject.fabricId === FabricId(0)) {
|
|
670
|
-
throw new CertificateError(
|
|
671
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(nocCert.subject.fabricId)}`
|
|
672
|
-
);
|
|
673
|
-
}
|
|
674
|
-
if ("icacId" in nocCert.subject) {
|
|
675
|
-
throw new CertificateError(`Noc certificate must not contain an icacId.`);
|
|
676
|
-
}
|
|
677
|
-
if ("rcacId" in nocCert.subject) {
|
|
678
|
-
throw new CertificateError(`Noc certificate must not contain an rcacId.`);
|
|
679
|
-
}
|
|
680
|
-
if (nocCert.subject.caseAuthenticatedTags !== void 0) {
|
|
681
|
-
CaseAuthenticatedTag.validateNocTagList(nocCert.subject.caseAuthenticatedTags);
|
|
682
|
-
}
|
|
683
|
-
if (rootCert.subject.fabricId !== void 0 && rootCert.subject.fabricId !== nocCert.subject.fabricId) {
|
|
684
|
-
throw new CertificateError(
|
|
685
|
-
`FabricId in NoC certificate does not match the fabricId in the parent certificate. ${Diagnostic.json(
|
|
686
|
-
rootCert.subject.fabricId
|
|
687
|
-
)} !== ${Diagnostic.json(nocCert.subject.fabricId)}`
|
|
688
|
-
);
|
|
689
|
-
}
|
|
690
|
-
if (icaCert !== void 0 && icaCert.subject.fabricId !== void 0 && icaCert.subject.fabricId !== nocCert.subject.fabricId) {
|
|
691
|
-
throw new CertificateError(
|
|
692
|
-
`FabricId in NoC certificate does not match the fabricId in the parent certificate. ${Diagnostic.json(
|
|
693
|
-
icaCert.subject.fabricId
|
|
694
|
-
)} !== ${Diagnostic.json(nocCert.subject.fabricId)}`
|
|
695
|
-
);
|
|
696
|
-
}
|
|
697
|
-
if (nocCert.extensions.basicConstraints.isCa) {
|
|
698
|
-
throw new CertificateError(`Noc certificate must not have isCa set to true.`);
|
|
699
|
-
}
|
|
700
|
-
if (!nocCert.extensions.keyUsage.digitalSignature) {
|
|
701
|
-
throw new CertificateError(`Noc certificate must have keyUsage set to digitalSignature.`);
|
|
702
|
-
}
|
|
703
|
-
if (nocCert.extensions.extendedKeyUsage === void 0 || !nocCert.extensions.extendedKeyUsage.includes(1) && !nocCert.extensions.extendedKeyUsage.includes(2)) {
|
|
704
|
-
throw new CertificateError(
|
|
705
|
-
`Noc certificate must have extendedKeyUsage with serverAuth and clientAuth: ${Diagnostic.json(nocCert.extensions.extendedKeyUsage)}`
|
|
706
|
-
);
|
|
707
|
-
}
|
|
708
|
-
if (nocCert.extensions.subjectKeyIdentifier === void 0) {
|
|
709
|
-
throw new CertificateError(`Noc certificate must have subjectKeyIdentifier set.`);
|
|
710
|
-
}
|
|
711
|
-
if (nocCert.extensions.subjectKeyIdentifier.length !== 20) {
|
|
712
|
-
throw new CertificateError(`Noc certificate subjectKeyIdentifier must be 160 bit.`);
|
|
713
|
-
}
|
|
714
|
-
if (nocCert.extensions.authorityKeyIdentifier === void 0) {
|
|
715
|
-
throw new CertificateError(`Noc certificate must have authorityKeyIdentifier set.`);
|
|
716
|
-
}
|
|
717
|
-
if (nocCert.extensions.authorityKeyIdentifier.length !== 20) {
|
|
718
|
-
throw new CertificateError(`Noc certificate authorityKeyIdentifier must be 160 bit.`);
|
|
719
|
-
}
|
|
720
|
-
if (!Bytes.areEqual(
|
|
721
|
-
nocCert.extensions.authorityKeyIdentifier,
|
|
722
|
-
(icaCert ?? rootCert).extensions.subjectKeyIdentifier
|
|
723
|
-
)) {
|
|
724
|
-
throw new CertificateError(
|
|
725
|
-
`Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`
|
|
726
|
-
);
|
|
727
|
-
}
|
|
728
|
-
await this.#crypto.verifyEcdsa(
|
|
729
|
-
PublicKey((icaCert ?? rootCert).ellipticCurvePublicKey),
|
|
730
|
-
this.nodeOperationalCertToAsn1(nocCert),
|
|
731
|
-
nocCert.signature
|
|
732
|
-
);
|
|
733
|
-
}
|
|
734
|
-
/**
|
|
735
|
-
* Verify requirements a Matter Intermediate CA certificate must fulfill.
|
|
736
|
-
* Rules for this are listed in @see {@link MatterSpecification.v12.Core} §6.5.x
|
|
737
|
-
*/
|
|
738
|
-
async verifyIntermediateCaCertificate(rootCert, icaCert) {
|
|
739
|
-
this.validateGeneralCertificateFields(icaCert);
|
|
740
|
-
if ("nodeId" in icaCert.subject) {
|
|
741
|
-
throw new CertificateError(`Ica certificate must not contain a nodeId.`);
|
|
742
|
-
}
|
|
743
|
-
if (icaCert.subject.fabricId !== void 0) {
|
|
744
|
-
if (Array.isArray(icaCert.subject.fabricId)) {
|
|
745
|
-
throw new CertificateError(
|
|
746
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(icaCert.subject.fabricId)}`
|
|
747
|
-
);
|
|
748
|
-
}
|
|
749
|
-
if (icaCert.subject.fabricId === FabricId(0)) {
|
|
750
|
-
throw new CertificateError(
|
|
751
|
-
`Invalid fabricId in NoC certificate: ${Diagnostic.json(icaCert.subject.fabricId)}`
|
|
752
|
-
);
|
|
753
|
-
}
|
|
754
|
-
}
|
|
755
|
-
if (icaCert.subject.icacId === void 0 || Array.isArray(icaCert.subject.icacId)) {
|
|
756
|
-
throw new CertificateError(`Invalid icacId in Ica certificate: ${Diagnostic.json(icaCert.subject.icacId)}`);
|
|
757
|
-
}
|
|
758
|
-
if ("rcacId" in icaCert.subject) {
|
|
759
|
-
throw new CertificateError(`Ica certificate must not contain an rcacId.`);
|
|
760
|
-
}
|
|
761
|
-
if ("caseAuthenticatedTags" in icaCert.subject) {
|
|
762
|
-
throw new CertificateError(`Ica certificate must not contain a caseAuthenticatedTags.`);
|
|
763
|
-
}
|
|
764
|
-
if (rootCert.subject.fabricId !== void 0 && icaCert.subject.fabricId !== void 0 && rootCert.subject.fabricId !== icaCert.subject.fabricId) {
|
|
765
|
-
throw new CertificateError(
|
|
766
|
-
`FabricId in Ica certificate does not match the fabricId in the parent certificate. ${Diagnostic.json(
|
|
767
|
-
rootCert.subject.fabricId
|
|
768
|
-
)} !== ${Diagnostic.json(icaCert.subject.fabricId)}`
|
|
769
|
-
);
|
|
770
|
-
}
|
|
771
|
-
if (rootCert.subject.rcacId !== icaCert.issuer.rcacId) {
|
|
772
|
-
throw new CertificateError(
|
|
773
|
-
`RcacId in Ica certificate does not match the rcacId in the parent certificate. ${Diagnostic.json(
|
|
774
|
-
rootCert.subject.rcacId
|
|
775
|
-
)} !== ${Diagnostic.json(icaCert.issuer.rcacId)}`
|
|
776
|
-
);
|
|
777
|
-
}
|
|
778
|
-
if (!icaCert.extensions.basicConstraints.isCa) {
|
|
779
|
-
throw new CertificateError(`Ica certificate must have isCa set to true.`);
|
|
780
|
-
}
|
|
781
|
-
if (ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 96 && ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 97) {
|
|
782
|
-
throw new CertificateError(
|
|
783
|
-
`Ica certificate keyUsage must have keyCertSign and CRLSign and optionally digitalSignature set.`
|
|
784
|
-
);
|
|
785
|
-
}
|
|
786
|
-
if (icaCert.extensions.extendedKeyUsage !== void 0) {
|
|
787
|
-
throw new CertificateError(`Ica certificate must not have extendedKeyUsage set.`);
|
|
788
|
-
}
|
|
789
|
-
if (icaCert.extensions.subjectKeyIdentifier === void 0) {
|
|
790
|
-
throw new CertificateError(`Ica certificate must have subjectKeyIdentifier set.`);
|
|
791
|
-
}
|
|
792
|
-
if (icaCert.extensions.subjectKeyIdentifier.length !== 20) {
|
|
793
|
-
throw new CertificateError(`Ica certificate subjectKeyIdentifier must be 160 bit.`);
|
|
794
|
-
}
|
|
795
|
-
if (icaCert.extensions.authorityKeyIdentifier === void 0) {
|
|
796
|
-
throw new CertificateError(`Ica certificate must have authorityKeyIdentifier set.`);
|
|
797
|
-
}
|
|
798
|
-
if (icaCert.extensions.authorityKeyIdentifier.length !== 20) {
|
|
799
|
-
throw new CertificateError(`Ica certificate authorityKeyIdentifier must be 160 bit.`);
|
|
800
|
-
}
|
|
801
|
-
if (!Bytes.areEqual(icaCert.extensions.authorityKeyIdentifier, rootCert.extensions.subjectKeyIdentifier)) {
|
|
802
|
-
throw new CertificateError(
|
|
803
|
-
`Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`
|
|
804
|
-
);
|
|
805
|
-
}
|
|
806
|
-
await this.#crypto.verifyEcdsa(
|
|
807
|
-
PublicKey(rootCert.ellipticCurvePublicKey),
|
|
808
|
-
this.intermediateCaCertToAsn1(icaCert),
|
|
809
|
-
icaCert.signature
|
|
810
|
-
);
|
|
811
|
-
}
|
|
812
|
-
async createCertificateSigningRequest(key) {
|
|
813
|
-
const request = {
|
|
814
|
-
version: 0,
|
|
815
|
-
subject: { organization: X520.OrganisationName("CSR") },
|
|
816
|
-
publicKey: X962.PublicKeyEcPrime256v1(key.publicKey),
|
|
817
|
-
endSignedBytes: ContextTagged(0)
|
|
818
|
-
};
|
|
819
|
-
return DerCodec.encode({
|
|
820
|
-
request,
|
|
821
|
-
signAlgorithm: X962.EcdsaWithSHA256,
|
|
822
|
-
signature: DerBitString(await this.#crypto.signEcdsa(key, DerCodec.encode(request), "der"))
|
|
823
|
-
});
|
|
824
|
-
}
|
|
825
|
-
async getPublicKeyFromCsr(csr) {
|
|
826
|
-
const { [DerKey.Elements]: rootElements } = DerCodec.decode(csr);
|
|
827
|
-
if (rootElements?.length !== 3) throw new CertificateError("Invalid CSR data");
|
|
828
|
-
const [requestNode, signAlgorithmNode, signatureNode] = rootElements;
|
|
829
|
-
const { [DerKey.Elements]: requestElements } = requestNode;
|
|
830
|
-
if (requestElements?.length !== 4) throw new CertificateError("Invalid CSR data");
|
|
831
|
-
const [versionNode, _subjectNode, publicKeyNode] = requestElements;
|
|
832
|
-
const requestVersion = versionNode[DerKey.Bytes][0];
|
|
833
|
-
if (requestVersion !== 0) throw new CertificateError(`Unsupported request version${requestVersion}`);
|
|
834
|
-
const { [DerKey.Elements]: publicKeyElements } = publicKeyNode;
|
|
835
|
-
if (publicKeyElements?.length !== 2) throw new CertificateError("Invalid CSR data");
|
|
836
|
-
const [_publicKeyTypeNode, publicKeyBytesNode] = publicKeyElements;
|
|
837
|
-
const publicKey = publicKeyBytesNode[DerKey.Bytes];
|
|
838
|
-
if (signAlgorithmNode[DerKey.Elements]?.[0]?.[DerKey.Bytes] === void 0 || !Bytes.areEqual(
|
|
839
|
-
X962.EcdsaWithSHA256[DerKey.ObjectId][DerKey.Bytes],
|
|
840
|
-
signAlgorithmNode[DerKey.Elements]?.[0]?.[DerKey.Bytes]
|
|
841
|
-
))
|
|
842
|
-
throw new CertificateError("Unsupported signature type");
|
|
843
|
-
await this.#crypto.verifyEcdsa(
|
|
844
|
-
PublicKey(publicKey),
|
|
845
|
-
DerCodec.encode(requestNode),
|
|
846
|
-
signatureNode[DerKey.Bytes],
|
|
847
|
-
"der"
|
|
848
|
-
);
|
|
849
|
-
return publicKey;
|
|
850
|
-
}
|
|
851
|
-
}
|
|
852
|
-
export {
|
|
853
|
-
CertificateError,
|
|
854
|
-
CertificateManager,
|
|
855
|
-
FabricId_Matter,
|
|
856
|
-
FirmwareSigningId_Matter,
|
|
857
|
-
IcacId_Matter,
|
|
858
|
-
NocCat_Matter,
|
|
859
|
-
NodeId_Matter,
|
|
860
|
-
ProductId_Matter,
|
|
861
|
-
RcacId_Matter,
|
|
862
|
-
TlvCertificationDeclaration,
|
|
863
|
-
TlvIntermediateCertificate,
|
|
864
|
-
TlvOperationalCertificate,
|
|
865
|
-
TlvRootCertificate,
|
|
866
|
-
VendorId_Matter,
|
|
867
|
-
jsToMatterDate,
|
|
868
|
-
matterToJsDate
|
|
869
|
-
};
|
|
870
|
-
//# sourceMappingURL=CertificateManager.js.map
|