diff --git a/src/darwin/Framework/CHIP/MTRCertificates.mm b/src/darwin/Framework/CHIP/MTRCertificates.mm index 9444ae920cc44c..c479ce24c35199 100644 --- a/src/darwin/Framework/CHIP/MTRCertificates.mm +++ b/src/darwin/Framework/CHIP/MTRCertificates.mm @@ -152,7 +152,22 @@ + (MTRCertificateDERBytes _Nullable)createOperationalCertificate:(id + (BOOL)keypair:(id)keypair matchesCertificate:(NSData *)certificate { P256PublicKey keypairPubKey; - CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(keypair.publicKey, &keypairPubKey); + SecKeyRef publicKey = NULL; + + if ( [keypair respondsToSelector:@selector(copyPublicKey)] ) { + publicKey = [keypair copyPublicKey]; + } else { + publicKey = [keypair publicKey]; + CFRetain(publicKey); + } + + CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(publicKey, &keypairPubKey); + + if ( publicKey != NULL) { + CFRelease(publicKey); + publicKey = NULL + } + if (err != CHIP_NO_ERROR) { MTR_LOG_ERROR("Can't extract public key from keypair: %s", ErrorStr(err)); return NO; diff --git a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm index 25939d6ae5c64e..9c88d37c059fc5 100644 --- a/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm +++ b/src/darwin/Framework/CHIP/MTRDeviceControllerFactory.mm @@ -766,7 +766,22 @@ - (BOOL)findMatchingFabric:(FabricTable &)fabricTable } else { // No root certificate means the nocSigner is using the root keys, because // consumers must provide a root certificate whenever an ICA is used. - CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(params.nocSigner.publicKey, &pubKey); + SecKeyRef publicKey = NULL; + + if ( [keypair respondsToSelector:@selector(copyPublicKey)] ) { + publicKey = [keypair copyPublicKey]; + } else { + publicKey = [keypair publicKey]; + CFRetain(publicKey); + } + + CHIP_ERROR err = MTRP256KeypairBridge::MatterPubKeyFromSecKeyRef(publicKey, &pubKey); + + if ( publicKey != NULL) { + CFRelease(publicKey); + publicKey = NULL + } + if (err != CHIP_NO_ERROR) { MTR_LOG_ERROR("Can't extract public key from MTRKeypair: %s", ErrorStr(err)); return NO; diff --git a/src/darwin/Framework/CHIP/MTRKeypair.h b/src/darwin/Framework/CHIP/MTRKeypair.h index a4e4521b2864a6..d51dcd42470883 100644 --- a/src/darwin/Framework/CHIP/MTRKeypair.h +++ b/src/darwin/Framework/CHIP/MTRKeypair.h @@ -35,7 +35,10 @@ NS_ASSUME_NONNULL_BEGIN /** * @brief Return public key for the keypair. */ -- (SecKeyRef)publicKey; +- (SecKeyRef)publicKey MTR_DEPRECATED( + "Please implement copyPublicKey", ios(16.4, 17.2), macos(13.3, 14.2), watchos(9.4, 10.2), tvos(16.4, 17.2)); +; +- (SecKeyRef)copyPublicKey MTR_NEWLY_AVAILABLE; @optional /** diff --git a/src/darwin/Framework/CHIPTests/MTRCertificateTests.m b/src/darwin/Framework/CHIPTests/MTRCertificateTests.m index 89860b8df2f997..233687820c6892 100644 --- a/src/darwin/Framework/CHIPTests/MTRCertificateTests.m +++ b/src/darwin/Framework/CHIPTests/MTRCertificateTests.m @@ -129,7 +129,7 @@ - (void)testGenerateIntermediateCert __auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:rootCert - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -161,7 +161,7 @@ - (void)testGenerateIntermediateCertWithValidityPeriod __auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:rootCert - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil validityPeriod:validityPeriod @@ -198,7 +198,7 @@ - (void)testGenerateIntermediateCertWithInfiniteValidity __auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:rootCert - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil validityPeriod:validityPeriod @@ -238,7 +238,7 @@ - (void)testGenerateOperationalCertNoIntermediate __auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:cats @@ -277,7 +277,7 @@ - (void)testGenerateOperationalCertNoIntermediateWithValidityPeriod __auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:cats @@ -321,7 +321,7 @@ - (void)testGenerateOperationalCertNoIntermediateWithInfiniteValidity __auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:cats @@ -356,7 +356,7 @@ - (void)testGenerateOperationalCertWithIntermediate __auto_type * intermediateCert = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:rootCert - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -367,7 +367,7 @@ - (void)testGenerateOperationalCertWithIntermediate __auto_type * operationalCert = [MTRCertificates createOperationalCertificate:intermediateKeys signingCertificate:intermediateCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:nil @@ -415,7 +415,7 @@ - (void)testGenerateOperationalCertErrorCases // Check basic case works __auto_type * operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:nil @@ -425,7 +425,7 @@ - (void)testGenerateOperationalCertErrorCases // CATs too long operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:longCats @@ -435,7 +435,7 @@ - (void)testGenerateOperationalCertErrorCases // Multiple CATs with the same identifier but different versions operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:catsWithSameIdentifier @@ -445,7 +445,7 @@ - (void)testGenerateOperationalCertErrorCases // CAT with invalid version operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:catsWithInvalidVersion @@ -455,7 +455,7 @@ - (void)testGenerateOperationalCertErrorCases // Signing key mismatch operationalCert = [MTRCertificates createOperationalCertificate:operationalKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@1 caseAuthenticatedTags:nil @@ -465,7 +465,7 @@ - (void)testGenerateOperationalCertErrorCases // Invalid fabric id operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@0 nodeID:@1 caseAuthenticatedTags:nil @@ -475,7 +475,7 @@ - (void)testGenerateOperationalCertErrorCases // Undefined node id operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@0 caseAuthenticatedTags:nil @@ -485,7 +485,7 @@ - (void)testGenerateOperationalCertErrorCases // Non-operational node id operationalCert = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:rootCert - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@1 nodeID:@(0xFFFFFFFFFFFFFFFFLLU) caseAuthenticatedTags:nil diff --git a/src/darwin/Framework/CHIPTests/MTRCertificateValidityTests.m b/src/darwin/Framework/CHIPTests/MTRCertificateValidityTests.m index 7a66d299e19e71..0f37d92f69f3ed 100644 --- a/src/darwin/Framework/CHIPTests/MTRCertificateValidityTests.m +++ b/src/darwin/Framework/CHIPTests/MTRCertificateValidityTests.m @@ -260,7 +260,7 @@ - (void)initStack:(MTRTestCertificateIssuer *)certificateIssuer __auto_type * controllerOperationalCert = [certificateIssuer issueOperationalCertificateForNode:@(kControllerId) - operationalPublicKey:controllerOperationalKeys.publicKey]; + operationalPublicKey:[controllerOperationalKeys.copyPublicKey autorelease]]; XCTAssertNotNil(controllerOperationalCert); __auto_type * params = [[MTRDeviceControllerStartupParams alloc] initWithIPK:certificateIssuer.rootKey.ipk diff --git a/src/darwin/Framework/CHIPTests/MTRControllerAdvertisingTests.m b/src/darwin/Framework/CHIPTests/MTRControllerAdvertisingTests.m index 4092a38b56f84e..dace586d422034 100644 --- a/src/darwin/Framework/CHIPTests/MTRControllerAdvertisingTests.m +++ b/src/darwin/Framework/CHIPTests/MTRControllerAdvertisingTests.m @@ -167,7 +167,7 @@ - (nullable MTRDeviceController *)startControllerWithRootKeys:(MTRTestKeys *)roo __auto_type * operational = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:root - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:fabricID nodeID:nodeID caseAuthenticatedTags:nil diff --git a/src/darwin/Framework/CHIPTests/MTRControllerTests.m b/src/darwin/Framework/CHIPTests/MTRControllerTests.m index 975625ea55df4b..08504ae0b083c8 100644 --- a/src/darwin/Framework/CHIPTests/MTRControllerTests.m +++ b/src/darwin/Framework/CHIPTests/MTRControllerTests.m @@ -623,7 +623,7 @@ - (void)testControllerSignerKeyWithIntermediate __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -863,7 +863,7 @@ - (void)testControllerRotateToICA __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -925,7 +925,7 @@ - (void)testControllerRotateFromICA __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -989,7 +989,7 @@ - (void)testControllerRotateICA __auto_type * intermediate1 = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys1.publicKey + intermediatePublicKey:[intermediateKeys1.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -1000,7 +1000,7 @@ - (void)testControllerRotateICA __auto_type * intermediate2 = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys2.publicKey + intermediatePublicKey:[intermediateKeys2.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -1064,7 +1064,7 @@ - (void)testControllerICAWithoutRoot __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -1107,7 +1107,7 @@ - (void)testControllerProvideFullCertChain __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:nil error:nil]; @@ -1118,7 +1118,7 @@ - (void)testControllerProvideFullCertChain __auto_type * operational = [MTRCertificates createOperationalCertificate:intermediateKeys signingCertificate:intermediate - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@123 nodeID:@456 caseAuthenticatedTags:nil @@ -1182,7 +1182,7 @@ - (void)testControllerProvideCertChainNoICA __auto_type * operational = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:root - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@123 nodeID:@456 caseAuthenticatedTags:nil @@ -1232,7 +1232,7 @@ - (void)testControllerCertChainFabricMismatchRoot __auto_type * operational = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:root - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@123 nodeID:@456 caseAuthenticatedTags:nil @@ -1276,7 +1276,7 @@ - (void)testControllerCertChainFabricMismatchIntermediate __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPublicKey autorelease] issuerID:nil fabricID:@111 error:nil]; @@ -1287,7 +1287,7 @@ - (void)testControllerCertChainFabricMismatchIntermediate __auto_type * operational = [MTRCertificates createOperationalCertificate:intermediateKeys signingCertificate:intermediate - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:@123 nodeID:@456 caseAuthenticatedTags:nil diff --git a/src/darwin/Framework/CHIPTests/MTRFabricInfoTests.m b/src/darwin/Framework/CHIPTests/MTRFabricInfoTests.m index a98067098688b5..ae2fc922da2fe2 100644 --- a/src/darwin/Framework/CHIPTests/MTRFabricInfoTests.m +++ b/src/darwin/Framework/CHIPTests/MTRFabricInfoTests.m @@ -160,7 +160,7 @@ - (void)testFabricInfoTwoFabrics __auto_type * intermediate = [MTRCertificates createIntermediateCertificate:rootKeys rootCertificate:root - intermediatePublicKey:intermediateKeys.publicKey + intermediatePublicKey:[intermediateKeys.copyPwublicKey autorelease] issuerID:nil fabricID:nil error:nil]; diff --git a/src/darwin/Framework/CHIPTests/MTRPerControllerStorageTests.m b/src/darwin/Framework/CHIPTests/MTRPerControllerStorageTests.m index df98530a81db18..1f6f2f9ca4dc08 100644 --- a/src/darwin/Framework/CHIPTests/MTRPerControllerStorageTests.m +++ b/src/darwin/Framework/CHIPTests/MTRPerControllerStorageTests.m @@ -249,7 +249,7 @@ - (nullable MTRDeviceController *)startControllerWithRootKeys:(MTRTestKeys *)roo __auto_type * operational = [MTRCertificates createOperationalCertificate:rootKeys signingCertificate:root - operationalPublicKey:operationalKeys.publicKey + operationalPublicKey:[operationalKeys.copyPublicKey autorelease] fabricID:fabricID nodeID:nodeID caseAuthenticatedTags:caseAuthenticatedTags