-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Any API to provide custom root certificate authority (RootCA) ? #90
Comments
I am currently working on this, we will provide the AttestationTrustStore delegate API to allow the vendor to set their own PAA list |
Which paa certificates are supported by GHSA so far ?Are there other certificates besides the default PAA test certificate? For example the list of PAAs in the DCL? |
Hi @yufengwangca, Firstly thanks for the update. Actually sorry for providing less information in question. Updating my question here. Updated question :Hi @pierredelisle / @yufengwangca ,
For the first step, I want to receive callback and CSR value in Android application at java layer... (I guess after 'ValidateCSR' from chiptool lib) If you see in attached logs, library is requesting and getting CSR from device, validating it, generating NOC, sending root certificate to the device and after that gives above callback to app. I want to modify this flow as per above steps. So after getting CSR in app, need to call our cloud API to get root CA and device cert for our fabric. Is there any API or way to do this ? Thanks. |
Hi @yufengwangca , @pierredelisle , Is NOCChainIssuer a relevant API to skip root CA certificate and device certificate (NOC) generation in commissioning flow ? Can I get a callback at Android app layer and provide my own certificates (from proprietary cloud) to commission device in custom fabric ? |
Does this work as an alternative way to solve this problem? For each user account, generate an intermediate CA in the cloud. Then download that intermediate CA into the commissioner. Let the intermediate CA generate device certificates and sign the CSRs locally. Intermediate CA private key is stored in the commissioner's trust zone. |
controller.newBuilder() has a parameter of OperationalKeyConfig() and OperationalKeyConfig accepts KeypairDelegate which has a signing API.
|
Hi @jonsmirl , Thank you so much for the answer. I am trying to understand the things. Basically, I want to commission matter device in my custom fabric. Here is the required flow and some of my understanding. Start commissioning device --> Google will do commission to its fabric using BLE --> Start commissioning on network --> Get CSR from device --> App will pass this CSR to cloud and will get RootCA & NOC --> Send NOC to device --> complete commissioning. So want to get control and callback in-between commissioning process at Android app side for CSR and NOC. From the documentation of NOCChainIssuer, I thought it will useful for getting CSR information in |
Is there any way to provide custom root CA for custom fabric ?
The text was updated successfully, but these errors were encountered: