diff --git a/MatterDotNet/MatterDotNet.csproj b/MatterDotNet/MatterDotNet.csproj
index add5d22..9e56041 100644
--- a/MatterDotNet/MatterDotNet.csproj
+++ b/MatterDotNet/MatterDotNet.csproj
@@ -39,4 +39,8 @@
True
+
+
+
+
diff --git a/MatterDotNet/PKI/Fabric.cs b/MatterDotNet/PKI/Fabric.cs
index 99afd51..9a7bf85 100644
--- a/MatterDotNet/PKI/Fabric.cs
+++ b/MatterDotNet/PKI/Fabric.cs
@@ -85,6 +85,12 @@ public OperationalCertificate Sign(CertificateRequest nocsr)
return ret;
}
+ public OperationalCertificate CreateCommissioner()
+ {
+ var keyPair = Crypto.GenerateKeypair();
+ return CreateCommissioner(keyPair.Public, keyPair.Private);
+ }
+
public OperationalCertificate CreateCommissioner(byte[] publicKey, byte[] privateKey)
{
ulong nodeId = (ulong)(0xbaddeed2 + nodes.Count);
diff --git a/MatterDotNet/PKI/OperationalCertificate.cs b/MatterDotNet/PKI/OperationalCertificate.cs
index c0b7dc3..eb74061 100644
--- a/MatterDotNet/PKI/OperationalCertificate.cs
+++ b/MatterDotNet/PKI/OperationalCertificate.cs
@@ -10,6 +10,7 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see .
+using MatterDotNet.DCL;
using MatterDotNet.Messages.Certificates;
using MatterDotNet.Protocol.Payloads;
using MatterDotNet.Util;
@@ -110,18 +111,24 @@ protected void ParseCert()
}
}
- public bool VerifyChain(byte[] intermediateCert, OperationalCertificate rootCert)
+ public bool VerifyChain(byte[] intermediateCert, DCLClient dcl, VerificationLevel level)
{
+ if (level == VerificationLevel.AnyDevice)
+ return true;
X509Chain chain = new X509Chain();
#if NET9_0_OR_GREATER
chain.ChainPolicy.ExtraStore.Add(X509CertificateLoader.LoadCertificate(intermediateCert));
#else
chain.ChainPolicy.ExtraStore.Add(new X509Certificate2(intermediateCert));
#endif
- chain.ChainPolicy.CustomTrustStore.Add(rootCert.cert);
+ chain.ChainPolicy.CustomTrustStore.AddRange(dcl.TrustStore);
+ if (level == VerificationLevel.CertifiedDevicesOrCHIPTest)
+ chain.ChainPolicy.CustomTrustStore.Add(dcl.CHIPTestPAA);
chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
- return chain.Build(cert);
+ bool valid = chain.Build(cert);
+
+ return valid;
}
public bool VerifyChain(OperationalCertificate rootCert)
diff --git a/MatterDotNet/PKI/VerificationLevel.cs b/MatterDotNet/PKI/VerificationLevel.cs
new file mode 100644
index 0000000..b51ea2f
--- /dev/null
+++ b/MatterDotNet/PKI/VerificationLevel.cs
@@ -0,0 +1,23 @@
+// MatterDotNet Copyright (C) 2025
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or any later version.
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY, without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Affero General Public License for more details.
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+// WARNING: This file was auto-generated. Do not edit.
+
+namespace MatterDotNet.PKI
+{
+ public enum VerificationLevel
+ {
+ CertifiedDevicesOnly = 0x0,
+ CertifiedDevicesOrCHIPTest = 0x1,
+ AnyDevice = 0x2
+ }
+}