Line data Source code
1 : /*
2 : *
3 : * Copyright (c) 2022 Project CHIP Authors
4 : *
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 :
18 : /**
19 : * @file
20 : * A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe
21 : * state information while the fail-safe is armed.
22 : */
23 :
24 : #pragma once
25 :
26 : #include <lib/core/CHIPError.h>
27 : #include <lib/core/DataModelTypes.h>
28 : #include <platform/internal/CHIPDeviceLayerInternal.h>
29 : #include <system/SystemClock.h>
30 :
31 : namespace chip {
32 : namespace app {
33 :
34 : class FailSafeContext
35 : {
36 : public:
37 : // ===== Members for internal use by other Device Layer components.
38 :
39 : /**
40 : * @brief
41 : * Only a single fail-safe timer is started on the device, if this function is called again
42 : * when the fail-safe timer is currently armed, the currently-running fail-safe timer will
43 : * first be cancelled, then the fail-safe timer will be re-armed.
44 : */
45 : CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, System::Clock::Seconds16 expiryLengthSeconds);
46 :
47 : /**
48 : * @brief Cleanly disarm failsafe timer, such as on CommissioningComplete
49 : */
50 : void DisarmFailSafe();
51 : void SetAddNocCommandInvoked(FabricIndex nocFabricIndex)
52 : {
53 : mAddNocCommandHasBeenInvoked = true;
54 : mFabricIndex = nocFabricIndex;
55 : }
56 : void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; }
57 : void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; }
58 : void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; }
59 : void SetUpdateTermsAndConditionsHasBeenInvoked() { mUpdateTermsAndConditionsHasBeenInvoked = true; }
60 :
61 : /**
62 : * @brief
63 : * Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work
64 : * has completed.
65 : */
66 : void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked);
67 :
68 : bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const
69 : {
70 : return IsFailSafeArmed() && MatchesFabricIndex(accessingFabricIndex);
71 : }
72 :
73 : // Returns true if the fail-safe is in a state where commands that require an armed
74 : // fail-safe can no longer execute, but a new fail-safe can't be armed yet.
75 8 : bool IsFailSafeBusy() const { return mFailSafeBusy; }
76 :
77 6 : bool IsFailSafeArmed() const { return mFailSafeArmed; }
78 :
79 : // True if it is possible to do an initial arming of the failsafe if needed.
80 : // To be used in places where some action should take place only if the
81 : // fail-safe could be armed after that action.
82 6 : bool IsFailSafeFullyDisarmed() const { return !IsFailSafeArmed() && !IsFailSafeBusy(); }
83 :
84 : bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const
85 : {
86 : VerifyOrDie(IsFailSafeArmed());
87 : return (accessingFabricIndex == mFabricIndex);
88 : }
89 :
90 : bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; }
91 : bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; }
92 : bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; }
93 : bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; }
94 : bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; }
95 : bool UpdateTermsAndConditionsHasBeenInvoked() { return mUpdateTermsAndConditionsHasBeenInvoked; }
96 :
97 : FabricIndex GetFabricIndex() const
98 : {
99 : VerifyOrDie(IsFailSafeArmed());
100 : return mFabricIndex;
101 : }
102 :
103 : // Immediately disarms the timer and schedules a failsafe timer expiry.
104 : // If the failsafe is not armed, this is a no-op.
105 : void ForceFailSafeTimerExpiry();
106 :
107 : private:
108 : bool mFailSafeArmed = false;
109 : bool mFailSafeBusy = false;
110 : bool mAddNocCommandHasBeenInvoked = false;
111 : bool mUpdateNocCommandHasBeenInvoked = false;
112 : bool mAddTrustedRootCertHasBeenInvoked = false;
113 : // The fact of whether a CSR occurred at all is stored elsewhere.
114 : bool mIsCsrRequestForUpdateNoc = false;
115 : FabricIndex mFabricIndex = kUndefinedFabricIndex;
116 : bool mUpdateTermsAndConditionsHasBeenInvoked = false;
117 :
118 : /**
119 : * @brief
120 : * The callback function to be called when "fail-safe timer" expires.
121 : */
122 : static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState);
123 :
124 : /**
125 : * @brief
126 : * The callback function to be called when max cumulative time expires.
127 : */
128 : static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState);
129 :
130 : /**
131 : * @brief
132 : * The callback function to be called asynchronously after various cleanup work has completed
133 : * to actually disarm the fail-safe.
134 : */
135 : static void HandleDisarmFailSafe(intptr_t arg);
136 :
137 : void SetFailSafeArmed(bool armed);
138 :
139 : /**
140 : * @brief Reset to unarmed basic state
141 : */
142 2 : void ResetState()
143 : {
144 2 : SetFailSafeArmed(false);
145 :
146 2 : mAddNocCommandHasBeenInvoked = false;
147 2 : mUpdateNocCommandHasBeenInvoked = false;
148 2 : mAddTrustedRootCertHasBeenInvoked = false;
149 2 : mFailSafeBusy = false;
150 2 : mIsCsrRequestForUpdateNoc = false;
151 2 : mUpdateTermsAndConditionsHasBeenInvoked = false;
152 2 : }
153 :
154 : void FailSafeTimerExpired();
155 : };
156 :
157 : } // namespace app
158 : } // namespace chip
|
