Line data Source code
1 : /*
2 : *
3 : * Copyright (c) 2022 Project CHIP Authors
4 : *
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 :
18 : /**
19 : * @file
20 : * A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe
21 : * state information while the fail-safe is armed.
22 : */
23 :
24 : #pragma once
25 :
26 : #include <lib/core/CHIPError.h>
27 : #include <lib/core/DataModelTypes.h>
28 : #include <platform/internal/CHIPDeviceLayerInternal.h>
29 : #include <system/SystemClock.h>
30 :
31 : namespace chip {
32 : namespace app {
33 :
34 : class FailSafeContext
35 : {
36 : public:
37 : // ===== Members for internal use by other Device Layer components.
38 :
39 : /**
40 : * @brief
41 : * Only a single fail-safe timer is started on the device, if this function is called again
42 : * when the fail-safe timer is currently armed, the currently-running fail-safe timer will
43 : * first be cancelled, then the fail-safe timer will be re-armed.
44 : */
45 : CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, System::Clock::Seconds16 expiryLengthSeconds);
46 :
47 : /**
48 : * @brief Cleanly disarm failsafe timer, such as on CommissioningComplete
49 : */
50 : void DisarmFailSafe();
51 : void SetAddNocCommandInvoked(FabricIndex nocFabricIndex)
52 : {
53 : mAddNocCommandHasBeenInvoked = true;
54 : mFabricIndex = nocFabricIndex;
55 : }
56 : void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; }
57 : void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; }
58 : void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; }
59 : void SetUpdateTermsAndConditionsHasBeenInvoked() { mUpdateTermsAndConditionsHasBeenInvoked = true; }
60 : void RecordSetVidVerificationStatementHasBeenInvoked() { mSetVidVerificationStatementHasBeenInvoked = true; }
61 : #if CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
62 : void SetAddICACHasBeenInvoked() { mAddICACHasBeenInvoked = true; }
63 : #endif
64 :
65 : /**
66 : * @brief
67 : * Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work
68 : * has completed.
69 : */
70 : void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked);
71 :
72 : bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const
73 : {
74 : return IsFailSafeArmed() && MatchesFabricIndex(accessingFabricIndex);
75 : }
76 :
77 : // Returns true if the fail-safe is in a state where commands that require an armed
78 : // fail-safe can no longer execute, but a new fail-safe can't be armed yet.
79 9 : bool IsFailSafeBusy() const { return mFailSafeBusy; }
80 :
81 6 : bool IsFailSafeArmed() const { return mFailSafeArmed; }
82 :
83 : // True if it is possible to do an initial arming of the failsafe if needed.
84 : // To be used in places where some action should take place only if the
85 : // fail-safe could be armed after that action.
86 6 : bool IsFailSafeFullyDisarmed() const { return !IsFailSafeArmed() && !IsFailSafeBusy(); }
87 :
88 : bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const
89 : {
90 : VerifyOrDie(IsFailSafeArmed());
91 : return (accessingFabricIndex == mFabricIndex);
92 : }
93 :
94 : bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; }
95 : bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; }
96 : bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; }
97 : bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; }
98 : bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; }
99 : bool UpdateTermsAndConditionsHasBeenInvoked() const { return mUpdateTermsAndConditionsHasBeenInvoked; }
100 : bool HasSetVidVerificationStatementHasBeenInvoked() const { return mSetVidVerificationStatementHasBeenInvoked; }
101 : #if CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
102 : bool AddICACCommandHasBeenInvoked() const { return mAddICACHasBeenInvoked; }
103 : #endif
104 :
105 : FabricIndex GetFabricIndex() const
106 : {
107 : VerifyOrDie(IsFailSafeArmed());
108 : return mFabricIndex;
109 : }
110 :
111 : // Immediately disarms the timer and schedules a failsafe timer expiry.
112 : // If the failsafe is not armed, this is a no-op.
113 : void ForceFailSafeTimerExpiry();
114 :
115 : private:
116 : bool mFailSafeArmed = false;
117 : bool mFailSafeBusy = false;
118 : bool mAddNocCommandHasBeenInvoked = false;
119 : bool mUpdateNocCommandHasBeenInvoked = false;
120 : bool mAddTrustedRootCertHasBeenInvoked = false;
121 : // The fact of whether a CSR occurred at all is stored elsewhere.
122 : bool mIsCsrRequestForUpdateNoc = false;
123 : FabricIndex mFabricIndex = kUndefinedFabricIndex;
124 : bool mUpdateTermsAndConditionsHasBeenInvoked = false;
125 : bool mSetVidVerificationStatementHasBeenInvoked = false;
126 : #if CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
127 : bool mAddICACHasBeenInvoked = false;
128 : #endif
129 :
130 : /**
131 : * @brief
132 : * The callback function to be called when "fail-safe timer" expires.
133 : */
134 : static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState);
135 :
136 : /**
137 : * @brief
138 : * The callback function to be called when max cumulative time expires.
139 : */
140 : static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState);
141 :
142 : /**
143 : * @brief
144 : * The callback function to be called asynchronously after various cleanup work has completed
145 : * to actually disarm the fail-safe.
146 : */
147 : static void HandleDisarmFailSafe(intptr_t arg);
148 :
149 : void SetFailSafeArmed(bool armed);
150 :
151 : /**
152 : * @brief Reset to unarmed basic state
153 : */
154 3 : void ResetState()
155 : {
156 3 : SetFailSafeArmed(false);
157 :
158 3 : mAddNocCommandHasBeenInvoked = false;
159 3 : mUpdateNocCommandHasBeenInvoked = false;
160 3 : mAddTrustedRootCertHasBeenInvoked = false;
161 3 : mFailSafeBusy = false;
162 3 : mIsCsrRequestForUpdateNoc = false;
163 3 : mUpdateTermsAndConditionsHasBeenInvoked = false;
164 3 : mSetVidVerificationStatementHasBeenInvoked = false;
165 : #if CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
166 : mAddICACHasBeenInvoked = false;
167 : #endif
168 3 : }
169 :
170 : void FailSafeTimerExpired();
171 : };
172 :
173 : } // namespace app
174 : } // namespace chip
|