Matter SDK Coverage Report
Current view: top level - controller - CHIPDeviceController.cpp (source / functions) Coverage Total Hit
Test: SHA:3640a4f95bebd68003e5aea27c711ffe4cd39423 Lines: 0.2 % 1826 3
Test Date: 2025-09-14 07:12:24 Functions: 0.5 % 197 1

            Line data    Source code
       1              : /*
       2              :  *
       3              :  *    Copyright (c) 2020-2024 Project CHIP Authors
       4              :  *    Copyright (c) 2013-2017 Nest Labs, Inc.
       5              :  *    All rights reserved.
       6              :  *
       7              :  *    Licensed under the Apache License, Version 2.0 (the "License");
       8              :  *    you may not use this file except in compliance with the License.
       9              :  *    You may obtain a copy of the License at
      10              :  *
      11              :  *        http://www.apache.org/licenses/LICENSE-2.0
      12              :  *
      13              :  *    Unless required by applicable law or agreed to in writing, software
      14              :  *    distributed under the License is distributed on an "AS IS" BASIS,
      15              :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      16              :  *    See the License for the specific language governing permissions and
      17              :  *    limitations under the License.
      18              :  */
      19              : 
      20              : /**
      21              :  *    @file
      22              :  *      Implementation of CHIP Device Controller, a common class
      23              :  *      that implements discovery, pairing and provisioning of CHIP
      24              :  *      devices.
      25              :  *
      26              :  */
      27              : 
      28              : // module header, comes first
      29              : #include <controller/CHIPDeviceController.h>
      30              : 
      31              : #include <app-common/zap-generated/ids/Attributes.h>
      32              : #include <app-common/zap-generated/ids/Clusters.h>
      33              : 
      34              : #include <app/InteractionModelEngine.h>
      35              : #include <app/OperationalSessionSetup.h>
      36              : #include <app/server/Dnssd.h>
      37              : #include <controller/CurrentFabricRemover.h>
      38              : #include <controller/InvokeInteraction.h>
      39              : #include <controller/WriteInteraction.h>
      40              : #include <credentials/CHIPCert.h>
      41              : #include <credentials/DeviceAttestationCredsProvider.h>
      42              : #include <crypto/CHIPCryptoPAL.h>
      43              : #include <lib/core/CHIPCore.h>
      44              : #include <lib/core/CHIPEncoding.h>
      45              : #include <lib/core/CHIPSafeCasts.h>
      46              : #include <lib/core/ErrorStr.h>
      47              : #include <lib/core/NodeId.h>
      48              : #include <lib/support/Base64.h>
      49              : #include <lib/support/CHIPArgParser.hpp>
      50              : #include <lib/support/CHIPMem.h>
      51              : #include <lib/support/CodeUtils.h>
      52              : #include <lib/support/PersistentStorageMacros.h>
      53              : #include <lib/support/SafeInt.h>
      54              : #include <lib/support/ScopedBuffer.h>
      55              : #include <lib/support/ThreadOperationalDataset.h>
      56              : #include <lib/support/TimeUtils.h>
      57              : #include <lib/support/logging/CHIPLogging.h>
      58              : #include <messaging/ExchangeContext.h>
      59              : #include <platform/LockTracker.h>
      60              : #include <protocols/secure_channel/MessageCounterManager.h>
      61              : #include <setup_payload/QRCodeSetupPayloadParser.h>
      62              : #include <tracing/macros.h>
      63              : #include <tracing/metric_event.h>
      64              : 
      65              : #if CONFIG_NETWORK_LAYER_BLE
      66              : #include <ble/Ble.h>
      67              : #include <transport/raw/BLE.h>
      68              : #endif
      69              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
      70              : #include <transport/raw/WiFiPAF.h>
      71              : #endif
      72              : 
      73              : #if CHIP_DEVICE_CONFIG_ENABLE_NFC_BASED_COMMISSIONING
      74              : #include <platform/internal/NFCCommissioningManager.h>
      75              : #endif
      76              : 
      77              : #include <algorithm>
      78              : #include <array>
      79              : #include <errno.h>
      80              : #include <inttypes.h>
      81              : #include <limits>
      82              : #include <memory>
      83              : #include <stdint.h>
      84              : #include <stdlib.h>
      85              : #include <string>
      86              : #include <time.h>
      87              : 
      88              : using namespace chip::app;
      89              : using namespace chip::app::Clusters;
      90              : using namespace chip::Inet;
      91              : using namespace chip::System;
      92              : using namespace chip::Transport;
      93              : using namespace chip::Credentials;
      94              : using namespace chip::Crypto;
      95              : using namespace chip::Tracing;
      96              : 
      97              : namespace chip {
      98              : namespace Controller {
      99              : 
     100              : using namespace chip::Encoding;
     101              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     102              : using namespace chip::Protocols::UserDirectedCommissioning;
     103              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     104              : 
     105           88 : DeviceController::DeviceController()
     106              : {
     107            8 :     mState = State::NotInitialized;
     108            8 : }
     109              : 
     110            0 : CHIP_ERROR DeviceController::Init(ControllerInitParams params)
     111              : {
     112            0 :     assertChipStackLockedByCurrentThread();
     113              : 
     114            0 :     VerifyOrReturnError(mState == State::NotInitialized, CHIP_ERROR_INCORRECT_STATE);
     115            0 :     VerifyOrReturnError(params.systemState != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     116              : 
     117            0 :     VerifyOrReturnError(params.systemState->SystemLayer() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     118            0 :     VerifyOrReturnError(params.systemState->UDPEndPointManager() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     119              : 
     120              : #if CONFIG_NETWORK_LAYER_BLE
     121            0 :     VerifyOrReturnError(params.systemState->BleLayer() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     122              : #endif
     123              : 
     124            0 :     VerifyOrReturnError(params.systemState->TransportMgr() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     125              : 
     126            0 :     ReturnErrorOnFailure(mDNSResolver.Init(params.systemState->UDPEndPointManager()));
     127            0 :     mDNSResolver.SetDiscoveryDelegate(this);
     128            0 :     RegisterDeviceDiscoveryDelegate(params.deviceDiscoveryDelegate);
     129              : 
     130            0 :     mVendorId = params.controllerVendorId;
     131            0 :     if (params.operationalKeypair != nullptr || !params.controllerNOC.empty() || !params.controllerRCAC.empty())
     132              :     {
     133            0 :         ReturnErrorOnFailure(InitControllerNOCChain(params));
     134              :     }
     135            0 :     else if (params.fabricIndex.HasValue())
     136              :     {
     137            0 :         VerifyOrReturnError(params.systemState->Fabrics()->FabricCount() > 0, CHIP_ERROR_INVALID_ARGUMENT);
     138            0 :         if (params.systemState->Fabrics()->FindFabricWithIndex(params.fabricIndex.Value()) != nullptr)
     139              :         {
     140            0 :             mFabricIndex = params.fabricIndex.Value();
     141              :         }
     142              :         else
     143              :         {
     144            0 :             ChipLogError(Controller, "There is no fabric corresponding to the given fabricIndex");
     145            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
     146              :         }
     147              :     }
     148              : 
     149            0 :     mSystemState = params.systemState->Retain();
     150            0 :     mState       = State::Initialized;
     151              : 
     152            0 :     mRemoveFromFabricTableOnShutdown = params.removeFromFabricTableOnShutdown;
     153            0 :     mDeleteFromFabricTableOnShutdown = params.deleteFromFabricTableOnShutdown;
     154              : 
     155            0 :     if (GetFabricIndex() != kUndefinedFabricIndex)
     156              :     {
     157            0 :         ChipLogProgress(Controller,
     158              :                         "Joined the fabric at index %d. Fabric ID is 0x" ChipLogFormatX64
     159              :                         " (Compressed Fabric ID: " ChipLogFormatX64 ")",
     160              :                         GetFabricIndex(), ChipLogValueX64(GetFabricId()), ChipLogValueX64(GetCompressedFabricId()));
     161              :     }
     162              : 
     163            0 :     return CHIP_NO_ERROR;
     164              : }
     165              : 
     166            0 : CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & params)
     167              : {
     168            0 :     FabricInfo newFabric;
     169            0 :     constexpr uint32_t chipCertAllocatedLen = kMaxCHIPCertLength;
     170            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> rcacBuf;
     171            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> icacBuf;
     172            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> nocBuf;
     173            0 :     Credentials::P256PublicKeySpan rootPublicKeySpan;
     174              :     FabricId fabricId;
     175              :     NodeId nodeId;
     176            0 :     bool hasExternallyOwnedKeypair                   = false;
     177            0 :     Crypto::P256Keypair * externalOperationalKeypair = nullptr;
     178            0 :     VendorId newFabricVendorId                       = params.controllerVendorId;
     179              : 
     180              :     // There are three possibilities here in terms of what happens with our
     181              :     // operational key:
     182              :     // 1) We have an externally owned operational keypair.
     183              :     // 2) We have an operational keypair that the fabric table should clone via
     184              :     //    serialize/deserialize.
     185              :     // 3) We have no keypair at all, and the fabric table has been initialized
     186              :     //    with a key store.
     187            0 :     if (params.operationalKeypair != nullptr)
     188              :     {
     189            0 :         hasExternallyOwnedKeypair  = params.hasExternallyOwnedOperationalKeypair;
     190            0 :         externalOperationalKeypair = params.operationalKeypair;
     191              :     }
     192              : 
     193            0 :     VerifyOrReturnError(rcacBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     194            0 :     VerifyOrReturnError(icacBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     195            0 :     VerifyOrReturnError(nocBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     196              : 
     197            0 :     MutableByteSpan rcacSpan(rcacBuf.Get(), chipCertAllocatedLen);
     198              : 
     199            0 :     ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerRCAC, rcacSpan));
     200            0 :     ReturnErrorOnFailure(Credentials::ExtractPublicKeyFromChipCert(rcacSpan, rootPublicKeySpan));
     201            0 :     Crypto::P256PublicKey rootPublicKey{ rootPublicKeySpan };
     202              : 
     203            0 :     MutableByteSpan icacSpan;
     204            0 :     if (params.controllerICAC.empty())
     205              :     {
     206            0 :         ChipLogProgress(Controller, "Intermediate CA is not needed");
     207              :     }
     208              :     else
     209              :     {
     210            0 :         icacSpan = MutableByteSpan(icacBuf.Get(), chipCertAllocatedLen);
     211            0 :         ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerICAC, icacSpan));
     212              :     }
     213              : 
     214            0 :     MutableByteSpan nocSpan = MutableByteSpan(nocBuf.Get(), chipCertAllocatedLen);
     215              : 
     216            0 :     ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerNOC, nocSpan));
     217            0 :     ReturnErrorOnFailure(ExtractNodeIdFabricIdFromOpCert(nocSpan, &nodeId, &fabricId));
     218              : 
     219            0 :     auto * fabricTable            = params.systemState->Fabrics();
     220            0 :     const FabricInfo * fabricInfo = nullptr;
     221              : 
     222              :     //
     223              :     // When multiple controllers are permitted on the same fabric, we need to find fabrics with
     224              :     // nodeId as an extra discriminant since we can have multiple FabricInfo objects that all
     225              :     // collide on the same fabric. Not doing so may result in a match with an existing FabricInfo
     226              :     // instance that matches the fabric in the provided NOC but is associated with a different NodeId
     227              :     // that is already in use by another active controller instance. That will effectively cause it
     228              :     // to change its identity inadvertently, which is not acceptable.
     229              :     //
     230              :     // TODO: Figure out how to clean up unreclaimed FabricInfos restored from persistent
     231              :     //       storage that are not in use by active DeviceController instances. Also, figure out
     232              :     //       how to reclaim FabricInfo slots when a DeviceController instance is deleted.
     233              :     //
     234            0 :     if (params.permitMultiControllerFabrics)
     235              :     {
     236            0 :         fabricInfo = fabricTable->FindIdentity(rootPublicKey, fabricId, nodeId);
     237              :     }
     238              :     else
     239              :     {
     240            0 :         fabricInfo = fabricTable->FindFabric(rootPublicKey, fabricId);
     241              :     }
     242              : 
     243            0 :     bool fabricFoundInTable = (fabricInfo != nullptr);
     244              : 
     245            0 :     FabricIndex fabricIndex = fabricFoundInTable ? fabricInfo->GetFabricIndex() : kUndefinedFabricIndex;
     246              : 
     247            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
     248              : 
     249            0 :     auto advertiseOperational =
     250            0 :         params.enableServerInteractions ? FabricTable::AdvertiseIdentity::Yes : FabricTable::AdvertiseIdentity::No;
     251              : 
     252              :     //
     253              :     // We permit colliding fabrics when multiple controllers are present on the same logical fabric
     254              :     // since each controller is associated with a unique FabricInfo 'identity' object and consequently,
     255              :     // a unique FabricIndex.
     256              :     //
     257              :     // This sets a flag that will be cleared automatically when the fabric is committed/reverted later
     258              :     // in this function.
     259              :     //
     260            0 :     if (params.permitMultiControllerFabrics)
     261              :     {
     262            0 :         fabricTable->PermitCollidingFabrics();
     263              :     }
     264              : 
     265              :     // We have 4 cases to handle legacy usage of direct operational key injection
     266            0 :     if (externalOperationalKeypair)
     267              :     {
     268              :         // Cases 1 and 2: Injected operational keys
     269              : 
     270              :         // CASE 1: Fabric update with injected key
     271            0 :         if (fabricFoundInTable)
     272              :         {
     273            0 :             err = fabricTable->UpdatePendingFabricWithProvidedOpKey(fabricIndex, nocSpan, icacSpan, externalOperationalKeypair,
     274              :                                                                     hasExternallyOwnedKeypair, advertiseOperational);
     275              :         }
     276              :         else
     277              :         // CASE 2: New fabric with injected key
     278              :         {
     279            0 :             err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan);
     280            0 :             if (err == CHIP_NO_ERROR)
     281              :             {
     282            0 :                 err = fabricTable->AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, newFabricVendorId,
     283              :                                                                         externalOperationalKeypair, hasExternallyOwnedKeypair,
     284              :                                                                         &fabricIndex, advertiseOperational);
     285              :             }
     286              :         }
     287              :     }
     288              :     else
     289              :     {
     290              :         // Cases 3 and 4: OperationalKeystore has the keys
     291              : 
     292              :         // CASE 3: Fabric update with operational keystore
     293            0 :         if (fabricFoundInTable)
     294              :         {
     295            0 :             VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(fabricIndex), CHIP_ERROR_KEY_NOT_FOUND);
     296              : 
     297            0 :             err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan, advertiseOperational);
     298              :         }
     299              :         else
     300              :         // CASE 4: New fabric with operational keystore
     301              :         {
     302            0 :             err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan);
     303            0 :             if (err == CHIP_NO_ERROR)
     304              :             {
     305            0 :                 err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex,
     306              :                                                                               advertiseOperational);
     307              :             }
     308              : 
     309            0 :             if (err == CHIP_NO_ERROR)
     310              :             {
     311              :                 // Now that we know our planned fabric index, verify that the
     312              :                 // keystore has a key for it.
     313            0 :                 if (!fabricTable->HasOperationalKeyForFabric(fabricIndex))
     314              :                 {
     315            0 :                     err = CHIP_ERROR_KEY_NOT_FOUND;
     316              :                 }
     317              :             }
     318              :         }
     319              :     }
     320              : 
     321              :     // Commit after setup, error-out on failure.
     322            0 :     if (err == CHIP_NO_ERROR)
     323              :     {
     324              :         // No need to revert on error: CommitPendingFabricData reverts internally on *any* error.
     325            0 :         err = fabricTable->CommitPendingFabricData();
     326              :     }
     327              :     else
     328              :     {
     329            0 :         fabricTable->RevertPendingFabricData();
     330              :     }
     331              : 
     332            0 :     ReturnErrorOnFailure(err);
     333            0 :     VerifyOrReturnError(fabricIndex != kUndefinedFabricIndex, CHIP_ERROR_INTERNAL);
     334              : 
     335            0 :     mFabricIndex       = fabricIndex;
     336            0 :     mAdvertiseIdentity = advertiseOperational;
     337            0 :     return CHIP_NO_ERROR;
     338            0 : }
     339              : 
     340            0 : CHIP_ERROR DeviceController::UpdateControllerNOCChain(const ByteSpan & noc, const ByteSpan & icac,
     341              :                                                       Crypto::P256Keypair * operationalKeypair,
     342              :                                                       bool operationalKeypairExternalOwned)
     343              : {
     344            0 :     VerifyOrReturnError(mFabricIndex != kUndefinedFabricIndex, CHIP_ERROR_INTERNAL);
     345            0 :     VerifyOrReturnError(mSystemState != nullptr, CHIP_ERROR_INTERNAL);
     346            0 :     FabricTable * fabricTable = mSystemState->Fabrics();
     347            0 :     CHIP_ERROR err            = CHIP_NO_ERROR;
     348              :     FabricId fabricId;
     349              :     NodeId nodeId;
     350            0 :     CATValues oldCats;
     351            0 :     CATValues newCats;
     352            0 :     ReturnErrorOnFailure(ExtractNodeIdFabricIdFromOpCert(noc, &nodeId, &fabricId));
     353            0 :     ReturnErrorOnFailure(fabricTable->FetchCATs(mFabricIndex, oldCats));
     354            0 :     ReturnErrorOnFailure(ExtractCATsFromOpCert(noc, newCats));
     355              : 
     356            0 :     bool needCloseSession = true;
     357            0 :     if (GetFabricInfo()->GetNodeId() == nodeId && oldCats == newCats)
     358              :     {
     359            0 :         needCloseSession = false;
     360              :     }
     361              : 
     362            0 :     if (operationalKeypair != nullptr)
     363              :     {
     364            0 :         err = fabricTable->UpdatePendingFabricWithProvidedOpKey(mFabricIndex, noc, icac, operationalKeypair,
     365              :                                                                 operationalKeypairExternalOwned, mAdvertiseIdentity);
     366              :     }
     367              :     else
     368              :     {
     369            0 :         VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(mFabricIndex), CHIP_ERROR_KEY_NOT_FOUND);
     370            0 :         err = fabricTable->UpdatePendingFabricWithOperationalKeystore(mFabricIndex, noc, icac, mAdvertiseIdentity);
     371              :     }
     372              : 
     373            0 :     if (err == CHIP_NO_ERROR)
     374              :     {
     375            0 :         err = fabricTable->CommitPendingFabricData();
     376              :     }
     377              :     else
     378              :     {
     379            0 :         fabricTable->RevertPendingFabricData();
     380              :     }
     381              : 
     382            0 :     ReturnErrorOnFailure(err);
     383            0 :     if (needCloseSession)
     384              :     {
     385              :         // If the node id or CATs have changed, our existing CASE sessions are no longer valid,
     386              :         // because the other side will think anything coming over those sessions comes from our
     387              :         // old node ID, and the new CATs might not satisfy the ACL requirements of the other side.
     388            0 :         mSystemState->SessionMgr()->ExpireAllSessionsForFabric(mFabricIndex);
     389              :     }
     390            0 :     ChipLogProgress(Controller, "Controller NOC chain has updated");
     391            0 :     return CHIP_NO_ERROR;
     392              : }
     393              : 
     394            0 : void DeviceController::Shutdown()
     395              : {
     396            0 :     assertChipStackLockedByCurrentThread();
     397              : 
     398            0 :     VerifyOrReturn(mState != State::NotInitialized);
     399              : 
     400              :     // If our state is initialialized it means mSystemState is valid,
     401              :     // and we can use it below before we release our reference to it.
     402            0 :     ChipLogDetail(Controller, "Shutting down the controller");
     403            0 :     mState = State::NotInitialized;
     404              : 
     405            0 :     if (mFabricIndex != kUndefinedFabricIndex)
     406              :     {
     407              :         // Shut down any subscription clients for this fabric.
     408            0 :         app::InteractionModelEngine::GetInstance()->ShutdownSubscriptions(mFabricIndex);
     409              : 
     410              :         // Shut down any ongoing CASE session activity we have.  We're going to
     411              :         // assume that all sessions for our fabric belong to us here.
     412            0 :         mSystemState->CASESessionMgr()->ReleaseSessionsForFabric(mFabricIndex);
     413              : 
     414              :         // Shut down any bdx transfers we're acting as the server for.
     415            0 :         mSystemState->BDXTransferServer()->AbortTransfersForFabric(mFabricIndex);
     416              : 
     417              :         // TODO: The CASE session manager does not shut down existing CASE
     418              :         // sessions.  It just shuts down any ongoing CASE session establishment
     419              :         // we're in the middle of as initiator.  Maybe it should shut down
     420              :         // existing sessions too?
     421            0 :         mSystemState->SessionMgr()->ExpireAllSessionsForFabric(mFabricIndex);
     422              : 
     423            0 :         if (mDeleteFromFabricTableOnShutdown)
     424              :         {
     425            0 :             mSystemState->Fabrics()->Delete(mFabricIndex);
     426              :         }
     427            0 :         else if (mRemoveFromFabricTableOnShutdown)
     428              :         {
     429            0 :             mSystemState->Fabrics()->Forget(mFabricIndex);
     430              :         }
     431              :     }
     432              : 
     433            0 :     mSystemState->Release();
     434            0 :     mSystemState = nullptr;
     435              : 
     436            0 :     mDNSResolver.Shutdown();
     437            0 :     mDeviceDiscoveryDelegate = nullptr;
     438              : }
     439              : 
     440            0 : CHIP_ERROR DeviceController::GetPeerAddressAndPort(NodeId peerId, Inet::IPAddress & addr, uint16_t & port)
     441              : {
     442            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
     443            0 :     Transport::PeerAddress peerAddr;
     444            0 :     ReturnErrorOnFailure(mSystemState->CASESessionMgr()->GetPeerAddress(GetPeerScopedId(peerId), peerAddr));
     445            0 :     addr = peerAddr.GetIPAddress();
     446            0 :     port = peerAddr.GetPort();
     447            0 :     return CHIP_NO_ERROR;
     448              : }
     449              : 
     450            0 : CHIP_ERROR DeviceController::GetPeerAddress(NodeId nodeId, Transport::PeerAddress & addr)
     451              : {
     452            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
     453            0 :     ReturnErrorOnFailure(mSystemState->CASESessionMgr()->GetPeerAddress(GetPeerScopedId(nodeId), addr));
     454              : 
     455            0 :     return CHIP_NO_ERROR;
     456              : }
     457              : 
     458            0 : CHIP_ERROR DeviceController::ComputePASEVerifier(uint32_t iterations, uint32_t setupPincode, const ByteSpan & salt,
     459              :                                                  Spake2pVerifier & outVerifier)
     460              : {
     461            0 :     ReturnErrorOnFailure(PASESession::GeneratePASEVerifier(outVerifier, iterations, salt, /* useRandomPIN= */ false, setupPincode));
     462              : 
     463            0 :     return CHIP_NO_ERROR;
     464              : }
     465              : 
     466            0 : ControllerDeviceInitParams DeviceController::GetControllerDeviceInitParams()
     467              : {
     468              :     return ControllerDeviceInitParams{
     469            0 :         .sessionManager = mSystemState->SessionMgr(),
     470            0 :         .exchangeMgr    = mSystemState->ExchangeMgr(),
     471            0 :     };
     472              : }
     473              : 
     474            0 : DeviceCommissioner::DeviceCommissioner() :
     475            0 :     mOnDeviceConnectedCallback(OnDeviceConnectedFn, this), mOnDeviceConnectionFailureCallback(OnDeviceConnectionFailureFn, this),
     476              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
     477            0 :     mOnDeviceConnectionRetryCallback(OnDeviceConnectionRetryFn, this),
     478              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
     479            0 :     mDeviceAttestationInformationVerificationCallback(OnDeviceAttestationInformationVerification, this),
     480            0 :     mDeviceNOCChainCallback(OnDeviceNOCChainGeneration, this), mSetUpCodePairer(this)
     481              : {
     482              : #if CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
     483              :     (void) mPeerAdminJFAdminClusterEndpointId;
     484              : #endif // CHIP_DEVICE_CONFIG_ENABLE_JOINT_FABRIC
     485            0 : }
     486              : 
     487            0 : CHIP_ERROR DeviceCommissioner::Init(CommissionerInitParams params)
     488              : {
     489            0 :     VerifyOrReturnError(params.operationalCredentialsDelegate != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     490            0 :     mOperationalCredentialsDelegate = params.operationalCredentialsDelegate;
     491            0 :     ReturnErrorOnFailure(DeviceController::Init(params));
     492              : 
     493            0 :     mPairingDelegate = params.pairingDelegate;
     494              : 
     495              :     // Configure device attestation validation
     496            0 :     mDeviceAttestationVerifier = params.deviceAttestationVerifier;
     497            0 :     if (mDeviceAttestationVerifier == nullptr)
     498              :     {
     499            0 :         mDeviceAttestationVerifier = Credentials::GetDeviceAttestationVerifier();
     500            0 :         if (mDeviceAttestationVerifier == nullptr)
     501              :         {
     502            0 :             ChipLogError(Controller,
     503              :                          "Missing DeviceAttestationVerifier configuration at DeviceCommissioner init and none set with "
     504              :                          "Credentials::SetDeviceAttestationVerifier()!");
     505            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
     506              :         }
     507              : 
     508              :         // We fell back on a default from singleton accessor.
     509            0 :         ChipLogProgress(Controller,
     510              :                         "*** Missing DeviceAttestationVerifier configuration at DeviceCommissioner init: using global default, "
     511              :                         "consider passing one in CommissionerInitParams.");
     512              :     }
     513              : 
     514            0 :     if (params.defaultCommissioner != nullptr)
     515              :     {
     516            0 :         mDefaultCommissioner = params.defaultCommissioner;
     517              :     }
     518              :     else
     519              :     {
     520            0 :         mDefaultCommissioner = &mAutoCommissioner;
     521              :     }
     522              : 
     523              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
     524              :     mUdcTransportMgr = chip::Platform::New<UdcTransportMgr>();
     525              :     ReturnErrorOnFailure(mUdcTransportMgr->Init(Transport::UdpListenParameters(mSystemState->UDPEndPointManager())
     526              :                                                     .SetAddressType(Inet::IPAddressType::kIPv6)
     527              :                                                     .SetListenPort(static_cast<uint16_t>(mUdcListenPort))
     528              : #if INET_CONFIG_ENABLE_IPV4
     529              :                                                     ,
     530              :                                                 Transport::UdpListenParameters(mSystemState->UDPEndPointManager())
     531              :                                                     .SetAddressType(Inet::IPAddressType::kIPv4)
     532              :                                                     .SetListenPort(static_cast<uint16_t>(mUdcListenPort))
     533              : #endif // INET_CONFIG_ENABLE_IPV4
     534              :                                                     ));
     535              : 
     536              :     mUdcServer = chip::Platform::New<UserDirectedCommissioningServer>();
     537              :     mUdcTransportMgr->SetSessionManager(mUdcServer);
     538              :     mUdcServer->SetTransportManager(mUdcTransportMgr);
     539              : 
     540              :     mUdcServer->SetInstanceNameResolver(this);
     541              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     542              : 
     543            0 :     mSetUpCodePairer.SetSystemLayer(mSystemState->SystemLayer());
     544              : #if CONFIG_NETWORK_LAYER_BLE
     545            0 :     mSetUpCodePairer.SetBleLayer(mSystemState->BleLayer());
     546              : #endif // CONFIG_NETWORK_LAYER_BLE
     547              : 
     548            0 :     return CHIP_NO_ERROR;
     549              : }
     550              : 
     551            0 : void DeviceCommissioner::Shutdown()
     552              : {
     553            0 :     VerifyOrReturn(mState != State::NotInitialized);
     554              : 
     555            0 :     ChipLogDetail(Controller, "Shutting down the commissioner");
     556              : 
     557            0 :     mSetUpCodePairer.StopPairing();
     558              : 
     559              :     // Check to see if pairing in progress before shutting down
     560            0 :     CommissioneeDeviceProxy * device = mDeviceInPASEEstablishment;
     561            0 :     if (device != nullptr && device->IsSessionSetupInProgress())
     562              :     {
     563            0 :         ChipLogDetail(Controller, "Setup in progress, stopping setup before shutting down");
     564            0 :         OnSessionEstablishmentError(CHIP_ERROR_CONNECTION_ABORTED);
     565              :     }
     566              : 
     567            0 :     CancelCommissioningInteractions();
     568              : 
     569              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
     570              :     if (mUdcTransportMgr != nullptr)
     571              :     {
     572              :         chip::Platform::Delete(mUdcTransportMgr);
     573              :         mUdcTransportMgr = nullptr;
     574              :     }
     575              :     if (mUdcServer != nullptr)
     576              :     {
     577              :         mUdcServer->SetInstanceNameResolver(nullptr);
     578              :         chip::Platform::Delete(mUdcServer);
     579              :         mUdcServer = nullptr;
     580              :     }
     581              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     582              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     583            0 :     WiFiPAF::WiFiPAFLayer::GetWiFiPAFLayer().Shutdown(
     584            0 :         [](uint32_t id, WiFiPAF::WiFiPafRole role) { DeviceLayer::ConnectivityMgr().WiFiPAFShutdown(id, role); });
     585              : #endif
     586              : 
     587              :     // Release everything from the commissionee device pool here.
     588              :     // Make sure to use ReleaseCommissioneeDevice so we don't keep dangling
     589              :     // pointers to the device objects.
     590            0 :     mCommissioneeDevicePool.ForEachActiveObject([this](auto * commissioneeDevice) {
     591            0 :         ReleaseCommissioneeDevice(commissioneeDevice);
     592            0 :         return Loop::Continue;
     593              :     });
     594              : 
     595            0 :     DeviceController::Shutdown();
     596              : }
     597              : 
     598            0 : CommissioneeDeviceProxy * DeviceCommissioner::FindCommissioneeDevice(NodeId id)
     599              : {
     600              :     MATTER_TRACE_SCOPE("FindCommissioneeDevice", "DeviceCommissioner");
     601            0 :     CommissioneeDeviceProxy * foundDevice = nullptr;
     602            0 :     mCommissioneeDevicePool.ForEachActiveObject([&](auto * deviceProxy) {
     603            0 :         if (deviceProxy->GetDeviceId() == id || deviceProxy->GetTemporaryCommissioningId() == id)
     604              :         {
     605            0 :             foundDevice = deviceProxy;
     606            0 :             return Loop::Break;
     607              :         }
     608            0 :         return Loop::Continue;
     609              :     });
     610              : 
     611            0 :     return foundDevice;
     612              : }
     613              : 
     614            0 : CommissioneeDeviceProxy * DeviceCommissioner::FindCommissioneeDevice(const Transport::PeerAddress & peerAddress)
     615              : {
     616            0 :     CommissioneeDeviceProxy * foundDevice = nullptr;
     617            0 :     mCommissioneeDevicePool.ForEachActiveObject([&](auto * deviceProxy) {
     618            0 :         if (deviceProxy->GetPeerAddress() == peerAddress)
     619              :         {
     620            0 :             foundDevice = deviceProxy;
     621            0 :             return Loop::Break;
     622              :         }
     623            0 :         return Loop::Continue;
     624              :     });
     625              : 
     626            0 :     return foundDevice;
     627              : }
     628              : 
     629            0 : void DeviceCommissioner::ReleaseCommissioneeDevice(CommissioneeDeviceProxy * device)
     630              : {
     631              : #if CONFIG_NETWORK_LAYER_BLE
     632            0 :     if (mSystemState->BleLayer() != nullptr && device->GetDeviceTransportType() == Transport::Type::kBle)
     633              :     {
     634              :         // We only support one BLE connection, so if this is BLE, close it
     635            0 :         ChipLogProgress(Discovery, "Closing all BLE connections");
     636            0 :         mSystemState->BleLayer()->CloseAllBleConnections();
     637              :     }
     638              : #endif
     639              : 
     640              : #if CHIP_DEVICE_CONFIG_ENABLE_NFC_BASED_COMMISSIONING
     641              :     Nfc::NFCReaderTransport * readerTransport = DeviceLayer::Internal::NFCCommissioningMgr().GetNFCReaderTransport();
     642              :     if (readerTransport)
     643              :     {
     644              :         ChipLogProgress(Controller, "Stopping discovery of all NFC tags");
     645              :         readerTransport->StopDiscoveringTags();
     646              :     }
     647              : #endif
     648              : 
     649              :     // Make sure that there will be no dangling pointer
     650            0 :     if (mDeviceInPASEEstablishment == device)
     651              :     {
     652            0 :         mDeviceInPASEEstablishment = nullptr;
     653              :     }
     654            0 :     if (mDeviceBeingCommissioned == device)
     655              :     {
     656            0 :         mDeviceBeingCommissioned = nullptr;
     657              :     }
     658              : 
     659              :     // Release the commissionee device after we have nulled out our pointers,
     660              :     // because that can call back in to us with error notifications as the
     661              :     // session is released.
     662            0 :     mCommissioneeDevicePool.ReleaseObject(device);
     663            0 : }
     664              : 
     665            0 : CHIP_ERROR DeviceCommissioner::GetDeviceBeingCommissioned(NodeId deviceId, CommissioneeDeviceProxy ** out_device)
     666              : {
     667            0 :     VerifyOrReturnError(out_device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     668            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(deviceId);
     669              : 
     670            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     671              : 
     672            0 :     *out_device = device;
     673              : 
     674            0 :     return CHIP_NO_ERROR;
     675              : }
     676              : 
     677            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, const char * setUpCode, const CommissioningParameters & params,
     678              :                                           DiscoveryType discoveryType, Optional<Dnssd::CommonResolutionData> resolutionData)
     679              : {
     680              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     681              : 
     682            0 :     if (mDefaultCommissioner == nullptr)
     683              :     {
     684            0 :         ChipLogError(Controller, "No default commissioner is specified");
     685            0 :         return CHIP_ERROR_INCORRECT_STATE;
     686              :     }
     687            0 :     ReturnErrorOnFailure(mDefaultCommissioner->SetCommissioningParameters(params));
     688              : 
     689            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kCommission, discoveryType,
     690            0 :                                        resolutionData);
     691              : }
     692              : 
     693            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, const char * setUpCode, DiscoveryType discoveryType,
     694              :                                           Optional<Dnssd::CommonResolutionData> resolutionData)
     695              : {
     696              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     697            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kCommission, discoveryType,
     698            0 :                                        resolutionData);
     699              : }
     700              : 
     701            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, RendezvousParameters & params)
     702              : {
     703              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     704            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, EstablishPASEConnection(remoteDeviceId, params));
     705            0 :     auto errorCode = Commission(remoteDeviceId);
     706            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     707            0 :     return errorCode;
     708              : }
     709              : 
     710            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, RendezvousParameters & rendezvousParams,
     711              :                                           CommissioningParameters & commissioningParams)
     712              : {
     713              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     714            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, EstablishPASEConnection(remoteDeviceId, rendezvousParams));
     715            0 :     auto errorCode = Commission(remoteDeviceId, commissioningParams);
     716            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     717            0 :     return errorCode;
     718              : }
     719              : 
     720            0 : CHIP_ERROR DeviceCommissioner::EstablishPASEConnection(NodeId remoteDeviceId, const char * setUpCode, DiscoveryType discoveryType,
     721              :                                                        Optional<Dnssd::CommonResolutionData> resolutionData)
     722              : {
     723              :     MATTER_TRACE_SCOPE("EstablishPASEConnection", "DeviceCommissioner");
     724            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kPaseOnly, discoveryType,
     725            0 :                                        resolutionData);
     726              : }
     727              : 
     728            0 : CHIP_ERROR DeviceCommissioner::EstablishPASEConnection(NodeId remoteDeviceId, RendezvousParameters & params)
     729              : {
     730              :     MATTER_TRACE_SCOPE("EstablishPASEConnection", "DeviceCommissioner");
     731              :     MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerPASESession);
     732              : 
     733            0 :     CHIP_ERROR err                     = CHIP_NO_ERROR;
     734            0 :     CommissioneeDeviceProxy * device   = nullptr;
     735            0 :     CommissioneeDeviceProxy * current  = nullptr;
     736            0 :     Transport::PeerAddress peerAddress = Transport::PeerAddress::UDP(Inet::IPAddress::Any);
     737              : 
     738            0 :     Messaging::ExchangeContext * exchangeCtxt = nullptr;
     739            0 :     Optional<SessionHandle> session;
     740              : 
     741            0 :     VerifyOrExit(mState == State::Initialized, err = CHIP_ERROR_INCORRECT_STATE);
     742            0 :     VerifyOrExit(mDeviceInPASEEstablishment == nullptr, err = CHIP_ERROR_INCORRECT_STATE);
     743              : 
     744              :     // TODO(#13940): We need to specify the peer address for BLE transport in bindings.
     745            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kBle ||
     746            0 :         params.GetPeerAddress().GetTransportType() == Transport::Type::kUndefined)
     747              :     {
     748              : #if CONFIG_NETWORK_LAYER_BLE
     749              : #if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
     750              :         ConnectBleTransportToSelf();
     751              : #endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
     752            0 :         if (!params.HasBleLayer())
     753              :         {
     754            0 :             params.SetPeerAddress(Transport::PeerAddress::BLE());
     755              :         }
     756            0 :         peerAddress = Transport::PeerAddress::BLE();
     757              : #endif // CONFIG_NETWORK_LAYER_BLE
     758              :     }
     759            0 :     else if (params.GetPeerAddress().GetTransportType() == Transport::Type::kTcp ||
     760            0 :              params.GetPeerAddress().GetTransportType() == Transport::Type::kUdp)
     761              :     {
     762            0 :         peerAddress = Transport::PeerAddress::UDP(params.GetPeerAddress().GetIPAddress(), params.GetPeerAddress().GetPort(),
     763            0 :                                                   params.GetPeerAddress().GetInterface());
     764              :     }
     765              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     766            0 :     else if (params.GetPeerAddress().GetTransportType() == Transport::Type::kWiFiPAF)
     767              :     {
     768            0 :         peerAddress = Transport::PeerAddress::WiFiPAF(remoteDeviceId);
     769              :     }
     770              : #endif // CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     771              : 
     772            0 :     current = FindCommissioneeDevice(peerAddress);
     773            0 :     if (current != nullptr)
     774              :     {
     775            0 :         if (current->GetDeviceId() == remoteDeviceId)
     776              :         {
     777              :             // We might be able to just reuse its connection if it has one or is
     778              :             // working on one.
     779            0 :             if (current->IsSecureConnected())
     780              :             {
     781            0 :                 if (mPairingDelegate)
     782              :                 {
     783              :                     // We already have an open secure session to this device, call the callback immediately and early return.
     784            0 :                     mPairingDelegate->OnPairingComplete(CHIP_NO_ERROR);
     785              :                 }
     786              :                 MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, CHIP_NO_ERROR);
     787            0 :                 return CHIP_NO_ERROR;
     788              :             }
     789            0 :             if (current->IsSessionSetupInProgress())
     790              :             {
     791              :                 // We're not connected yet, but we're in the process of connecting. Pairing delegate will get a callback when
     792              :                 // connection completes
     793            0 :                 return CHIP_NO_ERROR;
     794              :             }
     795              :         }
     796              : 
     797              :         // Either the consumer wants to assign a different device id to this
     798              :         // peer address now (so we can't reuse the commissionee device we have
     799              :         // already) or something has gone strange. Delete the old device, try
     800              :         // again.
     801            0 :         ChipLogError(Controller, "Found unconnected device, removing");
     802            0 :         ReleaseCommissioneeDevice(current);
     803              :     }
     804              : 
     805            0 :     device = mCommissioneeDevicePool.CreateObject();
     806            0 :     VerifyOrExit(device != nullptr, err = CHIP_ERROR_NO_MEMORY);
     807              : 
     808            0 :     mDeviceInPASEEstablishment = device;
     809            0 :     device->Init(GetControllerDeviceInitParams(), remoteDeviceId, peerAddress);
     810            0 :     device->UpdateDeviceData(params.GetPeerAddress(), params.GetMRPConfig());
     811              : 
     812              : #if CONFIG_NETWORK_LAYER_BLE
     813            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kBle)
     814              :     {
     815            0 :         if (params.HasConnectionObject())
     816              :         {
     817            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByObject(params.GetConnectionObject()));
     818              :         }
     819            0 :         else if (params.HasDiscoveredObject())
     820              :         {
     821              :             // The RendezvousParameters argument needs to be recovered if the search succeed, so save them
     822              :             // for later.
     823            0 :             mRendezvousParametersForDeviceDiscoveredOverBle = params;
     824            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByObject(params.GetDiscoveredObject(), this,
     825              :                                                                                    OnDiscoveredDeviceOverBleSuccess,
     826              :                                                                                    OnDiscoveredDeviceOverBleError));
     827            0 :             ExitNow(CHIP_NO_ERROR);
     828              :         }
     829            0 :         else if (params.HasDiscriminator())
     830              :         {
     831              :             // The RendezvousParameters argument needs to be recovered if the search succeed, so save them
     832              :             // for later.
     833            0 :             mRendezvousParametersForDeviceDiscoveredOverBle = params;
     834              : 
     835            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByDiscriminator(params.GetSetupDiscriminator().value(),
     836              :                                                                                           this, OnDiscoveredDeviceOverBleSuccess,
     837              :                                                                                           OnDiscoveredDeviceOverBleError));
     838            0 :             ExitNow(CHIP_NO_ERROR);
     839              :         }
     840              :         else
     841              :         {
     842            0 :             ExitNow(err = CHIP_ERROR_INVALID_ARGUMENT);
     843              :         }
     844              :     }
     845              : #endif
     846              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     847            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kWiFiPAF)
     848              :     {
     849            0 :         if (DeviceLayer::ConnectivityMgr().GetWiFiPAF()->GetWiFiPAFState() != WiFiPAF::State::kConnected)
     850              :         {
     851            0 :             ChipLogProgress(Controller, "WiFi-PAF: Subscribing to the NAN-USD devices, nodeId: %lu",
     852              :                             params.GetPeerAddress().GetRemoteId());
     853            0 :             mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = params;
     854            0 :             auto nodeId                                         = params.GetPeerAddress().GetRemoteId();
     855            0 :             const SetupDiscriminator connDiscriminator(params.GetSetupDiscriminator().value());
     856            0 :             VerifyOrReturnValue(!connDiscriminator.IsShortDiscriminator(), CHIP_ERROR_INVALID_ARGUMENT,
     857              :                                 ChipLogError(Controller, "Error, Long discriminator is required"));
     858            0 :             uint16_t discriminator              = connDiscriminator.GetLongValue();
     859            0 :             WiFiPAF::WiFiPAFSession sessionInfo = { .role          = WiFiPAF::WiFiPafRole::kWiFiPafRole_Subscriber,
     860              :                                                     .nodeId        = nodeId,
     861            0 :                                                     .discriminator = discriminator };
     862            0 :             ReturnErrorOnFailure(
     863              :                 DeviceLayer::ConnectivityMgr().GetWiFiPAF()->AddPafSession(WiFiPAF::PafInfoAccess::kAccNodeInfo, sessionInfo));
     864            0 :             DeviceLayer::ConnectivityMgr().WiFiPAFSubscribe(discriminator, reinterpret_cast<void *>(this),
     865              :                                                             OnWiFiPAFSubscribeComplete, OnWiFiPAFSubscribeError);
     866            0 :             ExitNow(CHIP_NO_ERROR);
     867              :         }
     868              :     }
     869              : #endif
     870            0 :     session = mSystemState->SessionMgr()->CreateUnauthenticatedSession(params.GetPeerAddress(), params.GetMRPConfig());
     871            0 :     VerifyOrExit(session.HasValue(), err = CHIP_ERROR_NO_MEMORY);
     872              : 
     873              :     // Allocate the exchange immediately before calling PASESession::Pair.
     874              :     //
     875              :     // PASESession::Pair takes ownership of the exchange and will free it on
     876              :     // error, but can only do this if it is actually called.  Allocating the
     877              :     // exchange context right before calling Pair ensures that if allocation
     878              :     // succeeds, PASESession has taken ownership.
     879            0 :     exchangeCtxt = mSystemState->ExchangeMgr()->NewContext(session.Value(), &device->GetPairing());
     880            0 :     VerifyOrExit(exchangeCtxt != nullptr, err = CHIP_ERROR_INTERNAL);
     881              : 
     882            0 :     err = device->GetPairing().Pair(*mSystemState->SessionMgr(), params.GetSetupPINCode(), GetLocalMRPConfig(), exchangeCtxt, this);
     883            0 :     SuccessOrExit(err);
     884              : 
     885            0 : exit:
     886            0 :     if (err != CHIP_NO_ERROR)
     887              :     {
     888            0 :         if (device != nullptr)
     889              :         {
     890            0 :             ReleaseCommissioneeDevice(device);
     891              :         }
     892              :         MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, err);
     893              :     }
     894              : 
     895            0 :     return err;
     896            0 : }
     897              : 
     898              : #if CONFIG_NETWORK_LAYER_BLE
     899            0 : void DeviceCommissioner::OnDiscoveredDeviceOverBleSuccess(void * appState, BLE_CONNECTION_OBJECT connObj)
     900              : {
     901            0 :     auto self   = static_cast<DeviceCommissioner *>(appState);
     902            0 :     auto device = self->mDeviceInPASEEstablishment;
     903              : 
     904            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kBle)
     905              :     {
     906            0 :         auto remoteId = device->GetDeviceId();
     907              : 
     908            0 :         auto params = self->mRendezvousParametersForDeviceDiscoveredOverBle;
     909            0 :         params.SetConnectionObject(connObj);
     910            0 :         self->mRendezvousParametersForDeviceDiscoveredOverBle = RendezvousParameters();
     911              : 
     912            0 :         self->ReleaseCommissioneeDevice(device);
     913            0 :         LogErrorOnFailure(self->EstablishPASEConnection(remoteId, params));
     914              :     }
     915            0 : }
     916              : 
     917            0 : void DeviceCommissioner::OnDiscoveredDeviceOverBleError(void * appState, CHIP_ERROR err)
     918              : {
     919            0 :     auto self   = static_cast<DeviceCommissioner *>(appState);
     920            0 :     auto device = self->mDeviceInPASEEstablishment;
     921              : 
     922            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kBle)
     923              :     {
     924            0 :         self->ReleaseCommissioneeDevice(device);
     925            0 :         self->mRendezvousParametersForDeviceDiscoveredOverBle = RendezvousParameters();
     926              : 
     927              :         // Callback is required when BLE discovery fails, otherwise the caller will always be in a suspended state
     928              :         // A better way to handle it should define a new error code
     929            0 :         if (self->mPairingDelegate != nullptr)
     930              :         {
     931            0 :             self->mPairingDelegate->OnPairingComplete(err);
     932              :         }
     933              :     }
     934            0 : }
     935              : #endif // CONFIG_NETWORK_LAYER_BLE
     936              : 
     937              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     938            0 : void DeviceCommissioner::OnWiFiPAFSubscribeComplete(void * appState)
     939              : {
     940            0 :     auto self   = reinterpret_cast<DeviceCommissioner *>(appState);
     941            0 :     auto device = self->mDeviceInPASEEstablishment;
     942              : 
     943            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kWiFiPAF)
     944              :     {
     945            0 :         ChipLogProgress(Controller, "WiFi-PAF: Subscription Completed, dev_id = %lu", device->GetDeviceId());
     946            0 :         auto remoteId = device->GetDeviceId();
     947            0 :         auto params   = self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF;
     948              : 
     949            0 :         self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = RendezvousParameters();
     950            0 :         self->ReleaseCommissioneeDevice(device);
     951            0 :         LogErrorOnFailure(self->EstablishPASEConnection(remoteId, params));
     952              :     }
     953            0 : }
     954              : 
     955            0 : void DeviceCommissioner::OnWiFiPAFSubscribeError(void * appState, CHIP_ERROR err)
     956              : {
     957            0 :     auto self   = (DeviceCommissioner *) appState;
     958            0 :     auto device = self->mDeviceInPASEEstablishment;
     959              : 
     960            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kWiFiPAF)
     961              :     {
     962            0 :         ChipLogError(Controller, "WiFi-PAF: Subscription Error, id = %lu, err = %" CHIP_ERROR_FORMAT, device->GetDeviceId(),
     963              :                      err.Format());
     964            0 :         self->ReleaseCommissioneeDevice(device);
     965            0 :         self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = RendezvousParameters();
     966            0 :         if (self->mPairingDelegate != nullptr)
     967              :         {
     968            0 :             self->mPairingDelegate->OnPairingComplete(err);
     969              :         }
     970              :     }
     971            0 : }
     972              : #endif
     973              : 
     974            0 : CHIP_ERROR DeviceCommissioner::Commission(NodeId remoteDeviceId, CommissioningParameters & params)
     975              : {
     976            0 :     if (mDefaultCommissioner == nullptr)
     977              :     {
     978            0 :         ChipLogError(Controller, "No default commissioner is specified");
     979            0 :         return CHIP_ERROR_INCORRECT_STATE;
     980              :     }
     981            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, mDefaultCommissioner->SetCommissioningParameters(params));
     982            0 :     auto errorCode = Commission(remoteDeviceId);
     983            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     984            0 :     return errorCode;
     985              : }
     986              : 
     987            0 : CHIP_ERROR DeviceCommissioner::Commission(NodeId remoteDeviceId)
     988              : {
     989              :     MATTER_TRACE_SCOPE("Commission", "DeviceCommissioner");
     990              : 
     991            0 :     if (mDefaultCommissioner == nullptr)
     992              :     {
     993            0 :         ChipLogError(Controller, "No default commissioner is specified");
     994            0 :         return CHIP_ERROR_INCORRECT_STATE;
     995              :     }
     996              : 
     997            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(remoteDeviceId);
     998            0 :     if (device == nullptr || (!device->IsSecureConnected() && !device->IsSessionSetupInProgress()))
     999              :     {
    1000            0 :         ChipLogError(Controller, "Invalid device for commissioning " ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1001            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1002              :     }
    1003            0 :     if (!device->IsSecureConnected() && device != mDeviceInPASEEstablishment)
    1004              :     {
    1005              :         // We should not end up in this state because we won't attempt to establish more than one connection at a time.
    1006            0 :         ChipLogError(Controller, "Device is not connected and not being paired " ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1007            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1008              :     }
    1009              : 
    1010            0 :     if (mCommissioningStage != CommissioningStage::kSecurePairing)
    1011              :     {
    1012            0 :         ChipLogError(Controller, "Commissioning already in progress (stage '%s') - not restarting",
    1013              :                      StageToString(mCommissioningStage));
    1014            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1015              :     }
    1016              : 
    1017            0 :     ChipLogProgress(Controller, "Commission called for node ID 0x" ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1018              : 
    1019            0 :     mDefaultCommissioner->SetOperationalCredentialsDelegate(mOperationalCredentialsDelegate);
    1020            0 :     if (device->IsSecureConnected())
    1021              :     {
    1022              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerCommission);
    1023            0 :         mDefaultCommissioner->StartCommissioning(this, device);
    1024              :     }
    1025              :     else
    1026              :     {
    1027            0 :         mRunCommissioningAfterConnection = true;
    1028              :     }
    1029            0 :     return CHIP_NO_ERROR;
    1030              : }
    1031              : 
    1032              : CHIP_ERROR
    1033            0 : DeviceCommissioner::ContinueCommissioningAfterDeviceAttestation(DeviceProxy * device,
    1034              :                                                                 Credentials::AttestationVerificationResult attestationResult)
    1035              : {
    1036              :     MATTER_TRACE_SCOPE("continueCommissioningDevice", "DeviceCommissioner");
    1037              : 
    1038            0 :     if (mDefaultCommissioner == nullptr)
    1039              :     {
    1040            0 :         ChipLogError(Controller, "No default commissioner is specified");
    1041            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1042              :     }
    1043              : 
    1044            0 :     if (device == nullptr || device != mDeviceBeingCommissioned)
    1045              :     {
    1046            0 :         ChipLogError(Controller, "Invalid device for commissioning %p", device);
    1047            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1048              :     }
    1049            0 :     CommissioneeDeviceProxy * commissioneeDevice = FindCommissioneeDevice(device->GetDeviceId());
    1050            0 :     if (commissioneeDevice == nullptr)
    1051              :     {
    1052            0 :         ChipLogError(Controller, "Couldn't find commissionee device");
    1053            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1054              :     }
    1055            0 :     if (!commissioneeDevice->IsSecureConnected() || commissioneeDevice != mDeviceBeingCommissioned)
    1056              :     {
    1057            0 :         ChipLogError(Controller, "Invalid device for commissioning after attestation failure: 0x" ChipLogFormatX64,
    1058              :                      ChipLogValueX64(commissioneeDevice->GetDeviceId()));
    1059            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1060              :     }
    1061              : 
    1062            0 :     if (mCommissioningStage != CommissioningStage::kAttestationRevocationCheck)
    1063              :     {
    1064            0 :         ChipLogError(Controller, "Commissioning is not attestation verification phase");
    1065            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1066              :     }
    1067              : 
    1068            0 :     ChipLogProgress(Controller, "Continuing commissioning after attestation failure for device ID 0x" ChipLogFormatX64,
    1069              :                     ChipLogValueX64(commissioneeDevice->GetDeviceId()));
    1070              : 
    1071            0 :     if (attestationResult != AttestationVerificationResult::kSuccess)
    1072              :     {
    1073            0 :         ChipLogError(Controller, "Client selected error: %u for failed 'Attestation Information' for device",
    1074              :                      to_underlying(attestationResult));
    1075              : 
    1076            0 :         CommissioningDelegate::CommissioningReport report;
    1077            0 :         report.Set<AttestationErrorInfo>(attestationResult);
    1078            0 :         CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1079            0 :     }
    1080              :     else
    1081              :     {
    1082            0 :         ChipLogProgress(Controller, "Overriding attestation failure per client and continuing commissioning");
    1083            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    1084              :     }
    1085            0 :     return CHIP_NO_ERROR;
    1086              : }
    1087              : 
    1088              : #if CHIP_DEVICE_CONFIG_ENABLE_NFC_BASED_COMMISSIONING
    1089              : CHIP_ERROR DeviceCommissioner::ContinueCommissioningAfterConnectNetworkRequest(NodeId remoteDeviceId)
    1090              : {
    1091              :     MATTER_TRACE_SCOPE("continueCommissioningAfterConnectNetworkRequest", "DeviceCommissioner");
    1092              : 
    1093              :     if (mDefaultCommissioner == nullptr)
    1094              :     {
    1095              :         ChipLogError(Controller, "No default commissioner is specified");
    1096              :         return CHIP_ERROR_INCORRECT_STATE;
    1097              :     }
    1098              : 
    1099              :     // Move to kEvictPreviousCaseSessions stage since the next stage will be to find the device
    1100              :     // on the operational network
    1101              :     mCommissioningStage = CommissioningStage::kEvictPreviousCaseSessions;
    1102              : 
    1103              :     // Setup device being commissioned
    1104              :     CommissioneeDeviceProxy * device = nullptr;
    1105              :     if (!mDeviceBeingCommissioned)
    1106              :     {
    1107              :         device = mCommissioneeDevicePool.CreateObject();
    1108              :         if (!device)
    1109              :             return CHIP_ERROR_NO_MEMORY;
    1110              : 
    1111              :         Transport::PeerAddress peerAddress = Transport::PeerAddress::UDP(Inet::IPAddress::Any);
    1112              :         device->Init(GetControllerDeviceInitParams(), remoteDeviceId, peerAddress);
    1113              :         mDeviceBeingCommissioned = device;
    1114              :     }
    1115              : 
    1116              :     mDefaultCommissioner->SetOperationalCredentialsDelegate(mOperationalCredentialsDelegate);
    1117              : 
    1118              :     ChipLogProgress(Controller, "Continuing commissioning after connect to network complete for device ID 0x" ChipLogFormatX64,
    1119              :                     ChipLogValueX64(remoteDeviceId));
    1120              : 
    1121              :     MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioningOperationalSetup);
    1122              :     CHIP_ERROR err = mDefaultCommissioner->StartCommissioning(this, device);
    1123              :     if (err != CHIP_NO_ERROR)
    1124              :     {
    1125              :         MATTER_LOG_METRIC_END(kMetricDeviceCommissioningOperationalSetup, err);
    1126              :     }
    1127              :     return err;
    1128              : }
    1129              : #endif
    1130              : 
    1131            0 : CHIP_ERROR DeviceCommissioner::StopPairing(NodeId remoteDeviceId)
    1132              : {
    1133            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1134            0 :     VerifyOrReturnError(remoteDeviceId != kUndefinedNodeId, CHIP_ERROR_INVALID_ARGUMENT);
    1135              : 
    1136            0 :     ChipLogProgress(Controller, "StopPairing called for node ID 0x" ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1137              : 
    1138              :     // If we're still in the process of discovering the device, just stop the SetUpCodePairer
    1139            0 :     if (mSetUpCodePairer.StopPairing(remoteDeviceId))
    1140              :     {
    1141            0 :         mRunCommissioningAfterConnection = false;
    1142            0 :         OnSessionEstablishmentError(CHIP_ERROR_CANCELLED);
    1143            0 :         return CHIP_NO_ERROR;
    1144              :     }
    1145              : 
    1146              :     // Otherwise we might be pairing and / or commissioning it.
    1147            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(remoteDeviceId);
    1148            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_DEVICE_DESCRIPTOR);
    1149              : 
    1150            0 :     if (mDeviceBeingCommissioned == device)
    1151              :     {
    1152            0 :         CancelCommissioningInteractions();
    1153            0 :         CommissioningStageComplete(CHIP_ERROR_CANCELLED);
    1154              :     }
    1155              :     else
    1156              :     {
    1157            0 :         ReleaseCommissioneeDevice(device);
    1158              :     }
    1159            0 :     return CHIP_NO_ERROR;
    1160              : }
    1161              : 
    1162            0 : void DeviceCommissioner::CancelCommissioningInteractions()
    1163              : {
    1164            0 :     if (mReadClient)
    1165              :     {
    1166            0 :         ChipLogDetail(Controller, "Cancelling read request for step '%s'", StageToString(mCommissioningStage));
    1167            0 :         mReadClient.reset(); // destructor cancels
    1168            0 :         mAttributeCache.reset();
    1169              :     }
    1170            0 :     if (mInvokeCancelFn)
    1171              :     {
    1172            0 :         ChipLogDetail(Controller, "Cancelling command invocation for step '%s'", StageToString(mCommissioningStage));
    1173            0 :         mInvokeCancelFn();
    1174            0 :         mInvokeCancelFn = nullptr;
    1175              :     }
    1176            0 :     if (mWriteCancelFn)
    1177              :     {
    1178            0 :         ChipLogDetail(Controller, "Cancelling write request for step '%s'", StageToString(mCommissioningStage));
    1179            0 :         mWriteCancelFn();
    1180            0 :         mWriteCancelFn = nullptr;
    1181              :     }
    1182            0 :     if (mOnDeviceConnectedCallback.IsRegistered())
    1183              :     {
    1184            0 :         ChipLogDetail(Controller, "Cancelling CASE setup for step '%s'", StageToString(mCommissioningStage));
    1185            0 :         CancelCASECallbacks();
    1186              :     }
    1187            0 : }
    1188              : 
    1189            0 : void DeviceCommissioner::CancelCASECallbacks()
    1190              : {
    1191            0 :     mOnDeviceConnectedCallback.Cancel();
    1192            0 :     mOnDeviceConnectionFailureCallback.Cancel();
    1193              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    1194            0 :     mOnDeviceConnectionRetryCallback.Cancel();
    1195              : #endif
    1196            0 : }
    1197              : 
    1198            0 : CHIP_ERROR DeviceCommissioner::UnpairDevice(NodeId remoteDeviceId)
    1199              : {
    1200              :     MATTER_TRACE_SCOPE("UnpairDevice", "DeviceCommissioner");
    1201            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1202              : 
    1203            0 :     return AutoCurrentFabricRemover::RemoveCurrentFabric(this, remoteDeviceId);
    1204              : }
    1205              : 
    1206            0 : void DeviceCommissioner::RendezvousCleanup(CHIP_ERROR status)
    1207              : {
    1208            0 :     if (mDeviceInPASEEstablishment != nullptr)
    1209              :     {
    1210              :         // Release the commissionee device. For BLE, this is stored,
    1211              :         // for IP commissioning, we have taken a reference to the
    1212              :         // operational node to send the completion command.
    1213            0 :         ReleaseCommissioneeDevice(mDeviceInPASEEstablishment);
    1214              : 
    1215            0 :         if (mPairingDelegate != nullptr)
    1216              :         {
    1217            0 :             mPairingDelegate->OnPairingComplete(status);
    1218              :         }
    1219              :     }
    1220            0 : }
    1221              : 
    1222            0 : void DeviceCommissioner::OnSessionEstablishmentError(CHIP_ERROR err)
    1223              : {
    1224              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, err);
    1225              : 
    1226            0 :     if (mPairingDelegate != nullptr)
    1227              :     {
    1228            0 :         mPairingDelegate->OnStatusUpdate(DevicePairingDelegate::SecurePairingFailed);
    1229              :     }
    1230              : 
    1231            0 :     RendezvousCleanup(err);
    1232            0 : }
    1233              : 
    1234            0 : void DeviceCommissioner::OnSessionEstablished(const SessionHandle & session)
    1235              : {
    1236              :     // PASE session established.
    1237            0 :     CommissioneeDeviceProxy * device = mDeviceInPASEEstablishment;
    1238              : 
    1239              :     // We are in the callback for this pairing. Reset so we can pair another device.
    1240            0 :     mDeviceInPASEEstablishment = nullptr;
    1241              : 
    1242            0 :     VerifyOrReturn(device != nullptr, OnSessionEstablishmentError(CHIP_ERROR_INVALID_DEVICE_DESCRIPTOR));
    1243              : 
    1244            0 :     CHIP_ERROR err = device->SetConnected(session);
    1245            0 :     if (err != CHIP_NO_ERROR)
    1246              :     {
    1247            0 :         ChipLogError(Controller, "Failed in setting up secure channel: %" CHIP_ERROR_FORMAT, err.Format());
    1248            0 :         OnSessionEstablishmentError(err);
    1249            0 :         return;
    1250              :     }
    1251              : 
    1252            0 :     ChipLogDetail(Controller, "Remote device completed SPAKE2+ handshake");
    1253              : 
    1254              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, CHIP_NO_ERROR);
    1255            0 :     if (mPairingDelegate != nullptr)
    1256              :     {
    1257            0 :         mPairingDelegate->OnPairingComplete(CHIP_NO_ERROR);
    1258              :     }
    1259              : 
    1260            0 :     if (mRunCommissioningAfterConnection)
    1261              :     {
    1262            0 :         mRunCommissioningAfterConnection = false;
    1263              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerCommission);
    1264            0 :         mDefaultCommissioner->StartCommissioning(this, device);
    1265              :     }
    1266              : }
    1267              : 
    1268            0 : CHIP_ERROR DeviceCommissioner::SendCertificateChainRequestCommand(DeviceProxy * device,
    1269              :                                                                   Credentials::CertificateType certificateType,
    1270              :                                                                   Optional<System::Clock::Timeout> timeout)
    1271              : {
    1272              :     MATTER_TRACE_SCOPE("SendCertificateChainRequestCommand", "DeviceCommissioner");
    1273            0 :     ChipLogDetail(Controller, "Sending Certificate Chain request to %p device", device);
    1274            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1275              : 
    1276            0 :     OperationalCredentials::Commands::CertificateChainRequest::Type request;
    1277            0 :     request.certificateType = static_cast<OperationalCredentials::CertificateChainTypeEnum>(certificateType);
    1278            0 :     return SendCommissioningCommand(device, request, OnCertificateChainResponse, OnCertificateChainFailureResponse, kRootEndpointId,
    1279            0 :                                     timeout);
    1280              : }
    1281              : 
    1282            0 : void DeviceCommissioner::OnCertificateChainFailureResponse(void * context, CHIP_ERROR error)
    1283              : {
    1284              :     MATTER_TRACE_SCOPE("OnCertificateChainFailureResponse", "DeviceCommissioner");
    1285            0 :     ChipLogProgress(Controller, "Device failed to receive the Certificate Chain request Response: %" CHIP_ERROR_FORMAT,
    1286              :                     error.Format());
    1287            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1288            0 :     commissioner->CommissioningStageComplete(error);
    1289            0 : }
    1290              : 
    1291            0 : void DeviceCommissioner::OnCertificateChainResponse(
    1292              :     void * context, const chip::app::Clusters::OperationalCredentials::Commands::CertificateChainResponse::DecodableType & response)
    1293              : {
    1294              :     MATTER_TRACE_SCOPE("OnCertificateChainResponse", "DeviceCommissioner");
    1295            0 :     ChipLogProgress(Controller, "Received certificate chain from the device");
    1296            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1297              : 
    1298            0 :     CommissioningDelegate::CommissioningReport report;
    1299            0 :     report.Set<RequestedCertificate>(RequestedCertificate(response.certificate));
    1300              : 
    1301            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1302            0 : }
    1303              : 
    1304            0 : CHIP_ERROR DeviceCommissioner::SendAttestationRequestCommand(DeviceProxy * device, const ByteSpan & attestationNonce,
    1305              :                                                              Optional<System::Clock::Timeout> timeout)
    1306              : {
    1307              :     MATTER_TRACE_SCOPE("SendAttestationRequestCommand", "DeviceCommissioner");
    1308            0 :     ChipLogDetail(Controller, "Sending Attestation request to %p device", device);
    1309            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1310              : 
    1311            0 :     OperationalCredentials::Commands::AttestationRequest::Type request;
    1312            0 :     request.attestationNonce = attestationNonce;
    1313              : 
    1314            0 :     ReturnErrorOnFailure(
    1315              :         SendCommissioningCommand(device, request, OnAttestationResponse, OnAttestationFailureResponse, kRootEndpointId, timeout));
    1316            0 :     ChipLogDetail(Controller, "Sent Attestation request, waiting for the Attestation Information");
    1317            0 :     return CHIP_NO_ERROR;
    1318              : }
    1319              : 
    1320            0 : void DeviceCommissioner::OnAttestationFailureResponse(void * context, CHIP_ERROR error)
    1321              : {
    1322              :     MATTER_TRACE_SCOPE("OnAttestationFailureResponse", "DeviceCommissioner");
    1323            0 :     ChipLogProgress(Controller, "Device failed to receive the Attestation Information Response: %" CHIP_ERROR_FORMAT,
    1324              :                     error.Format());
    1325            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1326            0 :     commissioner->CommissioningStageComplete(error);
    1327            0 : }
    1328              : 
    1329            0 : void DeviceCommissioner::OnAttestationResponse(void * context,
    1330              :                                                const OperationalCredentials::Commands::AttestationResponse::DecodableType & data)
    1331              : {
    1332              :     MATTER_TRACE_SCOPE("OnAttestationResponse", "DeviceCommissioner");
    1333            0 :     ChipLogProgress(Controller, "Received Attestation Information from the device");
    1334            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1335              : 
    1336            0 :     CommissioningDelegate::CommissioningReport report;
    1337            0 :     report.Set<AttestationResponse>(AttestationResponse(data.attestationElements, data.attestationSignature));
    1338            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1339            0 : }
    1340              : 
    1341            0 : void DeviceCommissioner::OnDeviceAttestationInformationVerification(
    1342              :     void * context, const Credentials::DeviceAttestationVerifier::AttestationInfo & info, AttestationVerificationResult result)
    1343              : {
    1344              :     MATTER_TRACE_SCOPE("OnDeviceAttestationInformationVerification", "DeviceCommissioner");
    1345            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1346              : 
    1347            0 :     if (commissioner->mCommissioningStage == CommissioningStage::kAttestationVerification)
    1348              :     {
    1349              :         // Check for revoked DAC Chain before calling delegate. Enter next stage.
    1350              : 
    1351            0 :         CommissioningDelegate::CommissioningReport report;
    1352            0 :         report.Set<AttestationErrorInfo>(result);
    1353              : 
    1354            0 :         return commissioner->CommissioningStageComplete(
    1355            0 :             result == AttestationVerificationResult::kSuccess ? CHIP_NO_ERROR : CHIP_ERROR_FAILED_DEVICE_ATTESTATION, report);
    1356            0 :     }
    1357              : 
    1358            0 :     if (!commissioner->mDeviceBeingCommissioned)
    1359              :     {
    1360            0 :         ChipLogError(Controller, "Device attestation verification result received when we're not commissioning a device");
    1361            0 :         return;
    1362              :     }
    1363              : 
    1364            0 :     auto & params = commissioner->mDefaultCommissioner->GetCommissioningParameters();
    1365            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1366              : 
    1367            0 :     if (params.GetCompletionStatus().attestationResult.HasValue())
    1368              :     {
    1369            0 :         auto previousResult = params.GetCompletionStatus().attestationResult.Value();
    1370            0 :         if (previousResult != AttestationVerificationResult::kSuccess)
    1371              :         {
    1372            0 :             result = previousResult;
    1373              :         }
    1374              :     }
    1375              : 
    1376            0 :     if (result != AttestationVerificationResult::kSuccess)
    1377              :     {
    1378            0 :         CommissioningDelegate::CommissioningReport report;
    1379            0 :         report.Set<AttestationErrorInfo>(result);
    1380            0 :         if (result == AttestationVerificationResult::kNotImplemented)
    1381              :         {
    1382            0 :             ChipLogError(Controller,
    1383              :                          "Failed in verifying 'Attestation Information' command received from the device due to default "
    1384              :                          "DeviceAttestationVerifier Class not being overridden by a real implementation.");
    1385            0 :             commissioner->CommissioningStageComplete(CHIP_ERROR_NOT_IMPLEMENTED, report);
    1386            0 :             return;
    1387              :         }
    1388              : 
    1389            0 :         ChipLogError(Controller, "Failed in verifying 'Attestation Information' command received from the device: err %hu (%s)",
    1390              :                      static_cast<uint16_t>(result), GetAttestationResultDescription(result));
    1391              :         // Go look at AttestationVerificationResult enum in src/credentials/attestation_verifier/DeviceAttestationVerifier.h to
    1392              :         // understand the errors.
    1393              : 
    1394              :         // If a device attestation status delegate is installed, delegate handling of failure to the client and let them
    1395              :         // decide on whether to proceed further or not.
    1396            0 :         if (deviceAttestationDelegate)
    1397              :         {
    1398            0 :             commissioner->ExtendArmFailSafeForDeviceAttestation(info, result);
    1399              :         }
    1400              :         else
    1401              :         {
    1402            0 :             commissioner->CommissioningStageComplete(CHIP_ERROR_FAILED_DEVICE_ATTESTATION, report);
    1403              :         }
    1404            0 :     }
    1405              :     else
    1406              :     {
    1407            0 :         if (deviceAttestationDelegate && deviceAttestationDelegate->ShouldWaitAfterDeviceAttestation())
    1408              :         {
    1409            0 :             commissioner->ExtendArmFailSafeForDeviceAttestation(info, result);
    1410              :         }
    1411              :         else
    1412              :         {
    1413            0 :             ChipLogProgress(Controller, "Successfully validated 'Attestation Information' command received from the device.");
    1414            0 :             commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1415              :         }
    1416              :     }
    1417              : }
    1418              : 
    1419            0 : void DeviceCommissioner::OnArmFailSafeExtendedForDeviceAttestation(
    1420              :     void * context, const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType &)
    1421              : {
    1422            0 :     ChipLogProgress(Controller, "Successfully extended fail-safe timer to handle DA failure");
    1423            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1424              : 
    1425              :     // We have completed our command invoke, but we're not going to finish the
    1426              :     // commissioning step until our client examines the attestation
    1427              :     // information.  Clear out mInvokeCancelFn (which points at the
    1428              :     // CommandSender we just finished using) now, so it's not dangling.
    1429            0 :     commissioner->mInvokeCancelFn = nullptr;
    1430              : 
    1431            0 :     commissioner->HandleDeviceAttestationCompleted();
    1432            0 : }
    1433              : 
    1434            0 : void DeviceCommissioner::HandleDeviceAttestationCompleted()
    1435              : {
    1436            0 :     if (!mDeviceBeingCommissioned)
    1437              :     {
    1438            0 :         return;
    1439              :     }
    1440              : 
    1441            0 :     auto & params                                                      = mDefaultCommissioner->GetCommissioningParameters();
    1442            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1443            0 :     if (deviceAttestationDelegate)
    1444              :     {
    1445            0 :         ChipLogProgress(Controller, "Device attestation completed, delegating continuation to client");
    1446            0 :         deviceAttestationDelegate->OnDeviceAttestationCompleted(this, mDeviceBeingCommissioned, *mAttestationDeviceInfo,
    1447              :                                                                 mAttestationResult);
    1448              :     }
    1449              :     else
    1450              :     {
    1451            0 :         ChipLogError(Controller, "Need to wait for device attestation delegate, but no delegate available. Failing commissioning");
    1452            0 :         CommissioningDelegate::CommissioningReport report;
    1453            0 :         report.Set<AttestationErrorInfo>(mAttestationResult);
    1454            0 :         CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1455            0 :     }
    1456              : }
    1457              : 
    1458            0 : void DeviceCommissioner::OnFailedToExtendedArmFailSafeDeviceAttestation(void * context, CHIP_ERROR error)
    1459              : {
    1460            0 :     ChipLogProgress(Controller, "Failed to extend fail-safe timer to handle attestation failure: %" CHIP_ERROR_FORMAT,
    1461              :                     error.Format());
    1462            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1463              : 
    1464            0 :     CommissioningDelegate::CommissioningReport report;
    1465            0 :     report.Set<AttestationErrorInfo>(commissioner->mAttestationResult);
    1466            0 :     commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1467            0 : }
    1468              : 
    1469            0 : void DeviceCommissioner::OnICDManagementRegisterClientResponse(
    1470              :     void * context, const app::Clusters::IcdManagement::Commands::RegisterClientResponse::DecodableType & data)
    1471              : {
    1472            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    1473            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1474            0 :     VerifyOrExit(commissioner != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT);
    1475            0 :     VerifyOrExit(commissioner->mCommissioningStage == CommissioningStage::kICDRegistration, err = CHIP_ERROR_INCORRECT_STATE);
    1476            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1477              : 
    1478            0 :     if (commissioner->mPairingDelegate != nullptr)
    1479              :     {
    1480            0 :         commissioner->mPairingDelegate->OnICDRegistrationComplete(
    1481            0 :             ScopedNodeId(commissioner->mDeviceBeingCommissioned->GetDeviceId(), commissioner->GetFabricIndex()), data.ICDCounter);
    1482              :     }
    1483              : 
    1484            0 : exit:
    1485            0 :     CommissioningDelegate::CommissioningReport report;
    1486            0 :     commissioner->CommissioningStageComplete(err, report);
    1487            0 : }
    1488              : 
    1489            0 : void DeviceCommissioner::OnICDManagementStayActiveResponse(
    1490              :     void * context, const app::Clusters::IcdManagement::Commands::StayActiveResponse::DecodableType & data)
    1491              : {
    1492            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    1493            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1494            0 :     VerifyOrExit(commissioner != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT);
    1495            0 :     VerifyOrExit(commissioner->mCommissioningStage == CommissioningStage::kICDSendStayActive, err = CHIP_ERROR_INCORRECT_STATE);
    1496            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1497              : 
    1498            0 :     if (commissioner->mPairingDelegate != nullptr)
    1499              :     {
    1500            0 :         commissioner->mPairingDelegate->OnICDStayActiveComplete(
    1501              : 
    1502            0 :             ScopedNodeId(commissioner->mDeviceBeingCommissioned->GetDeviceId(), commissioner->GetFabricIndex()),
    1503            0 :             data.promisedActiveDuration);
    1504              :     }
    1505              : 
    1506            0 : exit:
    1507            0 :     CommissioningDelegate::CommissioningReport report;
    1508            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1509            0 : }
    1510              : 
    1511            0 : bool DeviceCommissioner::ExtendArmFailSafeInternal(DeviceProxy * proxy, CommissioningStage step, uint16_t armFailSafeTimeout,
    1512              :                                                    Optional<System::Clock::Timeout> commandTimeout,
    1513              :                                                    OnExtendFailsafeSuccess onSuccess, OnExtendFailsafeFailure onFailure,
    1514              :                                                    bool fireAndForget)
    1515              : {
    1516              :     using namespace System;
    1517              :     using namespace System::Clock;
    1518            0 :     auto now                = SystemClock().GetMonotonicTimestamp();
    1519            0 :     auto newFailSafeTimeout = now + Seconds16(armFailSafeTimeout);
    1520            0 :     if (newFailSafeTimeout < proxy->GetFailSafeExpirationTimestamp())
    1521              :     {
    1522            0 :         ChipLogProgress(
    1523              :             Controller, "Skipping arming failsafe: new time (%u seconds from now) before old time (%u seconds from now)",
    1524              :             armFailSafeTimeout, std::chrono::duration_cast<Seconds16>(proxy->GetFailSafeExpirationTimestamp() - now).count());
    1525            0 :         return false;
    1526              :     }
    1527              : 
    1528            0 :     uint64_t breadcrumb = static_cast<uint64_t>(step);
    1529            0 :     GeneralCommissioning::Commands::ArmFailSafe::Type request;
    1530            0 :     request.expiryLengthSeconds = armFailSafeTimeout;
    1531            0 :     request.breadcrumb          = breadcrumb;
    1532            0 :     ChipLogProgress(Controller, "Arming failsafe (%u seconds)", request.expiryLengthSeconds);
    1533            0 :     CHIP_ERROR err = SendCommissioningCommand(proxy, request, onSuccess, onFailure, kRootEndpointId, commandTimeout, fireAndForget);
    1534            0 :     if (err != CHIP_NO_ERROR)
    1535              :     {
    1536            0 :         onFailure((!fireAndForget) ? this : nullptr, err);
    1537            0 :         return true; // we have called onFailure already
    1538              :     }
    1539              : 
    1540              :     // Note: The stored timestamp may become invalid if we fail asynchronously
    1541            0 :     proxy->SetFailSafeExpirationTimestamp(newFailSafeTimeout);
    1542            0 :     return true;
    1543              : }
    1544              : 
    1545            0 : void DeviceCommissioner::ExtendArmFailSafeForDeviceAttestation(const Credentials::DeviceAttestationVerifier::AttestationInfo & info,
    1546              :                                                                Credentials::AttestationVerificationResult result)
    1547              : {
    1548            0 :     mAttestationResult = result;
    1549              : 
    1550            0 :     auto & params                                                      = mDefaultCommissioner->GetCommissioningParameters();
    1551            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1552              : 
    1553            0 :     mAttestationDeviceInfo = Platform::MakeUnique<Credentials::DeviceAttestationVerifier::AttestationDeviceInfo>(info);
    1554              : 
    1555            0 :     auto expiryLengthSeconds      = deviceAttestationDelegate->FailSafeExpiryTimeoutSecs();
    1556            0 :     bool waitForFailsafeExtension = expiryLengthSeconds.HasValue();
    1557            0 :     if (waitForFailsafeExtension)
    1558              :     {
    1559            0 :         ChipLogProgress(Controller, "Changing fail-safe timer to %u seconds to handle DA failure", expiryLengthSeconds.Value());
    1560              :         // Per spec, anything we do with the fail-safe armed must not time out
    1561              :         // in less than kMinimumCommissioningStepTimeout.
    1562              :         waitForFailsafeExtension =
    1563            0 :             ExtendArmFailSafeInternal(mDeviceBeingCommissioned, mCommissioningStage, expiryLengthSeconds.Value(),
    1564            0 :                                       MakeOptional(kMinimumCommissioningStepTimeout), OnArmFailSafeExtendedForDeviceAttestation,
    1565              :                                       OnFailedToExtendedArmFailSafeDeviceAttestation, /* fireAndForget = */ false);
    1566              :     }
    1567              :     else
    1568              :     {
    1569            0 :         ChipLogProgress(Controller, "Proceeding without changing fail-safe timer value as delegate has not set it");
    1570              :     }
    1571              : 
    1572            0 :     if (!waitForFailsafeExtension)
    1573              :     {
    1574            0 :         HandleDeviceAttestationCompleted();
    1575              :     }
    1576            0 : }
    1577              : 
    1578            0 : CHIP_ERROR DeviceCommissioner::ValidateAttestationInfo(const Credentials::DeviceAttestationVerifier::AttestationInfo & info)
    1579              : {
    1580              :     MATTER_TRACE_SCOPE("ValidateAttestationInfo", "DeviceCommissioner");
    1581            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1582            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1583              : 
    1584            0 :     mDeviceAttestationVerifier->VerifyAttestationInformation(info, &mDeviceAttestationInformationVerificationCallback);
    1585              : 
    1586              :     // TODO: Validate Firmware Information
    1587              : 
    1588            0 :     return CHIP_NO_ERROR;
    1589              : }
    1590              : 
    1591              : CHIP_ERROR
    1592            0 : DeviceCommissioner::CheckForRevokedDACChain(const Credentials::DeviceAttestationVerifier::AttestationInfo & info)
    1593              : {
    1594              :     MATTER_TRACE_SCOPE("CheckForRevokedDACChain", "DeviceCommissioner");
    1595            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1596            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1597              : 
    1598            0 :     mDeviceAttestationVerifier->CheckForRevokedDACChain(info, &mDeviceAttestationInformationVerificationCallback);
    1599              : 
    1600            0 :     return CHIP_NO_ERROR;
    1601              : }
    1602              : 
    1603            0 : CHIP_ERROR DeviceCommissioner::ValidateCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements,
    1604              :                                            const ByteSpan & AttestationSignature, const ByteSpan & dac, const ByteSpan & csrNonce)
    1605              : {
    1606              :     MATTER_TRACE_SCOPE("ValidateCSR", "DeviceCommissioner");
    1607            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1608            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1609              : 
    1610            0 :     P256PublicKey dacPubkey;
    1611            0 :     ReturnErrorOnFailure(ExtractPubkeyFromX509Cert(dac, dacPubkey));
    1612              : 
    1613              :     // Retrieve attestation challenge
    1614              :     ByteSpan attestationChallenge =
    1615            0 :         proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge();
    1616              : 
    1617              :     // The operational CA should also verify this on its end during NOC generation, if end-to-end attestation is desired.
    1618            0 :     return mDeviceAttestationVerifier->VerifyNodeOperationalCSRInformation(NOCSRElements, attestationChallenge,
    1619            0 :                                                                            AttestationSignature, dacPubkey, csrNonce);
    1620            0 : }
    1621              : 
    1622            0 : CHIP_ERROR DeviceCommissioner::SendOperationalCertificateSigningRequestCommand(DeviceProxy * device, const ByteSpan & csrNonce,
    1623              :                                                                                Optional<System::Clock::Timeout> timeout)
    1624              : {
    1625              :     MATTER_TRACE_SCOPE("SendOperationalCertificateSigningRequestCommand", "DeviceCommissioner");
    1626            0 :     ChipLogDetail(Controller, "Sending CSR request to %p device", device);
    1627            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1628              : 
    1629            0 :     OperationalCredentials::Commands::CSRRequest::Type request;
    1630            0 :     request.CSRNonce = csrNonce;
    1631              : 
    1632            0 :     ReturnErrorOnFailure(SendCommissioningCommand(device, request, OnOperationalCertificateSigningRequest, OnCSRFailureResponse,
    1633              :                                                   kRootEndpointId, timeout));
    1634            0 :     ChipLogDetail(Controller, "Sent CSR request, waiting for the CSR");
    1635            0 :     return CHIP_NO_ERROR;
    1636              : }
    1637              : 
    1638            0 : void DeviceCommissioner::OnCSRFailureResponse(void * context, CHIP_ERROR error)
    1639              : {
    1640              :     MATTER_TRACE_SCOPE("OnCSRFailureResponse", "DeviceCommissioner");
    1641            0 :     ChipLogProgress(Controller, "Device failed to receive the CSR request Response: %" CHIP_ERROR_FORMAT, error.Format());
    1642            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1643            0 :     commissioner->CommissioningStageComplete(error);
    1644            0 : }
    1645              : 
    1646            0 : void DeviceCommissioner::OnOperationalCertificateSigningRequest(
    1647              :     void * context, const OperationalCredentials::Commands::CSRResponse::DecodableType & data)
    1648              : {
    1649              :     MATTER_TRACE_SCOPE("OnOperationalCertificateSigningRequest", "DeviceCommissioner");
    1650            0 :     ChipLogProgress(Controller, "Received certificate signing request from the device");
    1651            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1652              : 
    1653            0 :     CommissioningDelegate::CommissioningReport report;
    1654            0 :     report.Set<CSRResponse>(CSRResponse(data.NOCSRElements, data.attestationSignature));
    1655            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1656            0 : }
    1657              : 
    1658            0 : void DeviceCommissioner::OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const ByteSpan & noc, const ByteSpan & icac,
    1659              :                                                     const ByteSpan & rcac, Optional<IdentityProtectionKeySpan> ipk,
    1660              :                                                     Optional<NodeId> adminSubject)
    1661              : {
    1662              :     MATTER_TRACE_SCOPE("OnDeviceNOCChainGeneration", "DeviceCommissioner");
    1663            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1664              : 
    1665              :     // The placeholder IPK is not satisfactory, but is there to fill the NocChain struct on error. It will still fail.
    1666            0 :     const uint8_t placeHolderIpk[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    1667              :                                        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    1668            0 :     if (status == CHIP_NO_ERROR && !ipk.HasValue())
    1669              :     {
    1670            0 :         ChipLogError(Controller, "Did not have an IPK from the OperationalCredentialsIssuer! Cannot commission.");
    1671            0 :         status = CHIP_ERROR_INVALID_ARGUMENT;
    1672              :     }
    1673              : 
    1674            0 :     ChipLogProgress(Controller, "Received callback from the CA for NOC Chain generation. Status: %" CHIP_ERROR_FORMAT,
    1675              :                     status.Format());
    1676            0 :     if (status == CHIP_NO_ERROR && commissioner->mState != State::Initialized)
    1677              :     {
    1678            0 :         status = CHIP_ERROR_INCORRECT_STATE;
    1679              :     }
    1680            0 :     if (status != CHIP_NO_ERROR)
    1681              :     {
    1682            0 :         ChipLogError(Controller, "Failed in generating device's operational credentials. Error: %" CHIP_ERROR_FORMAT,
    1683              :                      status.Format());
    1684              :     }
    1685              : 
    1686              :     // TODO - Verify that the generated root cert matches with commissioner's root cert
    1687            0 :     CommissioningDelegate::CommissioningReport report;
    1688            0 :     report.Set<NocChain>(NocChain(noc, icac, rcac, ipk.HasValue() ? ipk.Value() : IdentityProtectionKeySpan(placeHolderIpk),
    1689            0 :                                   adminSubject.HasValue() ? adminSubject.Value() : commissioner->GetNodeId()));
    1690            0 :     commissioner->CommissioningStageComplete(status, report);
    1691            0 : }
    1692              : 
    1693            0 : CHIP_ERROR DeviceCommissioner::IssueNOCChain(const ByteSpan & NOCSRElements, NodeId nodeId,
    1694              :                                              chip::Callback::Callback<OnNOCChainGeneration> * callback)
    1695              : {
    1696              :     MATTER_TRACE_SCOPE("IssueNOCChain", "DeviceCommissioner");
    1697            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1698              : 
    1699            0 :     ChipLogProgress(Controller, "Getting certificate chain for the device on fabric idx %u", static_cast<unsigned>(mFabricIndex));
    1700              : 
    1701            0 :     mOperationalCredentialsDelegate->SetNodeIdForNextNOCRequest(nodeId);
    1702              : 
    1703            0 :     if (mFabricIndex != kUndefinedFabricIndex)
    1704              :     {
    1705            0 :         mOperationalCredentialsDelegate->SetFabricIdForNextNOCRequest(GetFabricId());
    1706              :     }
    1707              : 
    1708              :     // Note: we don't have attestationSignature, attestationChallenge, DAC, PAI so we are just providing an empty ByteSpan
    1709              :     // for those arguments.
    1710            0 :     return mOperationalCredentialsDelegate->GenerateNOCChain(NOCSRElements, ByteSpan(), ByteSpan(), ByteSpan(), ByteSpan(),
    1711            0 :                                                              ByteSpan(), callback);
    1712              : }
    1713              : 
    1714            0 : CHIP_ERROR DeviceCommissioner::ProcessCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements,
    1715              :                                           const ByteSpan & AttestationSignature, const ByteSpan & dac, const ByteSpan & pai,
    1716              :                                           const ByteSpan & csrNonce)
    1717              : {
    1718              :     MATTER_TRACE_SCOPE("ProcessOpCSR", "DeviceCommissioner");
    1719            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1720              : 
    1721            0 :     ChipLogProgress(Controller, "Getting certificate chain for the device from the issuer");
    1722              : 
    1723            0 :     P256PublicKey dacPubkey;
    1724            0 :     ReturnErrorOnFailure(ExtractPubkeyFromX509Cert(dac, dacPubkey));
    1725              : 
    1726              :     // Retrieve attestation challenge
    1727              :     ByteSpan attestationChallenge =
    1728            0 :         proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge();
    1729              : 
    1730            0 :     mOperationalCredentialsDelegate->SetNodeIdForNextNOCRequest(proxy->GetDeviceId());
    1731              : 
    1732            0 :     if (mFabricIndex != kUndefinedFabricIndex)
    1733              :     {
    1734            0 :         mOperationalCredentialsDelegate->SetFabricIdForNextNOCRequest(GetFabricId());
    1735              :     }
    1736              : 
    1737            0 :     return mOperationalCredentialsDelegate->GenerateNOCChain(NOCSRElements, csrNonce, AttestationSignature, attestationChallenge,
    1738            0 :                                                              dac, pai, &mDeviceNOCChainCallback);
    1739            0 : }
    1740              : 
    1741            0 : CHIP_ERROR DeviceCommissioner::SendOperationalCertificate(DeviceProxy * device, const ByteSpan & nocCertBuf,
    1742              :                                                           const Optional<ByteSpan> & icaCertBuf,
    1743              :                                                           const IdentityProtectionKeySpan ipk, const NodeId adminSubject,
    1744              :                                                           Optional<System::Clock::Timeout> timeout)
    1745              : {
    1746              :     MATTER_TRACE_SCOPE("SendOperationalCertificate", "DeviceCommissioner");
    1747              : 
    1748            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1749              : 
    1750            0 :     OperationalCredentials::Commands::AddNOC::Type request;
    1751            0 :     request.NOCValue         = nocCertBuf;
    1752            0 :     request.ICACValue        = icaCertBuf;
    1753            0 :     request.IPKValue         = ipk;
    1754            0 :     request.caseAdminSubject = adminSubject;
    1755            0 :     request.adminVendorId    = mVendorId;
    1756              : 
    1757            0 :     ReturnErrorOnFailure(SendCommissioningCommand(device, request, OnOperationalCertificateAddResponse, OnAddNOCFailureResponse,
    1758              :                                                   kRootEndpointId, timeout));
    1759              : 
    1760            0 :     ChipLogProgress(Controller, "Sent operational certificate to the device");
    1761              : 
    1762            0 :     return CHIP_NO_ERROR;
    1763              : }
    1764              : 
    1765            0 : CHIP_ERROR DeviceCommissioner::ConvertFromOperationalCertStatus(OperationalCredentials::NodeOperationalCertStatusEnum err)
    1766              : {
    1767              :     using OperationalCredentials::NodeOperationalCertStatusEnum;
    1768            0 :     switch (err)
    1769              :     {
    1770            0 :     case NodeOperationalCertStatusEnum::kOk:
    1771            0 :         return CHIP_NO_ERROR;
    1772            0 :     case NodeOperationalCertStatusEnum::kInvalidPublicKey:
    1773            0 :         return CHIP_ERROR_INVALID_PUBLIC_KEY;
    1774            0 :     case NodeOperationalCertStatusEnum::kInvalidNodeOpId:
    1775            0 :         return CHIP_ERROR_WRONG_NODE_ID;
    1776            0 :     case NodeOperationalCertStatusEnum::kInvalidNOC:
    1777            0 :         return CHIP_ERROR_UNSUPPORTED_CERT_FORMAT;
    1778            0 :     case NodeOperationalCertStatusEnum::kMissingCsr:
    1779            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1780            0 :     case NodeOperationalCertStatusEnum::kTableFull:
    1781            0 :         return CHIP_ERROR_NO_MEMORY;
    1782            0 :     case NodeOperationalCertStatusEnum::kInvalidAdminSubject:
    1783            0 :         return CHIP_ERROR_INVALID_ADMIN_SUBJECT;
    1784            0 :     case NodeOperationalCertStatusEnum::kFabricConflict:
    1785            0 :         return CHIP_ERROR_FABRIC_EXISTS;
    1786            0 :     case NodeOperationalCertStatusEnum::kLabelConflict:
    1787            0 :         return CHIP_ERROR_INVALID_ARGUMENT;
    1788            0 :     case NodeOperationalCertStatusEnum::kInvalidFabricIndex:
    1789            0 :         return CHIP_ERROR_INVALID_FABRIC_INDEX;
    1790            0 :     case NodeOperationalCertStatusEnum::kUnknownEnumValue:
    1791              :         // Is this a reasonable value?
    1792            0 :         return CHIP_ERROR_CERT_LOAD_FAILED;
    1793              :     }
    1794              : 
    1795            0 :     return CHIP_ERROR_CERT_LOAD_FAILED;
    1796              : }
    1797              : 
    1798            0 : void DeviceCommissioner::OnAddNOCFailureResponse(void * context, CHIP_ERROR error)
    1799              : {
    1800              :     MATTER_TRACE_SCOPE("OnAddNOCFailureResponse", "DeviceCommissioner");
    1801            0 :     ChipLogProgress(Controller, "Device failed to receive the operational certificate Response: %" CHIP_ERROR_FORMAT,
    1802              :                     error.Format());
    1803            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1804            0 :     commissioner->CommissioningStageComplete(error);
    1805            0 : }
    1806              : 
    1807            0 : void DeviceCommissioner::OnOperationalCertificateAddResponse(
    1808              :     void * context, const OperationalCredentials::Commands::NOCResponse::DecodableType & data)
    1809              : {
    1810              :     MATTER_TRACE_SCOPE("OnOperationalCertificateAddResponse", "DeviceCommissioner");
    1811            0 :     ChipLogProgress(Controller, "Device returned status %d on receiving the NOC", to_underlying(data.statusCode));
    1812            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1813              : 
    1814            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    1815              : 
    1816            0 :     VerifyOrExit(commissioner->mState == State::Initialized, err = CHIP_ERROR_INCORRECT_STATE);
    1817              : 
    1818            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1819              : 
    1820            0 :     err = ConvertFromOperationalCertStatus(data.statusCode);
    1821            0 :     SuccessOrExit(err);
    1822              : 
    1823            0 :     err = commissioner->OnOperationalCredentialsProvisioningCompletion(commissioner->mDeviceBeingCommissioned);
    1824              : 
    1825            0 : exit:
    1826            0 :     if (err != CHIP_NO_ERROR)
    1827              :     {
    1828            0 :         ChipLogProgress(Controller, "Add NOC failed with error: %" CHIP_ERROR_FORMAT, err.Format());
    1829            0 :         commissioner->CommissioningStageComplete(err);
    1830              :     }
    1831            0 : }
    1832              : 
    1833            0 : CHIP_ERROR DeviceCommissioner::SendTrustedRootCertificate(DeviceProxy * device, const ByteSpan & rcac,
    1834              :                                                           Optional<System::Clock::Timeout> timeout)
    1835              : {
    1836              :     MATTER_TRACE_SCOPE("SendTrustedRootCertificate", "DeviceCommissioner");
    1837            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1838              : 
    1839            0 :     ChipLogProgress(Controller, "Sending root certificate to the device");
    1840              : 
    1841            0 :     OperationalCredentials::Commands::AddTrustedRootCertificate::Type request;
    1842            0 :     request.rootCACertificate = rcac;
    1843            0 :     ReturnErrorOnFailure(
    1844              :         SendCommissioningCommand(device, request, OnRootCertSuccessResponse, OnRootCertFailureResponse, kRootEndpointId, timeout));
    1845              : 
    1846            0 :     ChipLogProgress(Controller, "Sent root certificate to the device");
    1847              : 
    1848            0 :     return CHIP_NO_ERROR;
    1849              : }
    1850              : 
    1851            0 : void DeviceCommissioner::OnRootCertSuccessResponse(void * context, const chip::app::DataModel::NullObjectType &)
    1852              : {
    1853              :     MATTER_TRACE_SCOPE("OnRootCertSuccessResponse", "DeviceCommissioner");
    1854            0 :     ChipLogProgress(Controller, "Device confirmed that it has received the root certificate");
    1855            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1856            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1857            0 : }
    1858              : 
    1859            0 : void DeviceCommissioner::OnRootCertFailureResponse(void * context, CHIP_ERROR error)
    1860              : {
    1861              :     MATTER_TRACE_SCOPE("OnRootCertFailureResponse", "DeviceCommissioner");
    1862            0 :     ChipLogProgress(Controller, "Device failed to receive the root certificate Response: %" CHIP_ERROR_FORMAT, error.Format());
    1863            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1864            0 :     commissioner->CommissioningStageComplete(error);
    1865            0 : }
    1866              : 
    1867            0 : CHIP_ERROR DeviceCommissioner::OnOperationalCredentialsProvisioningCompletion(DeviceProxy * device)
    1868              : {
    1869              :     MATTER_TRACE_SCOPE("OnOperationalCredentialsProvisioningCompletion", "DeviceCommissioner");
    1870            0 :     ChipLogProgress(Controller, "Operational credentials provisioned on device %p", device);
    1871            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1872              : 
    1873            0 :     if (mPairingDelegate != nullptr)
    1874              :     {
    1875            0 :         mPairingDelegate->OnStatusUpdate(DevicePairingDelegate::SecurePairingSuccess);
    1876              :     }
    1877            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    1878              : 
    1879            0 :     return CHIP_NO_ERROR;
    1880              : }
    1881              : 
    1882              : #if CONFIG_NETWORK_LAYER_BLE
    1883              : #if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
    1884              : void DeviceCommissioner::ConnectBleTransportToSelf()
    1885              : {
    1886              :     Transport::BLEBase & transport = std::get<Transport::BLE<1>>(mSystemState->TransportMgr()->GetTransport().GetTransports());
    1887              :     if (!transport.IsBleLayerTransportSetToSelf())
    1888              :     {
    1889              :         transport.SetBleLayerTransportToSelf();
    1890              :     }
    1891              : }
    1892              : #endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
    1893              : 
    1894            0 : void DeviceCommissioner::CloseBleConnection()
    1895              : {
    1896              :     // It is fine since we can only commission one device at the same time.
    1897              :     // We should be able to distinguish different BLE connections if we want
    1898              :     // to commission multiple devices at the same time over BLE.
    1899            0 :     mSystemState->BleLayer()->CloseAllBleConnections();
    1900            0 : }
    1901              : #endif
    1902              : 
    1903            0 : CHIP_ERROR DeviceCommissioner::DiscoverCommissionableNodes(Dnssd::DiscoveryFilter filter)
    1904              : {
    1905            0 :     ReturnErrorOnFailure(SetUpNodeDiscovery());
    1906            0 :     return mDNSResolver.DiscoverCommissionableNodes(filter);
    1907              : }
    1908              : 
    1909            0 : CHIP_ERROR DeviceCommissioner::StopCommissionableDiscovery()
    1910              : {
    1911            0 :     return mDNSResolver.StopDiscovery();
    1912              : }
    1913              : 
    1914            0 : const Dnssd::CommissionNodeData * DeviceCommissioner::GetDiscoveredDevice(int idx)
    1915              : {
    1916            0 :     return GetDiscoveredNode(idx);
    1917              : }
    1918              : 
    1919              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
    1920              : 
    1921              : CHIP_ERROR DeviceCommissioner::SetUdcListenPort(uint16_t listenPort)
    1922              : {
    1923              :     if (mState == State::Initialized)
    1924              :     {
    1925              :         return CHIP_ERROR_INCORRECT_STATE;
    1926              :     }
    1927              : 
    1928              :     mUdcListenPort = listenPort;
    1929              :     return CHIP_NO_ERROR;
    1930              : }
    1931              : 
    1932              : void DeviceCommissioner::FindCommissionableNode(char * instanceName)
    1933              : {
    1934              :     Dnssd::DiscoveryFilter filter(Dnssd::DiscoveryFilterType::kInstanceName, instanceName);
    1935              :     DiscoverCommissionableNodes(filter);
    1936              : }
    1937              : 
    1938              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1939              : 
    1940            0 : void DeviceCommissioner::OnNodeDiscovered(const chip::Dnssd::DiscoveredNodeData & nodeData)
    1941              : {
    1942              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1943              :     if (mUdcServer != nullptr)
    1944              :     {
    1945              :         mUdcServer->OnCommissionableNodeFound(nodeData);
    1946              :     }
    1947              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1948            0 :     AbstractDnssdDiscoveryController::OnNodeDiscovered(nodeData);
    1949            0 :     mSetUpCodePairer.NotifyCommissionableDeviceDiscovered(nodeData);
    1950            0 : }
    1951              : 
    1952            0 : void DeviceCommissioner::OnBasicSuccess(void * context, const chip::app::DataModel::NullObjectType &)
    1953              : {
    1954            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1955            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1956            0 : }
    1957              : 
    1958            0 : void DeviceCommissioner::OnBasicFailure(void * context, CHIP_ERROR error)
    1959              : {
    1960            0 :     ChipLogProgress(Controller, "Received failure response: %" CHIP_ERROR_FORMAT, error.Format());
    1961            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1962            0 :     commissioner->CommissioningStageComplete(error);
    1963            0 : }
    1964              : 
    1965            0 : static GeneralCommissioning::Commands::ArmFailSafe::Type DisarmFailsafeRequest()
    1966              : {
    1967            0 :     GeneralCommissioning::Commands::ArmFailSafe::Type request;
    1968            0 :     request.expiryLengthSeconds = 0; // Expire immediately.
    1969            0 :     request.breadcrumb          = 0;
    1970            0 :     return request;
    1971              : }
    1972              : 
    1973            0 : static void MarkForEviction(const Optional<SessionHandle> & session)
    1974              : {
    1975            0 :     if (session.HasValue())
    1976              :     {
    1977            0 :         session.Value()->AsSecureSession()->MarkForEviction();
    1978              :     }
    1979            0 : }
    1980              : 
    1981            0 : void DeviceCommissioner::CleanupCommissioning(DeviceProxy * proxy, NodeId nodeId, const CompletionStatus & completionStatus)
    1982              : {
    1983              :     // At this point, proxy == mDeviceBeingCommissioned, nodeId == mDeviceBeingCommissioned->GetDeviceId()
    1984              : 
    1985            0 :     mCommissioningCompletionStatus = completionStatus;
    1986              : 
    1987            0 :     if (completionStatus.err == CHIP_NO_ERROR)
    1988              :     {
    1989              :         // CommissioningStageComplete uses mDeviceBeingCommissioned, which can
    1990              :         // be commissionee if we are cleaning up before we've gone operational.  Normally
    1991              :         // that would not happen in this non-error case, _except_ if we were told to skip sending
    1992              :         // CommissioningComplete: in that case we do not have an operational DeviceProxy, so
    1993              :         // we're using our CommissioneeDeviceProxy to do a successful cleanup.
    1994              :         //
    1995              :         // This means we have to call CommissioningStageComplete() before we destroy commissionee.
    1996              :         //
    1997              :         // This should be safe, because CommissioningStageComplete() does not call CleanupCommissioning
    1998              :         // when called in the cleanup stage (which is where we are), and StopPairing does not directly release
    1999              :         // mDeviceBeingCommissioned.
    2000            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    2001              : 
    2002            0 :         CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    2003            0 :         if (commissionee != nullptr)
    2004              :         {
    2005            0 :             ReleaseCommissioneeDevice(commissionee);
    2006              :         }
    2007              :         // Send the callbacks, we're done.
    2008            0 :         SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    2009              :     }
    2010            0 :     else if (completionStatus.err == CHIP_ERROR_CANCELLED)
    2011              :     {
    2012              :         // If we're cleaning up because cancellation has been requested via StopPairing(), expire the failsafe
    2013              :         // in the background and reset our state synchronously, so a new commissioning attempt can be started.
    2014            0 :         CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    2015            0 :         SessionHolder session((commissionee == proxy) ? commissionee->DetachSecureSession().Value()
    2016            0 :                                                       : proxy->GetSecureSession().Value());
    2017              : 
    2018            0 :         auto request     = DisarmFailsafeRequest();
    2019            0 :         auto onSuccessCb = [session](const app::ConcreteCommandPath & aPath, const app::StatusIB & aStatus,
    2020              :                                      const decltype(request)::ResponseType & responseData) {
    2021            0 :             ChipLogProgress(Controller, "Failsafe disarmed");
    2022            0 :             MarkForEviction(session.Get());
    2023            0 :         };
    2024            0 :         auto onFailureCb = [session](CHIP_ERROR aError) {
    2025            0 :             ChipLogProgress(Controller, "Ignoring failure to disarm failsafe: %" CHIP_ERROR_FORMAT, aError.Format());
    2026            0 :             MarkForEviction(session.Get());
    2027            0 :         };
    2028              : 
    2029            0 :         ChipLogProgress(Controller, "Disarming failsafe on device %p in background", proxy);
    2030            0 :         CHIP_ERROR err = InvokeCommandRequest(proxy->GetExchangeManager(), session.Get().Value(), kRootEndpointId, request,
    2031              :                                               onSuccessCb, onFailureCb);
    2032            0 :         if (err != CHIP_NO_ERROR)
    2033              :         {
    2034            0 :             ChipLogError(Controller, "Failed to send command to disarm fail-safe: %" CHIP_ERROR_FORMAT, err.Format());
    2035              :         }
    2036              : 
    2037            0 :         CleanupDoneAfterError();
    2038            0 :     }
    2039            0 :     else if (completionStatus.failedStage.HasValue() && completionStatus.failedStage.Value() >= kWiFiNetworkSetup)
    2040              :     {
    2041              :         // If we were already doing network setup, we need to retain the pase session and start again from network setup stage.
    2042              :         // We do not need to reset the failsafe here because we want to keep everything on the device up to this point, so just
    2043              :         // send the completion callbacks (see "Commissioning Flows Error Handling" in the spec).
    2044            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    2045            0 :         SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    2046              :     }
    2047              :     else
    2048              :     {
    2049              :         // If we've failed somewhere in the early stages (or we don't have a failedStage specified), we need to start from the
    2050              :         // beginning. However, because some of the commands can only be sent once per arm-failsafe, we also need to force a reset on
    2051              :         // the failsafe so we can start fresh on the next attempt.
    2052            0 :         ChipLogProgress(Controller, "Disarming failsafe on device %p", proxy);
    2053            0 :         auto request   = DisarmFailsafeRequest();
    2054            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnDisarmFailsafe, OnDisarmFailsafeFailure, kRootEndpointId);
    2055            0 :         if (err != CHIP_NO_ERROR)
    2056              :         {
    2057              :             // We won't get any async callbacks here, so just pretend like the command errored out async.
    2058            0 :             ChipLogError(Controller, "Failed to send command to disarm fail-safe: %" CHIP_ERROR_FORMAT, err.Format());
    2059            0 :             CleanupDoneAfterError();
    2060              :         }
    2061              :     }
    2062            0 : }
    2063              : 
    2064            0 : void DeviceCommissioner::OnDisarmFailsafe(void * context,
    2065              :                                           const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2066              : {
    2067            0 :     ChipLogProgress(Controller, "Failsafe disarmed");
    2068            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2069            0 :     commissioner->CleanupDoneAfterError();
    2070            0 : }
    2071              : 
    2072            0 : void DeviceCommissioner::OnDisarmFailsafeFailure(void * context, CHIP_ERROR error)
    2073              : {
    2074            0 :     ChipLogProgress(Controller, "Ignoring failure to disarm failsafe: %" CHIP_ERROR_FORMAT, error.Format());
    2075            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2076            0 :     commissioner->CleanupDoneAfterError();
    2077            0 : }
    2078              : 
    2079            0 : void DeviceCommissioner::CleanupDoneAfterError()
    2080              : {
    2081              :     // If someone nulled out our mDeviceBeingCommissioned, there's nothing else
    2082              :     // to do here.
    2083            0 :     VerifyOrReturn(mDeviceBeingCommissioned != nullptr);
    2084              : 
    2085            0 :     NodeId nodeId = mDeviceBeingCommissioned->GetDeviceId();
    2086              : 
    2087              :     // Signal completion - this will reset mDeviceBeingCommissioned.
    2088            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2089              : 
    2090              :     // At this point, we also want to close off the pase session so we need to re-establish
    2091            0 :     CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    2092              : 
    2093              :     // If we've disarmed the failsafe, it's because we're starting again, so kill the pase connection.
    2094            0 :     if (commissionee != nullptr)
    2095              :     {
    2096            0 :         ReleaseCommissioneeDevice(commissionee);
    2097              :     }
    2098              : 
    2099              :     // Invoke callbacks last, after we have cleared up all state.
    2100            0 :     SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    2101              : }
    2102              : 
    2103            0 : void DeviceCommissioner::SendCommissioningCompleteCallbacks(NodeId nodeId, const CompletionStatus & completionStatus)
    2104              : {
    2105              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerCommission, completionStatus.err);
    2106              : 
    2107            0 :     ChipLogProgress(Controller, "Commissioning complete for node ID 0x" ChipLogFormatX64 ": %s", ChipLogValueX64(nodeId),
    2108              :                     (completionStatus.err == CHIP_NO_ERROR ? "success" : completionStatus.err.AsString()));
    2109            0 :     mCommissioningStage = CommissioningStage::kSecurePairing;
    2110              : 
    2111            0 :     if (mPairingDelegate == nullptr)
    2112              :     {
    2113            0 :         return;
    2114              :     }
    2115              : 
    2116            0 :     mPairingDelegate->OnCommissioningComplete(nodeId, completionStatus.err);
    2117              : 
    2118            0 :     PeerId peerId(GetCompressedFabricId(), nodeId);
    2119            0 :     if (completionStatus.err == CHIP_NO_ERROR)
    2120              :     {
    2121            0 :         mPairingDelegate->OnCommissioningSuccess(peerId);
    2122              :     }
    2123              :     else
    2124              :     {
    2125              :         // TODO: We should propogate detailed error information (commissioningError, networkCommissioningStatus) from
    2126              :         // completionStatus.
    2127            0 :         mPairingDelegate->OnCommissioningFailure(peerId, completionStatus.err, completionStatus.failedStage.ValueOr(kError),
    2128            0 :                                                  completionStatus.attestationResult);
    2129              :     }
    2130              : }
    2131              : 
    2132            0 : void DeviceCommissioner::CommissioningStageComplete(CHIP_ERROR err, CommissioningDelegate::CommissioningReport report)
    2133              : {
    2134              :     // Once this stage is complete, reset mDeviceBeingCommissioned - this will be reset when the delegate calls the next step.
    2135              :     MATTER_TRACE_SCOPE("CommissioningStageComplete", "DeviceCommissioner");
    2136              :     MATTER_LOG_METRIC_END(MetricKeyForCommissioningStage(mCommissioningStage), err);
    2137            0 :     VerifyOrDie(mDeviceBeingCommissioned);
    2138              : 
    2139            0 :     NodeId nodeId            = mDeviceBeingCommissioned->GetDeviceId();
    2140            0 :     DeviceProxy * proxy      = mDeviceBeingCommissioned;
    2141            0 :     mDeviceBeingCommissioned = nullptr;
    2142            0 :     mInvokeCancelFn          = nullptr;
    2143            0 :     mWriteCancelFn           = nullptr;
    2144              : 
    2145            0 :     if (mPairingDelegate != nullptr)
    2146              :     {
    2147            0 :         mPairingDelegate->OnCommissioningStatusUpdate(PeerId(GetCompressedFabricId(), nodeId), mCommissioningStage, err);
    2148              :     }
    2149              : 
    2150            0 :     if (mCommissioningDelegate == nullptr)
    2151              :     {
    2152            0 :         return;
    2153              :     }
    2154            0 :     report.stageCompleted = mCommissioningStage;
    2155            0 :     CHIP_ERROR status     = mCommissioningDelegate->CommissioningStepFinished(err, report);
    2156            0 :     if (status != CHIP_NO_ERROR && mCommissioningStage != CommissioningStage::kCleanup)
    2157              :     {
    2158              :         // Commissioning delegate will only return error if it failed to perform the appropriate commissioning step.
    2159              :         // In this case, we should complete the commissioning for it.
    2160            0 :         CompletionStatus completionStatus;
    2161            0 :         completionStatus.err         = status;
    2162            0 :         completionStatus.failedStage = MakeOptional(report.stageCompleted);
    2163            0 :         mCommissioningStage          = CommissioningStage::kCleanup;
    2164            0 :         mDeviceBeingCommissioned     = proxy;
    2165            0 :         CleanupCommissioning(proxy, nodeId, completionStatus);
    2166              :     }
    2167              : }
    2168              : 
    2169            0 : void DeviceCommissioner::OnDeviceConnectedFn(void * context, Messaging::ExchangeManager & exchangeMgr,
    2170              :                                              const SessionHandle & sessionHandle)
    2171              : {
    2172              :     // CASE session established.
    2173              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissioningOperationalSetup, CHIP_NO_ERROR);
    2174            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2175            0 :     VerifyOrDie(commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForStayActive ||
    2176              :                 commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForCommissioningComplete);
    2177            0 :     VerifyOrDie(commissioner->mDeviceBeingCommissioned->GetDeviceId() == sessionHandle->GetPeer().GetNodeId());
    2178            0 :     commissioner->CancelCASECallbacks(); // ensure all CASE callbacks are unregistered
    2179              : 
    2180            0 :     CommissioningDelegate::CommissioningReport report;
    2181            0 :     report.Set<OperationalNodeFoundData>(OperationalNodeFoundData(OperationalDeviceProxy(&exchangeMgr, sessionHandle)));
    2182            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    2183            0 : }
    2184              : 
    2185            0 : void DeviceCommissioner::OnDeviceConnectionFailureFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error)
    2186              : {
    2187              :     // CASE session establishment failed.
    2188              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissioningOperationalSetup, error);
    2189            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2190            0 :     VerifyOrDie(commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForStayActive ||
    2191              :                 commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForCommissioningComplete);
    2192            0 :     VerifyOrDie(commissioner->mDeviceBeingCommissioned->GetDeviceId() == peerId.GetNodeId());
    2193            0 :     commissioner->CancelCASECallbacks(); // ensure all CASE callbacks are unregistered
    2194              : 
    2195            0 :     if (error != CHIP_NO_ERROR)
    2196              :     {
    2197            0 :         ChipLogProgress(Controller, "Device connection failed. Error %" CHIP_ERROR_FORMAT, error.Format());
    2198              :     }
    2199              :     else
    2200              :     {
    2201              :         // Ensure that commissioning stage advancement is done based on seeing an error.
    2202            0 :         ChipLogError(Controller, "Device connection failed without a valid error code.");
    2203            0 :         error = CHIP_ERROR_INTERNAL;
    2204              :     }
    2205            0 :     commissioner->CommissioningStageComplete(error);
    2206            0 : }
    2207              : 
    2208              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    2209              : // No specific action to take on either success or failure here; we're just
    2210              : // trying to bump the fail-safe, and if that fails it's not clear there's much
    2211              : // we can to with that.
    2212            0 : static void OnExtendFailsafeForCASERetryFailure(void * context, CHIP_ERROR error)
    2213              : {
    2214            0 :     ChipLogError(Controller, "Failed to extend fail-safe for CASE retry: %" CHIP_ERROR_FORMAT, error.Format());
    2215            0 : }
    2216              : static void
    2217            0 : OnExtendFailsafeForCASERetrySuccess(void * context,
    2218              :                                     const app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2219              : {
    2220            0 :     ChipLogProgress(Controller, "Status of extending fail-safe for CASE retry: %u", to_underlying(data.errorCode));
    2221            0 : }
    2222              : 
    2223            0 : void DeviceCommissioner::OnDeviceConnectionRetryFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error,
    2224              :                                                    System::Clock::Seconds16 retryTimeout)
    2225              : {
    2226            0 :     ChipLogError(Controller,
    2227              :                  "Session establishment failed for " ChipLogFormatScopedNodeId ", error: %" CHIP_ERROR_FORMAT
    2228              :                  ".  Next retry expected to get a response to Sigma1 or fail within %d seconds",
    2229              :                  ChipLogValueScopedNodeId(peerId), error.Format(), retryTimeout.count());
    2230              : 
    2231            0 :     auto self = static_cast<DeviceCommissioner *>(context);
    2232            0 :     VerifyOrDie(self->GetCommissioningStage() == CommissioningStage::kFindOperationalForStayActive ||
    2233              :                 self->GetCommissioningStage() == CommissioningStage::kFindOperationalForCommissioningComplete);
    2234            0 :     VerifyOrDie(self->mDeviceBeingCommissioned->GetDeviceId() == peerId.GetNodeId());
    2235              : 
    2236              :     // We need to do the fail-safe arming over the PASE session.
    2237            0 :     auto * commissioneeDevice = self->FindCommissioneeDevice(peerId.GetNodeId());
    2238            0 :     if (!commissioneeDevice)
    2239              :     {
    2240              :         // Commissioning canceled, presumably.  Just ignore the notification,
    2241              :         // not much we can do here.
    2242            0 :         return;
    2243              :     }
    2244              : 
    2245              :     // Extend by the default failsafe timeout plus our retry timeout, so we can
    2246              :     // be sure the fail-safe will not expire before we try the next time, if
    2247              :     // there will be a next time.
    2248              :     //
    2249              :     // TODO: Make it possible for our clients to control the exact timeout here?
    2250              :     uint16_t failsafeTimeout;
    2251            0 :     if (UINT16_MAX - retryTimeout.count() < kDefaultFailsafeTimeout)
    2252              :     {
    2253            0 :         failsafeTimeout = UINT16_MAX;
    2254              :     }
    2255              :     else
    2256              :     {
    2257            0 :         failsafeTimeout = static_cast<uint16_t>(retryTimeout.count() + kDefaultFailsafeTimeout);
    2258              :     }
    2259              : 
    2260              :     // A false return is fine; we don't want to make the fail-safe shorter here.
    2261            0 :     self->ExtendArmFailSafeInternal(commissioneeDevice, self->GetCommissioningStage(), failsafeTimeout,
    2262            0 :                                     MakeOptional(kMinimumCommissioningStepTimeout), OnExtendFailsafeForCASERetrySuccess,
    2263              :                                     OnExtendFailsafeForCASERetryFailure, /* fireAndForget = */ true);
    2264              : }
    2265              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    2266              : 
    2267              : // ClusterStateCache::Callback / ReadClient::Callback
    2268            0 : void DeviceCommissioner::OnDone(app::ReadClient * readClient)
    2269              : {
    2270            0 :     VerifyOrDie(readClient != nullptr && readClient == mReadClient.get());
    2271            0 :     mReadClient.reset();
    2272            0 :     switch (mCommissioningStage)
    2273              :     {
    2274            0 :     case CommissioningStage::kReadCommissioningInfo:
    2275            0 :         ContinueReadingCommissioningInfo(mCommissioningDelegate->GetCommissioningParameters());
    2276            0 :         break;
    2277            0 :     default:
    2278            0 :         VerifyOrDie(false);
    2279              :         break;
    2280              :     }
    2281            0 : }
    2282              : 
    2283              : namespace {
    2284              : // Helper for grouping attribute paths into read interactions in ContinueReadingCommissioningInfo()
    2285              : // below. The logic generates a sequence of calls to AddAttributePath(), stopping when the capacity
    2286              : // of the builder is exceeded. When creating subsequent read requests, the same sequence of calls
    2287              : // is generated again, but the builder will skip however many attributes were already read in
    2288              : // previous requests. This makes it easy to have logic that conditionally reads attributes, without
    2289              : // needing to write manual code to work out where subsequent reads need to resume -- the logic that
    2290              : // decides which attributes to read simply needs to be repeatable / deterministic.
    2291              : class ReadInteractionBuilder
    2292              : {
    2293              :     static constexpr auto kCapacity = InteractionModelEngine::kMinSupportedPathsPerReadRequest;
    2294              : 
    2295              :     size_t mSkip  = 0;
    2296              :     size_t mCount = 0;
    2297              :     app::AttributePathParams mPaths[kCapacity];
    2298              : 
    2299              : public:
    2300            0 :     ReadInteractionBuilder(size_t skip = 0) : mSkip(skip) {}
    2301              : 
    2302            0 :     size_t size() { return std::min(mCount, kCapacity); }
    2303            0 :     bool exceeded() { return mCount > kCapacity; }
    2304            0 :     app::AttributePathParams * paths() { return mPaths; }
    2305              : 
    2306              :     // Adds an attribute path if within the current window.
    2307              :     // Returns false if the available space has been exceeded.
    2308              :     template <typename... Ts>
    2309            0 :     bool AddAttributePath(Ts &&... args)
    2310              :     {
    2311            0 :         if (mSkip > 0)
    2312              :         {
    2313            0 :             mSkip--;
    2314            0 :             return true;
    2315              :         }
    2316            0 :         if (mCount >= kCapacity)
    2317              :         {
    2318              :             // capacity exceeded
    2319            0 :             mCount = kCapacity + 1;
    2320            0 :             return false;
    2321              :         }
    2322            0 :         mPaths[mCount++] = app::AttributePathParams(std::forward<Ts>(args)...);
    2323            0 :         return true;
    2324              :     }
    2325              : };
    2326              : } // namespace
    2327              : 
    2328            0 : void DeviceCommissioner::ContinueReadingCommissioningInfo(const CommissioningParameters & params)
    2329              : {
    2330            0 :     VerifyOrDie(mCommissioningStage == CommissioningStage::kReadCommissioningInfo);
    2331              : 
    2332              :     // mReadCommissioningInfoProgress starts at 0 and counts the number of paths we have read.
    2333              :     // A marker value is used to indicate that there are no further attributes to read.
    2334              :     static constexpr auto kReadProgressNoFurtherAttributes = std::numeric_limits<decltype(mReadCommissioningInfoProgress)>::max();
    2335            0 :     if (mReadCommissioningInfoProgress == kReadProgressNoFurtherAttributes)
    2336              :     {
    2337            0 :         FinishReadingCommissioningInfo(params);
    2338            0 :         return;
    2339              :     }
    2340              : 
    2341              :     // We can ony read 9 paths per Read Interaction, since that is the minimum a server has to
    2342              :     // support per spec (see "Interaction Model Limits"), so we generally need to perform more
    2343              :     // that one interaction. To build the list of attributes for each interaction, we use a
    2344              :     // builder that skips adding paths that we already handled in a previous interaction, and
    2345              :     // returns false if the current request is exhausted. This construction avoids allocating
    2346              :     // memory to hold the complete list of attributes to read up front; however the logic to
    2347              :     // determine the attributes to include must be deterministic since it runs multiple times.
    2348              :     // The use of an immediately-invoked lambda is convenient for control flow.
    2349            0 :     ReadInteractionBuilder builder(mReadCommissioningInfoProgress);
    2350            0 :     [&]() -> void {
    2351              :         // General Commissioning
    2352            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2353              :                                                 Clusters::GeneralCommissioning::Attributes::SupportsConcurrentConnection::Id));
    2354            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2355              :                                                 Clusters::GeneralCommissioning::Attributes::Breadcrumb::Id));
    2356            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2357              :                                                 Clusters::GeneralCommissioning::Attributes::BasicCommissioningInfo::Id));
    2358            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2359              :                                                 Clusters::GeneralCommissioning::Attributes::RegulatoryConfig::Id));
    2360            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2361              :                                                 Clusters::GeneralCommissioning::Attributes::LocationCapability::Id));
    2362            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2363              :                                                 Clusters::GeneralCommissioning::Attributes::IsCommissioningWithoutPower::Id));
    2364              : 
    2365              :         // Basic Information: VID and PID for device attestation purposes
    2366            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::BasicInformation::Id,
    2367              :                                                 Clusters::BasicInformation::Attributes::VendorID::Id));
    2368            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::BasicInformation::Id,
    2369              :                                                 Clusters::BasicInformation::Attributes::ProductID::Id));
    2370              : 
    2371              :         // Time Synchronization: all attributes
    2372            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::TimeSynchronization::Id));
    2373              : 
    2374              :         // Network Commissioning (all endpoints): Read the feature map and connect time
    2375              :         // TODO: Expose a flag that disables network setup so we don't need to read this
    2376            0 :         VerifyOrReturn(builder.AddAttributePath(Clusters::NetworkCommissioning::Id,
    2377              :                                                 Clusters::NetworkCommissioning::Attributes::FeatureMap::Id));
    2378            0 :         VerifyOrReturn(builder.AddAttributePath(Clusters::NetworkCommissioning::Id,
    2379              :                                                 Clusters::NetworkCommissioning::Attributes::ConnectMaxTimeSeconds::Id));
    2380              : 
    2381              :         // If we were asked to do network scans, also read ScanMaxTimeSeconds,
    2382              :         // so we know how long to wait for those.
    2383            0 :         if (params.GetAttemptWiFiNetworkScan().ValueOr(false) || params.GetAttemptThreadNetworkScan().ValueOr(false))
    2384              :         {
    2385            0 :             VerifyOrReturn(builder.AddAttributePath(Clusters::NetworkCommissioning::Id,
    2386              :                                                     Clusters::NetworkCommissioning::Attributes::ScanMaxTimeSeconds::Id));
    2387              :         }
    2388              : 
    2389              :         // OperationalCredentials: existing fabrics, if necessary
    2390            0 :         if (params.GetCheckForMatchingFabric())
    2391              :         {
    2392            0 :             VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::OperationalCredentials::Id,
    2393              :                                                     Clusters::OperationalCredentials::Attributes::Fabrics::Id));
    2394              :         }
    2395              : 
    2396              :         // ICD Management
    2397            0 :         if (params.GetICDRegistrationStrategy() != ICDRegistrationStrategy::kIgnore)
    2398              :         {
    2399            0 :             VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2400              :                                                     Clusters::IcdManagement::Attributes::FeatureMap::Id));
    2401              :         }
    2402            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2403              :                                                 Clusters::IcdManagement::Attributes::UserActiveModeTriggerHint::Id));
    2404            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2405              :                                                 Clusters::IcdManagement::Attributes::UserActiveModeTriggerInstruction::Id));
    2406            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2407              :                                                 Clusters::IcdManagement::Attributes::IdleModeDuration::Id));
    2408            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2409              :                                                 Clusters::IcdManagement::Attributes::ActiveModeDuration::Id));
    2410            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2411              :                                                 Clusters::IcdManagement::Attributes::ActiveModeThreshold::Id));
    2412              : 
    2413              :         // Extra paths requested via CommissioningParameters
    2414            0 :         for (auto const & path : params.GetExtraReadPaths())
    2415              :         {
    2416            0 :             VerifyOrReturn(builder.AddAttributePath(path));
    2417              :         }
    2418            0 :     }();
    2419              : 
    2420            0 :     VerifyOrDie(builder.size() > 0); // our logic is broken if there is nothing to read
    2421            0 :     if (builder.exceeded())
    2422              :     {
    2423              :         // Keep track of the number of attributes we have read already so we can resume from there.
    2424            0 :         auto progress = mReadCommissioningInfoProgress + builder.size();
    2425            0 :         VerifyOrDie(progress < kReadProgressNoFurtherAttributes);
    2426            0 :         mReadCommissioningInfoProgress = static_cast<decltype(mReadCommissioningInfoProgress)>(progress);
    2427              :     }
    2428              :     else
    2429              :     {
    2430            0 :         mReadCommissioningInfoProgress = kReadProgressNoFurtherAttributes;
    2431              :     }
    2432              : 
    2433            0 :     SendCommissioningReadRequest(mDeviceBeingCommissioned, mCommissioningStepTimeout, builder.paths(), builder.size());
    2434              : }
    2435              : 
    2436              : namespace {
    2437            0 : void AccumulateErrors(CHIP_ERROR & acc, CHIP_ERROR err)
    2438              : {
    2439            0 :     if (acc == CHIP_NO_ERROR && err != CHIP_NO_ERROR)
    2440              :     {
    2441            0 :         acc = err;
    2442              :     }
    2443            0 : }
    2444              : } // namespace
    2445              : 
    2446            0 : void DeviceCommissioner::FinishReadingCommissioningInfo(const CommissioningParameters & params)
    2447              : {
    2448              :     // We want to parse as much information as possible, even if we eventually end
    2449              :     // up returning an error (e.g. because some mandatory information was missing).
    2450            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2451            0 :     ReadCommissioningInfo info;
    2452            0 :     info.attributes = mAttributeCache.get();
    2453            0 :     AccumulateErrors(err, ParseGeneralCommissioningInfo(info));
    2454            0 :     AccumulateErrors(err, ParseBasicInformation(info));
    2455            0 :     AccumulateErrors(err, ParseNetworkCommissioningInfo(info));
    2456            0 :     AccumulateErrors(err, ParseTimeSyncInfo(info));
    2457            0 :     AccumulateErrors(err, ParseFabrics(info));
    2458            0 :     AccumulateErrors(err, ParseICDInfo(info));
    2459            0 :     AccumulateErrors(err, ParseExtraCommissioningInfo(info, params));
    2460              : 
    2461            0 :     if (mPairingDelegate != nullptr && err == CHIP_NO_ERROR)
    2462              :     {
    2463            0 :         mPairingDelegate->OnReadCommissioningInfo(info);
    2464              :     }
    2465              : 
    2466            0 :     CommissioningDelegate::CommissioningReport report;
    2467            0 :     report.Set<ReadCommissioningInfo>(info);
    2468            0 :     CommissioningStageComplete(err, report);
    2469              : 
    2470              :     // Only release the attribute cache once `info` is no longer needed.
    2471            0 :     mAttributeCache.reset();
    2472            0 : }
    2473              : 
    2474            0 : CHIP_ERROR DeviceCommissioner::ParseGeneralCommissioningInfo(ReadCommissioningInfo & info)
    2475              : {
    2476              :     using namespace GeneralCommissioning::Attributes;
    2477            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2478              :     CHIP_ERROR err;
    2479              : 
    2480            0 :     BasicCommissioningInfo::TypeInfo::DecodableType basicInfo;
    2481            0 :     err = mAttributeCache->Get<BasicCommissioningInfo::TypeInfo>(kRootEndpointId, basicInfo);
    2482            0 :     if (err == CHIP_NO_ERROR)
    2483              :     {
    2484            0 :         info.general.recommendedFailsafe = basicInfo.failSafeExpiryLengthSeconds;
    2485              :     }
    2486              :     else
    2487              :     {
    2488            0 :         ChipLogError(Controller, "Failed to read BasicCommissioningInfo: %" CHIP_ERROR_FORMAT, err.Format());
    2489            0 :         return_err = err;
    2490              :     }
    2491              : 
    2492            0 :     err = mAttributeCache->Get<RegulatoryConfig::TypeInfo>(kRootEndpointId, info.general.currentRegulatoryLocation);
    2493            0 :     if (err != CHIP_NO_ERROR)
    2494              :     {
    2495            0 :         ChipLogError(Controller, "Failed to read RegulatoryConfig: %" CHIP_ERROR_FORMAT, err.Format());
    2496            0 :         return_err = err;
    2497              :     }
    2498              : 
    2499            0 :     err = mAttributeCache->Get<LocationCapability::TypeInfo>(kRootEndpointId, info.general.locationCapability);
    2500            0 :     if (err != CHIP_NO_ERROR)
    2501              :     {
    2502            0 :         ChipLogError(Controller, "Failed to read LocationCapability: %" CHIP_ERROR_FORMAT, err.Format());
    2503            0 :         return_err = err;
    2504              :     }
    2505              : 
    2506            0 :     err = mAttributeCache->Get<Breadcrumb::TypeInfo>(kRootEndpointId, info.general.breadcrumb);
    2507            0 :     if (err != CHIP_NO_ERROR)
    2508              :     {
    2509            0 :         ChipLogError(Controller, "Failed to read Breadcrumb: %" CHIP_ERROR_FORMAT, err.Format());
    2510            0 :         return_err = err;
    2511              :     }
    2512              : 
    2513            0 :     err = mAttributeCache->Get<SupportsConcurrentConnection::TypeInfo>(kRootEndpointId, info.supportsConcurrentConnection);
    2514            0 :     if (err != CHIP_NO_ERROR)
    2515              :     {
    2516            0 :         ChipLogError(Controller, "Ignoring failure to read SupportsConcurrentConnection: %" CHIP_ERROR_FORMAT, err.Format());
    2517            0 :         info.supportsConcurrentConnection = true; // default to true (concurrent), not a fatal error
    2518              :     }
    2519              : 
    2520            0 :     err = mAttributeCache->Get<IsCommissioningWithoutPower::TypeInfo>(kRootEndpointId, info.general.isCommissioningWithoutPower);
    2521            0 :     if (err != CHIP_NO_ERROR)
    2522              :     {
    2523            0 :         ChipLogError(Controller, "Ignoring failure to read IsCommissioningWithoutPower: %" CHIP_ERROR_FORMAT, err.Format());
    2524            0 :         info.general.isCommissioningWithoutPower = false; // default to false, not a fatal error
    2525              :     }
    2526              : 
    2527            0 :     return return_err;
    2528              : }
    2529              : 
    2530            0 : CHIP_ERROR DeviceCommissioner::ParseBasicInformation(ReadCommissioningInfo & info)
    2531              : {
    2532              :     using namespace BasicInformation::Attributes;
    2533            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2534              :     CHIP_ERROR err;
    2535              : 
    2536            0 :     err = mAttributeCache->Get<VendorID::TypeInfo>(kRootEndpointId, info.basic.vendorId);
    2537            0 :     if (err != CHIP_NO_ERROR)
    2538              :     {
    2539            0 :         ChipLogError(Controller, "Failed to read VendorID: %" CHIP_ERROR_FORMAT, err.Format());
    2540            0 :         return_err = err;
    2541              :     }
    2542              : 
    2543            0 :     err = mAttributeCache->Get<ProductID::TypeInfo>(kRootEndpointId, info.basic.productId);
    2544            0 :     if (err != CHIP_NO_ERROR)
    2545              :     {
    2546            0 :         ChipLogError(Controller, "Failed to read ProductID: %" CHIP_ERROR_FORMAT, err.Format());
    2547            0 :         return_err = err;
    2548              :     }
    2549              : 
    2550            0 :     return return_err;
    2551              : }
    2552              : 
    2553            0 : CHIP_ERROR DeviceCommissioner::ParseNetworkCommissioningInfo(ReadCommissioningInfo & info)
    2554              : {
    2555              :     using namespace NetworkCommissioning::Attributes;
    2556            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2557              :     CHIP_ERROR err;
    2558              : 
    2559              :     // Set the network cluster endpoints first so we can match up the connection
    2560              :     // times. Note that here we don't know what endpoints the network
    2561              :     // commissioning clusters might be on.
    2562            0 :     err = mAttributeCache->ForEachAttribute(NetworkCommissioning::Id, [this, &info](const ConcreteAttributePath & path) {
    2563            0 :         VerifyOrReturnError(path.mAttributeId == FeatureMap::Id, CHIP_NO_ERROR);
    2564            0 :         BitFlags<NetworkCommissioning::Feature> features;
    2565            0 :         if (mAttributeCache->Get<FeatureMap::TypeInfo>(path, *features.RawStorage()) == CHIP_NO_ERROR)
    2566              :         {
    2567            0 :             if (features.Has(NetworkCommissioning::Feature::kWiFiNetworkInterface))
    2568              :             {
    2569            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has WiFi. endpointid = %u", path.mEndpointId);
    2570            0 :                 info.network.wifi.endpoint = path.mEndpointId;
    2571              :             }
    2572            0 :             else if (features.Has(NetworkCommissioning::Feature::kThreadNetworkInterface))
    2573              :             {
    2574            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has Thread. endpointid = %u", path.mEndpointId);
    2575            0 :                 info.network.thread.endpoint = path.mEndpointId;
    2576              :             }
    2577            0 :             else if (features.Has(NetworkCommissioning::Feature::kEthernetNetworkInterface))
    2578              :             {
    2579            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has Ethernet. endpointid = %u", path.mEndpointId);
    2580            0 :                 info.network.eth.endpoint = path.mEndpointId;
    2581              :             }
    2582              :         }
    2583            0 :         return CHIP_NO_ERROR;
    2584              :     });
    2585            0 :     AccumulateErrors(return_err, err);
    2586              : 
    2587            0 :     if (info.network.thread.endpoint != kInvalidEndpointId)
    2588              :     {
    2589            0 :         err = ParseNetworkCommissioningTimeouts(info.network.thread, "Thread");
    2590            0 :         AccumulateErrors(return_err, err);
    2591              :     }
    2592              : 
    2593            0 :     if (info.network.wifi.endpoint != kInvalidEndpointId)
    2594              :     {
    2595            0 :         err = ParseNetworkCommissioningTimeouts(info.network.wifi, "Wi-Fi");
    2596            0 :         AccumulateErrors(return_err, err);
    2597              :     }
    2598              : 
    2599            0 :     if (return_err != CHIP_NO_ERROR)
    2600              :     {
    2601            0 :         ChipLogError(Controller, "Failed to parse Network Commissioning information: %" CHIP_ERROR_FORMAT, return_err.Format());
    2602              :     }
    2603            0 :     return return_err;
    2604              : }
    2605              : 
    2606            0 : CHIP_ERROR DeviceCommissioner::ParseNetworkCommissioningTimeouts(NetworkClusterInfo & networkInfo, const char * networkType)
    2607              : {
    2608              :     using namespace NetworkCommissioning::Attributes;
    2609              : 
    2610            0 :     CHIP_ERROR err = mAttributeCache->Get<ConnectMaxTimeSeconds::TypeInfo>(networkInfo.endpoint, networkInfo.minConnectionTime);
    2611            0 :     if (err != CHIP_NO_ERROR)
    2612              :     {
    2613            0 :         ChipLogError(Controller, "Failed to read %s ConnectMaxTimeSeconds (endpoint %u): %" CHIP_ERROR_FORMAT, networkType,
    2614              :                      networkInfo.endpoint, err.Format());
    2615            0 :         return err;
    2616              :     }
    2617              : 
    2618            0 :     err = mAttributeCache->Get<ScanMaxTimeSeconds::TypeInfo>(networkInfo.endpoint, networkInfo.maxScanTime);
    2619            0 :     if (err != CHIP_NO_ERROR)
    2620              :     {
    2621              :         // We don't always read this attribute, and we read it as a wildcard, so
    2622              :         // don't treat it as an error simply because it's missing.
    2623            0 :         if (err != CHIP_ERROR_KEY_NOT_FOUND)
    2624              :         {
    2625            0 :             ChipLogError(Controller, "Failed to read %s ScanMaxTimeSeconds (endpoint: %u): %" CHIP_ERROR_FORMAT, networkType,
    2626              :                          networkInfo.endpoint, err.Format());
    2627            0 :             return err;
    2628              :         }
    2629              : 
    2630              :         // Just flag as "we don't know".
    2631            0 :         networkInfo.maxScanTime = 0;
    2632              :     }
    2633              : 
    2634            0 :     return CHIP_NO_ERROR;
    2635              : }
    2636              : 
    2637            0 : CHIP_ERROR DeviceCommissioner::ParseTimeSyncInfo(ReadCommissioningInfo & info)
    2638              : {
    2639              :     using namespace TimeSynchronization::Attributes;
    2640              :     CHIP_ERROR err;
    2641              : 
    2642              :     // If we fail to get the feature map, there's no viable time cluster, don't set anything.
    2643            0 :     BitFlags<TimeSynchronization::Feature> featureMap;
    2644            0 :     err = mAttributeCache->Get<FeatureMap::TypeInfo>(kRootEndpointId, *featureMap.RawStorage());
    2645            0 :     if (err != CHIP_NO_ERROR)
    2646              :     {
    2647            0 :         info.requiresUTC               = false;
    2648            0 :         info.requiresTimeZone          = false;
    2649            0 :         info.requiresDefaultNTP        = false;
    2650            0 :         info.requiresTrustedTimeSource = false;
    2651            0 :         return CHIP_NO_ERROR;
    2652              :     }
    2653            0 :     info.requiresUTC               = true;
    2654            0 :     info.requiresTimeZone          = featureMap.Has(TimeSynchronization::Feature::kTimeZone);
    2655            0 :     info.requiresDefaultNTP        = featureMap.Has(TimeSynchronization::Feature::kNTPClient);
    2656            0 :     info.requiresTrustedTimeSource = featureMap.Has(TimeSynchronization::Feature::kTimeSyncClient);
    2657              : 
    2658            0 :     if (info.requiresTimeZone)
    2659              :     {
    2660            0 :         err = mAttributeCache->Get<TimeZoneListMaxSize::TypeInfo>(kRootEndpointId, info.maxTimeZoneSize);
    2661            0 :         if (err != CHIP_NO_ERROR)
    2662              :         {
    2663              :             // This information should be available, let's do our best with what we have, but we can't set
    2664              :             // the time zone without this information
    2665            0 :             info.requiresTimeZone = false;
    2666              :         }
    2667            0 :         err = mAttributeCache->Get<DSTOffsetListMaxSize::TypeInfo>(kRootEndpointId, info.maxDSTSize);
    2668            0 :         if (err != CHIP_NO_ERROR)
    2669              :         {
    2670            0 :             info.requiresTimeZone = false;
    2671              :         }
    2672              :     }
    2673            0 :     if (info.requiresDefaultNTP)
    2674              :     {
    2675            0 :         DefaultNTP::TypeInfo::DecodableType defaultNTP;
    2676            0 :         err = mAttributeCache->Get<DefaultNTP::TypeInfo>(kRootEndpointId, defaultNTP);
    2677            0 :         if (err == CHIP_NO_ERROR && (!defaultNTP.IsNull()) && (defaultNTP.Value().size() != 0))
    2678              :         {
    2679            0 :             info.requiresDefaultNTP = false;
    2680              :         }
    2681              :     }
    2682            0 :     if (info.requiresTrustedTimeSource)
    2683              :     {
    2684            0 :         TrustedTimeSource::TypeInfo::DecodableType trustedTimeSource;
    2685            0 :         err = mAttributeCache->Get<TrustedTimeSource::TypeInfo>(kRootEndpointId, trustedTimeSource);
    2686            0 :         if (err == CHIP_NO_ERROR && !trustedTimeSource.IsNull())
    2687              :         {
    2688            0 :             info.requiresTrustedTimeSource = false;
    2689              :         }
    2690              :     }
    2691              : 
    2692            0 :     return CHIP_NO_ERROR;
    2693              : }
    2694              : 
    2695            0 : CHIP_ERROR DeviceCommissioner::ParseFabrics(ReadCommissioningInfo & info)
    2696              : {
    2697              :     using namespace OperationalCredentials::Attributes;
    2698              :     CHIP_ERROR err;
    2699            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2700              : 
    2701              :     // We might not have requested a Fabrics attribute at all, so not having a
    2702              :     // value for it is not an error.
    2703            0 :     err = mAttributeCache->ForEachAttribute(OperationalCredentials::Id, [this, &info](const ConcreteAttributePath & path) {
    2704              :         using namespace chip::app::Clusters::OperationalCredentials::Attributes;
    2705              :         // this code is checking if the device is already on the commissioner's fabric.
    2706              :         // if a matching fabric is found, then remember the nodeId so that the commissioner
    2707              :         // can, if it decides to, cancel commissioning (before it fails in AddNoc) and know
    2708              :         // the device's nodeId on its fabric.
    2709            0 :         switch (path.mAttributeId)
    2710              :         {
    2711            0 :         case Fabrics::Id: {
    2712            0 :             Fabrics::TypeInfo::DecodableType fabrics;
    2713            0 :             ReturnErrorOnFailure(this->mAttributeCache->Get<Fabrics::TypeInfo>(path, fabrics));
    2714              :             // this is a best effort attempt to find a matching fabric, so no error checking on iter
    2715            0 :             auto iter = fabrics.begin();
    2716            0 :             while (iter.Next())
    2717              :             {
    2718            0 :                 auto & fabricDescriptor = iter.GetValue();
    2719            0 :                 ChipLogProgress(Controller,
    2720              :                                 "DeviceCommissioner::OnDone - fabric.vendorId=0x%04X fabric.fabricId=0x" ChipLogFormatX64
    2721              :                                 " fabric.nodeId=0x" ChipLogFormatX64,
    2722              :                                 fabricDescriptor.vendorID, ChipLogValueX64(fabricDescriptor.fabricID),
    2723              :                                 ChipLogValueX64(fabricDescriptor.nodeID));
    2724            0 :                 if (GetFabricId() == fabricDescriptor.fabricID)
    2725              :                 {
    2726            0 :                     ChipLogProgress(Controller, "DeviceCommissioner::OnDone - found a matching fabric id");
    2727            0 :                     chip::ByteSpan rootKeySpan = fabricDescriptor.rootPublicKey;
    2728            0 :                     if (rootKeySpan.size() != Crypto::kP256_PublicKey_Length)
    2729              :                     {
    2730            0 :                         ChipLogError(Controller, "DeviceCommissioner::OnDone - fabric root key size mismatch %u != %u",
    2731              :                                      static_cast<unsigned>(rootKeySpan.size()),
    2732              :                                      static_cast<unsigned>(Crypto::kP256_PublicKey_Length));
    2733            0 :                         continue;
    2734              :                     }
    2735            0 :                     P256PublicKeySpan rootPubKeySpan(rootKeySpan.data());
    2736            0 :                     Crypto::P256PublicKey deviceRootPublicKey(rootPubKeySpan);
    2737              : 
    2738            0 :                     Crypto::P256PublicKey commissionerRootPublicKey;
    2739            0 :                     if (CHIP_NO_ERROR != GetRootPublicKey(commissionerRootPublicKey))
    2740              :                     {
    2741            0 :                         ChipLogError(Controller, "DeviceCommissioner::OnDone - error reading commissioner root public key");
    2742              :                     }
    2743            0 :                     else if (commissionerRootPublicKey.Matches(deviceRootPublicKey))
    2744              :                     {
    2745            0 :                         ChipLogProgress(Controller, "DeviceCommissioner::OnDone - fabric root keys match");
    2746            0 :                         info.remoteNodeId = fabricDescriptor.nodeID;
    2747              :                     }
    2748            0 :                 }
    2749              :             }
    2750              : 
    2751            0 :             return CHIP_NO_ERROR;
    2752              :         }
    2753            0 :         default:
    2754            0 :             return CHIP_NO_ERROR;
    2755              :         }
    2756              :     });
    2757              : 
    2758            0 :     if (mPairingDelegate != nullptr)
    2759              :     {
    2760            0 :         mPairingDelegate->OnFabricCheck(info.remoteNodeId);
    2761              :     }
    2762              : 
    2763            0 :     return return_err;
    2764              : }
    2765              : 
    2766            0 : CHIP_ERROR DeviceCommissioner::ParseICDInfo(ReadCommissioningInfo & info)
    2767              : {
    2768              :     using namespace IcdManagement::Attributes;
    2769              :     CHIP_ERROR err;
    2770              : 
    2771            0 :     bool hasUserActiveModeTrigger = false;
    2772            0 :     bool isICD                    = false;
    2773              : 
    2774            0 :     BitFlags<IcdManagement::Feature> featureMap;
    2775            0 :     err = mAttributeCache->Get<FeatureMap::TypeInfo>(kRootEndpointId, *featureMap.RawStorage());
    2776            0 :     if (err == CHIP_NO_ERROR)
    2777              :     {
    2778            0 :         info.icd.isLIT                  = featureMap.Has(IcdManagement::Feature::kLongIdleTimeSupport);
    2779            0 :         info.icd.checkInProtocolSupport = featureMap.Has(IcdManagement::Feature::kCheckInProtocolSupport);
    2780            0 :         hasUserActiveModeTrigger        = featureMap.Has(IcdManagement::Feature::kUserActiveModeTrigger);
    2781            0 :         isICD                           = true;
    2782              :     }
    2783            0 :     else if (err == CHIP_ERROR_KEY_NOT_FOUND)
    2784              :     {
    2785              :         // This key is optional so not an error
    2786            0 :         info.icd.isLIT = false;
    2787            0 :         err            = CHIP_NO_ERROR;
    2788              :     }
    2789            0 :     else if (err == CHIP_ERROR_IM_STATUS_CODE_RECEIVED)
    2790              :     {
    2791            0 :         app::StatusIB statusIB;
    2792            0 :         err = mAttributeCache->GetStatus(app::ConcreteAttributePath(kRootEndpointId, IcdManagement::Id, FeatureMap::Id), statusIB);
    2793            0 :         if (err == CHIP_NO_ERROR)
    2794              :         {
    2795            0 :             if (statusIB.mStatus == Protocols::InteractionModel::Status::UnsupportedCluster)
    2796              :             {
    2797            0 :                 info.icd.isLIT = false;
    2798              :             }
    2799              :             else
    2800              :             {
    2801            0 :                 err = statusIB.ToChipError();
    2802              :             }
    2803              :         }
    2804              :     }
    2805              : 
    2806            0 :     ReturnErrorOnFailure(err);
    2807              : 
    2808            0 :     info.icd.userActiveModeTriggerHint.ClearAll();
    2809            0 :     info.icd.userActiveModeTriggerInstruction = CharSpan();
    2810              : 
    2811            0 :     if (hasUserActiveModeTrigger)
    2812              :     {
    2813              :         // Intentionally ignore errors since they are not mandatory.
    2814            0 :         bool activeModeTriggerInstructionRequired = false;
    2815              : 
    2816            0 :         err = mAttributeCache->Get<UserActiveModeTriggerHint::TypeInfo>(kRootEndpointId, info.icd.userActiveModeTriggerHint);
    2817            0 :         if (err != CHIP_NO_ERROR)
    2818              :         {
    2819            0 :             ChipLogError(Controller, "IcdManagement.UserActiveModeTriggerHint expected, but failed to read.");
    2820            0 :             return err;
    2821              :         }
    2822              : 
    2823              :         using IcdManagement::UserActiveModeTriggerBitmap;
    2824            0 :         activeModeTriggerInstructionRequired = info.icd.userActiveModeTriggerHint.HasAny(
    2825            0 :             UserActiveModeTriggerBitmap::kCustomInstruction, UserActiveModeTriggerBitmap::kActuateSensorSeconds,
    2826            0 :             UserActiveModeTriggerBitmap::kActuateSensorTimes, UserActiveModeTriggerBitmap::kActuateSensorLightsBlink,
    2827            0 :             UserActiveModeTriggerBitmap::kResetButtonLightsBlink, UserActiveModeTriggerBitmap::kResetButtonSeconds,
    2828            0 :             UserActiveModeTriggerBitmap::kResetButtonTimes, UserActiveModeTriggerBitmap::kSetupButtonSeconds,
    2829            0 :             UserActiveModeTriggerBitmap::kSetupButtonTimes, UserActiveModeTriggerBitmap::kSetupButtonTimes,
    2830            0 :             UserActiveModeTriggerBitmap::kAppDefinedButton);
    2831              : 
    2832            0 :         if (activeModeTriggerInstructionRequired)
    2833              :         {
    2834            0 :             err = mAttributeCache->Get<UserActiveModeTriggerInstruction::TypeInfo>(kRootEndpointId,
    2835            0 :                                                                                    info.icd.userActiveModeTriggerInstruction);
    2836            0 :             if (err != CHIP_NO_ERROR)
    2837              :             {
    2838            0 :                 ChipLogError(Controller,
    2839              :                              "IcdManagement.UserActiveModeTriggerInstruction expected for given active mode trigger hint, but "
    2840              :                              "failed to read.");
    2841            0 :                 return err;
    2842              :             }
    2843              :         }
    2844              :     }
    2845              : 
    2846            0 :     if (!isICD)
    2847              :     {
    2848            0 :         info.icd.idleModeDuration    = 0;
    2849            0 :         info.icd.activeModeDuration  = 0;
    2850            0 :         info.icd.activeModeThreshold = 0;
    2851            0 :         return CHIP_NO_ERROR;
    2852              :     }
    2853              : 
    2854            0 :     err = mAttributeCache->Get<IdleModeDuration::TypeInfo>(kRootEndpointId, info.icd.idleModeDuration);
    2855            0 :     if (err != CHIP_NO_ERROR)
    2856              :     {
    2857            0 :         ChipLogError(Controller, "IcdManagement.IdleModeDuration expected, but failed to read: %" CHIP_ERROR_FORMAT, err.Format());
    2858            0 :         return err;
    2859              :     }
    2860              : 
    2861            0 :     err = mAttributeCache->Get<ActiveModeDuration::TypeInfo>(kRootEndpointId, info.icd.activeModeDuration);
    2862            0 :     if (err != CHIP_NO_ERROR)
    2863              :     {
    2864            0 :         ChipLogError(Controller, "IcdManagement.ActiveModeDuration expected, but failed to read: %" CHIP_ERROR_FORMAT,
    2865              :                      err.Format());
    2866            0 :         return err;
    2867              :     }
    2868              : 
    2869            0 :     err = mAttributeCache->Get<ActiveModeThreshold::TypeInfo>(kRootEndpointId, info.icd.activeModeThreshold);
    2870            0 :     if (err != CHIP_NO_ERROR)
    2871              :     {
    2872            0 :         ChipLogError(Controller, "IcdManagement.ActiveModeThreshold expected, but failed to read: %" CHIP_ERROR_FORMAT,
    2873              :                      err.Format());
    2874              :     }
    2875              : 
    2876            0 :     return err;
    2877              : }
    2878              : 
    2879            0 : void DeviceCommissioner::OnArmFailSafe(void * context,
    2880              :                                        const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2881              : {
    2882            0 :     CommissioningDelegate::CommissioningReport report;
    2883            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2884              : 
    2885            0 :     ChipLogProgress(Controller, "Received ArmFailSafe response errorCode=%u", to_underlying(data.errorCode));
    2886            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2887              :     {
    2888            0 :         err = CHIP_ERROR_INTERNAL;
    2889            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2890              :     }
    2891              : 
    2892            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2893            0 :     commissioner->CommissioningStageComplete(err, report);
    2894            0 : }
    2895              : 
    2896            0 : void DeviceCommissioner::OnSetRegulatoryConfigResponse(
    2897              :     void * context, const GeneralCommissioning::Commands::SetRegulatoryConfigResponse::DecodableType & data)
    2898              : {
    2899            0 :     CommissioningDelegate::CommissioningReport report;
    2900            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2901              : 
    2902            0 :     ChipLogProgress(Controller, "Received SetRegulatoryConfig response errorCode=%u", to_underlying(data.errorCode));
    2903            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2904              :     {
    2905            0 :         err = CHIP_ERROR_INTERNAL;
    2906            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2907              :     }
    2908            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2909            0 :     commissioner->CommissioningStageComplete(err, report);
    2910            0 : }
    2911              : 
    2912            0 : void DeviceCommissioner::OnSetTCAcknowledgementsResponse(
    2913              :     void * context, const GeneralCommissioning::Commands::SetTCAcknowledgementsResponse::DecodableType & data)
    2914              : {
    2915            0 :     CommissioningDelegate::CommissioningReport report;
    2916            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2917              : 
    2918            0 :     ChipLogProgress(Controller, "Received SetTCAcknowledgements response errorCode=%u", to_underlying(data.errorCode));
    2919            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2920              :     {
    2921            0 :         err = CHIP_ERROR_INTERNAL;
    2922            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2923              :     }
    2924            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2925            0 :     commissioner->CommissioningStageComplete(err, report);
    2926            0 : }
    2927              : 
    2928            0 : void DeviceCommissioner::OnSetTimeZoneResponse(void * context,
    2929              :                                                const TimeSynchronization::Commands::SetTimeZoneResponse::DecodableType & data)
    2930              : {
    2931            0 :     CommissioningDelegate::CommissioningReport report;
    2932            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    2933            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2934              :     TimeZoneResponseInfo info;
    2935            0 :     info.requiresDSTOffsets = data.DSTOffsetRequired;
    2936            0 :     report.Set<TimeZoneResponseInfo>(info);
    2937            0 :     commissioner->CommissioningStageComplete(err, report);
    2938            0 : }
    2939              : 
    2940            0 : void DeviceCommissioner::OnSetUTCError(void * context, CHIP_ERROR error)
    2941              : {
    2942              :     // For SetUTCTime, we don't actually care if the commissionee didn't want out time, that's its choice
    2943            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2944            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2945            0 : }
    2946              : 
    2947            0 : void DeviceCommissioner::OnScanNetworksFailure(void * context, CHIP_ERROR error)
    2948              : {
    2949            0 :     ChipLogProgress(Controller, "Received ScanNetworks failure response %" CHIP_ERROR_FORMAT, error.Format());
    2950              : 
    2951            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2952              : 
    2953              :     // advance to the kNeedsNetworkCreds waiting step
    2954              :     // clear error so that we don't abort the commissioning when ScanNetworks fails
    2955            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2956              : 
    2957            0 :     if (commissioner->GetPairingDelegate() != nullptr)
    2958              :     {
    2959            0 :         commissioner->GetPairingDelegate()->OnScanNetworksFailure(error);
    2960              :     }
    2961            0 : }
    2962              : 
    2963            0 : void DeviceCommissioner::OnScanNetworksResponse(void * context,
    2964              :                                                 const NetworkCommissioning::Commands::ScanNetworksResponse::DecodableType & data)
    2965              : {
    2966            0 :     CommissioningDelegate::CommissioningReport report;
    2967              : 
    2968            0 :     ChipLogProgress(Controller, "Received ScanNetwork response, networkingStatus=%u debugText=%s",
    2969              :                     to_underlying(data.networkingStatus),
    2970              :                     (data.debugText.HasValue() ? std::string(data.debugText.Value().data(), data.debugText.Value().size()).c_str()
    2971              :                                                : "none provided"));
    2972            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2973              : 
    2974              :     // advance to the kNeedsNetworkCreds waiting step
    2975            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2976              : 
    2977            0 :     if (commissioner->GetPairingDelegate() != nullptr)
    2978              :     {
    2979            0 :         commissioner->GetPairingDelegate()->OnScanNetworksSuccess(data);
    2980              :     }
    2981            0 : }
    2982              : 
    2983            0 : CHIP_ERROR DeviceCommissioner::NetworkCredentialsReady()
    2984              : {
    2985            0 :     VerifyOrReturnError(mCommissioningStage == CommissioningStage::kNeedsNetworkCreds, CHIP_ERROR_INCORRECT_STATE);
    2986              : 
    2987              :     // need to advance to next step
    2988            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2989              : 
    2990            0 :     return CHIP_NO_ERROR;
    2991              : }
    2992              : 
    2993            0 : CHIP_ERROR DeviceCommissioner::ICDRegistrationInfoReady()
    2994              : {
    2995            0 :     VerifyOrReturnError(mCommissioningStage == CommissioningStage::kICDGetRegistrationInfo, CHIP_ERROR_INCORRECT_STATE);
    2996              : 
    2997              :     // need to advance to next step
    2998            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2999              : 
    3000            0 :     return CHIP_NO_ERROR;
    3001              : }
    3002              : 
    3003            0 : void DeviceCommissioner::OnNetworkConfigResponse(void * context,
    3004              :                                                  const NetworkCommissioning::Commands::NetworkConfigResponse::DecodableType & data)
    3005              : {
    3006            0 :     CommissioningDelegate::CommissioningReport report;
    3007            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    3008              : 
    3009            0 :     ChipLogProgress(Controller, "Received NetworkConfig response, networkingStatus=%u", to_underlying(data.networkingStatus));
    3010            0 :     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
    3011              :     {
    3012            0 :         err = CHIP_ERROR_INTERNAL;
    3013            0 :         report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
    3014              :     }
    3015            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    3016            0 :     commissioner->CommissioningStageComplete(err, report);
    3017            0 : }
    3018              : 
    3019            0 : void DeviceCommissioner::OnConnectNetworkResponse(
    3020              :     void * context, const NetworkCommissioning::Commands::ConnectNetworkResponse::DecodableType & data)
    3021              : {
    3022            0 :     CommissioningDelegate::CommissioningReport report;
    3023            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    3024              : 
    3025            0 :     ChipLogProgress(Controller, "Received ConnectNetwork response, networkingStatus=%u", to_underlying(data.networkingStatus));
    3026            0 :     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
    3027              :     {
    3028            0 :         err = CHIP_ERROR_INTERNAL;
    3029            0 :         report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
    3030              :     }
    3031            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    3032            0 :     commissioner->CommissioningStageComplete(err, report);
    3033            0 : }
    3034              : 
    3035            0 : void DeviceCommissioner::OnCommissioningCompleteResponse(
    3036              :     void * context, const GeneralCommissioning::Commands::CommissioningCompleteResponse::DecodableType & data)
    3037              : {
    3038            0 :     CommissioningDelegate::CommissioningReport report;
    3039            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    3040              : 
    3041            0 :     ChipLogProgress(Controller, "Received CommissioningComplete response, errorCode=%u", to_underlying(data.errorCode));
    3042            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    3043              :     {
    3044            0 :         err = CHIP_ERROR_INTERNAL;
    3045            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    3046              :     }
    3047            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    3048            0 :     commissioner->CommissioningStageComplete(err, report);
    3049            0 : }
    3050              : 
    3051              : template <typename RequestObjectT>
    3052              : CHIP_ERROR
    3053            0 : DeviceCommissioner::SendCommissioningCommand(DeviceProxy * device, const RequestObjectT & request,
    3054              :                                              CommandResponseSuccessCallback<typename RequestObjectT::ResponseType> successCb,
    3055              :                                              CommandResponseFailureCallback failureCb, EndpointId endpoint,
    3056              :                                              Optional<System::Clock::Timeout> timeout, bool fireAndForget)
    3057              : 
    3058              : {
    3059              :     // Default behavior is to make sequential, cancellable calls tracked via mInvokeCancelFn.
    3060              :     // Fire-and-forget calls are not cancellable and don't receive `this` as context in callbacks.
    3061            0 :     VerifyOrDie(fireAndForget || !mInvokeCancelFn); // we don't make parallel (cancellable) calls
    3062              : 
    3063            0 :     void * context   = (!fireAndForget) ? this : nullptr;
    3064            0 :     auto onSuccessCb = [context, successCb](const app::ConcreteCommandPath & aPath, const app::StatusIB & aStatus,
    3065              :                                             const typename RequestObjectT::ResponseType & responseData) {
    3066            0 :         successCb(context, responseData);
    3067              :     };
    3068            0 :     auto onFailureCb = [context, failureCb](CHIP_ERROR aError) { failureCb(context, aError); };
    3069              : 
    3070            0 :     return InvokeCommandRequest(device->GetExchangeManager(), device->GetSecureSession().Value(), endpoint, request, onSuccessCb,
    3071            0 :                                 onFailureCb, NullOptional, timeout, (!fireAndForget) ? &mInvokeCancelFn : nullptr);
    3072              : }
    3073              : 
    3074              : template <typename AttrType>
    3075              : CHIP_ERROR DeviceCommissioner::SendCommissioningWriteRequest(DeviceProxy * device, EndpointId endpoint, ClusterId cluster,
    3076              :                                                              AttributeId attribute, const AttrType & requestData,
    3077              :                                                              WriteResponseSuccessCallback successCb,
    3078              :                                                              WriteResponseFailureCallback failureCb)
    3079              : {
    3080              :     VerifyOrDie(!mWriteCancelFn); // we don't make parallel (cancellable) calls
    3081              :     auto onSuccessCb = [this, successCb](const app::ConcreteAttributePath & aPath) { successCb(this); };
    3082              :     auto onFailureCb = [this, failureCb](const app::ConcreteAttributePath * aPath, CHIP_ERROR aError) { failureCb(this, aError); };
    3083              :     return WriteAttribute(device->GetSecureSession().Value(), endpoint, cluster, attribute, requestData, onSuccessCb, onFailureCb,
    3084              :                           /* aTimedWriteTimeoutMs = */ NullOptional, /* onDoneCb = */ nullptr, /* aDataVersion = */ NullOptional,
    3085              :                           /* outCancelFn = */ &mWriteCancelFn);
    3086              : }
    3087              : 
    3088            0 : void DeviceCommissioner::SendCommissioningReadRequest(DeviceProxy * proxy, Optional<System::Clock::Timeout> timeout,
    3089              :                                                       app::AttributePathParams * readPaths, size_t readPathsSize)
    3090              : {
    3091            0 :     VerifyOrDie(!mReadClient); // we don't perform parallel reads
    3092              : 
    3093            0 :     app::InteractionModelEngine * engine = app::InteractionModelEngine::GetInstance();
    3094            0 :     app::ReadPrepareParams readParams(proxy->GetSecureSession().Value());
    3095            0 :     readParams.mIsFabricFiltered = false;
    3096            0 :     if (timeout.HasValue())
    3097              :     {
    3098            0 :         readParams.mTimeout = timeout.Value();
    3099              :     }
    3100            0 :     readParams.mpAttributePathParamsList    = readPaths;
    3101            0 :     readParams.mAttributePathParamsListSize = readPathsSize;
    3102              : 
    3103              :     // Take ownership of the attribute cache, so it can be released if SendRequest fails.
    3104            0 :     auto attributeCache = std::move(mAttributeCache);
    3105              :     auto readClient     = chip::Platform::MakeUnique<app::ReadClient>(
    3106            0 :         engine, proxy->GetExchangeManager(), attributeCache->GetBufferedCallback(), app::ReadClient::InteractionType::Read);
    3107            0 :     CHIP_ERROR err = readClient->SendRequest(readParams);
    3108            0 :     if (err != CHIP_NO_ERROR)
    3109              :     {
    3110            0 :         ChipLogError(Controller, "Failed to send read request: %" CHIP_ERROR_FORMAT, err.Format());
    3111            0 :         CommissioningStageComplete(err);
    3112            0 :         return;
    3113              :     }
    3114            0 :     mAttributeCache = std::move(attributeCache);
    3115            0 :     mReadClient     = std::move(readClient);
    3116            0 : }
    3117              : 
    3118            0 : void DeviceCommissioner::PerformCommissioningStep(DeviceProxy * proxy, CommissioningStage step, CommissioningParameters & params,
    3119              :                                                   CommissioningDelegate * delegate, EndpointId endpoint,
    3120              :                                                   Optional<System::Clock::Timeout> timeout)
    3121              : 
    3122              : {
    3123              :     MATTER_LOG_METRIC(kMetricDeviceCommissionerCommissionStage, step);
    3124              :     MATTER_LOG_METRIC_BEGIN(MetricKeyForCommissioningStage(step));
    3125              : 
    3126            0 :     if (params.GetCompletionStatus().err == CHIP_NO_ERROR)
    3127              :     {
    3128            0 :         ChipLogProgress(Controller, "Performing next commissioning step '%s'", StageToString(step));
    3129              :     }
    3130              :     else
    3131              :     {
    3132            0 :         ChipLogProgress(Controller, "Performing next commissioning step '%s' with completion status = '%s'", StageToString(step),
    3133              :                         params.GetCompletionStatus().err.AsString());
    3134              :     }
    3135              : 
    3136            0 :     mCommissioningStepTimeout = timeout;
    3137            0 :     mCommissioningStage       = step;
    3138            0 :     mCommissioningDelegate    = delegate;
    3139            0 :     mDeviceBeingCommissioned  = proxy;
    3140              : 
    3141              :     // TODO: Extend timeouts to the DAC and Opcert requests.
    3142              :     // TODO(cecille): We probably want something better than this for breadcrumbs.
    3143            0 :     uint64_t breadcrumb = static_cast<uint64_t>(step);
    3144              : 
    3145            0 :     switch (step)
    3146              :     {
    3147            0 :     case CommissioningStage::kArmFailsafe: {
    3148            0 :         VerifyOrDie(endpoint == kRootEndpointId);
    3149              :         // Make sure the fail-safe value we set here actually ends up being used
    3150              :         // no matter what.
    3151            0 :         proxy->SetFailSafeExpirationTimestamp(System::Clock::kZero);
    3152            0 :         VerifyOrDie(ExtendArmFailSafeInternal(proxy, step, params.GetFailsafeTimerSeconds().ValueOr(kDefaultFailsafeTimeout),
    3153              :                                               timeout, OnArmFailSafe, OnBasicFailure, /* fireAndForget = */ false));
    3154              :     }
    3155            0 :     break;
    3156            0 :     case CommissioningStage::kReadCommissioningInfo: {
    3157            0 :         VerifyOrDie(endpoint == kRootEndpointId);
    3158            0 :         ChipLogProgress(Controller, "Sending read requests for commissioning information");
    3159              : 
    3160              :         // Allocate a ClusterStateCache to collect the data from our read requests.
    3161              :         // The cache will be released in:
    3162              :         // - SendCommissioningReadRequest when failing to send a read request.
    3163              :         // - FinishReadingCommissioningInfo when the ReadCommissioningInfo stage is completed.
    3164              :         // - CancelCommissioningInteractions
    3165            0 :         mAttributeCache = Platform::MakeUnique<app::ClusterStateCache>(*this);
    3166              : 
    3167              :         // Generally we need to make more than one read request, because as per spec a server only
    3168              :         // supports a limited number of paths per Read Interaction. Because the actual number of
    3169              :         // interactions we end up performing is dynamic, we track all of them within a single
    3170              :         // commissioning stage.
    3171            0 :         mReadCommissioningInfoProgress = 0;
    3172            0 :         ContinueReadingCommissioningInfo(params); // Note: assume params == delegate.GetCommissioningParameters()
    3173            0 :         break;
    3174              :     }
    3175            0 :     case CommissioningStage::kConfigureUTCTime: {
    3176            0 :         TimeSynchronization::Commands::SetUTCTime::Type request;
    3177            0 :         uint64_t kChipEpochUsSinceUnixEpoch = static_cast<uint64_t>(kChipEpochSecondsSinceUnixEpoch) * chip::kMicrosecondsPerSecond;
    3178              :         System::Clock::Microseconds64 utcTime;
    3179            0 :         if (System::SystemClock().GetClock_RealTime(utcTime) != CHIP_NO_ERROR || utcTime.count() <= kChipEpochUsSinceUnixEpoch)
    3180              :         {
    3181              :             // We have no time to give, but that's OK, just complete this stage
    3182            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3183            0 :             return;
    3184              :         }
    3185              : 
    3186            0 :         request.UTCTime = utcTime.count() - kChipEpochUsSinceUnixEpoch;
    3187              :         // For now, we assume a seconds granularity
    3188            0 :         request.granularity = TimeSynchronization::GranularityEnum::kSecondsGranularity;
    3189            0 :         CHIP_ERROR err      = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnSetUTCError, endpoint, timeout);
    3190            0 :         if (err != CHIP_NO_ERROR)
    3191              :         {
    3192              :             // We won't get any async callbacks here, so just complete our stage.
    3193            0 :             ChipLogError(Controller, "Failed to send SetUTCTime command: %" CHIP_ERROR_FORMAT, err.Format());
    3194            0 :             CommissioningStageComplete(err);
    3195            0 :             return;
    3196              :         }
    3197            0 :         break;
    3198              :     }
    3199            0 :     case CommissioningStage::kConfigureTimeZone: {
    3200            0 :         if (!params.GetTimeZone().HasValue())
    3201              :         {
    3202            0 :             ChipLogError(Controller, "ConfigureTimeZone stage called with no time zone data");
    3203            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3204            0 :             return;
    3205              :         }
    3206            0 :         TimeSynchronization::Commands::SetTimeZone::Type request;
    3207            0 :         request.timeZone = params.GetTimeZone().Value();
    3208            0 :         CHIP_ERROR err   = SendCommissioningCommand(proxy, request, OnSetTimeZoneResponse, OnBasicFailure, endpoint, timeout);
    3209            0 :         if (err != CHIP_NO_ERROR)
    3210              :         {
    3211              :             // We won't get any async callbacks here, so just complete our stage.
    3212            0 :             ChipLogError(Controller, "Failed to send SetTimeZone command: %" CHIP_ERROR_FORMAT, err.Format());
    3213            0 :             CommissioningStageComplete(err);
    3214            0 :             return;
    3215              :         }
    3216            0 :         break;
    3217              :     }
    3218            0 :     case CommissioningStage::kConfigureDSTOffset: {
    3219            0 :         if (!params.GetDSTOffsets().HasValue())
    3220              :         {
    3221            0 :             ChipLogError(Controller, "ConfigureDSTOffset stage called with no DST data");
    3222            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3223            0 :             return;
    3224              :         }
    3225            0 :         TimeSynchronization::Commands::SetDSTOffset::Type request;
    3226            0 :         request.DSTOffset = params.GetDSTOffsets().Value();
    3227            0 :         CHIP_ERROR err    = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3228            0 :         if (err != CHIP_NO_ERROR)
    3229              :         {
    3230              :             // We won't get any async callbacks here, so just complete our stage.
    3231            0 :             ChipLogError(Controller, "Failed to send SetDSTOffset command: %" CHIP_ERROR_FORMAT, err.Format());
    3232            0 :             CommissioningStageComplete(err);
    3233            0 :             return;
    3234              :         }
    3235            0 :         break;
    3236              :     }
    3237            0 :     case CommissioningStage::kConfigureDefaultNTP: {
    3238            0 :         if (!params.GetDefaultNTP().HasValue())
    3239              :         {
    3240            0 :             ChipLogError(Controller, "ConfigureDefaultNTP stage called with no default NTP data");
    3241            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3242            0 :             return;
    3243              :         }
    3244            0 :         TimeSynchronization::Commands::SetDefaultNTP::Type request;
    3245            0 :         request.defaultNTP = params.GetDefaultNTP().Value();
    3246            0 :         CHIP_ERROR err     = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3247            0 :         if (err != CHIP_NO_ERROR)
    3248              :         {
    3249              :             // We won't get any async callbacks here, so just complete our stage.
    3250            0 :             ChipLogError(Controller, "Failed to send SetDefaultNTP command: %" CHIP_ERROR_FORMAT, err.Format());
    3251            0 :             CommissioningStageComplete(err);
    3252            0 :             return;
    3253              :         }
    3254            0 :         break;
    3255              :     }
    3256            0 :     case CommissioningStage::kScanNetworks: {
    3257            0 :         NetworkCommissioning::Commands::ScanNetworks::Type request;
    3258            0 :         if (params.GetWiFiCredentials().HasValue())
    3259              :         {
    3260            0 :             request.ssid.Emplace(params.GetWiFiCredentials().Value().ssid);
    3261              :         }
    3262            0 :         request.breadcrumb.Emplace(breadcrumb);
    3263            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnScanNetworksResponse, OnScanNetworksFailure, endpoint, timeout);
    3264            0 :         if (err != CHIP_NO_ERROR)
    3265              :         {
    3266              :             // We won't get any async callbacks here, so just complete our stage.
    3267            0 :             ChipLogError(Controller, "Failed to send ScanNetworks command: %" CHIP_ERROR_FORMAT, err.Format());
    3268            0 :             CommissioningStageComplete(err);
    3269            0 :             return;
    3270              :         }
    3271            0 :         break;
    3272              :     }
    3273            0 :     case CommissioningStage::kNeedsNetworkCreds: {
    3274              :         // nothing to do, the OnScanNetworksSuccess and OnScanNetworksFailure callbacks provide indication to the
    3275              :         // DevicePairingDelegate that network credentials are needed.
    3276            0 :         break;
    3277              :     }
    3278            0 :     case CommissioningStage::kConfigRegulatory: {
    3279              :         // TODO(cecille): Worthwhile to keep this around as part of the class?
    3280              :         // TODO(cecille): Where is the country config actually set?
    3281            0 :         ChipLogProgress(Controller, "Setting Regulatory Config");
    3282              :         auto capability =
    3283            0 :             params.GetLocationCapability().ValueOr(app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kOutdoor);
    3284              :         app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum regulatoryConfig;
    3285              :         // Value is only switchable on the devices with indoor/outdoor capability
    3286            0 :         if (capability == app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kIndoorOutdoor)
    3287              :         {
    3288              :             // If the device supports indoor and outdoor configs, use the setting from the commissioner, otherwise fall back to
    3289              :             // the current device setting then to outdoor (most restrictive)
    3290            0 :             if (params.GetDeviceRegulatoryLocation().HasValue())
    3291              :             {
    3292            0 :                 regulatoryConfig = params.GetDeviceRegulatoryLocation().Value();
    3293            0 :                 ChipLogProgress(Controller, "Setting regulatory config to %u from commissioner override",
    3294              :                                 static_cast<uint8_t>(regulatoryConfig));
    3295              :             }
    3296            0 :             else if (params.GetDefaultRegulatoryLocation().HasValue())
    3297              :             {
    3298            0 :                 regulatoryConfig = params.GetDefaultRegulatoryLocation().Value();
    3299            0 :                 ChipLogProgress(Controller, "No regulatory config supplied by controller, leaving as device default (%u)",
    3300              :                                 static_cast<uint8_t>(regulatoryConfig));
    3301              :             }
    3302              :             else
    3303              :             {
    3304            0 :                 regulatoryConfig = app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kOutdoor;
    3305            0 :                 ChipLogProgress(Controller, "No overrride or device regulatory config supplied, setting to outdoor");
    3306              :             }
    3307              :         }
    3308              :         else
    3309              :         {
    3310            0 :             ChipLogProgress(Controller, "Device does not support configurable regulatory location");
    3311            0 :             regulatoryConfig = capability;
    3312              :         }
    3313              : 
    3314            0 :         CharSpan countryCode;
    3315            0 :         const auto & providedCountryCode = params.GetCountryCode();
    3316            0 :         if (providedCountryCode.HasValue())
    3317              :         {
    3318            0 :             countryCode = providedCountryCode.Value();
    3319              :         }
    3320              :         else
    3321              :         {
    3322              :             // Default to "XX", for lack of anything better.
    3323            0 :             countryCode = "XX"_span;
    3324              :         }
    3325              : 
    3326            0 :         GeneralCommissioning::Commands::SetRegulatoryConfig::Type request;
    3327            0 :         request.newRegulatoryConfig = regulatoryConfig;
    3328            0 :         request.countryCode         = countryCode;
    3329            0 :         request.breadcrumb          = breadcrumb;
    3330            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnSetRegulatoryConfigResponse, OnBasicFailure, endpoint, timeout);
    3331            0 :         if (err != CHIP_NO_ERROR)
    3332              :         {
    3333              :             // We won't get any async callbacks here, so just complete our stage.
    3334            0 :             ChipLogError(Controller, "Failed to send SetRegulatoryConfig command: %" CHIP_ERROR_FORMAT, err.Format());
    3335            0 :             CommissioningStageComplete(err);
    3336            0 :             return;
    3337              :         }
    3338              :     }
    3339            0 :     break;
    3340            0 :     case CommissioningStage::kConfigureTCAcknowledgments: {
    3341            0 :         ChipLogProgress(Controller, "Setting Terms and Conditions");
    3342              : 
    3343            0 :         if (!params.GetTermsAndConditionsAcknowledgement().HasValue())
    3344              :         {
    3345            0 :             ChipLogProgress(Controller, "Setting Terms and Conditions: Skipped");
    3346            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3347            0 :             return;
    3348              :         }
    3349              : 
    3350            0 :         GeneralCommissioning::Commands::SetTCAcknowledgements::Type request;
    3351            0 :         TermsAndConditionsAcknowledgement termsAndConditionsAcknowledgement = params.GetTermsAndConditionsAcknowledgement().Value();
    3352            0 :         request.TCUserResponse = termsAndConditionsAcknowledgement.acceptedTermsAndConditions;
    3353            0 :         request.TCVersion      = termsAndConditionsAcknowledgement.acceptedTermsAndConditionsVersion;
    3354              : 
    3355            0 :         ChipLogProgress(Controller, "Setting Terms and Conditions: %hu, %hu", request.TCUserResponse, request.TCVersion);
    3356              :         CHIP_ERROR err =
    3357            0 :             SendCommissioningCommand(proxy, request, OnSetTCAcknowledgementsResponse, OnBasicFailure, endpoint, timeout);
    3358            0 :         if (err != CHIP_NO_ERROR)
    3359              :         {
    3360            0 :             ChipLogError(Controller, "Failed to send SetTCAcknowledgements command: %" CHIP_ERROR_FORMAT, err.Format());
    3361            0 :             CommissioningStageComplete(err);
    3362            0 :             return;
    3363              :         }
    3364            0 :         break;
    3365              :     }
    3366            0 :     case CommissioningStage::kSendPAICertificateRequest: {
    3367            0 :         ChipLogProgress(Controller, "Sending request for PAI certificate");
    3368            0 :         CHIP_ERROR err = SendCertificateChainRequestCommand(proxy, CertificateType::kPAI, timeout);
    3369            0 :         if (err != CHIP_NO_ERROR)
    3370              :         {
    3371              :             // We won't get any async callbacks here, so just complete our stage.
    3372            0 :             ChipLogError(Controller, "Failed to send CertificateChainRequest command to get PAI: %" CHIP_ERROR_FORMAT,
    3373              :                          err.Format());
    3374            0 :             CommissioningStageComplete(err);
    3375            0 :             return;
    3376              :         }
    3377            0 :         break;
    3378              :     }
    3379            0 :     case CommissioningStage::kSendDACCertificateRequest: {
    3380            0 :         ChipLogProgress(Controller, "Sending request for DAC certificate");
    3381            0 :         CHIP_ERROR err = SendCertificateChainRequestCommand(proxy, CertificateType::kDAC, timeout);
    3382            0 :         if (err != CHIP_NO_ERROR)
    3383              :         {
    3384              :             // We won't get any async callbacks here, so just complete our stage.
    3385            0 :             ChipLogError(Controller, "Failed to send CertificateChainRequest command to get DAC: %" CHIP_ERROR_FORMAT,
    3386              :                          err.Format());
    3387            0 :             CommissioningStageComplete(err);
    3388            0 :             return;
    3389              :         }
    3390            0 :         break;
    3391              :     }
    3392            0 :     case CommissioningStage::kSendAttestationRequest: {
    3393            0 :         ChipLogProgress(Controller, "Sending Attestation Request to the device.");
    3394            0 :         if (!params.GetAttestationNonce().HasValue())
    3395              :         {
    3396            0 :             ChipLogError(Controller, "No attestation nonce found");
    3397            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3398            0 :             return;
    3399              :         }
    3400            0 :         CHIP_ERROR err = SendAttestationRequestCommand(proxy, params.GetAttestationNonce().Value(), timeout);
    3401            0 :         if (err != CHIP_NO_ERROR)
    3402              :         {
    3403              :             // We won't get any async callbacks here, so just complete our stage.
    3404            0 :             ChipLogError(Controller, "Failed to send AttestationRequest command: %" CHIP_ERROR_FORMAT, err.Format());
    3405            0 :             CommissioningStageComplete(err);
    3406            0 :             return;
    3407              :         }
    3408            0 :         break;
    3409              :     }
    3410            0 :     case CommissioningStage::kAttestationVerification: {
    3411            0 :         ChipLogProgress(Controller, "Verifying Device Attestation information received from the device");
    3412            0 :         if (IsAttestationInformationMissing(params))
    3413              :         {
    3414            0 :             ChipLogError(Controller, "Missing attestation information");
    3415            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3416            0 :             return;
    3417              :         }
    3418              : 
    3419              :         DeviceAttestationVerifier::AttestationInfo info(
    3420            0 :             params.GetAttestationElements().Value(),
    3421            0 :             proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge(),
    3422            0 :             params.GetAttestationSignature().Value(), params.GetPAI().Value(), params.GetDAC().Value(),
    3423            0 :             params.GetAttestationNonce().Value(), params.GetRemoteVendorId().Value(), params.GetRemoteProductId().Value());
    3424              : 
    3425            0 :         CHIP_ERROR err = ValidateAttestationInfo(info);
    3426            0 :         if (err != CHIP_NO_ERROR)
    3427              :         {
    3428            0 :             ChipLogError(Controller, "Error validating attestation information: %" CHIP_ERROR_FORMAT, err.Format());
    3429            0 :             CommissioningStageComplete(CHIP_ERROR_FAILED_DEVICE_ATTESTATION);
    3430            0 :             return;
    3431              :         }
    3432              :     }
    3433            0 :     break;
    3434            0 :     case CommissioningStage::kAttestationRevocationCheck: {
    3435            0 :         ChipLogProgress(Controller, "Verifying the device's DAC chain revocation status");
    3436            0 :         if (IsAttestationInformationMissing(params))
    3437              :         {
    3438            0 :             ChipLogError(Controller, "Missing attestation information");
    3439            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3440            0 :             return;
    3441              :         }
    3442              : 
    3443              :         DeviceAttestationVerifier::AttestationInfo info(
    3444            0 :             params.GetAttestationElements().Value(),
    3445            0 :             proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge(),
    3446            0 :             params.GetAttestationSignature().Value(), params.GetPAI().Value(), params.GetDAC().Value(),
    3447            0 :             params.GetAttestationNonce().Value(), params.GetRemoteVendorId().Value(), params.GetRemoteProductId().Value());
    3448              : 
    3449            0 :         CHIP_ERROR err = CheckForRevokedDACChain(info);
    3450              : 
    3451            0 :         if (err != CHIP_NO_ERROR)
    3452              :         {
    3453            0 :             ChipLogError(Controller, "Error validating device's DAC chain revocation status: %" CHIP_ERROR_FORMAT, err.Format());
    3454            0 :             CommissioningStageComplete(CHIP_ERROR_FAILED_DEVICE_ATTESTATION);
    3455            0 :             return;
    3456              :         }
    3457              :     }
    3458            0 :     break;
    3459            0 :     case CommissioningStage::kJCMTrustVerification: {
    3460            0 :         CHIP_ERROR err = StartJCMTrustVerification();
    3461            0 :         if (err != CHIP_NO_ERROR)
    3462              :         {
    3463            0 :             ChipLogError(Controller, "Failed to start JCM Trust Verification: %" CHIP_ERROR_FORMAT, err.Format());
    3464            0 :             CommissioningStageComplete(err);
    3465            0 :             return;
    3466              :         }
    3467            0 :         break;
    3468              :     }
    3469              : 
    3470            0 :     case CommissioningStage::kSendOpCertSigningRequest: {
    3471            0 :         if (!params.GetCSRNonce().HasValue())
    3472              :         {
    3473            0 :             ChipLogError(Controller, "No CSR nonce found");
    3474            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3475            0 :             return;
    3476              :         }
    3477            0 :         CHIP_ERROR err = SendOperationalCertificateSigningRequestCommand(proxy, params.GetCSRNonce().Value(), timeout);
    3478            0 :         if (err != CHIP_NO_ERROR)
    3479              :         {
    3480              :             // We won't get any async callbacks here, so just complete our stage.
    3481            0 :             ChipLogError(Controller, "Failed to send CSR request: %" CHIP_ERROR_FORMAT, err.Format());
    3482            0 :             CommissioningStageComplete(err);
    3483            0 :             return;
    3484              :         }
    3485            0 :         break;
    3486              :     }
    3487            0 :     case CommissioningStage::kValidateCSR: {
    3488            0 :         if (!params.GetNOCChainGenerationParameters().HasValue() || !params.GetDAC().HasValue() || !params.GetCSRNonce().HasValue())
    3489              :         {
    3490            0 :             ChipLogError(Controller, "Unable to validate CSR");
    3491            0 :             return CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3492              :         }
    3493              :         // This is non-blocking, so send the callback immediately.
    3494            0 :         CHIP_ERROR err = ValidateCSR(proxy, params.GetNOCChainGenerationParameters().Value().nocsrElements,
    3495            0 :                                      params.GetNOCChainGenerationParameters().Value().signature, params.GetDAC().Value(),
    3496            0 :                                      params.GetCSRNonce().Value());
    3497            0 :         if (err != CHIP_NO_ERROR)
    3498              :         {
    3499            0 :             ChipLogError(Controller, "Failed to validate CSR: %" CHIP_ERROR_FORMAT, err.Format());
    3500              :         }
    3501            0 :         CommissioningStageComplete(err);
    3502            0 :         return;
    3503              :     }
    3504              :     break;
    3505            0 :     case CommissioningStage::kGenerateNOCChain: {
    3506            0 :         if (!params.GetNOCChainGenerationParameters().HasValue() || !params.GetDAC().HasValue() || !params.GetPAI().HasValue() ||
    3507            0 :             !params.GetCSRNonce().HasValue())
    3508              :         {
    3509            0 :             ChipLogError(Controller, "Unable to generate NOC chain parameters");
    3510            0 :             return CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3511              :         }
    3512            0 :         CHIP_ERROR err = ProcessCSR(proxy, params.GetNOCChainGenerationParameters().Value().nocsrElements,
    3513            0 :                                     params.GetNOCChainGenerationParameters().Value().signature, params.GetDAC().Value(),
    3514            0 :                                     params.GetPAI().Value(), params.GetCSRNonce().Value());
    3515            0 :         if (err != CHIP_NO_ERROR)
    3516              :         {
    3517            0 :             ChipLogError(Controller, "Failed to process Operational Certificate Signing Request (CSR): %" CHIP_ERROR_FORMAT,
    3518              :                          err.Format());
    3519            0 :             CommissioningStageComplete(err);
    3520            0 :             return;
    3521              :         }
    3522              :     }
    3523            0 :     break;
    3524            0 :     case CommissioningStage::kSendTrustedRootCert: {
    3525            0 :         if (!params.GetRootCert().HasValue() || !params.GetNoc().HasValue())
    3526              :         {
    3527            0 :             ChipLogError(Controller, "No trusted root cert or NOC specified");
    3528            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3529            0 :             return;
    3530              :         }
    3531            0 :         CHIP_ERROR err = SendTrustedRootCertificate(proxy, params.GetRootCert().Value(), timeout);
    3532            0 :         if (err != CHIP_NO_ERROR)
    3533              :         {
    3534            0 :             ChipLogError(Controller, "Error sending trusted root certificate: %" CHIP_ERROR_FORMAT, err.Format());
    3535            0 :             CommissioningStageComplete(err);
    3536            0 :             return;
    3537              :         }
    3538              : 
    3539            0 :         err = proxy->SetPeerId(params.GetRootCert().Value(), params.GetNoc().Value());
    3540            0 :         if (err != CHIP_NO_ERROR)
    3541              :         {
    3542            0 :             ChipLogError(Controller, "Error setting peer id: %" CHIP_ERROR_FORMAT, err.Format());
    3543            0 :             CommissioningStageComplete(err);
    3544            0 :             return;
    3545              :         }
    3546            0 :         if (!IsOperationalNodeId(proxy->GetDeviceId()))
    3547              :         {
    3548            0 :             ChipLogError(Controller, "Given node ID is not an operational node ID");
    3549            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3550            0 :             return;
    3551              :         }
    3552              :     }
    3553            0 :     break;
    3554            0 :     case CommissioningStage::kSendNOC: {
    3555            0 :         if (!params.GetNoc().HasValue() || !params.GetIpk().HasValue() || !params.GetAdminSubject().HasValue())
    3556              :         {
    3557            0 :             ChipLogError(Controller, "AddNOC contents not specified");
    3558            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3559            0 :             return;
    3560              :         }
    3561            0 :         CHIP_ERROR err = SendOperationalCertificate(proxy, params.GetNoc().Value(), params.GetIcac(), params.GetIpk().Value(),
    3562            0 :                                                     params.GetAdminSubject().Value(), timeout);
    3563            0 :         if (err != CHIP_NO_ERROR)
    3564              :         {
    3565              :             // We won't get any async callbacks here, so just complete our stage.
    3566            0 :             ChipLogError(Controller, "Error installing operational certificate with AddNOC: %" CHIP_ERROR_FORMAT, err.Format());
    3567            0 :             CommissioningStageComplete(err);
    3568            0 :             return;
    3569              :         }
    3570            0 :         break;
    3571              :     }
    3572            0 :     case CommissioningStage::kConfigureTrustedTimeSource: {
    3573            0 :         if (!params.GetTrustedTimeSource().HasValue())
    3574              :         {
    3575            0 :             ChipLogError(Controller, "ConfigureTrustedTimeSource stage called with no trusted time source data!");
    3576            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3577            0 :             return;
    3578              :         }
    3579            0 :         TimeSynchronization::Commands::SetTrustedTimeSource::Type request;
    3580            0 :         request.trustedTimeSource = params.GetTrustedTimeSource().Value();
    3581            0 :         CHIP_ERROR err            = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3582            0 :         if (err != CHIP_NO_ERROR)
    3583              :         {
    3584              :             // We won't get any async callbacks here, so just complete our stage.
    3585            0 :             ChipLogError(Controller, "Failed to send SendTrustedTimeSource command: %" CHIP_ERROR_FORMAT, err.Format());
    3586            0 :             CommissioningStageComplete(err);
    3587            0 :             return;
    3588              :         }
    3589            0 :         break;
    3590              :     }
    3591            0 :     case CommissioningStage::kWiFiNetworkSetup: {
    3592            0 :         if (!params.GetWiFiCredentials().HasValue())
    3593              :         {
    3594            0 :             ChipLogError(Controller, "No wifi credentials specified");
    3595            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3596            0 :             return;
    3597              :         }
    3598              : 
    3599            0 :         NetworkCommissioning::Commands::AddOrUpdateWiFiNetwork::Type request;
    3600            0 :         request.ssid        = params.GetWiFiCredentials().Value().ssid;
    3601            0 :         request.credentials = params.GetWiFiCredentials().Value().credentials;
    3602            0 :         request.breadcrumb.Emplace(breadcrumb);
    3603            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3604            0 :         if (err != CHIP_NO_ERROR)
    3605              :         {
    3606              :             // We won't get any async callbacks here, so just complete our stage.
    3607            0 :             ChipLogError(Controller, "Failed to send AddOrUpdateWiFiNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3608            0 :             CommissioningStageComplete(err);
    3609            0 :             return;
    3610              :         }
    3611              :     }
    3612            0 :     break;
    3613            0 :     case CommissioningStage::kThreadNetworkSetup: {
    3614            0 :         if (!params.GetThreadOperationalDataset().HasValue())
    3615              :         {
    3616            0 :             ChipLogError(Controller, "No thread credentials specified");
    3617            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3618            0 :             return;
    3619              :         }
    3620            0 :         NetworkCommissioning::Commands::AddOrUpdateThreadNetwork::Type request;
    3621            0 :         request.operationalDataset = params.GetThreadOperationalDataset().Value();
    3622            0 :         request.breadcrumb.Emplace(breadcrumb);
    3623            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3624            0 :         if (err != CHIP_NO_ERROR)
    3625              :         {
    3626              :             // We won't get any async callbacks here, so just complete our stage.
    3627            0 :             ChipLogError(Controller, "Failed to send AddOrUpdateThreadNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3628            0 :             CommissioningStageComplete(err);
    3629            0 :             return;
    3630              :         }
    3631              :     }
    3632            0 :     break;
    3633            0 :     case CommissioningStage::kFailsafeBeforeWiFiEnable:
    3634              :         FALLTHROUGH;
    3635              :     case CommissioningStage::kFailsafeBeforeThreadEnable:
    3636              :         // Before we try to do network enablement, make sure that our fail-safe
    3637              :         // is set far enough out that we can later try to do operational
    3638              :         // discovery without it timing out.
    3639            0 :         ExtendFailsafeBeforeNetworkEnable(proxy, params, step);
    3640            0 :         break;
    3641            0 :     case CommissioningStage::kWiFiNetworkEnable: {
    3642            0 :         if (!params.GetWiFiCredentials().HasValue())
    3643              :         {
    3644            0 :             ChipLogError(Controller, "No wifi credentials specified");
    3645            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3646            0 :             return;
    3647              :         }
    3648            0 :         NetworkCommissioning::Commands::ConnectNetwork::Type request;
    3649            0 :         request.networkID = params.GetWiFiCredentials().Value().ssid;
    3650            0 :         request.breadcrumb.Emplace(breadcrumb);
    3651              : 
    3652            0 :         CHIP_ERROR err = CHIP_NO_ERROR;
    3653            0 :         ChipLogProgress(Controller, "SendCommand kWiFiNetworkEnable, supportsConcurrentConnection=%s",
    3654              :                         params.GetSupportsConcurrentConnection().HasValue()
    3655              :                             ? (params.GetSupportsConcurrentConnection().Value() ? "true" : "false")
    3656              :                             : "missing");
    3657            0 :         err = SendCommissioningCommand(proxy, request, OnConnectNetworkResponse, OnBasicFailure, endpoint, timeout);
    3658              : 
    3659            0 :         if (err != CHIP_NO_ERROR)
    3660              :         {
    3661              :             // We won't get any async callbacks here, so just complete our stage.
    3662            0 :             ChipLogError(Controller, "Failed to send WiFi ConnectNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3663            0 :             CommissioningStageComplete(err);
    3664            0 :             return;
    3665              :         }
    3666              :     }
    3667            0 :     break;
    3668            0 :     case CommissioningStage::kThreadNetworkEnable: {
    3669            0 :         ByteSpan extendedPanId;
    3670            0 :         chip::Thread::OperationalDataset operationalDataset;
    3671            0 :         if (!params.GetThreadOperationalDataset().HasValue() ||
    3672            0 :             operationalDataset.Init(params.GetThreadOperationalDataset().Value()) != CHIP_NO_ERROR ||
    3673            0 :             operationalDataset.GetExtendedPanIdAsByteSpan(extendedPanId) != CHIP_NO_ERROR)
    3674              :         {
    3675            0 :             ChipLogError(Controller, "Invalid Thread operational dataset configured at commissioner!");
    3676            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3677            0 :             return;
    3678              :         }
    3679            0 :         NetworkCommissioning::Commands::ConnectNetwork::Type request;
    3680            0 :         request.networkID = extendedPanId;
    3681            0 :         request.breadcrumb.Emplace(breadcrumb);
    3682            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnConnectNetworkResponse, OnBasicFailure, endpoint, timeout);
    3683            0 :         if (err != CHIP_NO_ERROR)
    3684              :         {
    3685              :             // We won't get any async callbacks here, so just complete our stage.
    3686            0 :             ChipLogError(Controller, "Failed to send Thread ConnectNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3687            0 :             CommissioningStageComplete(err);
    3688            0 :             return;
    3689              :         }
    3690              :     }
    3691            0 :     break;
    3692            0 :     case CommissioningStage::kICDGetRegistrationInfo: {
    3693            0 :         GetPairingDelegate()->OnICDRegistrationInfoRequired();
    3694            0 :         return;
    3695              :     }
    3696              :     break;
    3697            0 :     case CommissioningStage::kICDRegistration: {
    3698            0 :         IcdManagement::Commands::RegisterClient::Type request;
    3699              : 
    3700            0 :         if (!(params.GetICDCheckInNodeId().HasValue() && params.GetICDMonitoredSubject().HasValue() &&
    3701            0 :               params.GetICDSymmetricKey().HasValue()))
    3702              :         {
    3703            0 :             ChipLogError(Controller, "No ICD Registration information provided!");
    3704            0 :             CommissioningStageComplete(CHIP_ERROR_INCORRECT_STATE);
    3705            0 :             return;
    3706              :         }
    3707              : 
    3708            0 :         request.checkInNodeID    = params.GetICDCheckInNodeId().Value();
    3709            0 :         request.monitoredSubject = params.GetICDMonitoredSubject().Value();
    3710            0 :         request.key              = params.GetICDSymmetricKey().Value();
    3711              : 
    3712              :         CHIP_ERROR err =
    3713            0 :             SendCommissioningCommand(proxy, request, OnICDManagementRegisterClientResponse, OnBasicFailure, endpoint, timeout);
    3714            0 :         if (err != CHIP_NO_ERROR)
    3715              :         {
    3716              :             // We won't get any async callbacks here, so just complete our stage.
    3717            0 :             ChipLogError(Controller, "Failed to send IcdManagement.RegisterClient command: %" CHIP_ERROR_FORMAT, err.Format());
    3718            0 :             CommissioningStageComplete(err);
    3719            0 :             return;
    3720              :         }
    3721              :     }
    3722            0 :     break;
    3723            0 :     case CommissioningStage::kEvictPreviousCaseSessions: {
    3724            0 :         auto scopedPeerId = GetPeerScopedId(proxy->GetDeviceId());
    3725              : 
    3726              :         // If we ever had a commissioned device with this node ID before, we may
    3727              :         // have stale sessions to it.  Make sure we don't re-use any of those,
    3728              :         // because clearly they are not related to this new device we are
    3729              :         // commissioning.  We only care about sessions we might reuse, so just
    3730              :         // clearing the ones associated with our fabric index is good enough and
    3731              :         // we don't need to worry about ExpireAllSessionsOnLogicalFabric.
    3732            0 :         mSystemState->SessionMgr()->ExpireAllSessions(scopedPeerId);
    3733            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    3734            0 :         return;
    3735              :     }
    3736            0 :     case CommissioningStage::kFindOperationalForStayActive:
    3737              :     case CommissioningStage::kFindOperationalForCommissioningComplete: {
    3738              :         // If there is an error, CommissioningStageComplete will be called from OnDeviceConnectionFailureFn.
    3739            0 :         auto scopedPeerId = GetPeerScopedId(proxy->GetDeviceId());
    3740              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioningOperationalSetup);
    3741            0 :         mSystemState->CASESessionMgr()->FindOrEstablishSession(scopedPeerId, &mOnDeviceConnectedCallback,
    3742              :                                                                &mOnDeviceConnectionFailureCallback
    3743              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    3744              :                                                                ,
    3745              :                                                                /* attemptCount = */ 3, &mOnDeviceConnectionRetryCallback
    3746              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    3747              :         );
    3748              :     }
    3749            0 :     break;
    3750            0 :     case CommissioningStage::kPrimaryOperationalNetworkFailed: {
    3751              :         // nothing to do. This stage indicates that the primary operational network failed and the network config should be
    3752              :         // removed later.
    3753            0 :         break;
    3754              :     }
    3755            0 :     case CommissioningStage::kRemoveWiFiNetworkConfig: {
    3756            0 :         NetworkCommissioning::Commands::RemoveNetwork::Type request;
    3757            0 :         request.networkID = params.GetWiFiCredentials().Value().ssid;
    3758            0 :         request.breadcrumb.Emplace(breadcrumb);
    3759            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3760            0 :         if (err != CHIP_NO_ERROR)
    3761              :         {
    3762              :             // We won't get any async callbacks here, so just complete our stage.
    3763            0 :             ChipLogError(Controller, "Failed to send RemoveNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3764            0 :             CommissioningStageComplete(err);
    3765            0 :             return;
    3766              :         }
    3767            0 :         break;
    3768              :     }
    3769            0 :     case CommissioningStage::kRemoveThreadNetworkConfig: {
    3770            0 :         ByteSpan extendedPanId;
    3771            0 :         chip::Thread::OperationalDataset operationalDataset;
    3772            0 :         if (!params.GetThreadOperationalDataset().HasValue() ||
    3773            0 :             operationalDataset.Init(params.GetThreadOperationalDataset().Value()) != CHIP_NO_ERROR ||
    3774            0 :             operationalDataset.GetExtendedPanIdAsByteSpan(extendedPanId) != CHIP_NO_ERROR)
    3775              :         {
    3776            0 :             ChipLogError(Controller, "Invalid Thread operational dataset configured at commissioner!");
    3777            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3778            0 :             return;
    3779              :         }
    3780            0 :         NetworkCommissioning::Commands::RemoveNetwork::Type request;
    3781            0 :         request.networkID = extendedPanId;
    3782            0 :         request.breadcrumb.Emplace(breadcrumb);
    3783            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3784            0 :         if (err != CHIP_NO_ERROR)
    3785              :         {
    3786              :             // We won't get any async callbacks here, so just complete our stage.
    3787            0 :             ChipLogError(Controller, "Failed to send RemoveNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3788            0 :             CommissioningStageComplete(err);
    3789            0 :             return;
    3790              :         }
    3791            0 :         break;
    3792              :     }
    3793            0 :     case CommissioningStage::kICDSendStayActive: {
    3794            0 :         if (!(params.GetICDStayActiveDurationMsec().HasValue()))
    3795              :         {
    3796            0 :             ChipLogProgress(Controller, "Skipping kICDSendStayActive");
    3797            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3798            0 :             return;
    3799              :         }
    3800              : 
    3801              :         // StayActive Command happens over CASE Connection
    3802            0 :         IcdManagement::Commands::StayActiveRequest::Type request;
    3803            0 :         request.stayActiveDuration = params.GetICDStayActiveDurationMsec().Value();
    3804            0 :         ChipLogError(Controller, "Send ICD StayActive with Duration %u", request.stayActiveDuration);
    3805              :         CHIP_ERROR err =
    3806            0 :             SendCommissioningCommand(proxy, request, OnICDManagementStayActiveResponse, OnBasicFailure, endpoint, timeout);
    3807            0 :         if (err != CHIP_NO_ERROR)
    3808              :         {
    3809              :             // We won't get any async callbacks here, so just complete our stage.
    3810            0 :             ChipLogError(Controller, "Failed to send IcdManagement.StayActive command: %" CHIP_ERROR_FORMAT, err.Format());
    3811            0 :             CommissioningStageComplete(err);
    3812            0 :             return;
    3813              :         }
    3814              :     }
    3815            0 :     break;
    3816            0 :     case CommissioningStage::kSendComplete: {
    3817              :         // CommissioningComplete command happens over the CASE connection.
    3818              :         GeneralCommissioning::Commands::CommissioningComplete::Type request;
    3819              :         CHIP_ERROR err =
    3820            0 :             SendCommissioningCommand(proxy, request, OnCommissioningCompleteResponse, OnBasicFailure, endpoint, timeout);
    3821            0 :         if (err != CHIP_NO_ERROR)
    3822              :         {
    3823              :             // We won't get any async callbacks here, so just complete our stage.
    3824            0 :             ChipLogError(Controller, "Failed to send CommissioningComplete command: %" CHIP_ERROR_FORMAT, err.Format());
    3825            0 :             CommissioningStageComplete(err);
    3826            0 :             return;
    3827              :         }
    3828              :     }
    3829            0 :     break;
    3830              : #if CHIP_DEVICE_CONFIG_ENABLE_NFC_BASED_COMMISSIONING
    3831              :     case CommissioningStage::kUnpoweredPhaseComplete:
    3832              :         ChipLogProgress(Controller, "Completed unpowered commissioning phase, marking commissioning as complete");
    3833              :         CommissioningStageComplete(CHIP_NO_ERROR);
    3834              :         break;
    3835              : #endif
    3836            0 :     case CommissioningStage::kCleanup:
    3837            0 :         CleanupCommissioning(proxy, proxy->GetDeviceId(), params.GetCompletionStatus());
    3838            0 :         break;
    3839            0 :     case CommissioningStage::kError:
    3840            0 :         mCommissioningStage = CommissioningStage::kSecurePairing;
    3841            0 :         break;
    3842            0 :     case CommissioningStage::kSecurePairing:
    3843            0 :         break;
    3844              :     }
    3845              : }
    3846              : 
    3847            0 : void DeviceCommissioner::ExtendFailsafeBeforeNetworkEnable(DeviceProxy * device, CommissioningParameters & params,
    3848              :                                                            CommissioningStage step)
    3849              : {
    3850            0 :     auto * commissioneeDevice = FindCommissioneeDevice(device->GetDeviceId());
    3851            0 :     if (device != commissioneeDevice)
    3852              :     {
    3853              :         // Not a commissionee device; just return.
    3854            0 :         ChipLogError(Controller, "Trying to extend fail-safe for an unknown commissionee with device id " ChipLogFormatX64,
    3855              :                      ChipLogValueX64(device->GetDeviceId()));
    3856            0 :         CommissioningStageComplete(CHIP_ERROR_INCORRECT_STATE, CommissioningDelegate::CommissioningReport());
    3857            0 :         return;
    3858              :     }
    3859              : 
    3860              :     // Try to make sure we have at least enough time for our expected
    3861              :     // commissioning bits plus the MRP retries for a Sigma1.
    3862            0 :     uint16_t failSafeTimeoutSecs = params.GetFailsafeTimerSeconds().ValueOr(kDefaultFailsafeTimeout);
    3863            0 :     auto sigma1Timeout           = CASESession::ComputeSigma1ResponseTimeout(commissioneeDevice->GetPairing().GetRemoteMRPConfig());
    3864            0 :     uint16_t sigma1TimeoutSecs   = std::chrono::duration_cast<System::Clock::Seconds16>(sigma1Timeout).count();
    3865            0 :     if (UINT16_MAX - failSafeTimeoutSecs < sigma1TimeoutSecs)
    3866              :     {
    3867            0 :         failSafeTimeoutSecs = UINT16_MAX;
    3868              :     }
    3869              :     else
    3870              :     {
    3871            0 :         failSafeTimeoutSecs = static_cast<uint16_t>(failSafeTimeoutSecs + sigma1TimeoutSecs);
    3872              :     }
    3873              : 
    3874            0 :     if (!ExtendArmFailSafeInternal(commissioneeDevice, step, failSafeTimeoutSecs, MakeOptional(kMinimumCommissioningStepTimeout),
    3875              :                                    OnArmFailSafe, OnBasicFailure, /* fireAndForget = */ false))
    3876              :     {
    3877              :         // A false return is fine; we don't want to make the fail-safe shorter here.
    3878            0 :         CommissioningStageComplete(CHIP_NO_ERROR, CommissioningDelegate::CommissioningReport());
    3879              :     }
    3880              : }
    3881              : 
    3882            0 : bool DeviceCommissioner::IsAttestationInformationMissing(const CommissioningParameters & params)
    3883              : {
    3884            0 :     if (!params.GetAttestationElements().HasValue() || !params.GetAttestationSignature().HasValue() ||
    3885            0 :         !params.GetAttestationNonce().HasValue() || !params.GetDAC().HasValue() || !params.GetPAI().HasValue() ||
    3886            0 :         !params.GetRemoteVendorId().HasValue() || !params.GetRemoteProductId().HasValue())
    3887              :     {
    3888            0 :         return true;
    3889              :     }
    3890              : 
    3891            0 :     return false;
    3892              : }
    3893              : 
    3894            0 : CHIP_ERROR DeviceController::GetCompressedFabricIdBytes(MutableByteSpan & outBytes) const
    3895              : {
    3896            0 :     const auto * fabricInfo = GetFabricInfo();
    3897            0 :     VerifyOrReturnError(fabricInfo != nullptr, CHIP_ERROR_INVALID_FABRIC_INDEX);
    3898            0 :     return fabricInfo->GetCompressedFabricIdBytes(outBytes);
    3899              : }
    3900              : 
    3901            0 : CHIP_ERROR DeviceController::GetRootPublicKey(Crypto::P256PublicKey & outRootPublicKey) const
    3902              : {
    3903            0 :     const auto * fabricTable = GetFabricTable();
    3904            0 :     VerifyOrReturnError(fabricTable != nullptr, CHIP_ERROR_INCORRECT_STATE);
    3905            0 :     return fabricTable->FetchRootPubkey(mFabricIndex, outRootPublicKey);
    3906              : }
    3907              : 
    3908            0 : bool DeviceCommissioner::HasValidCommissioningMode(const Dnssd::CommissionNodeData & nodeData)
    3909              : {
    3910            0 :     if (nodeData.commissioningMode == to_underlying(Dnssd::CommissioningMode::kDisabled))
    3911              :     {
    3912            0 :         ChipLogProgress(Controller, "Discovered device does not have an open commissioning window.");
    3913            0 :         return false;
    3914              :     }
    3915            0 :     return true;
    3916              : }
    3917              : 
    3918              : } // namespace Controller
    3919              : } // namespace chip
        

Generated by: LCOV version 2.0-1