Matter SDK Coverage Report
Current view: top level - controller - CHIPDeviceController.cpp (source / functions) Coverage Total Hit
Test: SHA:4cbce7f768f16e614f5a8ccb8cd93c92cbeae70d Lines: 0.2 % 1801 3
Test Date: 2025-04-26 07:09:35 Functions: 0.5 % 195 1

            Line data    Source code
       1              : /*
       2              :  *
       3              :  *    Copyright (c) 2020-2024 Project CHIP Authors
       4              :  *    Copyright (c) 2013-2017 Nest Labs, Inc.
       5              :  *    All rights reserved.
       6              :  *
       7              :  *    Licensed under the Apache License, Version 2.0 (the "License");
       8              :  *    you may not use this file except in compliance with the License.
       9              :  *    You may obtain a copy of the License at
      10              :  *
      11              :  *        http://www.apache.org/licenses/LICENSE-2.0
      12              :  *
      13              :  *    Unless required by applicable law or agreed to in writing, software
      14              :  *    distributed under the License is distributed on an "AS IS" BASIS,
      15              :  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      16              :  *    See the License for the specific language governing permissions and
      17              :  *    limitations under the License.
      18              :  */
      19              : 
      20              : /**
      21              :  *    @file
      22              :  *      Implementation of CHIP Device Controller, a common class
      23              :  *      that implements discovery, pairing and provisioning of CHIP
      24              :  *      devices.
      25              :  *
      26              :  */
      27              : 
      28              : // module header, comes first
      29              : #include <controller/CHIPDeviceController.h>
      30              : 
      31              : #include <app-common/zap-generated/ids/Attributes.h>
      32              : #include <app-common/zap-generated/ids/Clusters.h>
      33              : 
      34              : #include <app/InteractionModelEngine.h>
      35              : #include <app/OperationalSessionSetup.h>
      36              : #include <app/server/Dnssd.h>
      37              : #include <controller/CurrentFabricRemover.h>
      38              : #include <controller/InvokeInteraction.h>
      39              : #include <controller/WriteInteraction.h>
      40              : #include <credentials/CHIPCert.h>
      41              : #include <credentials/DeviceAttestationCredsProvider.h>
      42              : #include <crypto/CHIPCryptoPAL.h>
      43              : #include <lib/core/CHIPCore.h>
      44              : #include <lib/core/CHIPEncoding.h>
      45              : #include <lib/core/CHIPSafeCasts.h>
      46              : #include <lib/core/ErrorStr.h>
      47              : #include <lib/core/NodeId.h>
      48              : #include <lib/support/Base64.h>
      49              : #include <lib/support/CHIPArgParser.hpp>
      50              : #include <lib/support/CHIPMem.h>
      51              : #include <lib/support/CodeUtils.h>
      52              : #include <lib/support/PersistentStorageMacros.h>
      53              : #include <lib/support/SafeInt.h>
      54              : #include <lib/support/ScopedBuffer.h>
      55              : #include <lib/support/ThreadOperationalDataset.h>
      56              : #include <lib/support/TimeUtils.h>
      57              : #include <lib/support/logging/CHIPLogging.h>
      58              : #include <messaging/ExchangeContext.h>
      59              : #include <platform/LockTracker.h>
      60              : #include <protocols/secure_channel/MessageCounterManager.h>
      61              : #include <setup_payload/QRCodeSetupPayloadParser.h>
      62              : #include <tracing/macros.h>
      63              : #include <tracing/metric_event.h>
      64              : 
      65              : #if CONFIG_NETWORK_LAYER_BLE
      66              : #include <ble/Ble.h>
      67              : #include <transport/raw/BLE.h>
      68              : #endif
      69              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
      70              : #include <transport/raw/WiFiPAF.h>
      71              : #endif
      72              : 
      73              : #include <algorithm>
      74              : #include <array>
      75              : #include <errno.h>
      76              : #include <inttypes.h>
      77              : #include <limits>
      78              : #include <memory>
      79              : #include <stdint.h>
      80              : #include <stdlib.h>
      81              : #include <string>
      82              : #include <time.h>
      83              : 
      84              : using namespace chip::app;
      85              : using namespace chip::app::Clusters;
      86              : using namespace chip::Inet;
      87              : using namespace chip::System;
      88              : using namespace chip::Transport;
      89              : using namespace chip::Credentials;
      90              : using namespace chip::Crypto;
      91              : using namespace chip::Tracing;
      92              : 
      93              : namespace chip {
      94              : namespace Controller {
      95              : 
      96              : using namespace chip::Encoding;
      97              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
      98              : using namespace chip::Protocols::UserDirectedCommissioning;
      99              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     100              : 
     101           88 : DeviceController::DeviceController()
     102              : {
     103            8 :     mState = State::NotInitialized;
     104            8 : }
     105              : 
     106            0 : CHIP_ERROR DeviceController::Init(ControllerInitParams params)
     107              : {
     108            0 :     assertChipStackLockedByCurrentThread();
     109              : 
     110            0 :     VerifyOrReturnError(mState == State::NotInitialized, CHIP_ERROR_INCORRECT_STATE);
     111            0 :     VerifyOrReturnError(params.systemState != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     112              : 
     113            0 :     VerifyOrReturnError(params.systemState->SystemLayer() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     114            0 :     VerifyOrReturnError(params.systemState->UDPEndPointManager() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     115              : 
     116              : #if CONFIG_NETWORK_LAYER_BLE
     117            0 :     VerifyOrReturnError(params.systemState->BleLayer() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     118              : #endif
     119              : 
     120            0 :     VerifyOrReturnError(params.systemState->TransportMgr() != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     121              : 
     122            0 :     ReturnErrorOnFailure(mDNSResolver.Init(params.systemState->UDPEndPointManager()));
     123            0 :     mDNSResolver.SetDiscoveryDelegate(this);
     124            0 :     RegisterDeviceDiscoveryDelegate(params.deviceDiscoveryDelegate);
     125              : 
     126            0 :     mVendorId = params.controllerVendorId;
     127            0 :     if (params.operationalKeypair != nullptr || !params.controllerNOC.empty() || !params.controllerRCAC.empty())
     128              :     {
     129            0 :         ReturnErrorOnFailure(InitControllerNOCChain(params));
     130              :     }
     131            0 :     else if (params.fabricIndex.HasValue())
     132              :     {
     133            0 :         VerifyOrReturnError(params.systemState->Fabrics()->FabricCount() > 0, CHIP_ERROR_INVALID_ARGUMENT);
     134            0 :         if (params.systemState->Fabrics()->FindFabricWithIndex(params.fabricIndex.Value()) != nullptr)
     135              :         {
     136            0 :             mFabricIndex = params.fabricIndex.Value();
     137              :         }
     138              :         else
     139              :         {
     140            0 :             ChipLogError(Controller, "There is no fabric corresponding to the given fabricIndex");
     141            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
     142              :         }
     143              :     }
     144              : 
     145            0 :     mSystemState = params.systemState->Retain();
     146            0 :     mState       = State::Initialized;
     147              : 
     148            0 :     mRemoveFromFabricTableOnShutdown = params.removeFromFabricTableOnShutdown;
     149            0 :     mDeleteFromFabricTableOnShutdown = params.deleteFromFabricTableOnShutdown;
     150              : 
     151            0 :     if (GetFabricIndex() != kUndefinedFabricIndex)
     152              :     {
     153            0 :         ChipLogProgress(Controller,
     154              :                         "Joined the fabric at index %d. Fabric ID is 0x" ChipLogFormatX64
     155              :                         " (Compressed Fabric ID: " ChipLogFormatX64 ")",
     156              :                         GetFabricIndex(), ChipLogValueX64(GetFabricId()), ChipLogValueX64(GetCompressedFabricId()));
     157              :     }
     158              : 
     159            0 :     return CHIP_NO_ERROR;
     160              : }
     161              : 
     162            0 : CHIP_ERROR DeviceController::InitControllerNOCChain(const ControllerInitParams & params)
     163              : {
     164            0 :     FabricInfo newFabric;
     165            0 :     constexpr uint32_t chipCertAllocatedLen = kMaxCHIPCertLength;
     166            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> rcacBuf;
     167            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> icacBuf;
     168            0 :     chip::Platform::ScopedMemoryBuffer<uint8_t> nocBuf;
     169            0 :     Credentials::P256PublicKeySpan rootPublicKeySpan;
     170              :     FabricId fabricId;
     171              :     NodeId nodeId;
     172            0 :     bool hasExternallyOwnedKeypair                   = false;
     173            0 :     Crypto::P256Keypair * externalOperationalKeypair = nullptr;
     174            0 :     VendorId newFabricVendorId                       = params.controllerVendorId;
     175              : 
     176              :     // There are three possibilities here in terms of what happens with our
     177              :     // operational key:
     178              :     // 1) We have an externally owned operational keypair.
     179              :     // 2) We have an operational keypair that the fabric table should clone via
     180              :     //    serialize/deserialize.
     181              :     // 3) We have no keypair at all, and the fabric table has been initialized
     182              :     //    with a key store.
     183            0 :     if (params.operationalKeypair != nullptr)
     184              :     {
     185            0 :         hasExternallyOwnedKeypair  = params.hasExternallyOwnedOperationalKeypair;
     186            0 :         externalOperationalKeypair = params.operationalKeypair;
     187              :     }
     188              : 
     189            0 :     VerifyOrReturnError(rcacBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     190            0 :     VerifyOrReturnError(icacBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     191            0 :     VerifyOrReturnError(nocBuf.Alloc(chipCertAllocatedLen), CHIP_ERROR_NO_MEMORY);
     192              : 
     193            0 :     MutableByteSpan rcacSpan(rcacBuf.Get(), chipCertAllocatedLen);
     194              : 
     195            0 :     ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerRCAC, rcacSpan));
     196            0 :     ReturnErrorOnFailure(Credentials::ExtractPublicKeyFromChipCert(rcacSpan, rootPublicKeySpan));
     197            0 :     Crypto::P256PublicKey rootPublicKey{ rootPublicKeySpan };
     198              : 
     199            0 :     MutableByteSpan icacSpan;
     200            0 :     if (params.controllerICAC.empty())
     201              :     {
     202            0 :         ChipLogProgress(Controller, "Intermediate CA is not needed");
     203              :     }
     204              :     else
     205              :     {
     206            0 :         icacSpan = MutableByteSpan(icacBuf.Get(), chipCertAllocatedLen);
     207            0 :         ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerICAC, icacSpan));
     208              :     }
     209              : 
     210            0 :     MutableByteSpan nocSpan = MutableByteSpan(nocBuf.Get(), chipCertAllocatedLen);
     211              : 
     212            0 :     ReturnErrorOnFailure(ConvertX509CertToChipCert(params.controllerNOC, nocSpan));
     213            0 :     ReturnErrorOnFailure(ExtractNodeIdFabricIdFromOpCert(nocSpan, &nodeId, &fabricId));
     214              : 
     215            0 :     auto * fabricTable            = params.systemState->Fabrics();
     216            0 :     const FabricInfo * fabricInfo = nullptr;
     217              : 
     218              :     //
     219              :     // When multiple controllers are permitted on the same fabric, we need to find fabrics with
     220              :     // nodeId as an extra discriminant since we can have multiple FabricInfo objects that all
     221              :     // collide on the same fabric. Not doing so may result in a match with an existing FabricInfo
     222              :     // instance that matches the fabric in the provided NOC but is associated with a different NodeId
     223              :     // that is already in use by another active controller instance. That will effectively cause it
     224              :     // to change its identity inadvertently, which is not acceptable.
     225              :     //
     226              :     // TODO: Figure out how to clean up unreclaimed FabricInfos restored from persistent
     227              :     //       storage that are not in use by active DeviceController instances. Also, figure out
     228              :     //       how to reclaim FabricInfo slots when a DeviceController instance is deleted.
     229              :     //
     230            0 :     if (params.permitMultiControllerFabrics)
     231              :     {
     232            0 :         fabricInfo = fabricTable->FindIdentity(rootPublicKey, fabricId, nodeId);
     233              :     }
     234              :     else
     235              :     {
     236            0 :         fabricInfo = fabricTable->FindFabric(rootPublicKey, fabricId);
     237              :     }
     238              : 
     239            0 :     bool fabricFoundInTable = (fabricInfo != nullptr);
     240              : 
     241            0 :     FabricIndex fabricIndex = fabricFoundInTable ? fabricInfo->GetFabricIndex() : kUndefinedFabricIndex;
     242              : 
     243            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
     244              : 
     245            0 :     auto advertiseOperational =
     246            0 :         params.enableServerInteractions ? FabricTable::AdvertiseIdentity::Yes : FabricTable::AdvertiseIdentity::No;
     247              : 
     248              :     //
     249              :     // We permit colliding fabrics when multiple controllers are present on the same logical fabric
     250              :     // since each controller is associated with a unique FabricInfo 'identity' object and consequently,
     251              :     // a unique FabricIndex.
     252              :     //
     253              :     // This sets a flag that will be cleared automatically when the fabric is committed/reverted later
     254              :     // in this function.
     255              :     //
     256            0 :     if (params.permitMultiControllerFabrics)
     257              :     {
     258            0 :         fabricTable->PermitCollidingFabrics();
     259              :     }
     260              : 
     261              :     // We have 4 cases to handle legacy usage of direct operational key injection
     262            0 :     if (externalOperationalKeypair)
     263              :     {
     264              :         // Cases 1 and 2: Injected operational keys
     265              : 
     266              :         // CASE 1: Fabric update with injected key
     267            0 :         if (fabricFoundInTable)
     268              :         {
     269            0 :             err = fabricTable->UpdatePendingFabricWithProvidedOpKey(fabricIndex, nocSpan, icacSpan, externalOperationalKeypair,
     270              :                                                                     hasExternallyOwnedKeypair, advertiseOperational);
     271              :         }
     272              :         else
     273              :         // CASE 2: New fabric with injected key
     274              :         {
     275            0 :             err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan);
     276            0 :             if (err == CHIP_NO_ERROR)
     277              :             {
     278            0 :                 err = fabricTable->AddNewPendingFabricWithProvidedOpKey(nocSpan, icacSpan, newFabricVendorId,
     279              :                                                                         externalOperationalKeypair, hasExternallyOwnedKeypair,
     280              :                                                                         &fabricIndex, advertiseOperational);
     281              :             }
     282              :         }
     283              :     }
     284              :     else
     285              :     {
     286              :         // Cases 3 and 4: OperationalKeystore has the keys
     287              : 
     288              :         // CASE 3: Fabric update with operational keystore
     289            0 :         if (fabricFoundInTable)
     290              :         {
     291            0 :             VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(fabricIndex), CHIP_ERROR_KEY_NOT_FOUND);
     292              : 
     293            0 :             err = fabricTable->UpdatePendingFabricWithOperationalKeystore(fabricIndex, nocSpan, icacSpan, advertiseOperational);
     294              :         }
     295              :         else
     296              :         // CASE 4: New fabric with operational keystore
     297              :         {
     298            0 :             err = fabricTable->AddNewPendingTrustedRootCert(rcacSpan);
     299            0 :             if (err == CHIP_NO_ERROR)
     300              :             {
     301            0 :                 err = fabricTable->AddNewPendingFabricWithOperationalKeystore(nocSpan, icacSpan, newFabricVendorId, &fabricIndex,
     302              :                                                                               advertiseOperational);
     303              :             }
     304              : 
     305            0 :             if (err == CHIP_NO_ERROR)
     306              :             {
     307              :                 // Now that we know our planned fabric index, verify that the
     308              :                 // keystore has a key for it.
     309            0 :                 if (!fabricTable->HasOperationalKeyForFabric(fabricIndex))
     310              :                 {
     311            0 :                     err = CHIP_ERROR_KEY_NOT_FOUND;
     312              :                 }
     313              :             }
     314              :         }
     315              :     }
     316              : 
     317              :     // Commit after setup, error-out on failure.
     318            0 :     if (err == CHIP_NO_ERROR)
     319              :     {
     320              :         // No need to revert on error: CommitPendingFabricData reverts internally on *any* error.
     321            0 :         err = fabricTable->CommitPendingFabricData();
     322              :     }
     323              :     else
     324              :     {
     325            0 :         fabricTable->RevertPendingFabricData();
     326              :     }
     327              : 
     328            0 :     ReturnErrorOnFailure(err);
     329            0 :     VerifyOrReturnError(fabricIndex != kUndefinedFabricIndex, CHIP_ERROR_INTERNAL);
     330              : 
     331            0 :     mFabricIndex       = fabricIndex;
     332            0 :     mAdvertiseIdentity = advertiseOperational;
     333            0 :     return CHIP_NO_ERROR;
     334            0 : }
     335              : 
     336            0 : CHIP_ERROR DeviceController::UpdateControllerNOCChain(const ByteSpan & noc, const ByteSpan & icac,
     337              :                                                       Crypto::P256Keypair * operationalKeypair,
     338              :                                                       bool operationalKeypairExternalOwned)
     339              : {
     340            0 :     VerifyOrReturnError(mFabricIndex != kUndefinedFabricIndex, CHIP_ERROR_INTERNAL);
     341            0 :     VerifyOrReturnError(mSystemState != nullptr, CHIP_ERROR_INTERNAL);
     342            0 :     FabricTable * fabricTable = mSystemState->Fabrics();
     343            0 :     CHIP_ERROR err            = CHIP_NO_ERROR;
     344              :     FabricId fabricId;
     345              :     NodeId nodeId;
     346            0 :     CATValues oldCats;
     347            0 :     CATValues newCats;
     348            0 :     ReturnErrorOnFailure(ExtractNodeIdFabricIdFromOpCert(noc, &nodeId, &fabricId));
     349            0 :     ReturnErrorOnFailure(fabricTable->FetchCATs(mFabricIndex, oldCats));
     350            0 :     ReturnErrorOnFailure(ExtractCATsFromOpCert(noc, newCats));
     351              : 
     352            0 :     bool needCloseSession = true;
     353            0 :     if (GetFabricInfo()->GetNodeId() == nodeId && oldCats == newCats)
     354              :     {
     355            0 :         needCloseSession = false;
     356              :     }
     357              : 
     358            0 :     if (operationalKeypair != nullptr)
     359              :     {
     360            0 :         err = fabricTable->UpdatePendingFabricWithProvidedOpKey(mFabricIndex, noc, icac, operationalKeypair,
     361              :                                                                 operationalKeypairExternalOwned, mAdvertiseIdentity);
     362              :     }
     363              :     else
     364              :     {
     365            0 :         VerifyOrReturnError(fabricTable->HasOperationalKeyForFabric(mFabricIndex), CHIP_ERROR_KEY_NOT_FOUND);
     366            0 :         err = fabricTable->UpdatePendingFabricWithOperationalKeystore(mFabricIndex, noc, icac, mAdvertiseIdentity);
     367              :     }
     368              : 
     369            0 :     if (err == CHIP_NO_ERROR)
     370              :     {
     371            0 :         err = fabricTable->CommitPendingFabricData();
     372              :     }
     373              :     else
     374              :     {
     375            0 :         fabricTable->RevertPendingFabricData();
     376              :     }
     377              : 
     378            0 :     ReturnErrorOnFailure(err);
     379            0 :     if (needCloseSession)
     380              :     {
     381              :         // If the node id or CATs have changed, our existing CASE sessions are no longer valid,
     382              :         // because the other side will think anything coming over those sessions comes from our
     383              :         // old node ID, and the new CATs might not satisfy the ACL requirements of the other side.
     384            0 :         mSystemState->SessionMgr()->ExpireAllSessionsForFabric(mFabricIndex);
     385              :     }
     386            0 :     ChipLogProgress(Controller, "Controller NOC chain has updated");
     387            0 :     return CHIP_NO_ERROR;
     388              : }
     389              : 
     390            0 : void DeviceController::Shutdown()
     391              : {
     392            0 :     assertChipStackLockedByCurrentThread();
     393              : 
     394            0 :     VerifyOrReturn(mState != State::NotInitialized);
     395              : 
     396              :     // If our state is initialialized it means mSystemState is valid,
     397              :     // and we can use it below before we release our reference to it.
     398            0 :     ChipLogDetail(Controller, "Shutting down the controller");
     399            0 :     mState = State::NotInitialized;
     400              : 
     401            0 :     if (mFabricIndex != kUndefinedFabricIndex)
     402              :     {
     403              :         // Shut down any subscription clients for this fabric.
     404            0 :         app::InteractionModelEngine::GetInstance()->ShutdownSubscriptions(mFabricIndex);
     405              : 
     406              :         // Shut down any ongoing CASE session activity we have.  We're going to
     407              :         // assume that all sessions for our fabric belong to us here.
     408            0 :         mSystemState->CASESessionMgr()->ReleaseSessionsForFabric(mFabricIndex);
     409              : 
     410              :         // Shut down any bdx transfers we're acting as the server for.
     411            0 :         mSystemState->BDXTransferServer()->AbortTransfersForFabric(mFabricIndex);
     412              : 
     413              :         // TODO: The CASE session manager does not shut down existing CASE
     414              :         // sessions.  It just shuts down any ongoing CASE session establishment
     415              :         // we're in the middle of as initiator.  Maybe it should shut down
     416              :         // existing sessions too?
     417            0 :         mSystemState->SessionMgr()->ExpireAllSessionsForFabric(mFabricIndex);
     418              : 
     419            0 :         if (mDeleteFromFabricTableOnShutdown)
     420              :         {
     421            0 :             mSystemState->Fabrics()->Delete(mFabricIndex);
     422              :         }
     423            0 :         else if (mRemoveFromFabricTableOnShutdown)
     424              :         {
     425            0 :             mSystemState->Fabrics()->Forget(mFabricIndex);
     426              :         }
     427              :     }
     428              : 
     429            0 :     mSystemState->Release();
     430            0 :     mSystemState = nullptr;
     431              : 
     432            0 :     mDNSResolver.Shutdown();
     433            0 :     mDeviceDiscoveryDelegate = nullptr;
     434              : }
     435              : 
     436            0 : CHIP_ERROR DeviceController::GetPeerAddressAndPort(NodeId peerId, Inet::IPAddress & addr, uint16_t & port)
     437              : {
     438            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
     439            0 :     Transport::PeerAddress peerAddr;
     440            0 :     ReturnErrorOnFailure(mSystemState->CASESessionMgr()->GetPeerAddress(GetPeerScopedId(peerId), peerAddr));
     441            0 :     addr = peerAddr.GetIPAddress();
     442            0 :     port = peerAddr.GetPort();
     443            0 :     return CHIP_NO_ERROR;
     444              : }
     445              : 
     446            0 : CHIP_ERROR DeviceController::GetPeerAddress(NodeId nodeId, Transport::PeerAddress & addr)
     447              : {
     448            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
     449            0 :     ReturnErrorOnFailure(mSystemState->CASESessionMgr()->GetPeerAddress(GetPeerScopedId(nodeId), addr));
     450              : 
     451            0 :     return CHIP_NO_ERROR;
     452              : }
     453              : 
     454            0 : CHIP_ERROR DeviceController::ComputePASEVerifier(uint32_t iterations, uint32_t setupPincode, const ByteSpan & salt,
     455              :                                                  Spake2pVerifier & outVerifier)
     456              : {
     457            0 :     ReturnErrorOnFailure(PASESession::GeneratePASEVerifier(outVerifier, iterations, salt, /* useRandomPIN= */ false, setupPincode));
     458              : 
     459            0 :     return CHIP_NO_ERROR;
     460              : }
     461              : 
     462            0 : ControllerDeviceInitParams DeviceController::GetControllerDeviceInitParams()
     463              : {
     464              :     return ControllerDeviceInitParams{
     465            0 :         .sessionManager = mSystemState->SessionMgr(),
     466            0 :         .exchangeMgr    = mSystemState->ExchangeMgr(),
     467            0 :     };
     468              : }
     469              : 
     470            0 : DeviceCommissioner::DeviceCommissioner() :
     471            0 :     mOnDeviceConnectedCallback(OnDeviceConnectedFn, this), mOnDeviceConnectionFailureCallback(OnDeviceConnectionFailureFn, this),
     472              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
     473            0 :     mOnDeviceConnectionRetryCallback(OnDeviceConnectionRetryFn, this),
     474              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
     475            0 :     mDeviceAttestationInformationVerificationCallback(OnDeviceAttestationInformationVerification, this),
     476            0 :     mDeviceNOCChainCallback(OnDeviceNOCChainGeneration, this), mSetUpCodePairer(this)
     477            0 : {}
     478              : 
     479            0 : CHIP_ERROR DeviceCommissioner::Init(CommissionerInitParams params)
     480              : {
     481            0 :     VerifyOrReturnError(params.operationalCredentialsDelegate != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     482            0 :     mOperationalCredentialsDelegate = params.operationalCredentialsDelegate;
     483            0 :     ReturnErrorOnFailure(DeviceController::Init(params));
     484              : 
     485            0 :     mPairingDelegate = params.pairingDelegate;
     486              : 
     487              :     // Configure device attestation validation
     488            0 :     mDeviceAttestationVerifier = params.deviceAttestationVerifier;
     489            0 :     if (mDeviceAttestationVerifier == nullptr)
     490              :     {
     491            0 :         mDeviceAttestationVerifier = Credentials::GetDeviceAttestationVerifier();
     492            0 :         if (mDeviceAttestationVerifier == nullptr)
     493              :         {
     494            0 :             ChipLogError(Controller,
     495              :                          "Missing DeviceAttestationVerifier configuration at DeviceCommissioner init and none set with "
     496              :                          "Credentials::SetDeviceAttestationVerifier()!");
     497            0 :             return CHIP_ERROR_INVALID_ARGUMENT;
     498              :         }
     499              : 
     500              :         // We fell back on a default from singleton accessor.
     501            0 :         ChipLogProgress(Controller,
     502              :                         "*** Missing DeviceAttestationVerifier configuration at DeviceCommissioner init: using global default, "
     503              :                         "consider passing one in CommissionerInitParams.");
     504              :     }
     505              : 
     506            0 :     if (params.defaultCommissioner != nullptr)
     507              :     {
     508            0 :         mDefaultCommissioner = params.defaultCommissioner;
     509              :     }
     510              :     else
     511              :     {
     512            0 :         mDefaultCommissioner = &mAutoCommissioner;
     513              :     }
     514              : 
     515              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
     516              :     mUdcTransportMgr = chip::Platform::New<UdcTransportMgr>();
     517              :     ReturnErrorOnFailure(mUdcTransportMgr->Init(Transport::UdpListenParameters(mSystemState->UDPEndPointManager())
     518              :                                                     .SetAddressType(Inet::IPAddressType::kIPv6)
     519              :                                                     .SetListenPort(static_cast<uint16_t>(mUdcListenPort))
     520              : #if INET_CONFIG_ENABLE_IPV4
     521              :                                                     ,
     522              :                                                 Transport::UdpListenParameters(mSystemState->UDPEndPointManager())
     523              :                                                     .SetAddressType(Inet::IPAddressType::kIPv4)
     524              :                                                     .SetListenPort(static_cast<uint16_t>(mUdcListenPort))
     525              : #endif // INET_CONFIG_ENABLE_IPV4
     526              :                                                     ));
     527              : 
     528              :     mUdcServer = chip::Platform::New<UserDirectedCommissioningServer>();
     529              :     mUdcTransportMgr->SetSessionManager(mUdcServer);
     530              :     mUdcServer->SetTransportManager(mUdcTransportMgr);
     531              : 
     532              :     mUdcServer->SetInstanceNameResolver(this);
     533              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     534              : 
     535            0 :     mSetUpCodePairer.SetSystemLayer(mSystemState->SystemLayer());
     536              : #if CONFIG_NETWORK_LAYER_BLE
     537            0 :     mSetUpCodePairer.SetBleLayer(mSystemState->BleLayer());
     538              : #endif // CONFIG_NETWORK_LAYER_BLE
     539              : 
     540            0 :     return CHIP_NO_ERROR;
     541              : }
     542              : 
     543            0 : void DeviceCommissioner::Shutdown()
     544              : {
     545            0 :     VerifyOrReturn(mState != State::NotInitialized);
     546              : 
     547            0 :     ChipLogDetail(Controller, "Shutting down the commissioner");
     548              : 
     549            0 :     mSetUpCodePairer.StopPairing();
     550              : 
     551              :     // Check to see if pairing in progress before shutting down
     552            0 :     CommissioneeDeviceProxy * device = mDeviceInPASEEstablishment;
     553            0 :     if (device != nullptr && device->IsSessionSetupInProgress())
     554              :     {
     555            0 :         ChipLogDetail(Controller, "Setup in progress, stopping setup before shutting down");
     556            0 :         OnSessionEstablishmentError(CHIP_ERROR_CONNECTION_ABORTED);
     557              :     }
     558              : 
     559            0 :     CancelCommissioningInteractions();
     560              : 
     561              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
     562              :     if (mUdcTransportMgr != nullptr)
     563              :     {
     564              :         chip::Platform::Delete(mUdcTransportMgr);
     565              :         mUdcTransportMgr = nullptr;
     566              :     }
     567              :     if (mUdcServer != nullptr)
     568              :     {
     569              :         mUdcServer->SetInstanceNameResolver(nullptr);
     570              :         chip::Platform::Delete(mUdcServer);
     571              :         mUdcServer = nullptr;
     572              :     }
     573              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
     574              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     575            0 :     WiFiPAF::WiFiPAFLayer::GetWiFiPAFLayer().Shutdown(
     576            0 :         [](uint32_t id, WiFiPAF::WiFiPafRole role) { DeviceLayer::ConnectivityMgr().WiFiPAFShutdown(id, role); });
     577              : #endif
     578              : 
     579              :     // Release everything from the commissionee device pool here.
     580              :     // Make sure to use ReleaseCommissioneeDevice so we don't keep dangling
     581              :     // pointers to the device objects.
     582            0 :     mCommissioneeDevicePool.ForEachActiveObject([this](auto * commissioneeDevice) {
     583            0 :         ReleaseCommissioneeDevice(commissioneeDevice);
     584            0 :         return Loop::Continue;
     585              :     });
     586              : 
     587            0 :     DeviceController::Shutdown();
     588              : }
     589              : 
     590            0 : CommissioneeDeviceProxy * DeviceCommissioner::FindCommissioneeDevice(NodeId id)
     591              : {
     592              :     MATTER_TRACE_SCOPE("FindCommissioneeDevice", "DeviceCommissioner");
     593            0 :     CommissioneeDeviceProxy * foundDevice = nullptr;
     594            0 :     mCommissioneeDevicePool.ForEachActiveObject([&](auto * deviceProxy) {
     595            0 :         if (deviceProxy->GetDeviceId() == id)
     596              :         {
     597            0 :             foundDevice = deviceProxy;
     598            0 :             return Loop::Break;
     599              :         }
     600            0 :         return Loop::Continue;
     601              :     });
     602              : 
     603            0 :     return foundDevice;
     604              : }
     605              : 
     606            0 : CommissioneeDeviceProxy * DeviceCommissioner::FindCommissioneeDevice(const Transport::PeerAddress & peerAddress)
     607              : {
     608            0 :     CommissioneeDeviceProxy * foundDevice = nullptr;
     609            0 :     mCommissioneeDevicePool.ForEachActiveObject([&](auto * deviceProxy) {
     610            0 :         if (deviceProxy->GetPeerAddress() == peerAddress)
     611              :         {
     612            0 :             foundDevice = deviceProxy;
     613            0 :             return Loop::Break;
     614              :         }
     615            0 :         return Loop::Continue;
     616              :     });
     617              : 
     618            0 :     return foundDevice;
     619              : }
     620              : 
     621            0 : void DeviceCommissioner::ReleaseCommissioneeDevice(CommissioneeDeviceProxy * device)
     622              : {
     623              : #if CONFIG_NETWORK_LAYER_BLE
     624            0 :     if (mSystemState->BleLayer() != nullptr && device->GetDeviceTransportType() == Transport::Type::kBle)
     625              :     {
     626              :         // We only support one BLE connection, so if this is BLE, close it
     627            0 :         ChipLogProgress(Discovery, "Closing all BLE connections");
     628            0 :         mSystemState->BleLayer()->CloseAllBleConnections();
     629              :     }
     630              : #endif
     631              :     // Make sure that there will be no dangling pointer
     632            0 :     if (mDeviceInPASEEstablishment == device)
     633              :     {
     634            0 :         mDeviceInPASEEstablishment = nullptr;
     635              :     }
     636            0 :     if (mDeviceBeingCommissioned == device)
     637              :     {
     638            0 :         mDeviceBeingCommissioned = nullptr;
     639              :     }
     640              : 
     641              :     // Release the commissionee device after we have nulled out our pointers,
     642              :     // because that can call back in to us with error notifications as the
     643              :     // session is released.
     644            0 :     mCommissioneeDevicePool.ReleaseObject(device);
     645            0 : }
     646              : 
     647            0 : CHIP_ERROR DeviceCommissioner::GetDeviceBeingCommissioned(NodeId deviceId, CommissioneeDeviceProxy ** out_device)
     648              : {
     649            0 :     VerifyOrReturnError(out_device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     650            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(deviceId);
     651              : 
     652            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
     653              : 
     654            0 :     *out_device = device;
     655              : 
     656            0 :     return CHIP_NO_ERROR;
     657              : }
     658              : 
     659            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, const char * setUpCode, const CommissioningParameters & params,
     660              :                                           DiscoveryType discoveryType, Optional<Dnssd::CommonResolutionData> resolutionData)
     661              : {
     662              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     663              : 
     664            0 :     if (mDefaultCommissioner == nullptr)
     665              :     {
     666            0 :         ChipLogError(Controller, "No default commissioner is specified");
     667            0 :         return CHIP_ERROR_INCORRECT_STATE;
     668              :     }
     669            0 :     ReturnErrorOnFailure(mDefaultCommissioner->SetCommissioningParameters(params));
     670              : 
     671            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kCommission, discoveryType,
     672            0 :                                        resolutionData);
     673              : }
     674              : 
     675            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, const char * setUpCode, DiscoveryType discoveryType,
     676              :                                           Optional<Dnssd::CommonResolutionData> resolutionData)
     677              : {
     678              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     679            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kCommission, discoveryType,
     680            0 :                                        resolutionData);
     681              : }
     682              : 
     683            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, RendezvousParameters & params)
     684              : {
     685              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     686            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, EstablishPASEConnection(remoteDeviceId, params));
     687            0 :     auto errorCode = Commission(remoteDeviceId);
     688            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     689            0 :     return errorCode;
     690              : }
     691              : 
     692            0 : CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, RendezvousParameters & rendezvousParams,
     693              :                                           CommissioningParameters & commissioningParams)
     694              : {
     695              :     MATTER_TRACE_SCOPE("PairDevice", "DeviceCommissioner");
     696            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, EstablishPASEConnection(remoteDeviceId, rendezvousParams));
     697            0 :     auto errorCode = Commission(remoteDeviceId, commissioningParams);
     698            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     699            0 :     return errorCode;
     700              : }
     701              : 
     702            0 : CHIP_ERROR DeviceCommissioner::EstablishPASEConnection(NodeId remoteDeviceId, const char * setUpCode, DiscoveryType discoveryType,
     703              :                                                        Optional<Dnssd::CommonResolutionData> resolutionData)
     704              : {
     705              :     MATTER_TRACE_SCOPE("EstablishPASEConnection", "DeviceCommissioner");
     706            0 :     return mSetUpCodePairer.PairDevice(remoteDeviceId, setUpCode, SetupCodePairerBehaviour::kPaseOnly, discoveryType,
     707            0 :                                        resolutionData);
     708              : }
     709              : 
     710            0 : CHIP_ERROR DeviceCommissioner::EstablishPASEConnection(NodeId remoteDeviceId, RendezvousParameters & params)
     711              : {
     712              :     MATTER_TRACE_SCOPE("EstablishPASEConnection", "DeviceCommissioner");
     713              :     MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerPASESession);
     714              : 
     715            0 :     CHIP_ERROR err                     = CHIP_NO_ERROR;
     716            0 :     CommissioneeDeviceProxy * device   = nullptr;
     717            0 :     CommissioneeDeviceProxy * current  = nullptr;
     718            0 :     Transport::PeerAddress peerAddress = Transport::PeerAddress::UDP(Inet::IPAddress::Any);
     719              : 
     720            0 :     Messaging::ExchangeContext * exchangeCtxt = nullptr;
     721            0 :     Optional<SessionHandle> session;
     722              : 
     723            0 :     VerifyOrExit(mState == State::Initialized, err = CHIP_ERROR_INCORRECT_STATE);
     724            0 :     VerifyOrExit(mDeviceInPASEEstablishment == nullptr, err = CHIP_ERROR_INCORRECT_STATE);
     725              : 
     726              :     // TODO(#13940): We need to specify the peer address for BLE transport in bindings.
     727            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kBle ||
     728            0 :         params.GetPeerAddress().GetTransportType() == Transport::Type::kUndefined)
     729              :     {
     730              : #if CONFIG_NETWORK_LAYER_BLE
     731              : #if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
     732              :         ConnectBleTransportToSelf();
     733              : #endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
     734            0 :         if (!params.HasBleLayer())
     735              :         {
     736            0 :             params.SetPeerAddress(Transport::PeerAddress::BLE());
     737              :         }
     738            0 :         peerAddress = Transport::PeerAddress::BLE();
     739              : #endif // CONFIG_NETWORK_LAYER_BLE
     740              :     }
     741            0 :     else if (params.GetPeerAddress().GetTransportType() == Transport::Type::kTcp ||
     742            0 :              params.GetPeerAddress().GetTransportType() == Transport::Type::kUdp)
     743              :     {
     744            0 :         peerAddress = Transport::PeerAddress::UDP(params.GetPeerAddress().GetIPAddress(), params.GetPeerAddress().GetPort(),
     745            0 :                                                   params.GetPeerAddress().GetInterface());
     746              :     }
     747              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     748            0 :     else if (params.GetPeerAddress().GetTransportType() == Transport::Type::kWiFiPAF)
     749              :     {
     750            0 :         peerAddress = Transport::PeerAddress::WiFiPAF(remoteDeviceId);
     751              :     }
     752              : #endif // CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     753              : 
     754            0 :     current = FindCommissioneeDevice(peerAddress);
     755            0 :     if (current != nullptr)
     756              :     {
     757            0 :         if (current->GetDeviceId() == remoteDeviceId)
     758              :         {
     759              :             // We might be able to just reuse its connection if it has one or is
     760              :             // working on one.
     761            0 :             if (current->IsSecureConnected())
     762              :             {
     763            0 :                 if (mPairingDelegate)
     764              :                 {
     765              :                     // We already have an open secure session to this device, call the callback immediately and early return.
     766            0 :                     mPairingDelegate->OnPairingComplete(CHIP_NO_ERROR);
     767              :                 }
     768              :                 MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, CHIP_NO_ERROR);
     769            0 :                 return CHIP_NO_ERROR;
     770              :             }
     771            0 :             if (current->IsSessionSetupInProgress())
     772              :             {
     773              :                 // We're not connected yet, but we're in the process of connecting. Pairing delegate will get a callback when
     774              :                 // connection completes
     775            0 :                 return CHIP_NO_ERROR;
     776              :             }
     777              :         }
     778              : 
     779              :         // Either the consumer wants to assign a different device id to this
     780              :         // peer address now (so we can't reuse the commissionee device we have
     781              :         // already) or something has gone strange. Delete the old device, try
     782              :         // again.
     783            0 :         ChipLogError(Controller, "Found unconnected device, removing");
     784            0 :         ReleaseCommissioneeDevice(current);
     785              :     }
     786              : 
     787            0 :     device = mCommissioneeDevicePool.CreateObject();
     788            0 :     VerifyOrExit(device != nullptr, err = CHIP_ERROR_NO_MEMORY);
     789              : 
     790            0 :     mDeviceInPASEEstablishment = device;
     791            0 :     device->Init(GetControllerDeviceInitParams(), remoteDeviceId, peerAddress);
     792            0 :     device->UpdateDeviceData(params.GetPeerAddress(), params.GetMRPConfig());
     793              : 
     794              : #if CONFIG_NETWORK_LAYER_BLE
     795            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kBle)
     796              :     {
     797            0 :         if (params.HasConnectionObject())
     798              :         {
     799            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByObject(params.GetConnectionObject()));
     800              :         }
     801            0 :         else if (params.HasDiscoveredObject())
     802              :         {
     803              :             // The RendezvousParameters argument needs to be recovered if the search succeed, so save them
     804              :             // for later.
     805            0 :             mRendezvousParametersForDeviceDiscoveredOverBle = params;
     806            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByObject(params.GetDiscoveredObject(), this,
     807              :                                                                                    OnDiscoveredDeviceOverBleSuccess,
     808              :                                                                                    OnDiscoveredDeviceOverBleError));
     809            0 :             ExitNow(CHIP_NO_ERROR);
     810              :         }
     811            0 :         else if (params.HasDiscriminator())
     812              :         {
     813              :             // The RendezvousParameters argument needs to be recovered if the search succeed, so save them
     814              :             // for later.
     815            0 :             mRendezvousParametersForDeviceDiscoveredOverBle = params;
     816              : 
     817            0 :             SuccessOrExit(err = mSystemState->BleLayer()->NewBleConnectionByDiscriminator(params.GetSetupDiscriminator().value(),
     818              :                                                                                           this, OnDiscoveredDeviceOverBleSuccess,
     819              :                                                                                           OnDiscoveredDeviceOverBleError));
     820            0 :             ExitNow(CHIP_NO_ERROR);
     821              :         }
     822              :         else
     823              :         {
     824            0 :             ExitNow(err = CHIP_ERROR_INVALID_ARGUMENT);
     825              :         }
     826              :     }
     827              : #endif
     828              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     829            0 :     if (params.GetPeerAddress().GetTransportType() == Transport::Type::kWiFiPAF)
     830              :     {
     831            0 :         if (DeviceLayer::ConnectivityMgr().GetWiFiPAF()->GetWiFiPAFState() != WiFiPAF::State::kConnected)
     832              :         {
     833            0 :             ChipLogProgress(Controller, "WiFi-PAF: Subscribing to the NAN-USD devices, nodeId: %lu",
     834              :                             params.GetPeerAddress().GetRemoteId());
     835            0 :             if (!DeviceLayer::ConnectivityMgrImpl().IsWiFiManagementStarted())
     836              :             {
     837            0 :                 ChipLogError(Controller, "Wi-Fi Management should have been started now.");
     838            0 :                 ExitNow(CHIP_ERROR_INTERNAL);
     839              :             }
     840            0 :             mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = params;
     841            0 :             auto nodeId                                         = params.GetPeerAddress().GetRemoteId();
     842            0 :             const SetupDiscriminator connDiscriminator(params.GetSetupDiscriminator().value());
     843            0 :             VerifyOrReturnValue(!connDiscriminator.IsShortDiscriminator(), CHIP_ERROR_INVALID_ARGUMENT,
     844              :                                 ChipLogError(Controller, "Error, Long discriminator is required"));
     845            0 :             uint16_t discriminator              = connDiscriminator.GetLongValue();
     846            0 :             WiFiPAF::WiFiPAFSession sessionInfo = { .role          = WiFiPAF::WiFiPafRole::kWiFiPafRole_Subscriber,
     847              :                                                     .nodeId        = nodeId,
     848            0 :                                                     .discriminator = discriminator };
     849            0 :             ReturnErrorOnFailure(
     850              :                 DeviceLayer::ConnectivityMgr().GetWiFiPAF()->AddPafSession(WiFiPAF::PafInfoAccess::kAccNodeInfo, sessionInfo));
     851            0 :             DeviceLayer::ConnectivityMgr().WiFiPAFSubscribe(discriminator, reinterpret_cast<void *>(this),
     852              :                                                             OnWiFiPAFSubscribeComplete, OnWiFiPAFSubscribeError);
     853            0 :             ExitNow(CHIP_NO_ERROR);
     854              :         }
     855              :     }
     856              : #endif
     857            0 :     session = mSystemState->SessionMgr()->CreateUnauthenticatedSession(params.GetPeerAddress(), params.GetMRPConfig());
     858            0 :     VerifyOrExit(session.HasValue(), err = CHIP_ERROR_NO_MEMORY);
     859              : 
     860              :     // Allocate the exchange immediately before calling PASESession::Pair.
     861              :     //
     862              :     // PASESession::Pair takes ownership of the exchange and will free it on
     863              :     // error, but can only do this if it is actually called.  Allocating the
     864              :     // exchange context right before calling Pair ensures that if allocation
     865              :     // succeeds, PASESession has taken ownership.
     866            0 :     exchangeCtxt = mSystemState->ExchangeMgr()->NewContext(session.Value(), &device->GetPairing());
     867            0 :     VerifyOrExit(exchangeCtxt != nullptr, err = CHIP_ERROR_INTERNAL);
     868              : 
     869            0 :     err = device->GetPairing().Pair(*mSystemState->SessionMgr(), params.GetSetupPINCode(), GetLocalMRPConfig(), exchangeCtxt, this);
     870            0 :     SuccessOrExit(err);
     871              : 
     872            0 : exit:
     873            0 :     if (err != CHIP_NO_ERROR)
     874              :     {
     875            0 :         if (device != nullptr)
     876              :         {
     877            0 :             ReleaseCommissioneeDevice(device);
     878              :         }
     879              :         MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, err);
     880              :     }
     881              : 
     882            0 :     return err;
     883            0 : }
     884              : 
     885              : #if CONFIG_NETWORK_LAYER_BLE
     886            0 : void DeviceCommissioner::OnDiscoveredDeviceOverBleSuccess(void * appState, BLE_CONNECTION_OBJECT connObj)
     887              : {
     888            0 :     auto self   = static_cast<DeviceCommissioner *>(appState);
     889            0 :     auto device = self->mDeviceInPASEEstablishment;
     890              : 
     891            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kBle)
     892              :     {
     893            0 :         auto remoteId = device->GetDeviceId();
     894              : 
     895            0 :         auto params = self->mRendezvousParametersForDeviceDiscoveredOverBle;
     896            0 :         params.SetConnectionObject(connObj);
     897            0 :         self->mRendezvousParametersForDeviceDiscoveredOverBle = RendezvousParameters();
     898              : 
     899            0 :         self->ReleaseCommissioneeDevice(device);
     900            0 :         LogErrorOnFailure(self->EstablishPASEConnection(remoteId, params));
     901              :     }
     902            0 : }
     903              : 
     904            0 : void DeviceCommissioner::OnDiscoveredDeviceOverBleError(void * appState, CHIP_ERROR err)
     905              : {
     906            0 :     auto self   = static_cast<DeviceCommissioner *>(appState);
     907            0 :     auto device = self->mDeviceInPASEEstablishment;
     908              : 
     909            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kBle)
     910              :     {
     911            0 :         self->ReleaseCommissioneeDevice(device);
     912            0 :         self->mRendezvousParametersForDeviceDiscoveredOverBle = RendezvousParameters();
     913              : 
     914              :         // Callback is required when BLE discovery fails, otherwise the caller will always be in a suspended state
     915              :         // A better way to handle it should define a new error code
     916            0 :         if (self->mPairingDelegate != nullptr)
     917              :         {
     918            0 :             self->mPairingDelegate->OnPairingComplete(err);
     919              :         }
     920              :     }
     921            0 : }
     922              : #endif // CONFIG_NETWORK_LAYER_BLE
     923              : 
     924              : #if CHIP_DEVICE_CONFIG_ENABLE_WIFIPAF
     925            0 : void DeviceCommissioner::OnWiFiPAFSubscribeComplete(void * appState)
     926              : {
     927            0 :     auto self   = reinterpret_cast<DeviceCommissioner *>(appState);
     928            0 :     auto device = self->mDeviceInPASEEstablishment;
     929              : 
     930            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kWiFiPAF)
     931              :     {
     932            0 :         ChipLogProgress(Controller, "WiFi-PAF: Subscription Completed, dev_id = %lu", device->GetDeviceId());
     933            0 :         auto remoteId = device->GetDeviceId();
     934            0 :         auto params   = self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF;
     935              : 
     936            0 :         self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = RendezvousParameters();
     937            0 :         self->ReleaseCommissioneeDevice(device);
     938            0 :         LogErrorOnFailure(self->EstablishPASEConnection(remoteId, params));
     939              :     }
     940            0 : }
     941              : 
     942            0 : void DeviceCommissioner::OnWiFiPAFSubscribeError(void * appState, CHIP_ERROR err)
     943              : {
     944            0 :     auto self   = (DeviceCommissioner *) appState;
     945            0 :     auto device = self->mDeviceInPASEEstablishment;
     946              : 
     947            0 :     if (nullptr != device && device->GetDeviceTransportType() == Transport::Type::kWiFiPAF)
     948              :     {
     949            0 :         ChipLogError(Controller, "WiFi-PAF: Subscription Error, id = %lu, err = %" CHIP_ERROR_FORMAT, device->GetDeviceId(),
     950              :                      err.Format());
     951            0 :         self->ReleaseCommissioneeDevice(device);
     952            0 :         self->mRendezvousParametersForDeviceDiscoveredOverWiFiPAF = RendezvousParameters();
     953            0 :         if (self->mPairingDelegate != nullptr)
     954              :         {
     955            0 :             self->mPairingDelegate->OnPairingComplete(err);
     956              :         }
     957              :     }
     958            0 : }
     959              : #endif
     960              : 
     961            0 : CHIP_ERROR DeviceCommissioner::Commission(NodeId remoteDeviceId, CommissioningParameters & params)
     962              : {
     963            0 :     if (mDefaultCommissioner == nullptr)
     964              :     {
     965            0 :         ChipLogError(Controller, "No default commissioner is specified");
     966            0 :         return CHIP_ERROR_INCORRECT_STATE;
     967              :     }
     968            0 :     ReturnErrorOnFailureWithMetric(kMetricDeviceCommissionerCommission, mDefaultCommissioner->SetCommissioningParameters(params));
     969            0 :     auto errorCode = Commission(remoteDeviceId);
     970            0 :     VerifyOrDoWithMetric(kMetricDeviceCommissionerCommission, CHIP_NO_ERROR == errorCode, errorCode);
     971            0 :     return errorCode;
     972              : }
     973              : 
     974            0 : CHIP_ERROR DeviceCommissioner::Commission(NodeId remoteDeviceId)
     975              : {
     976              :     MATTER_TRACE_SCOPE("Commission", "DeviceCommissioner");
     977              : 
     978            0 :     if (mDefaultCommissioner == nullptr)
     979              :     {
     980            0 :         ChipLogError(Controller, "No default commissioner is specified");
     981            0 :         return CHIP_ERROR_INCORRECT_STATE;
     982              :     }
     983              : 
     984            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(remoteDeviceId);
     985            0 :     if (device == nullptr || (!device->IsSecureConnected() && !device->IsSessionSetupInProgress()))
     986              :     {
     987            0 :         ChipLogError(Controller, "Invalid device for commissioning " ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
     988            0 :         return CHIP_ERROR_INCORRECT_STATE;
     989              :     }
     990            0 :     if (!device->IsSecureConnected() && device != mDeviceInPASEEstablishment)
     991              :     {
     992              :         // We should not end up in this state because we won't attempt to establish more than one connection at a time.
     993            0 :         ChipLogError(Controller, "Device is not connected and not being paired " ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
     994            0 :         return CHIP_ERROR_INCORRECT_STATE;
     995              :     }
     996              : 
     997            0 :     if (mCommissioningStage != CommissioningStage::kSecurePairing)
     998              :     {
     999            0 :         ChipLogError(Controller, "Commissioning already in progress (stage '%s') - not restarting",
    1000              :                      StageToString(mCommissioningStage));
    1001            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1002              :     }
    1003              : 
    1004            0 :     ChipLogProgress(Controller, "Commission called for node ID 0x" ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1005              : 
    1006            0 :     mDefaultCommissioner->SetOperationalCredentialsDelegate(mOperationalCredentialsDelegate);
    1007            0 :     if (device->IsSecureConnected())
    1008              :     {
    1009              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerCommission);
    1010            0 :         mDefaultCommissioner->StartCommissioning(this, device);
    1011              :     }
    1012              :     else
    1013              :     {
    1014            0 :         mRunCommissioningAfterConnection = true;
    1015              :     }
    1016            0 :     return CHIP_NO_ERROR;
    1017              : }
    1018              : 
    1019              : CHIP_ERROR
    1020            0 : DeviceCommissioner::ContinueCommissioningAfterDeviceAttestation(DeviceProxy * device,
    1021              :                                                                 Credentials::AttestationVerificationResult attestationResult)
    1022              : {
    1023              :     MATTER_TRACE_SCOPE("continueCommissioningDevice", "DeviceCommissioner");
    1024              : 
    1025            0 :     if (mDefaultCommissioner == nullptr)
    1026              :     {
    1027            0 :         ChipLogError(Controller, "No default commissioner is specified");
    1028            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1029              :     }
    1030              : 
    1031            0 :     if (device == nullptr || device != mDeviceBeingCommissioned)
    1032              :     {
    1033            0 :         ChipLogError(Controller, "Invalid device for commissioning %p", device);
    1034            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1035              :     }
    1036            0 :     CommissioneeDeviceProxy * commissioneeDevice = FindCommissioneeDevice(device->GetDeviceId());
    1037            0 :     if (commissioneeDevice == nullptr)
    1038              :     {
    1039            0 :         ChipLogError(Controller, "Couldn't find commissionee device");
    1040            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1041              :     }
    1042            0 :     if (!commissioneeDevice->IsSecureConnected() || commissioneeDevice != mDeviceBeingCommissioned)
    1043              :     {
    1044            0 :         ChipLogError(Controller, "Invalid device for commissioning after attestation failure: 0x" ChipLogFormatX64,
    1045              :                      ChipLogValueX64(commissioneeDevice->GetDeviceId()));
    1046            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1047              :     }
    1048              : 
    1049            0 :     if (mCommissioningStage != CommissioningStage::kAttestationRevocationCheck)
    1050              :     {
    1051            0 :         ChipLogError(Controller, "Commissioning is not attestation verification phase");
    1052            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1053              :     }
    1054              : 
    1055            0 :     ChipLogProgress(Controller, "Continuing commissioning after attestation failure for device ID 0x" ChipLogFormatX64,
    1056              :                     ChipLogValueX64(commissioneeDevice->GetDeviceId()));
    1057              : 
    1058            0 :     if (attestationResult != AttestationVerificationResult::kSuccess)
    1059              :     {
    1060            0 :         ChipLogError(Controller, "Client selected error: %u for failed 'Attestation Information' for device",
    1061              :                      to_underlying(attestationResult));
    1062              : 
    1063            0 :         CommissioningDelegate::CommissioningReport report;
    1064            0 :         report.Set<AttestationErrorInfo>(attestationResult);
    1065            0 :         CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1066            0 :     }
    1067              :     else
    1068              :     {
    1069            0 :         ChipLogProgress(Controller, "Overriding attestation failure per client and continuing commissioning");
    1070            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    1071              :     }
    1072            0 :     return CHIP_NO_ERROR;
    1073              : }
    1074              : 
    1075            0 : CHIP_ERROR DeviceCommissioner::StopPairing(NodeId remoteDeviceId)
    1076              : {
    1077            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1078            0 :     VerifyOrReturnError(remoteDeviceId != kUndefinedNodeId, CHIP_ERROR_INVALID_ARGUMENT);
    1079              : 
    1080            0 :     ChipLogProgress(Controller, "StopPairing called for node ID 0x" ChipLogFormatX64, ChipLogValueX64(remoteDeviceId));
    1081              : 
    1082              :     // If we're still in the process of discovering the device, just stop the SetUpCodePairer
    1083            0 :     if (mSetUpCodePairer.StopPairing(remoteDeviceId))
    1084              :     {
    1085            0 :         mRunCommissioningAfterConnection = false;
    1086            0 :         return CHIP_NO_ERROR;
    1087              :     }
    1088              : 
    1089              :     // Otherwise we might be pairing and / or commissioning it.
    1090            0 :     CommissioneeDeviceProxy * device = FindCommissioneeDevice(remoteDeviceId);
    1091            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_DEVICE_DESCRIPTOR);
    1092              : 
    1093            0 :     if (mDeviceBeingCommissioned == device)
    1094              :     {
    1095            0 :         CancelCommissioningInteractions();
    1096            0 :         CommissioningStageComplete(CHIP_ERROR_CANCELLED);
    1097              :     }
    1098              :     else
    1099              :     {
    1100            0 :         ReleaseCommissioneeDevice(device);
    1101              :     }
    1102            0 :     return CHIP_NO_ERROR;
    1103              : }
    1104              : 
    1105            0 : void DeviceCommissioner::CancelCommissioningInteractions()
    1106              : {
    1107            0 :     if (mReadClient)
    1108              :     {
    1109            0 :         ChipLogDetail(Controller, "Cancelling read request for step '%s'", StageToString(mCommissioningStage));
    1110            0 :         mReadClient.reset(); // destructor cancels
    1111            0 :         mAttributeCache.reset();
    1112              :     }
    1113            0 :     if (mInvokeCancelFn)
    1114              :     {
    1115            0 :         ChipLogDetail(Controller, "Cancelling command invocation for step '%s'", StageToString(mCommissioningStage));
    1116            0 :         mInvokeCancelFn();
    1117            0 :         mInvokeCancelFn = nullptr;
    1118              :     }
    1119            0 :     if (mWriteCancelFn)
    1120              :     {
    1121            0 :         ChipLogDetail(Controller, "Cancelling write request for step '%s'", StageToString(mCommissioningStage));
    1122            0 :         mWriteCancelFn();
    1123            0 :         mWriteCancelFn = nullptr;
    1124              :     }
    1125            0 :     if (mOnDeviceConnectedCallback.IsRegistered())
    1126              :     {
    1127            0 :         ChipLogDetail(Controller, "Cancelling CASE setup for step '%s'", StageToString(mCommissioningStage));
    1128            0 :         CancelCASECallbacks();
    1129              :     }
    1130            0 : }
    1131              : 
    1132            0 : void DeviceCommissioner::CancelCASECallbacks()
    1133              : {
    1134            0 :     mOnDeviceConnectedCallback.Cancel();
    1135            0 :     mOnDeviceConnectionFailureCallback.Cancel();
    1136              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    1137            0 :     mOnDeviceConnectionRetryCallback.Cancel();
    1138              : #endif
    1139            0 : }
    1140              : 
    1141            0 : CHIP_ERROR DeviceCommissioner::UnpairDevice(NodeId remoteDeviceId)
    1142              : {
    1143              :     MATTER_TRACE_SCOPE("UnpairDevice", "DeviceCommissioner");
    1144            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1145              : 
    1146            0 :     return AutoCurrentFabricRemover::RemoveCurrentFabric(this, remoteDeviceId);
    1147              : }
    1148              : 
    1149            0 : void DeviceCommissioner::RendezvousCleanup(CHIP_ERROR status)
    1150              : {
    1151            0 :     if (mDeviceInPASEEstablishment != nullptr)
    1152              :     {
    1153              :         // Release the commissionee device. For BLE, this is stored,
    1154              :         // for IP commissioning, we have taken a reference to the
    1155              :         // operational node to send the completion command.
    1156            0 :         ReleaseCommissioneeDevice(mDeviceInPASEEstablishment);
    1157              : 
    1158            0 :         if (mPairingDelegate != nullptr)
    1159              :         {
    1160            0 :             mPairingDelegate->OnPairingComplete(status);
    1161              :         }
    1162              :     }
    1163            0 : }
    1164              : 
    1165            0 : void DeviceCommissioner::OnSessionEstablishmentError(CHIP_ERROR err)
    1166              : {
    1167              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, err);
    1168              : 
    1169            0 :     if (mPairingDelegate != nullptr)
    1170              :     {
    1171            0 :         mPairingDelegate->OnStatusUpdate(DevicePairingDelegate::SecurePairingFailed);
    1172              :     }
    1173              : 
    1174            0 :     RendezvousCleanup(err);
    1175            0 : }
    1176              : 
    1177            0 : void DeviceCommissioner::OnSessionEstablished(const SessionHandle & session)
    1178              : {
    1179              :     // PASE session established.
    1180            0 :     CommissioneeDeviceProxy * device = mDeviceInPASEEstablishment;
    1181              : 
    1182              :     // We are in the callback for this pairing. Reset so we can pair another device.
    1183            0 :     mDeviceInPASEEstablishment = nullptr;
    1184              : 
    1185            0 :     VerifyOrReturn(device != nullptr, OnSessionEstablishmentError(CHIP_ERROR_INVALID_DEVICE_DESCRIPTOR));
    1186              : 
    1187            0 :     CHIP_ERROR err = device->SetConnected(session);
    1188            0 :     if (err != CHIP_NO_ERROR)
    1189              :     {
    1190            0 :         ChipLogError(Controller, "Failed in setting up secure channel: err %s", ErrorStr(err));
    1191            0 :         OnSessionEstablishmentError(err);
    1192            0 :         return;
    1193              :     }
    1194              : 
    1195            0 :     ChipLogDetail(Controller, "Remote device completed SPAKE2+ handshake");
    1196              : 
    1197              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerPASESession, CHIP_NO_ERROR);
    1198            0 :     if (mPairingDelegate != nullptr)
    1199              :     {
    1200            0 :         mPairingDelegate->OnPairingComplete(CHIP_NO_ERROR);
    1201              :     }
    1202              : 
    1203            0 :     if (mRunCommissioningAfterConnection)
    1204              :     {
    1205            0 :         mRunCommissioningAfterConnection = false;
    1206              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissionerCommission);
    1207            0 :         mDefaultCommissioner->StartCommissioning(this, device);
    1208              :     }
    1209              : }
    1210              : 
    1211            0 : CHIP_ERROR DeviceCommissioner::SendCertificateChainRequestCommand(DeviceProxy * device,
    1212              :                                                                   Credentials::CertificateType certificateType,
    1213              :                                                                   Optional<System::Clock::Timeout> timeout)
    1214              : {
    1215              :     MATTER_TRACE_SCOPE("SendCertificateChainRequestCommand", "DeviceCommissioner");
    1216            0 :     ChipLogDetail(Controller, "Sending Certificate Chain request to %p device", device);
    1217            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1218              : 
    1219            0 :     OperationalCredentials::Commands::CertificateChainRequest::Type request;
    1220            0 :     request.certificateType = static_cast<OperationalCredentials::CertificateChainTypeEnum>(certificateType);
    1221            0 :     return SendCommissioningCommand(device, request, OnCertificateChainResponse, OnCertificateChainFailureResponse, kRootEndpointId,
    1222            0 :                                     timeout);
    1223              : }
    1224              : 
    1225            0 : void DeviceCommissioner::OnCertificateChainFailureResponse(void * context, CHIP_ERROR error)
    1226              : {
    1227              :     MATTER_TRACE_SCOPE("OnCertificateChainFailureResponse", "DeviceCommissioner");
    1228            0 :     ChipLogProgress(Controller, "Device failed to receive the Certificate Chain request Response: %s", chip::ErrorStr(error));
    1229            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1230            0 :     commissioner->CommissioningStageComplete(error);
    1231            0 : }
    1232              : 
    1233            0 : void DeviceCommissioner::OnCertificateChainResponse(
    1234              :     void * context, const chip::app::Clusters::OperationalCredentials::Commands::CertificateChainResponse::DecodableType & response)
    1235              : {
    1236              :     MATTER_TRACE_SCOPE("OnCertificateChainResponse", "DeviceCommissioner");
    1237            0 :     ChipLogProgress(Controller, "Received certificate chain from the device");
    1238            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1239              : 
    1240            0 :     CommissioningDelegate::CommissioningReport report;
    1241            0 :     report.Set<RequestedCertificate>(RequestedCertificate(response.certificate));
    1242              : 
    1243            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1244            0 : }
    1245              : 
    1246            0 : CHIP_ERROR DeviceCommissioner::SendAttestationRequestCommand(DeviceProxy * device, const ByteSpan & attestationNonce,
    1247              :                                                              Optional<System::Clock::Timeout> timeout)
    1248              : {
    1249              :     MATTER_TRACE_SCOPE("SendAttestationRequestCommand", "DeviceCommissioner");
    1250            0 :     ChipLogDetail(Controller, "Sending Attestation request to %p device", device);
    1251            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1252              : 
    1253            0 :     OperationalCredentials::Commands::AttestationRequest::Type request;
    1254            0 :     request.attestationNonce = attestationNonce;
    1255              : 
    1256            0 :     ReturnErrorOnFailure(
    1257              :         SendCommissioningCommand(device, request, OnAttestationResponse, OnAttestationFailureResponse, kRootEndpointId, timeout));
    1258            0 :     ChipLogDetail(Controller, "Sent Attestation request, waiting for the Attestation Information");
    1259            0 :     return CHIP_NO_ERROR;
    1260              : }
    1261              : 
    1262            0 : void DeviceCommissioner::OnAttestationFailureResponse(void * context, CHIP_ERROR error)
    1263              : {
    1264              :     MATTER_TRACE_SCOPE("OnAttestationFailureResponse", "DeviceCommissioner");
    1265            0 :     ChipLogProgress(Controller, "Device failed to receive the Attestation Information Response: %s", chip::ErrorStr(error));
    1266            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1267            0 :     commissioner->CommissioningStageComplete(error);
    1268            0 : }
    1269              : 
    1270            0 : void DeviceCommissioner::OnAttestationResponse(void * context,
    1271              :                                                const OperationalCredentials::Commands::AttestationResponse::DecodableType & data)
    1272              : {
    1273              :     MATTER_TRACE_SCOPE("OnAttestationResponse", "DeviceCommissioner");
    1274            0 :     ChipLogProgress(Controller, "Received Attestation Information from the device");
    1275            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1276              : 
    1277            0 :     CommissioningDelegate::CommissioningReport report;
    1278            0 :     report.Set<AttestationResponse>(AttestationResponse(data.attestationElements, data.attestationSignature));
    1279            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1280            0 : }
    1281              : 
    1282            0 : void DeviceCommissioner::OnDeviceAttestationInformationVerification(
    1283              :     void * context, const Credentials::DeviceAttestationVerifier::AttestationInfo & info, AttestationVerificationResult result)
    1284              : {
    1285              :     MATTER_TRACE_SCOPE("OnDeviceAttestationInformationVerification", "DeviceCommissioner");
    1286            0 :     DeviceCommissioner * commissioner = reinterpret_cast<DeviceCommissioner *>(context);
    1287              : 
    1288            0 :     if (commissioner->mCommissioningStage == CommissioningStage::kAttestationVerification)
    1289              :     {
    1290              :         // Check for revoked DAC Chain before calling delegate. Enter next stage.
    1291              : 
    1292            0 :         CommissioningDelegate::CommissioningReport report;
    1293            0 :         report.Set<AttestationErrorInfo>(result);
    1294              : 
    1295            0 :         return commissioner->CommissioningStageComplete(
    1296            0 :             result == AttestationVerificationResult::kSuccess ? CHIP_NO_ERROR : CHIP_ERROR_INTERNAL, report);
    1297            0 :     }
    1298              : 
    1299            0 :     if (!commissioner->mDeviceBeingCommissioned)
    1300              :     {
    1301            0 :         ChipLogError(Controller, "Device attestation verification result received when we're not commissioning a device");
    1302            0 :         return;
    1303              :     }
    1304              : 
    1305            0 :     auto & params = commissioner->mDefaultCommissioner->GetCommissioningParameters();
    1306            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1307              : 
    1308            0 :     if (params.GetCompletionStatus().attestationResult.HasValue())
    1309              :     {
    1310            0 :         auto previousResult = params.GetCompletionStatus().attestationResult.Value();
    1311            0 :         if (previousResult != AttestationVerificationResult::kSuccess)
    1312              :         {
    1313            0 :             result = previousResult;
    1314              :         }
    1315              :     }
    1316              : 
    1317            0 :     if (result != AttestationVerificationResult::kSuccess)
    1318              :     {
    1319            0 :         CommissioningDelegate::CommissioningReport report;
    1320            0 :         report.Set<AttestationErrorInfo>(result);
    1321            0 :         if (result == AttestationVerificationResult::kNotImplemented)
    1322              :         {
    1323            0 :             ChipLogError(Controller,
    1324              :                          "Failed in verifying 'Attestation Information' command received from the device due to default "
    1325              :                          "DeviceAttestationVerifier Class not being overridden by a real implementation.");
    1326            0 :             commissioner->CommissioningStageComplete(CHIP_ERROR_NOT_IMPLEMENTED, report);
    1327            0 :             return;
    1328              :         }
    1329              : 
    1330            0 :         ChipLogError(Controller,
    1331              :                      "Failed in verifying 'Attestation Information' command received from the device: err %hu. Look at "
    1332              :                      "AttestationVerificationResult enum to understand the errors",
    1333              :                      static_cast<uint16_t>(result));
    1334              :         // Go look at AttestationVerificationResult enum in src/credentials/attestation_verifier/DeviceAttestationVerifier.h to
    1335              :         // understand the errors.
    1336              : 
    1337              :         // If a device attestation status delegate is installed, delegate handling of failure to the client and let them
    1338              :         // decide on whether to proceed further or not.
    1339            0 :         if (deviceAttestationDelegate)
    1340              :         {
    1341            0 :             commissioner->ExtendArmFailSafeForDeviceAttestation(info, result);
    1342              :         }
    1343              :         else
    1344              :         {
    1345            0 :             commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1346              :         }
    1347            0 :     }
    1348              :     else
    1349              :     {
    1350            0 :         if (deviceAttestationDelegate && deviceAttestationDelegate->ShouldWaitAfterDeviceAttestation())
    1351              :         {
    1352            0 :             commissioner->ExtendArmFailSafeForDeviceAttestation(info, result);
    1353              :         }
    1354              :         else
    1355              :         {
    1356            0 :             ChipLogProgress(Controller, "Successfully validated 'Attestation Information' command received from the device.");
    1357            0 :             commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1358              :         }
    1359              :     }
    1360              : }
    1361              : 
    1362            0 : void DeviceCommissioner::OnArmFailSafeExtendedForDeviceAttestation(
    1363              :     void * context, const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType &)
    1364              : {
    1365            0 :     ChipLogProgress(Controller, "Successfully extended fail-safe timer to handle DA failure");
    1366            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1367              : 
    1368              :     // We have completed our command invoke, but we're not going to finish the
    1369              :     // commissioning step until our client examines the attestation
    1370              :     // information.  Clear out mInvokeCancelFn (which points at the
    1371              :     // CommandSender we just finished using) now, so it's not dangling.
    1372            0 :     commissioner->mInvokeCancelFn = nullptr;
    1373              : 
    1374            0 :     commissioner->HandleDeviceAttestationCompleted();
    1375            0 : }
    1376              : 
    1377            0 : void DeviceCommissioner::HandleDeviceAttestationCompleted()
    1378              : {
    1379            0 :     if (!mDeviceBeingCommissioned)
    1380              :     {
    1381            0 :         return;
    1382              :     }
    1383              : 
    1384            0 :     auto & params                                                      = mDefaultCommissioner->GetCommissioningParameters();
    1385            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1386            0 :     if (deviceAttestationDelegate)
    1387              :     {
    1388            0 :         ChipLogProgress(Controller, "Device attestation completed, delegating continuation to client");
    1389            0 :         deviceAttestationDelegate->OnDeviceAttestationCompleted(this, mDeviceBeingCommissioned, *mAttestationDeviceInfo,
    1390              :                                                                 mAttestationResult);
    1391              :     }
    1392              :     else
    1393              :     {
    1394            0 :         ChipLogProgress(Controller, "Device attestation failed and no delegate set, failing commissioning");
    1395            0 :         CommissioningDelegate::CommissioningReport report;
    1396            0 :         report.Set<AttestationErrorInfo>(mAttestationResult);
    1397            0 :         CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1398            0 :     }
    1399              : }
    1400              : 
    1401            0 : void DeviceCommissioner::OnFailedToExtendedArmFailSafeDeviceAttestation(void * context, CHIP_ERROR error)
    1402              : {
    1403            0 :     ChipLogProgress(Controller, "Failed to extend fail-safe timer to handle attestation failure %s", chip::ErrorStr(error));
    1404            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1405              : 
    1406            0 :     CommissioningDelegate::CommissioningReport report;
    1407            0 :     report.Set<AttestationErrorInfo>(commissioner->mAttestationResult);
    1408            0 :     commissioner->CommissioningStageComplete(CHIP_ERROR_INTERNAL, report);
    1409            0 : }
    1410              : 
    1411            0 : void DeviceCommissioner::OnICDManagementRegisterClientResponse(
    1412              :     void * context, const app::Clusters::IcdManagement::Commands::RegisterClientResponse::DecodableType & data)
    1413              : {
    1414            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    1415            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1416            0 :     VerifyOrExit(commissioner != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT);
    1417            0 :     VerifyOrExit(commissioner->mCommissioningStage == CommissioningStage::kICDRegistration, err = CHIP_ERROR_INCORRECT_STATE);
    1418            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1419              : 
    1420            0 :     if (commissioner->mPairingDelegate != nullptr)
    1421              :     {
    1422            0 :         commissioner->mPairingDelegate->OnICDRegistrationComplete(
    1423            0 :             ScopedNodeId(commissioner->mDeviceBeingCommissioned->GetDeviceId(), commissioner->GetFabricIndex()), data.ICDCounter);
    1424              :     }
    1425              : 
    1426            0 : exit:
    1427            0 :     CommissioningDelegate::CommissioningReport report;
    1428            0 :     commissioner->CommissioningStageComplete(err, report);
    1429            0 : }
    1430              : 
    1431            0 : void DeviceCommissioner::OnICDManagementStayActiveResponse(
    1432              :     void * context, const app::Clusters::IcdManagement::Commands::StayActiveResponse::DecodableType & data)
    1433              : {
    1434            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    1435            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1436            0 :     VerifyOrExit(commissioner != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT);
    1437            0 :     VerifyOrExit(commissioner->mCommissioningStage == CommissioningStage::kICDSendStayActive, err = CHIP_ERROR_INCORRECT_STATE);
    1438            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1439              : 
    1440            0 :     if (commissioner->mPairingDelegate != nullptr)
    1441              :     {
    1442            0 :         commissioner->mPairingDelegate->OnICDStayActiveComplete(
    1443              : 
    1444            0 :             ScopedNodeId(commissioner->mDeviceBeingCommissioned->GetDeviceId(), commissioner->GetFabricIndex()),
    1445            0 :             data.promisedActiveDuration);
    1446              :     }
    1447              : 
    1448            0 : exit:
    1449            0 :     CommissioningDelegate::CommissioningReport report;
    1450            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1451            0 : }
    1452              : 
    1453            0 : bool DeviceCommissioner::ExtendArmFailSafeInternal(DeviceProxy * proxy, CommissioningStage step, uint16_t armFailSafeTimeout,
    1454              :                                                    Optional<System::Clock::Timeout> commandTimeout,
    1455              :                                                    OnExtendFailsafeSuccess onSuccess, OnExtendFailsafeFailure onFailure,
    1456              :                                                    bool fireAndForget)
    1457              : {
    1458              :     using namespace System;
    1459              :     using namespace System::Clock;
    1460            0 :     auto now                = SystemClock().GetMonotonicTimestamp();
    1461            0 :     auto newFailSafeTimeout = now + Seconds16(armFailSafeTimeout);
    1462            0 :     if (newFailSafeTimeout < proxy->GetFailSafeExpirationTimestamp())
    1463              :     {
    1464            0 :         ChipLogProgress(
    1465              :             Controller, "Skipping arming failsafe: new time (%u seconds from now) before old time (%u seconds from now)",
    1466              :             armFailSafeTimeout, std::chrono::duration_cast<Seconds16>(proxy->GetFailSafeExpirationTimestamp() - now).count());
    1467            0 :         return false;
    1468              :     }
    1469              : 
    1470            0 :     uint64_t breadcrumb = static_cast<uint64_t>(step);
    1471            0 :     GeneralCommissioning::Commands::ArmFailSafe::Type request;
    1472            0 :     request.expiryLengthSeconds = armFailSafeTimeout;
    1473            0 :     request.breadcrumb          = breadcrumb;
    1474            0 :     ChipLogProgress(Controller, "Arming failsafe (%u seconds)", request.expiryLengthSeconds);
    1475            0 :     CHIP_ERROR err = SendCommissioningCommand(proxy, request, onSuccess, onFailure, kRootEndpointId, commandTimeout, fireAndForget);
    1476            0 :     if (err != CHIP_NO_ERROR)
    1477              :     {
    1478            0 :         onFailure((!fireAndForget) ? this : nullptr, err);
    1479            0 :         return true; // we have called onFailure already
    1480              :     }
    1481              : 
    1482              :     // Note: The stored timestamp may become invalid if we fail asynchronously
    1483            0 :     proxy->SetFailSafeExpirationTimestamp(newFailSafeTimeout);
    1484            0 :     return true;
    1485              : }
    1486              : 
    1487            0 : void DeviceCommissioner::ExtendArmFailSafeForDeviceAttestation(const Credentials::DeviceAttestationVerifier::AttestationInfo & info,
    1488              :                                                                Credentials::AttestationVerificationResult result)
    1489              : {
    1490            0 :     mAttestationResult = result;
    1491              : 
    1492            0 :     auto & params                                                      = mDefaultCommissioner->GetCommissioningParameters();
    1493            0 :     Credentials::DeviceAttestationDelegate * deviceAttestationDelegate = params.GetDeviceAttestationDelegate();
    1494              : 
    1495            0 :     mAttestationDeviceInfo = Platform::MakeUnique<Credentials::DeviceAttestationVerifier::AttestationDeviceInfo>(info);
    1496              : 
    1497            0 :     auto expiryLengthSeconds      = deviceAttestationDelegate->FailSafeExpiryTimeoutSecs();
    1498            0 :     bool waitForFailsafeExtension = expiryLengthSeconds.HasValue();
    1499            0 :     if (waitForFailsafeExtension)
    1500              :     {
    1501            0 :         ChipLogProgress(Controller, "Changing fail-safe timer to %u seconds to handle DA failure", expiryLengthSeconds.Value());
    1502              :         // Per spec, anything we do with the fail-safe armed must not time out
    1503              :         // in less than kMinimumCommissioningStepTimeout.
    1504              :         waitForFailsafeExtension =
    1505            0 :             ExtendArmFailSafeInternal(mDeviceBeingCommissioned, mCommissioningStage, expiryLengthSeconds.Value(),
    1506            0 :                                       MakeOptional(kMinimumCommissioningStepTimeout), OnArmFailSafeExtendedForDeviceAttestation,
    1507              :                                       OnFailedToExtendedArmFailSafeDeviceAttestation, /* fireAndForget = */ false);
    1508              :     }
    1509              :     else
    1510              :     {
    1511            0 :         ChipLogProgress(Controller, "Proceeding without changing fail-safe timer value as delegate has not set it");
    1512              :     }
    1513              : 
    1514            0 :     if (!waitForFailsafeExtension)
    1515              :     {
    1516            0 :         HandleDeviceAttestationCompleted();
    1517              :     }
    1518            0 : }
    1519              : 
    1520            0 : CHIP_ERROR DeviceCommissioner::ValidateAttestationInfo(const Credentials::DeviceAttestationVerifier::AttestationInfo & info)
    1521              : {
    1522              :     MATTER_TRACE_SCOPE("ValidateAttestationInfo", "DeviceCommissioner");
    1523            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1524            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1525              : 
    1526            0 :     mDeviceAttestationVerifier->VerifyAttestationInformation(info, &mDeviceAttestationInformationVerificationCallback);
    1527              : 
    1528              :     // TODO: Validate Firmware Information
    1529              : 
    1530            0 :     return CHIP_NO_ERROR;
    1531              : }
    1532              : 
    1533              : CHIP_ERROR
    1534            0 : DeviceCommissioner::CheckForRevokedDACChain(const Credentials::DeviceAttestationVerifier::AttestationInfo & info)
    1535              : {
    1536              :     MATTER_TRACE_SCOPE("CheckForRevokedDACChain", "DeviceCommissioner");
    1537            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1538            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1539              : 
    1540            0 :     mDeviceAttestationVerifier->CheckForRevokedDACChain(info, &mDeviceAttestationInformationVerificationCallback);
    1541              : 
    1542            0 :     return CHIP_NO_ERROR;
    1543              : }
    1544              : 
    1545            0 : CHIP_ERROR DeviceCommissioner::ValidateCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements,
    1546              :                                            const ByteSpan & AttestationSignature, const ByteSpan & dac, const ByteSpan & csrNonce)
    1547              : {
    1548              :     MATTER_TRACE_SCOPE("ValidateCSR", "DeviceCommissioner");
    1549            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1550            0 :     VerifyOrReturnError(mDeviceAttestationVerifier != nullptr, CHIP_ERROR_INCORRECT_STATE);
    1551              : 
    1552            0 :     P256PublicKey dacPubkey;
    1553            0 :     ReturnErrorOnFailure(ExtractPubkeyFromX509Cert(dac, dacPubkey));
    1554              : 
    1555              :     // Retrieve attestation challenge
    1556              :     ByteSpan attestationChallenge =
    1557            0 :         proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge();
    1558              : 
    1559              :     // The operational CA should also verify this on its end during NOC generation, if end-to-end attestation is desired.
    1560            0 :     return mDeviceAttestationVerifier->VerifyNodeOperationalCSRInformation(NOCSRElements, attestationChallenge,
    1561            0 :                                                                            AttestationSignature, dacPubkey, csrNonce);
    1562            0 : }
    1563              : 
    1564            0 : CHIP_ERROR DeviceCommissioner::SendOperationalCertificateSigningRequestCommand(DeviceProxy * device, const ByteSpan & csrNonce,
    1565              :                                                                                Optional<System::Clock::Timeout> timeout)
    1566              : {
    1567              :     MATTER_TRACE_SCOPE("SendOperationalCertificateSigningRequestCommand", "DeviceCommissioner");
    1568            0 :     ChipLogDetail(Controller, "Sending CSR request to %p device", device);
    1569            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1570              : 
    1571            0 :     OperationalCredentials::Commands::CSRRequest::Type request;
    1572            0 :     request.CSRNonce = csrNonce;
    1573              : 
    1574            0 :     ReturnErrorOnFailure(SendCommissioningCommand(device, request, OnOperationalCertificateSigningRequest, OnCSRFailureResponse,
    1575              :                                                   kRootEndpointId, timeout));
    1576            0 :     ChipLogDetail(Controller, "Sent CSR request, waiting for the CSR");
    1577            0 :     return CHIP_NO_ERROR;
    1578              : }
    1579              : 
    1580            0 : void DeviceCommissioner::OnCSRFailureResponse(void * context, CHIP_ERROR error)
    1581              : {
    1582              :     MATTER_TRACE_SCOPE("OnCSRFailureResponse", "DeviceCommissioner");
    1583            0 :     ChipLogProgress(Controller, "Device failed to receive the CSR request Response: %s", chip::ErrorStr(error));
    1584            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1585            0 :     commissioner->CommissioningStageComplete(error);
    1586            0 : }
    1587              : 
    1588            0 : void DeviceCommissioner::OnOperationalCertificateSigningRequest(
    1589              :     void * context, const OperationalCredentials::Commands::CSRResponse::DecodableType & data)
    1590              : {
    1591              :     MATTER_TRACE_SCOPE("OnOperationalCertificateSigningRequest", "DeviceCommissioner");
    1592            0 :     ChipLogProgress(Controller, "Received certificate signing request from the device");
    1593            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1594              : 
    1595            0 :     CommissioningDelegate::CommissioningReport report;
    1596            0 :     report.Set<CSRResponse>(CSRResponse(data.NOCSRElements, data.attestationSignature));
    1597            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    1598            0 : }
    1599              : 
    1600            0 : void DeviceCommissioner::OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const ByteSpan & noc, const ByteSpan & icac,
    1601              :                                                     const ByteSpan & rcac, Optional<IdentityProtectionKeySpan> ipk,
    1602              :                                                     Optional<NodeId> adminSubject)
    1603              : {
    1604              :     MATTER_TRACE_SCOPE("OnDeviceNOCChainGeneration", "DeviceCommissioner");
    1605            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1606              : 
    1607              :     // The placeholder IPK is not satisfactory, but is there to fill the NocChain struct on error. It will still fail.
    1608            0 :     const uint8_t placeHolderIpk[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    1609              :                                        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
    1610            0 :     if (status == CHIP_NO_ERROR && !ipk.HasValue())
    1611              :     {
    1612            0 :         ChipLogError(Controller, "Did not have an IPK from the OperationalCredentialsIssuer! Cannot commission.");
    1613            0 :         status = CHIP_ERROR_INVALID_ARGUMENT;
    1614              :     }
    1615              : 
    1616            0 :     ChipLogProgress(Controller, "Received callback from the CA for NOC Chain generation. Status %s", ErrorStr(status));
    1617            0 :     if (status == CHIP_NO_ERROR && commissioner->mState != State::Initialized)
    1618              :     {
    1619            0 :         status = CHIP_ERROR_INCORRECT_STATE;
    1620              :     }
    1621            0 :     if (status != CHIP_NO_ERROR)
    1622              :     {
    1623            0 :         ChipLogError(Controller, "Failed in generating device's operational credentials. Error %s", ErrorStr(status));
    1624              :     }
    1625              : 
    1626              :     // TODO - Verify that the generated root cert matches with commissioner's root cert
    1627            0 :     CommissioningDelegate::CommissioningReport report;
    1628            0 :     report.Set<NocChain>(NocChain(noc, icac, rcac, ipk.HasValue() ? ipk.Value() : IdentityProtectionKeySpan(placeHolderIpk),
    1629            0 :                                   adminSubject.HasValue() ? adminSubject.Value() : commissioner->GetNodeId()));
    1630            0 :     commissioner->CommissioningStageComplete(status, report);
    1631            0 : }
    1632              : 
    1633            0 : CHIP_ERROR DeviceCommissioner::IssueNOCChain(const ByteSpan & NOCSRElements, NodeId nodeId,
    1634              :                                              chip::Callback::Callback<OnNOCChainGeneration> * callback)
    1635              : {
    1636              :     MATTER_TRACE_SCOPE("IssueNOCChain", "DeviceCommissioner");
    1637            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1638              : 
    1639            0 :     ChipLogProgress(Controller, "Getting certificate chain for the device on fabric idx %u", static_cast<unsigned>(mFabricIndex));
    1640              : 
    1641            0 :     mOperationalCredentialsDelegate->SetNodeIdForNextNOCRequest(nodeId);
    1642              : 
    1643            0 :     if (mFabricIndex != kUndefinedFabricIndex)
    1644              :     {
    1645            0 :         mOperationalCredentialsDelegate->SetFabricIdForNextNOCRequest(GetFabricId());
    1646              :     }
    1647              : 
    1648              :     // Note: we don't have attestationSignature, attestationChallenge, DAC, PAI so we are just providing an empty ByteSpan
    1649              :     // for those arguments.
    1650            0 :     return mOperationalCredentialsDelegate->GenerateNOCChain(NOCSRElements, ByteSpan(), ByteSpan(), ByteSpan(), ByteSpan(),
    1651            0 :                                                              ByteSpan(), callback);
    1652              : }
    1653              : 
    1654            0 : CHIP_ERROR DeviceCommissioner::ProcessCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements,
    1655              :                                           const ByteSpan & AttestationSignature, const ByteSpan & dac, const ByteSpan & pai,
    1656              :                                           const ByteSpan & csrNonce)
    1657              : {
    1658              :     MATTER_TRACE_SCOPE("ProcessOpCSR", "DeviceCommissioner");
    1659            0 :     VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
    1660              : 
    1661            0 :     ChipLogProgress(Controller, "Getting certificate chain for the device from the issuer");
    1662              : 
    1663            0 :     P256PublicKey dacPubkey;
    1664            0 :     ReturnErrorOnFailure(ExtractPubkeyFromX509Cert(dac, dacPubkey));
    1665              : 
    1666              :     // Retrieve attestation challenge
    1667              :     ByteSpan attestationChallenge =
    1668            0 :         proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge();
    1669              : 
    1670            0 :     mOperationalCredentialsDelegate->SetNodeIdForNextNOCRequest(proxy->GetDeviceId());
    1671              : 
    1672            0 :     if (mFabricIndex != kUndefinedFabricIndex)
    1673              :     {
    1674            0 :         mOperationalCredentialsDelegate->SetFabricIdForNextNOCRequest(GetFabricId());
    1675              :     }
    1676              : 
    1677            0 :     return mOperationalCredentialsDelegate->GenerateNOCChain(NOCSRElements, csrNonce, AttestationSignature, attestationChallenge,
    1678            0 :                                                              dac, pai, &mDeviceNOCChainCallback);
    1679            0 : }
    1680              : 
    1681            0 : CHIP_ERROR DeviceCommissioner::SendOperationalCertificate(DeviceProxy * device, const ByteSpan & nocCertBuf,
    1682              :                                                           const Optional<ByteSpan> & icaCertBuf,
    1683              :                                                           const IdentityProtectionKeySpan ipk, const NodeId adminSubject,
    1684              :                                                           Optional<System::Clock::Timeout> timeout)
    1685              : {
    1686              :     MATTER_TRACE_SCOPE("SendOperationalCertificate", "DeviceCommissioner");
    1687              : 
    1688            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1689              : 
    1690            0 :     OperationalCredentials::Commands::AddNOC::Type request;
    1691            0 :     request.NOCValue         = nocCertBuf;
    1692            0 :     request.ICACValue        = icaCertBuf;
    1693            0 :     request.IPKValue         = ipk;
    1694            0 :     request.caseAdminSubject = adminSubject;
    1695            0 :     request.adminVendorId    = mVendorId;
    1696              : 
    1697            0 :     ReturnErrorOnFailure(SendCommissioningCommand(device, request, OnOperationalCertificateAddResponse, OnAddNOCFailureResponse,
    1698              :                                                   kRootEndpointId, timeout));
    1699              : 
    1700            0 :     ChipLogProgress(Controller, "Sent operational certificate to the device");
    1701              : 
    1702            0 :     return CHIP_NO_ERROR;
    1703              : }
    1704              : 
    1705            0 : CHIP_ERROR DeviceCommissioner::ConvertFromOperationalCertStatus(OperationalCredentials::NodeOperationalCertStatusEnum err)
    1706              : {
    1707              :     using OperationalCredentials::NodeOperationalCertStatusEnum;
    1708            0 :     switch (err)
    1709              :     {
    1710            0 :     case NodeOperationalCertStatusEnum::kOk:
    1711            0 :         return CHIP_NO_ERROR;
    1712            0 :     case NodeOperationalCertStatusEnum::kInvalidPublicKey:
    1713            0 :         return CHIP_ERROR_INVALID_PUBLIC_KEY;
    1714            0 :     case NodeOperationalCertStatusEnum::kInvalidNodeOpId:
    1715            0 :         return CHIP_ERROR_WRONG_NODE_ID;
    1716            0 :     case NodeOperationalCertStatusEnum::kInvalidNOC:
    1717            0 :         return CHIP_ERROR_UNSUPPORTED_CERT_FORMAT;
    1718            0 :     case NodeOperationalCertStatusEnum::kMissingCsr:
    1719            0 :         return CHIP_ERROR_INCORRECT_STATE;
    1720            0 :     case NodeOperationalCertStatusEnum::kTableFull:
    1721            0 :         return CHIP_ERROR_NO_MEMORY;
    1722            0 :     case NodeOperationalCertStatusEnum::kInvalidAdminSubject:
    1723            0 :         return CHIP_ERROR_INVALID_ADMIN_SUBJECT;
    1724            0 :     case NodeOperationalCertStatusEnum::kFabricConflict:
    1725            0 :         return CHIP_ERROR_FABRIC_EXISTS;
    1726            0 :     case NodeOperationalCertStatusEnum::kLabelConflict:
    1727            0 :         return CHIP_ERROR_INVALID_ARGUMENT;
    1728            0 :     case NodeOperationalCertStatusEnum::kInvalidFabricIndex:
    1729            0 :         return CHIP_ERROR_INVALID_FABRIC_INDEX;
    1730            0 :     case NodeOperationalCertStatusEnum::kUnknownEnumValue:
    1731              :         // Is this a reasonable value?
    1732            0 :         return CHIP_ERROR_CERT_LOAD_FAILED;
    1733              :     }
    1734              : 
    1735            0 :     return CHIP_ERROR_CERT_LOAD_FAILED;
    1736              : }
    1737              : 
    1738            0 : void DeviceCommissioner::OnAddNOCFailureResponse(void * context, CHIP_ERROR error)
    1739              : {
    1740              :     MATTER_TRACE_SCOPE("OnAddNOCFailureResponse", "DeviceCommissioner");
    1741            0 :     ChipLogProgress(Controller, "Device failed to receive the operational certificate Response: %s", chip::ErrorStr(error));
    1742            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1743            0 :     commissioner->CommissioningStageComplete(error);
    1744            0 : }
    1745              : 
    1746            0 : void DeviceCommissioner::OnOperationalCertificateAddResponse(
    1747              :     void * context, const OperationalCredentials::Commands::NOCResponse::DecodableType & data)
    1748              : {
    1749              :     MATTER_TRACE_SCOPE("OnOperationalCertificateAddResponse", "DeviceCommissioner");
    1750            0 :     ChipLogProgress(Controller, "Device returned status %d on receiving the NOC", to_underlying(data.statusCode));
    1751            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1752              : 
    1753            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    1754              : 
    1755            0 :     VerifyOrExit(commissioner->mState == State::Initialized, err = CHIP_ERROR_INCORRECT_STATE);
    1756              : 
    1757            0 :     VerifyOrExit(commissioner->mDeviceBeingCommissioned != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
    1758              : 
    1759            0 :     err = ConvertFromOperationalCertStatus(data.statusCode);
    1760            0 :     SuccessOrExit(err);
    1761              : 
    1762            0 :     err = commissioner->OnOperationalCredentialsProvisioningCompletion(commissioner->mDeviceBeingCommissioned);
    1763              : 
    1764            0 : exit:
    1765            0 :     if (err != CHIP_NO_ERROR)
    1766              :     {
    1767            0 :         ChipLogProgress(Controller, "Add NOC failed with error %s", ErrorStr(err));
    1768            0 :         commissioner->CommissioningStageComplete(err);
    1769              :     }
    1770            0 : }
    1771              : 
    1772            0 : CHIP_ERROR DeviceCommissioner::SendTrustedRootCertificate(DeviceProxy * device, const ByteSpan & rcac,
    1773              :                                                           Optional<System::Clock::Timeout> timeout)
    1774              : {
    1775              :     MATTER_TRACE_SCOPE("SendTrustedRootCertificate", "DeviceCommissioner");
    1776            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1777              : 
    1778            0 :     ChipLogProgress(Controller, "Sending root certificate to the device");
    1779              : 
    1780            0 :     OperationalCredentials::Commands::AddTrustedRootCertificate::Type request;
    1781            0 :     request.rootCACertificate = rcac;
    1782            0 :     ReturnErrorOnFailure(
    1783              :         SendCommissioningCommand(device, request, OnRootCertSuccessResponse, OnRootCertFailureResponse, kRootEndpointId, timeout));
    1784              : 
    1785            0 :     ChipLogProgress(Controller, "Sent root certificate to the device");
    1786              : 
    1787            0 :     return CHIP_NO_ERROR;
    1788              : }
    1789              : 
    1790            0 : void DeviceCommissioner::OnRootCertSuccessResponse(void * context, const chip::app::DataModel::NullObjectType &)
    1791              : {
    1792              :     MATTER_TRACE_SCOPE("OnRootCertSuccessResponse", "DeviceCommissioner");
    1793            0 :     ChipLogProgress(Controller, "Device confirmed that it has received the root certificate");
    1794            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1795            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1796            0 : }
    1797              : 
    1798            0 : void DeviceCommissioner::OnRootCertFailureResponse(void * context, CHIP_ERROR error)
    1799              : {
    1800              :     MATTER_TRACE_SCOPE("OnRootCertFailureResponse", "DeviceCommissioner");
    1801            0 :     ChipLogProgress(Controller, "Device failed to receive the root certificate Response: %s", chip::ErrorStr(error));
    1802            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1803            0 :     commissioner->CommissioningStageComplete(error);
    1804            0 : }
    1805              : 
    1806            0 : CHIP_ERROR DeviceCommissioner::OnOperationalCredentialsProvisioningCompletion(DeviceProxy * device)
    1807              : {
    1808              :     MATTER_TRACE_SCOPE("OnOperationalCredentialsProvisioningCompletion", "DeviceCommissioner");
    1809            0 :     ChipLogProgress(Controller, "Operational credentials provisioned on device %p", device);
    1810            0 :     VerifyOrReturnError(device != nullptr, CHIP_ERROR_INVALID_ARGUMENT);
    1811              : 
    1812            0 :     if (mPairingDelegate != nullptr)
    1813              :     {
    1814            0 :         mPairingDelegate->OnStatusUpdate(DevicePairingDelegate::SecurePairingSuccess);
    1815              :     }
    1816            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    1817              : 
    1818            0 :     return CHIP_NO_ERROR;
    1819              : }
    1820              : 
    1821              : #if CONFIG_NETWORK_LAYER_BLE
    1822              : #if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
    1823              : void DeviceCommissioner::ConnectBleTransportToSelf()
    1824              : {
    1825              :     Transport::BLEBase & transport = std::get<Transport::BLE<1>>(mSystemState->TransportMgr()->GetTransport().GetTransports());
    1826              :     if (!transport.IsBleLayerTransportSetToSelf())
    1827              :     {
    1828              :         transport.SetBleLayerTransportToSelf();
    1829              :     }
    1830              : }
    1831              : #endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
    1832              : 
    1833            0 : void DeviceCommissioner::CloseBleConnection()
    1834              : {
    1835              :     // It is fine since we can only commission one device at the same time.
    1836              :     // We should be able to distinguish different BLE connections if we want
    1837              :     // to commission multiple devices at the same time over BLE.
    1838            0 :     mSystemState->BleLayer()->CloseAllBleConnections();
    1839            0 : }
    1840              : #endif
    1841              : 
    1842            0 : CHIP_ERROR DeviceCommissioner::DiscoverCommissionableNodes(Dnssd::DiscoveryFilter filter)
    1843              : {
    1844            0 :     ReturnErrorOnFailure(SetUpNodeDiscovery());
    1845            0 :     return mDNSResolver.DiscoverCommissionableNodes(filter);
    1846              : }
    1847              : 
    1848            0 : CHIP_ERROR DeviceCommissioner::StopCommissionableDiscovery()
    1849              : {
    1850            0 :     return mDNSResolver.StopDiscovery();
    1851              : }
    1852              : 
    1853            0 : const Dnssd::CommissionNodeData * DeviceCommissioner::GetDiscoveredDevice(int idx)
    1854              : {
    1855            0 :     return GetDiscoveredNode(idx);
    1856              : }
    1857              : 
    1858              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
    1859              : 
    1860              : CHIP_ERROR DeviceCommissioner::SetUdcListenPort(uint16_t listenPort)
    1861              : {
    1862              :     if (mState == State::Initialized)
    1863              :     {
    1864              :         return CHIP_ERROR_INCORRECT_STATE;
    1865              :     }
    1866              : 
    1867              :     mUdcListenPort = listenPort;
    1868              :     return CHIP_NO_ERROR;
    1869              : }
    1870              : 
    1871              : void DeviceCommissioner::FindCommissionableNode(char * instanceName)
    1872              : {
    1873              :     Dnssd::DiscoveryFilter filter(Dnssd::DiscoveryFilterType::kInstanceName, instanceName);
    1874              :     DiscoverCommissionableNodes(filter);
    1875              : }
    1876              : 
    1877              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1878              : 
    1879            0 : void DeviceCommissioner::OnNodeDiscovered(const chip::Dnssd::DiscoveredNodeData & nodeData)
    1880              : {
    1881              : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1882              :     if (mUdcServer != nullptr)
    1883              :     {
    1884              :         mUdcServer->OnCommissionableNodeFound(nodeData);
    1885              :     }
    1886              : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
    1887            0 :     AbstractDnssdDiscoveryController::OnNodeDiscovered(nodeData);
    1888            0 :     mSetUpCodePairer.NotifyCommissionableDeviceDiscovered(nodeData);
    1889            0 : }
    1890              : 
    1891            0 : void DeviceCommissioner::OnBasicSuccess(void * context, const chip::app::DataModel::NullObjectType &)
    1892              : {
    1893            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1894            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    1895            0 : }
    1896              : 
    1897            0 : void DeviceCommissioner::OnBasicFailure(void * context, CHIP_ERROR error)
    1898              : {
    1899            0 :     ChipLogProgress(Controller, "Received failure response %s\n", chip::ErrorStr(error));
    1900            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    1901            0 :     commissioner->CommissioningStageComplete(error);
    1902            0 : }
    1903              : 
    1904            0 : static GeneralCommissioning::Commands::ArmFailSafe::Type DisarmFailsafeRequest()
    1905              : {
    1906            0 :     GeneralCommissioning::Commands::ArmFailSafe::Type request;
    1907            0 :     request.expiryLengthSeconds = 0; // Expire immediately.
    1908            0 :     request.breadcrumb          = 0;
    1909            0 :     return request;
    1910              : }
    1911              : 
    1912            0 : static void MarkForEviction(const Optional<SessionHandle> & session)
    1913              : {
    1914            0 :     if (session.HasValue())
    1915              :     {
    1916            0 :         session.Value()->AsSecureSession()->MarkForEviction();
    1917              :     }
    1918            0 : }
    1919              : 
    1920            0 : void DeviceCommissioner::CleanupCommissioning(DeviceProxy * proxy, NodeId nodeId, const CompletionStatus & completionStatus)
    1921              : {
    1922              :     // At this point, proxy == mDeviceBeingCommissioned, nodeId == mDeviceBeingCommissioned->GetDeviceId()
    1923              : 
    1924            0 :     mCommissioningCompletionStatus = completionStatus;
    1925              : 
    1926            0 :     if (completionStatus.err == CHIP_NO_ERROR)
    1927              :     {
    1928              :         // CommissioningStageComplete uses mDeviceBeingCommissioned, which can
    1929              :         // be commissionee if we are cleaning up before we've gone operational.  Normally
    1930              :         // that would not happen in this non-error case, _except_ if we were told to skip sending
    1931              :         // CommissioningComplete: in that case we do not have an operational DeviceProxy, so
    1932              :         // we're using our CommissioneeDeviceProxy to do a successful cleanup.
    1933              :         //
    1934              :         // This means we have to call CommissioningStageComplete() before we destroy commissionee.
    1935              :         //
    1936              :         // This should be safe, because CommissioningStageComplete() does not call CleanupCommissioning
    1937              :         // when called in the cleanup stage (which is where we are), and StopPairing does not directly release
    1938              :         // mDeviceBeingCommissioned.
    1939            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    1940              : 
    1941            0 :         CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    1942            0 :         if (commissionee != nullptr)
    1943              :         {
    1944            0 :             ReleaseCommissioneeDevice(commissionee);
    1945              :         }
    1946              :         // Send the callbacks, we're done.
    1947            0 :         SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    1948              :     }
    1949            0 :     else if (completionStatus.err == CHIP_ERROR_CANCELLED)
    1950              :     {
    1951              :         // If we're cleaning up because cancellation has been requested via StopPairing(), expire the failsafe
    1952              :         // in the background and reset our state synchronously, so a new commissioning attempt can be started.
    1953            0 :         CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    1954            0 :         SessionHolder session((commissionee == proxy) ? commissionee->DetachSecureSession().Value()
    1955            0 :                                                       : proxy->GetSecureSession().Value());
    1956              : 
    1957            0 :         auto request     = DisarmFailsafeRequest();
    1958            0 :         auto onSuccessCb = [session](const app::ConcreteCommandPath & aPath, const app::StatusIB & aStatus,
    1959              :                                      const decltype(request)::ResponseType & responseData) {
    1960            0 :             ChipLogProgress(Controller, "Failsafe disarmed");
    1961            0 :             MarkForEviction(session.Get());
    1962            0 :         };
    1963            0 :         auto onFailureCb = [session](CHIP_ERROR aError) {
    1964            0 :             ChipLogProgress(Controller, "Ignoring failure to disarm failsafe: %" CHIP_ERROR_FORMAT, aError.Format());
    1965            0 :             MarkForEviction(session.Get());
    1966            0 :         };
    1967              : 
    1968            0 :         ChipLogProgress(Controller, "Disarming failsafe on device %p in background", proxy);
    1969            0 :         CHIP_ERROR err = InvokeCommandRequest(proxy->GetExchangeManager(), session.Get().Value(), kRootEndpointId, request,
    1970              :                                               onSuccessCb, onFailureCb);
    1971            0 :         if (err != CHIP_NO_ERROR)
    1972              :         {
    1973            0 :             ChipLogError(Controller, "Failed to send command to disarm fail-safe: %" CHIP_ERROR_FORMAT, err.Format());
    1974              :         }
    1975              : 
    1976            0 :         CleanupDoneAfterError();
    1977            0 :     }
    1978            0 :     else if (completionStatus.failedStage.HasValue() && completionStatus.failedStage.Value() >= kWiFiNetworkSetup)
    1979              :     {
    1980              :         // If we were already doing network setup, we need to retain the pase session and start again from network setup stage.
    1981              :         // We do not need to reset the failsafe here because we want to keep everything on the device up to this point, so just
    1982              :         // send the completion callbacks (see "Commissioning Flows Error Handling" in the spec).
    1983            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    1984            0 :         SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    1985              :     }
    1986              :     else
    1987              :     {
    1988              :         // If we've failed somewhere in the early stages (or we don't have a failedStage specified), we need to start from the
    1989              :         // beginning. However, because some of the commands can only be sent once per arm-failsafe, we also need to force a reset on
    1990              :         // the failsafe so we can start fresh on the next attempt.
    1991            0 :         ChipLogProgress(Controller, "Disarming failsafe on device %p", proxy);
    1992            0 :         auto request   = DisarmFailsafeRequest();
    1993            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnDisarmFailsafe, OnDisarmFailsafeFailure, kRootEndpointId);
    1994            0 :         if (err != CHIP_NO_ERROR)
    1995              :         {
    1996              :             // We won't get any async callbacks here, so just pretend like the command errored out async.
    1997            0 :             ChipLogError(Controller, "Failed to send command to disarm fail-safe: %" CHIP_ERROR_FORMAT, err.Format());
    1998            0 :             CleanupDoneAfterError();
    1999              :         }
    2000              :     }
    2001            0 : }
    2002              : 
    2003            0 : void DeviceCommissioner::OnDisarmFailsafe(void * context,
    2004              :                                           const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2005              : {
    2006            0 :     ChipLogProgress(Controller, "Failsafe disarmed");
    2007            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2008            0 :     commissioner->CleanupDoneAfterError();
    2009            0 : }
    2010              : 
    2011            0 : void DeviceCommissioner::OnDisarmFailsafeFailure(void * context, CHIP_ERROR error)
    2012              : {
    2013            0 :     ChipLogProgress(Controller, "Ignoring failure to disarm failsafe: %" CHIP_ERROR_FORMAT, error.Format());
    2014            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2015            0 :     commissioner->CleanupDoneAfterError();
    2016            0 : }
    2017              : 
    2018            0 : void DeviceCommissioner::CleanupDoneAfterError()
    2019              : {
    2020              :     // If someone nulled out our mDeviceBeingCommissioned, there's nothing else
    2021              :     // to do here.
    2022            0 :     VerifyOrReturn(mDeviceBeingCommissioned != nullptr);
    2023              : 
    2024            0 :     NodeId nodeId = mDeviceBeingCommissioned->GetDeviceId();
    2025              : 
    2026              :     // Signal completion - this will reset mDeviceBeingCommissioned.
    2027            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2028              : 
    2029              :     // At this point, we also want to close off the pase session so we need to re-establish
    2030            0 :     CommissioneeDeviceProxy * commissionee = FindCommissioneeDevice(nodeId);
    2031              : 
    2032              :     // If we've disarmed the failsafe, it's because we're starting again, so kill the pase connection.
    2033            0 :     if (commissionee != nullptr)
    2034              :     {
    2035            0 :         ReleaseCommissioneeDevice(commissionee);
    2036              :     }
    2037              : 
    2038              :     // Invoke callbacks last, after we have cleared up all state.
    2039            0 :     SendCommissioningCompleteCallbacks(nodeId, mCommissioningCompletionStatus);
    2040              : }
    2041              : 
    2042            0 : void DeviceCommissioner::SendCommissioningCompleteCallbacks(NodeId nodeId, const CompletionStatus & completionStatus)
    2043              : {
    2044              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissionerCommission, completionStatus.err);
    2045              : 
    2046            0 :     ChipLogProgress(Controller, "Commissioning complete for node ID 0x" ChipLogFormatX64 ": %s", ChipLogValueX64(nodeId),
    2047              :                     (completionStatus.err == CHIP_NO_ERROR ? "success" : completionStatus.err.AsString()));
    2048            0 :     mCommissioningStage = CommissioningStage::kSecurePairing;
    2049              : 
    2050            0 :     if (mPairingDelegate == nullptr)
    2051              :     {
    2052            0 :         return;
    2053              :     }
    2054              : 
    2055            0 :     mPairingDelegate->OnCommissioningComplete(nodeId, completionStatus.err);
    2056            0 :     PeerId peerId(GetCompressedFabricId(), nodeId);
    2057            0 :     if (completionStatus.err == CHIP_NO_ERROR)
    2058              :     {
    2059            0 :         mPairingDelegate->OnCommissioningSuccess(peerId);
    2060              :     }
    2061              :     else
    2062              :     {
    2063              :         // TODO: We should propogate detailed error information (commissioningError, networkCommissioningStatus) from
    2064              :         // completionStatus.
    2065            0 :         mPairingDelegate->OnCommissioningFailure(peerId, completionStatus.err, completionStatus.failedStage.ValueOr(kError),
    2066            0 :                                                  completionStatus.attestationResult);
    2067              :     }
    2068              : }
    2069              : 
    2070            0 : void DeviceCommissioner::CommissioningStageComplete(CHIP_ERROR err, CommissioningDelegate::CommissioningReport report)
    2071              : {
    2072              :     // Once this stage is complete, reset mDeviceBeingCommissioned - this will be reset when the delegate calls the next step.
    2073              :     MATTER_TRACE_SCOPE("CommissioningStageComplete", "DeviceCommissioner");
    2074              :     MATTER_LOG_METRIC_END(MetricKeyForCommissioningStage(mCommissioningStage), err);
    2075            0 :     VerifyOrDie(mDeviceBeingCommissioned);
    2076              : 
    2077            0 :     NodeId nodeId            = mDeviceBeingCommissioned->GetDeviceId();
    2078            0 :     DeviceProxy * proxy      = mDeviceBeingCommissioned;
    2079            0 :     mDeviceBeingCommissioned = nullptr;
    2080            0 :     mInvokeCancelFn          = nullptr;
    2081            0 :     mWriteCancelFn           = nullptr;
    2082              : 
    2083            0 :     if (mPairingDelegate != nullptr)
    2084              :     {
    2085            0 :         mPairingDelegate->OnCommissioningStatusUpdate(PeerId(GetCompressedFabricId(), nodeId), mCommissioningStage, err);
    2086              :     }
    2087              : 
    2088            0 :     if (mCommissioningDelegate == nullptr)
    2089              :     {
    2090            0 :         return;
    2091              :     }
    2092            0 :     report.stageCompleted = mCommissioningStage;
    2093            0 :     CHIP_ERROR status     = mCommissioningDelegate->CommissioningStepFinished(err, report);
    2094            0 :     if (status != CHIP_NO_ERROR && mCommissioningStage != CommissioningStage::kCleanup)
    2095              :     {
    2096              :         // Commissioning delegate will only return error if it failed to perform the appropriate commissioning step.
    2097              :         // In this case, we should complete the commissioning for it.
    2098            0 :         CompletionStatus completionStatus;
    2099            0 :         completionStatus.err         = status;
    2100            0 :         completionStatus.failedStage = MakeOptional(report.stageCompleted);
    2101            0 :         mCommissioningStage          = CommissioningStage::kCleanup;
    2102            0 :         mDeviceBeingCommissioned     = proxy;
    2103            0 :         CleanupCommissioning(proxy, nodeId, completionStatus);
    2104              :     }
    2105              : }
    2106              : 
    2107            0 : void DeviceCommissioner::OnDeviceConnectedFn(void * context, Messaging::ExchangeManager & exchangeMgr,
    2108              :                                              const SessionHandle & sessionHandle)
    2109              : {
    2110              :     // CASE session established.
    2111              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissioningOperationalSetup, CHIP_NO_ERROR);
    2112            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2113            0 :     VerifyOrDie(commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForStayActive ||
    2114              :                 commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForCommissioningComplete);
    2115            0 :     VerifyOrDie(commissioner->mDeviceBeingCommissioned->GetDeviceId() == sessionHandle->GetPeer().GetNodeId());
    2116            0 :     commissioner->CancelCASECallbacks(); // ensure all CASE callbacks are unregistered
    2117              : 
    2118            0 :     CommissioningDelegate::CommissioningReport report;
    2119            0 :     report.Set<OperationalNodeFoundData>(OperationalNodeFoundData(OperationalDeviceProxy(&exchangeMgr, sessionHandle)));
    2120            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR, report);
    2121            0 : }
    2122              : 
    2123            0 : void DeviceCommissioner::OnDeviceConnectionFailureFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error)
    2124              : {
    2125              :     // CASE session establishment failed.
    2126              :     MATTER_LOG_METRIC_END(kMetricDeviceCommissioningOperationalSetup, error);
    2127            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2128            0 :     VerifyOrDie(commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForStayActive ||
    2129              :                 commissioner->mCommissioningStage == CommissioningStage::kFindOperationalForCommissioningComplete);
    2130            0 :     VerifyOrDie(commissioner->mDeviceBeingCommissioned->GetDeviceId() == peerId.GetNodeId());
    2131            0 :     commissioner->CancelCASECallbacks(); // ensure all CASE callbacks are unregistered
    2132              : 
    2133            0 :     if (error != CHIP_NO_ERROR)
    2134              :     {
    2135            0 :         ChipLogProgress(Controller, "Device connection failed. Error %" CHIP_ERROR_FORMAT, error.Format());
    2136              :     }
    2137              :     else
    2138              :     {
    2139              :         // Ensure that commissioning stage advancement is done based on seeing an error.
    2140            0 :         ChipLogError(Controller, "Device connection failed without a valid error code.");
    2141            0 :         error = CHIP_ERROR_INTERNAL;
    2142              :     }
    2143            0 :     commissioner->CommissioningStageComplete(error);
    2144            0 : }
    2145              : 
    2146              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    2147              : // No specific action to take on either success or failure here; we're just
    2148              : // trying to bump the fail-safe, and if that fails it's not clear there's much
    2149              : // we can to with that.
    2150            0 : static void OnExtendFailsafeForCASERetryFailure(void * context, CHIP_ERROR error)
    2151              : {
    2152            0 :     ChipLogError(Controller, "Failed to extend fail-safe for CASE retry: %" CHIP_ERROR_FORMAT, error.Format());
    2153            0 : }
    2154              : static void
    2155            0 : OnExtendFailsafeForCASERetrySuccess(void * context,
    2156              :                                     const app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2157              : {
    2158            0 :     ChipLogProgress(Controller, "Status of extending fail-safe for CASE retry: %u", to_underlying(data.errorCode));
    2159            0 : }
    2160              : 
    2161            0 : void DeviceCommissioner::OnDeviceConnectionRetryFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error,
    2162              :                                                    System::Clock::Seconds16 retryTimeout)
    2163              : {
    2164            0 :     ChipLogError(Controller,
    2165              :                  "Session establishment failed for " ChipLogFormatScopedNodeId ", error: %" CHIP_ERROR_FORMAT
    2166              :                  ".  Next retry expected to get a response to Sigma1 or fail within %d seconds",
    2167              :                  ChipLogValueScopedNodeId(peerId), error.Format(), retryTimeout.count());
    2168              : 
    2169            0 :     auto self = static_cast<DeviceCommissioner *>(context);
    2170            0 :     VerifyOrDie(self->GetCommissioningStage() == CommissioningStage::kFindOperationalForStayActive ||
    2171              :                 self->GetCommissioningStage() == CommissioningStage::kFindOperationalForCommissioningComplete);
    2172            0 :     VerifyOrDie(self->mDeviceBeingCommissioned->GetDeviceId() == peerId.GetNodeId());
    2173              : 
    2174              :     // We need to do the fail-safe arming over the PASE session.
    2175            0 :     auto * commissioneeDevice = self->FindCommissioneeDevice(peerId.GetNodeId());
    2176            0 :     if (!commissioneeDevice)
    2177              :     {
    2178              :         // Commissioning canceled, presumably.  Just ignore the notification,
    2179              :         // not much we can do here.
    2180            0 :         return;
    2181              :     }
    2182              : 
    2183              :     // Extend by the default failsafe timeout plus our retry timeout, so we can
    2184              :     // be sure the fail-safe will not expire before we try the next time, if
    2185              :     // there will be a next time.
    2186              :     //
    2187              :     // TODO: Make it possible for our clients to control the exact timeout here?
    2188              :     uint16_t failsafeTimeout;
    2189            0 :     if (UINT16_MAX - retryTimeout.count() < kDefaultFailsafeTimeout)
    2190              :     {
    2191            0 :         failsafeTimeout = UINT16_MAX;
    2192              :     }
    2193              :     else
    2194              :     {
    2195            0 :         failsafeTimeout = static_cast<uint16_t>(retryTimeout.count() + kDefaultFailsafeTimeout);
    2196              :     }
    2197              : 
    2198              :     // A false return is fine; we don't want to make the fail-safe shorter here.
    2199            0 :     self->ExtendArmFailSafeInternal(commissioneeDevice, self->GetCommissioningStage(), failsafeTimeout,
    2200            0 :                                     MakeOptional(kMinimumCommissioningStepTimeout), OnExtendFailsafeForCASERetrySuccess,
    2201              :                                     OnExtendFailsafeForCASERetryFailure, /* fireAndForget = */ true);
    2202              : }
    2203              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    2204              : 
    2205              : // ClusterStateCache::Callback / ReadClient::Callback
    2206            0 : void DeviceCommissioner::OnDone(app::ReadClient * readClient)
    2207              : {
    2208            0 :     VerifyOrDie(readClient != nullptr && readClient == mReadClient.get());
    2209            0 :     mReadClient.reset();
    2210            0 :     switch (mCommissioningStage)
    2211              :     {
    2212            0 :     case CommissioningStage::kReadCommissioningInfo:
    2213            0 :         ContinueReadingCommissioningInfo(mCommissioningDelegate->GetCommissioningParameters());
    2214            0 :         break;
    2215            0 :     default:
    2216            0 :         VerifyOrDie(false);
    2217              :         break;
    2218              :     }
    2219            0 : }
    2220              : 
    2221              : namespace {
    2222              : // Helper for grouping attribute paths into read interactions in ContinueReadingCommissioningInfo()
    2223              : // below. The logic generates a sequence of calls to AddAttributePath(), stopping when the capacity
    2224              : // of the builder is exceeded. When creating subsequent read requests, the same sequence of calls
    2225              : // is generated again, but the builder will skip however many attributes were already read in
    2226              : // previous requests. This makes it easy to have logic that conditionally reads attributes, without
    2227              : // needing to write manual code to work out where subsequent reads need to resume -- the logic that
    2228              : // decides which attributes to read simply needs to be repeatable / deterministic.
    2229              : class ReadInteractionBuilder
    2230              : {
    2231              :     static constexpr auto kCapacity = InteractionModelEngine::kMinSupportedPathsPerReadRequest;
    2232              : 
    2233              :     size_t mSkip  = 0;
    2234              :     size_t mCount = 0;
    2235              :     app::AttributePathParams mPaths[kCapacity];
    2236              : 
    2237              : public:
    2238            0 :     ReadInteractionBuilder(size_t skip = 0) : mSkip(skip) {}
    2239              : 
    2240            0 :     size_t size() { return std::min(mCount, kCapacity); }
    2241            0 :     bool exceeded() { return mCount > kCapacity; }
    2242            0 :     app::AttributePathParams * paths() { return mPaths; }
    2243              : 
    2244              :     // Adds an attribute path if within the current window.
    2245              :     // Returns false if the available space has been exceeded.
    2246              :     template <typename... Ts>
    2247            0 :     bool AddAttributePath(Ts &&... args)
    2248              :     {
    2249            0 :         if (mSkip > 0)
    2250              :         {
    2251            0 :             mSkip--;
    2252            0 :             return true;
    2253              :         }
    2254            0 :         if (mCount >= kCapacity)
    2255              :         {
    2256              :             // capacity exceeded
    2257            0 :             mCount = kCapacity + 1;
    2258            0 :             return false;
    2259              :         }
    2260            0 :         mPaths[mCount++] = app::AttributePathParams(std::forward<Ts>(args)...);
    2261            0 :         return true;
    2262              :     }
    2263              : };
    2264              : } // namespace
    2265              : 
    2266            0 : void DeviceCommissioner::ContinueReadingCommissioningInfo(const CommissioningParameters & params)
    2267              : {
    2268            0 :     VerifyOrDie(mCommissioningStage == CommissioningStage::kReadCommissioningInfo);
    2269              : 
    2270              :     // mReadCommissioningInfoProgress starts at 0 and counts the number of paths we have read.
    2271              :     // A marker value is used to indicate that there are no further attributes to read.
    2272              :     static constexpr auto kReadProgressNoFurtherAttributes = std::numeric_limits<decltype(mReadCommissioningInfoProgress)>::max();
    2273            0 :     if (mReadCommissioningInfoProgress == kReadProgressNoFurtherAttributes)
    2274              :     {
    2275            0 :         FinishReadingCommissioningInfo();
    2276            0 :         return;
    2277              :     }
    2278              : 
    2279              :     // We can ony read 9 paths per Read Interaction, since that is the minimum a server has to
    2280              :     // support per spec (see "Interaction Model Limits"), so we generally need to perform more
    2281              :     // that one interaction. To build the list of attributes for each interaction, we use a
    2282              :     // builder that skips adding paths that we already handled in a previous interaction, and
    2283              :     // returns false if the current request is exhausted. This construction avoids allocating
    2284              :     // memory to hold the complete list of attributes to read up front; however the logic to
    2285              :     // determine the attributes to include must be deterministic since it runs multiple times.
    2286              :     // The use of an immediately-invoked lambda is convenient for control flow.
    2287            0 :     ReadInteractionBuilder builder(mReadCommissioningInfoProgress);
    2288            0 :     [&]() -> void {
    2289              :         // General Commissioning
    2290            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2291              :                                                 Clusters::GeneralCommissioning::Attributes::SupportsConcurrentConnection::Id));
    2292            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2293              :                                                 Clusters::GeneralCommissioning::Attributes::Breadcrumb::Id));
    2294            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2295              :                                                 Clusters::GeneralCommissioning::Attributes::BasicCommissioningInfo::Id));
    2296            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2297              :                                                 Clusters::GeneralCommissioning::Attributes::RegulatoryConfig::Id));
    2298            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::GeneralCommissioning::Id,
    2299              :                                                 Clusters::GeneralCommissioning::Attributes::LocationCapability::Id));
    2300              : 
    2301              :         // Basic Information: VID and PID for device attestation purposes
    2302            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::BasicInformation::Id,
    2303              :                                                 Clusters::BasicInformation::Attributes::VendorID::Id));
    2304            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::BasicInformation::Id,
    2305              :                                                 Clusters::BasicInformation::Attributes::ProductID::Id));
    2306              : 
    2307              :         // Time Synchronization: all attributes
    2308            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::TimeSynchronization::Id));
    2309              : 
    2310              :         // Network Commissioning (all endpoints): Read the feature map and connect time
    2311              :         // TODO: Expose a flag that disables network setup so we don't need to read this
    2312            0 :         VerifyOrReturn(builder.AddAttributePath(Clusters::NetworkCommissioning::Id,
    2313              :                                                 Clusters::NetworkCommissioning::Attributes::FeatureMap::Id));
    2314            0 :         VerifyOrReturn(builder.AddAttributePath(Clusters::NetworkCommissioning::Id,
    2315              :                                                 Clusters::NetworkCommissioning::Attributes::ConnectMaxTimeSeconds::Id));
    2316              : 
    2317              :         // OperationalCredentials: existing fabrics, if necessary
    2318            0 :         if (params.GetCheckForMatchingFabric())
    2319              :         {
    2320            0 :             VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::OperationalCredentials::Id,
    2321              :                                                     Clusters::OperationalCredentials::Attributes::Fabrics::Id));
    2322              :         }
    2323              : 
    2324              :         // ICD Management
    2325            0 :         if (params.GetICDRegistrationStrategy() != ICDRegistrationStrategy::kIgnore)
    2326              :         {
    2327            0 :             VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2328              :                                                     Clusters::IcdManagement::Attributes::FeatureMap::Id));
    2329              :         }
    2330            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2331              :                                                 Clusters::IcdManagement::Attributes::UserActiveModeTriggerHint::Id));
    2332            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2333              :                                                 Clusters::IcdManagement::Attributes::UserActiveModeTriggerInstruction::Id));
    2334            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2335              :                                                 Clusters::IcdManagement::Attributes::IdleModeDuration::Id));
    2336            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2337              :                                                 Clusters::IcdManagement::Attributes::ActiveModeDuration::Id));
    2338            0 :         VerifyOrReturn(builder.AddAttributePath(kRootEndpointId, Clusters::IcdManagement::Id,
    2339              :                                                 Clusters::IcdManagement::Attributes::ActiveModeThreshold::Id));
    2340              : 
    2341              :         // Extra paths requested via CommissioningParameters
    2342            0 :         for (auto const & path : params.GetExtraReadPaths())
    2343              :         {
    2344            0 :             VerifyOrReturn(builder.AddAttributePath(path));
    2345              :         }
    2346            0 :     }();
    2347              : 
    2348            0 :     VerifyOrDie(builder.size() > 0); // our logic is broken if there is nothing to read
    2349            0 :     if (builder.exceeded())
    2350              :     {
    2351              :         // Keep track of the number of attributes we have read already so we can resume from there.
    2352            0 :         auto progress = mReadCommissioningInfoProgress + builder.size();
    2353            0 :         VerifyOrDie(progress < kReadProgressNoFurtherAttributes);
    2354            0 :         mReadCommissioningInfoProgress = static_cast<decltype(mReadCommissioningInfoProgress)>(progress);
    2355              :     }
    2356              :     else
    2357              :     {
    2358            0 :         mReadCommissioningInfoProgress = kReadProgressNoFurtherAttributes;
    2359              :     }
    2360              : 
    2361            0 :     SendCommissioningReadRequest(mDeviceBeingCommissioned, mCommissioningStepTimeout, builder.paths(), builder.size());
    2362              : }
    2363              : 
    2364              : namespace {
    2365            0 : void AccumulateErrors(CHIP_ERROR & acc, CHIP_ERROR err)
    2366              : {
    2367            0 :     if (acc == CHIP_NO_ERROR && err != CHIP_NO_ERROR)
    2368              :     {
    2369            0 :         acc = err;
    2370              :     }
    2371            0 : }
    2372              : } // namespace
    2373              : 
    2374            0 : void DeviceCommissioner::FinishReadingCommissioningInfo()
    2375              : {
    2376              :     // We want to parse as much information as possible, even if we eventually end
    2377              :     // up returning an error (e.g. because some mandatory information was missing).
    2378            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2379            0 :     ReadCommissioningInfo info;
    2380            0 :     info.attributes = mAttributeCache.get();
    2381            0 :     AccumulateErrors(err, ParseGeneralCommissioningInfo(info));
    2382            0 :     AccumulateErrors(err, ParseBasicInformation(info));
    2383            0 :     AccumulateErrors(err, ParseNetworkCommissioningInfo(info));
    2384            0 :     AccumulateErrors(err, ParseTimeSyncInfo(info));
    2385            0 :     AccumulateErrors(err, ParseFabrics(info));
    2386            0 :     AccumulateErrors(err, ParseICDInfo(info));
    2387              : 
    2388            0 :     if (mPairingDelegate != nullptr && err == CHIP_NO_ERROR)
    2389              :     {
    2390            0 :         mPairingDelegate->OnReadCommissioningInfo(info);
    2391              :     }
    2392              : 
    2393            0 :     CommissioningDelegate::CommissioningReport report;
    2394            0 :     report.Set<ReadCommissioningInfo>(info);
    2395            0 :     CommissioningStageComplete(err, report);
    2396              : 
    2397              :     // Only release the attribute cache once `info` is no longer needed.
    2398            0 :     mAttributeCache.reset();
    2399            0 : }
    2400              : 
    2401            0 : CHIP_ERROR DeviceCommissioner::ParseGeneralCommissioningInfo(ReadCommissioningInfo & info)
    2402              : {
    2403              :     using namespace GeneralCommissioning::Attributes;
    2404            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2405              :     CHIP_ERROR err;
    2406              : 
    2407            0 :     BasicCommissioningInfo::TypeInfo::DecodableType basicInfo;
    2408            0 :     err = mAttributeCache->Get<BasicCommissioningInfo::TypeInfo>(kRootEndpointId, basicInfo);
    2409            0 :     if (err == CHIP_NO_ERROR)
    2410              :     {
    2411            0 :         info.general.recommendedFailsafe = basicInfo.failSafeExpiryLengthSeconds;
    2412              :     }
    2413              :     else
    2414              :     {
    2415            0 :         ChipLogError(Controller, "Failed to read BasicCommissioningInfo: %" CHIP_ERROR_FORMAT, err.Format());
    2416            0 :         return_err = err;
    2417              :     }
    2418              : 
    2419            0 :     err = mAttributeCache->Get<RegulatoryConfig::TypeInfo>(kRootEndpointId, info.general.currentRegulatoryLocation);
    2420            0 :     if (err != CHIP_NO_ERROR)
    2421              :     {
    2422            0 :         ChipLogError(Controller, "Failed to read RegulatoryConfig: %" CHIP_ERROR_FORMAT, err.Format());
    2423            0 :         return_err = err;
    2424              :     }
    2425              : 
    2426            0 :     err = mAttributeCache->Get<LocationCapability::TypeInfo>(kRootEndpointId, info.general.locationCapability);
    2427            0 :     if (err != CHIP_NO_ERROR)
    2428              :     {
    2429            0 :         ChipLogError(Controller, "Failed to read LocationCapability: %" CHIP_ERROR_FORMAT, err.Format());
    2430            0 :         return_err = err;
    2431              :     }
    2432              : 
    2433            0 :     err = mAttributeCache->Get<Breadcrumb::TypeInfo>(kRootEndpointId, info.general.breadcrumb);
    2434            0 :     if (err != CHIP_NO_ERROR)
    2435              :     {
    2436            0 :         ChipLogError(Controller, "Failed to read Breadcrumb: %" CHIP_ERROR_FORMAT, err.Format());
    2437            0 :         return_err = err;
    2438              :     }
    2439              : 
    2440            0 :     err = mAttributeCache->Get<SupportsConcurrentConnection::TypeInfo>(kRootEndpointId, info.supportsConcurrentConnection);
    2441            0 :     if (err != CHIP_NO_ERROR)
    2442              :     {
    2443            0 :         ChipLogError(Controller, "Ignoring failure to read SupportsConcurrentConnection: %" CHIP_ERROR_FORMAT, err.Format());
    2444            0 :         info.supportsConcurrentConnection = true; // default to true (concurrent), not a fatal error
    2445              :     }
    2446              : 
    2447            0 :     return return_err;
    2448              : }
    2449              : 
    2450            0 : CHIP_ERROR DeviceCommissioner::ParseBasicInformation(ReadCommissioningInfo & info)
    2451              : {
    2452              :     using namespace BasicInformation::Attributes;
    2453            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2454              :     CHIP_ERROR err;
    2455              : 
    2456            0 :     err = mAttributeCache->Get<VendorID::TypeInfo>(kRootEndpointId, info.basic.vendorId);
    2457            0 :     if (err != CHIP_NO_ERROR)
    2458              :     {
    2459            0 :         ChipLogError(Controller, "Failed to read VendorID: %" CHIP_ERROR_FORMAT, err.Format());
    2460            0 :         return_err = err;
    2461              :     }
    2462              : 
    2463            0 :     err = mAttributeCache->Get<ProductID::TypeInfo>(kRootEndpointId, info.basic.productId);
    2464            0 :     if (err != CHIP_NO_ERROR)
    2465              :     {
    2466            0 :         ChipLogError(Controller, "Failed to read ProductID: %" CHIP_ERROR_FORMAT, err.Format());
    2467            0 :         return_err = err;
    2468              :     }
    2469              : 
    2470            0 :     return return_err;
    2471              : }
    2472              : 
    2473            0 : CHIP_ERROR DeviceCommissioner::ParseNetworkCommissioningInfo(ReadCommissioningInfo & info)
    2474              : {
    2475              :     using namespace NetworkCommissioning::Attributes;
    2476            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2477              :     CHIP_ERROR err;
    2478              : 
    2479              :     // Set the network cluster endpoints first so we can match up the connection
    2480              :     // times. Note that here we don't know what endpoints the network
    2481              :     // commissioning clusters might be on.
    2482            0 :     err = mAttributeCache->ForEachAttribute(NetworkCommissioning::Id, [this, &info](const ConcreteAttributePath & path) {
    2483            0 :         VerifyOrReturnError(path.mAttributeId == FeatureMap::Id, CHIP_NO_ERROR);
    2484            0 :         BitFlags<NetworkCommissioning::Feature> features;
    2485            0 :         if (mAttributeCache->Get<FeatureMap::TypeInfo>(path, *features.RawStorage()) == CHIP_NO_ERROR)
    2486              :         {
    2487            0 :             if (features.Has(NetworkCommissioning::Feature::kWiFiNetworkInterface))
    2488              :             {
    2489            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has WiFi. endpointid = %u", path.mEndpointId);
    2490            0 :                 info.network.wifi.endpoint = path.mEndpointId;
    2491              :             }
    2492            0 :             else if (features.Has(NetworkCommissioning::Feature::kThreadNetworkInterface))
    2493              :             {
    2494            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has Thread. endpointid = %u", path.mEndpointId);
    2495            0 :                 info.network.thread.endpoint = path.mEndpointId;
    2496              :             }
    2497            0 :             else if (features.Has(NetworkCommissioning::Feature::kEthernetNetworkInterface))
    2498              :             {
    2499            0 :                 ChipLogProgress(Controller, "NetworkCommissioning Features: has Ethernet. endpointid = %u", path.mEndpointId);
    2500            0 :                 info.network.eth.endpoint = path.mEndpointId;
    2501              :             }
    2502              :         }
    2503            0 :         return CHIP_NO_ERROR;
    2504              :     });
    2505            0 :     AccumulateErrors(return_err, err);
    2506              : 
    2507            0 :     if (info.network.thread.endpoint != kInvalidEndpointId)
    2508              :     {
    2509            0 :         err = mAttributeCache->Get<ConnectMaxTimeSeconds::TypeInfo>(info.network.thread.endpoint,
    2510            0 :                                                                     info.network.thread.minConnectionTime);
    2511            0 :         if (err != CHIP_NO_ERROR)
    2512              :         {
    2513            0 :             ChipLogError(Controller, "Failed to read Thread ConnectMaxTimeSeconds (endpoint %u): %" CHIP_ERROR_FORMAT,
    2514              :                          info.network.thread.endpoint, err.Format());
    2515            0 :             return_err = err;
    2516              :         }
    2517              :     }
    2518              : 
    2519            0 :     if (info.network.wifi.endpoint != kInvalidEndpointId)
    2520              :     {
    2521            0 :         err =
    2522            0 :             mAttributeCache->Get<ConnectMaxTimeSeconds::TypeInfo>(info.network.wifi.endpoint, info.network.wifi.minConnectionTime);
    2523            0 :         if (err != CHIP_NO_ERROR)
    2524              :         {
    2525            0 :             ChipLogError(Controller, "Failed to read Wi-Fi ConnectMaxTimeSeconds (endpoint %u): %" CHIP_ERROR_FORMAT,
    2526              :                          info.network.wifi.endpoint, err.Format());
    2527            0 :             return_err = err;
    2528              :         }
    2529              :     }
    2530              : 
    2531            0 :     if (return_err != CHIP_NO_ERROR)
    2532              :     {
    2533            0 :         ChipLogError(Controller, "Failed to parsing Network Commissioning information: %" CHIP_ERROR_FORMAT, return_err.Format());
    2534              :     }
    2535            0 :     return return_err;
    2536              : }
    2537              : 
    2538            0 : CHIP_ERROR DeviceCommissioner::ParseTimeSyncInfo(ReadCommissioningInfo & info)
    2539              : {
    2540              :     using namespace TimeSynchronization::Attributes;
    2541              :     CHIP_ERROR err;
    2542              : 
    2543              :     // If we fail to get the feature map, there's no viable time cluster, don't set anything.
    2544            0 :     BitFlags<TimeSynchronization::Feature> featureMap;
    2545            0 :     err = mAttributeCache->Get<FeatureMap::TypeInfo>(kRootEndpointId, *featureMap.RawStorage());
    2546            0 :     if (err != CHIP_NO_ERROR)
    2547              :     {
    2548            0 :         info.requiresUTC               = false;
    2549            0 :         info.requiresTimeZone          = false;
    2550            0 :         info.requiresDefaultNTP        = false;
    2551            0 :         info.requiresTrustedTimeSource = false;
    2552            0 :         return CHIP_NO_ERROR;
    2553              :     }
    2554            0 :     info.requiresUTC               = true;
    2555            0 :     info.requiresTimeZone          = featureMap.Has(TimeSynchronization::Feature::kTimeZone);
    2556            0 :     info.requiresDefaultNTP        = featureMap.Has(TimeSynchronization::Feature::kNTPClient);
    2557            0 :     info.requiresTrustedTimeSource = featureMap.Has(TimeSynchronization::Feature::kTimeSyncClient);
    2558              : 
    2559            0 :     if (info.requiresTimeZone)
    2560              :     {
    2561            0 :         err = mAttributeCache->Get<TimeZoneListMaxSize::TypeInfo>(kRootEndpointId, info.maxTimeZoneSize);
    2562            0 :         if (err != CHIP_NO_ERROR)
    2563              :         {
    2564              :             // This information should be available, let's do our best with what we have, but we can't set
    2565              :             // the time zone without this information
    2566            0 :             info.requiresTimeZone = false;
    2567              :         }
    2568            0 :         err = mAttributeCache->Get<DSTOffsetListMaxSize::TypeInfo>(kRootEndpointId, info.maxDSTSize);
    2569            0 :         if (err != CHIP_NO_ERROR)
    2570              :         {
    2571            0 :             info.requiresTimeZone = false;
    2572              :         }
    2573              :     }
    2574            0 :     if (info.requiresDefaultNTP)
    2575              :     {
    2576            0 :         DefaultNTP::TypeInfo::DecodableType defaultNTP;
    2577            0 :         err = mAttributeCache->Get<DefaultNTP::TypeInfo>(kRootEndpointId, defaultNTP);
    2578            0 :         if (err == CHIP_NO_ERROR && (!defaultNTP.IsNull()) && (defaultNTP.Value().size() != 0))
    2579              :         {
    2580            0 :             info.requiresDefaultNTP = false;
    2581              :         }
    2582              :     }
    2583            0 :     if (info.requiresTrustedTimeSource)
    2584              :     {
    2585            0 :         TrustedTimeSource::TypeInfo::DecodableType trustedTimeSource;
    2586            0 :         err = mAttributeCache->Get<TrustedTimeSource::TypeInfo>(kRootEndpointId, trustedTimeSource);
    2587            0 :         if (err == CHIP_NO_ERROR && !trustedTimeSource.IsNull())
    2588              :         {
    2589            0 :             info.requiresTrustedTimeSource = false;
    2590              :         }
    2591              :     }
    2592              : 
    2593            0 :     return CHIP_NO_ERROR;
    2594              : }
    2595              : 
    2596            0 : CHIP_ERROR DeviceCommissioner::ParseFabrics(ReadCommissioningInfo & info)
    2597              : {
    2598              :     using namespace OperationalCredentials::Attributes;
    2599              :     CHIP_ERROR err;
    2600            0 :     CHIP_ERROR return_err = CHIP_NO_ERROR;
    2601              : 
    2602              :     // We might not have requested a Fabrics attribute at all, so not having a
    2603              :     // value for it is not an error.
    2604            0 :     err = mAttributeCache->ForEachAttribute(OperationalCredentials::Id, [this, &info](const ConcreteAttributePath & path) {
    2605              :         using namespace chip::app::Clusters::OperationalCredentials::Attributes;
    2606              :         // this code is checking if the device is already on the commissioner's fabric.
    2607              :         // if a matching fabric is found, then remember the nodeId so that the commissioner
    2608              :         // can, if it decides to, cancel commissioning (before it fails in AddNoc) and know
    2609              :         // the device's nodeId on its fabric.
    2610            0 :         switch (path.mAttributeId)
    2611              :         {
    2612            0 :         case Fabrics::Id: {
    2613            0 :             Fabrics::TypeInfo::DecodableType fabrics;
    2614            0 :             ReturnErrorOnFailure(this->mAttributeCache->Get<Fabrics::TypeInfo>(path, fabrics));
    2615              :             // this is a best effort attempt to find a matching fabric, so no error checking on iter
    2616            0 :             auto iter = fabrics.begin();
    2617            0 :             while (iter.Next())
    2618              :             {
    2619            0 :                 auto & fabricDescriptor = iter.GetValue();
    2620            0 :                 ChipLogProgress(Controller,
    2621              :                                 "DeviceCommissioner::OnDone - fabric.vendorId=0x%04X fabric.fabricId=0x" ChipLogFormatX64
    2622              :                                 " fabric.nodeId=0x" ChipLogFormatX64,
    2623              :                                 fabricDescriptor.vendorID, ChipLogValueX64(fabricDescriptor.fabricID),
    2624              :                                 ChipLogValueX64(fabricDescriptor.nodeID));
    2625            0 :                 if (GetFabricId() == fabricDescriptor.fabricID)
    2626              :                 {
    2627            0 :                     ChipLogProgress(Controller, "DeviceCommissioner::OnDone - found a matching fabric id");
    2628            0 :                     chip::ByteSpan rootKeySpan = fabricDescriptor.rootPublicKey;
    2629            0 :                     if (rootKeySpan.size() != Crypto::kP256_PublicKey_Length)
    2630              :                     {
    2631            0 :                         ChipLogError(Controller, "DeviceCommissioner::OnDone - fabric root key size mismatch %u != %u",
    2632              :                                      static_cast<unsigned>(rootKeySpan.size()),
    2633              :                                      static_cast<unsigned>(Crypto::kP256_PublicKey_Length));
    2634            0 :                         continue;
    2635              :                     }
    2636            0 :                     P256PublicKeySpan rootPubKeySpan(rootKeySpan.data());
    2637            0 :                     Crypto::P256PublicKey deviceRootPublicKey(rootPubKeySpan);
    2638              : 
    2639            0 :                     Crypto::P256PublicKey commissionerRootPublicKey;
    2640            0 :                     if (CHIP_NO_ERROR != GetRootPublicKey(commissionerRootPublicKey))
    2641              :                     {
    2642            0 :                         ChipLogError(Controller, "DeviceCommissioner::OnDone - error reading commissioner root public key");
    2643              :                     }
    2644            0 :                     else if (commissionerRootPublicKey.Matches(deviceRootPublicKey))
    2645              :                     {
    2646            0 :                         ChipLogProgress(Controller, "DeviceCommissioner::OnDone - fabric root keys match");
    2647            0 :                         info.remoteNodeId = fabricDescriptor.nodeID;
    2648              :                     }
    2649            0 :                 }
    2650              :             }
    2651              : 
    2652            0 :             return CHIP_NO_ERROR;
    2653              :         }
    2654            0 :         default:
    2655            0 :             return CHIP_NO_ERROR;
    2656              :         }
    2657              :     });
    2658              : 
    2659            0 :     if (mPairingDelegate != nullptr)
    2660              :     {
    2661            0 :         mPairingDelegate->OnFabricCheck(info.remoteNodeId);
    2662              :     }
    2663              : 
    2664            0 :     return return_err;
    2665              : }
    2666              : 
    2667            0 : CHIP_ERROR DeviceCommissioner::ParseICDInfo(ReadCommissioningInfo & info)
    2668              : {
    2669              :     using namespace IcdManagement::Attributes;
    2670              :     CHIP_ERROR err;
    2671              : 
    2672            0 :     bool hasUserActiveModeTrigger = false;
    2673            0 :     bool isICD                    = false;
    2674              : 
    2675            0 :     BitFlags<IcdManagement::Feature> featureMap;
    2676            0 :     err = mAttributeCache->Get<FeatureMap::TypeInfo>(kRootEndpointId, *featureMap.RawStorage());
    2677            0 :     if (err == CHIP_NO_ERROR)
    2678              :     {
    2679            0 :         info.icd.isLIT                  = featureMap.Has(IcdManagement::Feature::kLongIdleTimeSupport);
    2680            0 :         info.icd.checkInProtocolSupport = featureMap.Has(IcdManagement::Feature::kCheckInProtocolSupport);
    2681            0 :         hasUserActiveModeTrigger        = featureMap.Has(IcdManagement::Feature::kUserActiveModeTrigger);
    2682            0 :         isICD                           = true;
    2683              :     }
    2684            0 :     else if (err == CHIP_ERROR_KEY_NOT_FOUND)
    2685              :     {
    2686              :         // This key is optional so not an error
    2687            0 :         info.icd.isLIT = false;
    2688            0 :         err            = CHIP_NO_ERROR;
    2689              :     }
    2690            0 :     else if (err == CHIP_ERROR_IM_STATUS_CODE_RECEIVED)
    2691              :     {
    2692            0 :         app::StatusIB statusIB;
    2693            0 :         err = mAttributeCache->GetStatus(app::ConcreteAttributePath(kRootEndpointId, IcdManagement::Id, FeatureMap::Id), statusIB);
    2694            0 :         if (err == CHIP_NO_ERROR)
    2695              :         {
    2696            0 :             if (statusIB.mStatus == Protocols::InteractionModel::Status::UnsupportedCluster)
    2697              :             {
    2698            0 :                 info.icd.isLIT = false;
    2699              :             }
    2700              :             else
    2701              :             {
    2702            0 :                 err = statusIB.ToChipError();
    2703              :             }
    2704              :         }
    2705              :     }
    2706              : 
    2707            0 :     ReturnErrorOnFailure(err);
    2708              : 
    2709            0 :     info.icd.userActiveModeTriggerHint.ClearAll();
    2710            0 :     info.icd.userActiveModeTriggerInstruction = CharSpan();
    2711              : 
    2712            0 :     if (hasUserActiveModeTrigger)
    2713              :     {
    2714              :         // Intentionally ignore errors since they are not mandatory.
    2715            0 :         bool activeModeTriggerInstructionRequired = false;
    2716              : 
    2717            0 :         err = mAttributeCache->Get<UserActiveModeTriggerHint::TypeInfo>(kRootEndpointId, info.icd.userActiveModeTriggerHint);
    2718            0 :         if (err != CHIP_NO_ERROR)
    2719              :         {
    2720            0 :             ChipLogError(Controller, "IcdManagement.UserActiveModeTriggerHint expected, but failed to read.");
    2721            0 :             return err;
    2722              :         }
    2723              : 
    2724              :         using IcdManagement::UserActiveModeTriggerBitmap;
    2725            0 :         activeModeTriggerInstructionRequired = info.icd.userActiveModeTriggerHint.HasAny(
    2726            0 :             UserActiveModeTriggerBitmap::kCustomInstruction, UserActiveModeTriggerBitmap::kActuateSensorSeconds,
    2727            0 :             UserActiveModeTriggerBitmap::kActuateSensorTimes, UserActiveModeTriggerBitmap::kActuateSensorLightsBlink,
    2728            0 :             UserActiveModeTriggerBitmap::kResetButtonLightsBlink, UserActiveModeTriggerBitmap::kResetButtonSeconds,
    2729            0 :             UserActiveModeTriggerBitmap::kResetButtonTimes, UserActiveModeTriggerBitmap::kSetupButtonSeconds,
    2730            0 :             UserActiveModeTriggerBitmap::kSetupButtonTimes, UserActiveModeTriggerBitmap::kSetupButtonTimes,
    2731            0 :             UserActiveModeTriggerBitmap::kAppDefinedButton);
    2732              : 
    2733            0 :         if (activeModeTriggerInstructionRequired)
    2734              :         {
    2735            0 :             err = mAttributeCache->Get<UserActiveModeTriggerInstruction::TypeInfo>(kRootEndpointId,
    2736            0 :                                                                                    info.icd.userActiveModeTriggerInstruction);
    2737            0 :             if (err != CHIP_NO_ERROR)
    2738              :             {
    2739            0 :                 ChipLogError(Controller,
    2740              :                              "IcdManagement.UserActiveModeTriggerInstruction expected for given active mode trigger hint, but "
    2741              :                              "failed to read.");
    2742            0 :                 return err;
    2743              :             }
    2744              :         }
    2745              :     }
    2746              : 
    2747            0 :     if (!isICD)
    2748              :     {
    2749            0 :         info.icd.idleModeDuration    = 0;
    2750            0 :         info.icd.activeModeDuration  = 0;
    2751            0 :         info.icd.activeModeThreshold = 0;
    2752            0 :         return CHIP_NO_ERROR;
    2753              :     }
    2754              : 
    2755            0 :     err = mAttributeCache->Get<IdleModeDuration::TypeInfo>(kRootEndpointId, info.icd.idleModeDuration);
    2756            0 :     if (err != CHIP_NO_ERROR)
    2757              :     {
    2758            0 :         ChipLogError(Controller, "IcdManagement.IdleModeDuration expected, but failed to read: %" CHIP_ERROR_FORMAT, err.Format());
    2759            0 :         return err;
    2760              :     }
    2761              : 
    2762            0 :     err = mAttributeCache->Get<ActiveModeDuration::TypeInfo>(kRootEndpointId, info.icd.activeModeDuration);
    2763            0 :     if (err != CHIP_NO_ERROR)
    2764              :     {
    2765            0 :         ChipLogError(Controller, "IcdManagement.ActiveModeDuration expected, but failed to read: %" CHIP_ERROR_FORMAT,
    2766              :                      err.Format());
    2767            0 :         return err;
    2768              :     }
    2769              : 
    2770            0 :     err = mAttributeCache->Get<ActiveModeThreshold::TypeInfo>(kRootEndpointId, info.icd.activeModeThreshold);
    2771            0 :     if (err != CHIP_NO_ERROR)
    2772              :     {
    2773            0 :         ChipLogError(Controller, "IcdManagement.ActiveModeThreshold expected, but failed to read: %" CHIP_ERROR_FORMAT,
    2774              :                      err.Format());
    2775              :     }
    2776              : 
    2777            0 :     return err;
    2778              : }
    2779              : 
    2780            0 : void DeviceCommissioner::OnArmFailSafe(void * context,
    2781              :                                        const GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data)
    2782              : {
    2783            0 :     CommissioningDelegate::CommissioningReport report;
    2784            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2785              : 
    2786            0 :     ChipLogProgress(Controller, "Received ArmFailSafe response errorCode=%u", to_underlying(data.errorCode));
    2787            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2788              :     {
    2789            0 :         err = CHIP_ERROR_INTERNAL;
    2790            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2791              :     }
    2792              : 
    2793            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2794            0 :     commissioner->CommissioningStageComplete(err, report);
    2795            0 : }
    2796              : 
    2797            0 : void DeviceCommissioner::OnSetRegulatoryConfigResponse(
    2798              :     void * context, const GeneralCommissioning::Commands::SetRegulatoryConfigResponse::DecodableType & data)
    2799              : {
    2800            0 :     CommissioningDelegate::CommissioningReport report;
    2801            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2802              : 
    2803            0 :     ChipLogProgress(Controller, "Received SetRegulatoryConfig response errorCode=%u", to_underlying(data.errorCode));
    2804            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2805              :     {
    2806            0 :         err = CHIP_ERROR_INTERNAL;
    2807            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2808              :     }
    2809            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2810            0 :     commissioner->CommissioningStageComplete(err, report);
    2811            0 : }
    2812              : 
    2813            0 : void DeviceCommissioner::OnSetTCAcknowledgementsResponse(
    2814              :     void * context, const GeneralCommissioning::Commands::SetTCAcknowledgementsResponse::DecodableType & data)
    2815              : {
    2816            0 :     CommissioningDelegate::CommissioningReport report;
    2817            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2818              : 
    2819            0 :     ChipLogProgress(Controller, "Received SetTCAcknowledgements response errorCode=%u", to_underlying(data.errorCode));
    2820            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2821              :     {
    2822            0 :         err = CHIP_ERROR_INTERNAL;
    2823            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2824              :     }
    2825            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2826            0 :     commissioner->CommissioningStageComplete(err, report);
    2827            0 : }
    2828              : 
    2829            0 : void DeviceCommissioner::OnSetTimeZoneResponse(void * context,
    2830              :                                                const TimeSynchronization::Commands::SetTimeZoneResponse::DecodableType & data)
    2831              : {
    2832            0 :     CommissioningDelegate::CommissioningReport report;
    2833            0 :     CHIP_ERROR err                    = CHIP_NO_ERROR;
    2834            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2835              :     TimeZoneResponseInfo info;
    2836            0 :     info.requiresDSTOffsets = data.DSTOffsetRequired;
    2837            0 :     report.Set<TimeZoneResponseInfo>(info);
    2838            0 :     commissioner->CommissioningStageComplete(err, report);
    2839            0 : }
    2840              : 
    2841            0 : void DeviceCommissioner::OnSetUTCError(void * context, CHIP_ERROR error)
    2842              : {
    2843              :     // For SetUTCTime, we don't actually care if the commissionee didn't want out time, that's its choice
    2844            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2845            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2846            0 : }
    2847              : 
    2848            0 : void DeviceCommissioner::OnScanNetworksFailure(void * context, CHIP_ERROR error)
    2849              : {
    2850            0 :     ChipLogProgress(Controller, "Received ScanNetworks failure response %" CHIP_ERROR_FORMAT, error.Format());
    2851              : 
    2852            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2853              : 
    2854              :     // advance to the kNeedsNetworkCreds waiting step
    2855              :     // clear error so that we don't abort the commissioning when ScanNetworks fails
    2856            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2857              : 
    2858            0 :     if (commissioner->GetPairingDelegate() != nullptr)
    2859              :     {
    2860            0 :         commissioner->GetPairingDelegate()->OnScanNetworksFailure(error);
    2861              :     }
    2862            0 : }
    2863              : 
    2864            0 : void DeviceCommissioner::OnScanNetworksResponse(void * context,
    2865              :                                                 const NetworkCommissioning::Commands::ScanNetworksResponse::DecodableType & data)
    2866              : {
    2867            0 :     CommissioningDelegate::CommissioningReport report;
    2868              : 
    2869            0 :     ChipLogProgress(Controller, "Received ScanNetwork response, networkingStatus=%u debugText=%s",
    2870              :                     to_underlying(data.networkingStatus),
    2871              :                     (data.debugText.HasValue() ? std::string(data.debugText.Value().data(), data.debugText.Value().size()).c_str()
    2872              :                                                : "none provided"));
    2873            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2874              : 
    2875              :     // advance to the kNeedsNetworkCreds waiting step
    2876            0 :     commissioner->CommissioningStageComplete(CHIP_NO_ERROR);
    2877              : 
    2878            0 :     if (commissioner->GetPairingDelegate() != nullptr)
    2879              :     {
    2880            0 :         commissioner->GetPairingDelegate()->OnScanNetworksSuccess(data);
    2881              :     }
    2882            0 : }
    2883              : 
    2884            0 : CHIP_ERROR DeviceCommissioner::NetworkCredentialsReady()
    2885              : {
    2886            0 :     VerifyOrReturnError(mCommissioningStage == CommissioningStage::kNeedsNetworkCreds, CHIP_ERROR_INCORRECT_STATE);
    2887              : 
    2888              :     // need to advance to next step
    2889            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2890              : 
    2891            0 :     return CHIP_NO_ERROR;
    2892              : }
    2893              : 
    2894            0 : CHIP_ERROR DeviceCommissioner::ICDRegistrationInfoReady()
    2895              : {
    2896            0 :     VerifyOrReturnError(mCommissioningStage == CommissioningStage::kICDGetRegistrationInfo, CHIP_ERROR_INCORRECT_STATE);
    2897              : 
    2898              :     // need to advance to next step
    2899            0 :     CommissioningStageComplete(CHIP_NO_ERROR);
    2900              : 
    2901            0 :     return CHIP_NO_ERROR;
    2902              : }
    2903              : 
    2904            0 : void DeviceCommissioner::OnNetworkConfigResponse(void * context,
    2905              :                                                  const NetworkCommissioning::Commands::NetworkConfigResponse::DecodableType & data)
    2906              : {
    2907            0 :     CommissioningDelegate::CommissioningReport report;
    2908            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2909              : 
    2910            0 :     ChipLogProgress(Controller, "Received NetworkConfig response, networkingStatus=%u", to_underlying(data.networkingStatus));
    2911            0 :     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
    2912              :     {
    2913            0 :         err = CHIP_ERROR_INTERNAL;
    2914            0 :         report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
    2915              :     }
    2916            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2917            0 :     commissioner->CommissioningStageComplete(err, report);
    2918            0 : }
    2919              : 
    2920            0 : void DeviceCommissioner::OnConnectNetworkResponse(
    2921              :     void * context, const NetworkCommissioning::Commands::ConnectNetworkResponse::DecodableType & data)
    2922              : {
    2923            0 :     CommissioningDelegate::CommissioningReport report;
    2924            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2925              : 
    2926            0 :     ChipLogProgress(Controller, "Received ConnectNetwork response, networkingStatus=%u", to_underlying(data.networkingStatus));
    2927            0 :     if (data.networkingStatus != NetworkCommissioning::NetworkCommissioningStatusEnum::kSuccess)
    2928              :     {
    2929            0 :         err = CHIP_ERROR_INTERNAL;
    2930            0 :         report.Set<NetworkCommissioningStatusInfo>(data.networkingStatus);
    2931              :     }
    2932            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2933            0 :     commissioner->CommissioningStageComplete(err, report);
    2934            0 : }
    2935              : 
    2936            0 : void DeviceCommissioner::OnCommissioningCompleteResponse(
    2937              :     void * context, const GeneralCommissioning::Commands::CommissioningCompleteResponse::DecodableType & data)
    2938              : {
    2939            0 :     CommissioningDelegate::CommissioningReport report;
    2940            0 :     CHIP_ERROR err = CHIP_NO_ERROR;
    2941              : 
    2942            0 :     ChipLogProgress(Controller, "Received CommissioningComplete response, errorCode=%u", to_underlying(data.errorCode));
    2943            0 :     if (data.errorCode != GeneralCommissioning::CommissioningErrorEnum::kOk)
    2944              :     {
    2945            0 :         err = CHIP_ERROR_INTERNAL;
    2946            0 :         report.Set<CommissioningErrorInfo>(data.errorCode);
    2947              :     }
    2948            0 :     DeviceCommissioner * commissioner = static_cast<DeviceCommissioner *>(context);
    2949            0 :     commissioner->CommissioningStageComplete(err, report);
    2950            0 : }
    2951              : 
    2952              : template <typename RequestObjectT>
    2953              : CHIP_ERROR
    2954            0 : DeviceCommissioner::SendCommissioningCommand(DeviceProxy * device, const RequestObjectT & request,
    2955              :                                              CommandResponseSuccessCallback<typename RequestObjectT::ResponseType> successCb,
    2956              :                                              CommandResponseFailureCallback failureCb, EndpointId endpoint,
    2957              :                                              Optional<System::Clock::Timeout> timeout, bool fireAndForget)
    2958              : 
    2959              : {
    2960              :     // Default behavior is to make sequential, cancellable calls tracked via mInvokeCancelFn.
    2961              :     // Fire-and-forget calls are not cancellable and don't receive `this` as context in callbacks.
    2962            0 :     VerifyOrDie(fireAndForget || !mInvokeCancelFn); // we don't make parallel (cancellable) calls
    2963              : 
    2964            0 :     void * context   = (!fireAndForget) ? this : nullptr;
    2965            0 :     auto onSuccessCb = [context, successCb](const app::ConcreteCommandPath & aPath, const app::StatusIB & aStatus,
    2966              :                                             const typename RequestObjectT::ResponseType & responseData) {
    2967            0 :         successCb(context, responseData);
    2968              :     };
    2969            0 :     auto onFailureCb = [context, failureCb](CHIP_ERROR aError) { failureCb(context, aError); };
    2970              : 
    2971            0 :     return InvokeCommandRequest(device->GetExchangeManager(), device->GetSecureSession().Value(), endpoint, request, onSuccessCb,
    2972            0 :                                 onFailureCb, NullOptional, timeout, (!fireAndForget) ? &mInvokeCancelFn : nullptr);
    2973              : }
    2974              : 
    2975              : template <typename AttrType>
    2976              : CHIP_ERROR DeviceCommissioner::SendCommissioningWriteRequest(DeviceProxy * device, EndpointId endpoint, ClusterId cluster,
    2977              :                                                              AttributeId attribute, const AttrType & requestData,
    2978              :                                                              WriteResponseSuccessCallback successCb,
    2979              :                                                              WriteResponseFailureCallback failureCb)
    2980              : {
    2981              :     VerifyOrDie(!mWriteCancelFn); // we don't make parallel (cancellable) calls
    2982              :     auto onSuccessCb = [this, successCb](const app::ConcreteAttributePath & aPath) { successCb(this); };
    2983              :     auto onFailureCb = [this, failureCb](const app::ConcreteAttributePath * aPath, CHIP_ERROR aError) { failureCb(this, aError); };
    2984              :     return WriteAttribute(device->GetSecureSession().Value(), endpoint, cluster, attribute, requestData, onSuccessCb, onFailureCb,
    2985              :                           /* aTimedWriteTimeoutMs = */ NullOptional, /* onDoneCb = */ nullptr, /* aDataVersion = */ NullOptional,
    2986              :                           /* outCancelFn = */ &mWriteCancelFn);
    2987              : }
    2988              : 
    2989            0 : void DeviceCommissioner::SendCommissioningReadRequest(DeviceProxy * proxy, Optional<System::Clock::Timeout> timeout,
    2990              :                                                       app::AttributePathParams * readPaths, size_t readPathsSize)
    2991              : {
    2992            0 :     VerifyOrDie(!mReadClient); // we don't perform parallel reads
    2993              : 
    2994            0 :     app::InteractionModelEngine * engine = app::InteractionModelEngine::GetInstance();
    2995            0 :     app::ReadPrepareParams readParams(proxy->GetSecureSession().Value());
    2996            0 :     readParams.mIsFabricFiltered = false;
    2997            0 :     if (timeout.HasValue())
    2998              :     {
    2999            0 :         readParams.mTimeout = timeout.Value();
    3000              :     }
    3001            0 :     readParams.mpAttributePathParamsList    = readPaths;
    3002            0 :     readParams.mAttributePathParamsListSize = readPathsSize;
    3003              : 
    3004              :     // Take ownership of the attribute cache, so it can be released if SendRequest fails.
    3005            0 :     auto attributeCache = std::move(mAttributeCache);
    3006              :     auto readClient     = chip::Platform::MakeUnique<app::ReadClient>(
    3007            0 :         engine, proxy->GetExchangeManager(), attributeCache->GetBufferedCallback(), app::ReadClient::InteractionType::Read);
    3008            0 :     CHIP_ERROR err = readClient->SendRequest(readParams);
    3009            0 :     if (err != CHIP_NO_ERROR)
    3010              :     {
    3011            0 :         ChipLogError(Controller, "Failed to send read request: %" CHIP_ERROR_FORMAT, err.Format());
    3012            0 :         CommissioningStageComplete(err);
    3013            0 :         return;
    3014              :     }
    3015            0 :     mAttributeCache = std::move(attributeCache);
    3016            0 :     mReadClient     = std::move(readClient);
    3017            0 : }
    3018              : 
    3019            0 : void DeviceCommissioner::PerformCommissioningStep(DeviceProxy * proxy, CommissioningStage step, CommissioningParameters & params,
    3020              :                                                   CommissioningDelegate * delegate, EndpointId endpoint,
    3021              :                                                   Optional<System::Clock::Timeout> timeout)
    3022              : 
    3023              : {
    3024              :     MATTER_LOG_METRIC(kMetricDeviceCommissionerCommissionStage, step);
    3025              :     MATTER_LOG_METRIC_BEGIN(MetricKeyForCommissioningStage(step));
    3026              : 
    3027            0 :     if (params.GetCompletionStatus().err == CHIP_NO_ERROR)
    3028              :     {
    3029            0 :         ChipLogProgress(Controller, "Performing next commissioning step '%s'", StageToString(step));
    3030              :     }
    3031              :     else
    3032              :     {
    3033            0 :         ChipLogProgress(Controller, "Performing next commissioning step '%s' with completion status = '%s'", StageToString(step),
    3034              :                         params.GetCompletionStatus().err.AsString());
    3035              :     }
    3036              : 
    3037            0 :     mCommissioningStepTimeout = timeout;
    3038            0 :     mCommissioningStage       = step;
    3039            0 :     mCommissioningDelegate    = delegate;
    3040            0 :     mDeviceBeingCommissioned  = proxy;
    3041              : 
    3042              :     // TODO: Extend timeouts to the DAC and Opcert requests.
    3043              :     // TODO(cecille): We probably want something better than this for breadcrumbs.
    3044            0 :     uint64_t breadcrumb = static_cast<uint64_t>(step);
    3045              : 
    3046            0 :     switch (step)
    3047              :     {
    3048            0 :     case CommissioningStage::kArmFailsafe: {
    3049            0 :         VerifyOrDie(endpoint == kRootEndpointId);
    3050              :         // Make sure the fail-safe value we set here actually ends up being used
    3051              :         // no matter what.
    3052            0 :         proxy->SetFailSafeExpirationTimestamp(System::Clock::kZero);
    3053            0 :         VerifyOrDie(ExtendArmFailSafeInternal(proxy, step, params.GetFailsafeTimerSeconds().ValueOr(kDefaultFailsafeTimeout),
    3054              :                                               timeout, OnArmFailSafe, OnBasicFailure, /* fireAndForget = */ false));
    3055              :     }
    3056            0 :     break;
    3057            0 :     case CommissioningStage::kReadCommissioningInfo: {
    3058            0 :         VerifyOrDie(endpoint == kRootEndpointId);
    3059            0 :         ChipLogProgress(Controller, "Sending read requests for commissioning information");
    3060              : 
    3061              :         // Allocate a ClusterStateCache to collect the data from our read requests.
    3062              :         // The cache will be released in:
    3063              :         // - SendCommissioningReadRequest when failing to send a read request.
    3064              :         // - FinishReadingCommissioningInfo when the ReadCommissioningInfo stage is completed.
    3065              :         // - CancelCommissioningInteractions
    3066            0 :         mAttributeCache = Platform::MakeUnique<app::ClusterStateCache>(*this);
    3067              : 
    3068              :         // Generally we need to make more than one read request, because as per spec a server only
    3069              :         // supports a limited number of paths per Read Interaction. Because the actual number of
    3070              :         // interactions we end up performing is dynamic, we track all of them within a single
    3071              :         // commissioning stage.
    3072            0 :         mReadCommissioningInfoProgress = 0;
    3073            0 :         ContinueReadingCommissioningInfo(params); // Note: assume params == delegate.GetCommissioningParameters()
    3074            0 :         break;
    3075              :     }
    3076            0 :     case CommissioningStage::kConfigureUTCTime: {
    3077            0 :         TimeSynchronization::Commands::SetUTCTime::Type request;
    3078            0 :         uint64_t kChipEpochUsSinceUnixEpoch = static_cast<uint64_t>(kChipEpochSecondsSinceUnixEpoch) * chip::kMicrosecondsPerSecond;
    3079              :         System::Clock::Microseconds64 utcTime;
    3080            0 :         if (System::SystemClock().GetClock_RealTime(utcTime) != CHIP_NO_ERROR || utcTime.count() <= kChipEpochUsSinceUnixEpoch)
    3081              :         {
    3082              :             // We have no time to give, but that's OK, just complete this stage
    3083            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3084            0 :             return;
    3085              :         }
    3086              : 
    3087            0 :         request.UTCTime = utcTime.count() - kChipEpochUsSinceUnixEpoch;
    3088              :         // For now, we assume a seconds granularity
    3089            0 :         request.granularity = TimeSynchronization::GranularityEnum::kSecondsGranularity;
    3090            0 :         CHIP_ERROR err      = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnSetUTCError, endpoint, timeout);
    3091            0 :         if (err != CHIP_NO_ERROR)
    3092              :         {
    3093              :             // We won't get any async callbacks here, so just complete our stage.
    3094            0 :             ChipLogError(Controller, "Failed to send SetUTCTime command: %" CHIP_ERROR_FORMAT, err.Format());
    3095            0 :             CommissioningStageComplete(err);
    3096            0 :             return;
    3097              :         }
    3098            0 :         break;
    3099              :     }
    3100            0 :     case CommissioningStage::kConfigureTimeZone: {
    3101            0 :         if (!params.GetTimeZone().HasValue())
    3102              :         {
    3103            0 :             ChipLogError(Controller, "ConfigureTimeZone stage called with no time zone data");
    3104            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3105            0 :             return;
    3106              :         }
    3107            0 :         TimeSynchronization::Commands::SetTimeZone::Type request;
    3108            0 :         request.timeZone = params.GetTimeZone().Value();
    3109            0 :         CHIP_ERROR err   = SendCommissioningCommand(proxy, request, OnSetTimeZoneResponse, OnBasicFailure, endpoint, timeout);
    3110            0 :         if (err != CHIP_NO_ERROR)
    3111              :         {
    3112              :             // We won't get any async callbacks here, so just complete our stage.
    3113            0 :             ChipLogError(Controller, "Failed to send SetTimeZone command: %" CHIP_ERROR_FORMAT, err.Format());
    3114            0 :             CommissioningStageComplete(err);
    3115            0 :             return;
    3116              :         }
    3117            0 :         break;
    3118              :     }
    3119            0 :     case CommissioningStage::kConfigureDSTOffset: {
    3120            0 :         if (!params.GetDSTOffsets().HasValue())
    3121              :         {
    3122            0 :             ChipLogError(Controller, "ConfigureDSTOffset stage called with no DST data");
    3123            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3124            0 :             return;
    3125              :         }
    3126            0 :         TimeSynchronization::Commands::SetDSTOffset::Type request;
    3127            0 :         request.DSTOffset = params.GetDSTOffsets().Value();
    3128            0 :         CHIP_ERROR err    = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3129            0 :         if (err != CHIP_NO_ERROR)
    3130              :         {
    3131              :             // We won't get any async callbacks here, so just complete our stage.
    3132            0 :             ChipLogError(Controller, "Failed to send SetDSTOffset command: %" CHIP_ERROR_FORMAT, err.Format());
    3133            0 :             CommissioningStageComplete(err);
    3134            0 :             return;
    3135              :         }
    3136            0 :         break;
    3137              :     }
    3138            0 :     case CommissioningStage::kConfigureDefaultNTP: {
    3139            0 :         if (!params.GetDefaultNTP().HasValue())
    3140              :         {
    3141            0 :             ChipLogError(Controller, "ConfigureDefaultNTP stage called with no default NTP data");
    3142            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3143            0 :             return;
    3144              :         }
    3145            0 :         TimeSynchronization::Commands::SetDefaultNTP::Type request;
    3146            0 :         request.defaultNTP = params.GetDefaultNTP().Value();
    3147            0 :         CHIP_ERROR err     = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3148            0 :         if (err != CHIP_NO_ERROR)
    3149              :         {
    3150              :             // We won't get any async callbacks here, so just complete our stage.
    3151            0 :             ChipLogError(Controller, "Failed to send SetDefaultNTP command: %" CHIP_ERROR_FORMAT, err.Format());
    3152            0 :             CommissioningStageComplete(err);
    3153            0 :             return;
    3154              :         }
    3155            0 :         break;
    3156              :     }
    3157            0 :     case CommissioningStage::kScanNetworks: {
    3158            0 :         NetworkCommissioning::Commands::ScanNetworks::Type request;
    3159            0 :         if (params.GetWiFiCredentials().HasValue())
    3160              :         {
    3161            0 :             request.ssid.Emplace(params.GetWiFiCredentials().Value().ssid);
    3162              :         }
    3163            0 :         request.breadcrumb.Emplace(breadcrumb);
    3164            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnScanNetworksResponse, OnScanNetworksFailure, endpoint, timeout);
    3165            0 :         if (err != CHIP_NO_ERROR)
    3166              :         {
    3167              :             // We won't get any async callbacks here, so just complete our stage.
    3168            0 :             ChipLogError(Controller, "Failed to send ScanNetworks command: %" CHIP_ERROR_FORMAT, err.Format());
    3169            0 :             CommissioningStageComplete(err);
    3170            0 :             return;
    3171              :         }
    3172            0 :         break;
    3173              :     }
    3174            0 :     case CommissioningStage::kNeedsNetworkCreds: {
    3175              :         // nothing to do, the OnScanNetworksSuccess and OnScanNetworksFailure callbacks provide indication to the
    3176              :         // DevicePairingDelegate that network credentials are needed.
    3177            0 :         break;
    3178              :     }
    3179            0 :     case CommissioningStage::kConfigRegulatory: {
    3180              :         // TODO(cecille): Worthwhile to keep this around as part of the class?
    3181              :         // TODO(cecille): Where is the country config actually set?
    3182            0 :         ChipLogProgress(Controller, "Setting Regulatory Config");
    3183              :         auto capability =
    3184            0 :             params.GetLocationCapability().ValueOr(app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kOutdoor);
    3185              :         app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum regulatoryConfig;
    3186              :         // Value is only switchable on the devices with indoor/outdoor capability
    3187            0 :         if (capability == app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kIndoorOutdoor)
    3188              :         {
    3189              :             // If the device supports indoor and outdoor configs, use the setting from the commissioner, otherwise fall back to
    3190              :             // the current device setting then to outdoor (most restrictive)
    3191            0 :             if (params.GetDeviceRegulatoryLocation().HasValue())
    3192              :             {
    3193            0 :                 regulatoryConfig = params.GetDeviceRegulatoryLocation().Value();
    3194            0 :                 ChipLogProgress(Controller, "Setting regulatory config to %u from commissioner override",
    3195              :                                 static_cast<uint8_t>(regulatoryConfig));
    3196              :             }
    3197            0 :             else if (params.GetDefaultRegulatoryLocation().HasValue())
    3198              :             {
    3199            0 :                 regulatoryConfig = params.GetDefaultRegulatoryLocation().Value();
    3200            0 :                 ChipLogProgress(Controller, "No regulatory config supplied by controller, leaving as device default (%u)",
    3201              :                                 static_cast<uint8_t>(regulatoryConfig));
    3202              :             }
    3203              :             else
    3204              :             {
    3205            0 :                 regulatoryConfig = app::Clusters::GeneralCommissioning::RegulatoryLocationTypeEnum::kOutdoor;
    3206            0 :                 ChipLogProgress(Controller, "No overrride or device regulatory config supplied, setting to outdoor");
    3207              :             }
    3208              :         }
    3209              :         else
    3210              :         {
    3211            0 :             ChipLogProgress(Controller, "Device does not support configurable regulatory location");
    3212            0 :             regulatoryConfig = capability;
    3213              :         }
    3214              : 
    3215            0 :         CharSpan countryCode;
    3216            0 :         const auto & providedCountryCode = params.GetCountryCode();
    3217            0 :         if (providedCountryCode.HasValue())
    3218              :         {
    3219            0 :             countryCode = providedCountryCode.Value();
    3220              :         }
    3221              :         else
    3222              :         {
    3223              :             // Default to "XX", for lack of anything better.
    3224            0 :             countryCode = "XX"_span;
    3225              :         }
    3226              : 
    3227            0 :         GeneralCommissioning::Commands::SetRegulatoryConfig::Type request;
    3228            0 :         request.newRegulatoryConfig = regulatoryConfig;
    3229            0 :         request.countryCode         = countryCode;
    3230            0 :         request.breadcrumb          = breadcrumb;
    3231            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnSetRegulatoryConfigResponse, OnBasicFailure, endpoint, timeout);
    3232            0 :         if (err != CHIP_NO_ERROR)
    3233              :         {
    3234              :             // We won't get any async callbacks here, so just complete our stage.
    3235            0 :             ChipLogError(Controller, "Failed to send SetRegulatoryConfig command: %" CHIP_ERROR_FORMAT, err.Format());
    3236            0 :             CommissioningStageComplete(err);
    3237            0 :             return;
    3238              :         }
    3239              :     }
    3240            0 :     break;
    3241            0 :     case CommissioningStage::kConfigureTCAcknowledgments: {
    3242            0 :         ChipLogProgress(Controller, "Setting Terms and Conditions");
    3243              : 
    3244            0 :         if (!params.GetTermsAndConditionsAcknowledgement().HasValue())
    3245              :         {
    3246            0 :             ChipLogProgress(Controller, "Setting Terms and Conditions: Skipped");
    3247            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3248            0 :             return;
    3249              :         }
    3250              : 
    3251            0 :         GeneralCommissioning::Commands::SetTCAcknowledgements::Type request;
    3252            0 :         TermsAndConditionsAcknowledgement termsAndConditionsAcknowledgement = params.GetTermsAndConditionsAcknowledgement().Value();
    3253            0 :         request.TCUserResponse = termsAndConditionsAcknowledgement.acceptedTermsAndConditions;
    3254            0 :         request.TCVersion      = termsAndConditionsAcknowledgement.acceptedTermsAndConditionsVersion;
    3255              : 
    3256            0 :         ChipLogProgress(Controller, "Setting Terms and Conditions: %hu, %hu", request.TCUserResponse, request.TCVersion);
    3257              :         CHIP_ERROR err =
    3258            0 :             SendCommissioningCommand(proxy, request, OnSetTCAcknowledgementsResponse, OnBasicFailure, endpoint, timeout);
    3259            0 :         if (err != CHIP_NO_ERROR)
    3260              :         {
    3261            0 :             ChipLogError(Controller, "Failed to send SetTCAcknowledgements command: %" CHIP_ERROR_FORMAT, err.Format());
    3262            0 :             CommissioningStageComplete(err);
    3263            0 :             return;
    3264              :         }
    3265            0 :         break;
    3266              :     }
    3267            0 :     case CommissioningStage::kSendPAICertificateRequest: {
    3268            0 :         ChipLogProgress(Controller, "Sending request for PAI certificate");
    3269            0 :         CHIP_ERROR err = SendCertificateChainRequestCommand(proxy, CertificateType::kPAI, timeout);
    3270            0 :         if (err != CHIP_NO_ERROR)
    3271              :         {
    3272              :             // We won't get any async callbacks here, so just complete our stage.
    3273            0 :             ChipLogError(Controller, "Failed to send CertificateChainRequest command to get PAI: %" CHIP_ERROR_FORMAT,
    3274              :                          err.Format());
    3275            0 :             CommissioningStageComplete(err);
    3276            0 :             return;
    3277              :         }
    3278            0 :         break;
    3279              :     }
    3280            0 :     case CommissioningStage::kSendDACCertificateRequest: {
    3281            0 :         ChipLogProgress(Controller, "Sending request for DAC certificate");
    3282            0 :         CHIP_ERROR err = SendCertificateChainRequestCommand(proxy, CertificateType::kDAC, timeout);
    3283            0 :         if (err != CHIP_NO_ERROR)
    3284              :         {
    3285              :             // We won't get any async callbacks here, so just complete our stage.
    3286            0 :             ChipLogError(Controller, "Failed to send CertificateChainRequest command to get DAC: %" CHIP_ERROR_FORMAT,
    3287              :                          err.Format());
    3288            0 :             CommissioningStageComplete(err);
    3289            0 :             return;
    3290              :         }
    3291            0 :         break;
    3292              :     }
    3293            0 :     case CommissioningStage::kSendAttestationRequest: {
    3294            0 :         ChipLogProgress(Controller, "Sending Attestation Request to the device.");
    3295            0 :         if (!params.GetAttestationNonce().HasValue())
    3296              :         {
    3297            0 :             ChipLogError(Controller, "No attestation nonce found");
    3298            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3299            0 :             return;
    3300              :         }
    3301            0 :         CHIP_ERROR err = SendAttestationRequestCommand(proxy, params.GetAttestationNonce().Value(), timeout);
    3302            0 :         if (err != CHIP_NO_ERROR)
    3303              :         {
    3304              :             // We won't get any async callbacks here, so just complete our stage.
    3305            0 :             ChipLogError(Controller, "Failed to send AttestationRequest command: %" CHIP_ERROR_FORMAT, err.Format());
    3306            0 :             CommissioningStageComplete(err);
    3307            0 :             return;
    3308              :         }
    3309            0 :         break;
    3310              :     }
    3311            0 :     case CommissioningStage::kAttestationVerification: {
    3312            0 :         ChipLogProgress(Controller, "Verifying attestation");
    3313            0 :         if (IsAttestationInformationMissing(params))
    3314              :         {
    3315            0 :             ChipLogError(Controller, "Missing attestation information");
    3316            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3317            0 :             return;
    3318              :         }
    3319              : 
    3320              :         DeviceAttestationVerifier::AttestationInfo info(
    3321            0 :             params.GetAttestationElements().Value(),
    3322            0 :             proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge(),
    3323            0 :             params.GetAttestationSignature().Value(), params.GetPAI().Value(), params.GetDAC().Value(),
    3324            0 :             params.GetAttestationNonce().Value(), params.GetRemoteVendorId().Value(), params.GetRemoteProductId().Value());
    3325              : 
    3326            0 :         if (ValidateAttestationInfo(info) != CHIP_NO_ERROR)
    3327              :         {
    3328            0 :             ChipLogError(Controller, "Error validating attestation information");
    3329            0 :             CommissioningStageComplete(CHIP_ERROR_FAILED_DEVICE_ATTESTATION);
    3330            0 :             return;
    3331              :         }
    3332              :     }
    3333            0 :     break;
    3334            0 :     case CommissioningStage::kAttestationRevocationCheck: {
    3335            0 :         ChipLogProgress(Controller, "Verifying device's DAC chain revocation status");
    3336            0 :         if (IsAttestationInformationMissing(params))
    3337              :         {
    3338            0 :             ChipLogError(Controller, "Missing attestation information");
    3339            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3340            0 :             return;
    3341              :         }
    3342              : 
    3343              :         DeviceAttestationVerifier::AttestationInfo info(
    3344            0 :             params.GetAttestationElements().Value(),
    3345            0 :             proxy->GetSecureSession().Value()->AsSecureSession()->GetCryptoContext().GetAttestationChallenge(),
    3346            0 :             params.GetAttestationSignature().Value(), params.GetPAI().Value(), params.GetDAC().Value(),
    3347            0 :             params.GetAttestationNonce().Value(), params.GetRemoteVendorId().Value(), params.GetRemoteProductId().Value());
    3348              : 
    3349            0 :         if (CheckForRevokedDACChain(info) != CHIP_NO_ERROR)
    3350              :         {
    3351            0 :             ChipLogError(Controller, "Error validating device's DAC chain revocation status");
    3352            0 :             CommissioningStageComplete(CHIP_ERROR_FAILED_DEVICE_ATTESTATION);
    3353            0 :             return;
    3354              :         }
    3355              :     }
    3356            0 :     break;
    3357            0 :     case CommissioningStage::kSendOpCertSigningRequest: {
    3358            0 :         if (!params.GetCSRNonce().HasValue())
    3359              :         {
    3360            0 :             ChipLogError(Controller, "No CSR nonce found");
    3361            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3362            0 :             return;
    3363              :         }
    3364            0 :         CHIP_ERROR err = SendOperationalCertificateSigningRequestCommand(proxy, params.GetCSRNonce().Value(), timeout);
    3365            0 :         if (err != CHIP_NO_ERROR)
    3366              :         {
    3367              :             // We won't get any async callbacks here, so just complete our stage.
    3368            0 :             ChipLogError(Controller, "Failed to send CSR request: %" CHIP_ERROR_FORMAT, err.Format());
    3369            0 :             CommissioningStageComplete(err);
    3370            0 :             return;
    3371              :         }
    3372            0 :         break;
    3373              :     }
    3374            0 :     case CommissioningStage::kValidateCSR: {
    3375            0 :         if (!params.GetNOCChainGenerationParameters().HasValue() || !params.GetDAC().HasValue() || !params.GetCSRNonce().HasValue())
    3376              :         {
    3377            0 :             ChipLogError(Controller, "Unable to validate CSR");
    3378            0 :             return CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3379              :         }
    3380              :         // This is non-blocking, so send the callback immediately.
    3381            0 :         CHIP_ERROR err = ValidateCSR(proxy, params.GetNOCChainGenerationParameters().Value().nocsrElements,
    3382            0 :                                      params.GetNOCChainGenerationParameters().Value().signature, params.GetDAC().Value(),
    3383            0 :                                      params.GetCSRNonce().Value());
    3384            0 :         if (err != CHIP_NO_ERROR)
    3385              :         {
    3386            0 :             ChipLogError(Controller, "Unable to validate CSR");
    3387              :         }
    3388            0 :         CommissioningStageComplete(err);
    3389            0 :         return;
    3390              :     }
    3391              :     break;
    3392            0 :     case CommissioningStage::kGenerateNOCChain: {
    3393            0 :         if (!params.GetNOCChainGenerationParameters().HasValue() || !params.GetDAC().HasValue() || !params.GetPAI().HasValue() ||
    3394            0 :             !params.GetCSRNonce().HasValue())
    3395              :         {
    3396            0 :             ChipLogError(Controller, "Unable to generate NOC chain parameters");
    3397            0 :             return CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3398              :         }
    3399            0 :         CHIP_ERROR err = ProcessCSR(proxy, params.GetNOCChainGenerationParameters().Value().nocsrElements,
    3400            0 :                                     params.GetNOCChainGenerationParameters().Value().signature, params.GetDAC().Value(),
    3401            0 :                                     params.GetPAI().Value(), params.GetCSRNonce().Value());
    3402            0 :         if (err != CHIP_NO_ERROR)
    3403              :         {
    3404            0 :             ChipLogError(Controller, "Unable to process Op CSR");
    3405              :             // Handle error, and notify session failure to the commissioner application.
    3406            0 :             ChipLogError(Controller, "Failed to process the certificate signing request");
    3407              :             // TODO: Map error status to correct error code
    3408            0 :             CommissioningStageComplete(err);
    3409            0 :             return;
    3410              :         }
    3411              :     }
    3412            0 :     break;
    3413            0 :     case CommissioningStage::kSendTrustedRootCert: {
    3414            0 :         if (!params.GetRootCert().HasValue() || !params.GetNoc().HasValue())
    3415              :         {
    3416            0 :             ChipLogError(Controller, "No trusted root cert or NOC specified");
    3417            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3418            0 :             return;
    3419              :         }
    3420            0 :         CHIP_ERROR err = SendTrustedRootCertificate(proxy, params.GetRootCert().Value(), timeout);
    3421            0 :         if (err != CHIP_NO_ERROR)
    3422              :         {
    3423            0 :             ChipLogError(Controller, "Error sending trusted root certificate: %" CHIP_ERROR_FORMAT, err.Format());
    3424            0 :             CommissioningStageComplete(err);
    3425            0 :             return;
    3426              :         }
    3427              : 
    3428            0 :         err = proxy->SetPeerId(params.GetRootCert().Value(), params.GetNoc().Value());
    3429            0 :         if (err != CHIP_NO_ERROR)
    3430              :         {
    3431            0 :             ChipLogError(Controller, "Error setting peer id: %s", err.AsString());
    3432            0 :             CommissioningStageComplete(err);
    3433            0 :             return;
    3434              :         }
    3435            0 :         if (!IsOperationalNodeId(proxy->GetDeviceId()))
    3436              :         {
    3437            0 :             ChipLogError(Controller, "Given node ID is not an operational node ID");
    3438            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3439            0 :             return;
    3440              :         }
    3441              :     }
    3442            0 :     break;
    3443            0 :     case CommissioningStage::kSendNOC: {
    3444            0 :         if (!params.GetNoc().HasValue() || !params.GetIpk().HasValue() || !params.GetAdminSubject().HasValue())
    3445              :         {
    3446            0 :             ChipLogError(Controller, "AddNOC contents not specified");
    3447            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3448            0 :             return;
    3449              :         }
    3450            0 :         CHIP_ERROR err = SendOperationalCertificate(proxy, params.GetNoc().Value(), params.GetIcac(), params.GetIpk().Value(),
    3451            0 :                                                     params.GetAdminSubject().Value(), timeout);
    3452            0 :         if (err != CHIP_NO_ERROR)
    3453              :         {
    3454              :             // We won't get any async callbacks here, so just complete our stage.
    3455            0 :             ChipLogError(Controller, "Error sending operational certificate: %" CHIP_ERROR_FORMAT, err.Format());
    3456            0 :             CommissioningStageComplete(err);
    3457            0 :             return;
    3458              :         }
    3459            0 :         break;
    3460              :     }
    3461            0 :     case CommissioningStage::kConfigureTrustedTimeSource: {
    3462            0 :         if (!params.GetTrustedTimeSource().HasValue())
    3463              :         {
    3464            0 :             ChipLogError(Controller, "ConfigureTrustedTimeSource stage called with no trusted time source data");
    3465            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3466            0 :             return;
    3467              :         }
    3468            0 :         TimeSynchronization::Commands::SetTrustedTimeSource::Type request;
    3469            0 :         request.trustedTimeSource = params.GetTrustedTimeSource().Value();
    3470            0 :         CHIP_ERROR err            = SendCommissioningCommand(proxy, request, OnBasicSuccess, OnBasicFailure, endpoint, timeout);
    3471            0 :         if (err != CHIP_NO_ERROR)
    3472              :         {
    3473              :             // We won't get any async callbacks here, so just complete our stage.
    3474            0 :             ChipLogError(Controller, "Failed to send SendTrustedTimeSource command: %" CHIP_ERROR_FORMAT, err.Format());
    3475            0 :             CommissioningStageComplete(err);
    3476            0 :             return;
    3477              :         }
    3478            0 :         break;
    3479              :     }
    3480            0 :     case CommissioningStage::kWiFiNetworkSetup: {
    3481            0 :         if (!params.GetWiFiCredentials().HasValue())
    3482              :         {
    3483            0 :             ChipLogError(Controller, "No wifi credentials specified");
    3484            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3485            0 :             return;
    3486              :         }
    3487              : 
    3488            0 :         NetworkCommissioning::Commands::AddOrUpdateWiFiNetwork::Type request;
    3489            0 :         request.ssid        = params.GetWiFiCredentials().Value().ssid;
    3490            0 :         request.credentials = params.GetWiFiCredentials().Value().credentials;
    3491            0 :         request.breadcrumb.Emplace(breadcrumb);
    3492            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3493            0 :         if (err != CHIP_NO_ERROR)
    3494              :         {
    3495              :             // We won't get any async callbacks here, so just complete our stage.
    3496            0 :             ChipLogError(Controller, "Failed to send AddOrUpdateWiFiNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3497            0 :             CommissioningStageComplete(err);
    3498            0 :             return;
    3499              :         }
    3500              :     }
    3501            0 :     break;
    3502            0 :     case CommissioningStage::kThreadNetworkSetup: {
    3503            0 :         if (!params.GetThreadOperationalDataset().HasValue())
    3504              :         {
    3505            0 :             ChipLogError(Controller, "No thread credentials specified");
    3506            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3507            0 :             return;
    3508              :         }
    3509            0 :         NetworkCommissioning::Commands::AddOrUpdateThreadNetwork::Type request;
    3510            0 :         request.operationalDataset = params.GetThreadOperationalDataset().Value();
    3511            0 :         request.breadcrumb.Emplace(breadcrumb);
    3512            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3513            0 :         if (err != CHIP_NO_ERROR)
    3514              :         {
    3515              :             // We won't get any async callbacks here, so just complete our stage.
    3516            0 :             ChipLogError(Controller, "Failed to send AddOrUpdateThreadNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3517            0 :             CommissioningStageComplete(err);
    3518            0 :             return;
    3519              :         }
    3520              :     }
    3521            0 :     break;
    3522            0 :     case CommissioningStage::kFailsafeBeforeWiFiEnable:
    3523              :         FALLTHROUGH;
    3524              :     case CommissioningStage::kFailsafeBeforeThreadEnable:
    3525              :         // Before we try to do network enablement, make sure that our fail-safe
    3526              :         // is set far enough out that we can later try to do operational
    3527              :         // discovery without it timing out.
    3528            0 :         ExtendFailsafeBeforeNetworkEnable(proxy, params, step);
    3529            0 :         break;
    3530            0 :     case CommissioningStage::kWiFiNetworkEnable: {
    3531            0 :         if (!params.GetWiFiCredentials().HasValue())
    3532              :         {
    3533            0 :             ChipLogError(Controller, "No wifi credentials specified");
    3534            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3535            0 :             return;
    3536              :         }
    3537            0 :         NetworkCommissioning::Commands::ConnectNetwork::Type request;
    3538            0 :         request.networkID = params.GetWiFiCredentials().Value().ssid;
    3539            0 :         request.breadcrumb.Emplace(breadcrumb);
    3540              : 
    3541            0 :         CHIP_ERROR err = CHIP_NO_ERROR;
    3542            0 :         ChipLogProgress(Controller, "SendCommand kWiFiNetworkEnable, supportsConcurrentConnection=%s",
    3543              :                         params.GetSupportsConcurrentConnection().HasValue()
    3544              :                             ? (params.GetSupportsConcurrentConnection().Value() ? "true" : "false")
    3545              :                             : "missing");
    3546            0 :         err = SendCommissioningCommand(proxy, request, OnConnectNetworkResponse, OnBasicFailure, endpoint, timeout);
    3547              : 
    3548            0 :         if (err != CHIP_NO_ERROR)
    3549              :         {
    3550              :             // We won't get any async callbacks here, so just complete our stage.
    3551            0 :             ChipLogError(Controller, "Failed to send WiFi ConnectNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3552            0 :             CommissioningStageComplete(err);
    3553            0 :             return;
    3554              :         }
    3555              :     }
    3556            0 :     break;
    3557            0 :     case CommissioningStage::kThreadNetworkEnable: {
    3558            0 :         ByteSpan extendedPanId;
    3559            0 :         chip::Thread::OperationalDataset operationalDataset;
    3560            0 :         if (!params.GetThreadOperationalDataset().HasValue() ||
    3561            0 :             operationalDataset.Init(params.GetThreadOperationalDataset().Value()) != CHIP_NO_ERROR ||
    3562            0 :             operationalDataset.GetExtendedPanIdAsByteSpan(extendedPanId) != CHIP_NO_ERROR)
    3563              :         {
    3564            0 :             ChipLogError(Controller, "Unable to get extended pan ID for thread operational dataset\n");
    3565            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3566            0 :             return;
    3567              :         }
    3568            0 :         NetworkCommissioning::Commands::ConnectNetwork::Type request;
    3569            0 :         request.networkID = extendedPanId;
    3570            0 :         request.breadcrumb.Emplace(breadcrumb);
    3571            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnConnectNetworkResponse, OnBasicFailure, endpoint, timeout);
    3572            0 :         if (err != CHIP_NO_ERROR)
    3573              :         {
    3574              :             // We won't get any async callbacks here, so just complete our stage.
    3575            0 :             ChipLogError(Controller, "Failed to send Thread ConnectNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3576            0 :             CommissioningStageComplete(err);
    3577            0 :             return;
    3578              :         }
    3579              :     }
    3580            0 :     break;
    3581            0 :     case CommissioningStage::kICDGetRegistrationInfo: {
    3582            0 :         GetPairingDelegate()->OnICDRegistrationInfoRequired();
    3583            0 :         return;
    3584              :     }
    3585              :     break;
    3586            0 :     case CommissioningStage::kICDRegistration: {
    3587            0 :         IcdManagement::Commands::RegisterClient::Type request;
    3588              : 
    3589            0 :         if (!(params.GetICDCheckInNodeId().HasValue() && params.GetICDMonitoredSubject().HasValue() &&
    3590            0 :               params.GetICDSymmetricKey().HasValue()))
    3591              :         {
    3592            0 :             ChipLogError(Controller, "No ICD Registration information provided!");
    3593            0 :             CommissioningStageComplete(CHIP_ERROR_INCORRECT_STATE);
    3594            0 :             return;
    3595              :         }
    3596              : 
    3597            0 :         request.checkInNodeID    = params.GetICDCheckInNodeId().Value();
    3598            0 :         request.monitoredSubject = params.GetICDMonitoredSubject().Value();
    3599            0 :         request.key              = params.GetICDSymmetricKey().Value();
    3600              : 
    3601              :         CHIP_ERROR err =
    3602            0 :             SendCommissioningCommand(proxy, request, OnICDManagementRegisterClientResponse, OnBasicFailure, endpoint, timeout);
    3603            0 :         if (err != CHIP_NO_ERROR)
    3604              :         {
    3605              :             // We won't get any async callbacks here, so just complete our stage.
    3606            0 :             ChipLogError(Controller, "Failed to send IcdManagement.RegisterClient command: %" CHIP_ERROR_FORMAT, err.Format());
    3607            0 :             CommissioningStageComplete(err);
    3608            0 :             return;
    3609              :         }
    3610              :     }
    3611            0 :     break;
    3612            0 :     case CommissioningStage::kEvictPreviousCaseSessions: {
    3613            0 :         auto scopedPeerId = GetPeerScopedId(proxy->GetDeviceId());
    3614              : 
    3615              :         // If we ever had a commissioned device with this node ID before, we may
    3616              :         // have stale sessions to it.  Make sure we don't re-use any of those,
    3617              :         // because clearly they are not related to this new device we are
    3618              :         // commissioning.  We only care about sessions we might reuse, so just
    3619              :         // clearing the ones associated with our fabric index is good enough and
    3620              :         // we don't need to worry about ExpireAllSessionsOnLogicalFabric.
    3621            0 :         mSystemState->SessionMgr()->ExpireAllSessions(scopedPeerId);
    3622            0 :         CommissioningStageComplete(CHIP_NO_ERROR);
    3623            0 :         return;
    3624              :     }
    3625            0 :     case CommissioningStage::kFindOperationalForStayActive:
    3626              :     case CommissioningStage::kFindOperationalForCommissioningComplete: {
    3627              :         // If there is an error, CommissioningStageComplete will be called from OnDeviceConnectionFailureFn.
    3628            0 :         auto scopedPeerId = GetPeerScopedId(proxy->GetDeviceId());
    3629              :         MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioningOperationalSetup);
    3630            0 :         mSystemState->CASESessionMgr()->FindOrEstablishSession(scopedPeerId, &mOnDeviceConnectedCallback,
    3631              :                                                                &mOnDeviceConnectionFailureCallback
    3632              : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    3633              :                                                                ,
    3634              :                                                                /* attemptCount = */ 3, &mOnDeviceConnectionRetryCallback
    3635              : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
    3636              :         );
    3637              :     }
    3638            0 :     break;
    3639            0 :     case CommissioningStage::kPrimaryOperationalNetworkFailed: {
    3640              :         // nothing to do. This stage indicates that the primary operational network failed and the network config should be
    3641              :         // removed later.
    3642            0 :         break;
    3643              :     }
    3644            0 :     case CommissioningStage::kRemoveWiFiNetworkConfig: {
    3645            0 :         NetworkCommissioning::Commands::RemoveNetwork::Type request;
    3646            0 :         request.networkID = params.GetWiFiCredentials().Value().ssid;
    3647            0 :         request.breadcrumb.Emplace(breadcrumb);
    3648            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3649            0 :         if (err != CHIP_NO_ERROR)
    3650              :         {
    3651              :             // We won't get any async callbacks here, so just complete our stage.
    3652            0 :             ChipLogError(Controller, "Failed to send RemoveNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3653            0 :             CommissioningStageComplete(err);
    3654            0 :             return;
    3655              :         }
    3656            0 :         break;
    3657              :     }
    3658            0 :     case CommissioningStage::kRemoveThreadNetworkConfig: {
    3659            0 :         ByteSpan extendedPanId;
    3660            0 :         chip::Thread::OperationalDataset operationalDataset;
    3661            0 :         if (!params.GetThreadOperationalDataset().HasValue() ||
    3662            0 :             operationalDataset.Init(params.GetThreadOperationalDataset().Value()) != CHIP_NO_ERROR ||
    3663            0 :             operationalDataset.GetExtendedPanIdAsByteSpan(extendedPanId) != CHIP_NO_ERROR)
    3664              :         {
    3665            0 :             ChipLogError(Controller, "Unable to get extended pan ID for thread operational dataset\n");
    3666            0 :             CommissioningStageComplete(CHIP_ERROR_INVALID_ARGUMENT);
    3667            0 :             return;
    3668              :         }
    3669            0 :         NetworkCommissioning::Commands::RemoveNetwork::Type request;
    3670            0 :         request.networkID = extendedPanId;
    3671            0 :         request.breadcrumb.Emplace(breadcrumb);
    3672            0 :         CHIP_ERROR err = SendCommissioningCommand(proxy, request, OnNetworkConfigResponse, OnBasicFailure, endpoint, timeout);
    3673            0 :         if (err != CHIP_NO_ERROR)
    3674              :         {
    3675              :             // We won't get any async callbacks here, so just complete our stage.
    3676            0 :             ChipLogError(Controller, "Failed to send RemoveNetwork command: %" CHIP_ERROR_FORMAT, err.Format());
    3677            0 :             CommissioningStageComplete(err);
    3678            0 :             return;
    3679              :         }
    3680            0 :         break;
    3681              :     }
    3682            0 :     case CommissioningStage::kICDSendStayActive: {
    3683            0 :         if (!(params.GetICDStayActiveDurationMsec().HasValue()))
    3684              :         {
    3685            0 :             ChipLogProgress(Controller, "Skipping kICDSendStayActive");
    3686            0 :             CommissioningStageComplete(CHIP_NO_ERROR);
    3687            0 :             return;
    3688              :         }
    3689              : 
    3690              :         // StayActive Command happens over CASE Connection
    3691            0 :         IcdManagement::Commands::StayActiveRequest::Type request;
    3692            0 :         request.stayActiveDuration = params.GetICDStayActiveDurationMsec().Value();
    3693            0 :         ChipLogError(Controller, "Send ICD StayActive with Duration %u", request.stayActiveDuration);
    3694              :         CHIP_ERROR err =
    3695            0 :             SendCommissioningCommand(proxy, request, OnICDManagementStayActiveResponse, OnBasicFailure, endpoint, timeout);
    3696            0 :         if (err != CHIP_NO_ERROR)
    3697              :         {
    3698              :             // We won't get any async callbacks here, so just complete our stage.
    3699            0 :             ChipLogError(Controller, "Failed to send IcdManagement.StayActive command: %" CHIP_ERROR_FORMAT, err.Format());
    3700            0 :             CommissioningStageComplete(err);
    3701            0 :             return;
    3702              :         }
    3703              :     }
    3704            0 :     break;
    3705            0 :     case CommissioningStage::kSendComplete: {
    3706              :         // CommissioningComplete command happens over the CASE connection.
    3707              :         GeneralCommissioning::Commands::CommissioningComplete::Type request;
    3708              :         CHIP_ERROR err =
    3709            0 :             SendCommissioningCommand(proxy, request, OnCommissioningCompleteResponse, OnBasicFailure, endpoint, timeout);
    3710            0 :         if (err != CHIP_NO_ERROR)
    3711              :         {
    3712              :             // We won't get any async callbacks here, so just complete our stage.
    3713            0 :             ChipLogError(Controller, "Failed to send CommissioningComplete command: %" CHIP_ERROR_FORMAT, err.Format());
    3714            0 :             CommissioningStageComplete(err);
    3715            0 :             return;
    3716              :         }
    3717              :     }
    3718            0 :     break;
    3719            0 :     case CommissioningStage::kCleanup:
    3720            0 :         CleanupCommissioning(proxy, proxy->GetDeviceId(), params.GetCompletionStatus());
    3721            0 :         break;
    3722            0 :     case CommissioningStage::kError:
    3723            0 :         mCommissioningStage = CommissioningStage::kSecurePairing;
    3724            0 :         break;
    3725            0 :     case CommissioningStage::kSecurePairing:
    3726            0 :         break;
    3727              :     }
    3728              : }
    3729              : 
    3730            0 : void DeviceCommissioner::ExtendFailsafeBeforeNetworkEnable(DeviceProxy * device, CommissioningParameters & params,
    3731              :                                                            CommissioningStage step)
    3732              : {
    3733            0 :     auto * commissioneeDevice = FindCommissioneeDevice(device->GetDeviceId());
    3734            0 :     if (device != commissioneeDevice)
    3735              :     {
    3736              :         // Not a commissionee device; just return.
    3737            0 :         ChipLogError(Controller, "Trying to extend fail-safe for an unknown commissionee with device id " ChipLogFormatX64,
    3738              :                      ChipLogValueX64(device->GetDeviceId()));
    3739            0 :         CommissioningStageComplete(CHIP_ERROR_INCORRECT_STATE, CommissioningDelegate::CommissioningReport());
    3740            0 :         return;
    3741              :     }
    3742              : 
    3743              :     // Try to make sure we have at least enough time for our expected
    3744              :     // commissioning bits plus the MRP retries for a Sigma1.
    3745            0 :     uint16_t failSafeTimeoutSecs = params.GetFailsafeTimerSeconds().ValueOr(kDefaultFailsafeTimeout);
    3746            0 :     auto sigma1Timeout           = CASESession::ComputeSigma1ResponseTimeout(commissioneeDevice->GetPairing().GetRemoteMRPConfig());
    3747            0 :     uint16_t sigma1TimeoutSecs   = std::chrono::duration_cast<System::Clock::Seconds16>(sigma1Timeout).count();
    3748            0 :     if (UINT16_MAX - failSafeTimeoutSecs < sigma1TimeoutSecs)
    3749              :     {
    3750            0 :         failSafeTimeoutSecs = UINT16_MAX;
    3751              :     }
    3752              :     else
    3753              :     {
    3754            0 :         failSafeTimeoutSecs = static_cast<uint16_t>(failSafeTimeoutSecs + sigma1TimeoutSecs);
    3755              :     }
    3756              : 
    3757            0 :     if (!ExtendArmFailSafeInternal(commissioneeDevice, step, failSafeTimeoutSecs, MakeOptional(kMinimumCommissioningStepTimeout),
    3758              :                                    OnArmFailSafe, OnBasicFailure, /* fireAndForget = */ false))
    3759              :     {
    3760              :         // A false return is fine; we don't want to make the fail-safe shorter here.
    3761            0 :         CommissioningStageComplete(CHIP_NO_ERROR, CommissioningDelegate::CommissioningReport());
    3762              :     }
    3763              : }
    3764              : 
    3765            0 : bool DeviceCommissioner::IsAttestationInformationMissing(const CommissioningParameters & params)
    3766              : {
    3767            0 :     if (!params.GetAttestationElements().HasValue() || !params.GetAttestationSignature().HasValue() ||
    3768            0 :         !params.GetAttestationNonce().HasValue() || !params.GetDAC().HasValue() || !params.GetPAI().HasValue() ||
    3769            0 :         !params.GetRemoteVendorId().HasValue() || !params.GetRemoteProductId().HasValue())
    3770              :     {
    3771            0 :         return true;
    3772              :     }
    3773              : 
    3774            0 :     return false;
    3775              : }
    3776              : 
    3777            0 : CHIP_ERROR DeviceController::GetCompressedFabricIdBytes(MutableByteSpan & outBytes) const
    3778              : {
    3779            0 :     const auto * fabricInfo = GetFabricInfo();
    3780            0 :     VerifyOrReturnError(fabricInfo != nullptr, CHIP_ERROR_INVALID_FABRIC_INDEX);
    3781            0 :     return fabricInfo->GetCompressedFabricIdBytes(outBytes);
    3782              : }
    3783              : 
    3784            0 : CHIP_ERROR DeviceController::GetRootPublicKey(Crypto::P256PublicKey & outRootPublicKey) const
    3785              : {
    3786            0 :     const auto * fabricTable = GetFabricTable();
    3787            0 :     VerifyOrReturnError(fabricTable != nullptr, CHIP_ERROR_INCORRECT_STATE);
    3788            0 :     return fabricTable->FetchRootPubkey(mFabricIndex, outRootPublicKey);
    3789              : }
    3790              : 
    3791              : } // namespace Controller
    3792              : } // namespace chip
        

Generated by: LCOV version 2.0-1