Line data Source code
1 : /*
2 : *
3 : * Copyright (c) 2020-2022 Project CHIP Authors
4 : * Copyright (c) 2013-2017 Nest Labs, Inc.
5 : * All rights reserved.
6 : *
7 : * Licensed under the Apache License, Version 2.0 (the "License");
8 : * you may not use this file except in compliance with the License.
9 : * You may obtain a copy of the License at
10 : *
11 : * http://www.apache.org/licenses/LICENSE-2.0
12 : *
13 : * Unless required by applicable law or agreed to in writing, software
14 : * distributed under the License is distributed on an "AS IS" BASIS,
15 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 : * See the License for the specific language governing permissions and
17 : * limitations under the License.
18 : */
19 :
20 : /**
21 : * @file
22 : * Declaration of CHIP Device Controller, a common class
23 : * that implements connecting and messaging and will later
24 : * be expanded to support discovery, pairing and
25 : * provisioning of CHIP devices.
26 : *
27 : */
28 :
29 : #pragma once
30 :
31 : #include <app/AppConfig.h>
32 : #include <app/CASEClientPool.h>
33 : #include <app/CASESessionManager.h>
34 : #include <app/ClusterStateCache.h>
35 : #include <app/OperationalSessionSetup.h>
36 : #include <app/OperationalSessionSetupPool.h>
37 : #include <controller/AbstractDnssdDiscoveryController.h>
38 : #include <controller/AutoCommissioner.h>
39 : #include <controller/CHIPCluster.h>
40 : #include <controller/CHIPDeviceControllerSystemState.h>
41 : #include <controller/CommissioneeDeviceProxy.h>
42 : #include <controller/CommissioningDelegate.h>
43 : #include <controller/DevicePairingDelegate.h>
44 : #include <controller/OperationalCredentialsDelegate.h>
45 : #include <controller/SetUpCodePairer.h>
46 : #include <credentials/FabricTable.h>
47 : #include <credentials/attestation_verifier/DeviceAttestationDelegate.h>
48 : #include <credentials/attestation_verifier/DeviceAttestationVerifier.h>
49 : #include <inet/InetInterface.h>
50 : #include <lib/core/CHIPConfig.h>
51 : #include <lib/core/CHIPCore.h>
52 : #include <lib/core/CHIPPersistentStorageDelegate.h>
53 : #include <lib/core/DataModelTypes.h>
54 : #include <lib/core/TLV.h>
55 : #include <lib/support/DLLUtil.h>
56 : #include <lib/support/Pool.h>
57 : #include <lib/support/SafeInt.h>
58 : #include <lib/support/SerializableIntegerSet.h>
59 : #include <lib/support/Span.h>
60 : #include <lib/support/ThreadOperationalDataset.h>
61 : #include <messaging/ExchangeMgr.h>
62 : #include <protocols/secure_channel/MessageCounterManager.h>
63 : #include <protocols/secure_channel/RendezvousParameters.h>
64 : #include <protocols/user_directed_commissioning/UserDirectedCommissioning.h>
65 : #include <system/SystemClock.h>
66 : #include <transport/SessionManager.h>
67 : #include <transport/TransportMgr.h>
68 : #include <transport/raw/UDP.h>
69 :
70 : #if CONFIG_DEVICE_LAYER
71 : #include <platform/CHIPDeviceLayer.h>
72 : #endif
73 :
74 : #if CONFIG_NETWORK_LAYER_BLE
75 : #include <ble/BleLayer.h>
76 : #endif
77 : #include <controller/DeviceDiscoveryDelegate.h>
78 :
79 : namespace chip {
80 :
81 : namespace Controller {
82 :
83 : using namespace chip::Protocols::UserDirectedCommissioning;
84 :
85 : inline constexpr uint16_t kNumMaxActiveDevices = CHIP_CONFIG_CONTROLLER_MAX_ACTIVE_DEVICES;
86 :
87 : // Raw functions for cluster callbacks
88 : void OnBasicFailure(void * context, CHIP_ERROR err);
89 : void OnBasicSuccess(void * context, const chip::app::DataModel::NullObjectType &);
90 :
91 : struct ControllerInitParams
92 : {
93 : DeviceControllerSystemState * systemState = nullptr;
94 : DeviceDiscoveryDelegate * deviceDiscoveryDelegate = nullptr;
95 : OperationalCredentialsDelegate * operationalCredentialsDelegate = nullptr;
96 :
97 : /* The following keypair must correspond to the public key used for generating
98 : controllerNOC. It's used by controller to establish CASE sessions with devices */
99 : Crypto::P256Keypair * operationalKeypair = nullptr;
100 :
101 : /**
102 : * Controls whether or not the operationalKeypair should be owned by the caller.
103 : * By default, this is false, but if the keypair cannot be serialized, then
104 : * setting this to true will allow the caller to manage this keypair's lifecycle.
105 : */
106 : bool hasExternallyOwnedOperationalKeypair = false;
107 :
108 : /* The following certificates must be in x509 DER format */
109 : ByteSpan controllerNOC;
110 : ByteSpan controllerICAC;
111 : ByteSpan controllerRCAC;
112 :
113 : /**
114 : * Controls whether we permit multiple DeviceController instances to exist
115 : * on the same logical fabric (identified by the tuple of the fabric's
116 : * root public key + fabric id).
117 : *
118 : * Each controller instance will be associated with its own FabricIndex.
119 : * This pivots the FabricTable to tracking identities instead of fabrics,
120 : * represented by FabricInfo instances that can have colliding logical fabrics.
121 : *
122 : */
123 : bool permitMultiControllerFabrics = false;
124 :
125 : //
126 : // Controls enabling server cluster interactions on a controller. This in turn
127 : // causes the following to get enabled:
128 : //
129 : // - Advertisement of active controller operational identities.
130 : //
131 : bool enableServerInteractions = false;
132 :
133 : /**
134 : * Controls whether shutdown of the controller removes the corresponding
135 : * entry from the fabric table. For now the removal is just from the
136 : * in-memory table, not from storage, which means that after controller
137 : * shutdown the storage and the in-memory fabric table will be out of sync.
138 : * This is acceptable for implementations that don't actually store any of
139 : * the fabric table information, but if someone wants a true removal at some
140 : * point another option will need to be added here.
141 : */
142 : bool removeFromFabricTableOnShutdown = true;
143 :
144 : chip::VendorId controllerVendorId;
145 : };
146 :
147 : struct CommissionerInitParams : public ControllerInitParams
148 : {
149 : DevicePairingDelegate * pairingDelegate = nullptr;
150 : CommissioningDelegate * defaultCommissioner = nullptr;
151 : // Device attestation verifier instance for the commissioning.
152 : // If null, the globally set attestation verifier (e.g. from GetDeviceAttestationVerifier()
153 : // singleton) will be used.
154 : Credentials::DeviceAttestationVerifier * deviceAttestationVerifier = nullptr;
155 : };
156 :
157 : /**
158 : * @brief
159 : * Controller applications can use this class to communicate with already paired CHIP devices. The
160 : * application is required to provide access to the persistent storage, where the paired device information
161 : * is stored. This object of this class can be initialized with the data from the storage (List of devices,
162 : * and device pairing information for individual devices). Alternatively, this class can retrieve the
163 : * relevant information when the application tries to communicate with the device
164 : */
165 : class DLL_EXPORT DeviceController : public AbstractDnssdDiscoveryController
166 : {
167 : public:
168 : DeviceController();
169 0 : ~DeviceController() override {}
170 :
171 : CHIP_ERROR Init(ControllerInitParams params);
172 :
173 : /**
174 : * @brief
175 : * Tears down the entirety of the stack, including destructing key objects in the system.
176 : * This expects to be called with external thread synchronization, and will not internally
177 : * grab the CHIP stack lock.
178 : *
179 : * This will also not stop the CHIP event queue / thread (if one exists). Consumers are expected to
180 : * ensure this happened before calling this method.
181 : */
182 : virtual void Shutdown();
183 :
184 : SessionManager * SessionMgr()
185 : {
186 : if (mSystemState)
187 : {
188 : return mSystemState->SessionMgr();
189 : }
190 :
191 : return nullptr;
192 : }
193 :
194 : Messaging::ExchangeManager * ExchangeMgr()
195 : {
196 : if (mSystemState != nullptr)
197 : {
198 : return mSystemState->ExchangeMgr();
199 : }
200 :
201 : return nullptr;
202 : }
203 :
204 : CHIP_ERROR GetPeerAddressAndPort(NodeId peerId, Inet::IPAddress & addr, uint16_t & port);
205 :
206 : /**
207 : * @brief
208 : * Looks up the PeerAddress for an established CASE session.
209 : *
210 : * @param[in] nodeId the NodeId of the target.
211 : * @param[out] addr the PeerAddress to be filled on success
212 : *
213 : * @return CHIP_ERROR CHIP_ERROR_NOT_CONNECTED if no CASE session exists for the device
214 : */
215 : CHIP_ERROR GetPeerAddress(NodeId nodeId, Transport::PeerAddress & addr);
216 :
217 0 : ScopedNodeId GetPeerScopedId(NodeId nodeId) { return ScopedNodeId(nodeId, GetFabricIndex()); }
218 :
219 : /**
220 : * This function finds the device corresponding to deviceId, and establishes
221 : * a CASE session with it.
222 : *
223 : * Once the CASE session is successfully established the `onConnection`
224 : * callback is called. This can happen before GetConnectedDevice returns if
225 : * there is an existing CASE session.
226 : *
227 : * If a CASE sessions fails to be established, the `onFailure` callback will
228 : * be called. This can also happen before GetConnectedDevice returns.
229 : *
230 : * An error return from this function means that neither callback has been
231 : * called yet, and neither callback will be called in the future.
232 : */
233 0 : CHIP_ERROR GetConnectedDevice(NodeId peerNodeId, Callback::Callback<OnDeviceConnected> * onConnection,
234 : chip::Callback::Callback<OnDeviceConnectionFailure> * onFailure)
235 : {
236 0 : VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
237 0 : mSystemState->CASESessionMgr()->FindOrEstablishSession(ScopedNodeId(peerNodeId, GetFabricIndex()), onConnection, onFailure);
238 0 : return CHIP_NO_ERROR;
239 : }
240 :
241 : /**
242 : * This function finds the device corresponding to deviceId, and establishes
243 : * a CASE session with it.
244 : *
245 : * Once the CASE session is successfully established the `onConnection`
246 : * callback is called. This can happen before GetConnectedDevice returns if
247 : * there is an existing CASE session.
248 : *
249 : * If a CASE sessions fails to be established, the `onSetupFailure` callback will
250 : * be called. This can also happen before GetConnectedDevice returns.
251 : *
252 : * An error return from this function means that neither callback has been
253 : * called yet, and neither callback will be called in the future.
254 : */
255 : CHIP_ERROR
256 : GetConnectedDevice(NodeId peerNodeId, Callback::Callback<OnDeviceConnected> * onConnection,
257 : chip::Callback::Callback<OperationalSessionSetup::OnSetupFailure> * onSetupFailure)
258 : {
259 : VerifyOrReturnError(mState == State::Initialized, CHIP_ERROR_INCORRECT_STATE);
260 : mSystemState->CASESessionMgr()->FindOrEstablishSession(ScopedNodeId(peerNodeId, GetFabricIndex()), onConnection,
261 : onSetupFailure);
262 : return CHIP_NO_ERROR;
263 : }
264 :
265 : /**
266 : * @brief
267 : * Compute a PASE verifier and passcode ID for the desired setup pincode.
268 : *
269 : * This can be used to open a commissioning window on the device for
270 : * additional administrator commissioning.
271 : *
272 : * @param[in] iterations The number of iterations to use when generating the verifier
273 : * @param[in] setupPincode The desired PIN code to use
274 : * @param[in] salt The 16-byte salt for verifier computation
275 : * @param[out] outVerifier The Spake2pVerifier to be populated on success
276 : *
277 : * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error
278 : */
279 : CHIP_ERROR ComputePASEVerifier(uint32_t iterations, uint32_t setupPincode, const ByteSpan & salt,
280 : Spake2pVerifier & outVerifier);
281 :
282 0 : void RegisterDeviceDiscoveryDelegate(DeviceDiscoveryDelegate * delegate) { mDeviceDiscoveryDelegate = delegate; }
283 :
284 : /**
285 : * @brief Get the Compressed Fabric ID assigned to the device.
286 : */
287 0 : uint64_t GetCompressedFabricId() const
288 : {
289 0 : const auto * fabricInfo = GetFabricInfo();
290 0 : return (fabricInfo != nullptr) ? static_cast<uint64_t>(fabricInfo->GetCompressedFabricId()) : kUndefinedCompressedFabricId;
291 : }
292 :
293 : /**
294 : * @brief Get the Compressed Fabric Id as a big-endian 64 bit octet string.
295 : *
296 : * Output span is resized to 8 bytes on success if it was larger.
297 : *
298 : * @param outBytes span to contain the compressed fabric ID, must be at least 8 bytes long
299 : * @return CHIP_ERROR_BUFFER_TOO_SMALL if `outBytes` is too small, CHIP_ERROR_INVALID_FABRIC_INDEX
300 : * if the controller is somehow not associated with a fabric (internal error!) or
301 : * CHIP_NO_ERROR on success.
302 : */
303 : CHIP_ERROR GetCompressedFabricIdBytes(MutableByteSpan & outBytes) const;
304 :
305 : /**
306 : * @brief Get the raw Fabric ID assigned to the device.
307 : */
308 0 : uint64_t GetFabricId() const
309 : {
310 0 : const auto * fabricInfo = GetFabricInfo();
311 0 : return (fabricInfo != nullptr) ? static_cast<uint64_t>(fabricInfo->GetFabricId()) : kUndefinedFabricId;
312 : }
313 :
314 : /**
315 : * @brief Get the Node ID of this instance.
316 : */
317 0 : NodeId GetNodeId() const
318 : {
319 0 : const auto * fabricInfo = GetFabricInfo();
320 0 : return (fabricInfo != nullptr) ? static_cast<uint64_t>(fabricInfo->GetNodeId()) : kUndefinedNodeId;
321 : }
322 :
323 : /**
324 : * @brief Get the root public key for the fabric
325 : *
326 : * @param outRootPublicKey reference to public key object that gets updated on success.
327 : *
328 : * @return CHIP_NO_ERROR on success, CHIP_ERROR_INCORRECT_STATE if fabric table is unset, or another internal error
329 : * on storage access failure.
330 : */
331 : CHIP_ERROR GetRootPublicKey(Crypto::P256PublicKey & outRootPublicKey) const;
332 :
333 0 : FabricIndex GetFabricIndex() const { return mFabricIndex; }
334 :
335 0 : const FabricTable * GetFabricTable() const
336 : {
337 0 : if (mSystemState == nullptr)
338 : {
339 0 : return nullptr;
340 : }
341 0 : return mSystemState->Fabrics();
342 : }
343 :
344 : OperationalCredentialsDelegate * GetOperationalCredentialsDelegate() { return mOperationalCredentialsDelegate; }
345 :
346 : /**
347 : * @brief
348 : * Reconfigures a new set of operational credentials to be used with this
349 : * controller given ControllerInitParams state.
350 : *
351 : * WARNING: This is a low-level method that should only be called directly
352 : * if you know exactly how this will interact with controller state,
353 : * since there are several integrations that do this call for you.
354 : * It can be used for fine-grained dependency injection of a controller's
355 : * NOC and operational keypair.
356 : */
357 : CHIP_ERROR InitControllerNOCChain(const ControllerInitParams & params);
358 :
359 : protected:
360 : enum class State
361 : {
362 : NotInitialized,
363 : Initialized
364 : };
365 :
366 : // This is not public to avoid users of DeviceController relying on "innards" access to
367 : // the raw fabric table. Everything needed should be available with getters on DeviceController.
368 0 : const FabricInfo * GetFabricInfo() const
369 : {
370 0 : VerifyOrReturnError((mState == State::Initialized) && (mFabricIndex != kUndefinedFabricIndex), nullptr);
371 0 : VerifyOrReturnError(GetFabricTable() != nullptr, nullptr);
372 :
373 0 : return GetFabricTable()->FindFabricWithIndex(mFabricIndex);
374 : }
375 :
376 : State mState;
377 :
378 : FabricIndex mFabricIndex = kUndefinedFabricIndex;
379 :
380 : bool mRemoveFromFabricTableOnShutdown = true;
381 :
382 : // TODO(cecille): Make this configuarable.
383 : static constexpr int kMaxCommissionableNodes = 10;
384 : Dnssd::DiscoveredNodeData mCommissionableNodes[kMaxCommissionableNodes];
385 : DeviceControllerSystemState * mSystemState = nullptr;
386 :
387 : ControllerDeviceInitParams GetControllerDeviceInitParams();
388 :
389 : OperationalCredentialsDelegate * mOperationalCredentialsDelegate;
390 :
391 : chip::VendorId mVendorId;
392 :
393 0 : DiscoveredNodeList GetDiscoveredNodes() override { return DiscoveredNodeList(mCommissionableNodes); }
394 : };
395 :
396 : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
397 : using UdcTransportMgr = TransportMgr<Transport::UDP /* IPv6 */
398 : #if INET_CONFIG_ENABLE_IPV4
399 : ,
400 : Transport::UDP /* IPv4 */
401 : #endif
402 : >;
403 : #endif
404 :
405 : /**
406 : * @brief Callback prototype for ExtendArmFailSafe command.
407 : */
408 : typedef void (*OnExtendFailsafeSuccess)(
409 : void * context, const app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data);
410 : typedef void (*OnExtendFailsafeFailure)(void * context, CHIP_ERROR error);
411 :
412 : /**
413 : * @brief
414 : * The commissioner applications can use this class to pair new/unpaired CHIP devices. The application is
415 : * required to provide write access to the persistent storage, where the paired device information
416 : * will be stored.
417 : */
418 : class DLL_EXPORT DeviceCommissioner : public DeviceController,
419 : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
420 : public Protocols::UserDirectedCommissioning::InstanceNameResolver,
421 : #endif
422 : #if CHIP_CONFIG_ENABLE_READ_CLIENT
423 : public app::ClusterStateCache::Callback,
424 : #endif
425 : public SessionEstablishmentDelegate
426 : {
427 : public:
428 : DeviceCommissioner();
429 0 : ~DeviceCommissioner() override {}
430 :
431 : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
432 : /**
433 : * Set port for User Directed Commissioning
434 : */
435 : CHIP_ERROR SetUdcListenPort(uint16_t listenPort);
436 : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
437 :
438 : /**
439 : * Commissioner-specific initialization, includes parameters such as the pairing delegate.
440 : */
441 : CHIP_ERROR Init(CommissionerInitParams params);
442 :
443 : /**
444 : * @brief
445 : * Tears down the entirety of the stack, including destructing key objects in the system.
446 : * This is not a thread-safe API, and should be called with external synchronization.
447 : *
448 : * Please see implementation for more details.
449 : */
450 : void Shutdown() override;
451 :
452 : // ----- Connection Management -----
453 : /**
454 : * @brief
455 : * Pair a CHIP device with the provided code. The code can be either a QRCode
456 : * or a Manual Setup Code.
457 : * Use registered DevicePairingDelegate object to receive notifications on
458 : * pairing status updates.
459 : *
460 : * Note: Pairing process requires that the caller has registered PersistentStorageDelegate
461 : * in the Init() call.
462 : *
463 : * @param[in] remoteDeviceId The remote device Id.
464 : * @param[in] setUpCode The setup code for connecting to the device
465 : * @param[in] discoveryType The network discovery type, defaults to DiscoveryType::kAll.
466 : * @param[in] resolutionData Optional resolution data previously discovered on the network for the target device.
467 : */
468 : CHIP_ERROR PairDevice(NodeId remoteDeviceId, const char * setUpCode, DiscoveryType discoveryType = DiscoveryType::kAll,
469 : Optional<Dnssd::CommonResolutionData> resolutionData = NullOptional);
470 : CHIP_ERROR PairDevice(NodeId remoteDeviceId, const char * setUpCode, const CommissioningParameters & CommissioningParameters,
471 : DiscoveryType discoveryType = DiscoveryType::kAll,
472 : Optional<Dnssd::CommonResolutionData> resolutionData = NullOptional);
473 :
474 : /**
475 : * @brief
476 : * Pair a CHIP device with the provided Rendezvous connection parameters.
477 : * Use registered DevicePairingDelegate object to receive notifications on
478 : * pairing status updates.
479 : *
480 : * Note: Pairing process requires that the caller has registered PersistentStorageDelegate
481 : * in the Init() call.
482 : *
483 : * @param[in] remoteDeviceId The remote device Id.
484 : * @param[in] rendezvousParams The Rendezvous connection parameters
485 : */
486 : CHIP_ERROR PairDevice(NodeId remoteDeviceId, RendezvousParameters & rendezvousParams);
487 :
488 : /**
489 : * @overload
490 : * @param[in] remoteDeviceId The remote device Id.
491 : * @param[in] rendezvousParams The Rendezvous connection parameters
492 : * @param[in] commissioningParams The commissioning parameters (uses default if not supplied)
493 : */
494 : CHIP_ERROR PairDevice(NodeId remoteDeviceId, RendezvousParameters & rendezvousParams,
495 : CommissioningParameters & commissioningParams);
496 :
497 : /**
498 : * @brief
499 : * Start establishing a PASE connection with a node for the purposes of commissioning.
500 : * Commissioners that wish to use the auto-commissioning functions should use the
501 : * supplied "PairDevice" functions above to automatically establish a connection then
502 : * perform commissioning. This function is intended to be use by commissioners that
503 : * are not using the supplied auto-commissioner.
504 : *
505 : * This function is non-blocking. PASE is established once the DevicePairingDelegate
506 : * receives the OnPairingComplete call.
507 : *
508 : * PASE connections can only be established with nodes that have their commissioning
509 : * window open. The PASE connection will fail if this window is not open and the
510 : * OnPairingComplete will be called with an error.
511 : *
512 : * @param[in] remoteDeviceId The remote device Id.
513 : * @param[in] params The Rendezvous connection parameters
514 : */
515 : CHIP_ERROR EstablishPASEConnection(NodeId remoteDeviceId, RendezvousParameters & params);
516 :
517 : /**
518 : * @brief
519 : * Start establishing a PASE connection with a node for the purposes of commissioning.
520 : * Commissioners that wish to use the auto-commissioning functions should use the
521 : * supplied "PairDevice" functions above to automatically establish a connection then
522 : * perform commissioning. This function is intended to be used by commissioners that
523 : * are not using the supplied auto-commissioner.
524 : *
525 : * This function is non-blocking. PASE is established once the DevicePairingDelegate
526 : * receives the OnPairingComplete call.
527 : *
528 : * PASE connections can only be established with nodes that have their commissioning
529 : * window open. The PASE connection will fail if this window is not open and in that case
530 : * OnPairingComplete will be called with an error.
531 : *
532 : * @param[in] remoteDeviceId The remote device Id.
533 : * @param[in] setUpCode The setup code for connecting to the device
534 : * @param[in] discoveryType The network discovery type, defaults to DiscoveryType::kAll.
535 : * @param[in] resolutionData Optional resolution data previously discovered on the network for the target device.
536 : */
537 : CHIP_ERROR EstablishPASEConnection(NodeId remoteDeviceId, const char * setUpCode,
538 : DiscoveryType discoveryType = DiscoveryType::kAll,
539 : Optional<Dnssd::CommonResolutionData> resolutionData = NullOptional);
540 :
541 : /**
542 : * @brief
543 : * Start the auto-commissioning process on a node after establishing a PASE connection.
544 : * This function is intended to be used in conjunction with the EstablishPASEConnection
545 : * function. It can be called either before or after the DevicePairingDelegate receives
546 : * the OnPairingComplete call. Commissioners that want to perform simple auto-commissioning
547 : * should use the supplied "PairDevice" functions above, which will establish the PASE
548 : * connection and commission automatically.
549 : *
550 : * @param[in] remoteDeviceId The remote device Id.
551 : * @param[in] params The commissioning parameters
552 : */
553 : CHIP_ERROR Commission(NodeId remoteDeviceId, CommissioningParameters & params);
554 : CHIP_ERROR Commission(NodeId remoteDeviceId);
555 :
556 : /**
557 : * @brief
558 : * This function instructs the commissioner to proceed to the next stage of commissioning after
559 : * attestation is reported to an installed attestation delegate.
560 : *
561 : * @param[in] device The device being commissioned.
562 : * @param[in] attestationResult The attestation result to use instead of whatever the device
563 : * attestation verifier came up with. May be a success or an error result.
564 : */
565 : CHIP_ERROR
566 : ContinueCommissioningAfterDeviceAttestation(DeviceProxy * device, Credentials::AttestationVerificationResult attestationResult);
567 :
568 : CHIP_ERROR GetDeviceBeingCommissioned(NodeId deviceId, CommissioneeDeviceProxy ** device);
569 :
570 : /**
571 : * @brief
572 : * This function stops a pairing process that's in progress. It does not delete the pairing of a previously
573 : * paired device.
574 : *
575 : * @param[in] remoteDeviceId The remote device Id.
576 : *
577 : * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error
578 : */
579 : CHIP_ERROR StopPairing(NodeId remoteDeviceId);
580 :
581 : /**
582 : * @brief
583 : * Remove pairing for a paired device. If the device is currently being paired, it'll stop the pairing process.
584 : *
585 : * @param[in] remoteDeviceId The remote device Id.
586 : *
587 : * @return CHIP_ERROR CHIP_NO_ERROR on success, or corresponding error
588 : */
589 : CHIP_ERROR UnpairDevice(NodeId remoteDeviceId);
590 :
591 : //////////// SessionEstablishmentDelegate Implementation ///////////////
592 : void OnSessionEstablishmentError(CHIP_ERROR error) override;
593 : void OnSessionEstablished(const SessionHandle & session) override;
594 :
595 : void RendezvousCleanup(CHIP_ERROR status);
596 :
597 : void PerformCommissioningStep(DeviceProxy * device, CommissioningStage step, CommissioningParameters & params,
598 : CommissioningDelegate * delegate, EndpointId endpoint, Optional<System::Clock::Timeout> timeout);
599 :
600 : /**
601 : * @brief
602 : * This function validates the Attestation Information sent by the device.
603 : *
604 : * @param[in] info Structure contatining all the required information for validating the device attestation.
605 : */
606 : CHIP_ERROR ValidateAttestationInfo(const Credentials::DeviceAttestationVerifier::AttestationInfo & info);
607 :
608 : /**
609 : * @brief
610 : * Sends CommissioningStepComplete report to the commissioning delegate. Function will fill in current step.
611 : * @params[in] err error from the current step
612 : * @params[in] report report to send. Current step will be filled in automatically
613 : */
614 : void
615 : CommissioningStageComplete(CHIP_ERROR err,
616 : CommissioningDelegate::CommissioningReport report = CommissioningDelegate::CommissioningReport());
617 :
618 : /**
619 : * @brief
620 : * This function is called by the DevicePairingDelegate to indicate that network credentials have been set
621 : * on the CommissioningParameters of the CommissioningDelegate using CommissioningDelegate.SetCommissioningParameters().
622 : * As a result, commissioning can advance to the next stage.
623 : *
624 : * The DevicePairingDelegate may call this method from the OnScanNetworksSuccess and OnScanNetworksFailure callbacks,
625 : * or it may call this method after obtaining network credentials using asyncronous methods (prompting user, cloud API call,
626 : * etc).
627 : *
628 : * If an error happens in the subsequent network commissioning step (either NetworkConfig or ConnectNetwork commands)
629 : * then the DevicePairingDelegate will receive the error in completionStatus.networkCommissioningStatus and the
630 : * commissioning stage will return to kNeedsNetworkCreds so that the DevicePairingDelegate can re-attempt with new
631 : * network information. The DevicePairingDelegate can exit the commissioning process by calling StopPairing.
632 : *
633 : * @return CHIP_ERROR The return status. Returns CHIP_ERROR_INCORRECT_STATE if not in the correct state (kNeedsNetworkCreds).
634 : */
635 : CHIP_ERROR NetworkCredentialsReady();
636 :
637 : /**
638 : * @brief
639 : * This function is called by the DevicePairingDelegate to indicate that ICD registration info (ICDSymmetricKey,
640 : * ICDCheckInNodeId and ICDMonitoredSubject) have been set on the CommissioningParameters of the CommissioningDelegate
641 : * using CommissioningDelegate.SetCommissioningParameters(). As a result, commissioning can advance to the next stage.
642 : *
643 : * The DevicePairingDelegate may call this method from the OnICDRegistrationInfoRequired callback, or it may call this
644 : * method after obtaining required parameters for ICD registration using asyncronous methods (like RPC call etc).
645 : *
646 : * When the ICD Registration completes, OnICDRegistrationComplete will be called.
647 : *
648 : * @return CHIP_ERROR The return status. Returns CHIP_ERROR_INCORRECT_STATE if not in the correct state
649 : * (kICDGetRegistrationInfo).
650 : */
651 : CHIP_ERROR ICDRegistrationInfoReady();
652 :
653 : /**
654 : * @brief
655 : * This function returns the current CommissioningStage for this commissioner.
656 : */
657 : CommissioningStage GetCommissioningStage() { return mCommissioningStage; }
658 :
659 : #if CONFIG_NETWORK_LAYER_BLE
660 : #if CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
661 : /**
662 : * @brief
663 : * Prior to commissioning, the Controller should make sure the BleLayer transport
664 : * is set to the Commissioner transport and not the Server transport.
665 : */
666 : void ConnectBleTransportToSelf();
667 : #endif // CHIP_DEVICE_CONFIG_ENABLE_BOTH_COMMISSIONER_AND_COMMISSIONEE
668 :
669 : /**
670 : * @brief
671 : * Once we have finished all commissioning work, the Controller should close the BLE
672 : * connection to the device and establish CASE session / another PASE session to the device
673 : * if needed.
674 : */
675 : void CloseBleConnection();
676 : #endif
677 : /**
678 : * @brief
679 : * Discover all devices advertising as commissionable.
680 : * Should be called on main loop thread.
681 : * * @param[in] filter Browse filter - controller will look for only the specified subtype.
682 : * @return CHIP_ERROR The return status
683 : */
684 : CHIP_ERROR DiscoverCommissionableNodes(Dnssd::DiscoveryFilter filter);
685 :
686 : /**
687 : * Stop commissionable discovery triggered by a previous
688 : * DiscoverCommissionableNodes call.
689 : */
690 : CHIP_ERROR StopCommissionableDiscovery();
691 :
692 : /**
693 : * @brief
694 : * Returns information about discovered devices.
695 : * Should be called on main loop thread.
696 : * @return const DiscoveredNodeData* info about the selected device. May be nullptr if no information has been returned yet.
697 : */
698 : const Dnssd::DiscoveredNodeData * GetDiscoveredDevice(int idx);
699 :
700 : /**
701 : * @brief
702 : * Returns the max number of commissionable nodes this commissioner can track mdns information for.
703 : * @return int The max number of commissionable nodes supported
704 : */
705 : int GetMaxCommissionableNodesSupported() { return kMaxCommissionableNodes; }
706 :
707 : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
708 : /**
709 : * @brief
710 : * Called when a UDC message is received specifying the given instanceName
711 : * This method indicates that UDC Server needs the Commissionable Node corresponding to
712 : * the given instance name to be found. UDC Server will wait for OnCommissionableNodeFound.
713 : *
714 : * @param instanceName DNS-SD instance name for the client requesting commissioning
715 : *
716 : */
717 : void FindCommissionableNode(char * instanceName) override;
718 :
719 : /**
720 : * @brief
721 : * Return the UDC Server instance
722 : *
723 : */
724 : UserDirectedCommissioningServer * GetUserDirectedCommissioningServer() { return mUdcServer; }
725 : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
726 :
727 : /**
728 : * @brief
729 : * Overrides method from AbstractDnssdDiscoveryController
730 : *
731 : * @param nodeData DNS-SD node information
732 : *
733 : */
734 : void OnNodeDiscovered(const chip::Dnssd::DiscoveredNodeData & nodeData) override;
735 :
736 0 : void RegisterPairingDelegate(DevicePairingDelegate * pairingDelegate) { mPairingDelegate = pairingDelegate; }
737 0 : DevicePairingDelegate * GetPairingDelegate() const { return mPairingDelegate; }
738 :
739 : #if CHIP_CONFIG_ENABLE_READ_CLIENT
740 : // ClusterStateCache::Callback impl
741 : void OnDone(app::ReadClient *) override;
742 : #endif // CHIP_CONFIG_ENABLE_READ_CLIENT
743 :
744 : // Issue an NOC chain using the associated OperationalCredentialsDelegate. The NOC chain will
745 : // be provided in X509 DER format.
746 : // NOTE: This is only valid assuming that `mOperationalCredentialsDelegate` is what is desired
747 : // to issue the NOC chain.
748 : CHIP_ERROR IssueNOCChain(const ByteSpan & NOCSRElements, NodeId nodeId,
749 : chip::Callback::Callback<OnNOCChainGeneration> * callback);
750 :
751 : void SetDeviceAttestationVerifier(Credentials::DeviceAttestationVerifier * deviceAttestationVerifier)
752 : {
753 : mDeviceAttestationVerifier = deviceAttestationVerifier;
754 : }
755 :
756 : Credentials::DeviceAttestationVerifier * GetDeviceAttestationVerifier() const { return mDeviceAttestationVerifier; }
757 :
758 : Optional<CommissioningParameters> GetCommissioningParameters()
759 : {
760 : return mDefaultCommissioner == nullptr ? NullOptional : MakeOptional(mDefaultCommissioner->GetCommissioningParameters());
761 : }
762 :
763 : // Reset the arm failsafe timer during commissioning. If this returns
764 : // false, that means that the timer was already set for a longer time period
765 : // than the new time we are trying to set. In this case, neither
766 : // onSuccess nor onFailure will be called.
767 : bool ExtendArmFailSafe(DeviceProxy * proxy, CommissioningStage step, uint16_t armFailSafeTimeout,
768 : Optional<System::Clock::Timeout> commandTimeout, OnExtendFailsafeSuccess onSuccess,
769 : OnExtendFailsafeFailure onFailure);
770 :
771 : private:
772 : DevicePairingDelegate * mPairingDelegate;
773 :
774 : DeviceProxy * mDeviceBeingCommissioned = nullptr;
775 : CommissioneeDeviceProxy * mDeviceInPASEEstablishment = nullptr;
776 :
777 : CommissioningStage mCommissioningStage = CommissioningStage::kSecurePairing;
778 : bool mRunCommissioningAfterConnection = false;
779 :
780 : ObjectPool<CommissioneeDeviceProxy, kNumMaxActiveDevices> mCommissioneeDevicePool;
781 :
782 : #if CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY // make this commissioner discoverable
783 : UserDirectedCommissioningServer * mUdcServer = nullptr;
784 : // mUdcTransportMgr is for insecure communication (ex. user directed commissioning)
785 : UdcTransportMgr * mUdcTransportMgr = nullptr;
786 : uint16_t mUdcListenPort = CHIP_UDC_PORT;
787 : #endif // CHIP_DEVICE_CONFIG_ENABLE_COMMISSIONER_DISCOVERY
788 :
789 : #if CONFIG_NETWORK_LAYER_BLE
790 : static void OnDiscoveredDeviceOverBleSuccess(void * appState, BLE_CONNECTION_OBJECT connObj);
791 : static void OnDiscoveredDeviceOverBleError(void * appState, CHIP_ERROR err);
792 : RendezvousParameters mRendezvousParametersForDeviceDiscoveredOverBle;
793 : #endif
794 :
795 : CHIP_ERROR LoadKeyId(PersistentStorageDelegate * delegate, uint16_t & out);
796 :
797 : /* This function sends a Device Attestation Certificate chain request to the device.
798 : The function does not hold a reference to the device object.
799 : */
800 : CHIP_ERROR SendCertificateChainRequestCommand(DeviceProxy * device, Credentials::CertificateType certificateType,
801 : Optional<System::Clock::Timeout> timeout);
802 : /* This function sends an Attestation request to the device.
803 : The function does not hold a reference to the device object.
804 : */
805 : CHIP_ERROR SendAttestationRequestCommand(DeviceProxy * device, const ByteSpan & attestationNonce,
806 : Optional<System::Clock::Timeout> timeout);
807 : /* This function sends an CSR request to the device.
808 : The function does not hold a reference to the device object.
809 : */
810 : CHIP_ERROR SendOperationalCertificateSigningRequestCommand(DeviceProxy * device, const ByteSpan & csrNonce,
811 : Optional<System::Clock::Timeout> timeout);
812 : /* This function sends the operational credentials to the device.
813 : The function does not hold a reference to the device object.
814 : */
815 : CHIP_ERROR SendOperationalCertificate(DeviceProxy * device, const ByteSpan & nocCertBuf, const Optional<ByteSpan> & icaCertBuf,
816 : IdentityProtectionKeySpan ipk, NodeId adminSubject,
817 : Optional<System::Clock::Timeout> timeout);
818 : /* This function sends the trusted root certificate to the device.
819 : The function does not hold a reference to the device object.
820 : */
821 : CHIP_ERROR SendTrustedRootCertificate(DeviceProxy * device, const ByteSpan & rcac, Optional<System::Clock::Timeout> timeout);
822 :
823 : /* This function is called by the commissioner code when the device completes
824 : the operational credential provisioning process.
825 : The function does not hold a reference to the device object.
826 : */
827 : CHIP_ERROR OnOperationalCredentialsProvisioningCompletion(DeviceProxy * device);
828 :
829 : /* Callback when the previously sent CSR request results in failure */
830 : static void OnCSRFailureResponse(void * context, CHIP_ERROR error);
831 :
832 : void ExtendArmFailSafeForDeviceAttestation(const Credentials::DeviceAttestationVerifier::AttestationInfo & info,
833 : Credentials::AttestationVerificationResult result);
834 : static void OnCertificateChainFailureResponse(void * context, CHIP_ERROR error);
835 : static void OnCertificateChainResponse(
836 : void * context, const app::Clusters::OperationalCredentials::Commands::CertificateChainResponse::DecodableType & response);
837 :
838 : static void OnAttestationFailureResponse(void * context, CHIP_ERROR error);
839 : static void
840 : OnAttestationResponse(void * context,
841 : const app::Clusters::OperationalCredentials::Commands::AttestationResponse::DecodableType & data);
842 :
843 : /**
844 : * @brief
845 : * This function is called by the IM layer when the commissioner receives the CSR from the device.
846 : * (Reference: Specifications section 11.18.5.6. NOCSR Elements)
847 : *
848 : * @param[in] context The context provided while registering the callback.
849 : * @param[in] data The response struct containing the following fields:
850 : * NOCSRElements: CSR elements as per specifications section 11.22.5.6. NOCSR Elements.
851 : * AttestationSignature: Cryptographic signature generated for the fields in the response
852 : * message.
853 : */
854 : static void OnOperationalCertificateSigningRequest(
855 : void * context, const app::Clusters::OperationalCredentials::Commands::CSRResponse::DecodableType & data);
856 :
857 : /* Callback when adding operational certs to device results in failure */
858 : static void OnAddNOCFailureResponse(void * context, CHIP_ERROR errro);
859 : /* Callback when the device confirms that it has added the operational certificates */
860 : static void
861 : OnOperationalCertificateAddResponse(void * context,
862 : const app::Clusters::OperationalCredentials::Commands::NOCResponse::DecodableType & data);
863 :
864 : /* Callback when the device confirms that it has added the root certificate */
865 : static void OnRootCertSuccessResponse(void * context, const chip::app::DataModel::NullObjectType &);
866 : /* Callback called when adding root cert to device results in failure */
867 : static void OnRootCertFailureResponse(void * context, CHIP_ERROR error);
868 :
869 : static void OnDeviceConnectedFn(void * context, Messaging::ExchangeManager & exchangeMgr, const SessionHandle & sessionHandle);
870 : static void OnDeviceConnectionFailureFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error);
871 : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
872 : static void OnDeviceConnectionRetryFn(void * context, const ScopedNodeId & peerId, CHIP_ERROR error,
873 : System::Clock::Seconds16 retryTimeout);
874 : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
875 :
876 : static void OnDeviceAttestationInformationVerification(void * context,
877 : const Credentials::DeviceAttestationVerifier::AttestationInfo & info,
878 : Credentials::AttestationVerificationResult result);
879 :
880 : static void OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const ByteSpan & noc, const ByteSpan & icac,
881 : const ByteSpan & rcac, Optional<IdentityProtectionKeySpan> ipk,
882 : Optional<NodeId> adminSubject);
883 : static void OnArmFailSafe(void * context,
884 : const chip::app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data);
885 : static void OnSetRegulatoryConfigResponse(
886 : void * context,
887 : const chip::app::Clusters::GeneralCommissioning::Commands::SetRegulatoryConfigResponse::DecodableType & data);
888 : static void OnSetUTCError(void * context, CHIP_ERROR error);
889 : static void
890 : OnSetTimeZoneResponse(void * context,
891 : const chip::app::Clusters::TimeSynchronization::Commands::SetTimeZoneResponse::DecodableType & data);
892 :
893 : static void
894 : OnScanNetworksResponse(void * context,
895 : const app::Clusters::NetworkCommissioning::Commands::ScanNetworksResponse::DecodableType & data);
896 : static void OnScanNetworksFailure(void * context, CHIP_ERROR err);
897 : static void
898 : OnNetworkConfigResponse(void * context,
899 : const app::Clusters::NetworkCommissioning::Commands::NetworkConfigResponse::DecodableType & data);
900 : static void OnConnectNetworkResponse(
901 : void * context, const chip::app::Clusters::NetworkCommissioning::Commands::ConnectNetworkResponse::DecodableType & data);
902 : static void OnCommissioningCompleteResponse(
903 : void * context,
904 : const chip::app::Clusters::GeneralCommissioning::Commands::CommissioningCompleteResponse::DecodableType & data);
905 : static void OnDisarmFailsafe(void * context,
906 : const app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data);
907 : static void OnDisarmFailsafeFailure(void * context, CHIP_ERROR error);
908 : void DisarmDone();
909 : static void OnArmFailSafeExtendedForDeviceAttestation(
910 : void * context, const chip::app::Clusters::GeneralCommissioning::Commands::ArmFailSafeResponse::DecodableType & data);
911 : static void OnFailedToExtendedArmFailSafeDeviceAttestation(void * context, CHIP_ERROR error);
912 :
913 : static void OnICDManagementRegisterClientResponse(
914 : void * context, const app::Clusters::IcdManagement::Commands::RegisterClientResponse::DecodableType & data);
915 :
916 : /**
917 : * @brief
918 : * This function processes the CSR sent by the device.
919 : * (Reference: Specifications section 11.18.5.6. NOCSR Elements)
920 : *
921 : * @param[in] proxy device proxy
922 : * @param[in] NOCSRElements CSR elements as per specifications section 11.22.5.6. NOCSR Elements.
923 : * @param[in] AttestationSignature Cryptographic signature generated for all the above fields.
924 : * @param[in] dac device attestation certificate
925 : * @param[in] pai Product Attestation Intermediate certificate
926 : * @param[in] csrNonce certificate signing request nonce
927 : */
928 : CHIP_ERROR ProcessCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements, const ByteSpan & AttestationSignature,
929 : const ByteSpan & dac, const ByteSpan & pai, const ByteSpan & csrNonce);
930 :
931 : /**
932 : * @brief
933 : * This function validates the CSR information from the device.
934 : * (Reference: Specifications section 11.18.5.6. NOCSR Elements)
935 : *
936 : * @param[in] proxy device proxy
937 : * @param[in] NOCSRElements CSR elements as per specifications section 11.22.5.6. NOCSR Elements.
938 : * @param[in] AttestationSignature Cryptographic signature generated for all the above fields.
939 : * @param[in] dac device attestation certificate
940 : * @param[in] csrNonce certificate signing request nonce
941 : */
942 : CHIP_ERROR ValidateCSR(DeviceProxy * proxy, const ByteSpan & NOCSRElements, const ByteSpan & AttestationSignature,
943 : const ByteSpan & dac, const ByteSpan & csrNonce);
944 :
945 : /**
946 : * @brief
947 : * This function processes the DAC or PAI certificate sent by the device.
948 : */
949 : CHIP_ERROR ProcessCertificateChain(const ByteSpan & certificate);
950 :
951 : void HandleAttestationResult(CHIP_ERROR err);
952 :
953 : CommissioneeDeviceProxy * FindCommissioneeDevice(NodeId id);
954 : CommissioneeDeviceProxy * FindCommissioneeDevice(const Transport::PeerAddress & peerAddress);
955 : void ReleaseCommissioneeDevice(CommissioneeDeviceProxy * device);
956 :
957 : template <typename RequestObjectT>
958 0 : CHIP_ERROR SendCommand(DeviceProxy * device, const RequestObjectT & request,
959 : CommandResponseSuccessCallback<typename RequestObjectT::ResponseType> successCb,
960 : CommandResponseFailureCallback failureCb, Optional<System::Clock::Timeout> timeout)
961 : {
962 0 : return SendCommand(device, request, successCb, failureCb, 0, timeout);
963 : }
964 :
965 : template <typename RequestObjectT>
966 0 : CHIP_ERROR SendCommand(DeviceProxy * device, const RequestObjectT & request,
967 : CommandResponseSuccessCallback<typename RequestObjectT::ResponseType> successCb,
968 : CommandResponseFailureCallback failureCb, EndpointId endpoint, Optional<System::Clock::Timeout> timeout)
969 : {
970 0 : ClusterBase cluster(*device->GetExchangeManager(), device->GetSecureSession().Value(), endpoint);
971 0 : cluster.SetCommandTimeout(timeout);
972 :
973 0 : return cluster.InvokeCommand(request, this, successCb, failureCb);
974 0 : }
975 :
976 : void SendCommissioningReadRequest(DeviceProxy * proxy, Optional<System::Clock::Timeout> timeout,
977 : app::AttributePathParams * readPaths, size_t readPathsSize);
978 : #if CHIP_CONFIG_ENABLE_READ_CLIENT
979 : void ParseCommissioningInfo();
980 : // Parsing attributes read in kReadCommissioningInfo stage.
981 : CHIP_ERROR ParseCommissioningInfo1(ReadCommissioningInfo & info);
982 : // Parsing attributes read in kReadCommissioningInfo2 stage.
983 : CHIP_ERROR ParseCommissioningInfo2(ReadCommissioningInfo & info);
984 : // Called by ParseCommissioningInfo2
985 : CHIP_ERROR ParseFabrics(ReadCommissioningInfo & info);
986 : CHIP_ERROR ParseICDInfo(ReadCommissioningInfo & info);
987 : // Called by ParseCommissioningInfo
988 : void ParseTimeSyncInfo(ReadCommissioningInfo & info);
989 : #endif // CHIP_CONFIG_ENABLE_READ_CLIENT
990 :
991 : static CHIP_ERROR
992 : ConvertFromOperationalCertStatus(chip::app::Clusters::OperationalCredentials::NodeOperationalCertStatusEnum err);
993 :
994 : // Sends commissioning complete callbacks to the delegate depending on the status. Sends
995 : // OnCommissioningComplete and either OnCommissioningSuccess or OnCommissioningFailure depending on the given completion status.
996 : void SendCommissioningCompleteCallbacks(NodeId nodeId, const CompletionStatus & completionStatus);
997 :
998 : // Cleans up and resets failsafe as appropriate depending on the error and the failed stage.
999 : // For success, sends completion report with the CommissioningDelegate and sends callbacks to the PairingDelegate
1000 : // For failures after AddNOC succeeds, sends completion report with the CommissioningDelegate and sends callbacks to the
1001 : // PairingDelegate. In this case, it does not disarm the failsafe or close the pase connection. For failures up through AddNOC,
1002 : // sends a command to immediately expire the failsafe, then sends completion report with the CommissioningDelegate and callbacks
1003 : // to the PairingDelegate upon arm failsafe command completion.
1004 : void CleanupCommissioning(DeviceProxy * proxy, NodeId nodeId, const CompletionStatus & completionStatus);
1005 :
1006 : // Extend the fail-safe before trying to do network-enable (since after that
1007 : // point, for non-concurrent-commissioning devices, we may not have a way to
1008 : // extend it).
1009 : void ExtendFailsafeBeforeNetworkEnable(DeviceProxy * device, CommissioningParameters & params, CommissioningStage step);
1010 :
1011 : chip::Callback::Callback<OnDeviceConnected> mOnDeviceConnectedCallback;
1012 : chip::Callback::Callback<OnDeviceConnectionFailure> mOnDeviceConnectionFailureCallback;
1013 : #if CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
1014 : chip::Callback::Callback<OnDeviceConnectionRetry> mOnDeviceConnectionRetryCallback;
1015 : #endif // CHIP_DEVICE_CONFIG_ENABLE_AUTOMATIC_CASE_RETRIES
1016 :
1017 : chip::Callback::Callback<Credentials::DeviceAttestationVerifier::OnAttestationInformationVerification>
1018 : mDeviceAttestationInformationVerificationCallback;
1019 :
1020 : chip::Callback::Callback<OnNOCChainGeneration> mDeviceNOCChainCallback;
1021 : SetUpCodePairer mSetUpCodePairer;
1022 : AutoCommissioner mAutoCommissioner;
1023 : CommissioningDelegate * mDefaultCommissioner =
1024 : nullptr; // Commissioning delegate to call when PairDevice / Commission functions are used
1025 : CommissioningDelegate * mCommissioningDelegate =
1026 : nullptr; // Commissioning delegate that issued the PerformCommissioningStep command
1027 : CompletionStatus commissioningCompletionStatus;
1028 :
1029 : #if CHIP_CONFIG_ENABLE_READ_CLIENT
1030 : Platform::UniquePtr<app::ClusterStateCache> mAttributeCache;
1031 : Platform::UniquePtr<app::ReadClient> mReadClient;
1032 : #endif
1033 : Credentials::AttestationVerificationResult mAttestationResult;
1034 : Platform::UniquePtr<Credentials::DeviceAttestationVerifier::AttestationDeviceInfo> mAttestationDeviceInfo;
1035 : Credentials::DeviceAttestationVerifier * mDeviceAttestationVerifier = nullptr;
1036 : };
1037 :
1038 : } // namespace Controller
1039 : } // namespace chip
|
