blob: af177bd2a8d5fc6e695a975267e82723b0ce4cca [file] [log] [blame]
* Copyright (c) 2022 Project CHIP Authors
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
* @file
* A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe
* state information while the fail-safe is armed.
#pragma once
#include <lib/core/CHIPError.h>
#include <lib/core/DataModelTypes.h>
#include <platform/internal/CHIPDeviceLayerInternal.h>
#include <system/SystemClock.h>
namespace chip {
namespace app {
class FailSafeContext
// ===== Members for internal use by other Device Layer components.
* @brief
* Only a single fail-safe timer is started on the device, if this function is called again
* when the fail-safe timer is currently armed, the currently-running fail-safe timer will
* first be cancelled, then the fail-safe timer will be re-armed.
CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, System::Clock::Seconds16 expiryLengthSeconds);
* @brief Cleanly disarm failsafe timer, such as on CommissioningComplete
void DisarmFailSafe();
void SetAddNocCommandInvoked(FabricIndex nocFabricIndex)
mAddNocCommandHasBeenInvoked = true;
mFabricIndex = nocFabricIndex;
void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; }
void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; }
void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; }
void SetUpdateTermsAndConditionsHasBeenInvoked() { mUpdateTermsAndConditionsHasBeenInvoked = true; }
* @brief
* Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work
* has completed.
void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked);
bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const
return IsFailSafeArmed() && MatchesFabricIndex(accessingFabricIndex);
// Returns true if the fail-safe is in a state where commands that require an armed
// fail-safe can no longer execute, but a new fail-safe can't be armed yet.
bool IsFailSafeBusy() const { return mFailSafeBusy; }
bool IsFailSafeArmed() const { return mFailSafeArmed; }
// True if it is possible to do an initial arming of the failsafe if needed.
// To be used in places where some action should take place only if the
// fail-safe could be armed after that action.
bool IsFailSafeFullyDisarmed() const { return !IsFailSafeArmed() && !IsFailSafeBusy(); }
bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const
return (accessingFabricIndex == mFabricIndex);
bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; }
bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; }
bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; }
bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; }
bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; }
bool UpdateTermsAndConditionsHasBeenInvoked() { return mUpdateTermsAndConditionsHasBeenInvoked; }
FabricIndex GetFabricIndex() const
return mFabricIndex;
// Immediately disarms the timer and schedules a failsafe timer expiry.
// If the failsafe is not armed, this is a no-op.
void ForceFailSafeTimerExpiry();
bool mFailSafeArmed = false;
bool mFailSafeBusy = false;
bool mAddNocCommandHasBeenInvoked = false;
bool mUpdateNocCommandHasBeenInvoked = false;
bool mAddTrustedRootCertHasBeenInvoked = false;
// The fact of whether a CSR occurred at all is stored elsewhere.
bool mIsCsrRequestForUpdateNoc = false;
FabricIndex mFabricIndex = kUndefinedFabricIndex;
bool mUpdateTermsAndConditionsHasBeenInvoked = false;
* @brief
* The callback function to be called when "fail-safe timer" expires.
static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState);
* @brief
* The callback function to be called when max cumulative time expires.
static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState);
* @brief
* The callback function to be called asynchronously after various cleanup work has completed
* to actually disarm the fail-safe.
static void HandleDisarmFailSafe(intptr_t arg);
void SetFailSafeArmed(bool armed);
* @brief Reset to unarmed basic state
void ResetState()
mAddNocCommandHasBeenInvoked = false;
mUpdateNocCommandHasBeenInvoked = false;
mAddTrustedRootCertHasBeenInvoked = false;
mFailSafeBusy = false;
mIsCsrRequestForUpdateNoc = false;
mUpdateTermsAndConditionsHasBeenInvoked = false;
void FailSafeTimerExpired();
CHIP_ERROR CommitToStorage();
} // namespace app
} // namespace chip