| /** |
| * |
| * Copyright (c) 2020-2023 Project CHIP Authors |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| #import <Matter/MTRDefines.h> |
| #import <Matter/MTRDeviceControllerParameters.h> |
| |
| #import "MTRDeviceController_Internal.h" |
| |
| #import "MTRAsyncWorkQueue.h" |
| #import "MTRAttestationTrustStoreBridge.h" |
| #import "MTRBaseDevice_Internal.h" |
| #import "MTRCommissionableBrowser.h" |
| #import "MTRCommissionableBrowserResult_Internal.h" |
| #import "MTRCommissioningParameters.h" |
| #import "MTRConversion.h" |
| #import "MTRDeviceControllerDelegateBridge.h" |
| #import "MTRDeviceControllerFactory_Internal.h" |
| #import "MTRDeviceControllerLocalTestStorage.h" |
| #import "MTRDeviceControllerStartupParams.h" |
| #import "MTRDeviceControllerStartupParams_Internal.h" |
| #import "MTRDeviceController_XPC.h" |
| #import "MTRDevice_Concrete.h" |
| #import "MTRDevice_Internal.h" |
| #import "MTRError_Internal.h" |
| #import "MTRKeypair.h" |
| #import "MTRLogging_Internal.h" |
| #import "MTRMetricKeys.h" |
| #import "MTRMetricsCollector.h" |
| #import "MTROperationalCredentialsDelegate.h" |
| #import "MTRP256KeypairBridge.h" |
| #import "MTRPersistentStorageDelegateBridge.h" |
| #import "MTRServerEndpoint_Internal.h" |
| #import "MTRSetupPayload.h" |
| #import "MTRTimeUtils.h" |
| #import "MTRUnfairLock.h" |
| #import "NSDataSpanConversion.h" |
| #import "NSStringSpanConversion.h" |
| #import <setup_payload/ManualSetupPayloadGenerator.h> |
| #import <setup_payload/SetupPayload.h> |
| #import <zap-generated/MTRBaseClusters.h> |
| |
| #import "MTRDeviceAttestationDelegateBridge.h" |
| #import "MTRDeviceConnectionBridge.h" |
| |
| #include <platform/CHIPDeviceConfig.h> |
| |
| #include <app-common/zap-generated/cluster-objects.h> |
| #include <app/data-model/List.h> |
| #include <app/server/Dnssd.h> |
| #include <controller/CHIPDeviceController.h> |
| #include <controller/CHIPDeviceControllerFactory.h> |
| #include <controller/CommissioningWindowOpener.h> |
| #include <credentials/FabricTable.h> |
| #include <credentials/GroupDataProvider.h> |
| #include <credentials/attestation_verifier/DacOnlyPartialAttestationVerifier.h> |
| #include <credentials/attestation_verifier/DefaultDeviceAttestationVerifier.h> |
| #include <inet/InetInterface.h> |
| #include <lib/core/CHIPVendorIdentifiers.hpp> |
| #include <platform/LockTracker.h> |
| #include <platform/PlatformManager.h> |
| #include <setup_payload/ManualSetupPayloadGenerator.h> |
| #include <system/SystemClock.h> |
| |
| #include <atomic> |
| #include <dns_sd.h> |
| #include <optional> |
| #include <string> |
| |
| #import <os/lock.h> |
| |
| static NSString * const kErrorCommissionerInit = @"Init failure while initializing a commissioner"; |
| static NSString * const kErrorIPKInit = @"Init failure while initializing IPK"; |
| static NSString * const kErrorSigningKeypairInit = @"Init failure while creating signing keypair bridge"; |
| static NSString * const kErrorOperationalCredentialsInit = @"Init failure while creating operational credentials delegate"; |
| static NSString * const kErrorOperationalKeypairInit = @"Init failure while creating operational keypair bridge"; |
| static NSString * const kErrorPairingInit = @"Init failure while creating a pairing delegate"; |
| static NSString * const kErrorPartialDacVerifierInit = @"Init failure while creating a partial DAC verifier"; |
| static NSString * const kErrorPairDevice = @"Failure while pairing the device"; |
| static NSString * const kErrorStopPairing = @"Failure while trying to stop the pairing process"; |
| static NSString * const kErrorOpenPairingWindow = @"Open Pairing Window failed"; |
| static NSString * const kErrorNotRunning = @"Controller is not running. Call startup first."; |
| static NSString * const kErrorSetupCodeGen = @"Generating Manual Pairing Code failed"; |
| static NSString * const kErrorGenerateNOC = @"Generating operational certificate failed"; |
| static NSString * const kErrorKeyAllocation = @"Generating new operational key failed"; |
| static NSString * const kErrorCSRValidation = @"Extracting public key from CSR failed"; |
| static NSString * const kErrorGetCommissionee = @"Failure obtaining device being commissioned"; |
| static NSString * const kErrorGetAttestationChallenge = @"Failure getting attestation challenge"; |
| static NSString * const kErrorSpake2pVerifierGenerationFailed = @"PASE verifier generation failed"; |
| static NSString * const kErrorSpake2pVerifierSerializationFailed = @"PASE verifier serialization failed"; |
| static NSString * const kErrorCDCertStoreInit = @"Init failure while initializing Certificate Declaration Signing Keys store"; |
| |
| typedef void (^SyncWorkQueueBlock)(void); |
| typedef id (^SyncWorkQueueBlockWithReturnValue)(void); |
| typedef BOOL (^SyncWorkQueueBlockWithBoolReturnValue)(void); |
| |
| using namespace chip::Tracing::DarwinFramework; |
| |
| @implementation MTRDeviceController { |
| chip::Controller::DeviceCommissioner * _cppCommissioner; |
| chip::Credentials::PartialDACVerifier * _partialDACVerifier; |
| chip::Credentials::DefaultDACVerifier * _defaultDACVerifier; |
| MTRDeviceControllerDelegateBridge * _deviceControllerDelegateBridge; |
| MTROperationalCredentialsDelegate * _operationalCredentialsDelegate; |
| MTRDeviceAttestationDelegateBridge * _deviceAttestationDelegateBridge; |
| MTRDeviceControllerFactory * _factory; |
| NSMapTable * _nodeIDToDeviceMap; |
| os_unfair_lock _underlyingDeviceMapLock; |
| MTRCommissionableBrowser * _commissionableBrowser; |
| MTRAttestationTrustStoreBridge * _attestationTrustStoreBridge; |
| |
| // _serverEndpoints is only touched on the Matter queue. |
| NSMutableArray<MTRServerEndpoint *> * _serverEndpoints; |
| |
| MTRDeviceStorageBehaviorConfiguration * _storageBehaviorConfiguration; |
| std::atomic<chip::FabricIndex> _storedFabricIndex; |
| std::atomic<std::optional<uint64_t>> _storedCompressedFabricID; |
| MTRP256KeypairBridge _signingKeypairBridge; |
| MTRP256KeypairBridge _operationalKeypairBridge; |
| } |
| |
| - (os_unfair_lock_t)deviceMapLock |
| { |
| return &_underlyingDeviceMapLock; |
| } |
| |
| - (instancetype)initForSubclasses |
| { |
| if (self = [super init]) { |
| // nothing, as superclass of MTRDeviceController is NSObject |
| } |
| _underlyingDeviceMapLock = OS_UNFAIR_LOCK_INIT; |
| return self; |
| } |
| |
| - (nullable MTRDeviceController *)initWithParameters:(MTRDeviceControllerAbstractParameters *)parameters error:(NSError * __autoreleasing *)error |
| { |
| if ([parameters isKindOfClass:MTRXPCDeviceControllerParameters.class]) { |
| MTRXPCDeviceControllerParameters * resolvedParameters = (MTRXPCDeviceControllerParameters *) parameters; |
| MTR_LOG("Starting up with XPC Device Controller Parameters: %@", parameters); |
| return [[MTRDeviceController_XPC alloc] initWithUniqueIdentifier:resolvedParameters.uniqueIdentifier xpConnectionBlock:resolvedParameters.xpcConnectionBlock]; |
| } else if (![parameters isKindOfClass:MTRDeviceControllerParameters.class]) { |
| MTR_LOG_ERROR("Unsupported type of MTRDeviceControllerAbstractParameters: %@", parameters); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:CHIP_ERROR_INVALID_ARGUMENT]; |
| } |
| return nil; |
| } |
| auto * controllerParameters = static_cast<MTRDeviceControllerParameters *>(parameters); |
| |
| // MTRDeviceControllerFactory will auto-start in per-controller-storage mode if necessary |
| return [MTRDeviceControllerFactory.sharedInstance initializeController:self withParameters:controllerParameters error:error]; |
| } |
| |
| - (instancetype)initWithFactory:(MTRDeviceControllerFactory *)factory |
| queue:(dispatch_queue_t)queue |
| storageDelegate:(id<MTRDeviceControllerStorageDelegate> _Nullable)storageDelegate |
| storageDelegateQueue:(dispatch_queue_t _Nullable)storageDelegateQueue |
| otaProviderDelegate:(id<MTROTAProviderDelegate> _Nullable)otaProviderDelegate |
| otaProviderDelegateQueue:(dispatch_queue_t _Nullable)otaProviderDelegateQueue |
| uniqueIdentifier:(NSUUID *)uniqueIdentifier |
| concurrentSubscriptionPoolSize:(NSUInteger)concurrentSubscriptionPoolSize |
| storageBehaviorConfiguration:(MTRDeviceStorageBehaviorConfiguration *)storageBehaviorConfiguration |
| { |
| if (self = [super init]) { |
| // Make sure our storage is all set up to work as early as possible, |
| // before we start doing anything else with the controller. |
| _uniqueIdentifier = uniqueIdentifier; |
| if (storageDelegate != nil) { |
| if (storageDelegateQueue == nil) { |
| MTR_LOG_ERROR("storageDelegate provided without storageDelegateQueue"); |
| return nil; |
| } |
| |
| id<MTRDeviceControllerStorageDelegate> storageDelegateToUse = storageDelegate; |
| if (MTRDeviceControllerLocalTestStorage.localTestStorageEnabled) { |
| storageDelegateToUse = [[MTRDeviceControllerLocalTestStorage alloc] initWithPassThroughStorage:storageDelegate]; |
| } |
| _controllerDataStore = [[MTRDeviceControllerDataStore alloc] initWithController:self |
| storageDelegate:storageDelegateToUse |
| storageDelegateQueue:storageDelegateQueue]; |
| if (_controllerDataStore == nil) { |
| return nil; |
| } |
| } else { |
| if (MTRDeviceControllerLocalTestStorage.localTestStorageEnabled) { |
| dispatch_queue_t localTestStorageQueue = dispatch_queue_create("org.csa-iot.matter.framework.devicecontroller.localteststorage", DISPATCH_QUEUE_SERIAL_WITH_AUTORELEASE_POOL); |
| MTRDeviceControllerLocalTestStorage * localTestStorage = [[MTRDeviceControllerLocalTestStorage alloc] initWithPassThroughStorage:nil]; |
| _controllerDataStore = [[MTRDeviceControllerDataStore alloc] initWithController:self |
| storageDelegate:localTestStorage |
| storageDelegateQueue:localTestStorageQueue]; |
| if (_controllerDataStore == nil) { |
| return nil; |
| } |
| } |
| } |
| |
| // Ensure the otaProviderDelegate, if any, is valid. |
| if (otaProviderDelegate == nil && otaProviderDelegateQueue != nil) { |
| MTR_LOG_ERROR("Must have otaProviderDelegate when we have otaProviderDelegateQueue"); |
| return nil; |
| } |
| |
| if (otaProviderDelegate != nil && otaProviderDelegateQueue == nil) { |
| MTR_LOG_ERROR("Must have otaProviderDelegateQueue when we have otaProviderDelegate"); |
| return nil; |
| } |
| |
| if (otaProviderDelegate != nil) { |
| if (![otaProviderDelegate respondsToSelector:@selector(handleQueryImageForNodeID:controller:params:completion:)] |
| && ![otaProviderDelegate respondsToSelector:@selector(handleQueryImageForNodeID:controller:params:completionHandler:)]) { |
| MTR_LOG_ERROR("Error: MTROTAProviderDelegate does not support handleQueryImageForNodeID"); |
| return nil; |
| } |
| if (![otaProviderDelegate respondsToSelector:@selector(handleApplyUpdateRequestForNodeID:controller:params:completion:)] |
| && ![otaProviderDelegate respondsToSelector:@selector(handleApplyUpdateRequestForNodeID:controller:params:completionHandler:)]) { |
| MTR_LOG_ERROR("Error: MTROTAProviderDelegate does not support handleApplyUpdateRequestForNodeID"); |
| return nil; |
| } |
| if (![otaProviderDelegate respondsToSelector:@selector(handleNotifyUpdateAppliedForNodeID:controller:params:completion:)] |
| && ![otaProviderDelegate |
| respondsToSelector:@selector(handleNotifyUpdateAppliedForNodeID:controller:params:completionHandler:)]) { |
| MTR_LOG_ERROR("Error: MTROTAProviderDelegate does not support handleNotifyUpdateAppliedForNodeID"); |
| return nil; |
| } |
| if (![otaProviderDelegate respondsToSelector:@selector(handleBDXTransferSessionBeginForNodeID:controller:fileDesignator:offset:completion:)] |
| && ![otaProviderDelegate respondsToSelector:@selector(handleBDXTransferSessionBeginForNodeID:controller:fileDesignator:offset:completionHandler:)]) { |
| MTR_LOG_ERROR("Error: MTROTAProviderDelegate does not support handleBDXTransferSessionBeginForNodeID"); |
| return nil; |
| } |
| if (![otaProviderDelegate respondsToSelector:@selector(handleBDXQueryForNodeID:controller:blockSize:blockIndex:bytesToSkip:completion:)] |
| && ![otaProviderDelegate respondsToSelector:@selector(handleBDXQueryForNodeID:controller:blockSize:blockIndex:bytesToSkip:completionHandler:)]) { |
| MTR_LOG_ERROR("Error: MTROTAProviderDelegate does not support handleBDXQueryForNodeID"); |
| return nil; |
| } |
| } |
| |
| _otaProviderDelegate = otaProviderDelegate; |
| _otaProviderDelegateQueue = otaProviderDelegateQueue; |
| |
| _chipWorkQueue = queue; |
| _factory = factory; |
| _underlyingDeviceMapLock = OS_UNFAIR_LOCK_INIT; |
| _nodeIDToDeviceMap = [NSMapTable strongToWeakObjectsMapTable]; |
| _serverEndpoints = [[NSMutableArray alloc] init]; |
| _commissionableBrowser = nil; |
| |
| _deviceControllerDelegateBridge = new MTRDeviceControllerDelegateBridge(); |
| if ([self checkForInitError:(_deviceControllerDelegateBridge != nullptr) logMsg:kErrorPairingInit]) { |
| return nil; |
| } |
| |
| _partialDACVerifier = new chip::Credentials::PartialDACVerifier(); |
| if ([self checkForInitError:(_partialDACVerifier != nullptr) logMsg:kErrorPartialDacVerifierInit]) { |
| return nil; |
| } |
| |
| _operationalCredentialsDelegate = new MTROperationalCredentialsDelegate(self); |
| if ([self checkForInitError:(_operationalCredentialsDelegate != nullptr) logMsg:kErrorOperationalCredentialsInit]) { |
| return nil; |
| } |
| |
| // Provide a way to test different subscription pool sizes without code change |
| NSUserDefaults * defaults = [NSUserDefaults standardUserDefaults]; |
| if ([defaults objectForKey:kDefaultSubscriptionPoolSizeOverrideKey]) { |
| NSInteger subscriptionPoolSizeOverride = [defaults integerForKey:kDefaultSubscriptionPoolSizeOverrideKey]; |
| if (subscriptionPoolSizeOverride < 1) { |
| concurrentSubscriptionPoolSize = 1; |
| } else { |
| concurrentSubscriptionPoolSize = static_cast<NSUInteger>(subscriptionPoolSizeOverride); |
| } |
| |
| MTR_LOG(" *** Overriding pool size of MTRDeviceController with: %lu", static_cast<unsigned long>(concurrentSubscriptionPoolSize)); |
| } |
| |
| if (!concurrentSubscriptionPoolSize) { |
| concurrentSubscriptionPoolSize = 1; |
| } |
| |
| MTR_LOG("%@ Setting up pool size of MTRDeviceController with: %lu", self, static_cast<unsigned long>(concurrentSubscriptionPoolSize)); |
| |
| _concurrentSubscriptionPool = [[MTRAsyncWorkQueue alloc] initWithContext:self width:concurrentSubscriptionPoolSize]; |
| |
| _storedFabricIndex = chip::kUndefinedFabricIndex; |
| _storedCompressedFabricID = std::nullopt; |
| |
| _storageBehaviorConfiguration = storageBehaviorConfiguration; |
| } |
| return self; |
| } |
| |
| - (NSString *)description |
| { |
| return [NSString stringWithFormat:@"<%@: %p uuid %@>", NSStringFromClass(self.class), self, _uniqueIdentifier]; |
| } |
| |
| - (BOOL)isRunning |
| { |
| return _cppCommissioner != nullptr; |
| } |
| |
| - (void)shutdown |
| { |
| MTR_LOG("%@ shutdown called", self); |
| if (_cppCommissioner == nullptr) { |
| // Already shut down. |
| return; |
| } |
| |
| MTR_LOG("Shutting down %@: %@", NSStringFromClass(self.class), self); |
| [self cleanupAfterStartup]; |
| } |
| |
| // Clean up from a state where startup was called. |
| - (void)cleanupAfterStartup |
| { |
| // Invalidate our MTRDevice instances before we shut down our secure |
| // sessions and whatnot, so they don't start trying to resubscribe when we |
| // do the secure session shutdowns. Since we don't want to hold the lock |
| // while calling out into arbitrary invalidation code, snapshot the list of |
| // devices before we start invalidating. |
| MTR_LOG("%s: %@", __PRETTY_FUNCTION__, self); |
| os_unfair_lock_lock(self.deviceMapLock); |
| NSEnumerator * devices = [_nodeIDToDeviceMap objectEnumerator]; |
| [_nodeIDToDeviceMap removeAllObjects]; |
| os_unfair_lock_unlock(self.deviceMapLock); |
| |
| for (MTRDevice * device in devices) { |
| [device invalidate]; |
| } |
| [self stopBrowseForCommissionables]; |
| |
| [_factory controllerShuttingDown:self]; |
| } |
| |
| // Part of cleanupAfterStartup that has to interact with the Matter work queue |
| // in a very specific way that only MTRDeviceControllerFactory knows about. |
| - (void)shutDownCppController |
| { |
| MTR_LOG("%s: %p", __PRETTY_FUNCTION__, self); |
| assertChipStackLockedByCurrentThread(); |
| |
| // Shut down all our endpoints. |
| for (MTRServerEndpoint * endpoint in [_serverEndpoints copy]) { |
| [self removeServerEndpointOnMatterQueue:endpoint]; |
| } |
| |
| if (_cppCommissioner) { |
| auto * commissionerToShutDown = _cppCommissioner; |
| // Flag ourselves as not running before we start shutting down |
| // _cppCommissioner, so we're not in a state where we claim to be |
| // running but are actually partially shut down. |
| _cppCommissioner = nullptr; |
| commissionerToShutDown->Shutdown(); |
| // Don't clear out our fabric index association until controller |
| // shutdown completes, in case it wants to write to storage as it |
| // shuts down. |
| _storedFabricIndex = chip::kUndefinedFabricIndex; |
| _storedCompressedFabricID = std::nullopt; |
| delete commissionerToShutDown; |
| if (_operationalCredentialsDelegate != nil) { |
| _operationalCredentialsDelegate->SetDeviceCommissioner(nullptr); |
| } |
| } |
| } |
| |
| - (void)deinitFromFactory |
| { |
| [self cleanup]; |
| } |
| |
| // Clean up any members we might have allocated. |
| - (void)cleanup |
| { |
| VerifyOrDie(_cppCommissioner == nullptr); |
| |
| if (_defaultDACVerifier) { |
| delete _defaultDACVerifier; |
| _defaultDACVerifier = nullptr; |
| } |
| |
| if (_attestationTrustStoreBridge) { |
| delete _attestationTrustStoreBridge; |
| _attestationTrustStoreBridge = nullptr; |
| } |
| |
| [self clearDeviceAttestationDelegateBridge]; |
| |
| if (_operationalCredentialsDelegate) { |
| delete _operationalCredentialsDelegate; |
| _operationalCredentialsDelegate = nullptr; |
| } |
| |
| if (_partialDACVerifier) { |
| delete _partialDACVerifier; |
| _partialDACVerifier = nullptr; |
| } |
| |
| if (_deviceControllerDelegateBridge) { |
| delete _deviceControllerDelegateBridge; |
| _deviceControllerDelegateBridge = nullptr; |
| } |
| } |
| |
| - (BOOL)startup:(MTRDeviceControllerStartupParamsInternal *)startupParams |
| { |
| __block BOOL commissionerInitialized = NO; |
| if ([self isRunning]) { |
| MTR_LOG_ERROR("%@ Unexpected duplicate call to startup", self); |
| return NO; |
| } |
| |
| dispatch_sync(_chipWorkQueue, ^{ |
| if ([self isRunning]) { |
| return; |
| } |
| |
| if (startupParams.vendorID == nil || [startupParams.vendorID unsignedShortValue] == chip::VendorId::Common) { |
| // Shouldn't be using the "standard" vendor ID for actual devices. |
| MTR_LOG_ERROR("%@ %@ is not a valid vendorID to initialize a device controller with", self, startupParams.vendorID); |
| return; |
| } |
| |
| if (startupParams.operationalCertificate == nil && startupParams.nodeID == nil) { |
| MTR_LOG_ERROR("%@ Can't start a controller if we don't know what node id it is", self); |
| return; |
| } |
| |
| if ([startupParams keypairsMatchCertificates] == NO) { |
| MTR_LOG_ERROR("%@ Provided keypairs do not match certificates", self); |
| return; |
| } |
| |
| if (startupParams.operationalCertificate != nil && startupParams.operationalKeypair == nil |
| && (!startupParams.fabricIndex.HasValue() |
| || !startupParams.keystore->HasOpKeypairForFabric(startupParams.fabricIndex.Value()))) { |
| MTR_LOG_ERROR("%@ Have no operational keypair for our operational certificate", self); |
| return; |
| } |
| |
| CHIP_ERROR errorCode = CHIP_ERROR_INCORRECT_STATE; |
| |
| // create a MTRP256KeypairBridge here and pass it to the operationalCredentialsDelegate |
| chip::Crypto::P256Keypair * signingKeypair = nullptr; |
| if (startupParams.nocSigner) { |
| errorCode = _signingKeypairBridge.Init(startupParams.nocSigner); |
| if ([self checkForStartError:errorCode logMsg:kErrorSigningKeypairInit]) { |
| return; |
| } |
| signingKeypair = &_signingKeypairBridge; |
| } |
| errorCode = _operationalCredentialsDelegate->Init( |
| signingKeypair, startupParams.ipk, startupParams.rootCertificate, startupParams.intermediateCertificate); |
| if ([self checkForStartError:errorCode logMsg:kErrorOperationalCredentialsInit]) { |
| return; |
| } |
| |
| _cppCommissioner = new chip::Controller::DeviceCommissioner(); |
| |
| // nocBuffer might not be used, but if it is it needs to live |
| // long enough (until after we are done using |
| // commissionerParams). |
| uint8_t nocBuffer[chip::Controller::kMaxCHIPDERCertLength]; |
| |
| chip::Controller::SetupParams commissionerParams; |
| |
| commissionerParams.pairingDelegate = _deviceControllerDelegateBridge; |
| |
| _operationalCredentialsDelegate->SetDeviceCommissioner(_cppCommissioner); |
| |
| commissionerParams.operationalCredentialsDelegate = _operationalCredentialsDelegate; |
| |
| commissionerParams.controllerRCAC = _operationalCredentialsDelegate->RootCertSpan(); |
| commissionerParams.controllerICAC = _operationalCredentialsDelegate->IntermediateCertSpan(); |
| |
| if (startupParams.operationalKeypair != nil) { |
| errorCode = _operationalKeypairBridge.Init(startupParams.operationalKeypair); |
| if ([self checkForStartError:errorCode logMsg:kErrorOperationalKeypairInit]) { |
| return; |
| } |
| commissionerParams.operationalKeypair = &_operationalKeypairBridge; |
| commissionerParams.hasExternallyOwnedOperationalKeypair = true; |
| } |
| |
| if (startupParams.operationalCertificate) { |
| commissionerParams.controllerNOC = AsByteSpan(startupParams.operationalCertificate); |
| } else { |
| chip::MutableByteSpan noc(nocBuffer); |
| |
| chip::CATValues cats = chip::kUndefinedCATs; |
| if (startupParams.caseAuthenticatedTags != nil) { |
| errorCode = SetToCATValues(startupParams.caseAuthenticatedTags, cats); |
| if (errorCode != CHIP_NO_ERROR) { |
| // SetToCATValues already handles logging. |
| return; |
| } |
| } |
| |
| if (commissionerParams.operationalKeypair != nullptr) { |
| errorCode = _operationalCredentialsDelegate->GenerateNOC(startupParams.nodeID.unsignedLongLongValue, |
| startupParams.fabricID.unsignedLongLongValue, cats, commissionerParams.operationalKeypair->Pubkey(), noc); |
| |
| if ([self checkForStartError:errorCode logMsg:kErrorGenerateNOC]) { |
| return; |
| } |
| } else { |
| // Generate a new random keypair. |
| uint8_t csrBuffer[chip::Crypto::kMIN_CSR_Buffer_Size]; |
| chip::MutableByteSpan csr(csrBuffer); |
| errorCode = startupParams.fabricTable->AllocatePendingOperationalKey(startupParams.fabricIndex, csr); |
| if ([self checkForStartError:errorCode logMsg:kErrorKeyAllocation]) { |
| return; |
| } |
| |
| chip::Crypto::P256PublicKey pubKey; |
| errorCode = VerifyCertificateSigningRequest(csr.data(), csr.size(), pubKey); |
| if ([self checkForStartError:errorCode logMsg:kErrorCSRValidation]) { |
| return; |
| } |
| |
| errorCode = _operationalCredentialsDelegate->GenerateNOC( |
| startupParams.nodeID.unsignedLongLongValue, startupParams.fabricID.unsignedLongLongValue, cats, pubKey, noc); |
| |
| if ([self checkForStartError:errorCode logMsg:kErrorGenerateNOC]) { |
| return; |
| } |
| } |
| commissionerParams.controllerNOC = noc; |
| } |
| commissionerParams.controllerVendorId = static_cast<chip::VendorId>([startupParams.vendorID unsignedShortValue]); |
| commissionerParams.enableServerInteractions = startupParams.advertiseOperational; |
| |
| // We never want plain "removal" from the fabric table since this leaves |
| // the in-memory state out of sync with what's in storage. In per-controller |
| // storage mode, have the controller delete itself from the fabric table on shutdown. |
| // In factory storage mode we need to keep fabric information around so we can |
| // start another controller on that existing fabric at a later time. |
| commissionerParams.removeFromFabricTableOnShutdown = false; |
| commissionerParams.deleteFromFabricTableOnShutdown = (startupParams.storageDelegate != nil); |
| |
| commissionerParams.permitMultiControllerFabrics = startupParams.allowMultipleControllersPerFabric; |
| |
| // Set up our attestation verifier. Assume we want to use the default |
| // one, until something tells us otherwise. |
| const chip::Credentials::AttestationTrustStore * trustStore; |
| if (startupParams.productAttestationAuthorityCertificates) { |
| _attestationTrustStoreBridge |
| = new MTRAttestationTrustStoreBridge(startupParams.productAttestationAuthorityCertificates); |
| trustStore = _attestationTrustStoreBridge; |
| } else { |
| // TODO: Replace testingRootStore with a AttestationTrustStore that has the necessary official PAA roots available |
| trustStore = chip::Credentials::GetTestAttestationTrustStore(); |
| } |
| |
| _defaultDACVerifier = new chip::Credentials::DefaultDACVerifier(trustStore); |
| |
| if (startupParams.certificationDeclarationCertificates) { |
| auto cdTrustStore = _defaultDACVerifier->GetCertificationDeclarationTrustStore(); |
| if (cdTrustStore == nullptr) { |
| errorCode = CHIP_ERROR_INCORRECT_STATE; |
| } |
| if ([self checkForStartError:errorCode logMsg:kErrorCDCertStoreInit]) { |
| return; |
| } |
| |
| for (NSData * cdSigningCert in startupParams.certificationDeclarationCertificates) { |
| errorCode = cdTrustStore->AddTrustedKey(AsByteSpan(cdSigningCert)); |
| if ([self checkForStartError:errorCode logMsg:kErrorCDCertStoreInit]) { |
| return; |
| } |
| } |
| } |
| |
| commissionerParams.deviceAttestationVerifier = _defaultDACVerifier; |
| |
| auto & factory = chip::Controller::DeviceControllerFactory::GetInstance(); |
| |
| errorCode = factory.SetupCommissioner(commissionerParams, *_cppCommissioner); |
| if ([self checkForStartError:errorCode logMsg:kErrorCommissionerInit]) { |
| return; |
| } |
| |
| chip::FabricIndex fabricIdx = _cppCommissioner->GetFabricIndex(); |
| |
| uint8_t compressedIdBuffer[sizeof(uint64_t)]; |
| chip::MutableByteSpan compressedId(compressedIdBuffer); |
| errorCode = _cppCommissioner->GetCompressedFabricIdBytes(compressedId); |
| if ([self checkForStartError:errorCode logMsg:kErrorIPKInit]) { |
| return; |
| } |
| |
| errorCode = chip::Credentials::SetSingleIpkEpochKey( |
| _factory.groupDataProvider, fabricIdx, _operationalCredentialsDelegate->GetIPK(), compressedId); |
| if ([self checkForStartError:errorCode logMsg:kErrorIPKInit]) { |
| return; |
| } |
| |
| self->_storedFabricIndex = fabricIdx; |
| self->_storedCompressedFabricID = _cppCommissioner->GetCompressedFabricId(); |
| commissionerInitialized = YES; |
| |
| MTR_LOG("%@ startup succeeded for nodeID 0x%016llX", self, self->_cppCommissioner->GetNodeId()); |
| }); |
| |
| if (commissionerInitialized == NO) { |
| MTR_LOG_ERROR("%@ startup failed", self); |
| [self cleanupAfterStartup]; |
| return NO; |
| } |
| |
| // TODO: Once setNocChainIssuer no longer needs to be supported, |
| // we can just move the internals of |
| // setOperationalCertificateIssuer into the sync-dispatched block |
| // above. |
| if (![self setOperationalCertificateIssuer:startupParams.operationalCertificateIssuer |
| queue:startupParams.operationalCertificateIssuerQueue]) { |
| MTR_LOG_ERROR("%@ operationalCertificateIssuer and operationalCertificateIssuerQueue must both be nil or both be non-nil", self); |
| [self cleanupAfterStartup]; |
| return NO; |
| } |
| |
| if (_controllerDataStore) { |
| // If the storage delegate supports the bulk read API, then a dictionary of nodeID => cluster data dictionary would be passed to the handler. Otherwise this would be a no-op, and stored attributes for MTRDevice objects will be loaded lazily in -deviceForNodeID:. |
| [_controllerDataStore fetchAttributeDataForAllDevices:^(NSDictionary<NSNumber *, NSDictionary<MTRClusterPath *, MTRDeviceClusterData *> *> * _Nonnull clusterDataByNode) { |
| MTR_LOG("%@ Loaded attribute values for %lu nodes from storage for controller uuid %@", self, static_cast<unsigned long>(clusterDataByNode.count), self->_uniqueIdentifier); |
| |
| std::lock_guard lock(*self.deviceMapLock); |
| NSMutableArray * deviceList = [NSMutableArray array]; |
| for (NSNumber * nodeID in clusterDataByNode) { |
| NSDictionary * clusterData = clusterDataByNode[nodeID]; |
| MTRDevice * device = [self _setupDeviceForNodeID:nodeID prefetchedClusterData:clusterData]; |
| MTR_LOG("%@ Loaded %lu cluster data from storage for %@", self, static_cast<unsigned long>(clusterData.count), device); |
| |
| [deviceList addObject:device]; |
| } |
| |
| #define kSecondsToWaitBeforeAPIClientRetainsMTRDevice 60 |
| // Keep the devices retained for a while, in case API client doesn't immediately retain them. |
| // |
| // Note that this is just an optimization to avoid throwing the information away and immediately |
| // re-reading it from storage. |
| dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t) (kSecondsToWaitBeforeAPIClientRetainsMTRDevice * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ |
| MTR_LOG("%@ un-retain devices loaded at startup %lu", self, static_cast<unsigned long>(deviceList.count)); |
| }); |
| }]; |
| } |
| MTR_LOG("%@ startup: %@", NSStringFromClass(self.class), self); |
| |
| return YES; |
| } |
| |
| - (NSNumber *)controllerNodeID |
| { |
| auto block = ^NSNumber * { return @(self->_cppCommissioner->GetNodeId()); }; |
| |
| NSNumber * nodeID = [self syncRunOnWorkQueueWithReturnValue:block error:nil]; |
| if (!nodeID) { |
| MTR_LOG_ERROR("%@ A controller has no node id if it has not been started", self); |
| } |
| |
| return nodeID; |
| } |
| |
| static inline void emitMetricForSetupPayload(MTRSetupPayload * payload) |
| { |
| MATTER_LOG_METRIC(kMetricDeviceVendorID, [payload.vendorID unsignedIntValue]); |
| MATTER_LOG_METRIC(kMetricDeviceProductID, [payload.productID unsignedIntValue]); |
| } |
| |
| - (BOOL)setupCommissioningSessionWithPayload:(MTRSetupPayload *)payload |
| newNodeID:(NSNumber *)newNodeID |
| error:(NSError * __autoreleasing *)error |
| { |
| MTR_LOG("Setting up commissioning session for device ID 0x%016llX with setup payload %@", newNodeID.unsignedLongLongValue, payload); |
| |
| [[MTRMetricsCollector sharedInstance] resetMetrics]; |
| |
| // Track overall commissioning |
| MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioning); |
| emitMetricForSetupPayload(payload); |
| |
| // Capture in a block variable to avoid losing granularity for metrics, |
| // when translating CHIP_ERROR to NSError |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| |
| auto block = ^BOOL { |
| // Track work until end of scope |
| MATTER_LOG_METRIC_SCOPE(kMetricSetupWithPayload, errorCode); |
| |
| // Try to get a QR code if possible (because it has a better |
| // discriminator, etc), then fall back to manual code if that fails. |
| NSString * pairingCode = [payload qrCodeString:nil]; |
| if (pairingCode == nil) { |
| pairingCode = [payload manualEntryCode]; |
| } |
| if (pairingCode == nil) { |
| errorCode = CHIP_ERROR_INVALID_ARGUMENT; |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorSetupCodeGen error:error]; |
| } |
| |
| chip::NodeId nodeId = [newNodeID unsignedLongLongValue]; |
| self->_operationalCredentialsDelegate->SetDeviceID(nodeId); |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection(nodeId, [pairingCode UTF8String]); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(nodeId); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| } |
| |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| auto success = [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| if (!success) { |
| MATTER_LOG_METRIC_END(kMetricDeviceCommissioning, errorCode); |
| } |
| return success; |
| } |
| |
| - (BOOL)setupCommissioningSessionWithDiscoveredDevice:(MTRCommissionableBrowserResult *)discoveredDevice |
| payload:(MTRSetupPayload *)payload |
| newNodeID:(NSNumber *)newNodeID |
| error:(NSError * __autoreleasing *)error |
| { |
| MTR_LOG("%@ Setting up commissioning session for already-discovered device %@ and device ID 0x%016llX with setup payload %@", self, discoveredDevice, newNodeID.unsignedLongLongValue, payload); |
| |
| [[MTRMetricsCollector sharedInstance] resetMetrics]; |
| |
| // Track overall commissioning |
| MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioning); |
| emitMetricForSetupPayload(payload); |
| |
| // Capture in a block variable to avoid losing granularity for metrics, |
| // when translating CHIP_ERROR to NSError |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| |
| auto block = ^BOOL { |
| // Track work until end of scope |
| MATTER_LOG_METRIC_SCOPE(kMetricSetupWithDiscovered, errorCode); |
| |
| chip::NodeId nodeId = [newNodeID unsignedLongLongValue]; |
| self->_operationalCredentialsDelegate->SetDeviceID(nodeId); |
| |
| errorCode = CHIP_ERROR_INVALID_ARGUMENT; |
| chip::Optional<chip::Controller::SetUpCodePairerParameters> params = discoveredDevice.params; |
| if (params.HasValue()) { |
| auto pinCode = static_cast<uint32_t>(payload.setupPasscode.unsignedLongValue); |
| params.Value().SetSetupPINCode(pinCode); |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection(nodeId, params.Value()); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(nodeId); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| } |
| } else { |
| // Try to get a QR code if possible (because it has a better |
| // discriminator, etc), then fall back to manual code if that fails. |
| NSString * pairingCode = [payload qrCodeString:nil]; |
| if (pairingCode == nil) { |
| pairingCode = [payload manualEntryCode]; |
| } |
| if (pairingCode == nil) { |
| errorCode = CHIP_ERROR_INVALID_ARGUMENT; |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorSetupCodeGen error:error]; |
| } |
| |
| for (id key in discoveredDevice.interfaces) { |
| auto resolutionData = discoveredDevice.interfaces[key].resolutionData; |
| if (!resolutionData.HasValue()) { |
| continue; |
| } |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection( |
| nodeId, [pairingCode UTF8String], chip::Controller::DiscoveryType::kDiscoveryNetworkOnly, resolutionData); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(nodeId); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| break; |
| } |
| } |
| } |
| |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| auto success = [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| if (!success) { |
| MATTER_LOG_METRIC_END(kMetricDeviceCommissioning, errorCode); |
| } |
| return success; |
| } |
| |
| - (BOOL)commissionNodeWithID:(NSNumber *)nodeID |
| commissioningParams:(MTRCommissioningParameters *)commissioningParams |
| error:(NSError * __autoreleasing *)error |
| { |
| auto block = ^BOOL { |
| chip::Controller::CommissioningParameters params; |
| if (commissioningParams.csrNonce) { |
| params.SetCSRNonce(AsByteSpan(commissioningParams.csrNonce)); |
| } |
| if (commissioningParams.attestationNonce) { |
| params.SetAttestationNonce(AsByteSpan(commissioningParams.attestationNonce)); |
| } |
| if (commissioningParams.threadOperationalDataset) { |
| params.SetThreadOperationalDataset(AsByteSpan(commissioningParams.threadOperationalDataset)); |
| } |
| params.SetSkipCommissioningComplete(commissioningParams.skipCommissioningComplete); |
| if (commissioningParams.wifiSSID) { |
| chip::ByteSpan ssid = AsByteSpan(commissioningParams.wifiSSID); |
| chip::ByteSpan credentials; |
| if (commissioningParams.wifiCredentials != nil) { |
| credentials = AsByteSpan(commissioningParams.wifiCredentials); |
| } |
| chip::Controller::WiFiCredentials wifiCreds(ssid, credentials); |
| params.SetWiFiCredentials(wifiCreds); |
| } |
| if (commissioningParams.deviceAttestationDelegate) { |
| [self clearDeviceAttestationDelegateBridge]; |
| |
| chip::Optional<uint16_t> timeoutSecs; |
| if (commissioningParams.failSafeTimeout) { |
| timeoutSecs = chip::MakeOptional(static_cast<uint16_t>([commissioningParams.failSafeTimeout unsignedIntValue])); |
| } |
| BOOL shouldWaitAfterDeviceAttestation = NO; |
| if ([commissioningParams.deviceAttestationDelegate |
| respondsToSelector:@selector(deviceAttestationCompletedForController: |
| opaqueDeviceHandle:attestationDeviceInfo:error:)] |
| || [commissioningParams.deviceAttestationDelegate |
| respondsToSelector:@selector(deviceAttestation:completedForDevice:attestationDeviceInfo:error:)]) { |
| shouldWaitAfterDeviceAttestation = YES; |
| } |
| self->_deviceAttestationDelegateBridge = new MTRDeviceAttestationDelegateBridge( |
| self, commissioningParams.deviceAttestationDelegate, timeoutSecs, shouldWaitAfterDeviceAttestation); |
| params.SetDeviceAttestationDelegate(self->_deviceAttestationDelegateBridge); |
| } |
| if (commissioningParams.countryCode != nil) { |
| params.SetCountryCode(AsCharSpan(commissioningParams.countryCode)); |
| } |
| |
| // Set up the right timezone and DST information. For timezone, just |
| // use our current timezone and don't schedule any sort of timezone |
| // change. |
| auto * tz = [NSTimeZone localTimeZone]; |
| using TimeZoneType = chip::app::Clusters::TimeSynchronization::Structs::TimeZoneStruct::Type; |
| TimeZoneType timeZone; |
| timeZone.validAt = 0; |
| timeZone.offset = static_cast<int32_t>(tz.secondsFromGMT - tz.daylightSavingTimeOffset); |
| timeZone.name.Emplace(AsCharSpan(tz.name)); |
| |
| params.SetTimeZone(chip::app::DataModel::List<TimeZoneType>(&timeZone, 1)); |
| |
| // For DST, there is no limit to the number of transitions we could try |
| // to add, but in practice devices likely support only 2 and |
| // AutoCommissioner caps the list at 10. Let's do up to 4 transitions |
| // for now. |
| constexpr size_t dstOffsetMaxCount = 4; |
| using DSTOffsetType = chip::app::Clusters::TimeSynchronization::Structs::DSTOffsetStruct::Type; |
| // dstOffsets needs to live long enough, so its existence is not |
| // conditional on having offsets. |
| DSTOffsetType dstOffsets[dstOffsetMaxCount]; |
| |
| auto * offsets = MTRComputeDSTOffsets(dstOffsetMaxCount); |
| if (offsets != nil) { |
| size_t dstOffsetCount = 0; |
| for (MTRTimeSynchronizationClusterDSTOffsetStruct * offset in offsets) { |
| if (dstOffsetCount >= dstOffsetMaxCount) { |
| // Really shouldn't happen, but let's be extra careful about |
| // buffer overruns. |
| break; |
| } |
| auto & targetOffset = dstOffsets[dstOffsetCount]; |
| targetOffset.offset = offset.offset.intValue; |
| targetOffset.validStarting = offset.validStarting.unsignedLongLongValue; |
| if (offset.validUntil == nil) { |
| targetOffset.validUntil.SetNull(); |
| } else { |
| targetOffset.validUntil.SetNonNull(offset.validUntil.unsignedLongLongValue); |
| } |
| ++dstOffsetCount; |
| } |
| |
| params.SetDSTOffsets(chip::app::DataModel::List<DSTOffsetType>(dstOffsets, dstOffsetCount)); |
| } |
| |
| chip::NodeId deviceId = [nodeID unsignedLongLongValue]; |
| self->_operationalCredentialsDelegate->SetDeviceID(deviceId); |
| auto errorCode = self->_cppCommissioner->Commission(deviceId, params); |
| MATTER_LOG_METRIC(kMetricCommissionNode, errorCode); |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| } |
| |
| - (BOOL)continueCommissioningDevice:(void *)device |
| ignoreAttestationFailure:(BOOL)ignoreAttestationFailure |
| error:(NSError * __autoreleasing *)error |
| { |
| auto block = ^BOOL { |
| auto lastAttestationResult = self->_deviceAttestationDelegateBridge |
| ? self->_deviceAttestationDelegateBridge->attestationVerificationResult() |
| : chip::Credentials::AttestationVerificationResult::kSuccess; |
| |
| auto deviceProxy = static_cast<chip::DeviceProxy *>(device); |
| auto errorCode = self->_cppCommissioner->ContinueCommissioningAfterDeviceAttestation(deviceProxy, |
| ignoreAttestationFailure ? chip::Credentials::AttestationVerificationResult::kSuccess : lastAttestationResult); |
| // Emit metric on stage after continuing post attestation |
| MATTER_LOG_METRIC(kMetricContinueCommissioningAfterAttestation, errorCode); |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| } |
| |
| - (BOOL)cancelCommissioningForNodeID:(NSNumber *)nodeID error:(NSError * __autoreleasing *)error |
| { |
| auto block = ^BOOL { |
| self->_operationalCredentialsDelegate->ResetDeviceID(); |
| auto errorCode = self->_cppCommissioner->StopPairing([nodeID unsignedLongLongValue]); |
| // Emit metric on status of cancel |
| MATTER_LOG_METRIC(kMetricCancelCommissioning, errorCode); |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorStopPairing error:error]; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| } |
| |
| - (BOOL)startBrowseForCommissionables:(id<MTRCommissionableBrowserDelegate>)delegate queue:(dispatch_queue_t)queue |
| { |
| auto block = ^BOOL { |
| VerifyOrReturnValueWithMetric(kMetricStartBrowseForCommissionables, self->_commissionableBrowser == nil, NO); |
| |
| auto commissionableBrowser = [[MTRCommissionableBrowser alloc] initWithDelegate:delegate controller:self queue:queue]; |
| VerifyOrReturnValueWithMetric(kMetricStartBrowseForCommissionables, [commissionableBrowser start], NO); |
| |
| self->_commissionableBrowser = commissionableBrowser; |
| return YES; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:nil]; |
| } |
| |
| - (BOOL)stopBrowseForCommissionables |
| { |
| auto block = ^BOOL { |
| VerifyOrReturnValueWithMetric(kMetricStopBrowseForCommissionables, self->_commissionableBrowser != nil, NO); |
| |
| auto commissionableBrowser = self->_commissionableBrowser; |
| VerifyOrReturnValueWithMetric(kMetricStopBrowseForCommissionables, [commissionableBrowser stop], NO); |
| |
| self->_commissionableBrowser = nil; |
| return YES; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:nil]; |
| } |
| |
| - (void)preWarmCommissioningSession |
| { |
| [_factory preWarmCommissioningSession]; |
| } |
| |
| - (MTRBaseDevice *)deviceBeingCommissionedWithNodeID:(NSNumber *)nodeID error:(NSError * __autoreleasing *)error |
| { |
| auto block = ^MTRBaseDevice * |
| { |
| chip::CommissioneeDeviceProxy * deviceProxy; |
| |
| auto errorCode = self->_cppCommissioner->GetDeviceBeingCommissioned(nodeID.unsignedLongLongValue, &deviceProxy); |
| MATTER_LOG_METRIC(kMetricDeviceBeingCommissioned, errorCode); |
| |
| VerifyOrReturnValue(![MTRDeviceController checkForError:errorCode logMsg:kErrorGetCommissionee error:error], nil); |
| |
| return [[MTRBaseDevice alloc] initWithPASEDevice:deviceProxy controller:self]; |
| }; |
| |
| MTRBaseDevice * device = [self syncRunOnWorkQueueWithReturnValue:block error:error]; |
| MTR_LOG("%@ Getting device being commissioned with node ID 0x%016llX: %@ (error: %@)", self, nodeID.unsignedLongLongValue, device, (error ? *error : nil)); |
| return device; |
| } |
| |
| - (MTRBaseDevice *)baseDeviceForNodeID:(NSNumber *)nodeID |
| { |
| return [[MTRBaseDevice alloc] initWithNodeID:nodeID controller:self]; |
| } |
| |
| // If prefetchedClusterData is not provided, load attributes individually from controller data store |
| - (MTRDevice *)_setupDeviceForNodeID:(NSNumber *)nodeID prefetchedClusterData:(NSDictionary<MTRClusterPath *, MTRDeviceClusterData *> *)prefetchedClusterData |
| { |
| os_unfair_lock_assert_owner(self.deviceMapLock); |
| |
| MTRDevice * deviceToReturn = [[MTRDevice_Concrete alloc] initWithNodeID:nodeID controller:self]; |
| // If we're not running, don't add the device to our map. That would |
| // create a cycle that nothing would break. Just return the device, |
| // which will be in exactly the state it would be in if it were created |
| // while we were running and then we got shut down. |
| if ([self isRunning]) { |
| [_nodeIDToDeviceMap setObject:deviceToReturn forKey:nodeID]; |
| } |
| |
| if (prefetchedClusterData) { |
| if (prefetchedClusterData.count) { |
| [deviceToReturn setPersistedClusterData:prefetchedClusterData]; |
| } |
| } else if (_controllerDataStore) { |
| // Load persisted cluster data if they exist. |
| NSDictionary * clusterData = [_controllerDataStore getStoredClusterDataForNodeID:nodeID]; |
| MTR_LOG("%@ Loaded %lu cluster data from storage for %@", self, static_cast<unsigned long>(clusterData.count), deviceToReturn); |
| if (clusterData.count) { |
| [deviceToReturn setPersistedClusterData:clusterData]; |
| } |
| } |
| |
| // TODO: Figure out how to get the device data as part of our bulk-read bits. |
| if (_controllerDataStore) { |
| auto * deviceData = [_controllerDataStore getStoredDeviceDataForNodeID:nodeID]; |
| if (deviceData.count) { |
| [deviceToReturn setPersistedDeviceData:deviceData]; |
| } |
| } |
| |
| [deviceToReturn setStorageBehaviorConfiguration:_storageBehaviorConfiguration]; |
| |
| return deviceToReturn; |
| } |
| |
| - (MTRDevice *)deviceForNodeID:(NSNumber *)nodeID |
| { |
| std::lock_guard lock(*self.deviceMapLock); |
| MTRDevice * deviceToReturn = [_nodeIDToDeviceMap objectForKey:nodeID]; |
| if (!deviceToReturn) { |
| deviceToReturn = [self _setupDeviceForNodeID:nodeID prefetchedClusterData:nil]; |
| } |
| |
| return deviceToReturn; |
| } |
| |
| - (void)removeDevice:(MTRDevice *)device |
| { |
| std::lock_guard lock(*self.deviceMapLock); |
| auto * nodeID = device.nodeID; |
| MTRDevice * deviceToRemove = [_nodeIDToDeviceMap objectForKey:nodeID]; |
| if (deviceToRemove == device) { |
| [deviceToRemove invalidate]; |
| [_nodeIDToDeviceMap removeObjectForKey:nodeID]; |
| } else { |
| MTR_LOG_ERROR("%@ Error: Cannot remove device %p with nodeID %llu", self, device, nodeID.unsignedLongLongValue); |
| } |
| } |
| |
| #ifdef DEBUG |
| - (NSDictionary<NSNumber *, NSNumber *> *)unitTestGetDeviceAttributeCounts |
| { |
| std::lock_guard lock(*self.deviceMapLock); |
| NSMutableDictionary<NSNumber *, NSNumber *> * deviceAttributeCounts = [NSMutableDictionary dictionary]; |
| for (NSNumber * nodeID in _nodeIDToDeviceMap) { |
| deviceAttributeCounts[nodeID] = @([[_nodeIDToDeviceMap objectForKey:nodeID] unitTestAttributeCount]); |
| } |
| return deviceAttributeCounts; |
| } |
| #endif |
| |
| - (void)setDeviceControllerDelegate:(id<MTRDeviceControllerDelegate>)delegate queue:(dispatch_queue_t)queue |
| { |
| [self |
| asyncDispatchToMatterQueue:^() { |
| self->_deviceControllerDelegateBridge->setDelegate(self, delegate, queue); |
| } |
| errorHandler:nil]; |
| } |
| |
| - (BOOL)setOperationalCertificateIssuer:(nullable id<MTROperationalCertificateIssuer>)operationalCertificateIssuer |
| queue:(nullable dispatch_queue_t)queue |
| { |
| if ((operationalCertificateIssuer != nil && queue == nil) || (operationalCertificateIssuer == nil && queue != nil)) { |
| return NO; |
| } |
| |
| auto block = ^{ |
| BOOL usePartialDACVerifier = NO; |
| if (operationalCertificateIssuer != nil) { |
| self->_operationalCredentialsDelegate->SetOperationalCertificateIssuer(operationalCertificateIssuer, queue); |
| usePartialDACVerifier = operationalCertificateIssuer.shouldSkipAttestationCertificateValidation; |
| } |
| if (usePartialDACVerifier) { |
| self->_cppCommissioner->SetDeviceAttestationVerifier(self->_partialDACVerifier); |
| } else { |
| // TODO: Once we are not supporting setNocChainIssuer this |
| // branch can just go away. |
| self->_cppCommissioner->SetDeviceAttestationVerifier(self->_defaultDACVerifier); |
| } |
| return YES; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:nil]; |
| } |
| |
| + (nullable NSData *)computePASEVerifierForSetupPasscode:(NSNumber *)setupPasscode |
| iterations:(NSNumber *)iterations |
| salt:(NSData *)salt |
| error:(NSError * __autoreleasing *)error |
| { |
| chip::Crypto::Spake2pVerifier verifier; |
| CHIP_ERROR err = verifier.Generate(iterations.unsignedIntValue, AsByteSpan(salt), setupPasscode.unsignedIntValue); |
| |
| MATTER_LOG_METRIC_SCOPE(kMetricPASEVerifierForSetupCode, err); |
| |
| if ([MTRDeviceController checkForError:err logMsg:kErrorSpake2pVerifierGenerationFailed error:error]) { |
| return nil; |
| } |
| |
| uint8_t serializedBuffer[chip::Crypto::kSpake2p_VerifierSerialized_Length]; |
| chip::MutableByteSpan serializedBytes(serializedBuffer); |
| err = verifier.Serialize(serializedBytes); |
| if ([MTRDeviceController checkForError:err logMsg:kErrorSpake2pVerifierSerializationFailed error:error]) { |
| return nil; |
| } |
| |
| return AsData(serializedBytes); |
| } |
| |
| - (NSData * _Nullable)attestationChallengeForDeviceID:(NSNumber *)deviceID |
| { |
| auto block = ^NSData * |
| { |
| chip::CommissioneeDeviceProxy * deviceProxy; |
| |
| auto errorCode = CHIP_NO_ERROR; |
| MATTER_LOG_METRIC_SCOPE(kMetricAttestationChallengeForDevice, errorCode); |
| |
| errorCode = self->_cppCommissioner->GetDeviceBeingCommissioned([deviceID unsignedLongLongValue], &deviceProxy); |
| VerifyOrReturnValue(![MTRDeviceController checkForError:errorCode logMsg:kErrorGetCommissionee error:nil], nil); |
| |
| uint8_t challengeBuffer[chip::Crypto::kAES_CCM128_Key_Length]; |
| chip::ByteSpan challenge(challengeBuffer); |
| |
| errorCode = deviceProxy->GetAttestationChallenge(challenge); |
| VerifyOrReturnValue(![MTRDeviceController checkForError:errorCode logMsg:kErrorGetAttestationChallenge error:nil], nil); |
| |
| return AsData(challenge); |
| }; |
| |
| return [self syncRunOnWorkQueueWithReturnValue:block error:nil]; |
| } |
| |
| - (BOOL)addServerEndpoint:(MTRServerEndpoint *)endpoint |
| { |
| VerifyOrReturnValue([self checkIsRunning], NO); |
| |
| if (![_factory addServerEndpoint:endpoint]) { |
| return NO; |
| } |
| |
| if (![endpoint associateWithController:self]) { |
| MTR_LOG_ERROR("%@ Failed to associate MTRServerEndpoint with %@", self, NSStringFromClass(self.class)); |
| [_factory removeServerEndpoint:endpoint]; |
| return NO; |
| } |
| |
| [self asyncDispatchToMatterQueue:^() { |
| [self->_serverEndpoints addObject:endpoint]; |
| [endpoint registerMatterEndpoint]; |
| MTR_LOG("%@ Added server endpoint %u to controller %@", self, static_cast<chip::EndpointId>(endpoint.endpointID.unsignedLongLongValue), |
| self->_uniqueIdentifier); |
| } |
| errorHandler:^(NSError * error) { |
| MTR_LOG_ERROR("%@ Unexpected failure dispatching to Matter queue on running controller in addServerEndpoint, adding endpoint %u", self, |
| static_cast<chip::EndpointId>(endpoint.endpointID.unsignedLongLongValue)); |
| }]; |
| return YES; |
| } |
| |
| - (void)removeServerEndpoint:(MTRServerEndpoint *)endpoint queue:(dispatch_queue_t)queue completion:(dispatch_block_t)completion |
| { |
| [self removeServerEndpointInternal:endpoint queue:queue completion:completion]; |
| } |
| |
| - (void)removeServerEndpoint:(MTRServerEndpoint *)endpoint |
| { |
| [self removeServerEndpointInternal:endpoint queue:nil completion:nil]; |
| } |
| |
| - (void)removeServerEndpointInternal:(MTRServerEndpoint *)endpoint queue:(dispatch_queue_t _Nullable)queue completion:(dispatch_block_t _Nullable)completion |
| { |
| VerifyOrReturn([self checkIsRunning]); |
| |
| // We need to unhook the endpoint from the Matter side before we can start |
| // tearing it down. |
| [self asyncDispatchToMatterQueue:^() { |
| [self removeServerEndpointOnMatterQueue:endpoint]; |
| MTR_LOG("%@ Removed server endpoint %u from controller %@", self, static_cast<chip::EndpointId>(endpoint.endpointID.unsignedLongLongValue), |
| self->_uniqueIdentifier); |
| if (queue != nil && completion != nil) { |
| dispatch_async(queue, completion); |
| } |
| } |
| errorHandler:^(NSError * error) { |
| // Error means we got shut down, so the endpoint is removed now. |
| MTR_LOG("%@ controller already shut down, so endpoint %u has already been removed", self, |
| static_cast<chip::EndpointId>(endpoint.endpointID.unsignedLongLongValue)); |
| if (queue != nil && completion != nil) { |
| dispatch_async(queue, completion); |
| } |
| }]; |
| } |
| |
| - (void)removeServerEndpointOnMatterQueue:(MTRServerEndpoint *)endpoint |
| { |
| assertChipStackLockedByCurrentThread(); |
| |
| [endpoint unregisterMatterEndpoint]; |
| [_serverEndpoints removeObject:endpoint]; |
| [endpoint invalidate]; |
| |
| [_factory removeServerEndpoint:endpoint]; |
| } |
| |
| - (BOOL)checkForInitError:(BOOL)condition logMsg:(NSString *)logMsg |
| { |
| if (condition) { |
| return NO; |
| } |
| |
| MTR_LOG_ERROR("%@ Error: %@", self, logMsg); |
| |
| [self cleanup]; |
| |
| return YES; |
| } |
| |
| - (void)clearDeviceAttestationDelegateBridge |
| { |
| if (_deviceAttestationDelegateBridge) { |
| delete _deviceAttestationDelegateBridge; |
| _deviceAttestationDelegateBridge = nullptr; |
| } |
| } |
| |
| - (BOOL)checkForStartError:(CHIP_ERROR)errorCode logMsg:(NSString *)logMsg |
| { |
| if (CHIP_NO_ERROR == errorCode) { |
| return NO; |
| } |
| |
| MTR_LOG_ERROR("Error(%" CHIP_ERROR_FORMAT "): %@ %@", errorCode.Format(), self, logMsg); |
| |
| return YES; |
| } |
| |
| + (BOOL)checkForError:(CHIP_ERROR)errorCode logMsg:(NSString *)logMsg error:(NSError * __autoreleasing *)error |
| { |
| if (CHIP_NO_ERROR == errorCode) { |
| return NO; |
| } |
| |
| MTR_LOG_ERROR("Error(%" CHIP_ERROR_FORMAT "): %@ %s", errorCode.Format(), self, [logMsg UTF8String]); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:errorCode]; |
| } |
| |
| return YES; |
| } |
| |
| - (BOOL)checkIsRunning |
| { |
| return [self checkIsRunning:nil]; |
| } |
| |
| - (BOOL)checkIsRunning:(NSError * __autoreleasing *)error |
| { |
| if ([self isRunning]) { |
| return YES; |
| } |
| |
| MTR_LOG_ERROR("%@: %@ Error: %s", NSStringFromClass(self.class), self, [kErrorNotRunning UTF8String]); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:CHIP_ERROR_INCORRECT_STATE]; |
| } |
| |
| return NO; |
| } |
| |
| - (void)getSessionForNode:(chip::NodeId)nodeID completion:(MTRInternalDeviceConnectionCallback)completion |
| { |
| // Get the corresponding MTRDevice object to determine if the case/subscription pool is to be used |
| MTRDevice * device = [self deviceForNodeID:@(nodeID)]; |
| |
| // In the case that this device is known to use thread, queue this with subscription attempts as well, to |
| // help with throttling Thread traffic. |
| if ([device deviceUsesThread]) { |
| MTRAsyncWorkItem * workItem = [[MTRAsyncWorkItem alloc] initWithQueue:dispatch_get_global_queue(QOS_CLASS_DEFAULT, 0)]; |
| [workItem setReadyHandler:^(id _Nonnull context, NSInteger retryCount, MTRAsyncWorkCompletionBlock _Nonnull workItemCompletion) { |
| MTRInternalDeviceConnectionCallback completionWrapper = ^(chip::Messaging::ExchangeManager * _Nullable exchangeManager, |
| const chip::Optional<chip::SessionHandle> & session, NSError * _Nullable error, NSNumber * _Nullable retryDelay) { |
| completion(exchangeManager, session, error, retryDelay); |
| workItemCompletion(MTRAsyncWorkComplete); |
| }; |
| [self directlyGetSessionForNode:nodeID completion:completionWrapper]; |
| }]; |
| |
| [_concurrentSubscriptionPool enqueueWorkItem:workItem descriptionWithFormat:@"device controller getSessionForNode nodeID: 0x%016llX", nodeID]; |
| } else { |
| [self directlyGetSessionForNode:nodeID completion:completion]; |
| } |
| } |
| |
| - (void)directlyGetSessionForNode:(chip::NodeId)nodeID completion:(MTRInternalDeviceConnectionCallback)completion |
| { |
| [self |
| asyncGetCommissionerOnMatterQueue:^(chip::Controller::DeviceCommissioner * commissioner) { |
| auto connectionBridge = new MTRDeviceConnectionBridge(completion); |
| |
| // MTRDeviceConnectionBridge always delivers errors async via |
| // completion. |
| connectionBridge->connect(commissioner, nodeID); |
| } |
| errorHandler:^(NSError * error) { |
| completion(nullptr, chip::NullOptional, error, nil); |
| }]; |
| } |
| |
| - (void)getSessionForCommissioneeDevice:(chip::NodeId)deviceID completion:(MTRInternalDeviceConnectionCallback)completion |
| { |
| [self |
| asyncGetCommissionerOnMatterQueue:^(chip::Controller::DeviceCommissioner * commissioner) { |
| chip::CommissioneeDeviceProxy * deviceProxy; |
| CHIP_ERROR err = commissioner->GetDeviceBeingCommissioned(deviceID, &deviceProxy); |
| if (err != CHIP_NO_ERROR) { |
| completion(nullptr, chip::NullOptional, [MTRError errorForCHIPErrorCode:err], nil); |
| return; |
| } |
| |
| chip::Optional<chip::SessionHandle> session = deviceProxy->GetSecureSession(); |
| if (!session.HasValue() || !session.Value()->AsSecureSession()->IsPASESession()) { |
| completion(nullptr, chip::NullOptional, [MTRError errorForCHIPErrorCode:CHIP_ERROR_INCORRECT_STATE], nil); |
| return; |
| } |
| |
| completion(deviceProxy->GetExchangeManager(), session, nil, nil); |
| } |
| errorHandler:^(NSError * error) { |
| completion(nullptr, chip::NullOptional, error, nil); |
| }]; |
| } |
| |
| - (MTRTransportType)sessionTransportTypeForDevice:(MTRBaseDevice *)device |
| { |
| VerifyOrReturnValue([self checkIsRunning], MTRTransportTypeUndefined); |
| |
| __block MTRTransportType result = MTRTransportTypeUndefined; |
| dispatch_sync(_chipWorkQueue, ^{ |
| VerifyOrReturn([self checkIsRunning]); |
| |
| if (device.isPASEDevice) { |
| chip::CommissioneeDeviceProxy * deviceProxy; |
| VerifyOrReturn(CHIP_NO_ERROR == self->_cppCommissioner->GetDeviceBeingCommissioned(device.nodeID, &deviceProxy)); |
| result = MTRMakeTransportType(deviceProxy->GetDeviceTransportType()); |
| } else { |
| auto scopedNodeID = self->_cppCommissioner->GetPeerScopedId(device.nodeID); |
| auto sessionHandle = self->_cppCommissioner->SessionMgr()->FindSecureSessionForNode(scopedNodeID); |
| VerifyOrReturn(sessionHandle.HasValue()); |
| result = MTRMakeTransportType(sessionHandle.Value()->AsSecureSession()->GetPeerAddress().GetTransportType()); |
| } |
| }); |
| return result; |
| } |
| |
| - (void)asyncGetCommissionerOnMatterQueue:(void (^)(chip::Controller::DeviceCommissioner *))block |
| errorHandler:(nullable MTRDeviceErrorHandler)errorHandler |
| { |
| { |
| NSError * error; |
| if (![self checkIsRunning:&error]) { |
| if (errorHandler != nil) { |
| errorHandler(error); |
| } |
| return; |
| } |
| } |
| |
| dispatch_async(_chipWorkQueue, ^{ |
| NSError * error; |
| if (![self checkIsRunning:&error]) { |
| if (errorHandler != nil) { |
| errorHandler(error); |
| } |
| return; |
| } |
| |
| block(self->_cppCommissioner); |
| }); |
| } |
| |
| - (void)asyncDispatchToMatterQueue:(dispatch_block_t)block errorHandler:(nullable MTRDeviceErrorHandler)errorHandler |
| { |
| auto adapter = ^(chip::Controller::DeviceCommissioner *) { |
| block(); |
| }; |
| [self asyncGetCommissionerOnMatterQueue:adapter errorHandler:errorHandler]; |
| } |
| |
| - (void)syncRunOnWorkQueue:(SyncWorkQueueBlock)block error:(NSError * __autoreleasing *)error |
| { |
| VerifyOrDie(!chip::DeviceLayer::PlatformMgrImpl().IsWorkQueueCurrentQueue()); |
| VerifyOrReturn([self checkIsRunning:error]); |
| |
| dispatch_sync(_chipWorkQueue, ^{ |
| VerifyOrReturn([self checkIsRunning:error]); |
| block(); |
| }); |
| } |
| |
| - (id)syncRunOnWorkQueueWithReturnValue:(SyncWorkQueueBlockWithReturnValue)block error:(NSError * __autoreleasing *)error |
| { |
| __block id rv = nil; |
| auto adapter = ^{ |
| rv = block(); |
| }; |
| |
| [self syncRunOnWorkQueue:adapter error:error]; |
| |
| return rv; |
| } |
| |
| - (BOOL)syncRunOnWorkQueueWithBoolReturnValue:(SyncWorkQueueBlockWithBoolReturnValue)block error:(NSError * __autoreleasing *)error |
| { |
| __block BOOL success = NO; |
| auto adapter = ^{ |
| success = block(); |
| }; |
| [self syncRunOnWorkQueue:adapter error:error]; |
| |
| return success; |
| } |
| |
| - (chip::FabricIndex)fabricIndex |
| { |
| return _storedFabricIndex; |
| } |
| |
| - (nullable NSNumber *)compressedFabricID |
| { |
| auto storedValue = _storedCompressedFabricID.load(); |
| return storedValue.has_value() ? @(storedValue.value()) : nil; |
| } |
| |
| - (CHIP_ERROR)isRunningOnFabric:(chip::FabricTable *)fabricTable |
| fabricIndex:(chip::FabricIndex)fabricIndex |
| isRunning:(BOOL *)isRunning |
| { |
| assertChipStackLockedByCurrentThread(); |
| |
| if (![self isRunning]) { |
| *isRunning = NO; |
| return CHIP_NO_ERROR; |
| } |
| |
| const chip::FabricInfo * otherFabric = fabricTable->FindFabricWithIndex(fabricIndex); |
| if (!otherFabric) { |
| // Should not happen... |
| return CHIP_ERROR_INCORRECT_STATE; |
| } |
| |
| if (_cppCommissioner->GetFabricId() != otherFabric->GetFabricId()) { |
| *isRunning = NO; |
| return CHIP_NO_ERROR; |
| } |
| |
| chip::Crypto::P256PublicKey ourRootPublicKey, otherRootPublicKey; |
| ReturnErrorOnFailure(_cppCommissioner->GetRootPublicKey(ourRootPublicKey)); |
| ReturnErrorOnFailure(fabricTable->FetchRootPubkey(otherFabric->GetFabricIndex(), otherRootPublicKey)); |
| |
| *isRunning = (ourRootPublicKey.Matches(otherRootPublicKey)); |
| return CHIP_NO_ERROR; |
| } |
| |
| - (void)invalidateCASESessionForNode:(chip::NodeId)nodeID; |
| { |
| auto block = ^{ |
| auto sessionMgr = self->_cppCommissioner->SessionMgr(); |
| VerifyOrDie(sessionMgr != nullptr); |
| |
| sessionMgr->MarkSessionsAsDefunct( |
| self->_cppCommissioner->GetPeerScopedId(nodeID), chip::MakeOptional(chip::Transport::SecureSession::Type::kCASE)); |
| }; |
| |
| [self syncRunOnWorkQueue:block error:nil]; |
| } |
| |
| - (void)operationalInstanceAdded:(chip::NodeId)nodeID |
| { |
| // Don't use deviceForNodeID here, because we don't want to create the |
| // device if it does not already exist. |
| os_unfair_lock_lock(self.deviceMapLock); |
| MTRDevice * device = [_nodeIDToDeviceMap objectForKey:@(nodeID)]; |
| os_unfair_lock_unlock(self.deviceMapLock); |
| |
| if (device == nil) { |
| return; |
| } |
| |
| ChipLogProgress(Controller, "Notifying device about node 0x" ChipLogFormatX64 " advertising", ChipLogValueX64(nodeID)); |
| [device nodeMayBeAdvertisingOperational]; |
| } |
| |
| - (void)downloadLogFromNodeWithID:(NSNumber *)nodeID |
| type:(MTRDiagnosticLogType)type |
| timeout:(NSTimeInterval)timeout |
| queue:(dispatch_queue_t)queue |
| completion:(void (^)(NSURL * _Nullable url, NSError * _Nullable error))completion |
| { |
| [self asyncDispatchToMatterQueue:^() { |
| [self->_factory downloadLogFromNodeWithID:nodeID |
| controller:self |
| type:type |
| timeout:timeout |
| queue:queue |
| completion:completion]; |
| } |
| errorHandler:^(NSError * error) { |
| completion(nil, error); |
| }]; |
| } |
| |
| - (NSArray<MTRAccessGrant *> *)accessGrantsForClusterPath:(MTRClusterPath *)clusterPath |
| { |
| assertChipStackLockedByCurrentThread(); |
| |
| for (MTRServerEndpoint * endpoint in _serverEndpoints) { |
| if ([clusterPath.endpoint isEqual:endpoint.endpointID]) { |
| return [endpoint matterAccessGrantsForCluster:clusterPath.cluster]; |
| } |
| } |
| |
| // Nothing matched, no grants. |
| return @[]; |
| } |
| |
| - (nullable NSNumber *)neededReadPrivilegeForClusterID:(NSNumber *)clusterID attributeID:(NSNumber *)attributeID |
| { |
| assertChipStackLockedByCurrentThread(); |
| |
| for (MTRServerEndpoint * endpoint in _serverEndpoints) { |
| for (MTRServerCluster * cluster in endpoint.serverClusters) { |
| if (![cluster.clusterID isEqual:clusterID]) { |
| continue; |
| } |
| |
| for (MTRServerAttribute * attr in cluster.attributes) { |
| if (![attr.attributeID isEqual:attributeID]) { |
| continue; |
| } |
| |
| return @(attr.requiredReadPrivilege); |
| } |
| } |
| } |
| |
| return nil; |
| } |
| |
| #ifdef DEBUG |
| + (void)forceLocalhostAdvertisingOnly |
| { |
| auto interfaceIndex = chip::Inet::InterfaceId::PlatformType(kDNSServiceInterfaceIndexLocalOnly); |
| auto interfaceId = chip::Inet::InterfaceId(interfaceIndex); |
| chip::app::DnssdServer::Instance().SetInterfaceId(interfaceId); |
| } |
| #endif // DEBUG |
| |
| @end |
| |
| @implementation MTRDevicePairingDelegateShim |
| - (instancetype)initWithDelegate:(id<MTRDevicePairingDelegate>)delegate |
| { |
| if (self = [super init]) { |
| _delegate = delegate; |
| } |
| return self; |
| } |
| |
| - (BOOL)respondsToSelector:(SEL)selector |
| { |
| if (selector == @selector(controller:statusUpdate:)) { |
| return [self.delegate respondsToSelector:@selector(onStatusUpdate:)]; |
| } |
| |
| if (selector == @selector(controller:commissioningSessionEstablishmentDone:)) { |
| return [self.delegate respondsToSelector:@selector(onPairingComplete:)]; |
| } |
| |
| if (selector == @selector(controller:commissioningComplete:)) { |
| return [self.delegate respondsToSelector:@selector(onCommissioningComplete:)]; |
| } |
| |
| return [super respondsToSelector:selector]; |
| } |
| |
| - (void)controller:(MTRDeviceController *)controller statusUpdate:(MTRCommissioningStatus)status |
| { |
| [self.delegate onStatusUpdate:static_cast<MTRPairingStatus>(status)]; |
| } |
| |
| - (void)controller:(MTRDeviceController *)controller commissioningSessionEstablishmentDone:(NSError * _Nullable)error |
| { |
| [self.delegate onPairingComplete:error]; |
| } |
| |
| - (void)controller:(MTRDeviceController *)controller commissioningComplete:(NSError * _Nullable)error |
| { |
| [self.delegate onCommissioningComplete:error]; |
| } |
| |
| - (void)onPairingDeleted:(NSError * _Nullable)error |
| { |
| [self.delegate onPairingDeleted:error]; |
| } |
| |
| @end |
| |
| /** |
| * Shim to allow us to treat an MTRNOCChainIssuer as an |
| * MTROperationalCertificateIssuer. |
| */ |
| @interface MTROperationalCertificateChainIssuerShim : NSObject <MTROperationalCertificateIssuer> |
| @property (nonatomic, readonly) id<MTRNOCChainIssuer> nocChainIssuer; |
| @property (nonatomic, readonly) BOOL shouldSkipAttestationCertificateValidation; |
| - (instancetype)initWithIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer; |
| @end |
| |
| @implementation MTROperationalCertificateChainIssuerShim |
| - (instancetype)initWithIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer |
| { |
| if (self = [super init]) { |
| _nocChainIssuer = nocChainIssuer; |
| _shouldSkipAttestationCertificateValidation = YES; |
| } |
| return self; |
| } |
| |
| - (void)issueOperationalCertificateForRequest:(MTROperationalCSRInfo *)csrInfo |
| attestationInfo:(MTRDeviceAttestationInfo *)attestationInfo |
| controller:(MTRDeviceController *)controller |
| completion:(void (^)(MTROperationalCertificateChain * _Nullable info, |
| NSError * _Nullable error))completion |
| { |
| CSRInfo * oldCSRInfo = [[CSRInfo alloc] initWithNonce:csrInfo.csrNonce |
| elements:csrInfo.csrElementsTLV |
| elementsSignature:csrInfo.attestationSignature |
| csr:csrInfo.csr]; |
| NSData * _Nullable firmwareInfo = attestationInfo.firmwareInfo; |
| if (firmwareInfo == nil) { |
| firmwareInfo = [NSData data]; |
| } |
| AttestationInfo * oldAttestationInfo = |
| [[AttestationInfo alloc] initWithChallenge:attestationInfo.challenge |
| nonce:attestationInfo.nonce |
| elements:attestationInfo.elementsTLV |
| elementsSignature:attestationInfo.elementsSignature |
| dac:attestationInfo.deviceAttestationCertificate |
| pai:attestationInfo.productAttestationIntermediateCertificate |
| certificationDeclaration:attestationInfo.certificationDeclaration |
| firmwareInfo:firmwareInfo]; |
| [self.nocChainIssuer |
| onNOCChainGenerationNeeded:oldCSRInfo |
| attestationInfo:oldAttestationInfo |
| onNOCChainGenerationComplete:^(NSData * operationalCertificate, NSData * intermediateCertificate, NSData * rootCertificate, |
| NSData * _Nullable ipk, NSNumber * _Nullable adminSubject, NSError * __autoreleasing * error) { |
| auto * chain = [[MTROperationalCertificateChain alloc] initWithOperationalCertificate:operationalCertificate |
| intermediateCertificate:intermediateCertificate |
| rootCertificate:rootCertificate |
| adminSubject:adminSubject]; |
| completion(chain, nil); |
| if (error != nil) { |
| *error = nil; |
| } |
| }]; |
| } |
| |
| @end |
| |
| @implementation MTRDeviceController (Deprecated) |
| |
| - (NSNumber *)controllerNodeId |
| { |
| return self.controllerNodeID; |
| } |
| |
| - (nullable NSData *)fetchAttestationChallengeForDeviceId:(uint64_t)deviceId |
| { |
| return [self attestationChallengeForDeviceID:@(deviceId)]; |
| } |
| |
| - (BOOL)getBaseDevice:(uint64_t)deviceID queue:(dispatch_queue_t)queue completionHandler:(MTRDeviceConnectionCallback)completion |
| { |
| NSError * error; |
| if (![self checkIsRunning:&error]) { |
| dispatch_async(queue, ^{ |
| completion(nil, error); |
| }); |
| return NO; |
| } |
| |
| // We know getSessionForNode will return YES here, since we already checked |
| // that we are running. |
| [self getSessionForNode:deviceID |
| completion:^(chip::Messaging::ExchangeManager * _Nullable exchangeManager, |
| const chip::Optional<chip::SessionHandle> & session, NSError * _Nullable error, NSNumber * _Nullable retryDelay) { |
| // Create an MTRBaseDevice for the node id involved, now that our |
| // CASE session is primed. We don't actually care about the session |
| // information here. |
| dispatch_async(queue, ^{ |
| MTRBaseDevice * device; |
| if (error == nil) { |
| device = [[MTRBaseDevice alloc] initWithNodeID:@(deviceID) controller:self]; |
| } else { |
| device = nil; |
| } |
| completion(device, error); |
| }); |
| }]; |
| |
| return YES; |
| } |
| |
| - (BOOL)pairDevice:(uint64_t)deviceID |
| discriminator:(uint16_t)discriminator |
| setupPINCode:(uint32_t)setupPINCode |
| error:(NSError * __autoreleasing *)error |
| { |
| [[MTRMetricsCollector sharedInstance] resetMetrics]; |
| |
| // Track overall commissioning |
| MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioning); |
| |
| // Capture in a block variable to avoid losing granularity for metrics, |
| // when translating CHIP_ERROR to NSError |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| |
| auto block = ^BOOL { |
| // Track work until end of scope |
| MATTER_LOG_METRIC_SCOPE(kMetricPairDevice, errorCode); |
| |
| std::string manualPairingCode; |
| chip::SetupPayload payload; |
| payload.discriminator.SetLongValue(discriminator); |
| payload.setUpPINCode = setupPINCode; |
| |
| errorCode = chip::ManualSetupPayloadGenerator(payload).payloadDecimalStringRepresentation(manualPairingCode); |
| VerifyOrReturnValue(![MTRDeviceController checkForError:errorCode logMsg:kErrorSetupCodeGen error:error], NO); |
| |
| self->_operationalCredentialsDelegate->SetDeviceID(deviceID); |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection(deviceID, manualPairingCode.c_str()); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(deviceID); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| } |
| |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| auto success = [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| if (!success) { |
| MATTER_LOG_METRIC_END(kMetricDeviceCommissioning, errorCode); |
| } |
| return success; |
| } |
| |
| - (BOOL)pairDevice:(uint64_t)deviceID |
| address:(NSString *)address |
| port:(uint16_t)port |
| setupPINCode:(uint32_t)setupPINCode |
| error:(NSError * __autoreleasing *)error |
| { |
| [[MTRMetricsCollector sharedInstance] resetMetrics]; |
| |
| // Track overall commissioning |
| MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioning); |
| |
| // Capture in a block variable to avoid losing granularity for metrics, |
| // when translating CHIP_ERROR to NSError |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| |
| auto block = ^BOOL { |
| // Track work until end of scope |
| MATTER_LOG_METRIC_SCOPE(kMetricPairDevice, errorCode); |
| |
| chip::Inet::IPAddress addr; |
| chip::Inet::IPAddress::FromString([address UTF8String], addr); |
| chip::Transport::PeerAddress peerAddress = chip::Transport::PeerAddress::UDP(addr, port); |
| |
| self->_operationalCredentialsDelegate->SetDeviceID(deviceID); |
| |
| auto params = chip::RendezvousParameters().SetSetupPINCode(setupPINCode).SetPeerAddress(peerAddress); |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection(deviceID, params); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(deviceID); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| } |
| |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| auto success = [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| if (!success) { |
| MATTER_LOG_METRIC_END(kMetricDeviceCommissioning, errorCode); |
| } |
| return success; |
| } |
| |
| - (BOOL)pairDevice:(uint64_t)deviceID onboardingPayload:(NSString *)onboardingPayload error:(NSError * __autoreleasing *)error |
| { |
| [[MTRMetricsCollector sharedInstance] resetMetrics]; |
| |
| // Track overall commissioning |
| MATTER_LOG_METRIC_BEGIN(kMetricDeviceCommissioning); |
| emitMetricForSetupPayload([MTRSetupPayload setupPayloadWithOnboardingPayload:onboardingPayload error:nil]); |
| |
| // Capture in a block variable to avoid losing granularity for metrics, |
| // when translating CHIP_ERROR to NSError |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| |
| auto block = ^BOOL { |
| // Track work until end of scope |
| MATTER_LOG_METRIC_SCOPE(kMetricPairDevice, errorCode); |
| |
| self->_operationalCredentialsDelegate->SetDeviceID(deviceID); |
| |
| MATTER_LOG_METRIC_BEGIN(kMetricSetupPASESession); |
| errorCode = self->_cppCommissioner->EstablishPASEConnection(deviceID, [onboardingPayload UTF8String]); |
| if (CHIP_NO_ERROR == errorCode) { |
| self->_deviceControllerDelegateBridge->SetDeviceNodeID(deviceID); |
| } else { |
| MATTER_LOG_METRIC_END(kMetricSetupPASESession, errorCode); |
| } |
| |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorPairDevice error:error]; |
| }; |
| |
| auto success = [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| if (!success) { |
| MATTER_LOG_METRIC_END(kMetricDeviceCommissioning, errorCode); |
| } |
| return success; |
| } |
| |
| - (BOOL)commissionDevice:(uint64_t)deviceID |
| commissioningParams:(MTRCommissioningParameters *)commissioningParams |
| error:(NSError * __autoreleasing *)error |
| { |
| return [self commissionNodeWithID:@(deviceID) commissioningParams:commissioningParams error:error]; |
| } |
| |
| - (BOOL)stopDevicePairing:(uint64_t)deviceID error:(NSError * __autoreleasing *)error |
| { |
| return [self cancelCommissioningForNodeID:@(deviceID) error:error]; |
| } |
| |
| - (MTRBaseDevice *)getDeviceBeingCommissioned:(uint64_t)deviceId error:(NSError * __autoreleasing *)error |
| { |
| return [self deviceBeingCommissionedWithNodeID:@(deviceId) error:error]; |
| } |
| |
| - (BOOL)openPairingWindow:(uint64_t)deviceID duration:(NSUInteger)duration error:(NSError * __autoreleasing *)error |
| { |
| if (duration > UINT16_MAX) { |
| MTR_LOG_ERROR("%@ Error: Duration %lu is too large. Max value %d", self, static_cast<unsigned long>(duration), UINT16_MAX); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:CHIP_ERROR_INVALID_INTEGER_VALUE]; |
| } |
| return NO; |
| } |
| |
| auto block = ^BOOL { |
| CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| MATTER_LOG_METRIC_SCOPE(kMetricOpenPairingWindow, errorCode); |
| |
| errorCode = chip::Controller::AutoCommissioningWindowOpener::OpenBasicCommissioningWindow( |
| self->_cppCommissioner, deviceID, chip::System::Clock::Seconds16(static_cast<uint16_t>(duration))); |
| return ![MTRDeviceController checkForError:errorCode logMsg:kErrorOpenPairingWindow error:error]; |
| }; |
| |
| return [self syncRunOnWorkQueueWithBoolReturnValue:block error:error]; |
| } |
| |
| - (NSString *)openPairingWindowWithPIN:(uint64_t)deviceID |
| duration:(NSUInteger)duration |
| discriminator:(NSUInteger)discriminator |
| setupPIN:(NSUInteger)setupPIN |
| error:(NSError * __autoreleasing *)error |
| { |
| if (duration > UINT16_MAX) { |
| MTR_LOG_ERROR("%@ Error: Duration %lu is too large. Max value %d", self, static_cast<unsigned long>(duration), UINT16_MAX); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:CHIP_ERROR_INVALID_INTEGER_VALUE]; |
| } |
| return nil; |
| } |
| |
| if (discriminator > 0xfff) { |
| MTR_LOG_ERROR("%@ Error: Discriminator %lu is too large. Max value %d", self, static_cast<unsigned long>(discriminator), 0xfff); |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:CHIP_ERROR_INVALID_INTEGER_VALUE]; |
| } |
| return nil; |
| } |
| |
| __block CHIP_ERROR errorCode = CHIP_NO_ERROR; |
| MATTER_LOG_METRIC_SCOPE(kMetricOpenPairingWindow, errorCode); |
| |
| if (!chip::CanCastTo<uint32_t>(setupPIN) || !chip::SetupPayload::IsValidSetupPIN(static_cast<uint32_t>(setupPIN))) { |
| MTR_LOG_ERROR("%@ Error: Setup pin %lu is not valid", self, static_cast<unsigned long>(setupPIN)); |
| errorCode = CHIP_ERROR_INVALID_INTEGER_VALUE; |
| if (error) { |
| *error = [MTRError errorForCHIPErrorCode:errorCode]; |
| } |
| return nil; |
| } |
| |
| auto block = ^NSString * |
| { |
| chip::SetupPayload setupPayload; |
| errorCode = chip::Controller::AutoCommissioningWindowOpener::OpenCommissioningWindow(self->_cppCommissioner, deviceID, |
| chip::System::Clock::Seconds16(static_cast<uint16_t>(duration)), chip::Crypto::kSpake2p_Min_PBKDF_Iterations, |
| static_cast<uint16_t>(discriminator), chip::MakeOptional(static_cast<uint32_t>(setupPIN)), chip::NullOptional, |
| setupPayload); |
| |
| VerifyOrReturnValue(![MTRDeviceController checkForError:errorCode logMsg:kErrorOpenPairingWindow error:error], nil); |
| |
| chip::ManualSetupPayloadGenerator generator(setupPayload); |
| std::string outCode; |
| |
| if (CHIP_NO_ERROR != (errorCode = generator.payloadDecimalStringRepresentation(outCode))) { |
| MTR_LOG_ERROR("%@ Failed to get decimal setup code", self); |
| return nil; |
| } |
| |
| MTR_LOG_ERROR("%@ Setup code is %s", self, outCode.c_str()); |
| return [NSString stringWithCString:outCode.c_str() encoding:[NSString defaultCStringEncoding]]; |
| }; |
| |
| return [self syncRunOnWorkQueueWithReturnValue:block error:error]; |
| } |
| |
| - (nullable NSData *)computePaseVerifier:(uint32_t)setupPincode iterations:(uint32_t)iterations salt:(NSData *)salt |
| { |
| return [MTRDeviceController computePASEVerifierForSetupPasscode:@(setupPincode) iterations:@(iterations) salt:salt error:nil]; |
| } |
| |
| - (void)setPairingDelegate:(id<MTRDevicePairingDelegate>)delegate queue:(dispatch_queue_t)queue |
| { |
| auto * delegateShim = [[MTRDevicePairingDelegateShim alloc] initWithDelegate:delegate]; |
| [self setDeviceControllerDelegate:delegateShim queue:queue]; |
| } |
| |
| - (void)setNocChainIssuer:(id<MTRNOCChainIssuer>)nocChainIssuer queue:(dispatch_queue_t)queue |
| { |
| [self setOperationalCertificateIssuer:[[MTROperationalCertificateChainIssuerShim alloc] initWithIssuer:nocChainIssuer] |
| queue:queue]; |
| } |
| @end |