@matter/node 0.14.1-alpha.0-20250607-a93593303 → 0.15.0-alpha.0-20250613-a55f991d4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/behavior/Events.d.ts +8 -3
- package/dist/cjs/behavior/Events.d.ts.map +1 -1
- package/dist/cjs/behavior/Events.js +5 -1
- package/dist/cjs/behavior/Events.js.map +1 -1
- package/dist/cjs/behavior/cluster/ClusterBehaviorUtil.js +3 -3
- package/dist/cjs/behavior/cluster/ClusterBehaviorUtil.js.map +1 -1
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.d.ts +16 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.d.ts.map +1 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.js +119 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.js.map +6 -0
- package/dist/cjs/behavior/cluster/index.d.ts +1 -0
- package/dist/cjs/behavior/cluster/index.d.ts.map +1 -1
- package/dist/cjs/behavior/cluster/index.js +1 -0
- package/dist/cjs/behavior/cluster/index.js.map +1 -1
- package/dist/cjs/behavior/context/server/OnlineContext.d.ts +2 -1
- package/dist/cjs/behavior/context/server/OnlineContext.d.ts.map +1 -1
- package/dist/cjs/behavior/context/server/OnlineContext.js +22 -7
- package/dist/cjs/behavior/context/server/OnlineContext.js.map +1 -1
- package/dist/cjs/behavior/state/managed/Datasource.d.ts +6 -5
- package/dist/cjs/behavior/state/managed/Datasource.d.ts.map +1 -1
- package/dist/cjs/behavior/state/managed/Datasource.js +25 -14
- package/dist/cjs/behavior/state/managed/Datasource.js.map +1 -1
- package/dist/cjs/behavior/supervision/ValueSupervisor.d.ts +7 -3
- package/dist/cjs/behavior/supervision/ValueSupervisor.d.ts.map +1 -1
- package/dist/cjs/behaviors/access-control/AccessControlServer.d.ts +20 -36
- package/dist/cjs/behaviors/access-control/AccessControlServer.d.ts.map +1 -1
- package/dist/cjs/behaviors/access-control/AccessControlServer.js +153 -87
- package/dist/cjs/behaviors/access-control/AccessControlServer.js.map +1 -1
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.js +8 -19
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.js.map +2 -2
- package/dist/cjs/endpoint/properties/Behaviors.d.ts.map +1 -1
- package/dist/cjs/endpoint/properties/Behaviors.js +10 -0
- package/dist/cjs/endpoint/properties/Behaviors.js.map +1 -1
- package/dist/cjs/node/ServerNode.d.ts +2 -2
- package/dist/cjs/node/ServerNode.d.ts.map +1 -1
- package/dist/cjs/node/ServerNode.js +2 -2
- package/dist/cjs/node/server/InteractionServer.d.ts.map +1 -1
- package/dist/cjs/node/server/InteractionServer.js +10 -44
- package/dist/cjs/node/server/InteractionServer.js.map +2 -2
- package/dist/cjs/node/server/ProtocolService.js +1 -1
- package/dist/cjs/node/server/ProtocolService.js.map +1 -1
- package/dist/cjs/node/server/ServerEnvironment.d.ts +3 -0
- package/dist/cjs/node/server/ServerEnvironment.d.ts.map +1 -1
- package/dist/cjs/node/server/ServerEnvironment.js +12 -2
- package/dist/cjs/node/server/ServerEnvironment.js.map +1 -1
- package/dist/esm/behavior/Events.d.ts +8 -3
- package/dist/esm/behavior/Events.d.ts.map +1 -1
- package/dist/esm/behavior/Events.js +5 -2
- package/dist/esm/behavior/Events.js.map +1 -1
- package/dist/esm/behavior/cluster/ClusterBehaviorUtil.js +4 -4
- package/dist/esm/behavior/cluster/ClusterBehaviorUtil.js.map +1 -1
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.d.ts +16 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.d.ts.map +1 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.js +99 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.js.map +6 -0
- package/dist/esm/behavior/cluster/index.d.ts +1 -0
- package/dist/esm/behavior/cluster/index.d.ts.map +1 -1
- package/dist/esm/behavior/cluster/index.js +1 -0
- package/dist/esm/behavior/cluster/index.js.map +1 -1
- package/dist/esm/behavior/context/server/OnlineContext.d.ts +2 -1
- package/dist/esm/behavior/context/server/OnlineContext.d.ts.map +1 -1
- package/dist/esm/behavior/context/server/OnlineContext.js +29 -9
- package/dist/esm/behavior/context/server/OnlineContext.js.map +1 -1
- package/dist/esm/behavior/state/managed/Datasource.d.ts +6 -5
- package/dist/esm/behavior/state/managed/Datasource.d.ts.map +1 -1
- package/dist/esm/behavior/state/managed/Datasource.js +25 -14
- package/dist/esm/behavior/state/managed/Datasource.js.map +1 -1
- package/dist/esm/behavior/supervision/ValueSupervisor.d.ts +7 -3
- package/dist/esm/behavior/supervision/ValueSupervisor.d.ts.map +1 -1
- package/dist/esm/behaviors/access-control/AccessControlServer.d.ts +20 -36
- package/dist/esm/behaviors/access-control/AccessControlServer.d.ts.map +1 -1
- package/dist/esm/behaviors/access-control/AccessControlServer.js +153 -88
- package/dist/esm/behaviors/access-control/AccessControlServer.js.map +1 -1
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.js +8 -19
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.js.map +1 -1
- package/dist/esm/endpoint/properties/Behaviors.d.ts.map +1 -1
- package/dist/esm/endpoint/properties/Behaviors.js +10 -0
- package/dist/esm/endpoint/properties/Behaviors.js.map +1 -1
- package/dist/esm/node/ServerNode.d.ts +2 -2
- package/dist/esm/node/ServerNode.d.ts.map +1 -1
- package/dist/esm/node/ServerNode.js +3 -3
- package/dist/esm/node/ServerNode.js.map +1 -1
- package/dist/esm/node/server/InteractionServer.d.ts.map +1 -1
- package/dist/esm/node/server/InteractionServer.js +10 -44
- package/dist/esm/node/server/InteractionServer.js.map +1 -1
- package/dist/esm/node/server/ProtocolService.js +1 -1
- package/dist/esm/node/server/ProtocolService.js.map +1 -1
- package/dist/esm/node/server/ServerEnvironment.d.ts +3 -0
- package/dist/esm/node/server/ServerEnvironment.d.ts.map +1 -1
- package/dist/esm/node/server/ServerEnvironment.js +12 -2
- package/dist/esm/node/server/ServerEnvironment.js.map +1 -1
- package/package.json +7 -7
- package/src/behavior/Events.ts +8 -3
- package/src/behavior/cluster/ClusterBehaviorUtil.ts +4 -4
- package/src/behavior/cluster/FabricScopedDataHandler.ts +142 -0
- package/src/behavior/cluster/index.ts +1 -0
- package/src/behavior/context/server/OnlineContext.ts +39 -9
- package/src/behavior/state/managed/Datasource.ts +37 -20
- package/src/behavior/supervision/ValueSupervisor.ts +8 -3
- package/src/behaviors/access-control/AccessControlServer.ts +210 -102
- package/src/behaviors/operational-credentials/OperationalCredentialsServer.ts +10 -18
- package/src/endpoint/properties/Behaviors.ts +12 -1
- package/src/node/ServerNode.ts +3 -3
- package/src/node/server/InteractionServer.ts +10 -63
- package/src/node/server/ProtocolService.ts +1 -1
- package/src/node/server/ServerEnvironment.ts +16 -2
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import
|
|
7
|
-
import { AsyncObservable } from "#general";
|
|
6
|
+
import { ActionContext } from "#behavior/context/ActionContext.js";
|
|
7
|
+
import type { AsyncObservable, Transaction } from "#general";
|
|
8
8
|
import { DataModelPath, Schema } from "#model";
|
|
9
9
|
import type { AccessControl, Val } from "#protocol";
|
|
10
10
|
import type { ValidationLocation } from "../state/validation/location.js";
|
|
@@ -73,7 +73,11 @@ export declare namespace ValueSupervisor {
|
|
|
73
73
|
/**
|
|
74
74
|
* If present the session is associated with an online interaction. Emits when the interaction ends.
|
|
75
75
|
*/
|
|
76
|
-
interactionComplete?: AsyncObservable<[]>;
|
|
76
|
+
interactionComplete?: AsyncObservable<[session?: ActionContext]>;
|
|
77
|
+
/**
|
|
78
|
+
* Set to true when the interaction has started and the interactionBegin event was emitted for this session
|
|
79
|
+
*/
|
|
80
|
+
interactionStarted?: boolean;
|
|
77
81
|
/**
|
|
78
82
|
* If true, structs initialize without named properties which are more expensive to install. This is useful
|
|
79
83
|
* when implementing the Matter protocol where ID is the only value necessary.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ValueSupervisor.d.ts","sourceRoot":"","sources":["../../../../src/behavior/supervision/ValueSupervisor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,
|
|
1
|
+
{"version":3,"file":"ValueSupervisor.d.ts","sourceRoot":"","sources":["../../../../src/behavior/supervision/ValueSupervisor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC/C,OAAO,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,eAAe;IAC5B;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,cAAc,CAAC;IAE/B;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAE/B;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,GAAG,SAAS,CAAC;IAExD;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC;IAExC;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC;IAEtC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,IAAI,CAAC;CACvC;AAED,yBAAiB,eAAe,CAAC;IAC7B;;OAEG;IACH,UAAiB,OAAQ,SAAQ,aAAa,CAAC,OAAO;QAClD;;WAEG;QACH,WAAW,EAAE,WAAW,CAAC;QAEzB;;;WAGG;QACH,aAAa,CAAC,EAAE,OAAO,CAAC;QAExB;;WAEG;QACH,mBAAmB,CAAC,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QAEjE;;WAEG;QACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;QAE7B;;;WAGG;QACH,QAAQ,CAAC,EAAE,OAAO,CAAC;KACtB;IAED,KAAY,QAAQ,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,KAAK,IAAI,CAAC;IAE5F,KAAY,MAAM,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,KAAK,GAAG,CAAC;IAEzE,KAAY,KAAK,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,IAAI,EAAE,aAAa,KAAK,GAAG,CAAC;IAElG,KAAY,IAAI,GAAG,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAC;CAC1C"}
|
|
@@ -3,12 +3,10 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { ActionContext } from "#behavior/context/ActionContext.js";
|
|
7
6
|
import { AccessControl as AccessControlTypes } from "#clusters/access-control";
|
|
8
7
|
import { MaybePromise } from "#general";
|
|
9
|
-
import {
|
|
10
|
-
import {
|
|
11
|
-
import { ClusterId } from "#types";
|
|
8
|
+
import { AclEndpointContext, AclEntry, AclList, Fabric, IncomingSubjectDescriptor, MessageExchange } from "#protocol";
|
|
9
|
+
import { ClusterId, FabricIndex, SubjectId } from "#types";
|
|
12
10
|
declare const AccessControlServer_base: import("../../index.js").ClusterBehavior.Type<import("#types").ClusterComposer.WithFeatures<AccessControlTypes.Cluster, readonly ["Extension"]>, import("../../index.js").ClusterBehavior.Type<AccessControlTypes.Cluster, import("../../index.js").ClusterBehavior.Type<import("#types").ClusterType.Of<{
|
|
13
11
|
readonly id: 0;
|
|
14
12
|
readonly revision: 0;
|
|
@@ -19,17 +17,15 @@ declare const AccessControlServer_base: import("../../index.js").ClusterBehavior
|
|
|
19
17
|
}>, typeof import("../../index.js").ClusterBehavior, import("./AccessControlInterface.js").AccessControlInterface>, import("./AccessControlInterface.js").AccessControlInterface>, import("./AccessControlInterface.js").AccessControlInterface>;
|
|
20
18
|
/**
|
|
21
19
|
* This is the default server implementation of AccessControlBehavior.
|
|
20
|
+
*
|
|
21
|
+
* When custom extensions are used, the `extensionEntryValidator` and `extensionEntryAccessCheck` methods can be
|
|
22
|
+
* overridden to implement custom validation and access checks for the extension entries.
|
|
22
23
|
*/
|
|
23
24
|
export declare class AccessControlServer extends AccessControlServer_base {
|
|
24
25
|
#private;
|
|
25
26
|
internal: AccessControlServer.Internal;
|
|
26
27
|
initialize(): MaybePromise;
|
|
27
|
-
|
|
28
|
-
* Implements the access control check for the given context, location and endpoint and is called by the
|
|
29
|
-
* InteractionServer. The method returns the list of granted Access privileges for the given context, location and
|
|
30
|
-
* endpoint.
|
|
31
|
-
*/
|
|
32
|
-
accessLevelsFor(context: ActionContext, location: AccessControl.Location, endpoint?: AclEndpointContext): AccessLevel[];
|
|
28
|
+
addDefaultCaseAcl(fabric: Fabric, subjects: SubjectId[]): void;
|
|
33
29
|
/**
|
|
34
30
|
* This method allows to implement the validation of manufacturer specific ACL extensions when an extension entry is
|
|
35
31
|
* added or changed. The default implementation checks whether the extension is a valid TLV and possible to decode.
|
|
@@ -45,36 +41,24 @@ export declare class AccessControlServer extends AccessControlServer_base {
|
|
|
45
41
|
* The default implementation always returns true. Override this method in your own behavior to implement custom
|
|
46
42
|
* validation.
|
|
47
43
|
*/
|
|
48
|
-
protected extensionEntryAccessCheck(_aclList:
|
|
49
|
-
/**
|
|
50
|
-
* The AccessControlManager instance that is used to manage the ACL for this behavior.
|
|
51
|
-
*/
|
|
52
|
-
get aclManager(): AccessControlManager;
|
|
53
|
-
resetDelayedAccessControlList(): void;
|
|
54
|
-
/**
|
|
55
|
-
* If set to true, the ACL will not be updated immediately when it changes, but only when the `aclUpdateDelayed`
|
|
56
|
-
* property is set to false again.
|
|
57
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
58
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
59
|
-
*/
|
|
60
|
-
get aclUpdateDelayed(): boolean;
|
|
61
|
-
/**
|
|
62
|
-
* If set to true, the ACL will not be updated immediately when it changes, but only when the `aclUpdateDelayed`
|
|
63
|
-
* property is set to false again.
|
|
64
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
65
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
66
|
-
*/
|
|
67
|
-
set aclUpdateDelayed(value: boolean);
|
|
44
|
+
protected extensionEntryAccessCheck(_aclList: AclList, _aclEntry: AclEntry, _subjectDesc: IncomingSubjectDescriptor, _endpoint: AclEndpointContext, _clusterId: ClusterId): boolean;
|
|
68
45
|
}
|
|
69
46
|
export declare namespace AccessControlServer {
|
|
70
47
|
class Internal {
|
|
71
|
-
/**
|
|
72
|
-
|
|
73
|
-
/**
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
48
|
+
/** Is the cluster logic initialized? Used to block events before full initialization. */
|
|
49
|
+
initialized: boolean;
|
|
50
|
+
/**
|
|
51
|
+
* When an online and potentially chunked ACL writing happens, we will delay the update and store the exchange
|
|
52
|
+
* used for the writing. With this we also verify that concurrent writes are blocked and will not mix the data.
|
|
53
|
+
*/
|
|
54
|
+
aclUpdateDelayed: Map<FabricIndex, MessageExchange | undefined>;
|
|
55
|
+
/** Latest delayed data of acl attribute */
|
|
56
|
+
delayedAclData: Map<FabricIndex, AccessControlTypes.AccessControlEntry[]>;
|
|
77
57
|
}
|
|
58
|
+
const ExtensionInterface: {
|
|
59
|
+
extensionEntryValidator: (extension: AccessControlTypes.AccessControlExtension) => void;
|
|
60
|
+
extensionEntryAccessCheck: (aclList: AclList, aclEntry: AclEntry, subjectDesc: IncomingSubjectDescriptor, endpoint: AclEndpointContext, clusterId: ClusterId) => boolean;
|
|
61
|
+
};
|
|
78
62
|
}
|
|
79
63
|
export {};
|
|
80
64
|
//# sourceMappingURL=AccessControlServer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessControlServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/access-control/AccessControlServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"AccessControlServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/access-control/AccessControlServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,aAAa,IAAI,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAmC,YAAY,EAAE,MAAM,UAAU,CAAC;AAEzE,OAAO,EAEH,kBAAkB,EAClB,QAAQ,EACR,OAAO,EACP,MAAM,EAEN,yBAAyB,EACzB,eAAe,EAGlB,MAAM,WAAW,CAAC;AACnB,OAAO,EAEH,SAAS,EAGT,WAAW,EAKX,SAAS,EAGZ,MAAM,QAAQ,CAAC;;;;;;;;;AAKhB;;;;;GAKG;AACH,qBAAa,mBAAoB,SAAQ,wBAAuC;;IACpE,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,CAAC;IAEtC,UAAU,IAAI,YAAY;IA4DnC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IA4RvD;;;;;;;OAOG;IACH,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,kBAAkB,CAAC,sBAAsB;IActF;;;;;OAKG;IACH,SAAS,CAAC,yBAAyB,CAC/B,QAAQ,EAAE,OAAO,EACjB,SAAS,EAAE,QAAQ,EACnB,YAAY,EAAE,yBAAyB,EACvC,SAAS,EAAE,kBAAkB,EAC7B,UAAU,EAAE,SAAS;CA0I5B;AAED,yBAAiB,mBAAmB,CAAC;IACjC,MAAa,QAAQ;QACjB,yFAAyF;QACzF,WAAW,UAAS;QAEpB;;;WAGG;QACH,gBAAgB,gDAAuD;QAEvE,2CAA2C;QAC3C,cAAc,4DAAmE;KACpF;IAEc,MAAM,kBAAkB,EAAE;QACrC,uBAAuB,EAAE,CAAC,SAAS,EAAE,kBAAkB,CAAC,sBAAsB,KAAK,IAAI,CAAC;QACxF,yBAAyB,EAAE,CACvB,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,yBAAyB,EACtC,QAAQ,EAAE,kBAAkB,EAC5B,SAAS,EAAE,SAAS,KACnB,OAAO,CAAC;KAChB,CAAC;CACL"}
|
|
@@ -23,7 +23,6 @@ __export(AccessControlServer_exports, {
|
|
|
23
23
|
module.exports = __toCommonJS(AccessControlServer_exports);
|
|
24
24
|
var import_access_control = require("#clusters/access-control");
|
|
25
25
|
var import_general = require("#general");
|
|
26
|
-
var import_model = require("#model");
|
|
27
26
|
var import_protocol = require("#protocol");
|
|
28
27
|
var import_types = require("#types");
|
|
29
28
|
var import_AccessControlBehavior = require("./AccessControlBehavior.js");
|
|
@@ -45,19 +44,21 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
45
44
|
this.reactTo(lifecycle.online, this.#online);
|
|
46
45
|
}
|
|
47
46
|
#online() {
|
|
47
|
+
const aclsForFabric = this.#mapFabricAcls();
|
|
48
48
|
const fabrics = this.env.get(import_protocol.FabricManager);
|
|
49
|
-
const acl = (0, import_general.deepCopy)(this.state.acl);
|
|
50
|
-
const originalAclLength = acl.length;
|
|
51
49
|
for (const fabric of fabrics) {
|
|
52
|
-
|
|
53
|
-
|
|
50
|
+
const fabricAcls = aclsForFabric.get(fabric.fabricIndex) ?? [];
|
|
51
|
+
if (!fabricAcls.length) {
|
|
52
|
+
const fallbackAcl = {
|
|
54
53
|
fabricIndex: fabric.fabricIndex,
|
|
55
54
|
privilege: import_access_control.AccessControl.AccessControlEntryPrivilege.Administer,
|
|
56
55
|
authMode: import_access_control.AccessControl.AccessControlEntryAuthMode.Case,
|
|
57
56
|
subjects: [fabric.rootNodeId],
|
|
58
57
|
targets: null
|
|
59
58
|
// entire node
|
|
60
|
-
}
|
|
59
|
+
};
|
|
60
|
+
this.state.acl.push(fallbackAcl);
|
|
61
|
+
fabricAcls.push(fallbackAcl);
|
|
61
62
|
logger.warn(
|
|
62
63
|
"Added missing ACL entry for fabric",
|
|
63
64
|
fabric.fabricIndex,
|
|
@@ -66,28 +67,57 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
66
67
|
". This should only happen once after upgrading to matter.js 0.9.1"
|
|
67
68
|
);
|
|
68
69
|
}
|
|
70
|
+
fabric.acl.aclList = fabricAcls;
|
|
71
|
+
fabric.acl.extensionEntryAccessCheck = this.extensionEntryAccessCheck.bind(this);
|
|
69
72
|
}
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
this.internal.aclManager = new import_protocol.AccessControlManager(
|
|
75
|
-
acl,
|
|
76
|
-
(aclList, aclEntry, subjectDesc, endpoint, clusterId) => this.extensionEntryAccessCheck(
|
|
77
|
-
aclList,
|
|
78
|
-
aclEntry,
|
|
79
|
-
subjectDesc,
|
|
80
|
-
endpoint,
|
|
81
|
-
clusterId
|
|
82
|
-
)
|
|
83
|
-
);
|
|
73
|
+
this.reactTo(fabrics.events.updated, this.#updateFabricAcls);
|
|
74
|
+
this.reactTo(fabrics.events.added, this.#updateFabricAcls);
|
|
75
|
+
this.reactTo(this.events.interactionBegin, this.#handleInteractionBegin);
|
|
76
|
+
this.reactTo(this.events.interactionEnd, this.#handleInteractionEnd);
|
|
84
77
|
this.reactTo(this.events.acl$Changed, this.#updateAccessControlList);
|
|
78
|
+
this.internal.initialized = true;
|
|
79
|
+
}
|
|
80
|
+
addDefaultCaseAcl(fabric, subjects) {
|
|
81
|
+
const entry = {
|
|
82
|
+
fabricIndex: fabric.fabricIndex,
|
|
83
|
+
privilege: import_access_control.AccessControl.AccessControlEntryPrivilege.Administer,
|
|
84
|
+
authMode: import_access_control.AccessControl.AccessControlEntryAuthMode.Case,
|
|
85
|
+
subjects,
|
|
86
|
+
targets: null
|
|
87
|
+
// entire node
|
|
88
|
+
};
|
|
89
|
+
this.state.acl.push(entry);
|
|
90
|
+
this.#updateFabricAcls(fabric);
|
|
91
|
+
this.events.accessControlEntryChanged?.emit(
|
|
92
|
+
{
|
|
93
|
+
changeType: import_access_control.AccessControl.ChangeType.Added,
|
|
94
|
+
adminNodeId: null,
|
|
95
|
+
// When we add it, it is always from a PASE session
|
|
96
|
+
adminPasscodeId: 0,
|
|
97
|
+
// When we add it, it is always from a PASE session
|
|
98
|
+
latestValue: entry,
|
|
99
|
+
fabricIndex: fabric.fabricIndex
|
|
100
|
+
},
|
|
101
|
+
this.context
|
|
102
|
+
);
|
|
85
103
|
}
|
|
86
|
-
#validateAccessControlListChanges(value) {
|
|
104
|
+
#validateAccessControlListChanges(value, _oldValue, context) {
|
|
87
105
|
const relevantFabricIndex = this.context.session?.associatedFabric.fabricIndex;
|
|
88
106
|
if (relevantFabricIndex === void 0) {
|
|
89
107
|
return;
|
|
90
108
|
}
|
|
109
|
+
if (context !== void 0 && context.exchange !== void 0) {
|
|
110
|
+
const delayedChangeExchange = this.internal.aclUpdateDelayed.get(relevantFabricIndex);
|
|
111
|
+
if (delayedChangeExchange !== void 0 && delayedChangeExchange !== context.exchange) {
|
|
112
|
+
logger.warn(
|
|
113
|
+
"Decline parallel ACL changes from multiple exchanges",
|
|
114
|
+
context.exchange.id,
|
|
115
|
+
"vs.",
|
|
116
|
+
delayedChangeExchange.id
|
|
117
|
+
);
|
|
118
|
+
throw new import_types.StatusResponseError("Parallel ACL change from multiple exchanges", import_types.StatusCode.Busy);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
91
121
|
const fabricAcls = value.filter((entry) => entry.fabricIndex === relevantFabricIndex);
|
|
92
122
|
if (fabricAcls.length > this.state.accessControlEntriesPerFabric) {
|
|
93
123
|
throw new import_types.StatusResponseError("AccessControlEntriesPerFabric exceeded", import_types.StatusCode.ResourceExhausted);
|
|
@@ -191,7 +221,7 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
191
221
|
return { adminPasscodeId: null, adminNodeId };
|
|
192
222
|
}
|
|
193
223
|
#handleAccessControlListChange(value, oldValue) {
|
|
194
|
-
if (this.internal.
|
|
224
|
+
if (!this.internal.initialized) {
|
|
195
225
|
return;
|
|
196
226
|
}
|
|
197
227
|
const { session } = this.context;
|
|
@@ -246,7 +276,7 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
246
276
|
this.extensionEntryValidator(fabricExtensions[0]);
|
|
247
277
|
}
|
|
248
278
|
#handleAccessControlExtensionChange(value, oldValue) {
|
|
249
|
-
if (this.internal.
|
|
279
|
+
if (!this.internal.initialized) {
|
|
250
280
|
return;
|
|
251
281
|
}
|
|
252
282
|
const { session } = this.context;
|
|
@@ -269,26 +299,6 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
269
299
|
this.context
|
|
270
300
|
);
|
|
271
301
|
}
|
|
272
|
-
/**
|
|
273
|
-
* Implements the access control check for the given context, location and endpoint and is called by the
|
|
274
|
-
* InteractionServer. The method returns the list of granted Access privileges for the given context, location and
|
|
275
|
-
* endpoint.
|
|
276
|
-
*/
|
|
277
|
-
accessLevelsFor(context, location, endpoint) {
|
|
278
|
-
if (location.cluster === void 0) {
|
|
279
|
-
logger.warn("Access control check without cluster, returning View access level");
|
|
280
|
-
return [import_model.AccessLevel.View];
|
|
281
|
-
}
|
|
282
|
-
if (context.session === void 0) {
|
|
283
|
-
logger.warn("Access control check without session, returning View access level");
|
|
284
|
-
return [import_model.AccessLevel.View];
|
|
285
|
-
}
|
|
286
|
-
if (endpoint === void 0) {
|
|
287
|
-
logger.warn("Access control check without endpoint, returning View access level");
|
|
288
|
-
return [import_model.AccessLevel.View];
|
|
289
|
-
}
|
|
290
|
-
return this.aclManager.getGrantedPrivileges(context, endpoint, location.cluster);
|
|
291
|
-
}
|
|
292
302
|
/**
|
|
293
303
|
* This method allows to implement the validation of manufacturer specific ACL extensions when an extension entry is
|
|
294
304
|
* added or changed. The default implementation checks whether the extension is a valid TLV and possible to decode.
|
|
@@ -318,70 +328,126 @@ class AccessControlServer extends import_AccessControlBehavior.AccessControlBeha
|
|
|
318
328
|
extensionEntryAccessCheck(_aclList, _aclEntry, _subjectDesc, _endpoint, _clusterId) {
|
|
319
329
|
return true;
|
|
320
330
|
}
|
|
331
|
+
/** A fabric was added or updated, so we need to initialize the ACL for this fabric */
|
|
332
|
+
#updateFabricAcls(fabric) {
|
|
333
|
+
const fabricIndex = fabric.fabricIndex;
|
|
334
|
+
fabric.acl.aclList = (0, import_general.deepCopy)(this.state.acl).filter((entry) => entry.fabricIndex === fabricIndex);
|
|
335
|
+
}
|
|
336
|
+
/**
|
|
337
|
+
* When beginning an interaction for an online session, we register the potential ACL change for the associated
|
|
338
|
+
* fabric index. If ACL data are really changed later, the exchange gets added then.
|
|
339
|
+
*/
|
|
340
|
+
#handleInteractionBegin(session) {
|
|
341
|
+
if (session !== void 0 && !session.offline && session.fabric !== void 0) {
|
|
342
|
+
this.#prepareAclUpdateFor(session.fabric);
|
|
343
|
+
}
|
|
344
|
+
}
|
|
321
345
|
/**
|
|
322
|
-
*
|
|
346
|
+
* When an interaction is finished, we check if there was a delayed ACL update for the associated fabric and apply
|
|
347
|
+
* it to the manager. For this we check if we have an exchange stored because otherwise the interaction was in fact
|
|
348
|
+
* not changing the ACL.
|
|
323
349
|
*/
|
|
324
|
-
|
|
325
|
-
if (
|
|
326
|
-
|
|
350
|
+
#handleInteractionEnd(session) {
|
|
351
|
+
if (session !== void 0 && !session.offline && session.fabric !== void 0) {
|
|
352
|
+
if (this.internal.aclUpdateDelayed.get(session.fabric) !== void 0) {
|
|
353
|
+
this.#applyDelayedAclUpdateFor(session.fabric);
|
|
354
|
+
}
|
|
355
|
+
}
|
|
356
|
+
}
|
|
357
|
+
/** The ACL list was changed, so we need to determine if and when to apply the update to the ACL manager */
|
|
358
|
+
#updateAccessControlList(acl, _oldAcl, context) {
|
|
359
|
+
if (context === void 0 || context.offline) {
|
|
360
|
+
this.#updateAllFabricsAcls();
|
|
361
|
+
} else {
|
|
362
|
+
const fabric = context.session?.associatedFabric;
|
|
363
|
+
if (fabric === void 0 || fabric.fabricIndex === void 0 || context.exchange === void 0) {
|
|
364
|
+
throw new import_general.InternalError("We require a fabric bound online session to write ACL changes");
|
|
365
|
+
}
|
|
366
|
+
this.#handleFabricAclUpdate(fabric, acl, context.exchange);
|
|
327
367
|
}
|
|
328
|
-
return this.internal.aclManager;
|
|
329
368
|
}
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
369
|
+
/**
|
|
370
|
+
* Handles the ACL update for a specific fabric. If an exchange is present, we delay the update until the
|
|
371
|
+
* interaction is finished.
|
|
372
|
+
*/
|
|
373
|
+
#handleFabricAclUpdate(fabric, acl, exchange) {
|
|
374
|
+
const fabricIndex = fabric.fabricIndex;
|
|
375
|
+
if (this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
376
|
+
logger.debug(
|
|
377
|
+
"ACL attribute updated, but interaction still in progress, delaying update of ACL manager for FabricIndex",
|
|
378
|
+
fabricIndex
|
|
379
|
+
);
|
|
380
|
+
this.#delayAclUpdateFor(fabricIndex, exchange, acl);
|
|
334
381
|
} else {
|
|
335
|
-
logger.
|
|
336
|
-
|
|
382
|
+
logger.debug("ACL attribute updated, applying update to ACL manager", fabricIndex);
|
|
383
|
+
fabric.acl.aclList = (0, import_general.deepCopy)(acl).filter((entry) => entry.fabricIndex === fabricIndex);
|
|
337
384
|
}
|
|
338
385
|
}
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
386
|
+
#mapFabricAcls() {
|
|
387
|
+
const acl = (0, import_general.deepCopy)(this.state.acl);
|
|
388
|
+
const aclsForFabric = /* @__PURE__ */ new Map();
|
|
389
|
+
for (const entry of acl) {
|
|
390
|
+
const { fabricIndex } = entry;
|
|
391
|
+
const acls = aclsForFabric.get(fabricIndex) ?? [];
|
|
392
|
+
acls.push(entry);
|
|
393
|
+
aclsForFabric.set(fabricIndex, acls);
|
|
394
|
+
}
|
|
395
|
+
return aclsForFabric;
|
|
396
|
+
}
|
|
397
|
+
/** Update all fabrics with the current ACL list */
|
|
398
|
+
#updateAllFabricsAcls() {
|
|
399
|
+
const aclsForFabric = this.#mapFabricAcls();
|
|
400
|
+
const fabrics = this.env.get(import_protocol.FabricManager);
|
|
401
|
+
for (const fabric of fabrics) {
|
|
402
|
+
fabric.acl.aclList = aclsForFabric.get(fabric.fabricIndex) ?? [];
|
|
403
|
+
}
|
|
342
404
|
}
|
|
343
405
|
/**
|
|
344
|
-
*
|
|
345
|
-
*
|
|
346
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
347
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
406
|
+
* Register a potential change of ACL for a specific fabric index. if changes happened is checked when interaction
|
|
407
|
+
* ends.
|
|
348
408
|
*/
|
|
349
|
-
|
|
350
|
-
|
|
409
|
+
#prepareAclUpdateFor(fabricIndex) {
|
|
410
|
+
if (!this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
411
|
+
logger.info("Register ACL update to be delayed for fabricIndex", fabricIndex);
|
|
412
|
+
this.internal.aclUpdateDelayed.set(fabricIndex, void 0);
|
|
413
|
+
}
|
|
351
414
|
}
|
|
352
415
|
/**
|
|
353
|
-
*
|
|
354
|
-
*
|
|
355
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
356
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
416
|
+
* Register a concrete change of ACL for a specific fabric index. The exchange allows to also limit ACL changes to
|
|
417
|
+
* that exchange until interaction is finished.
|
|
357
418
|
*/
|
|
358
|
-
|
|
359
|
-
if (!
|
|
360
|
-
logger.info("
|
|
361
|
-
this.#updateDelayedAccessControlList();
|
|
362
|
-
} else if (!this.internal.aclUpdateDelayed) {
|
|
363
|
-
logger.info("Register ACL update to be delayed");
|
|
419
|
+
#delayAclUpdateFor(fabricIndex, exchange, acl) {
|
|
420
|
+
if (!this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
421
|
+
logger.info("Register ACL update to be delayed for fabricIndex", fabricIndex);
|
|
364
422
|
}
|
|
365
|
-
this.internal.aclUpdateDelayed
|
|
423
|
+
this.internal.aclUpdateDelayed.set(fabricIndex, exchange);
|
|
424
|
+
this.internal.delayedAclData.set(
|
|
425
|
+
fabricIndex,
|
|
426
|
+
(0, import_general.deepCopy)(acl).filter((entry) => entry.fabricIndex === fabricIndex)
|
|
427
|
+
);
|
|
366
428
|
}
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
429
|
+
/** Applies the delayed ACL update for a specific fabric index, if existing */
|
|
430
|
+
#applyDelayedAclUpdateFor(fabricIndex) {
|
|
431
|
+
const updateDelayed = !!this.internal.aclUpdateDelayed.get(fabricIndex);
|
|
432
|
+
const delayedData = this.internal.delayedAclData.get(fabricIndex);
|
|
433
|
+
this.internal.delayedAclData.delete(fabricIndex);
|
|
434
|
+
this.internal.aclUpdateDelayed.delete(fabricIndex);
|
|
435
|
+
if (updateDelayed && delayedData !== void 0) {
|
|
436
|
+
this.env.get(import_protocol.FabricManager).for(fabricIndex).acl.aclList = delayedData;
|
|
370
437
|
}
|
|
371
|
-
const delayedData = (0, import_general.deepCopy)(this.internal.delayedAclData);
|
|
372
|
-
this.internal.delayedAclData = void 0;
|
|
373
|
-
logger.info("Updating ACL manager with ACL", delayedData);
|
|
374
|
-
this.aclManager.updateAccessControlList(delayedData);
|
|
375
438
|
}
|
|
376
439
|
}
|
|
377
440
|
((AccessControlServer2) => {
|
|
378
441
|
class Internal {
|
|
379
|
-
/**
|
|
380
|
-
|
|
381
|
-
/**
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
442
|
+
/** Is the cluster logic initialized? Used to block events before full initialization. */
|
|
443
|
+
initialized = false;
|
|
444
|
+
/**
|
|
445
|
+
* When an online and potentially chunked ACL writing happens, we will delay the update and store the exchange
|
|
446
|
+
* used for the writing. With this we also verify that concurrent writes are blocked and will not mix the data.
|
|
447
|
+
*/
|
|
448
|
+
aclUpdateDelayed = /* @__PURE__ */ new Map();
|
|
449
|
+
/** Latest delayed data of acl attribute */
|
|
450
|
+
delayedAclData = /* @__PURE__ */ new Map();
|
|
385
451
|
}
|
|
386
452
|
AccessControlServer2.Internal = Internal;
|
|
387
453
|
})(AccessControlServer || (AccessControlServer = {}));
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/behaviors/access-control/AccessControlServer.ts"],
|
|
4
|
-
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,4BAAoD;AACpD,qBAA8D;
|
|
4
|
+
"mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,4BAAoD;AACpD,qBAA8D;AAE9D,sBAWO;AACP,mBAaO;AACP,mCAAsC;AApCtC;AAAA;AAAA;AAAA;AAAA;AAsCA,MAAM,SAAS,sBAAO,IAAI,qBAAqB;AAQxC,MAAM,4BAA4B,mDAAsB,KAAK,WAAW,EAAE;AAAA,EAGpE,aAA2B;AAChC,SAAK,QAAQ,KAAK,OAAO,cAAc,KAAK,iCAAiC;AAC7E,SAAK,QAAQ,KAAK,OAAO,aAAa,KAAK,8BAA8B;AACzE,QACI,KAAK,MAAM,cAAc,UACzB,KAAK,OAAO,uBAAuB,UACnC,KAAK,OAAO,sBAAsB,QACpC;AACE,WAAK,QAAQ,KAAK,OAAO,oBAAoB,KAAK,sCAAsC;AACxF,WAAK,QAAQ,KAAK,OAAO,mBAAmB,KAAK,mCAAmC;AAAA,IACxF;AAEA,UAAM,YAAY,KAAK,SAAS;AAChC,SAAK,QAAQ,UAAU,QAAQ,KAAK,OAAO;AAAA,EAC/C;AAAA,EAEA,UAAU;AACN,UAAM,gBAAgB,KAAK,eAAe;AAG1C,UAAM,UAAU,KAAK,IAAI,IAAI,6BAAa;AAC1C,eAAW,UAAU,SAAS;AAC1B,YAAM,aAAa,cAAc,IAAI,OAAO,WAAW,KAAK,CAAC;AAE7D,UAAI,CAAC,WAAW,QAAQ;AAGpB,cAAM,cAAqD;AAAA,UACvD,aAAa,OAAO;AAAA,UACpB,WAAW,sBAAAA,cAAmB,4BAA4B;AAAA,UAC1D,UAAU,sBAAAA,cAAmB,2BAA2B;AAAA,UACxD,UAAU,CAAC,OAAO,UAAU;AAAA,UAC5B,SAAS;AAAA;AAAA,QACb;AACA,aAAK,MAAM,IAAI,KAAK,WAAW;AAC/B,mBAAW,KAAK,WAAW;AAC3B,eAAO;AAAA,UACH;AAAA,UACA,OAAO;AAAA,UACP;AAAA,UACA,OAAO;AAAA,UACP;AAAA,QACJ;AAAA,MACJ;AACA,aAAO,IAAI,UAAU;AACrB,aAAO,IAAI,4BAA4B,KAAK,0BAA0B,KAAK,IAAI;AAAA,IACnF;AAGA,SAAK,QAAQ,QAAQ,OAAO,SAAS,KAAK,iBAAiB;AAC3D,SAAK,QAAQ,QAAQ,OAAO,OAAO,KAAK,iBAAiB;AAEzD,SAAK,QAAQ,KAAK,OAAO,kBAAkB,KAAK,uBAAuB;AACvE,SAAK,QAAQ,KAAK,OAAO,gBAAgB,KAAK,qBAAqB;AAEnE,SAAK,QAAQ,KAAK,OAAO,aAAa,KAAK,wBAAwB;AAEnE,SAAK,SAAS,cAAc;AAAA,EAChC;AAAA,EAEA,kBAAkB,QAAgB,UAAuB;AACrD,UAAM,QAAQ;AAAA,MACV,aAAa,OAAO;AAAA,MACpB,WAAW,sBAAAA,cAAmB,4BAA4B;AAAA,MAC1D,UAAU,sBAAAA,cAAmB,2BAA2B;AAAA,MACxD;AAAA,MACA,SAAS;AAAA;AAAA,IACb;AACA,SAAK,MAAM,IAAI,KAAK,KAAK;AACzB,SAAK,kBAAkB,MAAM;AAG7B,SAAK,OAAO,2BAA2B;AAAA,MACnC;AAAA,QACI,YAAY,sBAAAA,cAAmB,WAAW;AAAA,QAC1C,aAAa;AAAA;AAAA,QACb,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA,KAAK;AAAA,IACT;AAAA,EACJ;AAAA,EAEA,kCACI,OACA,WACA,SACF;AAGE,UAAM,sBAAsB,KAAK,QAAQ,SAAS,iBAAiB;AAEnE,QAAI,wBAAwB,QAAW;AACnC;AAAA,IACJ;AACA,QAAI,YAAY,UAAa,QAAQ,aAAa,QAAW;AACzD,YAAM,wBAAwB,KAAK,SAAS,iBAAiB,IAAI,mBAAmB;AACpF,UAAI,0BAA0B,UAAa,0BAA0B,QAAQ,UAAU;AAGnF,eAAO;AAAA,UACH;AAAA,UACA,QAAQ,SAAS;AAAA,UACjB;AAAA,UACA,sBAAsB;AAAA,QAC1B;AACA,cAAM,IAAI,iCAAoB,+CAA+C,wBAAW,IAAI;AAAA,MAChG;AAAA,IACJ;AAEA,UAAM,aAAa,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAClF,QAAI,WAAW,SAAS,KAAK,MAAM,+BAA+B;AAC9D,YAAM,IAAI,iCAAoB,0CAA0C,wBAAW,iBAAiB;AAAA,IACxG;AAEA,eAAW,SAAS,YAAY;AAE5B,UAAI,MAAM,aAAa,QAAQ,MAAM,SAAS,WAAW,GAAG;AACxD,cAAM,WAAW;AAAA,MACrB;AACA,UAAI,MAAM,YAAY,QAAQ,MAAM,QAAQ,WAAW,GAAG;AACtD,cAAM,UAAU;AAAA,MACpB;AACA,YAAM,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI;AACnD,UAAI,aAAa,QAAQ,SAAS,SAAS,KAAK,MAAM,+BAA+B;AACjF,cAAM,IAAI,iCAAoB,0CAA0C,wBAAW,iBAAiB;AAAA,MACxG;AAEA,UAAI,YAAY,QAAQ,QAAQ,SAAS,KAAK,MAAM,8BAA8B;AAC9E,cAAM,IAAI,iCAAoB,yCAAyC,wBAAW,iBAAiB;AAAA,MACvG;AAEA,UAAI,aAAa,sBAAAA,cAAmB,2BAA2B,MAAM;AACjE,cAAM,IAAI,iCAAoB,qCAAqC,wBAAW,eAAe;AAAA,MACjG,WAAW,aAAa,sBAAAA,cAAmB,2BAA2B,MAAM;AACxE,YAAI,aAAa,MAAM;AACnB,qBAAW,WAAW,UAAU;AAC5B,gBAAI,oBAAO,uBAAuB,OAAO,GAAG;AACxC,oBAAM,MAAM,oBAAO,8BAA8B,OAAO;AACxD,kBAAI,kCAAqB,WAAW,GAAG,MAAM,GAAG;AAC5C,sBAAM,IAAI;AAAA,kBACN;AAAA,kBACA,wBAAW;AAAA,gBACf;AAAA,cACJ;AAAA,YACJ,WAAW,CAAC,oBAAO,oBAAoB,OAAO,GAAG;AAC7C,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,wBAAW;AAAA,cACf;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ,WAAW,aAAa,sBAAAA,cAAmB,2BAA2B,OAAO;AACzE,YAAI,cAAc,sBAAAA,cAAmB,4BAA4B,YAAY;AACzE,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,wBAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,aAAa,MAAM;AACnB,qBAAW,WAAW,UAAU;AAC5B,oBAAI,sBAAQ,OAAO,OAAO,CAAC,MAAM,qBAAQ,aAAa;AAClD,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,wBAAW;AAAA,cACf;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAAA,MAEJ;AAEA,UAAI,YAAY,MAAM;AAClB,mBAAW,UAAU,SAAS;AAC1B,gBAAM,EAAE,SAAS,UAAU,WAAW,IAAI;AAC1C,cAAI,eAAe,QAAQ,aAAa,MAAM;AAC1C,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,wBAAW;AAAA,YACf;AAAA,UACJ;AACA,cAAI,YAAY,QAAQ,aAAa,QAAQ,eAAe,MAAM;AAC9D,kBAAM,IAAI,iCAAoB,sCAAsC,wBAAW,eAAe;AAAA,UAClG;AACA,cAAI,YAAY,QAAQ,CAAC,uBAAU,QAAQ,OAAO,GAAG;AACjD,kBAAM,IAAI,iCAAoB,qCAAqC,wBAAW,eAAe;AAAA,UACjG;AACA,cAAI,aAAa,QAAQ,CAAC,4BAAe,QAAQ,QAAQ,GAAG;AACxD,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,wBAAW;AAAA,YACf;AAAA,UACJ;AACA,cAAI,eAAe,QAAQ,CAAC,0BAAa,QAAQ,UAAU,GAAG;AAC1D,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,wBAAW;AAAA,YACf;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAsB,SAAoC;AACtD,QAAI,YAAY,UAAc,4BAAY,GAAG,OAAO,KAAK,QAAQ,QAAS;AACtE,aAAO,EAAE,iBAAiB,GAAG,aAAa,KAAK;AAAA,IACnD;AACA,UAAM,cAAc,SAAS,iBAAiB;AAC9C,QAAI,gBAAgB,QAAW;AAC3B,YAAM,IAAI,6BAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,EAAE,iBAAiB,MAAM,YAAY;AAAA,EAChD;AAAA,EAEA,+BACI,OACA,UACF;AACE,QAAI,CAAC,KAAK,SAAS,aAAa;AAC5B;AAAA,IACJ;AACA,UAAM,EAAE,QAAQ,IAAI,KAAK;AAIzB,UAAM,sBAAsB,SAAS,iBAAiB;AAEtD,QAAI,wBAAwB,UAAa,KAAK,OAAO,8BAA8B,QAAW;AAC1F;AAAA,IACJ;AACA,UAAM,EAAE,iBAAiB,YAAY,IAAI,KAAK,sBAAsB,OAAO;AAC3E,UAAM,aAAa,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAClF,UAAM,gBAAgB,SAAS,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAExF,QAAI,IAAI;AACR,WAAO,IAAI,WAAW,QAAQ,KAAK;AAC/B,YAAM,aACF,cAAc,CAAC,MAAM,SACf,sBAAAA,cAAmB,WAAW,QAC9B,WAAW,CAAC,MAAM,SAChB,sBAAAA,cAAmB,WAAW,UAC9B,sBAAAA,cAAmB,WAAW;AAC1C,WAAK,OAAO,0BAA0B;AAAA,QAClC;AAAA,UACI;AAAA,UACA;AAAA,UACA;AAAA,UACA,cACK,eAAe,sBAAAA,cAAmB,WAAW,UAAU,cAAc,CAAC,IAAI,WAAW,CAAC,MACvF;AAAA,UACJ,aAAa;AAAA,QACjB;AAAA,QACA,KAAK;AAAA,MACT;AAAA,IACJ;AACA,QAAI,cAAc,SAAS,GAAG;AAC1B,eAAS,IAAI,cAAc,SAAS,GAAG,KAAK,GAAG,KAAK;AAChD,aAAK,OAAO,0BAA0B;AAAA,UAClC;AAAA,YACI,YAAY,sBAAAA,cAAmB,WAAW;AAAA,YAC1C;AAAA,YACA;AAAA,YACA,aAAa,SAAS,CAAC;AAAA,YACvB,aAAa;AAAA,UACjB;AAAA,UACA,KAAK;AAAA,QACT;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,uCAAuC,OAAoD;AAGvF,UAAM,sBAAsB,KAAK,QAAQ,SAAS,iBAAiB;AAEnE,QAAI,wBAAwB,QAAW;AACnC;AAAA,IACJ;AAEA,UAAM,mBAAmB,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAExF,QAAI,iBAAiB,WAAW,GAAG;AAC/B;AAAA,IACJ;AACA,QAAI,iBAAiB,SAAS,GAAG;AAC7B,YAAM,IAAI,iCAAoB,8CAA8C,wBAAW,eAAe;AAAA,IAC1G;AAGA,SAAK,wBAAwB,iBAAiB,CAAC,CAAC;AAAA,EACpD;AAAA,EAEA,oCACI,OACA,UACF;AACE,QAAI,CAAC,KAAK,SAAS,aAAa;AAC5B;AAAA,IACJ;AACA,UAAM,EAAE,QAAQ,IAAI,KAAK;AAIzB,UAAM,sBAAsB,SAAS,iBAAiB;AAEtD,QAAI,wBAAwB,UAAa,KAAK,OAAO,kCAAkC,QAAW;AAC9F;AAAA,IACJ;AACA,UAAM,EAAE,iBAAiB,YAAY,IAAI,KAAK,sBAAsB,OAAO;AAE3E,UAAM,mBAAmB,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AACxF,UAAM,sBAAsB,SAAS,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAE9F,UAAM,aACF,iBAAiB,SAAS,oBAAoB,SACxC,sBAAAA,cAAmB,WAAW,QAC9B,iBAAiB,SAAS,oBAAoB,SAC5C,sBAAAA,cAAmB,WAAW,UAC9B,sBAAAA,cAAmB,WAAW;AAE1C,SAAK,OAAO,8BAA8B;AAAA,MACtC;AAAA,QACI;AAAA,QACA;AAAA,QACA;AAAA,QACA,cACK,eAAe,sBAAAA,cAAmB,WAAW,UACxC,oBAAoB,CAAC,IACrB,iBAAiB,CAAC,MAAM;AAAA,QAClC,aAAa;AAAA,MACjB;AAAA,MACA,KAAK;AAAA,IACT;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUU,wBAAwB,WAAsD;AACpF,UAAM,EAAE,KAAK,IAAI;AACjB,QAAI,KAAK,SAAS,KAAK,KAAK,CAAC,MAAM,qBAAQ,QAAQ,KAAK,KAAK,SAAS,CAAC,MAAM,qBAAQ,gBAAgB;AAEjG,YAAM,IAAI,iCAAoB,iCAAiC,wBAAW,eAAe;AAAA,IAC7F;AACA,QAAI;AACA,sCAAc,CAAC,GAA8C,IAAI,EAAE,OAAO,IAAI;AAAA,IAClF,SAAS,OAAO;AACZ,aAAO,MAAM,kCAAkC,KAAK;AACpD,YAAM,IAAI,iCAAoB,iCAAiC,wBAAW,eAAe;AAAA,IAC7F;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQU,0BACN,UACA,WACA,cACA,WACA,YACF;AACE,WAAO;AAAA,EACX;AAAA;AAAA,EAGA,kBAAkB,QAAgB;AAC9B,UAAM,cAAc,OAAO;AAC3B,WAAO,IAAI,cAAU,yBAAS,KAAK,MAAM,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,wBAAwB,SAAiC;AACrD,QAAI,YAAY,UAAa,CAAC,QAAQ,WAAW,QAAQ,WAAW,QAAW;AAC3E,WAAK,qBAAqB,QAAQ,MAAM;AAAA,IAC5C;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAsB,SAAiC;AACnD,QAAI,YAAY,UAAa,CAAC,QAAQ,WAAW,QAAQ,WAAW,QAAW;AAC3E,UAAI,KAAK,SAAS,iBAAiB,IAAI,QAAQ,MAAM,MAAM,QAAW;AAClE,aAAK,0BAA0B,QAAQ,MAAM;AAAA,MACjD;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGA,yBACI,KACA,SACA,SACF;AACE,QAAI,YAAY,UAAa,QAAQ,SAAS;AAE1C,WAAK,sBAAsB;AAAA,IAC/B,OAAO;AACH,YAAM,SAAS,QAAQ,SAAS;AAChC,UAAI,WAAW,UAAa,OAAO,gBAAgB,UAAa,QAAQ,aAAa,QAAW;AAC5F,cAAM,IAAI,6BAAc,+DAA+D;AAAA,MAC3F;AACA,WAAK,uBAAuB,QAAQ,KAAK,QAAQ,QAAQ;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,uBAAuB,QAAgB,KAA8C,UAA2B;AAC5G,UAAM,cAAc,OAAO;AAC3B,QAAI,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAEjD,aAAO;AAAA,QACH;AAAA,QACA;AAAA,MACJ;AACA,WAAK,mBAAmB,aAAa,UAAU,GAAG;AAAA,IACtD,OAAO;AAEH,aAAO,MAAM,yDAAyD,WAAW;AAEjF,aAAO,IAAI,cAAU,yBAAS,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,IACxF;AAAA,EACJ;AAAA,EAEA,iBAAiB;AACb,UAAM,UAAM,yBAAS,KAAK,MAAM,GAAG;AACnC,UAAM,gBAAgB,oBAAI,IAA0D;AAEpF,eAAW,SAAS,KAAK;AACrB,YAAM,EAAE,YAAY,IAAI;AACxB,YAAM,OAAO,cAAc,IAAI,WAAW,KAAK,CAAC;AAChD,WAAK,KAAK,KAAK;AACf,oBAAc,IAAI,aAAa,IAAI;AAAA,IACvC;AACA,WAAO;AAAA,EACX;AAAA;AAAA,EAGA,wBAAwB;AACpB,UAAM,gBAAgB,KAAK,eAAe;AAE1C,UAAM,UAAU,KAAK,IAAI,IAAI,6BAAa;AAC1C,eAAW,UAAU,SAAS;AAE1B,aAAO,IAAI,UAAU,cAAc,IAAI,OAAO,WAAW,KAAK,CAAC;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,qBAAqB,aAA0B;AAC3C,QAAI,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAClD,aAAO,KAAK,qDAAqD,WAAW;AAC5E,WAAK,SAAS,iBAAiB,IAAI,aAAa,MAAS;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACI,aACA,UACA,KACF;AACE,QAAI,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAClD,aAAO,KAAK,qDAAqD,WAAW;AAAA,IAChF;AACA,SAAK,SAAS,iBAAiB,IAAI,aAAa,QAAQ;AACxD,SAAK,SAAS,eAAe;AAAA,MACzB;AAAA,UACA,yBAAS,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA,EAGA,0BAA0B,aAA0B;AAChD,UAAM,gBAAgB,CAAC,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW;AACtE,UAAM,cAAc,KAAK,SAAS,eAAe,IAAI,WAAW;AAEhE,SAAK,SAAS,eAAe,OAAO,WAAW;AAC/C,SAAK,SAAS,iBAAiB,OAAO,WAAW;AACjD,QAAI,iBAAiB,gBAAgB,QAAW;AAC5C,WAAK,IAAI,IAAI,6BAAa,EAAE,IAAI,WAAW,EAAE,IAAI,UAAU;AAAA,IAC/D;AAAA,EACJ;AACJ;AAAA,CAEO,CAAUC,yBAAV;AAAA,EACI,MAAM,SAAS;AAAA;AAAA,IAElB,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,IAMd,mBAAmB,oBAAI,IAA8C;AAAA;AAAA,IAGrE,iBAAiB,oBAAI,IAA0D;AAAA,EACnF;AAZO,EAAAA,qBAAM;AAAA,GADA;",
|
|
5
5
|
"names": ["AccessControlTypes", "AccessControlServer"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OperationalCredentialsServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/operational-credentials/OperationalCredentialsServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;
|
|
1
|
+
{"version":3,"file":"OperationalCredentialsServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/operational-credentials/OperationalCredentialsServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAI3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAA8C,YAAY,EAAuB,MAAM,UAAU,CAAC;AAGzG,OAAO,EAEH,mBAAmB,EAYnB,GAAG,EACN,MAAM,WAAW,CAAC;AACnB,OAAO,EAEH,WAAW,EASd,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AA8BrF;;;;;;;GAOG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;;IACpE,QAAQ,EAAE,4BAA4B,CAAC,QAAQ,CAAC;IAChD,KAAK,EAAE,4BAA4B,CAAC,KAAK,CAAC;IAEzC,UAAU,IAAI,YAAY;IAUpB,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,EAAE,sBAAsB,CAAC,kBAAkB;;;;IAqBlF,UAAU,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,sBAAsB,CAAC,UAAU;;;;IAiC1E,uBAAuB,CAAC,EAAE,eAAe,EAAE,EAAE,sBAAsB,CAAC,uBAAuB;;;IAmD3F,MAAM,CAAC,EAClB,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,gBAAgB,EAChB,aAAa,GAChB,EAAE,sBAAsB,CAAC,aAAa;IAiGxB,SAAS,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sBAAsB,CAAC,gBAAgB;IA6D1E,iBAAiB,CAAC,EAAE,KAAK,EAAE,EAAE,sBAAsB,CAAC,wBAAwB;;;;;;;;;IAkB5E,YAAY,CAAC,EAAE,WAAW,EAAE,EAAE,sBAAsB,CAAC,mBAAmB;;;;;;;;;IAmBxE,yBAAyB,CAAC,EACrC,iBAAiB,GACpB,EAAE,sBAAsB,CAAC,gCAAgC;IAiEpD,gBAAgB;CA4CzB;AAED,yBAAiB,4BAA4B,CAAC;IAC1C,MAAa,QAAQ;QACjB,aAAa,CAAC,EAAE,mBAAmB,CAAC;QACpC,kBAAkB,CAAC,EAAE,WAAW,CAAC;KACpC;IAED,MAAa,KAAM,SAAQ,8BAA8B,CAAC,KAAK;QAC3D;;;;;;;;WAQG;QACH,aAAa,CAAC,EAAE,mBAAmB,CAAC,UAAU,CAAa;QAE3D,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,CAAC,OAAO;;;KAOzE;CACJ"}
|
|
@@ -24,7 +24,6 @@ module.exports = __toCommonJS(OperationalCredentialsServer_exports);
|
|
|
24
24
|
var import_CommissioningServer = require("#behavior/system/commissioning/CommissioningServer.js");
|
|
25
25
|
var import_ProductDescriptionServer = require("#behavior/system/product-description/ProductDescriptionServer.js");
|
|
26
26
|
var import_access_control = require("#behaviors/access-control");
|
|
27
|
-
var import_access_control2 = require("#clusters/access-control");
|
|
28
27
|
var import_operational_credentials = require("#clusters/operational-credentials");
|
|
29
28
|
var import_general = require("#general");
|
|
30
29
|
var import_model = require("#model");
|
|
@@ -72,15 +71,13 @@ class OperationalCredentialsServer extends import_OperationalCredentialsBehavior
|
|
|
72
71
|
const certification = await this.getCertification();
|
|
73
72
|
const session = this.session;
|
|
74
73
|
import_protocol.NodeSession.assert(session);
|
|
75
|
-
const
|
|
74
|
+
const attestationElements = import_protocol.TlvAttestation.encode({
|
|
76
75
|
declaration: certification.declaration,
|
|
77
76
|
attestationNonce,
|
|
78
77
|
timestamp: 0
|
|
79
78
|
});
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
attestationSignature: await certification.sign(session, elements)
|
|
83
|
-
};
|
|
79
|
+
const attestationSignature = await certification.sign(session, attestationElements);
|
|
80
|
+
return { attestationElements, attestationSignature };
|
|
84
81
|
}
|
|
85
82
|
async csrRequest({ csrNonce, isForUpdateNoc }) {
|
|
86
83
|
if (csrNonce.length !== 32) {
|
|
@@ -205,15 +202,7 @@ class OperationalCredentialsServer extends import_OperationalCredentialsBehavior
|
|
|
205
202
|
logger.info("Building fabric for addNoc failed", error);
|
|
206
203
|
return this.#mapNocErrors(error);
|
|
207
204
|
}
|
|
208
|
-
|
|
209
|
-
aclCluster.state.acl.push({
|
|
210
|
-
fabricIndex: fabric.fabricIndex,
|
|
211
|
-
privilege: import_access_control2.AccessControl.AccessControlEntryPrivilege.Administer,
|
|
212
|
-
authMode: import_access_control2.AccessControl.AccessControlEntryAuthMode.Case,
|
|
213
|
-
subjects: [caseAdminSubject],
|
|
214
|
-
targets: null
|
|
215
|
-
// entire node
|
|
216
|
-
});
|
|
205
|
+
await this.endpoint.act((agent) => agent.get(import_access_control.AccessControlServer).addDefaultCaseAcl(fabric, [caseAdminSubject]));
|
|
217
206
|
const session = this.session;
|
|
218
207
|
import_protocol.NodeSession.assert(session);
|
|
219
208
|
await failsafeContext.addFabric(fabric);
|
|
@@ -271,11 +260,11 @@ class OperationalCredentialsServer extends import_OperationalCredentialsBehavior
|
|
|
271
260
|
);
|
|
272
261
|
}
|
|
273
262
|
try {
|
|
274
|
-
const
|
|
275
|
-
await timedOp.updateFabric(
|
|
263
|
+
const updatedFabric = await timedOp.buildUpdatedFabric(nocValue, icacValue);
|
|
264
|
+
await timedOp.updateFabric(updatedFabric);
|
|
276
265
|
return {
|
|
277
266
|
statusCode: import_operational_credentials.OperationalCredentials.NodeOperationalCertStatus.Ok,
|
|
278
|
-
fabricIndex:
|
|
267
|
+
fabricIndex: updatedFabric.fabricIndex
|
|
279
268
|
};
|
|
280
269
|
} catch (error) {
|
|
281
270
|
logger.info("Building fabric for updateNoc failed", error);
|
|
@@ -329,7 +318,7 @@ class OperationalCredentialsServer extends import_OperationalCredentialsBehavior
|
|
|
329
318
|
try {
|
|
330
319
|
await failsafeContext.setRootCert(rootCaCertificate);
|
|
331
320
|
} catch (error) {
|
|
332
|
-
logger.info("
|
|
321
|
+
logger.info("Error installing root certificate:", error);
|
|
333
322
|
if (error instanceof import_general.CryptoVerifyError || error instanceof import_protocol.CertificateError || error instanceof import_types.ValidationError || error instanceof import_general.UnexpectedDataError) {
|
|
334
323
|
throw new import_types.StatusResponseError(error.message, import_types.StatusCode.InvalidCommand);
|
|
335
324
|
}
|