@matter/node 0.14.1-alpha.0-20250607-a93593303 → 0.15.0-alpha.0-20250613-a55f991d4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/behavior/Events.d.ts +8 -3
- package/dist/cjs/behavior/Events.d.ts.map +1 -1
- package/dist/cjs/behavior/Events.js +5 -1
- package/dist/cjs/behavior/Events.js.map +1 -1
- package/dist/cjs/behavior/cluster/ClusterBehaviorUtil.js +3 -3
- package/dist/cjs/behavior/cluster/ClusterBehaviorUtil.js.map +1 -1
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.d.ts +16 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.d.ts.map +1 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.js +119 -0
- package/dist/cjs/behavior/cluster/FabricScopedDataHandler.js.map +6 -0
- package/dist/cjs/behavior/cluster/index.d.ts +1 -0
- package/dist/cjs/behavior/cluster/index.d.ts.map +1 -1
- package/dist/cjs/behavior/cluster/index.js +1 -0
- package/dist/cjs/behavior/cluster/index.js.map +1 -1
- package/dist/cjs/behavior/context/server/OnlineContext.d.ts +2 -1
- package/dist/cjs/behavior/context/server/OnlineContext.d.ts.map +1 -1
- package/dist/cjs/behavior/context/server/OnlineContext.js +22 -7
- package/dist/cjs/behavior/context/server/OnlineContext.js.map +1 -1
- package/dist/cjs/behavior/state/managed/Datasource.d.ts +6 -5
- package/dist/cjs/behavior/state/managed/Datasource.d.ts.map +1 -1
- package/dist/cjs/behavior/state/managed/Datasource.js +25 -14
- package/dist/cjs/behavior/state/managed/Datasource.js.map +1 -1
- package/dist/cjs/behavior/supervision/ValueSupervisor.d.ts +7 -3
- package/dist/cjs/behavior/supervision/ValueSupervisor.d.ts.map +1 -1
- package/dist/cjs/behaviors/access-control/AccessControlServer.d.ts +20 -36
- package/dist/cjs/behaviors/access-control/AccessControlServer.d.ts.map +1 -1
- package/dist/cjs/behaviors/access-control/AccessControlServer.js +153 -87
- package/dist/cjs/behaviors/access-control/AccessControlServer.js.map +1 -1
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.js +8 -19
- package/dist/cjs/behaviors/operational-credentials/OperationalCredentialsServer.js.map +2 -2
- package/dist/cjs/endpoint/properties/Behaviors.d.ts.map +1 -1
- package/dist/cjs/endpoint/properties/Behaviors.js +10 -0
- package/dist/cjs/endpoint/properties/Behaviors.js.map +1 -1
- package/dist/cjs/node/ServerNode.d.ts +2 -2
- package/dist/cjs/node/ServerNode.d.ts.map +1 -1
- package/dist/cjs/node/ServerNode.js +2 -2
- package/dist/cjs/node/server/InteractionServer.d.ts.map +1 -1
- package/dist/cjs/node/server/InteractionServer.js +10 -44
- package/dist/cjs/node/server/InteractionServer.js.map +2 -2
- package/dist/cjs/node/server/ProtocolService.js +1 -1
- package/dist/cjs/node/server/ProtocolService.js.map +1 -1
- package/dist/cjs/node/server/ServerEnvironment.d.ts +3 -0
- package/dist/cjs/node/server/ServerEnvironment.d.ts.map +1 -1
- package/dist/cjs/node/server/ServerEnvironment.js +12 -2
- package/dist/cjs/node/server/ServerEnvironment.js.map +1 -1
- package/dist/esm/behavior/Events.d.ts +8 -3
- package/dist/esm/behavior/Events.d.ts.map +1 -1
- package/dist/esm/behavior/Events.js +5 -2
- package/dist/esm/behavior/Events.js.map +1 -1
- package/dist/esm/behavior/cluster/ClusterBehaviorUtil.js +4 -4
- package/dist/esm/behavior/cluster/ClusterBehaviorUtil.js.map +1 -1
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.d.ts +16 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.d.ts.map +1 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.js +99 -0
- package/dist/esm/behavior/cluster/FabricScopedDataHandler.js.map +6 -0
- package/dist/esm/behavior/cluster/index.d.ts +1 -0
- package/dist/esm/behavior/cluster/index.d.ts.map +1 -1
- package/dist/esm/behavior/cluster/index.js +1 -0
- package/dist/esm/behavior/cluster/index.js.map +1 -1
- package/dist/esm/behavior/context/server/OnlineContext.d.ts +2 -1
- package/dist/esm/behavior/context/server/OnlineContext.d.ts.map +1 -1
- package/dist/esm/behavior/context/server/OnlineContext.js +29 -9
- package/dist/esm/behavior/context/server/OnlineContext.js.map +1 -1
- package/dist/esm/behavior/state/managed/Datasource.d.ts +6 -5
- package/dist/esm/behavior/state/managed/Datasource.d.ts.map +1 -1
- package/dist/esm/behavior/state/managed/Datasource.js +25 -14
- package/dist/esm/behavior/state/managed/Datasource.js.map +1 -1
- package/dist/esm/behavior/supervision/ValueSupervisor.d.ts +7 -3
- package/dist/esm/behavior/supervision/ValueSupervisor.d.ts.map +1 -1
- package/dist/esm/behaviors/access-control/AccessControlServer.d.ts +20 -36
- package/dist/esm/behaviors/access-control/AccessControlServer.d.ts.map +1 -1
- package/dist/esm/behaviors/access-control/AccessControlServer.js +153 -88
- package/dist/esm/behaviors/access-control/AccessControlServer.js.map +1 -1
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.js +8 -19
- package/dist/esm/behaviors/operational-credentials/OperationalCredentialsServer.js.map +1 -1
- package/dist/esm/endpoint/properties/Behaviors.d.ts.map +1 -1
- package/dist/esm/endpoint/properties/Behaviors.js +10 -0
- package/dist/esm/endpoint/properties/Behaviors.js.map +1 -1
- package/dist/esm/node/ServerNode.d.ts +2 -2
- package/dist/esm/node/ServerNode.d.ts.map +1 -1
- package/dist/esm/node/ServerNode.js +3 -3
- package/dist/esm/node/ServerNode.js.map +1 -1
- package/dist/esm/node/server/InteractionServer.d.ts.map +1 -1
- package/dist/esm/node/server/InteractionServer.js +10 -44
- package/dist/esm/node/server/InteractionServer.js.map +1 -1
- package/dist/esm/node/server/ProtocolService.js +1 -1
- package/dist/esm/node/server/ProtocolService.js.map +1 -1
- package/dist/esm/node/server/ServerEnvironment.d.ts +3 -0
- package/dist/esm/node/server/ServerEnvironment.d.ts.map +1 -1
- package/dist/esm/node/server/ServerEnvironment.js +12 -2
- package/dist/esm/node/server/ServerEnvironment.js.map +1 -1
- package/package.json +7 -7
- package/src/behavior/Events.ts +8 -3
- package/src/behavior/cluster/ClusterBehaviorUtil.ts +4 -4
- package/src/behavior/cluster/FabricScopedDataHandler.ts +142 -0
- package/src/behavior/cluster/index.ts +1 -0
- package/src/behavior/context/server/OnlineContext.ts +39 -9
- package/src/behavior/state/managed/Datasource.ts +37 -20
- package/src/behavior/supervision/ValueSupervisor.ts +8 -3
- package/src/behaviors/access-control/AccessControlServer.ts +210 -102
- package/src/behaviors/operational-credentials/OperationalCredentialsServer.ts +10 -18
- package/src/endpoint/properties/Behaviors.ts +12 -1
- package/src/node/ServerNode.ts +3 -3
- package/src/node/server/InteractionServer.ts +10 -63
- package/src/node/server/ProtocolService.ts +1 -1
- package/src/node/server/ServerEnvironment.ts +16 -2
|
@@ -3,12 +3,10 @@
|
|
|
3
3
|
* Copyright 2022-2025 Matter.js Authors
|
|
4
4
|
* SPDX-License-Identifier: Apache-2.0
|
|
5
5
|
*/
|
|
6
|
-
import { ActionContext } from "#behavior/context/ActionContext.js";
|
|
7
6
|
import { AccessControl as AccessControlTypes } from "#clusters/access-control";
|
|
8
7
|
import { MaybePromise } from "#general";
|
|
9
|
-
import {
|
|
10
|
-
import {
|
|
11
|
-
import { ClusterId } from "#types";
|
|
8
|
+
import { AclEndpointContext, AclEntry, AclList, Fabric, IncomingSubjectDescriptor, MessageExchange } from "#protocol";
|
|
9
|
+
import { ClusterId, FabricIndex, SubjectId } from "#types";
|
|
12
10
|
declare const AccessControlServer_base: import("../../index.js").ClusterBehavior.Type<import("#types").ClusterComposer.WithFeatures<AccessControlTypes.Cluster, readonly ["Extension"]>, import("../../index.js").ClusterBehavior.Type<AccessControlTypes.Cluster, import("../../index.js").ClusterBehavior.Type<import("#types").ClusterType.Of<{
|
|
13
11
|
readonly id: 0;
|
|
14
12
|
readonly revision: 0;
|
|
@@ -19,17 +17,15 @@ declare const AccessControlServer_base: import("../../index.js").ClusterBehavior
|
|
|
19
17
|
}>, typeof import("../../index.js").ClusterBehavior, import("./AccessControlInterface.js").AccessControlInterface>, import("./AccessControlInterface.js").AccessControlInterface>, import("./AccessControlInterface.js").AccessControlInterface>;
|
|
20
18
|
/**
|
|
21
19
|
* This is the default server implementation of AccessControlBehavior.
|
|
20
|
+
*
|
|
21
|
+
* When custom extensions are used, the `extensionEntryValidator` and `extensionEntryAccessCheck` methods can be
|
|
22
|
+
* overridden to implement custom validation and access checks for the extension entries.
|
|
22
23
|
*/
|
|
23
24
|
export declare class AccessControlServer extends AccessControlServer_base {
|
|
24
25
|
#private;
|
|
25
26
|
internal: AccessControlServer.Internal;
|
|
26
27
|
initialize(): MaybePromise;
|
|
27
|
-
|
|
28
|
-
* Implements the access control check for the given context, location and endpoint and is called by the
|
|
29
|
-
* InteractionServer. The method returns the list of granted Access privileges for the given context, location and
|
|
30
|
-
* endpoint.
|
|
31
|
-
*/
|
|
32
|
-
accessLevelsFor(context: ActionContext, location: AccessControl.Location, endpoint?: AclEndpointContext): AccessLevel[];
|
|
28
|
+
addDefaultCaseAcl(fabric: Fabric, subjects: SubjectId[]): void;
|
|
33
29
|
/**
|
|
34
30
|
* This method allows to implement the validation of manufacturer specific ACL extensions when an extension entry is
|
|
35
31
|
* added or changed. The default implementation checks whether the extension is a valid TLV and possible to decode.
|
|
@@ -45,36 +41,24 @@ export declare class AccessControlServer extends AccessControlServer_base {
|
|
|
45
41
|
* The default implementation always returns true. Override this method in your own behavior to implement custom
|
|
46
42
|
* validation.
|
|
47
43
|
*/
|
|
48
|
-
protected extensionEntryAccessCheck(_aclList:
|
|
49
|
-
/**
|
|
50
|
-
* The AccessControlManager instance that is used to manage the ACL for this behavior.
|
|
51
|
-
*/
|
|
52
|
-
get aclManager(): AccessControlManager;
|
|
53
|
-
resetDelayedAccessControlList(): void;
|
|
54
|
-
/**
|
|
55
|
-
* If set to true, the ACL will not be updated immediately when it changes, but only when the `aclUpdateDelayed`
|
|
56
|
-
* property is set to false again.
|
|
57
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
58
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
59
|
-
*/
|
|
60
|
-
get aclUpdateDelayed(): boolean;
|
|
61
|
-
/**
|
|
62
|
-
* If set to true, the ACL will not be updated immediately when it changes, but only when the `aclUpdateDelayed`
|
|
63
|
-
* property is set to false again.
|
|
64
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
65
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
66
|
-
*/
|
|
67
|
-
set aclUpdateDelayed(value: boolean);
|
|
44
|
+
protected extensionEntryAccessCheck(_aclList: AclList, _aclEntry: AclEntry, _subjectDesc: IncomingSubjectDescriptor, _endpoint: AclEndpointContext, _clusterId: ClusterId): boolean;
|
|
68
45
|
}
|
|
69
46
|
export declare namespace AccessControlServer {
|
|
70
47
|
class Internal {
|
|
71
|
-
/**
|
|
72
|
-
|
|
73
|
-
/**
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
48
|
+
/** Is the cluster logic initialized? Used to block events before full initialization. */
|
|
49
|
+
initialized: boolean;
|
|
50
|
+
/**
|
|
51
|
+
* When an online and potentially chunked ACL writing happens, we will delay the update and store the exchange
|
|
52
|
+
* used for the writing. With this we also verify that concurrent writes are blocked and will not mix the data.
|
|
53
|
+
*/
|
|
54
|
+
aclUpdateDelayed: Map<FabricIndex, MessageExchange | undefined>;
|
|
55
|
+
/** Latest delayed data of acl attribute */
|
|
56
|
+
delayedAclData: Map<FabricIndex, AccessControlTypes.AccessControlEntry[]>;
|
|
77
57
|
}
|
|
58
|
+
const ExtensionInterface: {
|
|
59
|
+
extensionEntryValidator: (extension: AccessControlTypes.AccessControlExtension) => void;
|
|
60
|
+
extensionEntryAccessCheck: (aclList: AclList, aclEntry: AclEntry, subjectDesc: IncomingSubjectDescriptor, endpoint: AclEndpointContext, clusterId: ClusterId) => boolean;
|
|
61
|
+
};
|
|
78
62
|
}
|
|
79
63
|
export {};
|
|
80
64
|
//# sourceMappingURL=AccessControlServer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AccessControlServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/access-control/AccessControlServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;
|
|
1
|
+
{"version":3,"file":"AccessControlServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/access-control/AccessControlServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,aAAa,IAAI,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC/E,OAAO,EAAmC,YAAY,EAAE,MAAM,UAAU,CAAC;AAEzE,OAAO,EAEH,kBAAkB,EAClB,QAAQ,EACR,OAAO,EACP,MAAM,EAEN,yBAAyB,EACzB,eAAe,EAGlB,MAAM,WAAW,CAAC;AACnB,OAAO,EAEH,SAAS,EAGT,WAAW,EAKX,SAAS,EAGZ,MAAM,QAAQ,CAAC;;;;;;;;;AAKhB;;;;;GAKG;AACH,qBAAa,mBAAoB,SAAQ,wBAAuC;;IACpE,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,CAAC;IAEtC,UAAU,IAAI,YAAY;IA4DnC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE;IA4RvD;;;;;;;OAOG;IACH,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,kBAAkB,CAAC,sBAAsB;IActF;;;;;OAKG;IACH,SAAS,CAAC,yBAAyB,CAC/B,QAAQ,EAAE,OAAO,EACjB,SAAS,EAAE,QAAQ,EACnB,YAAY,EAAE,yBAAyB,EACvC,SAAS,EAAE,kBAAkB,EAC7B,UAAU,EAAE,SAAS;CA0I5B;AAED,yBAAiB,mBAAmB,CAAC;IACjC,MAAa,QAAQ;QACjB,yFAAyF;QACzF,WAAW,UAAS;QAEpB;;;WAGG;QACH,gBAAgB,gDAAuD;QAEvE,2CAA2C;QAC3C,cAAc,4DAAmE;KACpF;IAEc,MAAM,kBAAkB,EAAE;QACrC,uBAAuB,EAAE,CAAC,SAAS,EAAE,kBAAkB,CAAC,sBAAsB,KAAK,IAAI,CAAC;QACxF,yBAAyB,EAAE,CACvB,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,yBAAyB,EACtC,QAAQ,EAAE,kBAAkB,EAC5B,SAAS,EAAE,SAAS,KACnB,OAAO,CAAC;KAChB,CAAC;CACL"}
|
|
@@ -5,9 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import { AccessControl as AccessControlTypes } from "#clusters/access-control";
|
|
7
7
|
import { deepCopy, InternalError, Logger } from "#general";
|
|
8
|
-
import { AccessLevel } from "#model";
|
|
9
8
|
import {
|
|
10
|
-
AccessControlManager,
|
|
11
9
|
FabricManager,
|
|
12
10
|
NodeSession
|
|
13
11
|
} from "#protocol";
|
|
@@ -37,19 +35,21 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
37
35
|
this.reactTo(lifecycle.online, this.#online);
|
|
38
36
|
}
|
|
39
37
|
#online() {
|
|
38
|
+
const aclsForFabric = this.#mapFabricAcls();
|
|
40
39
|
const fabrics = this.env.get(FabricManager);
|
|
41
|
-
const acl = deepCopy(this.state.acl);
|
|
42
|
-
const originalAclLength = acl.length;
|
|
43
40
|
for (const fabric of fabrics) {
|
|
44
|
-
|
|
45
|
-
|
|
41
|
+
const fabricAcls = aclsForFabric.get(fabric.fabricIndex) ?? [];
|
|
42
|
+
if (!fabricAcls.length) {
|
|
43
|
+
const fallbackAcl = {
|
|
46
44
|
fabricIndex: fabric.fabricIndex,
|
|
47
45
|
privilege: AccessControlTypes.AccessControlEntryPrivilege.Administer,
|
|
48
46
|
authMode: AccessControlTypes.AccessControlEntryAuthMode.Case,
|
|
49
47
|
subjects: [fabric.rootNodeId],
|
|
50
48
|
targets: null
|
|
51
49
|
// entire node
|
|
52
|
-
}
|
|
50
|
+
};
|
|
51
|
+
this.state.acl.push(fallbackAcl);
|
|
52
|
+
fabricAcls.push(fallbackAcl);
|
|
53
53
|
logger.warn(
|
|
54
54
|
"Added missing ACL entry for fabric",
|
|
55
55
|
fabric.fabricIndex,
|
|
@@ -58,28 +58,57 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
58
58
|
". This should only happen once after upgrading to matter.js 0.9.1"
|
|
59
59
|
);
|
|
60
60
|
}
|
|
61
|
+
fabric.acl.aclList = fabricAcls;
|
|
62
|
+
fabric.acl.extensionEntryAccessCheck = this.extensionEntryAccessCheck.bind(this);
|
|
61
63
|
}
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
this.internal.aclManager = new AccessControlManager(
|
|
67
|
-
acl,
|
|
68
|
-
(aclList, aclEntry, subjectDesc, endpoint, clusterId) => this.extensionEntryAccessCheck(
|
|
69
|
-
aclList,
|
|
70
|
-
aclEntry,
|
|
71
|
-
subjectDesc,
|
|
72
|
-
endpoint,
|
|
73
|
-
clusterId
|
|
74
|
-
)
|
|
75
|
-
);
|
|
64
|
+
this.reactTo(fabrics.events.updated, this.#updateFabricAcls);
|
|
65
|
+
this.reactTo(fabrics.events.added, this.#updateFabricAcls);
|
|
66
|
+
this.reactTo(this.events.interactionBegin, this.#handleInteractionBegin);
|
|
67
|
+
this.reactTo(this.events.interactionEnd, this.#handleInteractionEnd);
|
|
76
68
|
this.reactTo(this.events.acl$Changed, this.#updateAccessControlList);
|
|
69
|
+
this.internal.initialized = true;
|
|
70
|
+
}
|
|
71
|
+
addDefaultCaseAcl(fabric, subjects) {
|
|
72
|
+
const entry = {
|
|
73
|
+
fabricIndex: fabric.fabricIndex,
|
|
74
|
+
privilege: AccessControlTypes.AccessControlEntryPrivilege.Administer,
|
|
75
|
+
authMode: AccessControlTypes.AccessControlEntryAuthMode.Case,
|
|
76
|
+
subjects,
|
|
77
|
+
targets: null
|
|
78
|
+
// entire node
|
|
79
|
+
};
|
|
80
|
+
this.state.acl.push(entry);
|
|
81
|
+
this.#updateFabricAcls(fabric);
|
|
82
|
+
this.events.accessControlEntryChanged?.emit(
|
|
83
|
+
{
|
|
84
|
+
changeType: AccessControlTypes.ChangeType.Added,
|
|
85
|
+
adminNodeId: null,
|
|
86
|
+
// When we add it, it is always from a PASE session
|
|
87
|
+
adminPasscodeId: 0,
|
|
88
|
+
// When we add it, it is always from a PASE session
|
|
89
|
+
latestValue: entry,
|
|
90
|
+
fabricIndex: fabric.fabricIndex
|
|
91
|
+
},
|
|
92
|
+
this.context
|
|
93
|
+
);
|
|
77
94
|
}
|
|
78
|
-
#validateAccessControlListChanges(value) {
|
|
95
|
+
#validateAccessControlListChanges(value, _oldValue, context) {
|
|
79
96
|
const relevantFabricIndex = this.context.session?.associatedFabric.fabricIndex;
|
|
80
97
|
if (relevantFabricIndex === void 0) {
|
|
81
98
|
return;
|
|
82
99
|
}
|
|
100
|
+
if (context !== void 0 && context.exchange !== void 0) {
|
|
101
|
+
const delayedChangeExchange = this.internal.aclUpdateDelayed.get(relevantFabricIndex);
|
|
102
|
+
if (delayedChangeExchange !== void 0 && delayedChangeExchange !== context.exchange) {
|
|
103
|
+
logger.warn(
|
|
104
|
+
"Decline parallel ACL changes from multiple exchanges",
|
|
105
|
+
context.exchange.id,
|
|
106
|
+
"vs.",
|
|
107
|
+
delayedChangeExchange.id
|
|
108
|
+
);
|
|
109
|
+
throw new StatusResponseError("Parallel ACL change from multiple exchanges", StatusCode.Busy);
|
|
110
|
+
}
|
|
111
|
+
}
|
|
83
112
|
const fabricAcls = value.filter((entry) => entry.fabricIndex === relevantFabricIndex);
|
|
84
113
|
if (fabricAcls.length > this.state.accessControlEntriesPerFabric) {
|
|
85
114
|
throw new StatusResponseError("AccessControlEntriesPerFabric exceeded", StatusCode.ResourceExhausted);
|
|
@@ -183,7 +212,7 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
183
212
|
return { adminPasscodeId: null, adminNodeId };
|
|
184
213
|
}
|
|
185
214
|
#handleAccessControlListChange(value, oldValue) {
|
|
186
|
-
if (this.internal.
|
|
215
|
+
if (!this.internal.initialized) {
|
|
187
216
|
return;
|
|
188
217
|
}
|
|
189
218
|
const { session } = this.context;
|
|
@@ -238,7 +267,7 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
238
267
|
this.extensionEntryValidator(fabricExtensions[0]);
|
|
239
268
|
}
|
|
240
269
|
#handleAccessControlExtensionChange(value, oldValue) {
|
|
241
|
-
if (this.internal.
|
|
270
|
+
if (!this.internal.initialized) {
|
|
242
271
|
return;
|
|
243
272
|
}
|
|
244
273
|
const { session } = this.context;
|
|
@@ -261,26 +290,6 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
261
290
|
this.context
|
|
262
291
|
);
|
|
263
292
|
}
|
|
264
|
-
/**
|
|
265
|
-
* Implements the access control check for the given context, location and endpoint and is called by the
|
|
266
|
-
* InteractionServer. The method returns the list of granted Access privileges for the given context, location and
|
|
267
|
-
* endpoint.
|
|
268
|
-
*/
|
|
269
|
-
accessLevelsFor(context, location, endpoint) {
|
|
270
|
-
if (location.cluster === void 0) {
|
|
271
|
-
logger.warn("Access control check without cluster, returning View access level");
|
|
272
|
-
return [AccessLevel.View];
|
|
273
|
-
}
|
|
274
|
-
if (context.session === void 0) {
|
|
275
|
-
logger.warn("Access control check without session, returning View access level");
|
|
276
|
-
return [AccessLevel.View];
|
|
277
|
-
}
|
|
278
|
-
if (endpoint === void 0) {
|
|
279
|
-
logger.warn("Access control check without endpoint, returning View access level");
|
|
280
|
-
return [AccessLevel.View];
|
|
281
|
-
}
|
|
282
|
-
return this.aclManager.getGrantedPrivileges(context, endpoint, location.cluster);
|
|
283
|
-
}
|
|
284
293
|
/**
|
|
285
294
|
* This method allows to implement the validation of manufacturer specific ACL extensions when an extension entry is
|
|
286
295
|
* added or changed. The default implementation checks whether the extension is a valid TLV and possible to decode.
|
|
@@ -310,70 +319,126 @@ class AccessControlServer extends AccessControlBehavior.with("Extension") {
|
|
|
310
319
|
extensionEntryAccessCheck(_aclList, _aclEntry, _subjectDesc, _endpoint, _clusterId) {
|
|
311
320
|
return true;
|
|
312
321
|
}
|
|
322
|
+
/** A fabric was added or updated, so we need to initialize the ACL for this fabric */
|
|
323
|
+
#updateFabricAcls(fabric) {
|
|
324
|
+
const fabricIndex = fabric.fabricIndex;
|
|
325
|
+
fabric.acl.aclList = deepCopy(this.state.acl).filter((entry) => entry.fabricIndex === fabricIndex);
|
|
326
|
+
}
|
|
327
|
+
/**
|
|
328
|
+
* When beginning an interaction for an online session, we register the potential ACL change for the associated
|
|
329
|
+
* fabric index. If ACL data are really changed later, the exchange gets added then.
|
|
330
|
+
*/
|
|
331
|
+
#handleInteractionBegin(session) {
|
|
332
|
+
if (session !== void 0 && !session.offline && session.fabric !== void 0) {
|
|
333
|
+
this.#prepareAclUpdateFor(session.fabric);
|
|
334
|
+
}
|
|
335
|
+
}
|
|
313
336
|
/**
|
|
314
|
-
*
|
|
337
|
+
* When an interaction is finished, we check if there was a delayed ACL update for the associated fabric and apply
|
|
338
|
+
* it to the manager. For this we check if we have an exchange stored because otherwise the interaction was in fact
|
|
339
|
+
* not changing the ACL.
|
|
315
340
|
*/
|
|
316
|
-
|
|
317
|
-
if (
|
|
318
|
-
|
|
341
|
+
#handleInteractionEnd(session) {
|
|
342
|
+
if (session !== void 0 && !session.offline && session.fabric !== void 0) {
|
|
343
|
+
if (this.internal.aclUpdateDelayed.get(session.fabric) !== void 0) {
|
|
344
|
+
this.#applyDelayedAclUpdateFor(session.fabric);
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
}
|
|
348
|
+
/** The ACL list was changed, so we need to determine if and when to apply the update to the ACL manager */
|
|
349
|
+
#updateAccessControlList(acl, _oldAcl, context) {
|
|
350
|
+
if (context === void 0 || context.offline) {
|
|
351
|
+
this.#updateAllFabricsAcls();
|
|
352
|
+
} else {
|
|
353
|
+
const fabric = context.session?.associatedFabric;
|
|
354
|
+
if (fabric === void 0 || fabric.fabricIndex === void 0 || context.exchange === void 0) {
|
|
355
|
+
throw new InternalError("We require a fabric bound online session to write ACL changes");
|
|
356
|
+
}
|
|
357
|
+
this.#handleFabricAclUpdate(fabric, acl, context.exchange);
|
|
319
358
|
}
|
|
320
|
-
return this.internal.aclManager;
|
|
321
359
|
}
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
360
|
+
/**
|
|
361
|
+
* Handles the ACL update for a specific fabric. If an exchange is present, we delay the update until the
|
|
362
|
+
* interaction is finished.
|
|
363
|
+
*/
|
|
364
|
+
#handleFabricAclUpdate(fabric, acl, exchange) {
|
|
365
|
+
const fabricIndex = fabric.fabricIndex;
|
|
366
|
+
if (this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
367
|
+
logger.debug(
|
|
368
|
+
"ACL attribute updated, but interaction still in progress, delaying update of ACL manager for FabricIndex",
|
|
369
|
+
fabricIndex
|
|
370
|
+
);
|
|
371
|
+
this.#delayAclUpdateFor(fabricIndex, exchange, acl);
|
|
326
372
|
} else {
|
|
327
|
-
logger.
|
|
328
|
-
|
|
373
|
+
logger.debug("ACL attribute updated, applying update to ACL manager", fabricIndex);
|
|
374
|
+
fabric.acl.aclList = deepCopy(acl).filter((entry) => entry.fabricIndex === fabricIndex);
|
|
329
375
|
}
|
|
330
376
|
}
|
|
331
|
-
|
|
332
|
-
this.
|
|
333
|
-
|
|
377
|
+
#mapFabricAcls() {
|
|
378
|
+
const acl = deepCopy(this.state.acl);
|
|
379
|
+
const aclsForFabric = /* @__PURE__ */ new Map();
|
|
380
|
+
for (const entry of acl) {
|
|
381
|
+
const { fabricIndex } = entry;
|
|
382
|
+
const acls = aclsForFabric.get(fabricIndex) ?? [];
|
|
383
|
+
acls.push(entry);
|
|
384
|
+
aclsForFabric.set(fabricIndex, acls);
|
|
385
|
+
}
|
|
386
|
+
return aclsForFabric;
|
|
387
|
+
}
|
|
388
|
+
/** Update all fabrics with the current ACL list */
|
|
389
|
+
#updateAllFabricsAcls() {
|
|
390
|
+
const aclsForFabric = this.#mapFabricAcls();
|
|
391
|
+
const fabrics = this.env.get(FabricManager);
|
|
392
|
+
for (const fabric of fabrics) {
|
|
393
|
+
fabric.acl.aclList = aclsForFabric.get(fabric.fabricIndex) ?? [];
|
|
394
|
+
}
|
|
334
395
|
}
|
|
335
396
|
/**
|
|
336
|
-
*
|
|
337
|
-
*
|
|
338
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
339
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
397
|
+
* Register a potential change of ACL for a specific fabric index. if changes happened is checked when interaction
|
|
398
|
+
* ends.
|
|
340
399
|
*/
|
|
341
|
-
|
|
342
|
-
|
|
400
|
+
#prepareAclUpdateFor(fabricIndex) {
|
|
401
|
+
if (!this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
402
|
+
logger.info("Register ACL update to be delayed for fabricIndex", fabricIndex);
|
|
403
|
+
this.internal.aclUpdateDelayed.set(fabricIndex, void 0);
|
|
404
|
+
}
|
|
343
405
|
}
|
|
344
406
|
/**
|
|
345
|
-
*
|
|
346
|
-
*
|
|
347
|
-
* This is a hack to prevent the ACL from updating while we are in the middle of a write transaction and will be
|
|
348
|
-
* removed again once we somehow handle relevant sub transactions.
|
|
407
|
+
* Register a concrete change of ACL for a specific fabric index. The exchange allows to also limit ACL changes to
|
|
408
|
+
* that exchange until interaction is finished.
|
|
349
409
|
*/
|
|
350
|
-
|
|
351
|
-
if (!
|
|
352
|
-
logger.info("
|
|
353
|
-
this.#updateDelayedAccessControlList();
|
|
354
|
-
} else if (!this.internal.aclUpdateDelayed) {
|
|
355
|
-
logger.info("Register ACL update to be delayed");
|
|
410
|
+
#delayAclUpdateFor(fabricIndex, exchange, acl) {
|
|
411
|
+
if (!this.internal.aclUpdateDelayed.has(fabricIndex)) {
|
|
412
|
+
logger.info("Register ACL update to be delayed for fabricIndex", fabricIndex);
|
|
356
413
|
}
|
|
357
|
-
this.internal.aclUpdateDelayed
|
|
414
|
+
this.internal.aclUpdateDelayed.set(fabricIndex, exchange);
|
|
415
|
+
this.internal.delayedAclData.set(
|
|
416
|
+
fabricIndex,
|
|
417
|
+
deepCopy(acl).filter((entry) => entry.fabricIndex === fabricIndex)
|
|
418
|
+
);
|
|
358
419
|
}
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
420
|
+
/** Applies the delayed ACL update for a specific fabric index, if existing */
|
|
421
|
+
#applyDelayedAclUpdateFor(fabricIndex) {
|
|
422
|
+
const updateDelayed = !!this.internal.aclUpdateDelayed.get(fabricIndex);
|
|
423
|
+
const delayedData = this.internal.delayedAclData.get(fabricIndex);
|
|
424
|
+
this.internal.delayedAclData.delete(fabricIndex);
|
|
425
|
+
this.internal.aclUpdateDelayed.delete(fabricIndex);
|
|
426
|
+
if (updateDelayed && delayedData !== void 0) {
|
|
427
|
+
this.env.get(FabricManager).for(fabricIndex).acl.aclList = delayedData;
|
|
362
428
|
}
|
|
363
|
-
const delayedData = deepCopy(this.internal.delayedAclData);
|
|
364
|
-
this.internal.delayedAclData = void 0;
|
|
365
|
-
logger.info("Updating ACL manager with ACL", delayedData);
|
|
366
|
-
this.aclManager.updateAccessControlList(delayedData);
|
|
367
429
|
}
|
|
368
430
|
}
|
|
369
431
|
((AccessControlServer2) => {
|
|
370
432
|
class Internal {
|
|
371
|
-
/**
|
|
372
|
-
|
|
373
|
-
/**
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
433
|
+
/** Is the cluster logic initialized? Used to block events before full initialization. */
|
|
434
|
+
initialized = false;
|
|
435
|
+
/**
|
|
436
|
+
* When an online and potentially chunked ACL writing happens, we will delay the update and store the exchange
|
|
437
|
+
* used for the writing. With this we also verify that concurrent writes are blocked and will not mix the data.
|
|
438
|
+
*/
|
|
439
|
+
aclUpdateDelayed = /* @__PURE__ */ new Map();
|
|
440
|
+
/** Latest delayed data of acl attribute */
|
|
441
|
+
delayedAclData = /* @__PURE__ */ new Map();
|
|
377
442
|
}
|
|
378
443
|
AccessControlServer2.Internal = Internal;
|
|
379
444
|
})(AccessControlServer || (AccessControlServer = {}));
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/behaviors/access-control/AccessControlServer.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,SAAS,iBAAiB,0BAA0B;AACpD,SAAS,UAAU,eAAe,cAA4B;
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,SAAS,iBAAiB,0BAA0B;AACpD,SAAS,UAAU,eAAe,cAA4B;AAE9D;AAAA,EAMI;AAAA,EAGA;AAAA,OAEG;AACP;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,OACG;AACP,SAAS,6BAA6B;AAEtC,MAAM,SAAS,OAAO,IAAI,qBAAqB;AAQxC,MAAM,4BAA4B,sBAAsB,KAAK,WAAW,EAAE;AAAA,EAGpE,aAA2B;AAChC,SAAK,QAAQ,KAAK,OAAO,cAAc,KAAK,iCAAiC;AAC7E,SAAK,QAAQ,KAAK,OAAO,aAAa,KAAK,8BAA8B;AACzE,QACI,KAAK,MAAM,cAAc,UACzB,KAAK,OAAO,uBAAuB,UACnC,KAAK,OAAO,sBAAsB,QACpC;AACE,WAAK,QAAQ,KAAK,OAAO,oBAAoB,KAAK,sCAAsC;AACxF,WAAK,QAAQ,KAAK,OAAO,mBAAmB,KAAK,mCAAmC;AAAA,IACxF;AAEA,UAAM,YAAY,KAAK,SAAS;AAChC,SAAK,QAAQ,UAAU,QAAQ,KAAK,OAAO;AAAA,EAC/C;AAAA,EAEA,UAAU;AACN,UAAM,gBAAgB,KAAK,eAAe;AAG1C,UAAM,UAAU,KAAK,IAAI,IAAI,aAAa;AAC1C,eAAW,UAAU,SAAS;AAC1B,YAAM,aAAa,cAAc,IAAI,OAAO,WAAW,KAAK,CAAC;AAE7D,UAAI,CAAC,WAAW,QAAQ;AAGpB,cAAM,cAAqD;AAAA,UACvD,aAAa,OAAO;AAAA,UACpB,WAAW,mBAAmB,4BAA4B;AAAA,UAC1D,UAAU,mBAAmB,2BAA2B;AAAA,UACxD,UAAU,CAAC,OAAO,UAAU;AAAA,UAC5B,SAAS;AAAA;AAAA,QACb;AACA,aAAK,MAAM,IAAI,KAAK,WAAW;AAC/B,mBAAW,KAAK,WAAW;AAC3B,eAAO;AAAA,UACH;AAAA,UACA,OAAO;AAAA,UACP;AAAA,UACA,OAAO;AAAA,UACP;AAAA,QACJ;AAAA,MACJ;AACA,aAAO,IAAI,UAAU;AACrB,aAAO,IAAI,4BAA4B,KAAK,0BAA0B,KAAK,IAAI;AAAA,IACnF;AAGA,SAAK,QAAQ,QAAQ,OAAO,SAAS,KAAK,iBAAiB;AAC3D,SAAK,QAAQ,QAAQ,OAAO,OAAO,KAAK,iBAAiB;AAEzD,SAAK,QAAQ,KAAK,OAAO,kBAAkB,KAAK,uBAAuB;AACvE,SAAK,QAAQ,KAAK,OAAO,gBAAgB,KAAK,qBAAqB;AAEnE,SAAK,QAAQ,KAAK,OAAO,aAAa,KAAK,wBAAwB;AAEnE,SAAK,SAAS,cAAc;AAAA,EAChC;AAAA,EAEA,kBAAkB,QAAgB,UAAuB;AACrD,UAAM,QAAQ;AAAA,MACV,aAAa,OAAO;AAAA,MACpB,WAAW,mBAAmB,4BAA4B;AAAA,MAC1D,UAAU,mBAAmB,2BAA2B;AAAA,MACxD;AAAA,MACA,SAAS;AAAA;AAAA,IACb;AACA,SAAK,MAAM,IAAI,KAAK,KAAK;AACzB,SAAK,kBAAkB,MAAM;AAG7B,SAAK,OAAO,2BAA2B;AAAA,MACnC;AAAA,QACI,YAAY,mBAAmB,WAAW;AAAA,QAC1C,aAAa;AAAA;AAAA,QACb,iBAAiB;AAAA;AAAA,QACjB,aAAa;AAAA,QACb,aAAa,OAAO;AAAA,MACxB;AAAA,MACA,KAAK;AAAA,IACT;AAAA,EACJ;AAAA,EAEA,kCACI,OACA,WACA,SACF;AAGE,UAAM,sBAAsB,KAAK,QAAQ,SAAS,iBAAiB;AAEnE,QAAI,wBAAwB,QAAW;AACnC;AAAA,IACJ;AACA,QAAI,YAAY,UAAa,QAAQ,aAAa,QAAW;AACzD,YAAM,wBAAwB,KAAK,SAAS,iBAAiB,IAAI,mBAAmB;AACpF,UAAI,0BAA0B,UAAa,0BAA0B,QAAQ,UAAU;AAGnF,eAAO;AAAA,UACH;AAAA,UACA,QAAQ,SAAS;AAAA,UACjB;AAAA,UACA,sBAAsB;AAAA,QAC1B;AACA,cAAM,IAAI,oBAAoB,+CAA+C,WAAW,IAAI;AAAA,MAChG;AAAA,IACJ;AAEA,UAAM,aAAa,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAClF,QAAI,WAAW,SAAS,KAAK,MAAM,+BAA+B;AAC9D,YAAM,IAAI,oBAAoB,0CAA0C,WAAW,iBAAiB;AAAA,IACxG;AAEA,eAAW,SAAS,YAAY;AAE5B,UAAI,MAAM,aAAa,QAAQ,MAAM,SAAS,WAAW,GAAG;AACxD,cAAM,WAAW;AAAA,MACrB;AACA,UAAI,MAAM,YAAY,QAAQ,MAAM,QAAQ,WAAW,GAAG;AACtD,cAAM,UAAU;AAAA,MACpB;AACA,YAAM,EAAE,WAAW,UAAU,SAAS,SAAS,IAAI;AACnD,UAAI,aAAa,QAAQ,SAAS,SAAS,KAAK,MAAM,+BAA+B;AACjF,cAAM,IAAI,oBAAoB,0CAA0C,WAAW,iBAAiB;AAAA,MACxG;AAEA,UAAI,YAAY,QAAQ,QAAQ,SAAS,KAAK,MAAM,8BAA8B;AAC9E,cAAM,IAAI,oBAAoB,yCAAyC,WAAW,iBAAiB;AAAA,MACvG;AAEA,UAAI,aAAa,mBAAmB,2BAA2B,MAAM;AACjE,cAAM,IAAI,oBAAoB,qCAAqC,WAAW,eAAe;AAAA,MACjG,WAAW,aAAa,mBAAmB,2BAA2B,MAAM;AACxE,YAAI,aAAa,MAAM;AACnB,qBAAW,WAAW,UAAU;AAC5B,gBAAI,OAAO,uBAAuB,OAAO,GAAG;AACxC,oBAAM,MAAM,OAAO,8BAA8B,OAAO;AACxD,kBAAI,qBAAqB,WAAW,GAAG,MAAM,GAAG;AAC5C,sBAAM,IAAI;AAAA,kBACN;AAAA,kBACA,WAAW;AAAA,gBACf;AAAA,cACJ;AAAA,YACJ,WAAW,CAAC,OAAO,oBAAoB,OAAO,GAAG;AAC7C,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ,WAAW,aAAa,mBAAmB,2BAA2B,OAAO;AACzE,YAAI,cAAc,mBAAmB,4BAA4B,YAAY;AACzE,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,WAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,aAAa,MAAM;AACnB,qBAAW,WAAW,UAAU;AAC5B,gBAAI,QAAQ,OAAO,OAAO,CAAC,MAAM,QAAQ,aAAa;AAClD,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAAA,MAEJ;AAEA,UAAI,YAAY,MAAM;AAClB,mBAAW,UAAU,SAAS;AAC1B,gBAAM,EAAE,SAAS,UAAU,WAAW,IAAI;AAC1C,cAAI,eAAe,QAAQ,aAAa,MAAM;AAC1C,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,WAAW;AAAA,YACf;AAAA,UACJ;AACA,cAAI,YAAY,QAAQ,aAAa,QAAQ,eAAe,MAAM;AAC9D,kBAAM,IAAI,oBAAoB,sCAAsC,WAAW,eAAe;AAAA,UAClG;AACA,cAAI,YAAY,QAAQ,CAAC,UAAU,QAAQ,OAAO,GAAG;AACjD,kBAAM,IAAI,oBAAoB,qCAAqC,WAAW,eAAe;AAAA,UACjG;AACA,cAAI,aAAa,QAAQ,CAAC,eAAe,QAAQ,QAAQ,GAAG;AACxD,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,WAAW;AAAA,YACf;AAAA,UACJ;AACA,cAAI,eAAe,QAAQ,CAAC,aAAa,QAAQ,UAAU,GAAG;AAC1D,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,WAAW;AAAA,YACf;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAsB,SAAoC;AACtD,QAAI,YAAY,UAAc,YAAY,GAAG,OAAO,KAAK,QAAQ,QAAS;AACtE,aAAO,EAAE,iBAAiB,GAAG,aAAa,KAAK;AAAA,IACnD;AACA,UAAM,cAAc,SAAS,iBAAiB;AAC9C,QAAI,gBAAgB,QAAW;AAC3B,YAAM,IAAI,cAAc,iDAAiD;AAAA,IAC7E;AACA,WAAO,EAAE,iBAAiB,MAAM,YAAY;AAAA,EAChD;AAAA,EAEA,+BACI,OACA,UACF;AACE,QAAI,CAAC,KAAK,SAAS,aAAa;AAC5B;AAAA,IACJ;AACA,UAAM,EAAE,QAAQ,IAAI,KAAK;AAIzB,UAAM,sBAAsB,SAAS,iBAAiB;AAEtD,QAAI,wBAAwB,UAAa,KAAK,OAAO,8BAA8B,QAAW;AAC1F;AAAA,IACJ;AACA,UAAM,EAAE,iBAAiB,YAAY,IAAI,KAAK,sBAAsB,OAAO;AAC3E,UAAM,aAAa,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAClF,UAAM,gBAAgB,SAAS,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAExF,QAAI,IAAI;AACR,WAAO,IAAI,WAAW,QAAQ,KAAK;AAC/B,YAAM,aACF,cAAc,CAAC,MAAM,SACf,mBAAmB,WAAW,QAC9B,WAAW,CAAC,MAAM,SAChB,mBAAmB,WAAW,UAC9B,mBAAmB,WAAW;AAC1C,WAAK,OAAO,0BAA0B;AAAA,QAClC;AAAA,UACI;AAAA,UACA;AAAA,UACA;AAAA,UACA,cACK,eAAe,mBAAmB,WAAW,UAAU,cAAc,CAAC,IAAI,WAAW,CAAC,MACvF;AAAA,UACJ,aAAa;AAAA,QACjB;AAAA,QACA,KAAK;AAAA,MACT;AAAA,IACJ;AACA,QAAI,cAAc,SAAS,GAAG;AAC1B,eAAS,IAAI,cAAc,SAAS,GAAG,KAAK,GAAG,KAAK;AAChD,aAAK,OAAO,0BAA0B;AAAA,UAClC;AAAA,YACI,YAAY,mBAAmB,WAAW;AAAA,YAC1C;AAAA,YACA;AAAA,YACA,aAAa,SAAS,CAAC;AAAA,YACvB,aAAa;AAAA,UACjB;AAAA,UACA,KAAK;AAAA,QACT;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,uCAAuC,OAAoD;AAGvF,UAAM,sBAAsB,KAAK,QAAQ,SAAS,iBAAiB;AAEnE,QAAI,wBAAwB,QAAW;AACnC;AAAA,IACJ;AAEA,UAAM,mBAAmB,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAExF,QAAI,iBAAiB,WAAW,GAAG;AAC/B;AAAA,IACJ;AACA,QAAI,iBAAiB,SAAS,GAAG;AAC7B,YAAM,IAAI,oBAAoB,8CAA8C,WAAW,eAAe;AAAA,IAC1G;AAGA,SAAK,wBAAwB,iBAAiB,CAAC,CAAC;AAAA,EACpD;AAAA,EAEA,oCACI,OACA,UACF;AACE,QAAI,CAAC,KAAK,SAAS,aAAa;AAC5B;AAAA,IACJ;AACA,UAAM,EAAE,QAAQ,IAAI,KAAK;AAIzB,UAAM,sBAAsB,SAAS,iBAAiB;AAEtD,QAAI,wBAAwB,UAAa,KAAK,OAAO,kCAAkC,QAAW;AAC9F;AAAA,IACJ;AACA,UAAM,EAAE,iBAAiB,YAAY,IAAI,KAAK,sBAAsB,OAAO;AAE3E,UAAM,mBAAmB,MAAM,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AACxF,UAAM,sBAAsB,SAAS,OAAO,WAAS,MAAM,gBAAgB,mBAAmB;AAE9F,UAAM,aACF,iBAAiB,SAAS,oBAAoB,SACxC,mBAAmB,WAAW,QAC9B,iBAAiB,SAAS,oBAAoB,SAC5C,mBAAmB,WAAW,UAC9B,mBAAmB,WAAW;AAE1C,SAAK,OAAO,8BAA8B;AAAA,MACtC;AAAA,QACI;AAAA,QACA;AAAA,QACA;AAAA,QACA,cACK,eAAe,mBAAmB,WAAW,UACxC,oBAAoB,CAAC,IACrB,iBAAiB,CAAC,MAAM;AAAA,QAClC,aAAa;AAAA,MACjB;AAAA,MACA,KAAK;AAAA,IACT;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUU,wBAAwB,WAAsD;AACpF,UAAM,EAAE,KAAK,IAAI;AACjB,QAAI,KAAK,SAAS,KAAK,KAAK,CAAC,MAAM,QAAQ,QAAQ,KAAK,KAAK,SAAS,CAAC,MAAM,QAAQ,gBAAgB;AAEjG,YAAM,IAAI,oBAAoB,iCAAiC,WAAW,eAAe;AAAA,IAC7F;AACA,QAAI;AACA,oBAAc,CAAC,GAA8C,IAAI,EAAE,OAAO,IAAI;AAAA,IAClF,SAAS,OAAO;AACZ,aAAO,MAAM,kCAAkC,KAAK;AACpD,YAAM,IAAI,oBAAoB,iCAAiC,WAAW,eAAe;AAAA,IAC7F;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQU,0BACN,UACA,WACA,cACA,WACA,YACF;AACE,WAAO;AAAA,EACX;AAAA;AAAA,EAGA,kBAAkB,QAAgB;AAC9B,UAAM,cAAc,OAAO;AAC3B,WAAO,IAAI,UAAU,SAAS,KAAK,MAAM,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,EACnG;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,wBAAwB,SAAiC;AACrD,QAAI,YAAY,UAAa,CAAC,QAAQ,WAAW,QAAQ,WAAW,QAAW;AAC3E,WAAK,qBAAqB,QAAQ,MAAM;AAAA,IAC5C;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAsB,SAAiC;AACnD,QAAI,YAAY,UAAa,CAAC,QAAQ,WAAW,QAAQ,WAAW,QAAW;AAC3E,UAAI,KAAK,SAAS,iBAAiB,IAAI,QAAQ,MAAM,MAAM,QAAW;AAClE,aAAK,0BAA0B,QAAQ,MAAM;AAAA,MACjD;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA,EAGA,yBACI,KACA,SACA,SACF;AACE,QAAI,YAAY,UAAa,QAAQ,SAAS;AAE1C,WAAK,sBAAsB;AAAA,IAC/B,OAAO;AACH,YAAM,SAAS,QAAQ,SAAS;AAChC,UAAI,WAAW,UAAa,OAAO,gBAAgB,UAAa,QAAQ,aAAa,QAAW;AAC5F,cAAM,IAAI,cAAc,+DAA+D;AAAA,MAC3F;AACA,WAAK,uBAAuB,QAAQ,KAAK,QAAQ,QAAQ;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,uBAAuB,QAAgB,KAA8C,UAA2B;AAC5G,UAAM,cAAc,OAAO;AAC3B,QAAI,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAEjD,aAAO;AAAA,QACH;AAAA,QACA;AAAA,MACJ;AACA,WAAK,mBAAmB,aAAa,UAAU,GAAG;AAAA,IACtD,OAAO;AAEH,aAAO,MAAM,yDAAyD,WAAW;AAEjF,aAAO,IAAI,UAAU,SAAS,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,IACxF;AAAA,EACJ;AAAA,EAEA,iBAAiB;AACb,UAAM,MAAM,SAAS,KAAK,MAAM,GAAG;AACnC,UAAM,gBAAgB,oBAAI,IAA0D;AAEpF,eAAW,SAAS,KAAK;AACrB,YAAM,EAAE,YAAY,IAAI;AACxB,YAAM,OAAO,cAAc,IAAI,WAAW,KAAK,CAAC;AAChD,WAAK,KAAK,KAAK;AACf,oBAAc,IAAI,aAAa,IAAI;AAAA,IACvC;AACA,WAAO;AAAA,EACX;AAAA;AAAA,EAGA,wBAAwB;AACpB,UAAM,gBAAgB,KAAK,eAAe;AAE1C,UAAM,UAAU,KAAK,IAAI,IAAI,aAAa;AAC1C,eAAW,UAAU,SAAS;AAE1B,aAAO,IAAI,UAAU,cAAc,IAAI,OAAO,WAAW,KAAK,CAAC;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,qBAAqB,aAA0B;AAC3C,QAAI,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAClD,aAAO,KAAK,qDAAqD,WAAW;AAC5E,WAAK,SAAS,iBAAiB,IAAI,aAAa,MAAS;AAAA,IAC7D;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBACI,aACA,UACA,KACF;AACE,QAAI,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW,GAAG;AAClD,aAAO,KAAK,qDAAqD,WAAW;AAAA,IAChF;AACA,SAAK,SAAS,iBAAiB,IAAI,aAAa,QAAQ;AACxD,SAAK,SAAS,eAAe;AAAA,MACzB;AAAA,MACA,SAAS,GAAG,EAAE,OAAO,WAAS,MAAM,gBAAgB,WAAW;AAAA,IACnE;AAAA,EACJ;AAAA;AAAA,EAGA,0BAA0B,aAA0B;AAChD,UAAM,gBAAgB,CAAC,CAAC,KAAK,SAAS,iBAAiB,IAAI,WAAW;AACtE,UAAM,cAAc,KAAK,SAAS,eAAe,IAAI,WAAW;AAEhE,SAAK,SAAS,eAAe,OAAO,WAAW;AAC/C,SAAK,SAAS,iBAAiB,OAAO,WAAW;AACjD,QAAI,iBAAiB,gBAAgB,QAAW;AAC5C,WAAK,IAAI,IAAI,aAAa,EAAE,IAAI,WAAW,EAAE,IAAI,UAAU;AAAA,IAC/D;AAAA,EACJ;AACJ;AAAA,CAEO,CAAUA,yBAAV;AAAA,EACI,MAAM,SAAS;AAAA;AAAA,IAElB,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,IAMd,mBAAmB,oBAAI,IAA8C;AAAA;AAAA,IAGrE,iBAAiB,oBAAI,IAA0D;AAAA,EACnF;AAZO,EAAAA,qBAAM;AAAA,GADA;",
|
|
5
5
|
"names": ["AccessControlServer"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OperationalCredentialsServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/operational-credentials/OperationalCredentialsServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;
|
|
1
|
+
{"version":3,"file":"OperationalCredentialsServer.d.ts","sourceRoot":"","sources":["../../../../src/behaviors/operational-credentials/OperationalCredentialsServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAI3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAA8C,YAAY,EAAuB,MAAM,UAAU,CAAC;AAGzG,OAAO,EAEH,mBAAmB,EAYnB,GAAG,EACN,MAAM,WAAW,CAAC;AACnB,OAAO,EAEH,WAAW,EASd,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AA8BrF;;;;;;;GAOG;AACH,qBAAa,4BAA6B,SAAQ,8BAA8B;;IACpE,QAAQ,EAAE,4BAA4B,CAAC,QAAQ,CAAC;IAChD,KAAK,EAAE,4BAA4B,CAAC,KAAK,CAAC;IAEzC,UAAU,IAAI,YAAY;IAUpB,kBAAkB,CAAC,EAAE,gBAAgB,EAAE,EAAE,sBAAsB,CAAC,kBAAkB;;;;IAqBlF,UAAU,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,sBAAsB,CAAC,UAAU;;;;IAiC1E,uBAAuB,CAAC,EAAE,eAAe,EAAE,EAAE,sBAAsB,CAAC,uBAAuB;;;IAmD3F,MAAM,CAAC,EAClB,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,gBAAgB,EAChB,aAAa,GAChB,EAAE,sBAAsB,CAAC,aAAa;IAiGxB,SAAS,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sBAAsB,CAAC,gBAAgB;IA6D1E,iBAAiB,CAAC,EAAE,KAAK,EAAE,EAAE,sBAAsB,CAAC,wBAAwB;;;;;;;;;IAkB5E,YAAY,CAAC,EAAE,WAAW,EAAE,EAAE,sBAAsB,CAAC,mBAAmB;;;;;;;;;IAmBxE,yBAAyB,CAAC,EACrC,iBAAiB,GACpB,EAAE,sBAAsB,CAAC,gCAAgC;IAiEpD,gBAAgB;CA4CzB;AAED,yBAAiB,4BAA4B,CAAC;IAC1C,MAAa,QAAQ;QACjB,aAAa,CAAC,EAAE,mBAAmB,CAAC;QACpC,kBAAkB,CAAC,EAAE,WAAW,CAAC;KACpC;IAED,MAAa,KAAM,SAAQ,8BAA8B,CAAC,KAAK;QAC3D;;;;;;;;WAQG;QACH,aAAa,CAAC,EAAE,mBAAmB,CAAC,UAAU,CAAa;QAE3D,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,CAAC,OAAO;;;KAOzE;CACJ"}
|
|
@@ -6,7 +6,6 @@
|
|
|
6
6
|
import { CommissioningServer } from "#behavior/system/commissioning/CommissioningServer.js";
|
|
7
7
|
import { ProductDescriptionServer } from "#behavior/system/product-description/ProductDescriptionServer.js";
|
|
8
8
|
import { AccessControlServer } from "#behaviors/access-control";
|
|
9
|
-
import { AccessControl } from "#clusters/access-control";
|
|
10
9
|
import { OperationalCredentials } from "#clusters/operational-credentials";
|
|
11
10
|
import { CryptoVerifyError, Logger, MatterFlowError, UnexpectedDataError } from "#general";
|
|
12
11
|
import { AccessLevel } from "#model";
|
|
@@ -74,15 +73,13 @@ class OperationalCredentialsServer extends OperationalCredentialsBehavior {
|
|
|
74
73
|
const certification = await this.getCertification();
|
|
75
74
|
const session = this.session;
|
|
76
75
|
NodeSession.assert(session);
|
|
77
|
-
const
|
|
76
|
+
const attestationElements = TlvAttestation.encode({
|
|
78
77
|
declaration: certification.declaration,
|
|
79
78
|
attestationNonce,
|
|
80
79
|
timestamp: 0
|
|
81
80
|
});
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
attestationSignature: await certification.sign(session, elements)
|
|
85
|
-
};
|
|
81
|
+
const attestationSignature = await certification.sign(session, attestationElements);
|
|
82
|
+
return { attestationElements, attestationSignature };
|
|
86
83
|
}
|
|
87
84
|
async csrRequest({ csrNonce, isForUpdateNoc }) {
|
|
88
85
|
if (csrNonce.length !== 32) {
|
|
@@ -207,15 +204,7 @@ class OperationalCredentialsServer extends OperationalCredentialsBehavior {
|
|
|
207
204
|
logger.info("Building fabric for addNoc failed", error);
|
|
208
205
|
return this.#mapNocErrors(error);
|
|
209
206
|
}
|
|
210
|
-
|
|
211
|
-
aclCluster.state.acl.push({
|
|
212
|
-
fabricIndex: fabric.fabricIndex,
|
|
213
|
-
privilege: AccessControl.AccessControlEntryPrivilege.Administer,
|
|
214
|
-
authMode: AccessControl.AccessControlEntryAuthMode.Case,
|
|
215
|
-
subjects: [caseAdminSubject],
|
|
216
|
-
targets: null
|
|
217
|
-
// entire node
|
|
218
|
-
});
|
|
207
|
+
await this.endpoint.act((agent) => agent.get(AccessControlServer).addDefaultCaseAcl(fabric, [caseAdminSubject]));
|
|
219
208
|
const session = this.session;
|
|
220
209
|
NodeSession.assert(session);
|
|
221
210
|
await failsafeContext.addFabric(fabric);
|
|
@@ -273,11 +262,11 @@ class OperationalCredentialsServer extends OperationalCredentialsBehavior {
|
|
|
273
262
|
);
|
|
274
263
|
}
|
|
275
264
|
try {
|
|
276
|
-
const
|
|
277
|
-
await timedOp.updateFabric(
|
|
265
|
+
const updatedFabric = await timedOp.buildUpdatedFabric(nocValue, icacValue);
|
|
266
|
+
await timedOp.updateFabric(updatedFabric);
|
|
278
267
|
return {
|
|
279
268
|
statusCode: OperationalCredentials.NodeOperationalCertStatus.Ok,
|
|
280
|
-
fabricIndex:
|
|
269
|
+
fabricIndex: updatedFabric.fabricIndex
|
|
281
270
|
};
|
|
282
271
|
} catch (error) {
|
|
283
272
|
logger.info("Building fabric for updateNoc failed", error);
|
|
@@ -331,7 +320,7 @@ class OperationalCredentialsServer extends OperationalCredentialsBehavior {
|
|
|
331
320
|
try {
|
|
332
321
|
await failsafeContext.setRootCert(rootCaCertificate);
|
|
333
322
|
} catch (error) {
|
|
334
|
-
logger.info("
|
|
323
|
+
logger.info("Error installing root certificate:", error);
|
|
335
324
|
if (error instanceof CryptoVerifyError || error instanceof CertificateError || error instanceof ValidationError || error instanceof UnexpectedDataError) {
|
|
336
325
|
throw new StatusResponseError(error.message, StatusCode.InvalidCommand);
|
|
337
326
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../src/behaviors/operational-credentials/OperationalCredentialsServer.ts"],
|
|
4
|
-
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,SAAS,2BAA2B;AACpC,SAAS,gCAAgC;AACzC,SAAS,2BAA2B;AACpC,SAAS,
|
|
4
|
+
"mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAOA,SAAS,2BAA2B;AACpC,SAAS,gCAAgC;AACzC,SAAS,2BAA2B;AACpC,SAAS,8BAA8B;AAEvC,SAAS,mBAAmB,QAAQ,iBAA+B,2BAA2B;AAC9F,SAAS,mBAAmB;AAE5B;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EAEA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,sCAAsC;AAE/C,MAAM,SAAS,OAAO,IAAI,wBAAwB;AAOlD,uBAAuB,QAAQ,WAAW;AAAA,EACtC,GAAG,uBAAuB,QAAQ;AAAA,EAClC,oBAAoB;AAAA,IAChB;AAAA,IACA,UAAU,EAAE,kBAAkB,SAAS,GAAG,aAAa,EAAE,CAAC;AAAA,IAC1D;AAAA,IACA,uBAAuB;AAAA,IACvB,EAAE,WAAW,YAAY,WAAW;AAAA,EACxC;AAAA,EACA,YAAY;AAAA,IACR;AAAA,IACA,UAAU;AAAA,MACN,UAAU,SAAS,GAAG,aAAa;AAAA,MACnC,gBAAgB,iBAAiB,GAAG,UAAU;AAAA,IAClD,CAAC;AAAA,IACD;AAAA,IACA,uBAAuB;AAAA,IACvB,EAAE,WAAW,YAAY,WAAW;AAAA,EACxC;AACJ;AAUO,MAAM,qCAAqC,+BAA+B;AAAA,EAIpE,aAA2B;AAEhC,QAAI,KAAK,MAAM,qBAAqB,QAAW;AAC3C,WAAK,MAAM,mBAAmB;AAAA,IAClC;AACA,SAAK,MAAM,sBAAsB,KAAK,MAAM,QAAQ;AAEpD,SAAK,QAAS,KAAK,SAAkB,UAAU,QAAQ,KAAK,WAAW;AAAA,EAC3E;AAAA,EAEA,MAAe,mBAAmB,EAAE,iBAAiB,GAA8C;AAC/F,QAAI,iBAAiB,WAAW,IAAI;AAChC,YAAM,IAAI,oBAAoB,oCAAoC,WAAW,cAAc;AAAA,IAC/F;AAEA,UAAM,gBAAgB,MAAM,KAAK,iBAAiB;AAElD,UAAM,UAAU,KAAK;AACrB,gBAAY,OAAO,OAAO;AAE1B,UAAM,sBAAsB,eAAe,OAAO;AAAA,MAC9C,aAAa,cAAc;AAAA,MAC3B;AAAA,MACA,WAAW;AAAA,IACf,CAAC;AAED,UAAM,uBAAuB,MAAM,cAAc,KAAK,SAAS,mBAAmB;AAElF,WAAO,EAAE,qBAAqB,qBAAqB;AAAA,EACvD;AAAA,EAEA,MAAe,WAAW,EAAE,UAAU,eAAe,GAAsC;AACvF,QAAI,SAAS,WAAW,IAAI;AACxB,YAAM,IAAI,oBAAoB,4BAA4B,WAAW,cAAc;AAAA,IACvF;AAEA,UAAM,UAAU,KAAK;AACrB,gBAAY,OAAO,OAAO;AAC1B,QAAI,kBAAkB,QAAQ,QAAQ;AAClC,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,UAAM,eAAe,KAAK,IAAI,IAAI,kBAAkB;AACpD,UAAM,kBAAkB,aAAa;AACrC,QAAI,gBAAgB,gBAAgB,QAAW;AAC3C,YAAM,IAAI;AAAA,QACN,6BAA6B,gBAAgB,eAAe,cAAc,QAAQ;AAAA,QAClF,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,UAAM,gBAAgB,MAAM,KAAK,iBAAiB;AAElD,UAAM,qBAAqB,MAAM,gBAAgB;AAAA,MAC7C,kBAAkB;AAAA,MAClB,KAAK,QAAQ;AAAA,IACjB;AACA,UAAM,gBAAgB,sBAAsB,OAAO,EAAE,oBAAoB,SAAS,CAAC;AACnF,WAAO,EAAE,eAAe,sBAAsB,MAAM,cAAc,KAAK,SAAS,aAAa,EAAE;AAAA,EACnG;AAAA,EAEA,MAAe,wBAAwB,EAAE,gBAAgB,GAAmD;AACxG,UAAM,gBAAgB,MAAM,KAAK,iBAAiB;AAElD,YAAQ,iBAAiB;AAAA,MACrB,KAAK,uBAAuB,qBAAqB;AAC7C,eAAO,EAAE,aAAa,cAAc,YAAY;AAAA,MACpD,KAAK,uBAAuB,qBAAqB;AAC7C,eAAO,EAAE,aAAa,cAAc,wBAAwB;AAAA,MAChE;AACI,cAAM,IAAI;AAAA,UACN,iCAAiC,eAAe;AAAA,UAChD,WAAW;AAAA,QACf;AAAA,IACR;AAAA,EACJ;AAAA,EAEA,cAAc,OAAoD;AAC9D,QAAI,iBAAiB,2BAA2B;AAC5C,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,MAAM;AAAA,MACrB;AAAA,IACJ,WAAW,iBAAiB,sBAAsB;AAC9C,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,MAAM;AAAA,MACrB;AAAA,IACJ,WACI,iBAAiB,qBACjB,iBAAiB,oBACjB,iBAAiB,mBACjB,iBAAiB,qBACnB;AACE,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,MAAM;AAAA,MACrB;AAAA,IACJ,WAAW,iBAAiB,gBAAgB;AACxC,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,MAAM;AAAA,MACrB;AAAA,IACJ,WAAW,iBAAiB,sCAAsC;AAC9D,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,MAAM;AAAA,MACrB;AAAA,IACJ;AACA,UAAM;AAAA,EACV;AAAA,EAEA,MAAe,OAAO;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAAyC;AACrC,UAAM,kBAAkB,KAAK;AAE7B,QAAI,gBAAgB,gBAAgB,QAAW;AAC3C,YAAM,IAAI;AAAA,QACN,2BAA2B,gBAAgB,eAAe,cAAc,QAAQ;AAAA,QAChF,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,CAAC,gBAAgB,aAAa;AAC9B,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,gBAAgB,iBAAiB,KAAK,QAAQ,IAAI;AAClD,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,gBAAgB,cAAc;AAC9B,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,UAAM,QAAQ,KAAK;AACnB,QAAI,MAAM,uBAAuB,MAAM,kBAAkB;AACrD,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,8CAA8C,MAAM,gBAAgB;AAAA,MACnF;AAAA,IACJ;AAEA,QAAI;AACJ,QAAI;AACA,eAAS,MAAM,gBAAgB,YAAY;AAAA,QACvC;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACJ,CAAC;AAAA,IACL,SAAS,OAAO;AACZ,aAAO,KAAK,qCAAqC,KAAK;AACtD,aAAO,KAAK,cAAc,KAAK;AAAA,IACnC;AAIA,UAAM,KAAK,SAAS,IAAI,WAAS,MAAM,IAAI,mBAAmB,EAAE,kBAAkB,QAAQ,CAAC,gBAAgB,CAAC,CAAC;AAE7G,UAAM,UAAU,KAAK;AACrB,gBAAY,OAAO,OAAO;AAE1B,UAAM,gBAAgB,UAAU,MAAM;AAEtC,QAAI;AACA,UAAI,QAAQ,QAAQ;AAChB,eAAO,MAAM,cAAc,OAAO,WAAW,oBAAoB,QAAQ,IAAI,EAAE;AAC/E,gBAAQ,oBAAoB,MAAM;AAAA,MACtC;AAGA,YAAM,sBAAsB,KAAK,MAAM,QAAQ,UAAU,OAAK,EAAE,gBAAgB,OAAO,WAAW;AAClG,YAAM,mBAAmB,KAAK,MAAM,KAAK,UAAU,OAAK,EAAE,gBAAgB,OAAO,WAAW;AAC5F,UAAI,wBAAwB,MAAM,qBAAqB,IAAI;AACvD,cAAM,IAAI;AAAA,UACN,eAAe,OAAO,WAAW;AAAA,QACrC;AAAA,MACJ;AAAA,IACJ,SAAS,GAAG;AAER,YAAM,OAAO,OAAO,QAAQ,EAAE;AAC9B,YAAM;AAAA,IACV;AASA,WAAO,KAAK,iCAAiC,aAAa,sBAAsB,gBAAgB,EAAE;AAElG,WAAO;AAAA,MACH,YAAY,uBAAuB,0BAA0B;AAAA,MAC7D,aAAa,OAAO;AAAA,IACxB;AAAA,EACJ;AAAA,EAEA,MAAe,UAAU,EAAE,UAAU,UAAU,GAA4C;AACvF,gBAAY,OAAO,KAAK,OAAO;AAE/B,UAAM,UAAU,KAAK;AAErB,QAAI,QAAQ,gBAAgB,QAAW;AACnC,YAAM,IAAI;AAAA,QACN,8BAA8B,QAAQ,eAAe,cAAc,QAAQ;AAAA,QAC3E,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,QAAQ,iBAAiB,OAAO;AAChC,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,QAAQ,aAAa;AAIrB,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,MACjE;AAAA,IACJ;AAEA,QAAI,QAAQ,iBAAiB,QAAW;AAIpC,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,MACjE;AAAA,IACJ;AAEA,QAAI,KAAK,QAAQ,iBAAiB,gBAAgB,QAAQ,kBAAkB,aAAa;AACrF,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAGA,QAAI;AACA,YAAM,gBAAgB,MAAM,QAAQ,mBAAmB,UAAU,SAAS;AAG1E,YAAM,QAAQ,aAAa,aAAa;AAExC,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,aAAa,cAAc;AAAA,MAC/B;AAAA,IACJ,SAAS,OAAO;AACZ,aAAO,KAAK,wCAAwC,KAAK;AACzD,aAAO,KAAK,cAAc,KAAK;AAAA,IACnC;AAAA,EACJ;AAAA,EAEA,MAAe,kBAAkB,EAAE,MAAM,GAAoD;AACzF,UAAM,SAAS,KAAK,QAAQ;AAE5B,UAAM,qBAAqB,OAAO;AAClC,UAAM,UAAU,KAAK,IAAI,IAAI,aAAa;AAC1C,UAAM,yBAAyB,QAAQ,KAAK,OAAK,EAAE,UAAU,SAAS,EAAE,gBAAgB,kBAAkB;AAC1G,QAAI,2BAA2B,QAAW;AACtC,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,SAAS,KAAK,2BAA2B,uBAAuB,WAAW;AAAA,MAC1F;AAAA,IACJ;AAEA,UAAM,OAAO,SAAS,KAAK;AAE3B,WAAO,EAAE,YAAY,uBAAuB,0BAA0B,IAAI,aAAa,OAAO,YAAY;AAAA,EAC9G;AAAA,EAEA,MAAe,aAAa,EAAE,YAAY,GAA+C;AACrF,UAAM,SAAS,KAAK,IAAI,IAAI,aAAa,EAAE,YAAY,WAAW;AAElE,QAAI,WAAW,QAAW;AACtB,aAAO;AAAA,QACH,YAAY,uBAAuB,0BAA0B;AAAA,QAC7D,WAAW,UAAU,WAAW;AAAA,MACpC;AAAA,IACJ;AAEA,UAAM,OAAO,OAAO,KAAK,QAAQ,EAAE;AAGnC,WAAO;AAAA,MACH,YAAY,uBAAuB,0BAA0B;AAAA,MAC7D;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,MAAe,0BAA0B;AAAA,IACrC;AAAA,EACJ,GAA4D;AACxD,UAAM,kBAAkB,KAAK;AAK7B,QAAI,gBAAgB,aAAa;AAC7B,YAAM,IAAI;AAAA,QACN;AAAA,QACA,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI,gBAAgB,gBAAgB,QAAW;AAC3C,YAAM,IAAI;AAAA,QACN,8CAA8C,gBAAgB,eAAe,cAAc,QAAQ;AAAA,QACnG,WAAW;AAAA,MACf;AAAA,IACJ;AAEA,QAAI;AACA,YAAM,gBAAgB,YAAY,iBAAiB;AAAA,IACvD,SAAS,OAAO;AACZ,aAAO,KAAK,sCAAsC,KAAK;AACvD,UACI,iBAAiB,qBACjB,iBAAiB,oBACjB,iBAAiB,mBACjB,iBAAiB,qBACnB;AACE,cAAM,IAAI,oBAAoB,MAAM,SAAS,WAAW,cAAc;AAAA,MAC1E;AACA,YAAM;AAAA,IACV;AAEA,UAAM,UAAU,KAAK,IAAI,IAAI,aAAa;AAC1C,UAAM,0BAA0B,QAAQ,IAAI,YAAU,OAAO,QAAQ;AACrE,4BAAwB,KAAK,iBAAiB;AAC9C,SAAK,MAAM,0BAA0B;AAAA,EACzC;AAAA,EAEA,MAAM,iBAAiB;AACnB,UAAM,UAAU,KAAK,IAAI,IAAI,aAAa;AAC1C,SAAK,MAAM,UAAU,QAAQ,IAAI,aAAW;AAAA,MACxC,UAAU,OAAO;AAAA,MACjB,OAAO,OAAO;AAAA,MACd,QAAQ,OAAO;AAAA,MACf,eAAe,OAAO;AAAA,MACtB,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,IACxB,EAAE;AAEF,SAAK,MAAM,OAAO,QAAQ,IAAI,aAAW;AAAA,MACrC,KAAK,OAAO;AAAA,MACZ,MAAM,OAAO,sBAAsB;AAAA,MACnC,aAAa,OAAO;AAAA,IACxB,EAAE;AAEF,SAAK,MAAM,0BAA0B,QAAQ,IAAI,YAAU,OAAO,QAAQ;AAE1E,SAAK,MAAM,sBAAsB,QAAQ;AAEzC,UAAM,KAAK,QAAQ,YAAY,OAAO;AAAA,EAC1C;AAAA,EAEA,MAAM,mBAAmB;AACrB,UAAM,gBACF,KAAK,SAAS,kBACb,KAAK,SAAS,gBAAgB,IAAI;AAAA,MAC/B,KAAK,MAAM;AAAA,MACX,KAAK,MAAM,IAAI,wBAAwB,EAAE;AAAA,IAC7C;AAEJ,UAAM,cAAc;AAEpB,WAAO;AAAA,EACX;AAAA,EAEA,MAAM,mBAAmB,EAAE,YAAY,GAAW;AAC9C,UAAM,KAAK,eAAe;AAC1B,SAAK,MAAM,IAAI,mBAAmB,EAAE,mBAAmB,aAAa,aAAa,KAAK;AAAA,EAC1F;AAAA,EAEA,MAAM,qBAAqB,EAAE,YAAY,GAAW;AAChD,UAAM,KAAK,eAAe;AAC1B,SAAK,MAAM,IAAI,mBAAmB,EAAE,mBAAmB,aAAa,aAAa,OAAO;AAAA,EAC5F;AAAA,EAEA,MAAM,qBAAqB,EAAE,YAAY,GAAW;AAChD,UAAM,KAAK,eAAe;AAC1B,SAAK,MAAM,IAAI,mBAAmB,EAAE,mBAAmB,aAAa,aAAa,OAAO;AAAA,EAC5F;AAAA,EAEA,MAAM,wBAAwB;AAC1B,UAAM,KAAK,eAAe;AAAA,EAC9B;AAAA,EAEA,MAAM,cAAc;AAChB,UAAM,gBAAgB,KAAK,IAAI,IAAI,aAAa;AAChD,SAAK,QAAQ,cAAc,OAAO,OAAO,KAAK,oBAAoB,EAAE,MAAM,KAAK,CAAC;AAChF,SAAK,QAAQ,cAAc,OAAO,SAAS,KAAK,sBAAsB,EAAE,MAAM,KAAK,CAAC;AACpF,SAAK,QAAQ,cAAc,OAAO,SAAS,KAAK,sBAAsB,EAAE,MAAM,KAAK,CAAC;AACpF,SAAK,QAAQ,cAAc,OAAO,gBAAgB,KAAK,uBAAuB,EAAE,MAAM,KAAK,CAAC;AAC5F,UAAM,KAAK,eAAe;AAAA,EAC9B;AAAA,EAEA,IAAI,mBAAmB;AACnB,WAAO,KAAK,IAAI,IAAI,kBAAkB,EAAE;AAAA,EAC5C;AACJ;AAAA,CAEO,CAAUA,kCAAV;AAAA,EACI,MAAM,SAAS;AAAA,IAClB;AAAA,IACA;AAAA,EACJ;AAHO,EAAAA,8BAAM;AAAA,EAKN,MAAM,cAAc,+BAA+B,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAU5D,gBAAiD;AAAA,IAEjD,CAAC,IAAI,UAAU,EAAE,WAAqB,SAAkC;AACpE,aAAO;AAAA,QACH,IAAI,qBAAqB;AACrB,iBAAO,QAAQ,UAAU,YAAY;AAAA,QACzC;AAAA,MACJ;AAAA,IACJ;AAAA,EACJ;AAnBO,EAAAA,8BAAM;AAAA,GANA;",
|
|
5
5
|
"names": ["OperationalCredentialsServer"]
|
|
6
6
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Behaviors.d.ts","sourceRoot":"","sources":["../../../../src/endpoint/properties/Behaviors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"Behaviors.d.ts","sourceRoot":"","sources":["../../../../src/endpoint/properties/Behaviors.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAQjD,OAAO,EAAE,UAAU,EAAE,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAIH,UAAU,EAGV,SAAS,EAET,YAAY,EAEf,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,mBAAmB,EAAiB,GAAG,EAAE,MAAM,WAAW,CAAC;AAGpE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAK/C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAIlE,MAAM,WAAW,iBAAiB;IAC9B,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACxB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACvB;AAED;;GAEG;AACH,qBAAa,SAAS;;IAOlB;;OAEG;IACH,IAAI,SAAS,uBAEZ;IAED,IAAI,MAAM,qCAMT;IAED,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,iBAErB;IAED,IAAI,kBAAkB,mBAyErB;gBAEW,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IA2B3E;;;;;;OAMG;IACH,UAAU,IAAI,YAAY;IAsE1B;;OAEG;IACH,GAAG,CAAC,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;IAKpC;;OAEG;IACH,OAAO,CAAC,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IA4BvE;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK;IAY5C;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK;IAgBnD;;;;;OAKG;IACH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC;IAiC3E;;;;;;OAMG;IACH,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK;IAM1C;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI;IAK5B;;OAEG;IACG,KAAK;IA0CX;;OAEG;IACH,oBAAoB,CAAC,YAAY,CAAC,EAAE,kBAAkB;IAoCtD;;;OAGG;IACH,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI;IA0B/B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI;IAI9B;;;;;;;;OAQG;IACH,WAAW,CAAC,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,GAER,YAAY,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAG/D;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI;IAK7B;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,GAAG,iBAAiB;IAelD,CAAC,MAAM,CAAC,QAAQ,CAAC;IA8BjB;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI;CA4FvC;AAMD,yBAAiB,SAAS,CAAC;IACvB,UAAiB,eAAe;QAC5B,UAAU,EAAE,mBAAmB,CAAC;QAChC,UAAU,EAAE,UAAU,CAAC;KAC1B;CACJ"}
|