@matter/protocol 0.12.4-alpha.0-20250217-b0bba5179 → 0.12.4-alpha.0-20250224-e0964a795

package/src/protocol/ExchangeManager.ts

@@ -48,6 +48,7 @@ export class MessageChannel implements Channel<Message> {
         closeCallback?: () => Promise<void>,
     ) {
         this.#closeCallback = closeCallback;
+        this.session.destroyed.on(() => this.close());
     }
 
     set closeCallback(callback: () => Promise<void>) {
@@ -149,6 +150,10 @@ export class ExchangeManager {
         return instance;
     }
 
+    get channels() {
+        return this.#channelManager;
+    }
+
     hasProtocolHandler(protocolId: number) {
         return this.#protocols.has(protocolId);
     }
@@ -158,10 +163,10 @@ export class ExchangeManager {
     }
 
     addProtocolHandler(protocol: ProtocolHandler) {
-        if (this.hasProtocolHandler(protocol.getId())) {
-            throw new ImplementationError(`Handler for protocol ${protocol.getId()} already registered.`);
+        if (this.hasProtocolHandler(protocol.id)) {
+            throw new ImplementationError(`Handler for protocol ${protocol.id} already registered.`);
         }
-        this.#protocols.set(protocol.getId(), protocol);
+        this.#protocols.set(protocol.id, protocol);
     }
 
     initiateExchange(address: PeerAddress, protocolId: number) {
@@ -272,7 +277,7 @@ export class ExchangeManager {
                     !message.payloadHeader.requiresAck
                 ) {
                     logger.debug(
-                        `Ignoring unsolicited standalone ack message ${messageId} for protocol ${message.payloadHeader.protocolId} and exchange id ${message.payloadHeader.exchangeId}.`,
+                        `Ignoring unsolicited standalone ack message ${messageId} for protocol ${message.payloadHeader.protocolId} and exchange id ${message.payloadHeader.exchangeId} on channel ${channel.name}`,
                     );
                     return;
                 }
@@ -295,7 +300,7 @@ export class ExchangeManager {
                 });
                 await exchange.close();
                 logger.debug(
-                    `Ignoring unsolicited message ${messageId} for protocol ${message.payloadHeader.protocolId}.`,
+                    `Ignoring unsolicited message ${messageId} for protocol ${message.payloadHeader.protocolId} on channel ${channel.name}`,
                 );
             } else {
                 if (protocolHandler === undefined) {
@@ -303,14 +308,14 @@ export class ExchangeManager {
                 }
                 if (isDuplicate) {
                     logger.info(
-                        `Ignoring duplicate message ${messageId} (requires no ack) for protocol ${message.payloadHeader.protocolId}.`,
+                        `Ignoring duplicate message ${messageId} (requires no ack) for protocol ${message.payloadHeader.protocolId} on channel ${channel.name}`,
                     );
                     return;
                 } else {
                     logger.info(
                         `Discarding unexpected message ${messageId} for protocol ${
                             message.payloadHeader.protocolId
-                        }, exchangeIndex ${exchangeIndex} and sessionId ${session.id} : ${Logger.toJSON(message)}`,
+                        }, exchangeIndex ${exchangeIndex} and sessionId ${session.id} on channel ${channel.name}: ${Logger.toJSON(message)}`,
                     );
                 }
             }
@@ -355,7 +360,7 @@ export class ExchangeManager {
         }
         if (session.sendCloseMessageWhenClosing) {
             const channel = this.#channelManager.getChannelForSession(session);
-            logger.debug(`Channel for session ${session.name} is ${channel?.name}`);
+            logger.debug(`Channel for session ${sessionName} is ${channel?.name}`);
             if (channel !== undefined) {
                 const exchange = this.initiateExchangeWithChannel(channel, SECURE_CHANNEL_PROTOCOL_ID);
                 if (exchange !== undefined) {
@@ -422,18 +427,21 @@ export class ExchangeManager {
             transportInterface.onData((socket, data) => {
                 if (udpInterface && data.length > socket.maxPayloadSize) {
                     logger.warn(
-                        `Ignoring UDP message with size ${data.length} from ${socket.name}, which is larger than the maximum allowed size of ${socket.maxPayloadSize}.`,
+                        `Ignoring UDP message on channel ${socket.name} with size ${data.length} from ${socket.name}, which is larger than the maximum allowed size of ${socket.maxPayloadSize}.`,
                     );
                     return;
                 }
 
                 try {
                     this.onMessage(socket, data).catch(error =>
-                        logger.info(error instanceof MatterError ? error.message : error),
+                        logger.info(
+                            `Error on channel ${socket.name}:`,
+                            error instanceof MatterError ? error.message : error,
+                        ),
                     );
                 } catch (error) {
                     logger.info(
-                        "Ignoring UDP message with error",
+                        `Ignoring UDP message on channel ${socket.name} with error`,
                         error instanceof MatterError ? error.message : error,
                     );
                 }

package/src/protocol/ExchangeProvider.ts

@@ -12,8 +12,13 @@ import { MessageExchange } from "../protocol/MessageExchange.js";
 import { ProtocolHandler } from "../protocol/ProtocolHandler.js";
 import { Session } from "../session/Session.js";
 
+/**
+ * Interface for obtaining an exchange with a specific peer.
+ */
 export abstract class ExchangeProvider {
-    protected constructor(protected readonly exchangeManager: ExchangeManager) {}
+    abstract readonly supportsReconnect: boolean;
+
+    constructor(protected readonly exchangeManager: ExchangeManager) {}
 
     hasProtocolHandler(protocolId: number) {
         return this.exchangeManager.hasProtocolHandler(protocolId);
@@ -33,8 +38,12 @@ export abstract class ExchangeProvider {
     abstract channelType: ChannelType;
 }
 
+/**
+ * Manages an exchange over an established channel.
+ */
 export class DedicatedChannelExchangeProvider extends ExchangeProvider {
     #channel: MessageChannel;
+    readonly supportsReconnect = false;
 
     constructor(exchangeManager: ExchangeManager, channel: MessageChannel) {
         super(exchangeManager);
@@ -58,7 +67,11 @@ export class DedicatedChannelExchangeProvider extends ExchangeProvider {
     }
 }
 
+/**
+ * Manages peer exchange that will reestablish automatically in the case of communication failure.
+ */
 export class ReconnectableExchangeProvider extends ExchangeProvider {
+    readonly supportsReconnect = true;
     readonly #address: PeerAddress;
     readonly #reconnectChannelFunc: () => Promise<void>;
     readonly #channelUpdated = Observable<[void]>();

package/src/protocol/ProtocolHandler.ts

@@ -8,7 +8,7 @@ import { Message } from "../codec/MessageCodec.js";
 import { MessageExchange } from "./MessageExchange.js";
 
 export interface ProtocolHandler {
-    getId(): number;
+    readonly id: number;
     onNewExchange(exchange: MessageExchange, message: Message): Promise<void>;
     close(): Promise<void>;
 }

package/src/securechannel/SecureChannelProtocol.ts

@@ -28,9 +28,7 @@ import { TlvSecureChannelStatusMessage } from "./SecureChannelStatusMessageSchem
 const logger = Logger.get("SecureChannelProtocol");
 
 export class StatusReportOnlySecureChannelProtocol implements ProtocolHandler {
-    getId(): number {
-        return SECURE_CHANNEL_PROTOCOL_ID;
-    }
+    readonly id = SECURE_CHANNEL_PROTOCOL_ID;
 
     async onNewExchange(exchange: MessageExchange, message: Message) {
         const messageType = message.payloadHeader.messageType;

package/src/session/InsecureSession.ts

@@ -87,6 +87,7 @@ export class InsecureSession extends Session {
 
     async destroy() {
         await this.end();
+        await this.destroyed.emit();
     }
 
     async end() {

package/src/session/SecureSession.ts

@@ -327,9 +327,13 @@ export class SecureSession extends Session {
                     await this.closer;
                 } catch (error) {
                     NoChannelError.accept(error);
+                } finally {
+                    await this.destroyed.emit();
                 }
+                return;
             }
         }
+        await this.destroyed.emit();
     }
 
     /**

package/src/session/Session.ts

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { Time } from "#general";
+import { AsyncObservable, Time } from "#general";
 import { NodeId } from "#types";
 import { DecodedMessage, DecodedPacket, Message, Packet } from "../codec/MessageCodec.js";
 import { Fabric } from "../fabric/Fabric.js";
@@ -76,9 +76,10 @@ export abstract class Session {
     /**
      * If the ExchangeManager performs async work to clean up a session it sets this promise.  This is because
      * historically we didn't return from destroy() until ExchangeManager was complete.  Not sure if this is entirely
-     * necessary but it makes sense so this allows us to maintain the old behavior.
+     * necessary, but it makes sense so this allows us to maintain the old behavior.
      */
     closer?: Promise<void>;
+    #destroyed = AsyncObservable<[]>();
 
     constructor(args: {
         manager?: SessionManager;
@@ -117,6 +118,10 @@ export abstract class Session {
         }
     }
 
+    get destroyed() {
+        return this.#destroyed;
+    }
+
     notifyActivity(messageReceived: boolean) {
         this.timestamp = Time.nowMs();
         if (messageReceived) {

package/src/session/SessionManager.ts

@@ -386,6 +386,7 @@ export class SessionManager {
             const secureSession = session;
             if (secureSession.peerIs(address)) {
                 await secureSession.destroy(sendClose, false);
+                this.#sessions.delete(session);
             }
         }
     }

package/src/session/case/CaseClient.ts

@@ -79,7 +79,12 @@ export class CaseClient {
         if (sigma2Resume !== undefined) {
             // Process sigma2 resume
             if (resumptionRecord === undefined) throw new UnexpectedDataError("Received an unexpected sigma2Resume.");
-            const { sharedSecret, fabric, sessionParameters: resumptionSessionParams } = resumptionRecord;
+            const {
+                sharedSecret,
+                fabric,
+                sessionParameters: resumptionSessionParams,
+                caseAuthenticatedTags,
+            } = resumptionRecord;
             const { responderSessionId: peerSessionId, resumptionId, resumeMic } = sigma2Resume;
 
             // We use the Fallbacks for the session parameters overridden by our stored ones from the resumption record
@@ -103,10 +108,11 @@ export class CaseClient {
                 isInitiator: true,
                 isResumption: true,
                 peerSessionParameters: sessionParameters,
+                caseAuthenticatedTags,
             });
             await messenger.sendSuccess();
             logger.info(
-                `Case client: Session resumed with ${messenger.getChannelName()} and parameters`,
+                `Case client: Session ${secureSession.id} successfully resumed with ${messenger.getChannelName()} for Fabric ${NodeId.toHexString(fabric.nodeId)}(index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)} and parameters`,
                 secureSession.parameterDiagnostics(),
             );
 
@@ -157,17 +163,12 @@ export class CaseClient {
 
             if (peerNodeIdNOCert !== peerNodeId) {
                 throw new UnexpectedDataError(
-                    "The node ID in the peer certificate doesn't match the expected peer node ID",
-                );
-            }
-            if (peerNodeIdNOCert !== peerNodeId) {
-                throw new UnexpectedDataError(
-                    "The node ID in the peer certificate doesn't match the expected peer node ID",
+                    `The node ID in the peer certificate ${peerNodeIdNOCert} doesn't match the expected peer node ID ${peerNodeId}`,
                 );
             }
             if (peerFabricIdNOCert !== fabric.fabricId) {
                 throw new UnexpectedDataError(
-                    "The fabric ID in the peer certificate doesn't match the expected fabric ID",
+                    `The fabric ID in the peer certificate ${peerFabricIdNOCert} doesn't match the expected fabric ID ${fabric.fabricId}`,
                 );
             }
             if (peerIntermediateCACert !== undefined) {
@@ -175,9 +176,9 @@ export class CaseClient {
                     subject: { fabricId: peerFabricIdIcaCert },
                 } = TlvIntermediateCertificate.decode(peerIntermediateCACert);
 
-                if (peerFabricIdIcaCert !== fabric.fabricId) {
+                if (peerFabricIdIcaCert !== undefined && peerFabricIdIcaCert !== fabric.fabricId) {
                     throw new UnexpectedDataError(
-                        "The fabric ID in the peer intermediate CA certificate doesn't match the expected fabric ID",
+                        `The fabric ID in the peer intermediate CA certificate ${peerFabricIdIcaCert} doesn't match the expected fabric ID ${fabric.fabricId}`,
                     );
                 }
             }
@@ -199,6 +200,7 @@ export class CaseClient {
             await messenger.waitForSuccess("Sigma3-Success");
 
             // All good! Create secure session
+            const { caseAuthenticatedTags } = resumptionRecord ?? {}; // Even if resumption does not work try to reuse the caseAuthenticatedTags
             const secureSessionSalt = Bytes.concat(
                 operationalIdentityProtectionKey,
                 Crypto.hash([sigma1Bytes, sigma2Bytes, sigma3Bytes]),
@@ -213,9 +215,12 @@ export class CaseClient {
                 isInitiator: true,
                 isResumption: false,
                 peerSessionParameters: sessionParameters,
+                caseAuthenticatedTags,
             });
             logger.info(
-                `Case client: Paired successfully with ${messenger.getChannelName()} and parameters`,
+                `Case client Session ${secureSession.id} established successfully with ${messenger.getChannelName()} for Fabric ${NodeId.toHexString(
+                    fabric.nodeId,
+                )}(index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)}and parameters`,
                 secureSession.parameterDiagnostics(),
             );
             resumptionRecord = {
@@ -224,6 +229,7 @@ export class CaseClient {
                 sharedSecret,
                 resumptionId: peerResumptionId,
                 sessionParameters: secureSession.parameters,
+                caseAuthenticatedTags,
             };
         }
 

package/src/session/case/CaseServer.ts

@@ -30,6 +30,8 @@ import { CaseServerMessenger } from "./CaseMessenger.js";
 const logger = Logger.get("CaseServer");
 
 export class CaseServer implements ProtocolHandler {
+    readonly id = SECURE_CHANNEL_PROTOCOL_ID;
+
     #sessions: SessionManager;
     #fabrics: FabricManager;
 
@@ -58,10 +60,6 @@ export class CaseServer implements ProtocolHandler {
         }
     }
 
-    getId(): number {
-        return SECURE_CHANNEL_PROTOCOL_ID;
-    }
-
     private async handleSigma1(messenger: CaseServerMessenger) {
         logger.info(`Received pairing request from ${messenger.getChannelName()}`);
         // Generate pairing info
@@ -234,7 +232,7 @@ export class CaseServer implements ProtocolHandler {
                 caseAuthenticatedTags,
             });
             logger.info(
-                `session ${secureSession.id} created with ${messenger.getChannelName()} for Fabric ${NodeId.toHexString(
+                `Session ${secureSession.id} created with ${messenger.getChannelName()} for Fabric ${NodeId.toHexString(
                     fabric.nodeId,
                 )}(index ${fabric.fabricIndex}) and PeerNode ${NodeId.toHexString(peerNodeId)}`,
                 "with CATs",

package/src/session/pase/PaseServer.ts

@@ -33,8 +33,10 @@ const PASE_COMMISSIONING_MAX_ERRORS = 20;
 export class MaximumPasePairingErrorsReachedError extends MatterFlowError {}
 
 export class PaseServer implements ProtocolHandler {
-    private pairingTimer: Timer | undefined;
-    private pairingErrors = 0;
+    readonly id = SECURE_CHANNEL_PROTOCOL_ID;
+
+    #pairingTimer: Timer | undefined;
+    #pairingErrors = 0;
 
     static async fromPin(sessions: SessionManager, setupPinCode: number, pbkdfParameters: PbkdfParameters) {
         const { w0, L } = await Spake2p.computeW0L(pbkdfParameters, setupPinCode);
@@ -58,18 +60,14 @@ export class PaseServer implements ProtocolHandler {
         private readonly pbkdfParameters?: PbkdfParameters,
     ) {}
 
-    getId(): number {
-        return SECURE_CHANNEL_PROTOCOL_ID;
-    }
-
     async onNewExchange(exchange: MessageExchange) {
         const messenger = new PaseServerMessenger(exchange);
         try {
             await this.handlePairingRequest(messenger);
         } catch (error) {
-            this.pairingErrors++;
+            this.#pairingErrors++;
             logger.error(
-                `An error occurred during the PASE commissioning (${this.pairingErrors}/${PASE_COMMISSIONING_MAX_ERRORS}):`,
+                `An error occurred during the PASE commissioning (${this.#pairingErrors}/${PASE_COMMISSIONING_MAX_ERRORS}):`,
                 error,
             );
 
@@ -77,7 +75,7 @@ export class PaseServer implements ProtocolHandler {
             const sendError = !(error instanceof ChannelStatusResponseError);
             await this.cancelPairing(messenger, sendError);
 
-            if (this.pairingErrors >= PASE_COMMISSIONING_MAX_ERRORS) {
+            if (this.#pairingErrors >= PASE_COMMISSIONING_MAX_ERRORS) {
                 throw new MaximumPasePairingErrorsReachedError(
                     `Pase server: Too many errors during PASE commissioning, aborting commissioning window`,
                 );
@@ -99,7 +97,7 @@ export class PaseServer implements ProtocolHandler {
             );
         }
 
-        if (this.pairingTimer !== undefined && this.pairingTimer.isRunning) {
+        if (this.#pairingTimer !== undefined && this.#pairingTimer.isRunning) {
             throw new MatterFlowError(
                 "Pase server: Pairing already in progress (PASE establishment Timer running), ignoring new exchange.",
             );
@@ -107,7 +105,7 @@ export class PaseServer implements ProtocolHandler {
 
         logger.info(`Received pairing request from ${messenger.getChannelName()}.`);
 
-        this.pairingTimer = Time.getTimer("PASE pairing timeout", PASE_PAIRING_TIMEOUT_MS, () =>
+        this.#pairingTimer = Time.getTimer("PASE pairing timeout", PASE_PAIRING_TIMEOUT_MS, () =>
             this.cancelPairing(messenger),
         ).start();
 
@@ -167,13 +165,13 @@ export class PaseServer implements ProtocolHandler {
         await messenger.sendSuccess();
         await messenger.close();
 
-        this.pairingTimer?.stop();
-        this.pairingTimer = undefined;
+        this.#pairingTimer?.stop();
+        this.#pairingTimer = undefined;
     }
 
     async cancelPairing(messenger: PaseServerMessenger, sendError = true) {
-        this.pairingTimer?.stop();
-        this.pairingTimer = undefined;
+        this.#pairingTimer?.stop();
+        this.#pairingTimer = undefined;
 
         if (sendError) {
             await messenger.sendError(ProtocolStatusCode.InvalidParam);