@matter/protocol 0.14.1-alpha.0-20250605-9fc134af0 → 0.14.1-alpha.0-20250606-a9bcd03f9

package/dist/cjs/session/SecureSession.js

@@ -18,296 +18,25 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var SecureSession_exports = {};
 __export(SecureSession_exports, {
-  NoAssociatedFabricError: () => NoAssociatedFabricError,
-  SecureSession: () => SecureSession,
-  assertSecureSession: () => assertSecureSession
+  SecureSession: () => SecureSession
 });
 module.exports = __toCommonJS(SecureSession_exports);
 var import_general = require("#general");
-var import_PeerAddress = require("#peer/PeerAddress.js");
-var import_types = require("#types");
-var import_MessageCodec = require("../codec/MessageCodec.js");
-var import_ChannelManager = require("../protocol/ChannelManager.js");
-var import_MessageCounter = require("../protocol/MessageCounter.js");
-var import_MessageReceptionState = require("../protocol/MessageReceptionState.js");
 var import_Session = require("./Session.js");
 /**
  * @license
  * Copyright 2022-2025 Matter.js Authors
  * SPDX-License-Identifier: Apache-2.0
  */
-const logger = import_general.Logger.get("SecureSession");
-const SESSION_KEYS_INFO = import_general.Bytes.fromString("SessionKeys");
-const SESSION_RESUMPTION_KEYS_INFO = import_general.Bytes.fromString("SessionResumptionKeys");
-class NoAssociatedFabricError extends import_types.StatusResponseError {
-  constructor(message) {
-    super(message, import_types.StatusCode.UnsupportedAccess);
-  }
-}
 class SecureSession extends import_Session.Session {
-  #subscriptions = new import_general.BasicSet();
-  #closingAfterExchangeFinished = false;
-  #sendCloseMessageWhenClosing = true;
-  #id;
-  #isInitiator;
-  #fabric;
-  #peerNodeId;
-  #peerSessionId;
-  #decryptKey;
-  #encryptKey;
-  #attestationKey;
-  #caseAuthenticatedTags;
-  #isClosing = false;
-  supportsMRP = true;
-  static async create(args) {
-    const {
-      manager,
-      id,
-      fabric,
-      peerNodeId,
-      peerSessionId,
-      sharedSecret,
-      salt,
-      isInitiator,
-      isResumption,
-      peerSessionParameters,
-      caseAuthenticatedTags
-    } = args;
-    const keys = await import_general.Crypto.hkdf(
-      sharedSecret,
-      salt,
-      isResumption ? SESSION_RESUMPTION_KEYS_INFO : SESSION_KEYS_INFO,
-      import_general.CRYPTO_SYMMETRIC_KEY_LENGTH * 3
-    );
-    const decryptKey = isInitiator ? keys.slice(16, 32) : keys.slice(0, 16);
-    const encryptKey = isInitiator ? keys.slice(0, 16) : keys.slice(16, 32);
-    const attestationKey = keys.slice(32, 48);
-    return new SecureSession({
-      manager,
-      id,
-      fabric,
-      peerNodeId,
-      peerSessionId,
-      decryptKey,
-      encryptKey,
-      attestationKey,
-      sessionParameters: peerSessionParameters,
-      isInitiator,
-      caseAuthenticatedTags
-    });
-  }
-  constructor(args) {
-    super({
-      ...args,
-      setActiveTimestamp: true,
-      // We always set the active timestamp for Secure sessions
-      // Can be changed to a PersistedMessageCounter if we implement session storage
-      messageCounter: new import_MessageCounter.MessageCounter(() => {
-        this.end(true, true).catch((error) => logger.error(`Error while closing session: ${error}`));
-      }),
-      messageReceptionState: new import_MessageReceptionState.MessageReceptionStateEncryptedWithoutRollover()
-    });
-    const {
-      manager,
-      id,
-      fabric,
-      peerNodeId,
-      peerSessionId,
-      decryptKey,
-      encryptKey,
-      attestationKey,
-      caseAuthenticatedTags,
-      isInitiator
-    } = args;
-    this.#id = id;
-    this.#fabric = fabric;
-    this.#peerNodeId = peerNodeId;
-    this.#peerSessionId = peerSessionId;
-    this.#decryptKey = decryptKey;
-    this.#encryptKey = encryptKey;
-    this.#attestationKey = attestationKey;
-    this.#caseAuthenticatedTags = caseAuthenticatedTags ?? [];
-    this.#isInitiator = isInitiator;
-    manager?.sessions.add(this);
-    fabric?.addSession(this);
-    logger.debug(
-      `Created secure ${this.isPase ? "PASE" : "CASE"} session for fabric index ${fabric?.fabricIndex}`,
-      this.name,
-      this.parameterDiagnostics()
-    );
-  }
-  parameterDiagnostics() {
-    return import_general.Diagnostic.dict(
-      {
-        SII: this.idleIntervalMs,
-        SAI: this.activeIntervalMs,
-        SAT: this.activeThresholdMs,
-        DMRev: this.dataModelRevision,
-        IMRev: this.interactionModelRevision,
-        spec: import_general.Diagnostic.hex(this.specificationVersion),
-        maxPaths: this.maxPathsPerInvoke,
-        CATs: this.#caseAuthenticatedTags
-      },
-      true
-    );
-  }
-  get caseAuthenticatedTags() {
-    return this.#caseAuthenticatedTags;
-  }
-  get closingAfterExchangeFinished() {
-    return this.#closingAfterExchangeFinished;
-  }
-  get sendCloseMessageWhenClosing() {
-    return this.#sendCloseMessageWhenClosing;
-  }
-  get isSecure() {
-    return true;
-  }
-  get isPase() {
-    return this.#peerNodeId === import_types.NodeId.UNSPECIFIED_NODE_ID;
-  }
-  get subscriptions() {
-    return this.#subscriptions;
-  }
-  get isInitiator() {
-    return this.#isInitiator;
-  }
-  get isClosing() {
-    return this.#isClosing;
-  }
-  async close(closeAfterExchangeFinished) {
-    if (closeAfterExchangeFinished === void 0) {
-      closeAfterExchangeFinished = this.isPeerActive();
-    }
-    await this.end(true, closeAfterExchangeFinished);
-  }
-  decode({ header, applicationPayload, messageExtension }, aad) {
-    if (header.hasMessageExtensions) {
-      logger.info(
-        `Message extensions are not supported. Ignoring ${messageExtension ? import_general.Bytes.toHex(messageExtension) : void 0}`
-      );
-    }
-    const nonce = this.generateNonce(header.securityFlags, header.messageId, this.#peerNodeId);
-    const message = import_MessageCodec.MessageCodec.decodePayload({
-      header,
-      applicationPayload: import_general.Crypto.decrypt(this.#decryptKey, applicationPayload, nonce, aad)
-    });
-    if (message.payloadHeader.hasSecuredExtension) {
-      logger.info(
-        `Secured extensions are not supported. Ignoring ${message.securityExtension ? import_general.Bytes.toHex(message.securityExtension) : void 0}`
-      );
-    }
-    return message;
-  }
-  encode(message) {
-    message.packetHeader.sessionId = this.#peerSessionId;
-    const { header, applicationPayload } = import_MessageCodec.MessageCodec.encodePayload(message);
-    const headerBytes = import_MessageCodec.MessageCodec.encodePacketHeader(message.packetHeader);
-    const securityFlags = headerBytes[3];
-    const sessionNodeId = this.isPase ? import_types.NodeId.UNSPECIFIED_NODE_ID : this.#fabric?.nodeId ?? import_types.NodeId.UNSPECIFIED_NODE_ID;
-    const nonce = this.generateNonce(securityFlags, header.messageId, sessionNodeId);
-    return { header, applicationPayload: import_general.Crypto.encrypt(this.#encryptKey, applicationPayload, nonce, headerBytes) };
-  }
-  get attestationChallengeKey() {
-    return this.#attestationKey;
-  }
-  get fabric() {
-    return this.#fabric;
-  }
-  addAssociatedFabric(fabric) {
-    if (this.#fabric !== void 0) {
-      throw new import_general.MatterFlowError("Session already has an associated Fabric. Cannot change this.");
-    }
-    this.#fabric = fabric;
-  }
-  get id() {
-    return this.#id;
-  }
-  get name() {
-    return `secure/${this.#id}`;
-  }
-  get peerSessionId() {
-    return this.#peerSessionId;
-  }
-  get nodeId() {
-    return this.#fabric?.nodeId ?? import_types.NodeId.UNSPECIFIED_NODE_ID;
-  }
-  get peerNodeId() {
-    return this.#peerNodeId;
-  }
-  get associatedFabric() {
-    if (this.#fabric === void 0) {
-      throw new NoAssociatedFabricError(
-        `${this.isPase ? "PASE " : ""}Session needs to have an associated Fabric for fabric sensitive data handling.`
-      );
-    }
-    return this.#fabric;
-  }
-  async clearSubscriptions(flushSubscriptions = false, cancelledByPeer = false) {
-    const subscriptions = [...this.#subscriptions];
-    for (const subscription of subscriptions) {
-      await subscription.close(flushSubscriptions, cancelledByPeer);
-    }
-    return subscriptions.length;
-  }
-  /** Ends a session. Outstanding subscription data will be flushed before the session is destroyed. */
-  async end(sendClose, closeAfterExchangeFinished = false) {
-    await this.clearSubscriptions(true);
-    await this.destroy(sendClose, closeAfterExchangeFinished);
-  }
-  /** Destroys a session. Outstanding subscription data will be discarded. */
-  async destroy(sendClose = false, closeAfterExchangeFinished = true) {
-    await this.clearSubscriptions(false);
-    this.#fabric?.removeSession(this);
-    if (!sendClose) {
-      this.#sendCloseMessageWhenClosing = false;
-    }
-    if (closeAfterExchangeFinished) {
-      logger.info(`Register Session ${this.name} to close when exchange is ended.`);
-      this.#closingAfterExchangeFinished = true;
-    } else {
-      this.#isClosing = true;
-      logger.info(`End ${this.isPase ? "PASE" : "CASE"} session ${this.name}`);
-      this.manager?.sessions.delete(this);
-      if (this.closer) {
-        try {
-          await this.closer;
-        } catch (error) {
-          import_ChannelManager.NoChannelError.accept(error);
-        } finally {
-          await this.destroyed.emit();
-        }
-        return;
-      }
-      await this.destroyed.emit();
-    }
-  }
-  /**
-   * The peer node's address.
-   */
-  get peerAddress() {
-    return (0, import_PeerAddress.PeerAddress)({
-      fabricIndex: this.#fabric?.fabricIndex ?? import_types.FabricIndex.NO_FABRIC,
-      nodeId: this.#peerNodeId
-    });
-  }
-  /**
-   * Indicates whether a peer matches a specific address.
-   */
-  peerIs(address) {
-    return (this.#fabric?.fabricIndex ?? import_types.FabricIndex.NO_FABRIC) === address.fabricIndex && this.#peerNodeId === address.nodeId;
-  }
-  generateNonce(securityFlags, messageId, nodeId) {
-    const writer = new import_general.DataWriter(import_general.Endian.Little);
-    writer.writeUInt8(securityFlags);
-    writer.writeUInt32(messageId);
-    writer.writeUInt64(nodeId);
-    return writer.toByteArray();
-  }
+  isSecure = true;
 }
-function assertSecureSession(session, errorText) {
-  if (!session?.isSecure) {
-    throw new import_general.MatterFlowError(errorText ?? "Insecure session in secure context");
+((SecureSession2) => {
+  function assert(session, errorText) {
+    if (!session?.isSecure) {
+      throw new import_general.MatterFlowError(errorText ?? "Insecure session in secure context");
+    }
   }
-}
+  SecureSession2.assert = assert;
+})(SecureSession || (SecureSession = {}));
 //# sourceMappingURL=SecureSession.js.map

package/dist/cjs/session/SecureSession.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../../src/session/SecureSession.ts"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAUO;AAEP,yBAA4B;AAC5B,mBAA2F;AAC3F,0BAA6E;AAE7E,4BAA+B;AAC/B,4BAA+B;AAC/B,mCAA8D;AAC9D,qBAAiD;AAzBjD;AAAA;AAAA;AAAA;AAAA;AA4BA,MAAM,SAAS,sBAAO,IAAI,eAAe;AAEzC,MAAM,oBAAoB,qBAAM,WAAW,aAAa;AACxD,MAAM,+BAA+B,qBAAM,WAAW,uBAAuB;AAEtE,MAAM,gCAAgC,iCAAoB;AAAA,EAC7D,YAAY,SAAiB;AACzB,UAAM,SAAS,wBAAW,iBAAiB;AAAA,EAC/C;AACJ;AAEO,MAAM,sBAAsB,uBAAQ;AAAA,EAC9B,iBAAiB,IAAI,wBAAuB;AAAA,EACrD,gCAAgC;AAAA,EAChC,+BAA+B;AAAA,EACtB;AAAA,EACA;AAAA,EACT;AAAA,EACS;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACT;AAAA,EACA,aAAa;AAAA,EACJ,cAAc;AAAA,EAEvB,aAAa,OAAO,MAYjB;AACC,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,IAAI;AACJ,UAAM,OAAO,MAAM,sBAAO;AAAA,MACtB;AAAA,MACA;AAAA,MACA,eAAe,+BAA+B;AAAA,MAC9C,6CAA8B;AAAA,IAClC;AACA,UAAM,aAAa,cAAc,KAAK,MAAM,IAAI,EAAE,IAAI,KAAK,MAAM,GAAG,EAAE;AACtE,UAAM,aAAa,cAAc,KAAK,MAAM,GAAG,EAAE,IAAI,KAAK,MAAM,IAAI,EAAE;AACtE,UAAM,iBAAiB,KAAK,MAAM,IAAI,EAAE;AACxC,WAAO,IAAI,cAAc;AAAA,MACrB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,MACnB;AAAA,MACA;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,YAAY,MAYT;AACC,UAAM;AAAA,MACF,GAAG;AAAA,MACH,oBAAoB;AAAA;AAAA;AAAA,MAEpB,gBAAgB,IAAI,qCAAe,MAAM;AAGrC,aAAK,IAAI,MAAM,IAAI,EAAE,MAAM,WAAS,OAAO,MAAM,gCAAgC,KAAK,EAAE,CAAC;AAAA,MAC7F,CAAC;AAAA,MACD,uBAAuB,IAAI,2EAA8C;AAAA,IAC7E,CAAC;AACD,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,IAAI;AAEJ,SAAK,MAAM;AACX,SAAK,UAAU;AACf,SAAK,cAAc;AACnB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,yBAAyB,yBAAyB,CAAC;AACxD,SAAK,eAAe;AAEpB,aAAS,SAAS,IAAI,IAAI;AAC1B,YAAQ,WAAW,IAAI;AAEvB,WAAO;AAAA,MACH,kBAAkB,KAAK,SAAS,SAAS,MAAM,6BAA6B,QAAQ,WAAW;AAAA,MAC/F,KAAK;AAAA,MACL,KAAK,qBAAqB;AAAA,IAC9B;AAAA,EACJ;AAAA,EAEA,uBAAuB;AACnB,WAAO,0BAAW;AAAA,MACd;AAAA,QACI,KAAK,KAAK;AAAA,QACV,KAAK,KAAK;AAAA,QACV,KAAK,KAAK;AAAA,QACV,OAAO,KAAK;AAAA,QACZ,OAAO,KAAK;AAAA,QACZ,MAAM,0BAAW,IAAI,KAAK,oBAAoB;AAAA,QAC9C,UAAU,KAAK;AAAA,QACf,MAAM,KAAK;AAAA,MACf;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAAA,EAEA,IAAI,wBAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,+BAA+B;AAC/B,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,8BAA8B;AAC9B,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,WAAoB;AACpB,WAAO;AAAA,EACX;AAAA,EAEA,IAAI,SAAkB;AAClB,WAAO,KAAK,gBAAgB,oBAAO;AAAA,EACvC;AAAA,EAEA,IAAI,gBAAgB;AAChB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,cAAc;AACd,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,YAAY;AACZ,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,MAAM,MAAM,4BAAsC;AAC9C,QAAI,+BAA+B,QAAW;AAC1C,mCAA6B,KAAK,aAAa;AAAA,IACnD;AACA,UAAM,KAAK,IAAI,MAAM,0BAA0B;AAAA,EACnD;AAAA,EAEA,OAAO,EAAE,QAAQ,oBAAoB,iBAAiB,GAAkB,KAAiC;AACrG,QAAI,OAAO,sBAAsB;AAC7B,aAAO;AAAA,QACH,kDAAkD,mBAAmB,qBAAM,MAAM,gBAAgB,IAAI,MAAS;AAAA,MAClH;AAAA,IACJ;AACA,UAAM,QAAQ,KAAK,cAAc,OAAO,eAAe,OAAO,WAAW,KAAK,WAAW;AACzF,UAAM,UAAU,iCAAa,cAAc;AAAA,MACvC;AAAA,MACA,oBAAoB,sBAAO,QAAQ,KAAK,aAAa,oBAAoB,OAAO,GAAG;AAAA,IACvF,CAAC;AAED,QAAI,QAAQ,cAAc,qBAAqB;AAC3C,aAAO;AAAA,QACH,kDAAkD,QAAQ,oBAAoB,qBAAM,MAAM,QAAQ,iBAAiB,IAAI,MAAS;AAAA,MACpI;AAAA,IACJ;AAEA,WAAO;AAAA,EACX;AAAA,EAEA,OAAO,SAA0B;AAC7B,YAAQ,aAAa,YAAY,KAAK;AACtC,UAAM,EAAE,QAAQ,mBAAmB,IAAI,iCAAa,cAAc,OAAO;AACzE,UAAM,cAAc,iCAAa,mBAAmB,QAAQ,YAAY;AACxE,UAAM,gBAAgB,YAAY,CAAC;AACnC,UAAM,gBAAgB,KAAK,SACrB,oBAAO,sBACN,KAAK,SAAS,UAAU,oBAAO;AACtC,UAAM,QAAQ,KAAK,cAAc,eAAe,OAAO,WAAW,aAAa;AAC/E,WAAO,EAAE,QAAQ,oBAAoB,sBAAO,QAAQ,KAAK,aAAa,oBAAoB,OAAO,WAAW,EAAE;AAAA,EAClH;AAAA,EAEA,IAAI,0BAAsC;AACtC,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,oBAAoB,QAAgB;AAChC,QAAI,KAAK,YAAY,QAAW;AAC5B,YAAM,IAAI,+BAAgB,+DAA+D;AAAA,IAC7F;AACA,SAAK,UAAU;AAAA,EACnB;AAAA,EAEA,IAAI,KAAK;AACL,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,OAAO;AACP,WAAO,UAAU,KAAK,GAAG;AAAA,EAC7B;AAAA,EAEA,IAAI,gBAAwB;AACxB,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,SAAS;AACT,WAAO,KAAK,SAAS,UAAU,oBAAO;AAAA,EAC1C;AAAA,EAEA,IAAI,aAAa;AACb,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,IAAI,mBAA2B;AAC3B,QAAI,KAAK,YAAY,QAAW;AAC5B,YAAM,IAAI;AAAA,QACN,GAAG,KAAK,SAAS,UAAU,EAAE;AAAA,MACjC;AAAA,IACJ;AACA,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,MAAM,mBAAmB,qBAAqB,OAAO,kBAAkB,OAAO;AAC1E,UAAM,gBAAgB,CAAC,GAAG,KAAK,cAAc;AAC7C,eAAW,gBAAgB,eAAe;AACtC,YAAM,aAAa,MAAM,oBAAoB,eAAe;AAAA,IAChE;AACA,WAAO,cAAc;AAAA,EACzB;AAAA;AAAA,EAGA,MAAM,IAAI,WAAoB,6BAA6B,OAAO;AAC9D,UAAM,KAAK,mBAAmB,IAAI;AAClC,UAAM,KAAK,QAAQ,WAAW,0BAA0B;AAAA,EAC5D;AAAA;AAAA,EAGA,MAAM,QAAQ,YAAY,OAAO,6BAA6B,MAAM;AAChE,UAAM,KAAK,mBAAmB,KAAK;AACnC,SAAK,SAAS,cAAc,IAAI;AAChC,QAAI,CAAC,WAAW;AACZ,WAAK,+BAA+B;AAAA,IACxC;AAEA,QAAI,4BAA4B;AAC5B,aAAO,KAAK,oBAAoB,KAAK,IAAI,mCAAmC;AAC5E,WAAK,gCAAgC;AAAA,IACzC,OAAO;AACH,WAAK,aAAa;AAClB,aAAO,KAAK,OAAO,KAAK,SAAS,SAAS,MAAM,YAAY,KAAK,IAAI,EAAE;AACvE,WAAK,SAAS,SAAS,OAAO,IAAI;AAGlC,UAAI,KAAK,QAAQ;AACb,YAAI;AACA,gBAAM,KAAK;AAAA,QACf,SAAS,OAAO;AACZ,+CAAe,OAAO,KAAK;AAAA,QAC/B,UAAE;AACE,gBAAM,KAAK,UAAU,KAAK;AAAA,QAC9B;AACA;AAAA,MACJ;AACA,YAAM,KAAK,UAAU,KAAK;AAAA,IAC9B;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,cAAc;AACd,eAAO,gCAAY;AAAA,MACf,aAAa,KAAK,SAAS,eAAe,yBAAY;AAAA,MACtD,QAAQ,KAAK;AAAA,IACjB,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,SAAsB;AACzB,YACK,KAAK,SAAS,eAAe,yBAAY,eAAe,QAAQ,eACjE,KAAK,gBAAgB,QAAQ;AAAA,EAErC;AAAA,EAEQ,cAAc,eAAuB,WAAmB,QAAgB;AAC5E,UAAM,SAAS,IAAI,0BAAW,sBAAO,MAAM;AAC3C,WAAO,WAAW,aAAa;AAC/B,WAAO,YAAY,SAAS;AAC5B,WAAO,YAAY,MAAM;AACzB,WAAO,OAAO,YAAY;AAAA,EAC9B;AACJ;AAEO,SAAS,oBAAoB,SAAmB,WAAsD;AACzG,MAAI,CAAC,SAAS,UAAU;AACpB,UAAM,IAAI,+BAAgB,aAAa,oCAAoC;AAAA,EAC/E;AACJ;",
-  "names": []
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,qBAAgC;AAChC,qBAAwB;AATxB;AAAA;AAAA;AAAA;AAAA;AAWO,MAAe,sBAAsB,uBAAQ;AAAA,EACvC,WAAW;AAGxB;AAAA,CAEO,CAAUA,mBAAV;AACI,WAAS,OAAO,SAAmB,WAAsD;AAC5F,QAAI,CAAC,SAAS,UAAU;AACpB,YAAM,IAAI,+BAAgB,aAAa,oCAAoC;AAAA,IAC/E;AAAA,EACJ;AAJO,EAAAA,eAAS;AAAA,GADH;",
+  "names": ["SecureSession"]
 }

package/dist/cjs/session/Session.d.ts

@@ -5,7 +5,7 @@
  */
 import { AsyncObservable } from "#general";
 import { NodeId, TypeFromPartialBitSchema } from "#types";
-import { DecodedMessage, DecodedPacket, Message, Packet } from "../codec/MessageCodec.js";
+import { DecodedMessage, DecodedPacket, Message, Packet, SessionType } from "../codec/MessageCodec.js";
 import { SupportedTransportsBitmap } from "../common/Scanner.js";
 import { Fabric } from "../fabric/Fabric.js";
 import { MessageCounter } from "../protocol/MessageCounter.js";
@@ -83,6 +83,7 @@ export declare abstract class Session {
     timestamp: number;
     readonly createdAt: number;
     activeTimestamp: number;
+    abstract type: SessionType;
     protected readonly idleIntervalMs: number;
     protected readonly activeIntervalMs: number;
     protected readonly activeThresholdMs: number;
@@ -91,7 +92,7 @@ export declare abstract class Session {
     protected readonly specificationVersion: number;
     protected readonly maxPathsPerInvoke: number;
     protected readonly messageCounter: MessageCounter;
-    protected readonly messageReceptionState: MessageReceptionState;
+    protected readonly messageReceptionState?: MessageReceptionState;
     protected readonly supportedTransports: TypeFromPartialBitSchema<typeof SupportedTransportsBitmap>;
     protected readonly maxTcpMessageSize: number;
     /**
@@ -103,7 +104,7 @@ export declare abstract class Session {
     constructor(args: {
         manager?: SessionManager;
         messageCounter: MessageCounter;
-        messageReceptionState: MessageReceptionState;
+        messageReceptionState?: MessageReceptionState;
         sessionParameters?: SessionParameterOptions;
         setActiveTimestamp: boolean;
     });
@@ -111,13 +112,13 @@ export declare abstract class Session {
     notifyActivity(messageReceived: boolean): void;
     isPeerActive(): boolean;
     getIncrementedMessageCounter(): Promise<number>;
-    updateMessageCounter(messageCounter: number, _sourceNodeId?: NodeId): void;
+    updateMessageCounter(messageCounter: number, _sourceNodeId?: NodeId, _operationalKey?: Uint8Array): void;
+    protected static generateNonce(securityFlags: number, messageId: number, nodeId: NodeId): Uint8Array<ArrayBufferLike>;
     /**
      * The peer's session parameters.
      */
     get parameters(): SessionParameters;
     abstract isSecure: boolean;
-    abstract isPase: boolean;
     abstract id: number;
     abstract peerSessionId: number;
     abstract nodeId: NodeId | undefined;

package/dist/cjs/session/Session.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Session.d.ts","sourceRoot":"","sources":["../../../src/session/Session.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAQ,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,wBAAwB,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAC1F,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAC;AAC7E,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,iFAAiF;AACjF,eAAO,MAAM,2BAA2B,OAAO,CAAC;AAEhD,uHAAuH;AACvH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C,8HAA8H;AAC9H,eAAO,MAAM,kCAAkC,KAAK,CAAC;AAErD;;;GAGG;AACH,eAAO,MAAM,8BAA8B,IAAI,CAAC;AAEhD;;;GAGG;AACH,eAAO,MAAM,6BAA6B,IAAI,CAAC;AAE/C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAEnD,MAAM,WAAW,iBAAiB;IAC9B;;;;;OAKG;IACH,cAAc,EAAE,MAAM,CAAC;IAEvB;;;;;OAKG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAE1B,8EAA8E;IAC9E,iBAAiB,EAAE,MAAM,CAAC;IAE1B,qFAAqF;IACrF,wBAAwB,EAAE,MAAM,CAAC;IAEjC,iFAAiF;IACjF,oBAAoB,EAAE,MAAM,CAAC;IAE7B,kGAAkG;IAClG,iBAAiB,EAAE,MAAM,CAAC;IAE1B,wEAAwE;IACxE,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,yBAAyB,CAAC,CAAC;IAEhF;;;;OAIG;IACH,iBAAiB,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEjE,8BAAsB,OAAO;;IACzB,QAAQ,KAAK,IAAI,IAAI,MAAM,CAAC;IAC5B,QAAQ,KAAK,4BAA4B,IAAI,OAAO,CAAC;IAErD,SAAS,SAAgB;IACzB,QAAQ,CAAC,SAAS,SAAgB;IAClC,eAAe,SAAK;IACpB,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAC1C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAC5C,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,wBAAwB,EAAE,MAAM,CAAC;IACpD,SAAS,CAAC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IAChD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IAClD,SAAS,CAAC,QAAQ,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;IAChE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,yBAAyB,CAAC,CAAC;IACnG,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAE7C;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;gBAGX,IAAI,EAAE;QACd,OAAO,CAAC,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,cAAc,CAAC;QAC/B,qBAAqB,EAAE,qBAAqB,CAAC;QAC7C,iBAAiB,CAAC,EAAE,uBAAuB,CAAC;QAC5C,kBAAkB,EAAE,OAAO,CAAC;KAC/B;IAmCD,IAAI,SAAS,8BAEZ;IAED,cAAc,CAAC,eAAe,EAAE,OAAO;IAQvC,YAAY,IAAI,OAAO;IAIvB,4BAA4B;IAI5B,oBAAoB,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM;IAInE;;OAEG;IACH,IAAI,UAAU,IAAI,iBAAiB,CAuBlC;IAED,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAE9B,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,cAAc;IACxE,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM;IACzC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAC/C,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,0BAA0B,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAE1F,SAAS,KAAK,OAAO,+BAEpB;IAED;;OAEG;IACH,IAAI,KAAK,YAER;CACJ"}
+{"version":3,"file":"Session.d.ts","sourceRoot":"","sources":["../../../src/session/Session.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAA2C,MAAM,UAAU,CAAC;AACpF,OAAO,EAAE,MAAM,EAAE,wBAAwB,EAAE,MAAM,QAAQ,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvG,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,sCAAsC,CAAC;AAC7E,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,MAAM,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,iFAAiF;AACjF,eAAO,MAAM,2BAA2B,OAAO,CAAC;AAEhD,uHAAuH;AACvH,eAAO,MAAM,2BAA2B,KAAK,CAAC;AAE9C,8HAA8H;AAC9H,eAAO,MAAM,kCAAkC,KAAK,CAAC;AAErD;;;GAGG;AACH,eAAO,MAAM,8BAA8B,IAAI,CAAC;AAEhD;;;GAGG;AACH,eAAO,MAAM,6BAA6B,IAAI,CAAC;AAE/C,eAAO,MAAM,6BAA6B,QAAQ,CAAC;AAEnD,MAAM,WAAW,iBAAiB;IAC9B;;;;;OAKG;IACH,cAAc,EAAE,MAAM,CAAC;IAEvB;;;;;OAKG;IACH,gBAAgB,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAE1B,8EAA8E;IAC9E,iBAAiB,EAAE,MAAM,CAAC;IAE1B,qFAAqF;IACrF,wBAAwB,EAAE,MAAM,CAAC;IAEjC,iFAAiF;IACjF,oBAAoB,EAAE,MAAM,CAAC;IAE7B,kGAAkG;IAClG,iBAAiB,EAAE,MAAM,CAAC;IAE1B,wEAAwE;IACxE,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,yBAAyB,CAAC,CAAC;IAEhF;;;;OAIG;IACH,iBAAiB,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEjE,8BAAsB,OAAO;;IACzB,QAAQ,KAAK,IAAI,IAAI,MAAM,CAAC;IAC5B,QAAQ,KAAK,4BAA4B,IAAI,OAAO,CAAC;IAErD,SAAS,SAAgB;IACzB,QAAQ,CAAC,SAAS,SAAgB;IAClC,eAAe,SAAK;IACpB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAC1C,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAC5C,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,wBAAwB,EAAE,MAAM,CAAC;IACpD,SAAS,CAAC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IAChD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC7C,SAAS,CAAC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;IAClD,SAAS,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IACjE,SAAS,CAAC,QAAQ,CAAC,mBAAmB,EAAE,wBAAwB,CAAC,OAAO,yBAAyB,CAAC,CAAC;IACnG,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAE7C;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;gBAGX,IAAI,EAAE;QACd,OAAO,CAAC,EAAE,cAAc,CAAC;QACzB,cAAc,EAAE,cAAc,CAAC;QAC/B,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;QAC9C,iBAAiB,CAAC,EAAE,uBAAuB,CAAC;QAC5C,kBAAkB,EAAE,OAAO,CAAC;KAC/B;IAmCD,IAAI,SAAS,8BAEZ;IAED,cAAc,CAAC,eAAe,EAAE,OAAO;IAQvC,YAAY,IAAI,OAAO;IAIvB,4BAA4B;IAI5B,oBAAoB,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,UAAU;IAOjG,SAAS,CAAC,MAAM,CAAC,aAAa,CAAC,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAQvF;;OAEG;IACH,IAAI,UAAU,IAAI,iBAAiB,CAuBlC;IAED,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IACxC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAE9B,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,cAAc;IACxE,QAAQ,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM;IACzC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAC/C,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,0BAA0B,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAE1F,SAAS,KAAK,OAAO,+BAEpB;IAED;;OAEG;IACH,IAAI,KAAK,YAER;CACJ"}

package/dist/cjs/session/Session.js

@@ -116,9 +116,19 @@ class Session {
   getIncrementedMessageCounter() {
     return this.messageCounter.getIncrementedCounter();
   }
-  updateMessageCounter(messageCounter, _sourceNodeId) {
+  updateMessageCounter(messageCounter, _sourceNodeId, _operationalKey) {
+    if (this.messageReceptionState === void 0) {
+      throw new import_general.InternalError("MessageReceptionState is not defined for this session");
+    }
     this.messageReceptionState.updateMessageCounter(messageCounter);
   }
+  static generateNonce(securityFlags, messageId, nodeId) {
+    const writer = new import_general.DataWriter(import_general.Endian.Little);
+    writer.writeUInt8(securityFlags);
+    writer.writeUInt32(messageId);
+    writer.writeUInt64(nodeId);
+    return writer.toByteArray();
+  }
   /**
    * The peer's session parameters.
    */

package/dist/cjs/session/Session.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../../src/session/Session.ts"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAsC;AANtC;AAAA;AAAA;AAAA;AAAA;AAmBO,MAAM,6BAA6B;AAMnC,MAAM,2BAA2B;AAGjC,MAAM,8BAA8B;AAGpC,MAAM,8BAA8B;AAGpC,MAAM,qCAAqC;AAM3C,MAAM,iCAAiC;AAMvC,MAAM,gCAAgC;AAEtC,MAAM,gCAAgC;AAkDtC,MAAe,QAAQ;AAAA,EAG1B;AAAA,EACA,YAAY,oBAAK,MAAM;AAAA,EACd,YAAY,oBAAK,MAAM;AAAA,EAChC,kBAAkB;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOnB;AAAA,EACA,iBAAa,gCAAoB;AAAA,EAEjC,YAAY,MAMT;AACC,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,QACf,iBAAiB;AAAA,QACjB,mBAAmB;AAAA,QACnB,oBAAoB;AAAA,QACpB,oBAAoB;AAAA,QACpB,2BAA2B;AAAA,QAC3B,uBAAuB;AAAA,QACvB,oBAAoB;AAAA,QACpB,sBAAsB,CAAC;AAAA;AAAA,QACvB,oBAAoB;AAAA,MACxB,IAAI,CAAC;AAAA,MACL;AAAA,IACJ,IAAI;AACJ,SAAK,WAAW;AAChB,SAAK,iBAAiB;AACtB,SAAK,wBAAwB;AAC7B,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AACxB,SAAK,oBAAoB;AACzB,SAAK,oBAAoB;AACzB,SAAK,2BAA2B;AAChC,SAAK,uBAAuB;AAC5B,SAAK,oBAAoB;AACzB,SAAK,sBAAsB;AAC3B,SAAK,oBAAoB;AACzB,QAAI,oBAAoB;AACpB,WAAK,kBAAkB,KAAK;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,IAAI,YAAY;AACZ,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,eAAe,iBAA0B;AACrC,SAAK,YAAY,oBAAK,MAAM;AAC5B,QAAI,iBAAiB;AAEjB,WAAK,kBAAkB,KAAK;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,eAAwB;AACpB,WAAO,oBAAK,MAAM,IAAI,KAAK,kBAAkB,KAAK;AAAA,EACtD;AAAA,EAEA,+BAA+B;AAC3B,WAAO,KAAK,eAAe,sBAAsB;AAAA,EACrD;AAAA,EAEA,qBAAqB,gBAAwB,eAAwB;AACjE,SAAK,sBAAsB,qBAAqB,cAAc;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,aAAgC;AAChC,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,IAAI;AACJ,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAAA,EAgBA,IAAc,UAAU;AACpB,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACR,WAAO,KAAK,UAAU;AAAA,EAC1B;AACJ;",
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,qBAAyE;AANzE;AAAA;AAAA;AAAA;AAAA;AAmBO,MAAM,6BAA6B;AAMnC,MAAM,2BAA2B;AAGjC,MAAM,8BAA8B;AAGpC,MAAM,8BAA8B;AAGpC,MAAM,qCAAqC;AAM3C,MAAM,iCAAiC;AAMvC,MAAM,gCAAgC;AAEtC,MAAM,gCAAgC;AAkDtC,MAAe,QAAQ;AAAA,EAG1B;AAAA,EACA,YAAY,oBAAK,MAAM;AAAA,EACd,YAAY,oBAAK,MAAM;AAAA,EAChC,kBAAkB;AAAA,EAEC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOnB;AAAA,EACA,iBAAa,gCAAoB;AAAA,EAEjC,YAAY,MAMT;AACC,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA,mBAAmB;AAAA,QACf,iBAAiB;AAAA,QACjB,mBAAmB;AAAA,QACnB,oBAAoB;AAAA,QACpB,oBAAoB;AAAA,QACpB,2BAA2B;AAAA,QAC3B,uBAAuB;AAAA,QACvB,oBAAoB;AAAA,QACpB,sBAAsB,CAAC;AAAA;AAAA,QACvB,oBAAoB;AAAA,MACxB,IAAI,CAAC;AAAA,MACL;AAAA,IACJ,IAAI;AACJ,SAAK,WAAW;AAChB,SAAK,iBAAiB;AACtB,SAAK,wBAAwB;AAC7B,SAAK,iBAAiB;AACtB,SAAK,mBAAmB;AACxB,SAAK,oBAAoB;AACzB,SAAK,oBAAoB;AACzB,SAAK,2BAA2B;AAChC,SAAK,uBAAuB;AAC5B,SAAK,oBAAoB;AACzB,SAAK,sBAAsB;AAC3B,SAAK,oBAAoB;AACzB,QAAI,oBAAoB;AACpB,WAAK,kBAAkB,KAAK;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,IAAI,YAAY;AACZ,WAAO,KAAK;AAAA,EAChB;AAAA,EAEA,eAAe,iBAA0B;AACrC,SAAK,YAAY,oBAAK,MAAM;AAC5B,QAAI,iBAAiB;AAEjB,WAAK,kBAAkB,KAAK;AAAA,IAChC;AAAA,EACJ;AAAA,EAEA,eAAwB;AACpB,WAAO,oBAAK,MAAM,IAAI,KAAK,kBAAkB,KAAK;AAAA,EACtD;AAAA,EAEA,+BAA+B;AAC3B,WAAO,KAAK,eAAe,sBAAsB;AAAA,EACrD;AAAA,EAEA,qBAAqB,gBAAwB,eAAwB,iBAA8B;AAC/F,QAAI,KAAK,0BAA0B,QAAW;AAC1C,YAAM,IAAI,6BAAc,uDAAuD;AAAA,IACnF;AACA,SAAK,sBAAsB,qBAAqB,cAAc;AAAA,EAClE;AAAA,EAEA,OAAiB,cAAc,eAAuB,WAAmB,QAAgB;AACrF,UAAM,SAAS,IAAI,0BAAW,sBAAO,MAAM;AAC3C,WAAO,WAAW,aAAa;AAC/B,WAAO,YAAY,SAAS;AAC5B,WAAO,YAAY,MAAM;AACzB,WAAO,OAAO,YAAY;AAAA,EAC9B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,aAAgC;AAChC,UAAM;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,IAAI;AACJ,WAAO;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ;AAAA,EACJ;AAAA,EAeA,IAAc,UAAU;AACpB,WAAO,KAAK;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,QAAQ;AACR,WAAO,KAAK,UAAU;AAAA,EAC1B;AACJ;",
   "names": []
 }

package/dist/cjs/session/SessionManager.d.ts

@@ -3,14 +3,16 @@
  * Copyright 2022-2025 Matter.js Authors
  * SPDX-License-Identifier: Apache-2.0
  */
+import { DecodedPacket } from "#codec/index.js";
 import { FabricManager } from "#fabric/FabricManager.js";
 import { BasicSet, Construction, Environment, Environmental, Observable, StorageContext } from "#general";
 import { Subscription } from "#interaction/Subscription.js";
 import { PeerAddress } from "#peer/PeerAddress.js";
+import { GroupSession } from "#session/GroupSession.js";
 import { CaseAuthenticatedTag, FabricIndex, NodeId } from "#types";
 import { Fabric } from "../fabric/Fabric.js";
 import { InsecureSession } from "./InsecureSession.js";
-import { SecureSession } from "./SecureSession.js";
+import { NodeSession } from "./NodeSession.js";
 import { Session, SessionParameterOptions, SessionParameters } from "./Session.js";
 export declare const UNICAST_UNSECURE_SESSION_ID = 0;
 export interface ResumptionRecord {
@@ -50,7 +52,7 @@ export declare class SessionManager {
     /**
      * Active secure sessions.
      */
-    get sessions(): BasicSet<SecureSession, SecureSession>;
+    get sessions(): BasicSet<NodeSession, NodeSession>;
     /**
      * Active insecure sessions.
      */
@@ -70,7 +72,7 @@ export declare class SessionManager {
     /**
      * Emits when there is a change to the subscription set.
      */
-    get subscriptionsChanged(): Observable<[session: SecureSession, subscription: Subscription], void>;
+    get subscriptionsChanged(): Observable<[session: NodeSession, subscription: Subscription], void>;
     /**
      * Emits when resubmission is necessary due to timeout or network error.
      */
@@ -99,7 +101,7 @@ export declare class SessionManager {
         isResumption: boolean;
         peerSessionParameters?: SessionParameterOptions;
         caseAuthenticatedTags?: CaseAuthenticatedTag[];
-    }): Promise<SecureSession>;
+    }): Promise<NodeSession>;
     /**
      * Deletes a resumption record for a given address.  Returns true if the record was deleted, false if it did not
      * exist.
@@ -110,14 +112,30 @@ export declare class SessionManager {
      * existed.
      */
     deleteResumptionRecordsForFabric(fabric: Fabric): Promise<boolean>;
-    findOldestInactiveSession(): SecureSession;
+    findOldestInactiveSession(): NodeSession;
     getNextAvailableSessionId(): Promise<number>;
-    getSession(sessionId: number): SecureSession | undefined;
-    getPaseSession(): SecureSession;
-    getSessionForNode(address: PeerAddress): SecureSession | undefined;
+    getSession(sessionId: number): NodeSession | undefined;
+    getPaseSession(): NodeSession;
+    getSessionForNode(address: PeerAddress): NodeSession | undefined;
     removeAllSessionsForNode(address: PeerAddress, sendClose?: boolean, closeBeforeCreatedTimestamp?: number): Promise<void>;
     getUnsecureSession(sourceNodeId?: NodeId): InsecureSession | undefined;
-    findGroupSession(groupId: number, groupSessionId: number): void;
+    /**
+     * Creates or Returns a Group Session for a Group Peer Address.
+     * This is used for sending group messages because it returns the session for the current
+     * Group Epoch key. The Source Node Id is the own Node.
+     */
+    groupSessionForAddress(address: PeerAddress): GroupSession;
+    /**
+     * Creates or Returns the Group session based on an incoming packet.
+     * The Session ID is determined by trying to decrypt te packet with possible keys.
+     */
+    groupSessionFromPacket(packet: DecodedPacket, aad: Uint8Array): {
+        session: GroupSession;
+        message: import("#codec/index.js").DecodedMessage;
+        key: Uint8Array<ArrayBufferLike>;
+    };
+    registerGroupSession(session: GroupSession): void;
+    removeGroupSession(session: GroupSession): void;
     findResumptionRecordById(resumptionId: Uint8Array): ResumptionRecord | undefined;
     findResumptionRecordByAddress(address: PeerAddress): ResumptionRecord | undefined;
     saveResumptionRecord(resumptionRecord: ResumptionRecord): Promise<void>;

package/dist/cjs/session/SessionManager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SessionManager.d.ts","sourceRoot":"","sources":["../../../src/session/SessionManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EACH,QAAQ,EAER,YAAY,EAEZ,WAAW,EACX,aAAa,EAMb,UAAU,EAEV,cAAc,EAEjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAE5D,OAAO,EAAE,WAAW,EAAkB,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAA0C,WAAW,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAE3G,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAMH,OAAO,EAIP,uBAAuB,EACvB,iBAAiB,EACpB,MAAM,cAAc,CAAC;AAgBtB,eAAO,MAAM,2BAA2B,IAAS,CAAC;AAElD,MAAM,WAAW,gBAAgB;IAC7B,YAAY,EAAE,UAAU,CAAC;IACzB,YAAY,EAAE,UAAU,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,qBAAqB,CAAC,EAAE,oBAAoB,EAAE,CAAC;CAClD;AAsBD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IAClC,OAAO,EAAE,aAAa,CAAC;IACvB,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAExC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACnB;AAID;;GAEG;AACH,qBAAa,cAAc;;gBAeX,OAAO,EAAE,qBAAqB;IAY1C,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAS9C,IAAI,YAAY,iCAEf;IAED,IAAI,OAAO,0BAEV;IAED;;OAEG;IACH,IAAI,QAAQ,2CAEX;IAED;;OAEG;IACH,IAAI,gBAAgB,iCAEnB;IAED;;;OAGG;IACH,IAAI,iBAAiB,IAAI,iBAAiB,CAEzC;IAED;;;;;OAKG;IACH,IAAI,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,iBAAiB,CAAC,EAK3D;IAED;;OAEG;IACH,IAAI,oBAAoB,2EAEvB;IAED;;OAEG;IACH,IAAI,mBAAmB,yCAEtB;IAED;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW;IAI5C;;OAEG;IACH,IAAI,KAAK,YAER;IAED,qBAAqB,CAAC,OAAO,EAAE;QAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,iBAAiB,CAAC,EAAE,uBAAuB,CAAC;QAC5C,WAAW,CAAC,EAAE,OAAO,CAAC;KACzB;IA0BK,mBAAmB,CAAC,IAAI,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAC3B,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,UAAU,CAAC;QACzB,IAAI,EAAE,UAAU,CAAC;QACjB,WAAW,EAAE,OAAO,CAAC;QACrB,YAAY,EAAE,OAAO,CAAC;QACtB,qBAAqB,CAAC,EAAE,uBAAuB,CAAC;QAChD,qBAAqB,CAAC,EAAE,oBAAoB,EAAE,CAAC;KAClD;IA6CD;;;OAGG;IACG,sBAAsB,CAAC,OAAO,EAAE,WAAW;IAUjD;;;OAGG;IACG,gCAAgC,CAAC,MAAM,EAAE,MAAM;IAkBrD,yBAAyB;IAenB,yBAAyB;IAoB/B,UAAU,CAAC,SAAS,EAAE,MAAM;IAM5B,cAAc,IAKL,aAAa;IAGtB,iBAAiB,CAAC,OAAO,EAAE,WAAW;IAWhC,wBAAwB,CAAC,OAAO,EAAE,WAAW,EAAE,SAAS,UAAQ,EAAE,2BAA2B,CAAC,EAAE,MAAM;IAc5G,kBAAkB,CAAC,YAAY,CAAC,EAAE,MAAM;IASxC,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM;IAWxD,wBAAwB,CAAC,YAAY,EAAE,UAAU;IAKjD,6BAA6B,CAAC,OAAO,EAAE,WAAW;IAK5C,oBAAoB,CAAC,gBAAgB,EAAE,gBAAgB;IAoG7D,2BAA2B;;;;;;;;;;;IAiBrB,KAAK;IAqBL,KAAK;IAMX,sBAAsB;IAUtB,mFAAmF;IAC7E,yBAAyB,CAAC,WAAW,EAAE,WAAW,EAAE,kBAAkB,CAAC,EAAE,OAAO;IAUtF;;OAEG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM;CAIrC"}
+{"version":3,"file":"SessionManager.d.ts","sourceRoot":"","sources":["../../../src/session/SessionManager.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EACH,QAAQ,EAER,YAAY,EAEZ,WAAW,EACX,aAAa,EAMb,UAAU,EAEV,cAAc,EAEjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAE5D,OAAO,EAAE,WAAW,EAAkB,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAA0C,WAAW,EAAW,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGpH,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,OAAO,EAMH,OAAO,EAIP,uBAAuB,EACvB,iBAAiB,EACpB,MAAM,cAAc,CAAC;AAgBtB,eAAO,MAAM,2BAA2B,IAAS,CAAC;AAElD,MAAM,WAAW,gBAAgB;IAC7B,YAAY,EAAE,UAAU,CAAC;IACzB,YAAY,EAAE,UAAU,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,qBAAqB,CAAC,EAAE,oBAAoB,EAAE,CAAC;CAClD;AAsBD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IAClC,OAAO,EAAE,aAAa,CAAC;IACvB,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAExC;;;;OAIG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACnB;AAID;;GAEG;AACH,qBAAa,cAAc;;gBAgBX,OAAO,EAAE,qBAAqB;IAY1C,MAAM,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,WAAW;IAS9C,IAAI,YAAY,iCAEf;IAED,IAAI,OAAO,0BAEV;IAED;;OAEG;IACH,IAAI,QAAQ,uCAEX;IAED;;OAEG;IACH,IAAI,gBAAgB,iCAEnB;IAED;;;OAGG;IACH,IAAI,iBAAiB,IAAI,iBAAiB,CAEzC;IAED;;;;;OAKG;IACH,IAAI,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,iBAAiB,CAAC,EAK3D;IAED;;OAEG;IACH,IAAI,oBAAoB,yEAEvB;IAED;;OAEG;IACH,IAAI,mBAAmB,yCAEtB;IAED;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,WAAW;IAI5C;;OAEG;IACH,IAAI,KAAK,YAER;IAED,qBAAqB,CAAC,OAAO,EAAE;QAC3B,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,iBAAiB,CAAC,EAAE,uBAAuB,CAAC;QAC5C,WAAW,CAAC,EAAE,OAAO,CAAC;KACzB;IA0BK,mBAAmB,CAAC,IAAI,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;QAC3B,UAAU,EAAE,MAAM,CAAC;QACnB,aAAa,EAAE,MAAM,CAAC;QACtB,YAAY,EAAE,UAAU,CAAC;QACzB,IAAI,EAAE,UAAU,CAAC;QACjB,WAAW,EAAE,OAAO,CAAC;QACrB,YAAY,EAAE,OAAO,CAAC;QACtB,qBAAqB,CAAC,EAAE,uBAAuB,CAAC;QAChD,qBAAqB,CAAC,EAAE,oBAAoB,EAAE,CAAC;KAClD;IA6CD;;;OAGG;IACG,sBAAsB,CAAC,OAAO,EAAE,WAAW;IAUjD;;;OAGG;IACG,gCAAgC,CAAC,MAAM,EAAE,MAAM;IAkBrD,yBAAyB;IAenB,yBAAyB;IAoB/B,UAAU,CAAC,SAAS,EAAE,MAAM;IAM5B,cAAc,IAKL,WAAW;IAGpB,iBAAiB,CAAC,OAAO,EAAE,WAAW;IAWhC,wBAAwB,CAAC,OAAO,EAAE,WAAW,EAAE,SAAS,UAAQ,EAAE,2BAA2B,CAAC,EAAE,MAAM;IAc5G,kBAAkB,CAAC,YAAY,CAAC,EAAE,MAAM;IASxC;;;;OAIG;IACH,sBAAsB,CAAC,OAAO,EAAE,WAAW;IA0B3C;;;OAGG;IACH,sBAAsB,CAAC,MAAM,EAAE,aAAa,EAAE,GAAG,EAAE,UAAU;;;;;IA4B7D,oBAAoB,CAAC,OAAO,EAAE,YAAY;IAO1C,kBAAkB,CAAC,OAAO,EAAE,YAAY;IAWxC,wBAAwB,CAAC,YAAY,EAAE,UAAU;IAKjD,6BAA6B,CAAC,OAAO,EAAE,WAAW;IAK5C,oBAAoB,CAAC,gBAAgB,EAAE,gBAAgB;IAoG7D,2BAA2B;;;;;;;;;;;IAiBrB,KAAK;IA0BL,KAAK;IAMX,sBAAsB;IAUtB,mFAAmF;IAC7E,yBAAyB,CAAC,WAAW,EAAE,WAAW,EAAE,kBAAkB,CAAC,EAAE,OAAO;IAUtF;;OAEG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM;CAIrC"}

package/dist/cjs/session/SessionManager.js

@@ -26,10 +26,13 @@ var import_FabricManager = require("#fabric/FabricManager.js");
 var import_general = require("#general");
 var import_model = require("#model");
 var import_PeerAddress = require("#peer/PeerAddress.js");
+var import_GroupSession = require("#session/GroupSession.js");
 var import_types = require("#types");
+var import_general2 = require("@matter/general");
 var import_Scanner = require("../common/Scanner.js");
 var import_MessageCounter = require("../protocol/MessageCounter.js");
 var import_InsecureSession = require("./InsecureSession.js");
+var import_NodeSession = require("./NodeSession.js");
 var import_SecureSession = require("./SecureSession.js");
 var import_Session = require("./Session.js");
 /**
@@ -55,6 +58,7 @@ class SessionManager {
   #context;
   #insecureSessions = /* @__PURE__ */ new Map();
   #sessions = new import_general.BasicSet();
+  #groupSessions = /* @__PURE__ */ new Map();
   #nextSessionId = import_general.Crypto.getRandomUInt16();
   #resumptionRecords = new import_PeerAddress.PeerAddressMap();
   #globalUnencryptedMessageCounter = new import_MessageCounter.MessageCounter();
@@ -178,7 +182,7 @@ class SessionManager {
       peerSessionParameters,
       caseAuthenticatedTags
     } = args;
-    const session = await import_SecureSession.SecureSession.create({
+    const session = await import_NodeSession.NodeSession.create({
       manager: this,
       id: sessionId,
       fabric,
@@ -268,7 +272,7 @@ class SessionManager {
   getPaseSession() {
     this.#construction.assert();
     return [...this.#sessions].find(
-      (session) => session.isSecure && session.isPase && !session.closingAfterExchangeFinished
+      (session) => import_NodeSession.NodeSession.is(session) && session.isPase && !session.closingAfterExchangeFinished
     );
   }
   getSessionForNode(address) {
@@ -298,9 +302,78 @@ class SessionManager {
     }
     return this.#insecureSessions.get(sourceNodeId);
   }
-  findGroupSession(groupId, groupSessionId) {
-    this.#construction.assert();
-    throw new Error(`Not implemented ${groupId} ${groupSessionId}`);
+  /**
+   * Creates or Returns a Group Session for a Group Peer Address.
+   * This is used for sending group messages because it returns the session for the current
+   * Group Epoch key. The Source Node Id is the own Node.
+   */
+  groupSessionForAddress(address) {
+    const groupId = import_types.GroupId.fromNodeId(address.nodeId);
+    import_types.GroupId.assertGroupId(groupId);
+    const fabric = this.fabricFor(address);
+    const { key, keySetId, sessionId } = fabric.groups.currentKeyForGroup(groupId);
+    if (sessionId === void 0 || key === void 0) {
+      throw new import_general2.UnexpectedDataError(
+        `No group session data found for group ${groupId} in fabric ${fabric.fabricId}.`
+      );
+    }
+    let session = this.#groupSessions.get(fabric.nodeId)?.get("id", sessionId);
+    if (session === void 0) {
+      session = new import_GroupSession.GroupSession({
+        manager: this,
+        id: sessionId,
+        fabric,
+        keySetId,
+        operationalGroupKey: key,
+        peerNodeId: address.nodeId
+        // The peer node ID is the group node ID
+      });
+    }
+    return session;
+  }
+  /**
+   * Creates or Returns the Group session based on an incoming packet.
+   * The Session ID is determined by trying to decrypt te packet with possible keys.
+   */
+  groupSessionFromPacket(packet, aad) {
+    const groupId = packet.header.destGroupId;
+    if (groupId === void 0) {
+      throw new import_general2.UnexpectedDataError("Group ID is required for GroupSession fromPacket.");
+    }
+    import_types.GroupId.assertGroupId((0, import_types.GroupId)(groupId));
+    const { message, key, sessionId, sourceNodeId, keySetId, fabric } = import_GroupSession.GroupSession.decode(
+      this.#context.fabrics,
+      packet,
+      aad
+    );
+    let session = this.#groupSessions.get(sourceNodeId)?.get("id", sessionId);
+    if (session === void 0) {
+      session = new import_GroupSession.GroupSession({
+        manager: this,
+        id: sessionId,
+        fabric,
+        keySetId,
+        operationalGroupKey: key,
+        peerNodeId: sourceNodeId
+      });
+    }
+    return { session, message, key };
+  }
+  registerGroupSession(session) {
+    const sourceNodeId = session.peerNodeId;
+    const peerSessions = this.#groupSessions.get(sourceNodeId) ?? new import_general.BasicSet();
+    peerSessions.add(session);
+    this.#groupSessions.set(sourceNodeId, peerSessions);
+  }
+  removeGroupSession(session) {
+    const sourceNodeId = session.peerNodeId;
+    const peerSessions = this.#groupSessions.get(sourceNodeId);
+    if (peerSessions) {
+      peerSessions.delete(session);
+      if (peerSessions.size === 0) {
+        this.#groupSessions.delete(sourceNodeId);
+      }
+    }
   }
   findResumptionRecordById(resumptionId) {
     this.#construction.assert();
@@ -427,6 +500,11 @@ class SessionManager {
     for (const session of this.#insecureSessions.values()) {
       closePromises.push(session?.end());
     }
+    for (const sessions of this.#groupSessions.values()) {
+      for (const session of sessions) {
+        closePromises.push(session?.end());
+      }
+    }
     await import_general.MatterAggregateError.allSettled(closePromises, "Error closing sessions").catch(
       (error) => logger.error(error)
     );