@matter/protocol 0.16.0-alpha.0-20251018-dd1ea6a8a → 0.16.0-alpha.0-20251021-cca02fb0e

package/src/fabric/FabricAuthority.ts

@@ -24,21 +24,15 @@ const logger = Logger.get("FabricAuthority");
 /**
  * Configuration for fabrics controlled by a FabricAuthority.
  */
-interface FabricAuthorityConfiguration {
-    adminVendorId?: VendorId;
-    fabricIndex?: FabricIndex;
-    fabricId?: FabricId;
-    caseAuthenticatedTags?: CaseAuthenticatedTag[];
-    adminFabricLabel: string;
-}
-
-/**
- * Concrete {@link FabricAuthorityConfiguration} for environmental configuration.
- */
-export class FabricAuthorityConfigurationProvider implements FabricAuthorityConfiguration {
-    get adminFabricLabel(): string {
-        throw new ImplementationError("Admin Fabric Label must be set for FabricAuthorityConfigurationProvider.");
-    }
+export interface FabricAuthorityConfiguration {
+    readonly adminFabricLabel: string;
+    readonly adminVendorId?: VendorId;
+    readonly adminNodeId?: NodeId;
+
+    /** @deprecated Fabric index is assigned automatically, please do not specify this. */
+    readonly adminFabricIndex?: FabricIndex;
+    readonly adminFabricId?: FabricId;
+    readonly caseAuthenticatedTags?: CaseAuthenticatedTag[];
 }
 
 /**
@@ -47,7 +41,6 @@ export class FabricAuthorityConfigurationProvider implements FabricAuthorityConf
 export interface FabricAuthorityContext {
     ca: CertificateAuthority;
     fabrics: FabricManager;
-    config: FabricAuthorityConfiguration;
 }
 
 export const DEFAULT_ADMIN_VENDOR_ID = VendorId(0xfff1);
@@ -59,13 +52,11 @@ export class FabricAuthority {
     #construction: Construction<FabricAuthority>;
     #ca: CertificateAuthority;
     #fabrics: FabricManager;
-    #config: FabricAuthorityConfiguration;
     #fabricAdded = new Observable<[Fabric]>();
 
-    constructor({ ca, fabrics, config }: FabricAuthorityContext) {
+    constructor({ ca, fabrics }: FabricAuthorityContext) {
         this.#ca = ca;
         this.#fabrics = fabrics;
-        this.#config = config;
 
         this.#construction = Construction(this, async () => {
             await this.#ca.construction;
@@ -87,18 +78,19 @@ export class FabricAuthority {
     /**
      * Obtain the default fabric for this authority.
      */
-    async defaultFabric() {
+    async defaultFabric(config: FabricAuthorityConfiguration) {
         // First search for a fabric associated with the CA's root certificate
-        const fabric = this.fabrics[0];
+        const caRootCert = this.#ca.rootCert;
+        const fabric = this.fabrics.find(fabric => Bytes.areEqual(fabric.rootCert, caRootCert));
         if (fabric !== undefined) {
-            if (fabric.label !== this.#config.adminFabricLabel) {
-                await fabric.setLabel(this.#config.adminFabricLabel);
+            if (fabric.label !== config.adminFabricLabel) {
+                await fabric.setLabel(config.adminFabricLabel);
             }
             return fabric;
         }
 
         // Create a new fabric
-        return await this.createFabric();
+        return await this.createFabric(config);
     }
 
     /**
@@ -125,11 +117,11 @@ export class FabricAuthority {
     /**
      * Create a new fabric under our control.
      */
-    async createFabric() {
-        const rootNodeId = NodeId.randomOperationalNodeId(this.#fabrics.crypto);
+    async createFabric(config: FabricAuthorityConfiguration) {
+        const rootNodeId = config.adminNodeId ?? NodeId.randomOperationalNodeId(this.#fabrics.crypto);
         const ipkValue = this.#fabrics.crypto.randomBytes(CRYPTO_SYMMETRIC_KEY_LENGTH);
 
-        let vendorId = this.#config.adminVendorId;
+        let vendorId = config.adminVendorId;
         if (vendorId === undefined) {
             vendorId = DEFAULT_ADMIN_VENDOR_ID;
             logger.warn(`Using test vendor ID 0x${vendorId.toString(16)} for controller fabric`);
@@ -140,20 +132,15 @@ export class FabricAuthority {
         fabricBuilder
             .setRootNodeId(rootNodeId)
             .setIdentityProtectionKey(ipkValue)
-            .setRootVendorId(this.#config.adminVendorId ?? DEFAULT_ADMIN_VENDOR_ID)
-            .setLabel(this.#config.adminFabricLabel);
+            .setRootVendorId(vendorId)
+            .setLabel(config.adminFabricLabel);
 
-        const fabricId = this.#config.fabricId ?? FabricId(this.#fabrics.crypto.randomBigInt(8));
+        const fabricId = config.adminFabricId ?? FabricId(this.#fabrics.crypto.randomBigInt(8));
         await fabricBuilder.setOperationalCert(
-            await this.#ca.generateNoc(
-                fabricBuilder.publicKey,
-                fabricId,
-                rootNodeId,
-                this.#config.caseAuthenticatedTags,
-            ),
+            await this.#ca.generateNoc(fabricBuilder.publicKey, fabricId, rootNodeId, config.caseAuthenticatedTags),
         );
 
-        let index = this.#config.fabricIndex;
+        let index = config.adminFabricIndex;
         if (index === undefined) {
             index = this.#fabrics.allocateFabricIndex();
         } else if (this.#fabrics.findByIndex(index) !== undefined) {
@@ -173,7 +160,6 @@ export class FabricAuthority {
         const instance = new FabricAuthority({
             ca: env.get(CertificateAuthority),
             fabrics: env.get(FabricManager),
-            config: env.get(FabricAuthorityConfigurationProvider),
         });
         env.set(FabricAuthority, instance);
         return instance;

package/src/fabric/TestFabric.ts

@@ -19,8 +19,14 @@ import { FabricManager } from "./FabricManager.js";
  */
 export async function TestFabric(options: TestFabric.Options = {}) {
     const authority = await TestFabric.Authority(options);
+    const { index } = options;
 
-    return authority.createFabric();
+    return authority.createFabric({
+        adminFabricLabel: `mock-fabric-${index}`,
+        adminVendorId: VendorId(0xfff1),
+        adminFabricIndex: index !== undefined ? FabricIndex(index) : undefined,
+        adminFabricId: FabricId(1),
+    });
 }
 
 export namespace TestFabric {
@@ -31,35 +37,28 @@ export namespace TestFabric {
      *
      * Crypto matter is stable with respect to {@link index}.
      */
-    export async function Authority({ index, fabrics }: Options = {}) {
-        if (index === undefined) {
+    export async function Authority(options: Options = {}) {
+        let { fabrics } = options;
+        if (options.index === undefined) {
             if (fabrics) {
-                index = fabrics.allocateFabricIndex();
+                options.index = fabrics.allocateFabricIndex();
             } else {
-                index = 1;
+                options.index = 1;
             }
         }
 
-        if (index < 1 || index > 254) {
+        if (options.index < 1 || options.index > 254) {
             throw new ImplementationError("Test fabric indexes must be in the range 1-254");
         }
 
         if (!fabrics) {
-            fabrics = new FabricManager(MockCrypto(index));
+            fabrics = new FabricManager(MockCrypto(options.index));
         }
 
-        const authority = new FabricAuthority({
+        return new FabricAuthority({
             ca: await CertificateAuthority.create(fabrics.crypto),
-            config: {
-                adminFabricLabel: `mock-fabric-${index}`,
-                adminVendorId: VendorId(0xfff1),
-                fabricIndex: FabricIndex(index),
-                fabricId: FabricId(1),
-            },
             fabrics,
         });
-
-        return authority;
     }
 
     export interface Options {

package/src/interaction/FabricAccessControl.ts

@@ -6,7 +6,7 @@
 import { Subject } from "#action/server/Subject.js";
 import { AccessControl } from "#clusters/access-control";
 import type { Fabric } from "#fabric/Fabric.js";
-import { InternalError, Logger, MatterFlowError } from "#general";
+import { Diagnostic, InternalError, Logger, MatterFlowError } from "#general";
 import { AccessLevel } from "#model";
 import {
     CaseAuthenticatedTag,
@@ -94,7 +94,10 @@ export class FabricAccessControl {
             throw new InternalError("ACL entries must match the fabric index of the manager");
         }
         this.#aclList = [...aclList] as unknown as AclList; // It is the same structure we just use an internal type for privilege
-        logger.info("ACL List updated for FabricIndex ", this.#fabricIndex, this.#aclList);
+        logger.info(
+            "ACL List updated",
+            this.#aclList.map(e => Diagnostic.dict(e)),
+        );
     }
 
     set extensionEntryAccessCheck(

package/src/mdns/MdnsClient.ts

@@ -184,9 +184,10 @@ export class MdnsClient implements Scanner {
         this.#updateScanTargets();
         logger.info(
             "MDNS Scan targets updated :",
-            `commissionable = ${this.#scanForCommissionableDevices}`,
-            "Targets:",
-            this.#operationalScanTargets,
+            Diagnostic.dict({
+                commissionable: this.#scanForCommissionableDevices,
+                operational: this.#operationalScanTargets,
+            }),
         );
     }
 
@@ -220,7 +221,7 @@ export class MdnsClient implements Scanner {
         this.#updateListeningStatus();
     }
 
-    /** Update the status of we care about MDNS messages or not */
+    /** Update the status if we care about MDNS messages or not */
     #updateListeningStatus() {
         const formerListenStatus = this.#listening;
         // Are we interested in MDNS traffic or not?
@@ -786,25 +787,41 @@ export class MdnsClient implements Scanner {
             },
         );
 
-        while (!canceled) {
-            this.#getCommissionableDeviceRecords(identifier).forEach(device => {
-                const { deviceIdentifier } = device;
-                if (!discoveredDevices.has(deviceIdentifier)) {
-                    discoveredDevices.add(deviceIdentifier);
-                    callback(device);
-                }
-            });
+        // We scan continuously, so make sure we are registered for commissionable devices
+        const criteria: MdnsScannerTargetCriteria = { commissionable: true, operationalTargets: [] };
+        this.targetCriteriaProviders.add(criteria);
+
+        try {
+            let lastDiscoveredDevices: CommissionableDevice[] | undefined = undefined;
+            while (!canceled) {
+                this.#getCommissionableDeviceRecords(identifier).forEach(device => {
+                    const { deviceIdentifier } = device;
+                    if (!discoveredDevices.has(deviceIdentifier)) {
+                        discoveredDevices.add(deviceIdentifier);
+                        callback(device);
+                    }
+                });
 
-            let remainingTime;
-            if (discoveryEndTime !== undefined) {
-                remainingTime = Seconds.ceil(Timespan(Time.nowMs, discoveryEndTime).duration);
-                if (remainingTime <= 0) {
-                    break;
+                let remainingTime;
+                if (discoveryEndTime !== undefined) {
+                    remainingTime = Seconds.ceil(Timespan(Time.nowMs, discoveryEndTime).duration);
+                    if (remainingTime <= 0) {
+                        break;
+                    }
                 }
+                lastDiscoveredDevices = await this.#registerWaiterPromise(
+                    queryId,
+                    true,
+                    remainingTime,
+                    () => this.#getCommissionableDeviceRecords(identifier),
+                    false,
+                    queryResolver,
+                );
             }
-            await this.#registerWaiterPromise(queryId, true, remainingTime, undefined, false, queryResolver);
+            return lastDiscoveredDevices ?? this.#getCommissionableDeviceRecords(identifier);
+        } finally {
+            this.targetCriteriaProviders.delete(criteria);
         }
-        return this.#getCommissionableDeviceRecords(identifier);
     }
 
     getDiscoveredCommissionableDevices(identifier: CommissionableDeviceIdentifiers) {

package/src/peer/ControllerDiscovery.ts

@@ -88,9 +88,9 @@ export class ControllerDiscovery {
     ): Promise<CommissionableDevice[]> {
         const discoveredDevices = new Map<string, CommissionableDevice>();
 
-        await Promise.all(
-            scanners.map(async scanner => {
-                await scanner.findCommissionableDevicesContinuously(
+        const results = await Promise.all(
+            scanners.map(async scanner =>
+                scanner.findCommissionableDevicesContinuously(
                     identifier,
                     device => {
                         const { deviceIdentifier } = device;
@@ -100,14 +100,13 @@ export class ControllerDiscovery {
                         }
                     },
                     timeout,
-                );
-            }),
+                ),
+            ),
         );
 
         // The final answer only consists the devices still left, so expired ones will be excluded
         const finalDiscoveredDevices = new Map<string, CommissionableDevice>();
-        scanners.forEach(scanner => {
-            const devices = scanner.getDiscoveredCommissionableDevices(identifier);
+        results.forEach(devices => {
             devices.forEach(device => {
                 const { deviceIdentifier } = device;
                 if (!discoveredDevices.has(deviceIdentifier)) {

package/src/protocol/DeviceAdvertiser.ts

@@ -166,7 +166,7 @@ export class DeviceAdvertiser {
      * Advertise the device as operational.
      */
     enterOperationalMode() {
-        if (this.#isOperational) {
+        if (this.#isOperational || this.#isClosing) {
             return;
         }
 
@@ -179,7 +179,7 @@ export class DeviceAdvertiser {
      * Begin automatic broadcast for fabrics if in operational mode.
      */
     #startOperationalAdvertisement() {
-        if (!this.#isOperational) {
+        if (!this.#isOperational || this.#isClosing) {
             return;
         }
 

package/src/protocol/MessageExchange.ts

@@ -494,10 +494,10 @@ export class MessageExchange {
 
     #retransmitMessage(message: Message, expectedProcessingTime?: Duration) {
         this.#retransmissionCounter++;
-        if (this.#retransmissionCounter >= MRP.MAX_TRANSMISSIONS) {
+        if (this.#isClosing || this.#retransmissionCounter >= MRP.MAX_TRANSMISSIONS) {
             // Ok all 4 resubmissions are done, but we need to wait a bit longer because of processing time and
             // the resubmissions from the other side
-            if (expectedProcessingTime) {
+            if (expectedProcessingTime && !this.#isClosing) {
                 // We already have waited after the last message was sent, so deduct this time from the final wait time
                 const finalWaitTime = Millis(
                     this.channel.calculateMaximumPeerResponseTime(

package/src/securechannel/SecureChannelProtocol.ts

@@ -7,6 +7,7 @@
 import { FabricManager } from "#fabric/FabricManager.js";
 import { AsyncObservable, Environment, Environmental, Logger, MatterFlowError } from "#general";
 import { ExchangeManager } from "#protocol/ExchangeManager.js";
+import { NodeSession } from "#session/NodeSession.js";
 import { SessionManager } from "#session/SessionManager.js";
 import {
     GeneralStatusCode,
@@ -19,7 +20,6 @@ import {
 import { Message } from "../codec/MessageCodec.js";
 import { MessageExchange } from "../protocol/MessageExchange.js";
 import { ProtocolHandler } from "../protocol/ProtocolHandler.js";
-import { SecureSession } from "../session/SecureSession.js";
 import { CaseServer } from "../session/case/CaseServer.js";
 import { MaximumPasePairingErrorsReachedError, PaseServer } from "../session/pase/PaseServer.js";
 import { ChannelStatusResponseError, SecureChannelMessenger } from "./SecureChannelMessenger.js";
@@ -83,10 +83,9 @@ export class StatusReportOnlySecureChannelProtocol implements ProtocolHandler {
         }
 
         const { session } = exchange;
-        SecureSession.assert(session);
+        NodeSession.assert(session);
         logger.debug(`Peer requested to close session ${session.name}. Remove session now.`);
-        // TODO: and do more - see Core Specs 5.5
-        await session.destroy(false, false);
+        await session.closeByPeer();
     }
 
     async close() {

package/src/session/NodeSession.ts

@@ -331,6 +331,11 @@ export class NodeSession extends SecureSession {
         await this.destroy(sendClose, closeAfterExchangeFinished);
     }
 
+    async closeByPeer() {
+        await this.destroy(false, false);
+        await this.closedByPeer.emit();
+    }
+
     /** Destroys a session. Outstanding subscription data will be discarded. */
     async destroy(sendClose = false, closeAfterExchangeFinished = true) {
         await this.clearSubscriptions(false);

package/src/session/Session.ts

@@ -97,6 +97,7 @@ export abstract class Session {
      */
     closer?: Promise<void>;
     #destroyed = AsyncObservable<[]>();
+    #closedByPeer = AsyncObservable<[]>();
 
     constructor(args: {
         manager?: SessionManager;
@@ -143,6 +144,10 @@ export abstract class Session {
         return this.#destroyed;
     }
 
+    get closedByPeer() {
+        return this.#closedByPeer;
+    }
+
     notifyActivity(messageReceived: boolean) {
         this.timestamp = Time.nowMs;
         if (messageReceived) {

package/src/session/SessionManager.ts

@@ -31,7 +31,7 @@ import { PeerAddress, PeerAddressMap } from "#peer/PeerAddress.js";
 import { GroupSession } from "#session/GroupSession.js";
 import { CaseAuthenticatedTag, DEFAULT_MAX_PATHS_PER_INVOKE, FabricId, FabricIndex, GroupId, NodeId } from "#types";
 import { UnexpectedDataError } from "@matter/general";
-import { Fabric } from "../fabric/Fabric.js";
+import { ExposedFabricInformation, Fabric } from "../fabric/Fabric.js";
 import { MessageCounter } from "../protocol/MessageCounter.js";
 import { InsecureSession } from "./InsecureSession.js";
 import { NodeSession } from "./NodeSession.js";
@@ -90,6 +90,18 @@ type ResumptionStorageRecord = {
     caseAuthenticatedTags?: CaseAuthenticatedTag[];
 };
 
+export interface ActiveSessionInformation {
+    name: string;
+    nodeId: NodeId;
+    peerNodeId: NodeId;
+    fabric?: ExposedFabricInformation;
+    isPeerActive: boolean;
+    secure: boolean;
+    lastInteractionTimestamp?: number;
+    lastActiveTimestamp?: number;
+    numberOfActiveSubscriptions: number;
+}
+
 /**
  * Interfaces {@link SessionManager} with other components.
  */
@@ -654,7 +666,7 @@ export class SessionManager {
         );
     }
 
-    getActiveSessionInformation() {
+    getActiveSessionInformation(): ActiveSessionInformation[] {
         this.#construction.assert();
         return [...this.#sessions]
             .filter(session => session.isSecure && !session.isPase)

package/src/session/case/CaseMessenger.ts

@@ -47,6 +47,8 @@ export class CaseClientMessenger extends SecureChannelMessenger {
             payload,
             payloadHeader: { messageType },
         } = await this.anyNextMessage("Sigma2(Resume)");
+
+        // TODO Add support for BUSY response and resend the message after waiting time
         switch (messageType) {
             case SecureMessageType.Sigma2:
                 return { sigma2Bytes: payload, sigma2: TlvCaseSigma2.decode(payload) as CaseSigma2 };

package/src/session/index.ts

@@ -17,4 +17,5 @@ export * from "./pase/PaseMessenger.js";
 export * from "./pase/PaseServer.js";
 export * from "./SecureSession.js";
 export * from "./Session.js";
+export * from "./SessionIntervals.js";
 export * from "./SessionManager.js";

package/src/session/pase/PaseMessenger.ts

@@ -60,6 +60,8 @@ export class PaseClientMessenger extends SecureChannelMessenger {
             SecureMessageType.PbkdfParamResponse,
             DEFAULT_NORMAL_PROCESSING_TIME,
         );
+
+        // TODO Add support for BUSY response and resend the message after waiting time
         return { responsePayload: payload, response: TlvPbkdfParamResponse.decode(payload) as PbkdfParamResponse };
     }