npm - @project-chip/matter.js - Versions diffs - 0.9.2 → 0.9.4 - Mend

@project-chip/matter.js 0.9.2 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (288) hide show

package/src/cluster/server/AttributeServer.ts CHANGED Viewed

@@ -13,7 +13,13 @@ import { AttributeId } from "../../datatype/AttributeId.js";
 import { Endpoint as EndpointInterface } from "../../device/Endpoint.js";
 import { Fabric } from "../../fabric/Fabric.js";
 import { Logger } from "../../log/Logger.js";
-import { Globals } from "../../model/index.js";
+import {
+    AttributeModel,
+    ClusterModel,
+    DatatypeModel,
+    Globals,
+    MatterModel as MatterModelObj,
+} from "../../model/index.js";
 import { StatusCode, StatusResponseError } from "../../protocol/interaction/StatusCode.js";
 import { BitSchema, TypeFromPartialBitSchema } from "../../schema/BitmapSchema.js";
 import { NoAssociatedFabricError, SecureSession, assertSecureSession } from "../../session/SecureSession.js";
@@ -21,11 +27,15 @@ import { Session } from "../../session/Session.js";
 import { TlvSchema } from "../../tlv/TlvSchema.js";
 import { isDeepEqual } from "../../util/DeepEqual.js";
 import { MaybePromise } from "../../util/Promises.js";
+import { camelize } from "../../util/String.js";
 import { AccessLevel, Attribute, Attributes, Cluster, Commands, Events } from "../Cluster.js";
 import { ClusterDatasource } from "./ClusterServerTypes.js";
 const logger = Logger.get("AttributeServer");
+const FabricIndexName = "fabricIndex";
+const MatterModel = new MatterModelObj();
 /**
  * Thrown when an operation cannot complete because fabric information is
  * unavailable.
@@ -178,6 +188,10 @@ export abstract class BaseAttributeServer<T> {
         this.defaultValue = this.value;
     }
+    get hasFabricSensitiveData() {
+        return false;
+    }
     validateWithSchema(value: T) {
         try {
             this.schema.validate(value);
@@ -727,6 +741,7 @@ export function genericFabricScopedAttributeSetter<T>(
 export class FabricScopedAttributeServer<T> extends AttributeServer<T> {
     private readonly isCustomGetter: boolean;
     private readonly isCustomSetter: boolean;
+    private readonly fabricSensitiveElementsToRemove = new Array<string>();
     constructor(
         id: AttributeId,
@@ -814,6 +829,69 @@ export class FabricScopedAttributeServer<T> extends AttributeServer<T> {
         );
         this.isCustomGetter = isCustomGetter;
         this.isCustomSetter = isCustomSetter;
+        this.#determineSensitiveFieldsToRemove();
+    }
+    #determineSensitiveFieldsToRemove() {
+        const clusterFromModel = MatterModel.get(ClusterModel, this.cluster.id);
+        if (clusterFromModel === undefined) {
+            logger.debug(`${this.cluster.name}: Cluster for Fabric scoped element not found in Model, ignore`);
+            return;
+        }
+        const attributeFromModel = clusterFromModel.get(AttributeModel, this.id);
+        if (attributeFromModel === undefined) {
+            logger.debug(
+                `${this.cluster.name}.${this.id}: Attribute for Fabric scoped element not found in Model, ignore`,
+            );
+            return;
+        }
+        if (!attributeFromModel.fabricScoped) {
+            logger.debug(`${this.cluster.name}.${this.id}: Attribute is not Fabric scoped in model, ignore`);
+            return;
+        }
+        if (attributeFromModel.children.length !== 1) {
+            logger.debug(`${this.cluster.name}.${this.id}: Attribute has not exactly one child, ignore`);
+            return;
+        }
+        const type = attributeFromModel.children[0].type;
+        if (type === undefined) {
+            logger.debug(`${this.cluster.name}.${this.id}: Attribute field has no type, ignore`);
+            return;
+        }
+        const dataType = clusterFromModel.get(DatatypeModel, type);
+        if (dataType === undefined) {
+            logger.debug(`${this.cluster.name}.${this.id}: DataType ${type} not found in model, ignore`);
+            return;
+        }
+        dataType.children
+            .filter(field => field.fabricSensitive)
+            .forEach(field => this.fabricSensitiveElementsToRemove.push(camelize(field.name)));
+    }
+    override get hasFabricSensitiveData() {
+        return this.fabricSensitiveElementsToRemove.length > 0;
+    }
+    /**
+     * Sanitize the value of the attribute by removing fabric sensitive fields that do not belong to the
+     * associated fabric
+     */
+    sanitizeFabricSensitiveFields(value: T, associatedFabric?: Fabric) {
+        if (this.fabricSensitiveElementsToRemove.length && Array.isArray(value)) {
+            // Get the associated Fabric Index or uses -1 when no Fabric is associated because this value will
+            // never be in the struct
+            const associatedFabricIndex = associatedFabric?.fabricIndex ?? -1;
+            return value.map(data => {
+                if (data[FabricIndexName] !== associatedFabricIndex) {
+                    const result = { ...data };
+                    this.fabricSensitiveElementsToRemove.forEach(fieldName => delete result[fieldName]);
+                    return result;
+                }
+                return data;
+            });
+        }
+        return value;
     }
     /**

package/src/cluster/server/ClusterServer.ts CHANGED Viewed

@@ -37,7 +37,7 @@ import {
     SupportedEventsList,
 } from "./ClusterServerTypes.js";
 import { CommandServer } from "./CommandServer.js";
-import { EventServer } from "./EventServer.js";
+import { createEventServer } from "./EventServer.js";
 const logger = Logger.get("ClusterServer");
@@ -508,7 +508,14 @@ export function ClusterServer<
         }
         if ((supportedEvents as any)[eventName] === true) {
-            (events as any)[eventName] = new EventServer(id, clusterId, eventName, schema, priority, readAcl);
+            (events as any)[eventName] = createEventServer(
+                clusterDef,
+                eventDef[eventName],
+                eventName,
+                schema,
+                priority,
+                readAcl,
+            );
             const capitalizedEventName = capitalize(eventName);
             result[`trigger${capitalizedEventName}Event`] = <T>(event: T) =>
                 (events as any)[eventName].triggerEvent(event);

package/src/cluster/server/ClusterServerTypes.ts CHANGED Viewed

@@ -49,7 +49,7 @@ import {
 import { Scenes } from "../definitions/ScenesCluster.js";
 import { AttributeServer, FabricScopedAttributeServer, FixedAttributeServer } from "./AttributeServer.js";
 import { CommandServer } from "./CommandServer.js";
-import { EventServer } from "./EventServer.js";
+import { AnyEventServer } from "./EventServer.js";
 /** Cluster attributes accessible on the cluster server */
 type MandatoryAttributeServers<A extends Attributes> = Omit<
@@ -243,8 +243,8 @@ type ServerAttributeSubscribers<A extends Attributes> = {
 };
 export type EventServers<E extends Events> = Merge<
-    { [P in MandatoryEventNames<E>]: EventServer<EventType<E[P]>, any> },
-    { [P in OptionalEventNames<E>]?: EventServer<EventType<E[P]>, any> }
+    { [P in MandatoryEventNames<E>]: AnyEventServer<EventType<E[P]>, any> },
+    { [P in OptionalEventNames<E>]?: AnyEventServer<EventType<E[P]>, any> }
 >;
 type ServerEventTriggers<E extends Events> = {
     [P in MandatoryEventNames<E> as `trigger${Capitalize<string & P>}Event`]: (event: EventType<E[P]>) => void;

package/src/cluster/server/EventServer.ts CHANGED Viewed

@@ -9,16 +9,52 @@ import { Message } from "../../codec/MessageCodec.js";
 import { ImplementationError, InternalError } from "../../common/MatterError.js";
 import { ClusterId } from "../../datatype/ClusterId.js";
 import { EventId } from "../../datatype/EventId.js";
+import { FabricIndex } from "../../datatype/FabricIndex.js";
 import { Endpoint } from "../../device/Endpoint.js";
+import { ClusterModel, EventModel, MatterModel } from "../../model/index.js";
 import { EventData, EventHandler, EventStorageData } from "../../protocol/interaction/EventHandler.js";
 import { TlvEventFilter } from "../../protocol/interaction/InteractionProtocol.js";
+import { BitSchema, TypeFromPartialBitSchema } from "../../schema/BitmapSchema.js";
 import { SecureSession } from "../../session/SecureSession.js";
 import { Session } from "../../session/Session.js";
 import { Storage, StorageOperationResult } from "../../storage/Storage.js";
 import { Time } from "../../time/Time.js";
 import { TlvSchema, TypeFromSchema } from "../../tlv/TlvSchema.js";
 import { MaybePromise } from "../../util/Promises.js";
-import { AccessLevel, EventPriority } from "../Cluster.js";
+import { isObject } from "../../util/Type.js";
+import { AccessLevel, Attributes, Cluster, Commands, Event, EventPriority, Events } from "../Cluster.js";
+export type AnyEventServer<T, S extends Storage> = EventServer<T, S> | FabricSensitiveEventServer<T, S>;
+export function createEventServer<
+    T,
+    F extends BitSchema,
+    SF extends TypeFromPartialBitSchema<F>,
+    A extends Attributes,
+    C extends Commands,
+    E extends Events,
+    S extends Storage,
+>(
+    clusterDef: Cluster<F, SF, A, C, E>,
+    eventDef: Event<T, F>,
+    eventName: string,
+    schema: TlvSchema<T>,
+    priority: EventPriority,
+    readAcl: AccessLevel | undefined,
+): EventServer<T, S> {
+    let fabricSensitive = false;
+    const clusterFromModel = new MatterModel().get(ClusterModel, clusterDef.id);
+    if (clusterFromModel !== undefined) {
+        const eventModel = clusterFromModel.get(EventModel, eventDef.id);
+        if (eventModel !== undefined) {
+            fabricSensitive = eventModel.fabricSensitive;
+        }
+    }
+    if (fabricSensitive) {
+        return new FabricSensitiveEventServer(eventDef.id, clusterDef.id, eventName, schema, priority, readAcl);
+    }
+    return new EventServer(eventDef.id, clusterDef.id, eventName, schema, priority, readAcl);
+}
 export class EventServer<T, S extends Storage> {
     private eventList = new Array<EventData<T>>();
@@ -26,6 +62,7 @@ export class EventServer<T, S extends Storage> {
     protected endpoint?: Endpoint;
     protected eventHandler?: EventHandler;
     #readAcl: AccessLevel | undefined;
+    hasFabricSensitiveData = false;
     constructor(
         readonly id: EventId,
@@ -114,25 +151,35 @@ export class EventServer<T, S extends Storage> {
         if (this.endpoint === undefined) {
             throw new InternalError("EventServer not bound to Endpoint");
         }
         return this.eventHandler.getEvents(
             { endpointId: this.endpoint.number, clusterId: this.clusterId, eventId: this.id },
             filters,
-            // TODO When not fabricscoped event later then only pass isFabricFiltered through for fabric filtered variant
-            isFabricFiltered && (session as SecureSession<any>).fabric
-                ? session.associatedFabric.fabricIndex
-                : undefined,
+            // When request is fabric filtered or the event is Fabric sensitive then filter the events for the fabrics
+            isFabricFiltered ? (session as SecureSession<any>).fabric?.fabricIndex ?? FabricIndex.NO_FABRIC : undefined,
         );
     }
 }
-// TODO this can be added and used once we generate fabric scoped property in the Event definition
-export class FabricScopedEventServer<T, S extends Storage> extends EventServer<T, S> {
+export class FabricSensitiveEventServer<T, S extends Storage> extends EventServer<T, S> {
+    override hasFabricSensitiveData = true;
+    override get(
+        session: Session<MatterDevice>,
+        _isFabricFiltered: boolean,
+        message?: Message,
+        filters?: TypeFromSchema<typeof TlvEventFilter>[],
+    ) {
+        // because the event is fabric sensitive it is always filtered out when another fabric tries to access it
+        return super.get(session, true, message, filters);
+    }
     override triggerEvent(data: T) {
-        if (typeof data !== "object" || data === null) {
-            throw new ImplementationError("FabricScoped events need to have an object as data.");
+        if (!isObject(data) || data === null) {
+            throw new ImplementationError("FabricSensitive events need to have an object as data.");
         }
         if (!("fabricIndex" in data)) {
-            throw new InternalError("FabricScoped events requires fabricIndex in data.");
+            throw new InternalError("FabricSensitive events requires fabricIndex in data.");
         }
         return super.triggerEvent(data);
     }

package/src/cluster/server/OperationalCredentialsServer.ts CHANGED Viewed

@@ -18,6 +18,7 @@ import { MatterFabricConflictError } from "../../common/FailsafeTimer.js";
 import { MatterFlowError, UnexpectedDataError } from "../../common/MatterError.js";
 import { tryCatch } from "../../common/TryCatchHandler.js";
 import { ValidationError } from "../../common/ValidationError.js";
+import { CryptoVerifyError } from "../../crypto/Crypto.js";
 import { FabricIndex } from "../../datatype/FabricIndex.js";
 import { PublicKeyError } from "../../fabric/Fabric.js";
 import { FabricTableFullError } from "../../fabric/FabricManager.js";
@@ -209,6 +210,7 @@ export const OperationalCredentialsClusterHandler: (
                         debugText: error.message,
                     };
                 } else if (
+                    error instanceof CryptoVerifyError ||
                     error instanceof CertificateError ||
                     error instanceof ValidationError ||
                     error instanceof UnexpectedDataError
@@ -317,10 +319,28 @@ export const OperationalCredentialsClusterHandler: (
             return session.context.getFabrics().length;
         },
-        trustedRootCertificatesAttributeGetter: ({ session, isFabricFiltered }) => {
-            if (session === undefined || !session.isSecure) return []; // ???
-            const fabrics = isFabricFiltered ? [session.associatedFabric] : session.context.getFabrics();
-            return fabrics.map(fabric => fabric.rootCert);
+        trustedRootCertificatesAttributeGetter: ({ session }) => {
+            if (session === undefined || !session.isSecure) {
+                logger.debug(`trustedRootCertificatesAttributeGetter: session not set or not secure ${!!session}`);
+                return [];
+            } // ???
+            if (!session.isSecure)
+                throw new MatterFlowError("addOperationalCert should be called on a secure session.");
+            const rootCerts = session.context.getFabrics().map(fabric => fabric.rootCert);
+            const device = session.context;
+            if (device.isFailsafeArmed()) {
+                const failsafeContext = device.failsafeContext;
+                const temporaryRootCert = failsafeContext.rootCert;
+                if (temporaryRootCert !== undefined) {
+                    logger.debug(`Add temporary trusted root certificate to the list.`);
+                    rootCerts.push(temporaryRootCert);
+                } else {
+                    logger.debug(`No temporary trusted root certificate to be added.`);
+                }
+            }
+            return rootCerts;
         },
         currentFabricIndexAttributeGetter: ({ session }) => {
@@ -394,6 +414,7 @@ export const OperationalCredentialsClusterHandler: (
             } catch (error) {
                 logger.info("building fabric for update failed", error);
                 if (
+                    error instanceof CryptoVerifyError ||
                     error instanceof CertificateError ||
                     error instanceof ValidationError ||
                     error instanceof UnexpectedDataError
@@ -476,7 +497,13 @@ export const OperationalCredentialsClusterHandler: (
             };
         },
-        addTrustedRootCertificate: async ({ request: { rootCaCertificate }, session }) => {
+        addTrustedRootCertificate: async ({
+            request: { rootCaCertificate },
+            attributes: { trustedRootCertificates },
+            session,
+        }) => {
+            assertSecureSession(session);
             const failsafeContext = session.context.failsafeContext;
             if (failsafeContext.hasRootCert) {
@@ -498,6 +525,7 @@ export const OperationalCredentialsClusterHandler: (
             } catch (error) {
                 logger.info("setting root certificate failed", error);
                 if (
+                    error instanceof CryptoVerifyError ||
                     error instanceof CertificateError ||
                     error instanceof ValidationError ||
                     error instanceof UnexpectedDataError
@@ -506,6 +534,8 @@ export const OperationalCredentialsClusterHandler: (
                 }
                 throw error;
             }
+            trustedRootCertificates.updated(session);
         },
     };
 };

package/src/common/FailsafeContext.ts CHANGED Viewed

@@ -17,7 +17,8 @@ import { AsyncConstruction } from "../util/AsyncConstruction.js";
 import { ByteArray } from "../util/ByteArray.js";
 import { AsyncObservable } from "../util/Observable.js";
 import { FailsafeTimer, MatterFabricConflictError } from "./FailsafeTimer.js";
-import { MatterFlowError } from "./MatterError.js";
+import { MatterFlowError, UnexpectedDataError } from "./MatterError.js";
+import { ValidationError } from "./ValidationError.js";
 const logger = Logger.get("FailsafeContext");
@@ -105,6 +106,10 @@ export abstract class FailsafeContext {
         return this.#fabricBuilder.hasRootCert();
     }
+    get rootCert() {
+        return this.#fabricBuilder.rootCert;
+    }
     async completeCommission() {
         // 1. The Fail-Safe timer associated with the current Fail-Safe context SHALL be disarmed.
         if (this.#failsafe === undefined) {
@@ -215,12 +220,19 @@ export abstract class FailsafeContext {
         const { nocValue, icacValue, adminVendorId, ipkValue, caseAdminSubject } = nocData;
         // Handle error if the CaseAdminSubject field is not a valid ACL subject in the context of AuthMode set to CASE
-        if (
-            !NodeId.isOperationalNodeId(caseAdminSubject) &&
-            !NodeId.isCaseAuthenticatedTag(caseAdminSubject) &&
-            CaseAuthenticatedTag.getVersion(NodeId.extractAsCaseAuthenticatedTag(caseAdminSubject)) === 0
-        ) {
-            throw new MatterFabricInvalidAdminSubjectError();
+        if (!NodeId.isOperationalNodeId(caseAdminSubject) && !NodeId.isCaseAuthenticatedTag(caseAdminSubject)) {
+            try {
+                if (CaseAuthenticatedTag.getVersion(NodeId.extractAsCaseAuthenticatedTag(caseAdminSubject)) === 0) {
+                    throw new MatterFabricInvalidAdminSubjectError();
+                }
+            } catch (error) {
+                // Validation error can happen when parsing the CaseAuthenticatedTag, then it is invalid too
+                if (error instanceof ValidationError || error instanceof UnexpectedDataError) {
+                    throw new MatterFabricInvalidAdminSubjectError();
+                } else {
+                    throw error;
+                }
+            }
         }
         builder.setOperationalCert(nocValue, icacValue);

package/src/crypto/Crypto.ts CHANGED Viewed

@@ -27,7 +27,7 @@ export const CRYPTO_AUTH_TAG_LENGTH = 16;
 export const CRYPTO_SYMMETRIC_KEY_LENGTH = 16;
 export type CryptoDsaEncoding = "ieee-p1363" | "der";
-export class CryptoError extends MatterError {}
+export class CryptoVerifyError extends MatterError {}
 export abstract class Crypto {
     static get: () => Crypto = () => {

package/src/device/LegacyInteractionServer.ts CHANGED Viewed

@@ -7,9 +7,9 @@
 import { MatterDevice } from "../MatterDevice.js";
 import { AccessLevel } from "../cluster/Cluster.js";
 import { AccessControlCluster } from "../cluster/definitions/index.js";
-import { AnyAttributeServer, AttributeServer } from "../cluster/server/AttributeServer.js";
+import { AnyAttributeServer, AttributeServer, FabricScopedAttributeServer } from "../cluster/server/AttributeServer.js";
 import { CommandServer } from "../cluster/server/CommandServer.js";
-import { EventServer } from "../cluster/server/EventServer.js";
+import { AnyEventServer } from "../cluster/server/EventServer.js";
 import { Message } from "../codec/MessageCodec.js";
 import { InternalError } from "../common/MatterError.js";
 import { EndpointNumber } from "../datatype/EndpointNumber.js";
@@ -92,13 +92,24 @@ export class LegacyInteractionServer extends InteractionServer {
         endpoint: EndpointInterface,
     ) {
         this.#assertAccess(path, exchange, attribute.readAcl);
-        return super.readAttribute(path, attribute, exchange, isFabricFiltered, message, endpoint);
+        const data = await super.readAttribute(path, attribute, exchange, isFabricFiltered, message, endpoint);
+        if (attribute instanceof FabricScopedAttributeServer && !isFabricFiltered) {
+            const { value, version } = data;
+            return {
+                value: attribute.sanitizeFabricSensitiveFields(
+                    value,
+                    (exchange.session as SecureSession<MatterDevice>).fabric,
+                ),
+                version,
+            };
+        }
+        return data;
     }
     protected override async readEvent(
         path: EventPath,
         eventFilters: TypeFromSchema<typeof TlvEventFilter>[] | undefined,
-        event: EventServer<any, any>,
+        event: AnyEventServer<any, any>,
         exchange: MessageExchange<MatterDevice>,
         isFabricFiltered: boolean,
         message: Message,

package/src/fabric/Fabric.ts CHANGED Viewed

@@ -381,11 +381,17 @@ export class FabricBuilder {
     setRootCert(rootCert: ByteArray) {
         const decodedRootCertificate = TlvRootCertificate.decode(rootCert);
+        CertificateManager.verifyRootCertificate(decodedRootCertificate);
         this.#rootCert = rootCert;
         this.#rootPublicKey = decodedRootCertificate.ellipticCurvePublicKey;
         return this;
     }
+    // TODO Remove when legacy API gets removed because then no longer needed
+    get rootCert() {
+        return this.#rootCert;
+    }
     hasRootCert() {
         return this.#rootCert !== undefined;
     }

package/src/fabric/FabricManager.ts CHANGED Viewed

@@ -32,6 +32,7 @@ export class FabricManager {
         added: Observable<[fabric: Fabric]>(),
         updated: Observable<[fabric: Fabric]>(),
         deleted: Observable<[fabric: Fabric]>(),
+        failsafeClosed: Observable<[]>(),
     };
     constructor(fabricStorage: StorageContext) {

package/src/model/models/EventModel.ts CHANGED Viewed

@@ -17,6 +17,10 @@ export class EventModel extends ValueModel implements EventElement {
         super(definition);
     }
+    get fabricSensitive(): boolean {
+        return this.effectiveAccess.fabricSensitive;
+    }
     static {
         Model.types[EventElement.Tag] = this;
     }

package/src/model/models/FieldModel.ts CHANGED Viewed

@@ -20,6 +20,10 @@ export class FieldModel extends PropertyModel implements FieldElement {
         super(definition);
     }
+    get fabricSensitive() {
+        return this.effectiveAccess.fabricSensitive;
+    }
     /**
      * Fields may omit their ID.  In this case we use their index within the parent as the ID.
      */

package/src/node/server/TransactionalInteractionServer.ts CHANGED Viewed

@@ -14,7 +14,7 @@ import { AccessControlServer } from "../../behavior/definitions/access-control/A
 import { AccessControlCluster } from "../../cluster/definitions/AccessControlCluster.js";
 import { AnyAttributeServer, AttributeServer } from "../../cluster/server/AttributeServer.js";
 import { CommandServer } from "../../cluster/server/CommandServer.js";
-import { EventServer } from "../../cluster/server/EventServer.js";
+import { AnyEventServer } from "../../cluster/server/EventServer.js";
 import { Message } from "../../codec/MessageCodec.js";
 import { InternalError } from "../../common/MatterError.js";
 import { Endpoint } from "../../endpoint/Endpoint.js";
@@ -41,7 +41,6 @@ import {
 import { TypeFromSchema } from "../../tlv/TlvSchema.js";
 import { MaybePromise } from "../../util/Promises.js";
 import { ServerNode } from "../ServerNode.js";
-import { ServerStore } from "./storage/ServerStore.js";
 const activityKey = Symbol("activity");
@@ -77,7 +76,6 @@ export class TransactionalInteractionServer extends InteractionServer {
         const structure = new InteractionEndpointStructure();
         super({
-            eventHandler: endpoint.env.get(ServerStore).eventHandler,
             endpointStructure: structure,
             subscriptionOptions: endpoint.state.network.subscriptionOptions,
         });
@@ -166,7 +164,7 @@ export class TransactionalInteractionServer extends InteractionServer {
     protected override async readEvent(
         path: EventPath,
         eventFilters: TypeFromSchema<typeof TlvEventFilter>[] | undefined,
-        event: EventServer<any, any>,
+        event: AnyEventServer<any, any>,
         exchange: MessageExchange<MatterDevice>,
         fabricFiltered: boolean,
         message: Message,

package/src/protocol/interaction/AttributeDataEncoder.ts CHANGED Viewed

@@ -10,7 +10,7 @@ import { EndpointNumber } from "../../datatype/EndpointNumber.js";
 import { NodeId } from "../../datatype/NodeId.js";
 import { Logger } from "../../log/Logger.js";
 import { ArraySchema } from "../../tlv/TlvArray.js";
-import { TlvSchema, TlvStream, TypeFromSchema } from "../../tlv/TlvSchema.js";
+import { TlvEncodingOptions, TlvSchema, TlvStream, TypeFromSchema } from "../../tlv/TlvSchema.js";
 import {
     TlvAttributePath,
     TlvAttributeReport,
@@ -31,6 +31,7 @@ type FullAttributePath = {
 /** Type for TlvAttributeReport where the real data are represented with the schema and the JS value. */
 export type AttributeReportPayload = Omit<TypeFromSchema<typeof TlvAttributeReport>, "attributeData"> & {
     attributeData?: AttributeDataPayload;
+    hasFabricSensitiveData: boolean;
 };
 /** Type for TlvAttributeReportData where the real data are represented with the schema and the JS value. */
@@ -42,6 +43,7 @@ type AttributeDataPayload = Omit<TypeFromSchema<typeof TlvAttributeReportData>,
 /** Type for TlvEventReport where the real data are represented with the schema and the JS value. */
 export type EventReportPayload = Omit<TypeFromSchema<typeof TlvEventReport>, "eventData"> & {
     eventData?: EventDataPayload;
+    hasFabricSensitiveData: boolean;
 };
 /** Type for TlvEventData where the real data are represented with the schema and the JS value. */
@@ -57,18 +59,23 @@ export type DataReportPayload = Omit<TypeFromSchema<typeof TlvDataReport>, "attr
 };
 /** Encodes an AttributeReportPayload into a TlvStream (used for TlvAny type). */
-export function encodeAttributePayload(attributePayload: AttributeReportPayload): TlvStream {
+export function encodeAttributePayload(
+    attributePayload: AttributeReportPayload,
+    options?: TlvEncodingOptions,
+): TlvStream {
     const { attributeData, attributeStatus } = attributePayload;
     if (attributeData === undefined) {
         return TlvAttributeReport.encodeTlv({ attributeStatus });
     }
     const { path, schema, payload, dataVersion } = attributeData;
-    return TlvAttributeReport.encodeTlv({ attributeData: { path, data: schema.encodeTlv(payload), dataVersion } });
+    return TlvAttributeReport.encodeTlv({
+        attributeData: { path, data: schema.encodeTlv(payload, options), dataVersion },
+    });
 }
 /** Encodes an EventReportPayload into a TlvStream (used for TlvAny type). */
-export function encodeEventPayload(eventPayload: EventReportPayload): TlvStream {
+export function encodeEventPayload(eventPayload: EventReportPayload, options?: TlvEncodingOptions): TlvStream {
     const { eventData, eventStatus } = eventPayload;
     if (eventData === undefined) {
         return TlvEventReport.encodeTlv({ eventStatus });
@@ -88,7 +95,7 @@ export function encodeEventPayload(eventPayload: EventReportPayload): TlvStream
     return TlvEventReport.encodeTlv({
         eventData: {
             path,
-            data: schema.encodeTlv(payload),
+            data: schema.encodeTlv(payload, options),
             priority,
             systemTimestamp,
             deltaSystemTimestamp,
@@ -115,7 +122,7 @@ export function canAttributePayloadBeChunked(attributePayload: AttributeReportPa
 /** Chunk an AttributeReportPayload into multiple AttributeReportPayloads. */
 export function chunkAttributePayload(attributePayload: AttributeReportPayload): AttributeReportPayload[] {
-    const { attributeData } = attributePayload;
+    const { hasFabricSensitiveData, attributeData } = attributePayload;
     if (attributeData === undefined) {
         throw new MatterFlowError(
             `Can not chunk an AttributePayload with just a attributeStatus: ${Logger.toJSON(attributePayload)}`,
@@ -130,9 +137,13 @@ export function chunkAttributePayload(attributePayload: AttributeReportPayload):
         );
     }
     const chunks = new Array<AttributeReportPayload>();
-    chunks.push({ attributeData: { schema, path: { ...path, listIndex: undefined }, payload: [], dataVersion } });
+    chunks.push({
+        hasFabricSensitiveData: hasFabricSensitiveData,
+        attributeData: { schema, path: { ...path, listIndex: undefined }, payload: [], dataVersion },
+    });
     payload.forEach(element => {
         chunks.push({
+            hasFabricSensitiveData: hasFabricSensitiveData,
             attributeData: {
                 schema: schema.elementSchema,
                 path: { ...path, listIndex: null },
@@ -183,7 +194,7 @@ export function sortAttributeDataByPath(data1: AttributeReportPayload, data2: At
 export function compressAttributeDataReportTags(data: AttributeReportPayload[]) {
     let lastFullPath: FullAttributePath | undefined;
-    return data.sort(sortAttributeDataByPath).map(({ attributeData, attributeStatus }) => {
+    return data.sort(sortAttributeDataByPath).map(({ hasFabricSensitiveData, attributeData, attributeStatus }) => {
         if (attributeData !== undefined) {
             const { path, dataVersion } = attributeData;
             const compressedPath = compressPath(path, dataVersion, lastFullPath);
@@ -201,7 +212,7 @@ export function compressAttributeDataReportTags(data: AttributeReportPayload[])
             attributeStatus = { ...attributeStatus, path: compressedPath.path };
             lastFullPath = compressedPath.lastFullPath;
         }
-        return { attributeData, attributeStatus };
+        return { hasFabricSensitiveData, attributeData, attributeStatus };
     });
 }

package/src/protocol/interaction/EventHandler.ts CHANGED Viewed

@@ -102,9 +102,7 @@ export class EventHandler<S extends Storage = any> {
         );
         if (filterForFabricIndex !== undefined) {
-            return events.filter(
-                event => !("fabricIndex" in event.data) || event.data.fabricIndex === filterForFabricIndex,
-            );
+            return events.filter(({ data }) => !("fabricIndex" in data) || data.fabricIndex === filterForFabricIndex);
         }
         return events;