Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Yaml] Add a test adding a new fabric from an existing fabric (#25969)
Browse files Browse the repository at this point in the history
* [chip-tool] Add GetCommissionerRootCertificate command

[chip-tool] Add IssueNocChain command

* Add src/app/tests/suites/Test_AddNewFabricFromExistingFabric.yaml test working with the chip-tool python yaml runner

---------

Co-authored-by: Andrei Litvin <andy314@gmail.com>
2 people authored and pull[bot] committed May 13, 2024
1 parent 0af38b7 commit 2441728
Showing 15 changed files with 483 additions and 16 deletions.
1 change: 1 addition & 0 deletions examples/chip-tool/BUILD.gn
Original file line number Diff line number Diff line change
@@ -75,6 +75,7 @@ static_library("chip-tool-utils") {
"commands/pairing/OpenCommissioningWindowCommand.cpp",
"commands/pairing/OpenCommissioningWindowCommand.h",
"commands/pairing/PairingCommand.cpp",
"commands/pairing/ToTLVCert.cpp",
"commands/payload/AdditionalDataParseCommand.cpp",
"commands/payload/SetupPayloadGenerateCommand.cpp",
"commands/payload/SetupPayloadParseCommand.cpp",
37 changes: 25 additions & 12 deletions examples/chip-tool/commands/common/CHIPCommand.cpp
Original file line number Diff line number Diff line change
@@ -333,6 +333,22 @@ CHIP_ERROR CHIPCommand::GetIdentityNodeId(std::string identity, chip::NodeId * n
return CHIP_NO_ERROR;
}

CHIP_ERROR CHIPCommand::GetIdentityRootCertificate(std::string identity, chip::ByteSpan & span)
{
if (identity == kIdentityNull)
{
return CHIP_ERROR_NOT_FOUND;
}

chip::NodeId nodeId;
VerifyOrDie(GetIdentityNodeId(identity, &nodeId) == CHIP_NO_ERROR);
CommissionerIdentity lookupKey{ identity, nodeId };
auto item = mCommissioners.find(lookupKey);

span = chip::ByteSpan(item->first.mRCAC, item->first.mRCACLen);
return CHIP_NO_ERROR;
}

chip::FabricId CHIPCommand::CurrentCommissionerId()
{
chip::FabricId id;
@@ -388,21 +404,13 @@ void CHIPCommand::ShutdownCommissioner(const CommissionerIdentity & key)
mCommissioners[key].get()->Shutdown();
}

CHIP_ERROR CHIPCommand::InitializeCommissioner(const CommissionerIdentity & identity, chip::FabricId fabricId)
CHIP_ERROR CHIPCommand::InitializeCommissioner(CommissionerIdentity & identity, chip::FabricId fabricId)
{
chip::Platform::ScopedMemoryBuffer<uint8_t> noc;
chip::Platform::ScopedMemoryBuffer<uint8_t> icac;
chip::Platform::ScopedMemoryBuffer<uint8_t> rcac;

std::unique_ptr<ChipDeviceCommissioner> commissioner = std::make_unique<ChipDeviceCommissioner>();
chip::Controller::SetupParams commissionerParams;

ReturnLogErrorOnFailure(mCredIssuerCmds->SetupDeviceAttestation(commissionerParams, sTrustStore));

VerifyOrReturnError(noc.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);
VerifyOrReturnError(icac.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);
VerifyOrReturnError(rcac.Alloc(chip::Controller::kMaxCHIPDERCertLength), CHIP_ERROR_NO_MEMORY);

chip::Crypto::P256Keypair ephemeralKey;

if (fabricId != chip::kUndefinedFabricId)
@@ -420,15 +428,20 @@ CHIP_ERROR CHIPCommand::InitializeCommissioner(const CommissionerIdentity & iden

ReturnLogErrorOnFailure(mCredIssuerCmds->InitializeCredentialsIssuer(mCommissionerStorage));

chip::MutableByteSpan nocSpan(noc.Get(), chip::Controller::kMaxCHIPDERCertLength);
chip::MutableByteSpan icacSpan(icac.Get(), chip::Controller::kMaxCHIPDERCertLength);
chip::MutableByteSpan rcacSpan(rcac.Get(), chip::Controller::kMaxCHIPDERCertLength);
chip::MutableByteSpan nocSpan(identity.mNOC);
chip::MutableByteSpan icacSpan(identity.mICAC);
chip::MutableByteSpan rcacSpan(identity.mRCAC);

ReturnLogErrorOnFailure(ephemeralKey.Initialize(chip::Crypto::ECPKeyTarget::ECDSA));

ReturnLogErrorOnFailure(mCredIssuerCmds->GenerateControllerNOCChain(identity.mLocalNodeId, fabricId,
mCommissionerStorage.GetCommissionerCATs(),
ephemeralKey, rcacSpan, icacSpan, nocSpan));

identity.mRCACLen = rcacSpan.size();
identity.mICACLen = icacSpan.size();
identity.mNOCLen = nocSpan.size();

commissionerParams.operationalKeypair = &ephemeralKey;
commissionerParams.controllerRCAC = rcacSpan;
commissionerParams.controllerICAC = icacSpan;
10 changes: 9 additions & 1 deletion examples/chip-tool/commands/common/CHIPCommand.h
Original file line number Diff line number Diff line change
@@ -155,6 +155,7 @@ class CHIPCommand : public Command

std::string GetIdentity();
CHIP_ERROR GetIdentityNodeId(std::string identity, chip::NodeId * nodeId);
CHIP_ERROR GetIdentityRootCertificate(std::string identity, chip::ByteSpan & span);
void SetIdentity(const char * name);

// This method returns the commissioner instance to be used for running the command.
@@ -179,12 +180,19 @@ class CHIPCommand : public Command
}
std::string mName;
chip::NodeId mLocalNodeId;
uint8_t mRCAC[chip::Controller::kMaxCHIPDERCertLength] = {};
uint8_t mICAC[chip::Controller::kMaxCHIPDERCertLength] = {};
uint8_t mNOC[chip::Controller::kMaxCHIPDERCertLength] = {};

size_t mRCACLen;
size_t mICACLen;
size_t mNOCLen;
};

// InitializeCommissioner uses various members, so can't be static. This is
// obviously a little odd, since the commissioners are then shared across
// multiple commands in interactive mode...
CHIP_ERROR InitializeCommissioner(const CommissionerIdentity & identity, chip::FabricId fabricId);
CHIP_ERROR InitializeCommissioner(CommissionerIdentity & identity, chip::FabricId fabricId);
void ShutdownCommissioner(const CommissionerIdentity & key);
chip::FabricId CurrentCommissionerId();

32 changes: 32 additions & 0 deletions examples/chip-tool/commands/common/RemoteDataModelLogger.cpp
Original file line number Diff line number Diff line change
@@ -30,6 +30,10 @@ constexpr const char * kErrorIdKey = "error";
constexpr const char * kClusterErrorIdKey = "clusterError";
constexpr const char * kValueKey = "value";
constexpr const char * kNodeIdKey = "nodeId";
constexpr const char * kNOCKey = "NOC";
constexpr const char * kICACKey = "ICAC";
constexpr const char * kRCACKey = "RCAC";
constexpr const char * kIPKKey = "IPK";

namespace {
RemoteDataModelLoggerDelegate * gDelegate;
@@ -53,6 +57,7 @@ CHIP_ERROR LogError(Json::Value & value, const chip::app::StatusIB & status)
auto valueStr = chip::JsonToString(value);
return gDelegate->LogJSON(valueStr.c_str());
}

} // namespace

namespace RemoteDataModelLogger {
@@ -165,6 +170,33 @@ CHIP_ERROR LogGetCommissionerNodeId(chip::NodeId value)
return gDelegate->LogJSON(valueStr.c_str());
}

CHIP_ERROR LogGetCommissionerRootCertificate(const char * value)
{
VerifyOrReturnError(gDelegate != nullptr, CHIP_NO_ERROR);

Json::Value rootValue;
rootValue[kValueKey] = Json::Value();
rootValue[kValueKey][kRCACKey] = value;

auto valueStr = chip::JsonToString(rootValue);
return gDelegate->LogJSON(valueStr.c_str());
}

CHIP_ERROR LogIssueNOCChain(const char * noc, const char * icac, const char * rcac, const char * ipk)
{
VerifyOrReturnError(gDelegate != nullptr, CHIP_NO_ERROR);

Json::Value rootValue;
rootValue[kValueKey] = Json::Value();
rootValue[kValueKey][kNOCKey] = noc;
rootValue[kValueKey][kICACKey] = icac;
rootValue[kValueKey][kRCACKey] = rcac;
rootValue[kValueKey][kIPKKey] = ipk;

auto valueStr = chip::JsonToString(rootValue);
return gDelegate->LogJSON(valueStr.c_str());
}

CHIP_ERROR LogDiscoveredNodeData(const chip::Dnssd::DiscoveredNodeData & nodeData)
{
VerifyOrReturnError(gDelegate != nullptr, CHIP_NO_ERROR);
3 changes: 3 additions & 0 deletions examples/chip-tool/commands/common/RemoteDataModelLogger.h
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@
#include <app/ConcreteCommandPath.h>
#include <app/EventHeader.h>
#include <app/MessageDef/StatusIB.h>
#include <crypto/CHIPCryptoPAL.h>
#include <lib/dnssd/Resolver.h>

class RemoteDataModelLoggerDelegate
@@ -40,6 +41,8 @@ CHIP_ERROR LogEventAsJSON(const chip::app::EventHeader & header, chip::TLV::TLVR
CHIP_ERROR LogErrorAsJSON(const chip::app::EventHeader & header, const chip::app::StatusIB & status);
CHIP_ERROR LogErrorAsJSON(const CHIP_ERROR & error);
CHIP_ERROR LogGetCommissionerNodeId(chip::NodeId value);
CHIP_ERROR LogGetCommissionerRootCertificate(const char * value);
CHIP_ERROR LogIssueNOCChain(const char * noc, const char * icac, const char * rcac, const char * ipk);
CHIP_ERROR LogDiscoveredNodeData(const chip::Dnssd::DiscoveredNodeData & nodeData);
void SetDelegate(RemoteDataModelLoggerDelegate * delegate);
}; // namespace RemoteDataModelLogger
4 changes: 4 additions & 0 deletions examples/chip-tool/commands/pairing/Commands.h
Original file line number Diff line number Diff line change
@@ -21,6 +21,8 @@
#include "commands/common/Commands.h"
#include "commands/pairing/CloseSessionCommand.h"
#include "commands/pairing/GetCommissionerNodeIdCommand.h"
#include "commands/pairing/GetCommissionerRootCertificateCommand.h"
#include "commands/pairing/IssueNOCChainCommand.h"
#include "commands/pairing/OpenCommissioningWindowCommand.h"
#include "commands/pairing/PairingCommand.h"

@@ -241,6 +243,8 @@ void registerCommandsPairing(Commands & commands, CredentialIssuerCommands * cre
make_unique<OpenCommissioningWindowCommand>(credsIssuerConfig),
make_unique<CloseSessionCommand>(credsIssuerConfig),
make_unique<GetCommissionerNodeIdCommand>(credsIssuerConfig),
make_unique<GetCommissionerRootCertificateCommand>(credsIssuerConfig),
make_unique<IssueNOCChainCommand>(credsIssuerConfig),
};

commands.Register(clusterName, clusterCommands);
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* Copyright (c) 2023 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/

#pragma once

#include "../common/CHIPCommand.h"

#include "ToTLVCert.h"

class GetCommissionerRootCertificateCommand : public CHIPCommand
{
public:
GetCommissionerRootCertificateCommand(CredentialIssuerCommands * credIssuerCommands) :
CHIPCommand("get-commissioner-root-certificate", credIssuerCommands,
"Returns a base64-encoded RCAC prefixed with: 'base64:'")
{}

/////////// CHIPCommand Interface /////////
CHIP_ERROR RunCommand() override
{
chip::ByteSpan span;
ReturnErrorOnFailure(GetIdentityRootCertificate(GetIdentity(), span));

std::string rcac;
ReturnErrorOnFailure(ToTLVCert(span, rcac));
ChipLogProgress(chipTool, "RCAC: %s", rcac.c_str());

ReturnErrorOnFailure(RemoteDataModelLogger::LogGetCommissionerRootCertificate(rcac.c_str()));

SetCommandExitStatus(CHIP_NO_ERROR);
return CHIP_NO_ERROR;
}

chip::System::Clock::Timeout GetWaitDuration() const override { return chip::System::Clock::Seconds16(10); }
};
86 changes: 86 additions & 0 deletions examples/chip-tool/commands/pairing/IssueNOCChainCommand.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
/*
* Copyright (c) 2023 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/

#pragma once

#include "../common/CHIPCommand.h"

#include "ToTLVCert.h"

class IssueNOCChainCommand : public CHIPCommand
{
public:
IssueNOCChainCommand(CredentialIssuerCommands * credIssuerCommands) :
CHIPCommand("issue-noc-chain", credIssuerCommands,
"Returns a base64-encoded NOC, ICAC, RCAC, and IPK prefixed with: 'base64:'"),
mDeviceNOCChainCallback(OnDeviceNOCChainGeneration, this)
{
AddArgument("elements", &mNOCSRElements, "NOCSRElements encoded in hexadecimal");
AddArgument("node-id", 0, UINT64_MAX, &mNodeId, "The target node id");
}

/////////// CHIPCommand Interface /////////
CHIP_ERROR RunCommand() override
{
auto & commissioner = CurrentCommissioner();
ReturnErrorOnFailure(commissioner.IssueNOCChain(mNOCSRElements, mNodeId, &mDeviceNOCChainCallback));
return CHIP_NO_ERROR;
}

chip::System::Clock::Timeout GetWaitDuration() const override { return chip::System::Clock::Seconds16(10); }

static void OnDeviceNOCChainGeneration(void * context, CHIP_ERROR status, const chip::ByteSpan & noc,
const chip::ByteSpan & icac, const chip::ByteSpan & rcac,
chip::Optional<chip::IdentityProtectionKeySpan> ipk,
chip::Optional<chip::NodeId> adminSubject)
{
auto command = static_cast<IssueNOCChainCommand *>(context);

auto err = status;
VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err));

std::string nocStr;
err = ToTLVCert(noc, nocStr);
VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err));
ChipLogProgress(chipTool, "NOC: %s", nocStr.c_str());

std::string icacStr;
err = ToTLVCert(icac, icacStr);
VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err));
ChipLogProgress(chipTool, "ICAC: %s", icacStr.c_str());

std::string rcacStr;
err = ToTLVCert(rcac, rcacStr);
VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err));
ChipLogProgress(chipTool, "RCAC: %s", rcacStr.c_str());

auto ipkValue = ipk.ValueOr(chip::Crypto::IdentityProtectionKeySpan());
std::string ipkStr;
err = ToBase64(ipkValue, ipkStr);
VerifyOrReturn(CHIP_NO_ERROR == err, command->SetCommandExitStatus(err));
ChipLogProgress(chipTool, "IPK: %s", ipkStr.c_str());

err = RemoteDataModelLogger::LogIssueNOCChain(nocStr.c_str(), icacStr.c_str(), rcacStr.c_str(), ipkStr.c_str());
command->SetCommandExitStatus(err);
}

private:
chip::Callback::Callback<chip::Controller::OnNOCChainGeneration> mDeviceNOCChainCallback;
chip::ByteSpan mNOCSRElements;
chip::NodeId mNodeId;
};
52 changes: 52 additions & 0 deletions examples/chip-tool/commands/pairing/ToTLVCert.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright (c) 2023 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/

#include "ToTLVCert.h"

#include <credentials/CHIPCert.h>
#include <lib/support/Base64.h>

constexpr const char kBase64Header[] = "base64:";
constexpr size_t kBase64HeaderLen = ArraySize(kBase64Header) - 1;

CHIP_ERROR ToBase64(const chip::ByteSpan & input, std::string & outputAsPrefixedBase64)
{
chip::Platform::ScopedMemoryBuffer<char> base64String;
base64String.Alloc(kBase64HeaderLen + BASE64_ENCODED_LEN(input.size()) + 1);
VerifyOrReturnError(base64String.Get() != nullptr, CHIP_ERROR_NO_MEMORY);

auto encodedLen = chip::Base64Encode(input.data(), static_cast<uint16_t>(input.size()), base64String.Get() + kBase64HeaderLen);
if (encodedLen)
{
memcpy(base64String.Get(), kBase64Header, kBase64HeaderLen);
encodedLen = static_cast<uint16_t>(encodedLen + kBase64HeaderLen);
}
base64String.Get()[encodedLen] = '\0';
outputAsPrefixedBase64 = std::string(base64String.Get(), encodedLen);

return CHIP_NO_ERROR;
}

CHIP_ERROR ToTLVCert(const chip::ByteSpan & derEncodedCertificate, std::string & tlvCertAsPrefixedBase64)
{
uint8_t chipCertBuffer[chip::Credentials::kMaxCHIPCertLength];
chip::MutableByteSpan chipCertBytes(chipCertBuffer);
ReturnErrorOnFailure(chip::Credentials::ConvertX509CertToChipCert(derEncodedCertificate, chipCertBytes));
ReturnErrorOnFailure(ToBase64(chipCertBytes, tlvCertAsPrefixedBase64));
return CHIP_NO_ERROR;
}
25 changes: 25 additions & 0 deletions examples/chip-tool/commands/pairing/ToTLVCert.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/*
* Copyright (c) 2023 Project CHIP Authors
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/

#pragma once

#include <lib/support/Span.h>
#include <string>

CHIP_ERROR ToBase64(const chip::ByteSpan & input, std::string & outputAsPrefixedBase64);
CHIP_ERROR ToTLVCert(const chip::ByteSpan & derEncodedCertificate, std::string & tlvCertAsPrefixedBase64);
Original file line number Diff line number Diff line change
@@ -32,7 +32,18 @@
'GetCommissionerNodeId': {
'has_destination': False,
'has_endpoint': False,
}
},
'GetCommissionerRootCertificate': {
'has_destination': False,
'has_endpoint': False,
},
'IssueNocChain': {
'arguments': {
'nodeId': 'node-id',
},
'has_destination': False,
'has_endpoint': False,
},
}
},

6 changes: 5 additions & 1 deletion scripts/py_matter_yamltests/matter_yamltests/fixes.py
Original file line number Diff line number Diff line change
@@ -85,7 +85,11 @@ def convert_yaml_octet_string_to_bytes(s: str) -> bytes:
if s.startswith('hex:'):
return binascii.unhexlify(s[4:])

# Step 2: convert non-hex-prefixed to bytes
# Step 2: handle explicit "base64:" prefix
if s.startswith('base64:'):
return binascii.a2b_base64(s[7:])

# Step 3: convert non-hex-prefixed to bytes
# TODO(#23669): This does not properly support utf8 octet strings. We mimic
# javascript codegen behavior. Behavior of javascript is:
# * Octet string character >= u+0200 errors out.
Original file line number Diff line number Diff line change
@@ -37,6 +37,26 @@
<command source="server" code="0" name="GetCommissionerNodeIdResponse">
<arg name="nodeId" type="node_id"/>
</command>
<command source="client" code="3" name="GetCommissionerRootCertificate" response="GetCommissionerRootCertificateResponse">
</command>
<command source="server" code="1" name="GetCommissionerRootCertificateResponse">
<arg name="RCAC" type="OCTET_STRING"/>
</command>
<command source="client" code="4" name="IssueNocChain" response="IssueNocChainResponse">
<arg name="Elements" type="octet_string"/>
<arg name="nodeId" type="node_id"/>
</command>
<command source="server" code="2" name="IssueNocChainResponse">
<arg name="NOC" type="octet_string"/>
<arg name="ICAC" type="octet_string"/>
<arg name="RCAC" type="octet_string"/>
<arg name="IPK" type="octet_string"/>
</command>
</cluster>
</configurator>
'''
4 changes: 3 additions & 1 deletion scripts/tests/chiptest/__init__.py
Original file line number Diff line number Diff line change
@@ -133,7 +133,9 @@ def _GetInDevelopmentTests() -> Set[str]:
Currently this is empty and returns an empty set, but this is kept around in case
there are tests that are a work in progress.
"""
return set()
return {
"Test_AddNewFabricFromExistingFabric.yaml", # chip-repl does not support GetCommissionerRootCertificate and IssueNocChain command
}


def _AllYamlTests():
156 changes: 156 additions & 0 deletions src/app/tests/suites/Test_AddNewFabricFromExistingFabric.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
# Copyright (c) 2023 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Test

config:
nodeId: 0x12344321
endpoint: 0

tests:
- label: "Wait for the alpha device to be retrieved "
cluster: "DelayCommands"
command: "WaitForCommissionee"
arguments:
values:
- name: "nodeId"
value: nodeId

- label: "Read the fabrics list from alpha"
command: "readAttribute"
cluster: "Operational Credentials"
attribute: "Fabrics"
response:
value: [{ Label: "", NodeID: nodeId }]
constraints:
type: list

- label:
"Send ArmFailSafe command to target device with ExpiryLengthSeconds 60
seconds"
cluster: "General Commissioning"
command: "ArmFailSafe"
arguments:
values:
- name: "ExpiryLengthSeconds"
value: 60
- name: "Breadcrumb"
value: 0

- label: "Send CSRRequest command from alpha"
command: "CSRRequest"
cluster: "Operational Credentials"
arguments:
values:
- name: CSRNonce
value: "\x00\x01\x02\x03\x04\x05\x06\x07\x00\x01\x02\x03\x04\x05\x06\x07\x00\x01\x02\x03\x04\x05\x06\x07\x00\x01\x02\x03\x04\x05\x06\x07"
response:
values:
- name: "NOCSRElements"
saveAs: NOCSRElements
- name: "AttestationSignature"
saveAs: attestationSignature

- label: "Read the commissioner node ID from the beta fabric"
identity: "beta"
cluster: "CommissionerCommands"
command: "GetCommissionerNodeId"
response:
values:
- name: "nodeId"
saveAs: commissionerNodeIdBeta

- label: "Read the commissioner root certificate from the beta fabric"
identity: "beta"
cluster: "CommissionerCommands"
command: "GetCommissionerRootCertificate"
response:
values:
- name: "RCAC"
saveAs: commissionerRCACBeta

- label:
"Create a NOC chain for commissioner beta with the results of the
CSRRequest from alpha"
identity: "beta"
cluster: "CommissionerCommands"
command: "IssueNocChain"
arguments:
values:
- name: "Elements"
value: NOCSRElements
- name: "nodeId"
value: 0x43211234
response:
values:
- name: "NOC"
saveAs: noc
- name: "ICAC"
saveAs: icac
- name: "IPK"
saveAs: ipk

- label: "Send AddTrustedRootCertificate command from alpha"
command: "AddTrustedRootCertificate"
cluster: "Operational Credentials"
arguments:
values:
- name: "RootCACertificate"
value: commissionerRCACBeta

- label: "Send AddNOC command from alpha"
command: "AddNOC"
cluster: "Operational Credentials"
arguments:
values:
- name: "NOCValue"
value: noc
- name: "ICACValue"
value: icac
- name: "IPKValue"
value: ipk
- name: "CaseAdminSubject"
value: commissionerNodeIdBeta
- name: "AdminVendorId"
value: 0xFFF1
response:
values:
- name: "StatusCode"
value: 0

- label: "Send Commissioning Complete command from beta"
nodeId: 0x43211234
identity: "beta"
cluster: "General Commissioning"
command: "CommissioningComplete"

- label: "Read the fabrics list again from alpha"
command: "readAttribute"
cluster: "Operational Credentials"
attribute: "Fabrics"
response:
value: [{ Label: "", NodeID: nodeId }]
constraints:
type: list

- label: "Read the fabrics list from beta this time"
identity: "beta"
nodeId: 0x43211234
command: "readAttribute"
cluster: "Operational Credentials"
attribute: "Fabrics"
response:
value: [{ Label: "", NodeID: 0x43211234 }]
constraints:
type: list

0 comments on commit 2441728

Please sign in to comment.