matc/clusters/codec/

operational_credential_cluster.rs

//! Matter TLV encoders and decoders for Operational Credentials Cluster
//! Cluster ID: 0x003E
//!
//! This file is automatically generated from OperationalCredentialCluster.xml

use crate::tlv;
use anyhow;
use serde_json;


// Import serialization helpers for octet strings
use crate::clusters::helpers::{serialize_opt_bytes_as_hex};

// Enum definitions

#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
#[repr(u8)]
pub enum CertificateChainType {
    /// Request the DER-encoded DAC certificate
    Daccertificate = 1,
    /// Request the DER-encoded PAI certificate
    Paicertificate = 2,
}

impl CertificateChainType {
    /// Convert from u8 value
    pub fn from_u8(value: u8) -> Option<Self> {
        match value {
            1 => Some(CertificateChainType::Daccertificate),
            2 => Some(CertificateChainType::Paicertificate),
            _ => None,
        }
    }

    /// Convert to u8 value
    pub fn to_u8(self) -> u8 {
        self as u8
    }
}

impl From<CertificateChainType> for u8 {
    fn from(val: CertificateChainType) -> Self {
        val as u8
    }
}

#[derive(Debug, Clone, Copy, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
#[repr(u8)]
pub enum NodeOperationalCertStatus {
    /// OK, no error
    Ok = 0,
    /// Public Key in the NOC does not match the public key in the NOCSR
    Invalidpublickey = 1,
    /// The Node Operational ID in the NOC is not formatted correctly.
    Invalidnodeopid = 2,
    /// Any other validation error in NOC chain
    Invalidnoc = 3,
    /// No record of prior CSR for which this NOC could match
    Missingcsr = 4,
    /// NOCs table full, cannot add another one
    Tablefull = 5,
    /// Invalid CaseAdminSubject field for an AddNOC command.
    Invalidadminsubject = 6,
    /// Reserved for future use
    Reservedforfutureuse = 7,
    /// Reserved for future use
    Reservedforfutureuse8 = 8,
    /// Trying to AddNOC instead of UpdateNOC against an existing Fabric.
    Fabricconflict = 9,
    /// Label already exists on another Fabric.
    Labelconflict = 10,
    /// FabricIndex argument is invalid.
    Invalidfabricindex = 11,
}

impl NodeOperationalCertStatus {
    /// Convert from u8 value
    pub fn from_u8(value: u8) -> Option<Self> {
        match value {
            0 => Some(NodeOperationalCertStatus::Ok),
            1 => Some(NodeOperationalCertStatus::Invalidpublickey),
            2 => Some(NodeOperationalCertStatus::Invalidnodeopid),
            3 => Some(NodeOperationalCertStatus::Invalidnoc),
            4 => Some(NodeOperationalCertStatus::Missingcsr),
            5 => Some(NodeOperationalCertStatus::Tablefull),
            6 => Some(NodeOperationalCertStatus::Invalidadminsubject),
            7 => Some(NodeOperationalCertStatus::Reservedforfutureuse),
            8 => Some(NodeOperationalCertStatus::Reservedforfutureuse8),
            9 => Some(NodeOperationalCertStatus::Fabricconflict),
            10 => Some(NodeOperationalCertStatus::Labelconflict),
            11 => Some(NodeOperationalCertStatus::Invalidfabricindex),
            _ => None,
        }
    }

    /// Convert to u8 value
    pub fn to_u8(self) -> u8 {
        self as u8
    }
}

impl From<NodeOperationalCertStatus> for u8 {
    fn from(val: NodeOperationalCertStatus) -> Self {
        val as u8
    }
}

// Struct definitions

#[derive(Debug, serde::Serialize)]
pub struct FabricDescriptor {
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub root_public_key: Option<Vec<u8>>,
    pub vendor_id: Option<u16>,
    pub fabric_id: Option<u8>,
    pub node_id: Option<u64>,
    pub label: Option<String>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub vid_verification_statement: Option<Vec<u8>>,
}

#[derive(Debug, serde::Serialize)]
pub struct NOC {
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub noc: Option<Vec<u8>>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub icac: Option<Vec<u8>>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub vvsc: Option<Vec<u8>>,
}

// Command encoders

/// Encode AttestationRequest command (0x00)
pub fn encode_attestation_request(attestation_nonce: Vec<u8>) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::OctetString(attestation_nonce)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode CertificateChainRequest command (0x02)
pub fn encode_certificate_chain_request(certificate_type: CertificateChainType) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::UInt8(certificate_type.to_u8())).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode CSRRequest command (0x04)
pub fn encode_csr_request(csr_nonce: Vec<u8>, is_for_update_noc: bool) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::OctetString(csr_nonce)).into(),
        (1, tlv::TlvItemValueEnc::Bool(is_for_update_noc)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode AddNOC command (0x06)
pub fn encode_add_noc(noc_value: Vec<u8>, icac_value: Vec<u8>, ipk_value: Vec<u8>, case_admin_subject: u64, admin_vendor_id: u16) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::OctetString(noc_value)).into(),
        (1, tlv::TlvItemValueEnc::OctetString(icac_value)).into(),
        (2, tlv::TlvItemValueEnc::OctetString(ipk_value)).into(),
        (3, tlv::TlvItemValueEnc::UInt64(case_admin_subject)).into(),
        (4, tlv::TlvItemValueEnc::UInt16(admin_vendor_id)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode UpdateNOC command (0x07)
pub fn encode_update_noc(noc_value: Vec<u8>, icac_value: Vec<u8>) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::OctetString(noc_value)).into(),
        (1, tlv::TlvItemValueEnc::OctetString(icac_value)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode UpdateFabricLabel command (0x09)
pub fn encode_update_fabric_label(label: String) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::String(label)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode RemoveFabric command (0x0A)
pub fn encode_remove_fabric(fabric_index: u8) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::UInt8(fabric_index)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode AddTrustedRootCertificate command (0x0B)
pub fn encode_add_trusted_root_certificate(root_ca_certificate: Vec<u8>) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::OctetString(root_ca_certificate)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode SetVIDVerificationStatement command (0x0C)
pub fn encode_set_vid_verification_statement(vendor_id: u16, vid_verification_statement: Vec<u8>, vvsc: Vec<u8>) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::UInt16(vendor_id)).into(),
        (1, tlv::TlvItemValueEnc::OctetString(vid_verification_statement)).into(),
        (2, tlv::TlvItemValueEnc::OctetString(vvsc)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

/// Encode SignVIDVerificationRequest command (0x0D)
pub fn encode_sign_vid_verification_request(fabric_index: u8, client_challenge: Vec<u8>) -> anyhow::Result<Vec<u8>> {
    let tlv = tlv::TlvItemEnc {
        tag: 0,
        value: tlv::TlvItemValueEnc::StructInvisible(vec![
        (0, tlv::TlvItemValueEnc::UInt8(fabric_index)).into(),
        (1, tlv::TlvItemValueEnc::OctetString(client_challenge)).into(),
        ]),
    };
    Ok(tlv.encode()?)
}

// Attribute decoders

/// Decode NOCs attribute (0x0000)
pub fn decode_no_cs(inp: &tlv::TlvItemValue) -> anyhow::Result<Vec<NOC>> {
    let mut res = Vec::new();
    if let tlv::TlvItemValue::List(v) = inp {
        for item in v {
            res.push(NOC {
                noc: item.get_octet_string_owned(&[1]),
                icac: item.get_octet_string_owned(&[2]),
                vvsc: item.get_octet_string_owned(&[3]),
            });
        }
    }
    Ok(res)
}

/// Decode Fabrics attribute (0x0001)
pub fn decode_fabrics(inp: &tlv::TlvItemValue) -> anyhow::Result<Vec<FabricDescriptor>> {
    let mut res = Vec::new();
    if let tlv::TlvItemValue::List(v) = inp {
        for item in v {
            res.push(FabricDescriptor {
                root_public_key: item.get_octet_string_owned(&[1]),
                vendor_id: item.get_int(&[2]).map(|v| v as u16),
                fabric_id: item.get_int(&[3]).map(|v| v as u8),
                node_id: item.get_int(&[4]),
                label: item.get_string_owned(&[5]),
                vid_verification_statement: item.get_octet_string_owned(&[6]),
            });
        }
    }
    Ok(res)
}

/// Decode SupportedFabrics attribute (0x0002)
pub fn decode_supported_fabrics(inp: &tlv::TlvItemValue) -> anyhow::Result<u8> {
    if let tlv::TlvItemValue::Int(v) = inp {
        Ok(*v as u8)
    } else {
        Err(anyhow::anyhow!("Expected UInt8"))
    }
}

/// Decode CommissionedFabrics attribute (0x0003)
pub fn decode_commissioned_fabrics(inp: &tlv::TlvItemValue) -> anyhow::Result<u8> {
    if let tlv::TlvItemValue::Int(v) = inp {
        Ok(*v as u8)
    } else {
        Err(anyhow::anyhow!("Expected UInt8"))
    }
}

/// Decode TrustedRootCertificates attribute (0x0004)
pub fn decode_trusted_root_certificates(inp: &tlv::TlvItemValue) -> anyhow::Result<Vec<Vec<u8>>> {
    let mut res = Vec::new();
    if let tlv::TlvItemValue::List(v) = inp {
        for item in v {
            if let tlv::TlvItemValue::OctetString(o) = &item.value {
                res.push(o.clone());
            }
        }
    }
    Ok(res)
}

/// Decode CurrentFabricIndex attribute (0x0005)
pub fn decode_current_fabric_index(inp: &tlv::TlvItemValue) -> anyhow::Result<u8> {
    if let tlv::TlvItemValue::Int(v) = inp {
        Ok(*v as u8)
    } else {
        Err(anyhow::anyhow!("Expected UInt8"))
    }
}


// JSON dispatcher function

/// Decode attribute value and return as JSON string
///
/// # Parameters
/// * `cluster_id` - The cluster identifier
/// * `attribute_id` - The attribute identifier
/// * `tlv_value` - The TLV value to decode
///
/// # Returns
/// JSON string representation of the decoded value or error
pub fn decode_attribute_json(cluster_id: u32, attribute_id: u32, tlv_value: &crate::tlv::TlvItemValue) -> String {
    // Verify this is the correct cluster
    if cluster_id != 0x003E {
        return format!("{{\"error\": \"Invalid cluster ID. Expected 0x003E, got {}\"}}", cluster_id);
    }

    match attribute_id {
        0x0000 => {
            match decode_no_cs(tlv_value) {
                Ok(value) => serde_json::to_string(&value).unwrap_or_else(|_| "null".to_string()),
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        0x0001 => {
            match decode_fabrics(tlv_value) {
                Ok(value) => serde_json::to_string(&value).unwrap_or_else(|_| "null".to_string()),
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        0x0002 => {
            match decode_supported_fabrics(tlv_value) {
                Ok(value) => serde_json::to_string(&value).unwrap_or_else(|_| "null".to_string()),
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        0x0003 => {
            match decode_commissioned_fabrics(tlv_value) {
                Ok(value) => serde_json::to_string(&value).unwrap_or_else(|_| "null".to_string()),
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        0x0004 => {
            match decode_trusted_root_certificates(tlv_value) {
                Ok(value) => {
                    // Serialize Vec<Vec<u8>> as array of hex strings
                    let hex_array: Vec<String> = value.iter()
                        .map(|bytes| bytes.iter()
                            .map(|byte| format!("{:02x}", byte))
                            .collect::<String>())
                        .collect();
                    serde_json::to_string(&hex_array).unwrap_or_else(|_| "null".to_string())
                },
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        0x0005 => {
            match decode_current_fabric_index(tlv_value) {
                Ok(value) => serde_json::to_string(&value).unwrap_or_else(|_| "null".to_string()),
                Err(e) => format!("{{\"error\": \"{}\"}}", e),
            }
        }
        _ => format!("{{\"error\": \"Unknown attribute ID: {}\"}}", attribute_id),
    }
}

/// Get list of all attributes supported by this cluster
///
/// # Returns
/// Vector of tuples containing (attribute_id, attribute_name)
pub fn get_attribute_list() -> Vec<(u32, &'static str)> {
    vec![
        (0x0000, "NOCs"),
        (0x0001, "Fabrics"),
        (0x0002, "SupportedFabrics"),
        (0x0003, "CommissionedFabrics"),
        (0x0004, "TrustedRootCertificates"),
        (0x0005, "CurrentFabricIndex"),
    ]
}

#[derive(Debug, serde::Serialize)]
pub struct AttestationResponse {
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub attestation_elements: Option<Vec<u8>>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub attestation_signature: Option<Vec<u8>>,
}

#[derive(Debug, serde::Serialize)]
pub struct CertificateChainResponse {
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub certificate: Option<Vec<u8>>,
}

#[derive(Debug, serde::Serialize)]
pub struct CSRResponse {
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub nocsr_elements: Option<Vec<u8>>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub attestation_signature: Option<Vec<u8>>,
}

#[derive(Debug, serde::Serialize)]
pub struct NOCResponse {
    pub status_code: Option<NodeOperationalCertStatus>,
    pub fabric_index: Option<u8>,
    pub debug_text: Option<String>,
}

#[derive(Debug, serde::Serialize)]
pub struct SignVIDVerificationResponse {
    pub fabric_index: Option<u8>,
    pub fabric_binding_version: Option<u8>,
    #[serde(serialize_with = "serialize_opt_bytes_as_hex")]
    pub signature: Option<Vec<u8>>,
}

// Command response decoders

/// Decode AttestationResponse command response (01)
pub fn decode_attestation_response(inp: &tlv::TlvItemValue) -> anyhow::Result<AttestationResponse> {
    if let tlv::TlvItemValue::List(_fields) = inp {
        let item = tlv::TlvItem { tag: 0, value: inp.clone() };
        Ok(AttestationResponse {
                attestation_elements: item.get_octet_string_owned(&[0]),
                attestation_signature: item.get_octet_string_owned(&[1]),
        })
    } else {
        Err(anyhow::anyhow!("Expected struct fields"))
    }
}

/// Decode CertificateChainResponse command response (03)
pub fn decode_certificate_chain_response(inp: &tlv::TlvItemValue) -> anyhow::Result<CertificateChainResponse> {
    if let tlv::TlvItemValue::List(_fields) = inp {
        let item = tlv::TlvItem { tag: 0, value: inp.clone() };
        Ok(CertificateChainResponse {
                certificate: item.get_octet_string_owned(&[0]),
        })
    } else {
        Err(anyhow::anyhow!("Expected struct fields"))
    }
}

/// Decode CSRResponse command response (05)
pub fn decode_csr_response(inp: &tlv::TlvItemValue) -> anyhow::Result<CSRResponse> {
    if let tlv::TlvItemValue::List(_fields) = inp {
        let item = tlv::TlvItem { tag: 0, value: inp.clone() };
        Ok(CSRResponse {
                nocsr_elements: item.get_octet_string_owned(&[0]),
                attestation_signature: item.get_octet_string_owned(&[1]),
        })
    } else {
        Err(anyhow::anyhow!("Expected struct fields"))
    }
}

/// Decode NOCResponse command response (08)
pub fn decode_noc_response(inp: &tlv::TlvItemValue) -> anyhow::Result<NOCResponse> {
    if let tlv::TlvItemValue::List(_fields) = inp {
        let item = tlv::TlvItem { tag: 0, value: inp.clone() };
        Ok(NOCResponse {
                status_code: item.get_int(&[0]).and_then(|v| NodeOperationalCertStatus::from_u8(v as u8)),
                fabric_index: item.get_int(&[1]).map(|v| v as u8),
                debug_text: item.get_string_owned(&[2]),
        })
    } else {
        Err(anyhow::anyhow!("Expected struct fields"))
    }
}

/// Decode SignVIDVerificationResponse command response (0E)
pub fn decode_sign_vid_verification_response(inp: &tlv::TlvItemValue) -> anyhow::Result<SignVIDVerificationResponse> {
    if let tlv::TlvItemValue::List(_fields) = inp {
        let item = tlv::TlvItem { tag: 0, value: inp.clone() };
        Ok(SignVIDVerificationResponse {
                fabric_index: item.get_int(&[0]).map(|v| v as u8),
                fabric_binding_version: item.get_int(&[1]).map(|v| v as u8),
                signature: item.get_octet_string_owned(&[2]),
        })
    } else {
        Err(anyhow::anyhow!("Expected struct fields"))
    }
}