diff --git a/src/lib/core/NodeId.h b/src/lib/core/NodeId.h index e2ce4eb6db21d1..e6d064e17cede4 100644 --- a/src/lib/core/NodeId.h +++ b/src/lib/core/NodeId.h @@ -17,6 +17,8 @@ #pragma once +#include + #include namespace chip { @@ -71,4 +73,9 @@ constexpr bool IsPAKEKeyId(NodeId aNodeId) return (aNodeId >= kMinPAKEKeyId) && (aNodeId <= kMaxPAKEKeyId); } +constexpr NodeId NodeIdFromGroupId(GroupId aGroupId) +{ + return kMinGroupNodeId | aGroupId; +} + } // namespace chip diff --git a/src/transport/SessionHandle.cpp b/src/transport/SessionHandle.cpp index 8e49b258def32c..eebed4f41e6e98 100644 --- a/src/transport/SessionHandle.cpp +++ b/src/transport/SessionHandle.cpp @@ -23,12 +23,33 @@ namespace chip { using namespace Transport; +using AuthMode = Access::AuthMode; using SubjectDescriptor = Access::SubjectDescriptor; SubjectDescriptor SessionHandle::GetSubjectDescriptor() const { - SubjectDescriptor subjectDescriptor = { .fabricIndex = mFabric }; - // TODO: fill subject descriptor with proper fields + SubjectDescriptor subjectDescriptor; + if (IsSecure()) + { + if (IsOperationalNodeId(mPeerNodeId)) + { + subjectDescriptor.authMode = AuthMode::kCase; + subjectDescriptor.subject = mPeerNodeId; + subjectDescriptor.fabricIndex = mFabric; + // TODO(#10243): add CATs + } + else if (IsPAKEKeyId(mPeerNodeId)) + { + subjectDescriptor.authMode = AuthMode::kPase; + subjectDescriptor.subject = mPeerNodeId; + // TODO(#10242): PASE *can* have fabric in some situations + } + else if (mGroupId.HasValue()) + { + subjectDescriptor.authMode = AuthMode::kGroup; + subjectDescriptor.subject = NodeIdFromGroupId(mGroupId.Value()); + } + } return subjectDescriptor; }