From a525e63b5b6ad09229cc129353fb8cbe2cff320f Mon Sep 17 00:00:00 2001
From: Marc Lepage <67919234+mlepage-google@users.noreply.github.com>
Date: Wed, 15 Dec 2021 13:20:17 -0500
Subject: [PATCH] Populate subject descriptor (in session handle) (#13003)

* Populate subject descriptor

* Clean up draft

* Clarify TODO

* Add utility function to convert GroupId to NodeId

* Fix include
---
 src/lib/core/NodeId.h           |  7 +++++++
 src/transport/SessionHandle.cpp | 25 +++++++++++++++++++++++--
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/lib/core/NodeId.h b/src/lib/core/NodeId.h
index e2ce4eb6db21d1..e6d064e17cede4 100644
--- a/src/lib/core/NodeId.h
+++ b/src/lib/core/NodeId.h
@@ -17,6 +17,8 @@
 
 #pragma once
 
+#include <lib/core/GroupId.h>
+
 #include <cstdint>
 
 namespace chip {
@@ -71,4 +73,9 @@ constexpr bool IsPAKEKeyId(NodeId aNodeId)
     return (aNodeId >= kMinPAKEKeyId) && (aNodeId <= kMaxPAKEKeyId);
 }
 
+constexpr NodeId NodeIdFromGroupId(GroupId aGroupId)
+{
+    return kMinGroupNodeId | aGroupId;
+}
+
 } // namespace chip
diff --git a/src/transport/SessionHandle.cpp b/src/transport/SessionHandle.cpp
index 8e49b258def32c..eebed4f41e6e98 100644
--- a/src/transport/SessionHandle.cpp
+++ b/src/transport/SessionHandle.cpp
@@ -23,12 +23,33 @@ namespace chip {
 
 using namespace Transport;
 
+using AuthMode          = Access::AuthMode;
 using SubjectDescriptor = Access::SubjectDescriptor;
 
 SubjectDescriptor SessionHandle::GetSubjectDescriptor() const
 {
-    SubjectDescriptor subjectDescriptor = { .fabricIndex = mFabric };
-    // TODO: fill subject descriptor with proper fields
+    SubjectDescriptor subjectDescriptor;
+    if (IsSecure())
+    {
+        if (IsOperationalNodeId(mPeerNodeId))
+        {
+            subjectDescriptor.authMode    = AuthMode::kCase;
+            subjectDescriptor.subject     = mPeerNodeId;
+            subjectDescriptor.fabricIndex = mFabric;
+            // TODO(#10243): add CATs
+        }
+        else if (IsPAKEKeyId(mPeerNodeId))
+        {
+            subjectDescriptor.authMode = AuthMode::kPase;
+            subjectDescriptor.subject  = mPeerNodeId;
+            // TODO(#10242): PASE *can* have fabric in some situations
+        }
+        else if (mGroupId.HasValue())
+        {
+            subjectDescriptor.authMode = AuthMode::kGroup;
+            subjectDescriptor.subject  = NodeIdFromGroupId(mGroupId.Value());
+        }
+    }
     return subjectDescriptor;
 }