Change SecureSession::NewFabric to alter mFabric

This makes it easier to also have it be the accessing fabric after the change.
project-chip · Jan 19, 2022 · a89403e · a89403e
1 parent 0bae2cf
commit a89403e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 10 deletions.
diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
@@ -451,7 +451,7 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co
     VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err));
 
     // Notify the secure session of the new fabric.
-    commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession()->NewFabric(commandObj->GetAccessingFabricIndex());
+    commandObj->GetExchangeContext()->GetSessionHandle()->AsSecureSession()->NewFabric(fabricIndex);
 
     // We might have a new operational identity, so we should start advertising it right away.
     app::DnssdServer::Instance().AdvertiseOperational();

diff --git a/src/transport/SecureSession.cpp b/src/transport/SecureSession.cpp
@@ -34,7 +34,7 @@ Access::SubjectDescriptor SecureSession::GetSubjectDescriptor() const
     {
         subjectDescriptor.authMode    = Access::AuthMode::kPase;
         subjectDescriptor.subject     = mPeerNodeId;
-        subjectDescriptor.fabricIndex = mPaseFabric;
+        subjectDescriptor.fabricIndex = mFabric;
     }
     else
     {

diff --git a/src/transport/SecureSession.h b/src/transport/SecureSession.h
@@ -115,14 +115,19 @@ class SecureSession : public Session
     FabricIndex GetFabricIndex() const { return mFabric; }
 
     // Should only be called for PASE sessions, which start with undefined fabric,
-    // to place on a newly commissioned fabric after successful
+    // to migrate to a newly commissioned fabric after successful
     // OperationalCredentialsCluster::AddNOC
     CHIP_ERROR NewFabric(FabricIndex fabricIndex)
     {
-        // TODO: should check that secure session type is PASE and current value is undefined
-        // (i.e. that it's called exactly once in proper circumstances)
-        // but that's difficult until issue #13711 is addressed
-        mPaseFabric = fabricIndex;
+#if 0
+        // TODO(#13711): this check won't work until the issue is addressed
+        if (mSecureSessionType == Type::kPASE)
+        {
+            mFabric = fabricIndex;
+        }
+#else
+        mFabric = fabricIndex;
+#endif
         return CHIP_NO_ERROR;
     }
 
@@ -151,11 +156,10 @@ class SecureSession : public Session
     const CATValues mPeerCATs;
     const uint16_t mLocalSessionId;
     const uint16_t mPeerSessionId;
-    const FabricIndex mFabric;
 
-    // PASE sessions start with undefined fabric, but can be placed on a newly
+    // PASE sessions start with undefined fabric, but are migrated to a newly
     // commissioned fabric after successful OperationalCredentialsCluster::AddNOC
-    FabricIndex mPaseFabric = kUndefinedFabricIndex;
+    FabricIndex mFabric;
 
     PeerAddress mPeerAddress;
     System::Clock::Timestamp mLastActivityTime;