diff --git a/.github/workflows/darwin-tests.yaml b/.github/workflows/darwin-tests.yaml index 681ae5c6880ec0..03eef9107b2d3a 100644 --- a/.github/workflows/darwin-tests.yaml +++ b/.github/workflows/darwin-tests.yaml @@ -102,7 +102,7 @@ jobs: ./scripts/run_in_build_env.sh \ "./scripts/tests/run_test_suite.py \ --chip-tool ./out/darwin-x64-darwin-framework-tool-${BUILD_VARIANT}/darwin-framework-tool \ - --target-skip-glob '{TestGroupMessaging}' \ + --target-skip-glob '{TestGroupMessaging,TestAccessControlConstraints}' \ run \ --iterations 1 \ --test-timeout-seconds 120 \ diff --git a/src/app/clusters/access-control-server/access-control-server.cpp b/src/app/clusters/access-control-server/access-control-server.cpp index 464e4fd2e92a0d..d03900855d182f 100644 --- a/src/app/clusters/access-control-server/access-control-server.cpp +++ b/src/app/clusters/access-control-server/access-control-server.cpp @@ -55,7 +55,14 @@ class AccessControlAttribute : public AttributeAccessInterface, public EntryList public: AccessControlAttribute() : AttributeAccessInterface(Optional(0), AccessControlCluster::Id) {} + /// IM-level implementation of read + /// + /// Returns appropriately mapped CHIP_ERROR if applicable (may return CHIP_IM_GLOBAL_STATUS errors) CHIP_ERROR Read(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder) override; + + /// IM-level implementation of write + /// + /// Returns appropriately mapped CHIP_ERROR if applicable (may return CHIP_IM_GLOBAL_STATUS errors) CHIP_ERROR Write(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) override; public: @@ -63,6 +70,12 @@ class AccessControlAttribute : public AttributeAccessInterface, public EntryList ChangeType changeType) override; private: + /// Business logic implementation of write, returns generic CHIP_ERROR. + CHIP_ERROR ReadImpl(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder); + + /// Business logic implementation of write, returns generic CHIP_ERROR. + CHIP_ERROR WriteImpl(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder); + CHIP_ERROR ReadAcl(AttributeValueEncoder & aEncoder); CHIP_ERROR ReadExtension(AttributeValueEncoder & aEncoder); CHIP_ERROR WriteAcl(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder); @@ -125,7 +138,7 @@ CHIP_ERROR CheckExtensionEntryDataFormat(const ByteSpan & data) return CHIP_NO_ERROR; } -CHIP_ERROR AccessControlAttribute::Read(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder) +CHIP_ERROR AccessControlAttribute::ReadImpl(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder) { switch (aPath.mAttributeId) { @@ -205,7 +218,7 @@ CHIP_ERROR AccessControlAttribute::ReadExtension(AttributeValueEncoder & aEncode }); } -CHIP_ERROR AccessControlAttribute::Write(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) +CHIP_ERROR AccessControlAttribute::WriteImpl(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) { switch (aPath.mAttributeId) { @@ -415,6 +428,47 @@ void AccessControlAttribute::OnEntryChanged(const SubjectDescriptor * subjectDes ChipLogError(DataManagement, "AccessControlCluster: event failed %" CHIP_ERROR_FORMAT, err.Format()); } +CHIP_ERROR ChipErrorToImErrorMap(CHIP_ERROR err) +{ + // Map some common errors into an underlying IM error + // Separate logging is done to not lose the original error location in case such + // this are available. + CHIP_ERROR mappedError = err; + + if (err == CHIP_ERROR_INVALID_ARGUMENT) + { + mappedError = CHIP_IM_GLOBAL_STATUS(ConstraintError); + } + else if (err == CHIP_ERROR_NOT_FOUND) + { + // Not found is generally also illegal argument: caused a lookup into an invalid location, + // like invalid subjects or targets. + mappedError = CHIP_IM_GLOBAL_STATUS(ConstraintError); + } + else if (err == CHIP_ERROR_NO_MEMORY) + { + mappedError = CHIP_IM_GLOBAL_STATUS(ResourceExhausted); + } + + if (mappedError != err) + { + ChipLogError(DataManagement, "Re-mapped %" CHIP_ERROR_FORMAT " into %" CHIP_ERROR_FORMAT " for IM return codes", + err.Format(), mappedError.Format()); + } + + return mappedError; +} + +CHIP_ERROR AccessControlAttribute::Read(const ConcreteReadAttributePath & aPath, AttributeValueEncoder & aEncoder) +{ + return ChipErrorToImErrorMap(ReadImpl(aPath, aEncoder)); +} + +CHIP_ERROR AccessControlAttribute::Write(const ConcreteDataAttributePath & aPath, AttributeValueDecoder & aDecoder) +{ + return ChipErrorToImErrorMap(WriteImpl(aPath, aDecoder)); +} + } // namespace void MatterAccessControlPluginServerInitCallback() diff --git a/src/app/tests/suites/TestAccessControlCluster.yaml b/src/app/tests/suites/TestAccessControlCluster.yaml index 86b2d9a8645cb1..ea6425ca7daa29 100644 --- a/src/app/tests/suites/TestAccessControlCluster.yaml +++ b/src/app/tests/suites/TestAccessControlCluster.yaml @@ -177,7 +177,7 @@ tests: }, ] response: - error: 1 + error: CONSTRAINT_ERROR - label: "Verify" command: "readAttribute" @@ -214,7 +214,7 @@ tests: }, ] response: - error: 1 + error: CONSTRAINT_ERROR - label: "Verify" command: "readAttribute" @@ -251,7 +251,7 @@ tests: }, ] response: - error: 1 + error: CONSTRAINT_ERROR - label: "Verify" command: "readAttribute" @@ -289,7 +289,7 @@ tests: }, ] response: - error: 1 + error: CONSTRAINT_ERROR - label: "Verify" command: "readAttribute" @@ -348,7 +348,7 @@ tests: }, ] response: - error: 1 + error: FAILURE - label: "Verify" command: "readAttribute" @@ -407,7 +407,7 @@ tests: }, ] response: - error: 1 + error: FAILURE - label: "Verify" command: "readAttribute" diff --git a/src/app/tests/suites/TestAccessControlConstraints.yaml b/src/app/tests/suites/TestAccessControlConstraints.yaml new file mode 100644 index 00000000000000..78d3d0941b4d90 --- /dev/null +++ b/src/app/tests/suites/TestAccessControlConstraints.yaml @@ -0,0 +1,313 @@ +# Copyright (c) 2022 Project CHIP Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: User Label Cluster Tests + +config: + nodeId: 0x12344321 + cluster: "Access Control" + endpoint: 0 + +tests: + - label: "Wait for the commissioned device to be retrieved" + cluster: "DelayCommands" + command: "WaitForCommissionee" + arguments: + values: + - name: "nodeId" + value: nodeId + + - label: "Constraint error: PASE reserved for future (TC-ACL-2.4 step 29)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, + AuthMode: 1, # PASE + Subjects: [], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: + "Constraint error: Invalid combination administer + group (TC-ACL-2.4 + step 31)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 3, # Group + Subjects: [], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: "Constraint error: Invalid provilege value (TC-ACL-2.4 step 32)" + # TODO: this test is disabled since the input is accepted. Test case + # says privilege value is invalid, but it is set to OPERATE | PROXY_VIEW + # so it is unclear what the behavior should be here. + disabled: true + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 6, + AuthMode: 2, + Subjects: null, + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: "Constraint error: Invalid auth mode (TC-ACL-2.4 step 33)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, + AuthMode: 4, # INVALID + Subjects: [], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: "Constraint error: Invalid subject (TC-ACL-2.4 step 34)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, + AuthMode: 2, + Subjects: [0], + Targets: null, + }, # invalid subject + ] + response: + error: CONSTRAINT_ERROR + + - label: "Constraint error: Invalid target (TC-ACL-2.4 step 38)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, + AuthMode: 2, + Subjects: null, + # Targets contains an invalid target + Targets: + [{ Cluster: null, Endpoint: null, DeviceType: null }], + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: + "Constraint error: target has both endpoint and device type + (TC-ACL-2.4 step 42)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, + AuthMode: 2, + Subjects: null, + # Targets contains both endpoint and device type (invalid) + Targets: + [{ Cluster: null, Endpoint: 22, DeviceType: 33 }], + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: "Constraint error: Invalid privilege value step 32)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 6, # INVALID + AuthMode: 2, # CASE + Subjects: null, + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: + "Constraint error: invalid subject 0xFFFF_FFFF_FFFF_FFFF (TC-ACL-2.4 + step 35)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, # Operate + AuthMode: 2, # CASE + Subjects: ["18446744073709551615"], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: + "Constraint error: invalid subject 0xFFFF_FFFD_0000_0000 (TC-ACL-2.4 + step 36)" + # TODO: determine if the invalid subject value here is really a correct + # invalid subject value. Test case plan is not clear. + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, # Operate + AuthMode: 2, # CASE + Subjects: ["18446744060824649728"], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR + + - label: + "Constraint error: invalid subject 0xFFFF_FFFF_FFFF_0000 (TC-ACL-2.4 + step 37)" + cluster: "Access Control" + command: "writeAttribute" + attribute: "ACL" + arguments: + value: [ + { + FabricIndex: 1, + Privilege: 5, # Administer + AuthMode: 2, # CASE + Subjects: [112233], + Targets: null, + }, + { + FabricIndex: 1, + Privilege: 3, # Operate + AuthMode: 2, # CASE + Subjects: ["18446744073709486080"], + Targets: null, + }, + ] + response: + error: CONSTRAINT_ERROR diff --git a/src/app/tests/suites/tests.js b/src/app/tests/suites/tests.js index 1984b91f91dc0d..56efb4c09d7d43 100644 --- a/src/app/tests/suites/tests.js +++ b/src/app/tests/suites/tests.js @@ -840,6 +840,7 @@ function getTests() { "TestUserLabelClusterConstraints", "TestArmFailSafe", "TestFanControl", + "TestAccessControlConstraints", ]; const MultiAdmin = [ diff --git a/src/lib/core/CHIPError.h b/src/lib/core/CHIPError.h index 4e67ef507c9b97..b09071be369d27 100644 --- a/src/lib/core/CHIPError.h +++ b/src/lib/core/CHIPError.h @@ -401,7 +401,8 @@ using CHIP_ERROR = ::chip::ChipError; #define CHIP_CORE_ERROR(e) CHIP_SDK_ERROR(::chip::ChipError::SdkPart::kCore, (e)) #define CHIP_IM_GLOBAL_STATUS(type) \ - CHIP_SDK_ERROR(::chip::ChipError::SdkPart::kIMGlobalStatus, to_underlying(Protocols::InteractionModel::Status::type)) + CHIP_SDK_ERROR(::chip::ChipError::SdkPart::kIMGlobalStatus, \ + ::chip::to_underlying(::chip::Protocols::InteractionModel::Status::type)) // // type must be a compile-time constant as mandated by CHIP_SDK_ERROR. diff --git a/src/protocols/BUILD.gn b/src/protocols/BUILD.gn index 79b695ea6af68b..463f941e6b8c8e 100644 --- a/src/protocols/BUILD.gn +++ b/src/protocols/BUILD.gn @@ -21,8 +21,6 @@ static_library("protocols") { "echo/Echo.h", "echo/EchoClient.cpp", "echo/EchoServer.cpp", - "interaction_model/StatusCode.cpp", - "interaction_model/StatusCode.h", "secure_channel/MessageCounterManager.cpp", "secure_channel/MessageCounterManager.h", "user_directed_commissioning/UDCClientState.h", @@ -35,6 +33,7 @@ static_library("protocols") { cflags = [ "-Wconversion" ] public_deps = [ + ":im_status", "${chip_root}/src/lib/core", "${chip_root}/src/lib/support", "${chip_root}/src/messaging", @@ -42,3 +41,17 @@ static_library("protocols") { "${chip_root}/src/protocols/secure_channel", ] } + +static_library("im_status") { + sources = [ + "interaction_model/StatusCode.cpp", + "interaction_model/StatusCode.h", + ] + + cflags = [ "-Wconversion" ] + + public_deps = [ + "${chip_root}/src/lib/core", + "${chip_root}/src/lib/support", + ] +} diff --git a/zzz_generated/chip-tool/zap-generated/test/Commands.h b/zzz_generated/chip-tool/zap-generated/test/Commands.h index 583a595b8254b9..5a216231ae579f 100644 --- a/zzz_generated/chip-tool/zap-generated/test/Commands.h +++ b/zzz_generated/chip-tool/zap-generated/test/Commands.h @@ -208,6 +208,7 @@ class TestList : public Command printf("TestUserLabelClusterConstraints\n"); printf("TestArmFailSafe\n"); printf("TestFanControl\n"); + printf("TestAccessControlConstraints\n"); printf("TestMultiAdmin\n"); printf("Test_TC_DGSW_2_1\n"); printf("Test_TC_DGSW_2_2\n"); @@ -792,7 +793,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 5: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 6: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -813,7 +814,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 7: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 8: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -834,7 +835,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 9: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 10: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -855,7 +856,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 11: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 12: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -876,7 +877,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 13: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_FAILURE)); break; case 14: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -897,7 +898,7 @@ class TestAccessControlClusterSuite : public TestCommand } break; case 15: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_FAILURE)); break; case 16: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -54208,6 +54209,506 @@ class TestFanControlSuite : public TestCommand } }; +class TestAccessControlConstraintsSuite : public TestCommand +{ +public: + TestAccessControlConstraintsSuite(CredentialIssuerCommands * credsIssuerConfig) : + TestCommand("TestAccessControlConstraints", 11, credsIssuerConfig) + { + AddArgument("nodeId", 0, UINT64_MAX, &mNodeId); + AddArgument("cluster", &mCluster); + AddArgument("endpoint", 0, UINT16_MAX, &mEndpoint); + AddArgument("timeout", 0, UINT16_MAX, &mTimeout); + } + + ~TestAccessControlConstraintsSuite() {} + + chip::System::Clock::Timeout GetWaitDuration() const override + { + return chip::System::Clock::Seconds16(mTimeout.ValueOr(kTimeoutInSeconds)); + } + +private: + chip::Optional mNodeId; + chip::Optional mCluster; + chip::Optional mEndpoint; + chip::Optional mTimeout; + + chip::EndpointId GetEndpoint(chip::EndpointId endpoint) { return mEndpoint.HasValue() ? mEndpoint.Value() : endpoint; } + + // + // Tests methods + // + + void OnResponse(const chip::app::StatusIB & status, chip::TLV::TLVReader * data) override + { + bool shouldContinue = false; + + switch (mTestIndex - 1) + { + case 0: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + shouldContinue = true; + break; + case 1: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 2: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 3: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 4: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 5: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 6: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 7: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 8: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 9: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 10: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + default: + LogErrorOnFailure(ContinueOnChipMainThread(CHIP_ERROR_INVALID_ARGUMENT)); + } + + if (shouldContinue) + { + ContinueOnChipMainThread(CHIP_NO_ERROR); + } + } + + CHIP_ERROR DoTestStep(uint16_t testIndex) override + { + using namespace chip::app::Clusters; + switch (testIndex) + { + case 0: { + LogStep(0, "Wait for the commissioned device to be retrieved"); + ListFreer listFreer; + chip::app::Clusters::DelayCommands::Commands::WaitForCommissionee::Type value; + value.nodeId = mNodeId.HasValue() ? mNodeId.Value() : 305414945ULL; + return WaitForCommissionee(kIdentityAlpha, value); + } + case 1: { + LogStep(1, "Constraint error: PASE reserved for future (TC-ACL-2.4 step 29)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(1); + listHolder_0->mList[1].subjects.SetNonNull(); + + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(); + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 2: { + LogStep(2, "Constraint error: Invalid combination administer + group (TC-ACL-2.4 step 31)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(5); + listHolder_0->mList[1].authMode = static_cast(3); + listHolder_0->mList[1].subjects.SetNonNull(); + + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(); + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 3: { + LogStep(3, "Constraint error: Invalid auth mode (TC-ACL-2.4 step 33)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(4); + listHolder_0->mList[1].subjects.SetNonNull(); + + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(); + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 4: { + LogStep(4, "Constraint error: Invalid subject (TC-ACL-2.4 step 34)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 0ULL; + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 5: { + LogStep(5, "Constraint error: Invalid target (TC-ACL-2.4 step 38)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNull(); + listHolder_0->mList[1].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNull(); + listHolder_3->mList[0].deviceType.SetNull(); + + listHolder_0->mList[1].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 1); + } + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 6: { + LogStep(6, "Constraint error: target has both endpoint and device type (TC-ACL-2.4 step 42)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNull(); + listHolder_0->mList[1].targets.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + + listHolder_3->mList[0].cluster.SetNull(); + listHolder_3->mList[0].endpoint.SetNonNull(); + listHolder_3->mList[0].endpoint.Value() = 22U; + listHolder_3->mList[0].deviceType.SetNonNull(); + listHolder_3->mList[0].deviceType.Value() = 33UL; + + listHolder_0->mList[1].targets.Value() = + chip::app::DataModel::List(listHolder_3->mList, + 1); + } + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 7: { + LogStep(7, "Constraint error: Invalid privilege value step 32)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(6); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNull(); + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 8: { + LogStep(8, "Constraint error: invalid subject 0xFFFF_FFFF_FFFF_FFFF (TC-ACL-2.4 step 35)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 18446744073709551615ULL; + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 9: { + LogStep(9, "Constraint error: invalid subject 0xFFFF_FFFD_0000_0000 (TC-ACL-2.4 step 36)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 18446744060824649728ULL; + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + case 10: { + LogStep(10, "Constraint error: invalid subject 0xFFFF_FFFF_FFFF_0000 (TC-ACL-2.4 step 37)"); + ListFreer listFreer; + chip::app::DataModel::List value; + + { + auto * listHolder_0 = new ListHolder(2); + listFreer.add(listHolder_0); + + listHolder_0->mList[0].privilege = static_cast(5); + listHolder_0->mList[0].authMode = static_cast(2); + listHolder_0->mList[0].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 112233ULL; + listHolder_0->mList[0].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[0].targets.SetNull(); + listHolder_0->mList[0].fabricIndex = 1U; + + listHolder_0->mList[1].privilege = static_cast(3); + listHolder_0->mList[1].authMode = static_cast(2); + listHolder_0->mList[1].subjects.SetNonNull(); + + { + auto * listHolder_3 = new ListHolder(1); + listFreer.add(listHolder_3); + listHolder_3->mList[0] = 18446744073709486080ULL; + listHolder_0->mList[1].subjects.Value() = chip::app::DataModel::List(listHolder_3->mList, 1); + } + listHolder_0->mList[1].targets.SetNull(); + listHolder_0->mList[1].fabricIndex = 1U; + + value = chip::app::DataModel::List( + listHolder_0->mList, 2); + } + return WriteAttribute(kIdentityAlpha, GetEndpoint(0), AccessControl::Id, AccessControl::Attributes::Acl::Id, value, + chip::NullOptional, chip::NullOptional); + } + } + return CHIP_NO_ERROR; + } +}; + class TestMultiAdminSuite : public TestCommand { public: @@ -90180,6 +90681,7 @@ void registerCommandsTests(Commands & commands, CredentialIssuerCommands * creds make_unique(credsIssuerConfig), make_unique(credsIssuerConfig), make_unique(credsIssuerConfig), + make_unique(credsIssuerConfig), make_unique(credsIssuerConfig), make_unique(credsIssuerConfig), make_unique(credsIssuerConfig), diff --git a/zzz_generated/darwin-framework-tool/zap-generated/test/Commands.h b/zzz_generated/darwin-framework-tool/zap-generated/test/Commands.h index ebb660eba605d1..9c266d2e4d89ee 100644 --- a/zzz_generated/darwin-framework-tool/zap-generated/test/Commands.h +++ b/zzz_generated/darwin-framework-tool/zap-generated/test/Commands.h @@ -195,6 +195,7 @@ class TestList : public Command { printf("TestUserLabelClusterConstraints\n"); printf("TestArmFailSafe\n"); printf("TestFanControl\n"); + printf("TestAccessControlConstraints\n"); printf("TestMultiAdmin\n"); printf("Test_TC_DGSW_2_1\n"); printf("Test_TC_DGSW_2_2\n"); @@ -384,37 +385,37 @@ class TestAccessControlCluster : public TestCommandBridge { VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 5: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 6: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 7: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 8: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 9: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 10: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 11: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); break; case 12: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 13: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_FAILURE)); break; case 14: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); break; case 15: - VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 1)); + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_FAILURE)); break; case 16: VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); @@ -962,7 +963,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry invalid privilege Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); NextTest(); }]; @@ -1037,7 +1038,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry invalid auth mode Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); NextTest(); }]; @@ -1116,7 +1117,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry invalid subject Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); NextTest(); }]; @@ -1199,7 +1200,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry invalid target Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); NextTest(); }]; @@ -1297,7 +1298,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry too many subjects Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_FAILURE)); NextTest(); }]; @@ -1475,7 +1476,7 @@ class TestAccessControlCluster : public TestCommandBridge { completionHandler:^(NSError * _Nullable err) { NSLog(@"Write entry too many targets Error: %@", err); - VerifyOrReturn(CheckValue("status", err ? err.code : 0, 1)); + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_FAILURE)); NextTest(); }]; @@ -92716,6 +92717,628 @@ class TestFanControl : public TestCommandBridge { } }; +class TestAccessControlConstraints : public TestCommandBridge { +public: + // NOLINTBEGIN(clang-analyzer-nullability.NullPassedToNonnull): Test constructor nullability not enforced + TestAccessControlConstraints() + : TestCommandBridge("TestAccessControlConstraints") + , mTestIndex(0) + { + AddArgument("nodeId", 0, UINT64_MAX, &mNodeId); + AddArgument("cluster", &mCluster); + AddArgument("endpoint", 0, UINT16_MAX, &mEndpoint); + AddArgument("timeout", 0, UINT16_MAX, &mTimeout); + } + // NOLINTEND(clang-analyzer-nullability.NullPassedToNonnull) + + ~TestAccessControlConstraints() {} + + /////////// TestCommand Interface ///////// + void NextTest() override + { + CHIP_ERROR err = CHIP_NO_ERROR; + + if (0 == mTestIndex) { + ChipLogProgress(chipTool, " **** Test Start: TestAccessControlConstraints\n"); + } + + if (mTestCount == mTestIndex) { + ChipLogProgress(chipTool, " **** Test Complete: TestAccessControlConstraints\n"); + SetCommandExitStatus(CHIP_NO_ERROR); + return; + } + + Wait(); + + // Ensure we increment mTestIndex before we start running the relevant + // command. That way if we lose the timeslice after we send the message + // but before our function call returns, we won't end up with an + // incorrect mTestIndex value observed when we get the response. + switch (mTestIndex++) { + case 0: + ChipLogProgress(chipTool, " ***** Test Step 0 : Wait for the commissioned device to be retrieved\n"); + err = TestWaitForTheCommissionedDeviceToBeRetrieved_0(); + break; + case 1: + ChipLogProgress(chipTool, " ***** Test Step 1 : Constraint error: PASE reserved for future (TC-ACL-2.4 step 29)\n"); + err = TestConstraintErrorPaseReservedForFutureTcAcl24Step29_1(); + break; + case 2: + ChipLogProgress( + chipTool, " ***** Test Step 2 : Constraint error: Invalid combination administer + group (TC-ACL-2.4 step 31)\n"); + err = TestConstraintErrorInvalidCombinationAdministerGroupTcAcl24Step31_2(); + break; + case 3: + ChipLogProgress(chipTool, " ***** Test Step 3 : Constraint error: Invalid auth mode (TC-ACL-2.4 step 33)\n"); + err = TestConstraintErrorInvalidAuthModeTcAcl24Step33_3(); + break; + case 4: + ChipLogProgress(chipTool, " ***** Test Step 4 : Constraint error: Invalid subject (TC-ACL-2.4 step 34)\n"); + err = TestConstraintErrorInvalidSubjectTcAcl24Step34_4(); + break; + case 5: + ChipLogProgress(chipTool, " ***** Test Step 5 : Constraint error: Invalid target (TC-ACL-2.4 step 38)\n"); + err = TestConstraintErrorInvalidTargetTcAcl24Step38_5(); + break; + case 6: + ChipLogProgress(chipTool, + " ***** Test Step 6 : Constraint error: target has both endpoint and device type (TC-ACL-2.4 step 42)\n"); + err = TestConstraintErrorTargetHasBothEndpointAndDeviceTypeTcAcl24Step42_6(); + break; + case 7: + ChipLogProgress(chipTool, " ***** Test Step 7 : Constraint error: Invalid privilege value step 32)\n"); + err = TestConstraintErrorInvalidPrivilegeValueStep32_7(); + break; + case 8: + ChipLogProgress( + chipTool, " ***** Test Step 8 : Constraint error: invalid subject 0xFFFF_FFFF_FFFF_FFFF (TC-ACL-2.4 step 35)\n"); + err = TestConstraintErrorInvalidSubject0xFFFFFfffFfffFfffTcAcl24Step35_8(); + break; + case 9: + ChipLogProgress( + chipTool, " ***** Test Step 9 : Constraint error: invalid subject 0xFFFF_FFFD_0000_0000 (TC-ACL-2.4 step 36)\n"); + err = TestConstraintErrorInvalidSubject0xFFFFFffd00000000TcAcl24Step36_9(); + break; + case 10: + ChipLogProgress( + chipTool, " ***** Test Step 10 : Constraint error: invalid subject 0xFFFF_FFFF_FFFF_0000 (TC-ACL-2.4 step 37)\n"); + err = TestConstraintErrorInvalidSubject0xFFFFFfffFfff0000TcAcl24Step37_10(); + break; + } + + if (CHIP_NO_ERROR != err) { + ChipLogError(chipTool, " ***** Test Failure: %s\n", chip::ErrorStr(err)); + SetCommandExitStatus(err); + } + } + + void OnStatusUpdate(const chip::app::StatusIB & status) override + { + switch (mTestIndex - 1) { + case 0: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), 0)); + break; + case 1: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 2: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 3: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 4: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 5: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 6: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 7: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 8: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 9: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + case 10: + VerifyOrReturn(CheckValue("status", chip::to_underlying(status.mStatus), EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + break; + } + + // Go on to the next test. + ContinueOnChipMainThread(CHIP_NO_ERROR); + } + + chip::System::Clock::Timeout GetWaitDuration() const override + { + return chip::System::Clock::Seconds16(mTimeout.ValueOr(kTimeoutInSeconds)); + } + +private: + std::atomic_uint16_t mTestIndex; + const uint16_t mTestCount = 11; + + chip::Optional mNodeId; + chip::Optional mCluster; + chip::Optional mEndpoint; + chip::Optional mTimeout; + + CHIP_ERROR TestWaitForTheCommissionedDeviceToBeRetrieved_0() + { + chip::app::Clusters::DelayCommands::Commands::WaitForCommissionee::Type value; + value.nodeId = mNodeId.HasValue() ? mNodeId.Value() : 305414945ULL; + return WaitForCommissionee("alpha", value); + } + + CHIP_ERROR TestConstraintErrorPaseReservedForFutureTcAcl24Step29_1() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:1U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: PASE reserved for future (TC-ACL-2.4 step 29) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidCombinationAdministerGroupTcAcl24Step31_2() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:3U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster + writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: Invalid combination administer + group (TC-ACL-2.4 step 31) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidAuthModeTcAcl24Step33_3() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:4U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: Invalid auth mode (TC-ACL-2.4 step 33) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidSubjectTcAcl24Step34_4() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:0ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: Invalid subject (TC-ACL-2.4 step 34) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidTargetTcAcl24Step38_5() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = nil; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[MTRAccessControlClusterTarget alloc] init]; + ((MTRAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((MTRAccessControlClusterTarget *) temp_3[0]).endpoint = nil; + ((MTRAccessControlClusterTarget *) temp_3[0]).deviceType = nil; + + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: Invalid target (TC-ACL-2.4 step 38) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorTargetHasBothEndpointAndDeviceTypeTcAcl24Step42_6() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = nil; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [[MTRAccessControlClusterTarget alloc] init]; + ((MTRAccessControlClusterTarget *) temp_3[0]).cluster = nil; + ((MTRAccessControlClusterTarget *) temp_3[0]).endpoint = [NSNumber numberWithUnsignedShort:22U]; + ((MTRAccessControlClusterTarget *) temp_3[0]).deviceType = [NSNumber numberWithUnsignedInt:33UL]; + + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster + writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: target has both endpoint and device type (TC-ACL-2.4 step 42) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidPrivilegeValueStep32_7() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:6U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: Invalid privilege value step 32) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidSubject0xFFFFFfffFfffFfffTcAcl24Step35_8() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:18446744073709551615ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: invalid subject 0xFFFF_FFFF_FFFF_FFFF (TC-ACL-2.4 step 35) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidSubject0xFFFFFffd00000000TcAcl24Step36_9() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:18446744060824649728ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: invalid subject 0xFFFF_FFFD_0000_0000 (TC-ACL-2.4 step 36) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } + + CHIP_ERROR TestConstraintErrorInvalidSubject0xFFFFFfffFfff0000TcAcl24Step37_10() + { + MTRBaseDevice * device = GetDevice("alpha"); + MTRBaseClusterAccessControl * cluster = [[MTRBaseClusterAccessControl alloc] initWithDevice:device + endpoint:0 + queue:mCallbackQueue]; + VerifyOrReturnError(cluster != nil, CHIP_ERROR_INCORRECT_STATE); + + id aclArgument; + { + NSMutableArray * temp_0 = [[NSMutableArray alloc] init]; + temp_0[0] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).privilege = [NSNumber numberWithUnsignedChar:5U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:112233ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[0]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + temp_0[1] = [[MTRAccessControlClusterAccessControlEntry alloc] init]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).privilege = [NSNumber numberWithUnsignedChar:3U]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).authMode = [NSNumber numberWithUnsignedChar:2U]; + { + NSMutableArray * temp_3 = [[NSMutableArray alloc] init]; + temp_3[0] = [NSNumber numberWithUnsignedLongLong:18446744073709486080ULL]; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).subjects = temp_3; + } + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).targets = nil; + ((MTRAccessControlClusterAccessControlEntry *) temp_0[1]).fabricIndex = [NSNumber numberWithUnsignedChar:1U]; + + aclArgument = temp_0; + } + [cluster writeAttributeAclWithValue:aclArgument + completionHandler:^(NSError * _Nullable err) { + NSLog(@"Constraint error: invalid subject 0xFFFF_FFFF_FFFF_0000 (TC-ACL-2.4 step 37) Error: %@", err); + + VerifyOrReturn(CheckValue("status", err ? err.code : 0, EMBER_ZCL_STATUS_CONSTRAINT_ERROR)); + NextTest(); + }]; + + return CHIP_NO_ERROR; + } +}; + class TestMultiAdmin : public TestCommandBridge { public: // NOLINTBEGIN(clang-analyzer-nullability.NullPassedToNonnull): Test constructor nullability not enforced @@ -112028,6 +112651,7 @@ void registerCommandsTests(Commands & commands) make_unique(), make_unique(), make_unique(), + make_unique(), make_unique(), make_unique(), make_unique(),