Verify the device is under commissioning before accessing/storing inf…

…ormation in fabric (#15204)
project-chip · Sep 22, 2023 · 9c0917b · 9c0917b
1 parent 22a606c
commit 9c0917b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
@@ -527,6 +527,10 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co
 
     emberAfPrintln(EMBER_AF_PRINT_DEBUG, "OpCreds: commissioner has added a NOC");
 
+    VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                     AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                 nocResponse = OperationalCertStatus::kInvalidNOC);
+
     err = gFabricBeingCommissioned.SetNOCCert(NOCValue);
     VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err));
 
@@ -747,6 +751,10 @@ bool emberAfOperationalCredentialsClusterCSRRequestCallback(app::CommandHandler
         size_t nocsrLengthEstimate = 0;
         ByteSpan kNoVendorReserved;
 
+        VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                         AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                     err = CHIP_ERROR_INCORRECT_STATE);
+
         // Always generate a new operational keypair for any new CSRRequest
         if (gFabricBeingCommissioned.GetOperationalKey() != nullptr)
         {
@@ -815,6 +823,10 @@ bool emberAfOperationalCredentialsClusterAddTrustedRootCertificateCallback(
 
     emberAfPrintln(EMBER_AF_PRINT_DEBUG, "OpCreds: commissioner has added a trusted root Cert");
 
+    VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                     AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                 status = EMBER_ZCL_STATUS_FAILURE);
+
     // TODO: Ensure we do not duplicate roots in storage, and detect "same key, different cert" errors
     // TODO: Validate cert signature prior to setting.
     VerifyOrExit(gFabricBeingCommissioned.SetRootCert(RootCertificate) == CHIP_NO_ERROR, status = EMBER_ZCL_STATUS_INVALID_FIELD);

diff --git a/src/app/server/CommissioningWindowManager.cpp b/src/app/server/CommissioningWindowManager.cpp
@@ -88,6 +88,7 @@ void CommissioningWindowManager::ResetState()
     mECMPasscodeID    = 0;
     mECMIterations    = 0;
     mECMSaltLength    = 0;
+    mWindowStatus     = app::Clusters::AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen;
 
     memset(&mECMPASEVerifier, 0, sizeof(mECMPASEVerifier));
     memset(mECMSalt, 0, sizeof(mECMSalt));
@@ -334,8 +335,6 @@ CHIP_ERROR CommissioningWindowManager::StopAdvertisement(bool aShuttingDown)
     }
 #endif
 
-    mWindowStatus = AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen;
-
     // If aShuttingDown, don't try to change our DNS-SD advertisements.
     if (!aShuttingDown)
     {