From 9c0917be692441b71cd1ad0693fc4743610a8a8e Mon Sep 17 00:00:00 2001
From: Yufeng Wang <yufengwang@google.com>
Date: Tue, 15 Feb 2022 14:08:46 -0800
Subject: [PATCH] Verify the device is under commissioning before
 accessing/storing information in fabric (#15204)

---
 .../operational-credentials-server.cpp               | 12 ++++++++++++
 src/app/server/CommissioningWindowManager.cpp        |  3 +--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
index 2f6b9c6e9ad4cf..16f4bc37bcfc39 100644
--- a/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
+++ b/src/app/clusters/operational-credentials-server/operational-credentials-server.cpp
@@ -527,6 +527,10 @@ bool emberAfOperationalCredentialsClusterAddNOCCallback(app::CommandHandler * co
 
     emberAfPrintln(EMBER_AF_PRINT_DEBUG, "OpCreds: commissioner has added a NOC");
 
+    VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                     AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                 nocResponse = OperationalCertStatus::kInvalidNOC);
+
     err = gFabricBeingCommissioned.SetNOCCert(NOCValue);
     VerifyOrExit(err == CHIP_NO_ERROR, nocResponse = ConvertToNOCResponseStatus(err));
 
@@ -747,6 +751,10 @@ bool emberAfOperationalCredentialsClusterCSRRequestCallback(app::CommandHandler
         size_t nocsrLengthEstimate = 0;
         ByteSpan kNoVendorReserved;
 
+        VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                         AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                     err = CHIP_ERROR_INCORRECT_STATE);
+
         // Always generate a new operational keypair for any new CSRRequest
         if (gFabricBeingCommissioned.GetOperationalKey() != nullptr)
         {
@@ -815,6 +823,10 @@ bool emberAfOperationalCredentialsClusterAddTrustedRootCertificateCallback(
 
     emberAfPrintln(EMBER_AF_PRINT_DEBUG, "OpCreds: commissioner has added a trusted root Cert");
 
+    VerifyOrExit(Server::GetInstance().GetCommissioningWindowManager().CommissioningWindowStatus() !=
+                     AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen,
+                 status = EMBER_ZCL_STATUS_FAILURE);
+
     // TODO: Ensure we do not duplicate roots in storage, and detect "same key, different cert" errors
     // TODO: Validate cert signature prior to setting.
     VerifyOrExit(gFabricBeingCommissioned.SetRootCert(RootCertificate) == CHIP_NO_ERROR, status = EMBER_ZCL_STATUS_INVALID_FIELD);
diff --git a/src/app/server/CommissioningWindowManager.cpp b/src/app/server/CommissioningWindowManager.cpp
index 081f0a1699ebd9..6b1d600fdfb7f9 100644
--- a/src/app/server/CommissioningWindowManager.cpp
+++ b/src/app/server/CommissioningWindowManager.cpp
@@ -88,6 +88,7 @@ void CommissioningWindowManager::ResetState()
     mECMPasscodeID    = 0;
     mECMIterations    = 0;
     mECMSaltLength    = 0;
+    mWindowStatus     = app::Clusters::AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen;
 
     memset(&mECMPASEVerifier, 0, sizeof(mECMPASEVerifier));
     memset(mECMSalt, 0, sizeof(mECMSalt));
@@ -334,8 +335,6 @@ CHIP_ERROR CommissioningWindowManager::StopAdvertisement(bool aShuttingDown)
     }
 #endif
 
-    mWindowStatus = AdministratorCommissioning::CommissioningWindowStatus::kWindowNotOpen;
-
     // If aShuttingDown, don't try to change our DNS-SD advertisements.
     if (!aShuttingDown)
     {