TLS Client Management cluster

.github/workflows/tests.yaml

@@ -199,6 +199,7 @@ jobs:
                       src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml \
+                      src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml \

docs/ids_and_codes/zap_clusters.md

@@ -139,6 +139,7 @@ Generally regenerate using one of:
 |       1872 |      0x750 | EcosystemInformation                                    |
 |       1873 |      0x751 | CommissionerControl                                     |
 |       2049 |      0x801 | TlsCertificateManagement                                |
+|       2050 |      0x802 | TlsClientManagement                                     |
 | 4294048773 | 0xFFF1FC05 | UnitTesting                                             |
 | 4294048774 | 0xFFF1FC06 | FaultInjection                                          |
 | 4294048800 | 0xFFF1FC20 | SampleMei                                               |

scripts/rules.matterlint

@@ -106,6 +106,7 @@ load "../src/app/zap-templates/zcl/data-model/chip/time-format-localization-clus
 load "../src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml";
+load "../src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml";

src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml

@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<!--
+Copyright (c) 2025 Project CHIP Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+XML generated by Alchemy; DO NOT EDIT.
+Source: src/tls/TLSClientManagement.adoc
+Parameters: in-progress 
+Git: 1.4-819-g9894ad1b9
+-->
+<configurator xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../zcl.xsd">
+  <domain name="General"/>
+  <enum name="TLSEndpointStatusEnum" type="enum8">
+    <cluster code="0x0802"/>
+    <item name="Provisioned" value="0x00"/>
+    <item name="InUse" value="0x01"/>
+  </enum>
+
+  <struct name="TLSEndpointStruct" apiMaturity="provisional">
+    <cluster code="0x0802"/>
+    <item fieldId="0" name="EndpointID" type="int16u"/>
+    <item fieldId="1" name="Hostname" type="octet_string"/>
+    <item fieldId="2" name="Port" type="int16u"/>
+    <item fieldId="3" name="CAID" type="int16u"/>
+    <item fieldId="4" name="CCDID" type="int16u" isNullable="true" optional="true"/>
+    <item fieldId="5" name="Status" type="TLSEndpointStatusEnum" min="0x00" max="0x01"/>
+  </struct>
+
+  <cluster apiMaturity="provisional">
+    <domain name="General"/>
+    <name>TLS Client Management</name>
+    <code>0x0802</code>
+    <define>TLS_CLIENT_MANAGEMENT_CLUSTER</define>
+    <description>This Cluster is used to provision TLS Endpoints with enough information to facilitate subsequent connection.</description>
+    <client init="false" tick="false">true</client>
+    <server init="false" tick="false">true</server>
+    <globalAttribute code="0xFFFD" side="either" value="1"/>
+    <attribute code="0x0000" side="server" define="MAX_PROVISIONED" type="int8u">MaxProvisioned</attribute>
+    <attribute code="0x0001" side="server" define="CURRENT_PROVISIONED" type="int8u">CurrentProvisioned</attribute>
+    <attribute code="0x0002" side="server" define="MAX_IN_USE" type="int8u">MaxInUse</attribute>
+    <attribute code="0x0003" side="server" define="CURRENT_IN_USE" type="int8u">CurrentInUse</attribute>
+    <command code="0x00" source="client" name="ProvisionEndpoint" optional="false" response="ProvisionEndpointResponse">
+      <description>This command SHALL provision a TLS Endpoint for the provided HostName / Port combination.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="Hostname" type="octet_string"/>
+      <arg id="1" name="Port" type="int16u"/>
+      <arg id="2" name="CAID" type="int16u"/>
+      <arg id="3" name="CCDID" type="int16u" optional="true" isNullable="true"/>
+      <arg id="4" name="EndpointID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x01" source="server" name="ProvisionEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a ProvisionEndpointRequest command.</description>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+    <command code="0x02" source="client" name="FindEndpoint" optional="false" response="FindEndpointResponse">
+      <description>This command SHALL return the TLS Endpoint details for the passed in EndpointID.</description>
+      <arg id="0" name="EndpointID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x03" source="server" name="FindEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a FindEndpointRequest command.</description>
+      <arg id="0" name="Endpoints" array="true" type="TLSEndpointStruct"/>
+    </command>
+
+    <command code="0x04" source="client" name="RemoveEndpoint" optional="false">
+      <description>This command SHALL be generated to request the Node terminates the TLS Connection.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+    <event code="0x0000" name="EndpointProvisioned" priority="info" side="server">
+      <field id="0" name="EndpointID" type="int16u"/>
+      <description>This event SHALL indicate a new TLS Endpoint has been provisioned.</description>
+    </event>
+
+    <event code="0x0001" name="EndpointRemoved" priority="info" side="server">
+      <field id="0" name="EndpointID" type="int16u"/>
+      <description>This event SHALL indicate a TLS Endpoint has been removed.</description>
+    </event>
+
+  </cluster>
+</configurator>

src/app/zap-templates/zcl/zcl-with-test-extensions.json

@@ -128,6 +128,7 @@
         "time-synchronization-cluster.xml",
         "timer-cluster.xml",
         "tls-certificate-management-cluster.xml",
+        "tls-client-management-cluster.xml",
         "user-label-cluster.xml",
         "unit-localization-cluster.xml",
         "valve-configuration-and-control-cluster.xml",

src/app/zap-templates/zcl/zcl.json

@@ -122,6 +122,7 @@
         "time-synchronization-cluster.xml",
         "timer-cluster.xml",
         "tls-certificate-management-cluster.xml",
+        "tls-client-management-cluster.xml",
         "user-label-cluster.xml",
         "unit-localization-cluster.xml",
         "valve-configuration-and-control-cluster.xml",

src/app/zap_cluster_list.json

@@ -124,6 +124,7 @@
         "TIME_SYNCHRONIZATION_CLUSTER": [],
         "TIMER_CLUSTER": [],
         "TLS_CERTIFICATE_MANAGEMENT_CLUSTER": [],
+        "TLS_CLIENT_MANAGEMENT_CLUSTER": [],
         "TRUSTED_ROOT_CERTIFICATES_CLUSTER": [],
         "UNIT_LOCALIZATION_CLUSTER": [],
         "UNIT_TESTING_CLUSTER": [],
@@ -309,6 +310,7 @@
         "TIME_SYNCHRONIZATION_CLUSTER": ["time-synchronization-server"],
         "TIMER_CLUSTER": ["timer-server"],
         "TLS_CERTIFICATE_MANAGEMENT_CLUSTER": [],
+        "TLS_CLIENT_MANAGEMENT_CLUSTER": [],
         "TVOC_CONCENTRATION_MEASUREMENT_CLUSTER": [
             "concentration-measurement-server"
         ],

src/controller/data_model/controller-clusters.matter

@@ -10556,6 +10556,75 @@ provisional cluster TlsCertificateManagement = 2049 {
   command access(invoke: administer) RemoveClientCertificate(RemoveClientCertificateRequest): DefaultSuccess = 15;
 }
 
+/** This Cluster is used to provision TLS Endpoints with enough information to facilitate subsequent connection. */
+provisional cluster TlsClientManagement = 2050 {
+  revision 1;
+
+  enum TLSEndpointStatusEnum : enum8 {
+    kProvisioned = 0;
+    kInUse = 1;
+  }
+
+  struct TLSEndpointStruct {
+    int16u endpointID = 0;
+    octet_string hostname = 1;
+    int16u port = 2;
+    int16u caid = 3;
+    optional nullable int16u ccdid = 4;
+    TLSEndpointStatusEnum status = 5;
+  }
+
+  info event EndpointProvisioned = 0 {
+    int16u endpointID = 0;
+  }
+
+  info event EndpointRemoved = 1 {
+    int16u endpointID = 0;
+  }
+
+  readonly attribute int8u maxProvisioned = 0;
+  readonly attribute int8u currentProvisioned = 1;
+  readonly attribute int8u maxInUse = 2;
+  readonly attribute int8u currentInUse = 3;
+  readonly attribute command_id generatedCommandList[] = 65528;
+  readonly attribute command_id acceptedCommandList[] = 65529;
+  readonly attribute event_id eventList[] = 65530;
+  readonly attribute attrib_id attributeList[] = 65531;
+  readonly attribute bitmap32 featureMap = 65532;
+  readonly attribute int16u clusterRevision = 65533;
+
+  request struct ProvisionEndpointRequest {
+    octet_string hostname = 0;
+    int16u port = 1;
+    int16u caid = 2;
+    optional nullable int16u ccdid = 3;
+    optional nullable int16u endpointID = 4;
+  }
+
+  response struct ProvisionEndpointResponse = 1 {
+    int16u endpointID = 0;
+  }
+
+  request struct FindEndpointRequest {
+    optional nullable int16u endpointID = 0;
+  }
+
+  response struct FindEndpointResponse = 3 {
+    TLSEndpointStruct endpoints[] = 0;
+  }
+
+  request struct RemoveEndpointRequest {
+    int16u endpointID = 0;
+  }
+
+  /** This command SHALL provision a TLS Endpoint for the provided HostName / Port combination. */
+  command access(invoke: administer) ProvisionEndpoint(ProvisionEndpointRequest): ProvisionEndpointResponse = 0;
+  /** This command SHALL return the TLS Endpoint details for the passed in EndpointID. */
+  command FindEndpoint(FindEndpointRequest): FindEndpointResponse = 2;
+  /** This command SHALL be generated to request the Node terminates the TLS Connection. */
+  command access(invoke: administer) RemoveEndpoint(RemoveEndpointRequest): DefaultSuccess = 4;
+}
+
 /** The Test Cluster is meant to validate the generated code */
 internal cluster UnitTesting = 4294048773 {
   revision 1; // NOTE: Default/not specifically set