./alchemy zap --attribute="in-progress" --sdkRoot=[] --specRoot=[] 'TLSCertificateManagement.adoc'

./alchemy zap --attribute="in-progress"  --sdkRoot=[] --specRoot=[]  'TLSClientManagement.adoc'

With manual edits adding description

Author: gmarcosb

.github/workflows/tests.yaml

@@ -195,6 +195,8 @@ jobs:
                       src/app/zap-templates/zcl/data-model/chip/time-format-localization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml \
+                      src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml \
+                      src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml \

scripts/rules.matterlint

@@ -103,6 +103,8 @@ load "../src/app/zap-templates/zcl/data-model/chip/thread-network-directory-clus
 load "../src/app/zap-templates/zcl/data-model/chip/time-format-localization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml";
+load "../src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml";
+load "../src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml";

src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml

@@ -0,0 +1,142 @@
+<?xml version="1.0"?>
+<!--
+Copyright (c) 2024 Project CHIP Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+XML generated by Alchemy; DO NOT EDIT.
+Source: src/tls/TLSCertificateManagement.adoc
+Parameters: in-progress 
+Git: 1.4-282-gad46b0990
+-->
+<configurator xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../zcl.xsd">
+  <domain name="General"/>
+  <struct name="TLSCertStruct" apiMaturity="provisional">
+    <cluster code="0x0801"/>
+    <item fieldId="0" name="CAID" type="int16u"/>
+    <item fieldId="1" name="Certificate" type="long_octet_string" length="3000"/>
+  </struct>
+
+  <struct name="TLSClientCertificateDetailStruct" apiMaturity="provisional">
+    <cluster code="0x0801"/>
+    <item fieldId="0" name="CCDID" type="int16u"/>
+    <item fieldId="1" name="ClientCertificate" type="long_octet_string" length="3000"/>
+    <item fieldId="2" name="IntermediateCerts" array="true" type="octet_string"/>
+  </struct>
+
+  <cluster>
+    <domain name="General"/>
+    <name>TLS Certificate Management</name>
+    <code>0x0801</code>
+    <define>TLS_CERTIFICATE_MANAGEMENT_CLUSTER</define>
+    <description>This Cluster is used to manage TLS Client Certificates and to provision
+      TLS endpoints with enough information to facilitate subsequent connection.</description>
+    <client init="false" tick="false">true</client>
+    <server init="false" tick="false">true</server>
+    <globalAttribute code="0xFFFD" side="either" value="1"/>
+    <attribute code="0x0000" side="server" define="MAX_ROOT_CERTIFICATES" type="int8u">MaxRootCertificates</attribute>
+    <attribute code="0x0001" side="server" define="CURRENT_ROOT_CERTIFICATES" type="int8u">CurrentRootCertificates</attribute>
+    <attribute code="0x0002" side="server" define="MAX_CLIENT_CERTIFICATES" type="int8u">MaxClientCertificates</attribute>
+    <attribute code="0x0003" side="server" define="CURRENT_CLIENT_CERTIFICATES" type="int8u">CurrentClientCertificates</attribute>
+    <command code="0x00" source="client" name="ProvisionRootCertificate" optional="false" response="ProvisionRootCertificateResponse">
+      <description>This command SHALL provision the provided certificate for the passed in CAID.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="Certificate" type="long_octet_string" length="3000"/>
+      <arg id="1" name="CAID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x01" source="server" name="ProvisionRootCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a ProvisionRootCertificate command.</description>
+      <arg id="0" name="CAID" type="int16u"/>
+    </command>
+
+    <command code="0x02" source="client" name="FindRootCertificate" optional="false" response="FindRootCertificateResponse">
+      <description>This command SHALL return the TLSCertStruct for the passed in CAID.</description>
+      <arg id="0" name="CAID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x03" source="server" name="FindRootCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a FindRootCertificate command.</description>
+      <arg id="0" name="CertificateDetails" array="true" type="TLSCertStruct"/>
+    </command>
+
+    <command code="0x04" source="client" name="LookupRootCertificate" optional="false" response="LookupRootCertificateResponse">
+      <description>This command SHALL return the CAID for the passed in fingerprint.</description>
+      <arg id="0" name="Fingerprint" type="octet_string" length="64"/>
+    </command>
+
+    <command code="0x05" source="server" name="LookupRootCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a LookupRootCertificate command.</description>
+      <arg id="0" name="CAID" type="int16u"/>
+    </command>
+
+    <command code="0x06" source="client" name="RemoveRootCertificate" optional="false">
+      <description>This command SHALL be generated to request the server removes the certificate provisioned to the provided Certificate Authority ID.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="CAID" type="int16u"/>
+    </command>
+
+    <command code="0x07" source="client" name="TLSClientCSR" optional="false" response="TLSClientCSRResponse">
+      <description>This command SHALL be generated to request the Node generates a Certificate Signing Request.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="1" name="Nonce" type="octet_string"/>
+    </command>
+
+    <command code="0x08" source="server" name="TLSClientCSRResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a TLSClientCSR command.</description>
+      <arg id="0" name="CCDID" type="int16u"/>
+      <arg id="1" name="CSR" type="octet_string"/>
+      <arg id="2" name="Nonce" type="octet_string"/>
+    </command>
+
+    <command code="0x09" source="client" name="ProvisionClientCertificate" optional="false" response="ProvisionClientCertificateResponse">
+      <description>This command SHALL be generated to request the Node provisions the provided Client Certificate Details.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="CCDID" type="int16u"/>
+      <arg id="1" name="ClientCertificateDetails" type="TLSClientCertificateDetailStruct"/>
+    </command>
+
+    <command code="0x0A" source="server" name="ProvisionClientCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a ProvisionClientCertificate command.</description>
+      <arg id="0" name="CCDID" type="int16u"/>
+    </command>
+
+    <command code="0x0B" source="client" name="FindClientCertificate" optional="false" response="FindClientCertificateResponse">
+      <description>This command SHALL return the TLSClientCertificateDetailStruct for the passed in CCDID.</description>
+      <arg id="0" name="CCDID" type="int16u"/>
+    </command>
+
+    <command code="0x0C" source="server" name="FindClientCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a FindClientCertificate command.</description>
+      <arg id="0" name="CertificateDetails" array="true" type="TLSClientCertificateDetailStruct"/>
+    </command>
+
+    <command code="0x0D" source="client" name="LookupClientCertificate" optional="false" response="LookupClientCertificateResponse">
+      <description>This command SHALL return the CCDID for the passed in Fingerprint.</description>
+      <arg id="0" name="Fingerprint" type="octet_string" length="64"/>
+    </command>
+
+    <command code="0x0E" source="server" name="LookupClientCertificateResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a LookupClientCertificate command.</description>
+      <arg id="0" name="CCDID" type="int16u"/>
+    </command>
+
+    <command code="0x0F" source="client" name="RemoveClientCertificate" optional="false">
+      <description>This command SHALL be generated to request the Node removes the certificate provisioned to the provided Client Certificate Details ID.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="CCDID" type="int16u"/>
+    </command>
+
+  </cluster>
+</configurator>

src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml

@@ -0,0 +1,95 @@
+<?xml version="1.0"?>
+<!--
+Copyright (c) 2024 Project CHIP Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+XML generated by Alchemy; DO NOT EDIT.
+Source: src/tls/TLSClientManagement.adoc
+Parameters: in-progress 
+Git: 1.4-282-gad46b0990
+-->
+<configurator xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../zcl.xsd">
+  <domain name="General"/>
+  <enum name="TLSEndpointStatusEnum" type="enum8">
+    <cluster code="0x0802"/>
+    <item name="Provisioned" value="0x00"/>
+    <item name="InUse" value="0x01"/>
+  </enum>
+
+  <struct name="TLSEndpointStruct" apiMaturity="provisional">
+    <cluster code="0x0802"/>
+    <item fieldId="0" name="EndpointID" type="int16u"/>
+    <item fieldId="1" name="Hostname" type="octet_string"/>
+    <item fieldId="2" name="Port" type="int16u"/>
+    <item fieldId="3" name="CAID" type="int16u"/>
+    <item fieldId="4" name="CCDID" type="int16u" isNullable="true" optional="true"/>
+    <item fieldId="5" name="Status" type="TLSEndpointStatusEnum" min="0x00" max="0x01"/>
+  </struct>
+
+  <cluster>
+    <domain name="General"/>
+    <name>TLS Client Management</name>
+    <code>0x0802</code>
+    <define>TLS_CLIENT_MANAGEMENT_CLUSTER</define>
+    <description>This Cluster is used to provision TLS Endpoints with enough information to facilitate subsequent connection.</description>
+    <client init="false" tick="false">true</client>
+    <server init="false" tick="false">true</server>
+    <globalAttribute code="0xFFFD" side="either" value="1"/>
+    <attribute code="0x0000" side="server" define="MAX_PROVISIONED" type="int8u">MaxProvisioned</attribute>
+    <attribute code="0x0001" side="server" define="CURRENT_PROVISIONED" type="int8u">CurrentProvisioned</attribute>
+    <attribute code="0x0002" side="server" define="MAX_IN_USE" type="int8u">MaxInUse</attribute>
+    <attribute code="0x0003" side="server" define="CURRENT_IN_USE" type="int8u">CurrentInUse</attribute>
+    <command code="0x00" source="client" name="ProvisionEndpoint" optional="false" response="ProvisionEndpointResponse">
+      <description>This command SHALL provision a TLS Endpoint for the provided HostName / Port combination.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="Hostname" type="octet_string"/>
+      <arg id="1" name="Port" type="int16u"/>
+      <arg id="2" name="CAID" type="int16u"/>
+      <arg id="3" name="CCDID" type="int16u" optional="true" isNullable="true"/>
+      <arg id="4" name="EndpointID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x01" source="server" name="ProvisionEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a ProvisionEndpointRequest command.</description>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+    <command code="0x02" source="client" name="FindEndpoint" optional="false" response="FindEndpointResponse">
+      <description>This command SHALL return the TLS Endpoint details for the passed in EndpointID.</description>
+      <arg id="0" name="EndpointID" type="int16u" optional="true" isNullable="true"/>
+    </command>
+
+    <command code="0x03" source="server" name="FindEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a FindEndpointRequest command.</description>
+      <arg id="0" name="Endpoints" array="true" type="TLSEndpointStruct"/>
+    </command>
+
+    <command code="0x04" source="client" name="RemoveEndpoint" optional="false">
+      <description>This command SHALL be generated to request the Node terminates the TLS Connection.</description>
+      <access op="invoke" privilege="administer"/>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+    <event code="0x0000" name="EndpointProvisioned" priority="info" side="server">
+      <field id="0" name="EndpointID" type="int16u"/>
+      <description>This event SHALL indicate a new TLS Endpoint has been provisioned.</description>
+    </event>
+
+    <event code="0x0001" name="EndpointRemoved" priority="info" side="server">
+      <description/>
+    </event>
+
+  </cluster>
+</configurator>