TLS Client Management cluster (project-chip#37115)

* Generated using:
 ./alchemy zap --attribute="in-progress" ... /TLSClientManagement.adoc

* Apply review comments & re-run alchemy

* Generated using ./scripts/tools/zap_regen_all.py

* Workaround for project-chip/zap#1255

Author: gmarcosb

.github/workflows/tests.yaml

@@ -200,6 +200,7 @@ jobs:
                       src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml \
+                      src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml \
                       src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml \

docs/ids_and_codes/zap_clusters.md

@@ -140,6 +140,7 @@ Generally regenerate using one of:
 |       1872 |      0x750 | EcosystemInformation                                    |
 |       1873 |      0x751 | CommissionerControl                                     |
 |       2049 |      0x801 | TlsCertificateManagement                                |
+|       2050 |      0x802 | TlsClientManagement                                     |
 | 4294048773 | 0xFFF1FC05 | UnitTesting                                             |
 | 4294048774 | 0xFFF1FC06 | FaultInjection                                          |
 | 4294048800 | 0xFFF1FC20 | SampleMei                                               |

scripts/rules.matterlint

@@ -107,6 +107,7 @@ load "../src/app/zap-templates/zcl/data-model/chip/time-format-localization-clus
 load "../src/app/zap-templates/zcl/data-model/chip/time-synchronization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/timer-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/tls-certificate-management-cluster.xml";
+load "../src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/unit-localization-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/user-label-cluster.xml";
 load "../src/app/zap-templates/zcl/data-model/chip/wake-on-lan-cluster.xml";

scripts/tools/zap/tests/outputs/all-clusters-app/app-templates/gen_config.h

@@ -149,6 +149,7 @@
 #define MATTER_DM_ECOSYSTEM_INFORMATION_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_COMMISSIONER_CONTROL_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_TLS_CERTIFICATE_MANAGEMENT_CLUSTER_SERVER_ENDPOINT_COUNT (0)
+#define MATTER_DM_TLS_CLIENT_MANAGEMENT_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_UNIT_TESTING_CLUSTER_SERVER_ENDPOINT_COUNT (1)
 #define MATTER_DM_FAULT_INJECTION_CLUSTER_SERVER_ENDPOINT_COUNT (1)
 #define MATTER_DM_SAMPLE_MEI_CLUSTER_SERVER_ENDPOINT_COUNT (0)
@@ -281,6 +282,7 @@
 #define MATTER_DM_ECOSYSTEM_INFORMATION_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_COMMISSIONER_CONTROL_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_TLS_CERTIFICATE_MANAGEMENT_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
+#define MATTER_DM_TLS_CLIENT_MANAGEMENT_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_UNIT_TESTING_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_FAULT_INJECTION_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_SAMPLE_MEI_CLUSTER_CLIENT_ENDPOINT_COUNT (0)

scripts/tools/zap/tests/outputs/lighting-app/app-templates/gen_config.h

@@ -149,6 +149,7 @@
 #define MATTER_DM_ECOSYSTEM_INFORMATION_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_COMMISSIONER_CONTROL_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_TLS_CERTIFICATE_MANAGEMENT_CLUSTER_SERVER_ENDPOINT_COUNT (0)
+#define MATTER_DM_TLS_CLIENT_MANAGEMENT_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_UNIT_TESTING_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_FAULT_INJECTION_CLUSTER_SERVER_ENDPOINT_COUNT (0)
 #define MATTER_DM_SAMPLE_MEI_CLUSTER_SERVER_ENDPOINT_COUNT (0)
@@ -281,6 +282,7 @@
 #define MATTER_DM_ECOSYSTEM_INFORMATION_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_COMMISSIONER_CONTROL_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_TLS_CERTIFICATE_MANAGEMENT_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
+#define MATTER_DM_TLS_CLIENT_MANAGEMENT_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_UNIT_TESTING_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_FAULT_INJECTION_CLUSTER_CLIENT_ENDPOINT_COUNT (0)
 #define MATTER_DM_SAMPLE_MEI_CLUSTER_CLIENT_ENDPOINT_COUNT (0)

src/app/zap-templates/zcl/data-model/chip/tls-client-management-cluster.xml

@@ -0,0 +1,89 @@
+<?xml version="1.0"?>
+<!--
+Copyright (c) 2025 Project CHIP Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+XML generated by Alchemy; DO NOT EDIT.
+Source: src/tls/TLSClientManagement.adoc
+Parameters: in-progress 
+Git: 0.7-summer-2025-308-g2f23be841
+-->
+<configurator xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../zcl.xsd">
+  <domain name="General"/>
+  <enum name="TLSEndpointStatusEnum" type="enum8">
+    <cluster code="0x0802"/>
+    <item name="Provisioned" value="0x00"/>
+    <item name="InUse" value="0x01"/>
+  </enum>
+
+  <struct name="TLSEndpointStruct" apiMaturity="provisional">
+    <cluster code="0x0802"/>
+    <item fieldId="0" name="EndpointID" type="int16u"/>
+    <item fieldId="1" name="Hostname" type="octet_string" length="253"/>
+    <item fieldId="2" name="Port" type="int16u"/>
+    <item fieldId="3" name="CAID" type="int16u"/>
+    <item fieldId="4" name="CCDID" type="int16u" isNullable="true"/>
+    <item fieldId="5" name="Status" type="TLSEndpointStatusEnum" min="0x00" max="0x01"/>
+  </struct>
+
+  <cluster apiMaturity="provisional">
+    <domain name="General">General</domain>
+    <name>TLS Client Management</name>
+    <code>0x0802</code>
+    <define>TLS_CLIENT_MANAGEMENT_CLUSTER</define>
+    <description>This Cluster is used to provision TLS Endpoints with enough information to facilitate subsequent connection.</description>
+    <client init="false" tick="false">true</client>
+    <server init="false" tick="false">true</server>
+    <globalAttribute code="0xFFFD" side="either" value="1"/>
+    <attribute code="0x0000" side="server" define="MAX_PROVISIONED" type="int8u" min="5" max="254" default="5">MaxProvisioned</attribute>
+    <attribute code="0x0001" side="server" define="PROVISIONED_ENDPOINTS" type="array" entryType="TLSEndpointStruct">ProvisionedEndpoints</attribute>
+    <command code="0x00" source="client" name="ProvisionEndpoint" optional="false" response="ProvisionEndpointResponse" isFabricScoped="true">
+      <description>This command SHALL provision a TLS Endpoint for the provided HostName / Port combination.</description>
+      <access op="invoke" privilege="administer"/>
+      <quality largeMessage="true"/>
+      <arg id="0" name="Hostname" type="octet_string"/>
+      <arg id="1" name="Port" type="int16u"/>
+      <arg id="2" name="CAID" type="int16u"/>
+      <arg id="3" name="CCDID" type="int16u" isNullable="true"/>
+      <arg id="4" name="EndpointID" type="int16u" isNullable="true"/>
+    </command>
+
+    <command code="0x01" source="server" name="ProvisionEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a ProvisionEndpointRequest command.</description>
+      <quality largeMessage="true"/>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+    <command code="0x02" source="client" name="FindEndpoint" optional="false" response="FindEndpointResponse" isFabricScoped="true">
+      <description>This command SHALL return the TLS Endpoint details for the passed in EndpointID, or all provisioned endpoints if null </description>
+      <quality largeMessage="true"/>
+      <arg id="0" name="EndpointID" type="int16u" isNullable="true"/>
+    </command>
+
+    <command code="0x03" source="server" name="FindEndpointResponse" optional="false" disableDefaultResponse="true">
+      <description>This command SHALL be generated in response to a FindEndpointRequest command.</description>
+      <quality largeMessage="true"/>
+      <arg id="0" name="Endpoints" array="true" type="TLSEndpointStruct"/>
+    </command>
+
+    <command code="0x04" source="client" name="RemoveEndpoint" optional="false" isFabricScoped="true">
+      <description>This command SHALL be generated to request the Node remove any TLS Endpoint.</description>
+      <access op="invoke" privilege="administer"/>
+      <quality largeMessage="true"/>
+      <arg id="0" name="EndpointID" type="int16u"/>
+    </command>
+
+  </cluster>
+</configurator>

src/app/zap-templates/zcl/zcl-with-test-extensions.json

@@ -129,6 +129,7 @@
         "time-synchronization-cluster.xml",
         "timer-cluster.xml",
         "tls-certificate-management-cluster.xml",
+        "tls-client-management-cluster.xml",
         "user-label-cluster.xml",
         "unit-localization-cluster.xml",
         "valve-configuration-and-control-cluster.xml",

src/app/zap-templates/zcl/zcl.json

@@ -123,6 +123,7 @@
         "time-synchronization-cluster.xml",
         "timer-cluster.xml",
         "tls-certificate-management-cluster.xml",
+        "tls-client-management-cluster.xml",
         "user-label-cluster.xml",
         "unit-localization-cluster.xml",
         "valve-configuration-and-control-cluster.xml",

src/app/zap_cluster_list.json

@@ -125,6 +125,7 @@
         "TIME_SYNCHRONIZATION_CLUSTER": [],
         "TIMER_CLUSTER": [],
         "TLS_CERTIFICATE_MANAGEMENT_CLUSTER": [],
+        "TLS_CLIENT_MANAGEMENT_CLUSTER": [],
         "TRUSTED_ROOT_CERTIFICATES_CLUSTER": [],
         "UNIT_LOCALIZATION_CLUSTER": [],
         "UNIT_TESTING_CLUSTER": [],
@@ -311,6 +312,7 @@
         "TIME_SYNCHRONIZATION_CLUSTER": ["time-synchronization-server"],
         "TIMER_CLUSTER": ["timer-server"],
         "TLS_CERTIFICATE_MANAGEMENT_CLUSTER": [],
+        "TLS_CLIENT_MANAGEMENT_CLUSTER": [],
         "TVOC_CONCENTRATION_MEASUREMENT_CLUSTER": [
             "concentration-measurement-server"
         ],

src/controller/data_model/controller-clusters.matter

@@ -10696,6 +10696,65 @@ provisional cluster TlsCertificateManagement = 2049 {
   command access(invoke: administer) RemoveClientCertificate(RemoveClientCertificateRequest): DefaultSuccess = 15;
 }
 
+/** This Cluster is used to provision TLS Endpoints with enough information to facilitate subsequent connection. */
+provisional cluster TlsClientManagement = 2050 {
+  revision 1;
+
+  enum TLSEndpointStatusEnum : enum8 {
+    kProvisioned = 0;
+    kInUse = 1;
+  }
+
+  struct TLSEndpointStruct {
+    int16u endpointID = 0;
+    octet_string<253> hostname = 1;
+    int16u port = 2;
+    int16u caid = 3;
+    nullable int16u ccdid = 4;
+    TLSEndpointStatusEnum status = 5;
+  }
+
+  readonly attribute int8u maxProvisioned = 0;
+  readonly attribute TLSEndpointStruct provisionedEndpoints[] = 1;
+  readonly attribute command_id generatedCommandList[] = 65528;
+  readonly attribute command_id acceptedCommandList[] = 65529;
+  readonly attribute event_id eventList[] = 65530;
+  readonly attribute attrib_id attributeList[] = 65531;
+  readonly attribute bitmap32 featureMap = 65532;
+  readonly attribute int16u clusterRevision = 65533;
+
+  request struct ProvisionEndpointRequest {
+    octet_string hostname = 0;
+    int16u port = 1;
+    int16u caid = 2;
+    nullable int16u ccdid = 3;
+    nullable int16u endpointID = 4;
+  }
+
+  response struct ProvisionEndpointResponse = 1 {
+    int16u endpointID = 0;
+  }
+
+  request struct FindEndpointRequest {
+    nullable int16u endpointID = 0;
+  }
+
+  response struct FindEndpointResponse = 3 {
+    TLSEndpointStruct endpoints[] = 0;
+  }
+
+  request struct RemoveEndpointRequest {
+    int16u endpointID = 0;
+  }
+
+  /** This command SHALL provision a TLS Endpoint for the provided HostName / Port combination. */
+  fabric command access(invoke: administer) ProvisionEndpoint(ProvisionEndpointRequest): ProvisionEndpointResponse = 0;
+  /** This command SHALL return the TLS Endpoint details for the passed in EndpointID, or all provisioned endpoints if null */
+  fabric command FindEndpoint(FindEndpointRequest): FindEndpointResponse = 2;
+  /** This command SHALL be generated to request the Node remove any TLS Endpoint. */
+  fabric command access(invoke: administer) RemoveEndpoint(RemoveEndpointRequest): DefaultSuccess = 4;
+}
+
 /** The Test Cluster is meant to validate the generated code */
 internal cluster UnitTesting = 4294048773 {
   revision 1; // NOTE: Default/not specifically set