/** * @license * Copyright 2025-2026 Open Home Foundation * SPDX-License-Identifier: Apache-2.0 */ import { Bytes, Crypto, StorageContext, StorageManager } from "@matter/main"; import { CertificateAuthority } from "@matter/main/protocol"; /** * Fabric configuration data extracted from chip.json. * This is a partial representation of Fabric.SyncConfig from @matter/protocol. * * IMPORTANT: The controller's operational keypair is NOT available in chip.json. * * The Python CHIP SDK intentionally does not persist the operational private key to chip.json. * When pychip_OpCreds_AllocateController is called without a keypair parameter, it generates * an ephemeral P256 keypair, creates a NOC for it, but only stores the keypair in memory * (see FabricTable.cpp:190 - "Operational Key is never saved to storage here"). * * This means when migrating from Python Matter Server to matter.js: * - The RCAC and ICAC can be reused (they define the fabric's CA chain) * - The NOC must be REPLACED with a new one signed for a new keypair * - A new operational keypair must be generated for the matter.js controller * - The IPK and other fabric data can be preserved * * The ExampleOpCredsCAKey1/ICAKey1 in chip.json are the CA/ICA signing keys (for issuing * certificates to devices), NOT the controller's operational identity key. * * Fields that need to be computed or provided when creating the Fabric: * - keyPair: Must generate a new keypair and issue a new NOC * - globalId: Computed from fabricId + rootPublicKey * - operationalIdentityProtectionKey: Computed from identityProtectionKey + globalId */ export interface LegacyFabricConfigData { /** Fabric index (1, 2, etc.) */ fabricIndex: number; /** Fabric ID from NOC certificate (can be number for small values, bigint for large) */ fabricId: number | bigint; /** Node ID from NOC certificate (can be number for small values, bigint for large) */ nodeId: number | bigint; /** Root node ID from RCAC certificate (can be number for small values, bigint for large) */ rootNodeId: number | bigint; /** Root vendor ID from fabric metadata */ rootVendorId: number; /** Root CA certificate (RCAC) as TLV bytes */ rootCert: Bytes; /** Root CA public key extracted from RCAC */ rootPublicKey: Bytes; /** Identity Protection Key from group key set 0 */ identityProtectionKey: Bytes; /** Intermediate CA certificate (ICAC) as TLV bytes, if present */ intermediateCACert?: Bytes; /** Node Operational Certificate (NOC) as TLV bytes */ operationalCert: Bytes; /** Fabric label */ label: string; } /** Vendor info from Python Matter Server */ export interface LegacyVendorInfo { vendor_id: number; vendor_name: string; company_legal_name: string; company_preferred_name: string; vendor_landing_page_url: string; creator: string; } /** Node data from Python Matter Server nodes map */ export interface LegacyNodeData { node_id: number | bigint; date_commissioned: string; last_interview: string; interview_version: number; available: boolean; is_bridge: boolean; attributes: Record; attribute_subscriptions: readonly []; } /** Structure of the .json file */ export interface LegacyServerFile { vendor_info: Record; last_node_id: number | bigint; nodes: Record; } export type CertificateAuthorityConfiguration = CertificateAuthority.Configuration; export interface LegacyServerData { credentials?: CertificateAuthority.Configuration; fabric?: LegacyFabricConfigData; nodeData?: LegacyServerFile; vendorId: number; fabricId?: number | bigint; } export declare namespace LegacyDataInjector { function injectCredentials(credentialsStorage: StorageContext, fabricsStorage: StorageContext, crypto: Crypto, credentialData: CertificateAuthority.Configuration, fabricData?: LegacyFabricConfigData): Promise; function injectNodeData(baseStorage: StorageManager, nodeData?: LegacyServerFile, fabricIndex?: number): Promise; } //# sourceMappingURL=LegacyDataInjector.d.ts.map