implement List Pairings request

also keep track of admin permissions for users

note that those permissions aren't actually enforced yet

Author: ccutrer

CHANGES.md

@@ -1,3 +1,6 @@
+# HAP-Java 2.0.5
+* Implement List-Pairings method. Compatibility with new Home infrastructure from iOS 16.2?
+
 # HAP-Java 2.0.3
 * Avoid unnecessary forced disconnects. Library users should be updating the configuration index anyway.
 

src/main/java/io/github/hapjava/server/HomekitAuthInfo.java

@@ -3,6 +3,8 @@
 import io.github.hapjava.server.impl.HomekitServer;
 import io.github.hapjava.server.impl.crypto.HAPSetupCodeUtils;
 import java.math.BigInteger;
+import java.util.Collection;
+import java.util.List;
 
 /**
  * Authentication info that must be provided when constructing a new {@link HomekitServer}. You will
@@ -65,8 +67,23 @@ default String getSetupId() {
    * @param username the iOS device's username. The value will not be meaningful to anything but
    *     iOS.
    * @param publicKey the iOS device's public key.
+   * @param isAdmin if the user is an admin, authorized to and/remove other users
    */
-  void createUser(String username, byte[] publicKey);
+  default void createUser(String username, byte[] publicKey, boolean isAdmin) {
+    createUser(username, publicKey);
+  }
+
+  /**
+   * Deprecated method to add a user, assuming all users are admins.
+   *
+   * <p>At least one of the createUser methods must be implemented.
+   *
+   * @param username the iOS device's username.
+   * @param publicKey the iOS device's public key.
+   */
+  default void createUser(String username, byte[] publicKey) {
+    createUser(username, publicKey, true);
+  }
 
   /**
    * Called when an iOS device needs to remove an existing pairing. Subsequent calls to {@link
@@ -76,6 +93,15 @@ default String getSetupId() {
    */
   void removeUser(String username);
 
+  /**
+   * List all users which have been authenticated.
+   *
+   * @return the previously stored list of users.
+   */
+  default Collection<String> listUsers() {
+    return List.of();
+  }
+
   /**
    * Called when an already paired iOS device is re-connecting. The public key returned by this
    * method will be compared with the signature of the pair verification request to validate the
@@ -86,6 +112,16 @@ default String getSetupId() {
    */
   byte[] getUserPublicKey(String username);
 
+  /**
+   * Determine if the specified user is an admin.
+   *
+   * @param username the username of the iOS device to retrieve permissions for.
+   * @return the previously stored permissions.
+   */
+  default boolean userIsAdmin(String username) {
+    return true;
+  }
+
   /**
    * Called to check if a user has been created. The homekit accessory advertises whether the
    * accessory has already been paired. At this time, it's unclear whether multiple users can be

src/main/java/io/github/hapjava/server/impl/connections/HttpSession.java

@@ -67,7 +67,7 @@ public HttpResponse handleRequest(HttpRequest request) throws IOException {
 
   public HttpResponse handleAuthenticatedRequest(HttpRequest request) throws IOException {
     advertiser.setDiscoverable(
-        false); // brigde is already bound and should not be discoverable anymore
+        false); // bridge is already bound and should not be discoverable anymore
     try {
       switch (request.getUri()) {
         case "/accessories":

src/main/java/io/github/hapjava/server/impl/pairing/FinalPairHandler.java

@@ -65,7 +65,8 @@ private HttpResponse createUser(byte[] username, byte[] ltpk, byte[] proof) thro
     if (!new EdsaVerifier(ltpk).verify(completeData, proof)) {
       throw new Exception("Invalid signature");
     }
-    authInfo.createUser(authInfo.getMac() + new String(username, StandardCharsets.UTF_8), ltpk);
+    authInfo.createUser(
+        authInfo.getMac() + new String(username, StandardCharsets.UTF_8), ltpk, true);
     return createResponse();
   }
 

src/main/java/io/github/hapjava/server/impl/pairing/MessageType.java

@@ -9,7 +9,12 @@ public enum MessageType {
   ENCRYPTED_DATA(5),
   STATE(6),
   ERROR(7),
-  SIGNATURE(10);
+  SIGNATURE(0x0a),
+  PERMISSIONS(0x0b),
+  FRAGMENT_DATA(0x0c),
+  FRAGMENT_LAST(0x0d),
+  FLAGS(0x13),
+  SEPARATOR(0xff);
 
   private final short key;
 

src/main/java/io/github/hapjava/server/impl/pairing/PairingMethod.java

@@ -0,0 +1,24 @@
+package io.github.hapjava.server.impl.pairing;
+
+public enum PairingMethod {
+  PAIR_SETUP(0),
+  PAIR_SETUP_WITH_AUTH(1),
+  PAIR_VERIFY(2),
+  ADD_PAIRING(3),
+  REMOVE_PAIRING(4),
+  LIST_PAIRINGS(5);
+
+  private final byte value;
+
+  PairingMethod(byte value) {
+    this.value = value;
+  }
+
+  PairingMethod(int value) {
+    this.value = (byte) value;
+  }
+
+  public byte getValue() {
+    return value;
+  }
+}

src/main/java/io/github/hapjava/server/impl/pairing/PairingUpdateController.java

@@ -7,6 +7,8 @@
 import io.github.hapjava.server.impl.pairing.TypeLengthValueUtils.DecodeResult;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
+import java.util.Collection;
+import java.util.Iterator;
 
 public class PairingUpdateController {
 
@@ -22,19 +24,45 @@ public HttpResponse handle(HttpRequest request) throws IOException {
     DecodeResult d = TypeLengthValueUtils.decode(request.getBody());
 
     int method = d.getByte(MessageType.METHOD);
-    if (method == 3) { // Add pairing
+    if (method == PairingMethod.ADD_PAIRING.getValue()) {
       byte[] username = d.getBytes(MessageType.USERNAME);
       byte[] ltpk = d.getBytes(MessageType.PUBLIC_KEY);
-      authInfo.createUser(authInfo.getMac() + new String(username, StandardCharsets.UTF_8), ltpk);
-    } else if (method == 4) { // Remove pairing
+      byte permissions = d.getByte(MessageType.PERMISSIONS);
+      authInfo.createUser(
+          authInfo.getMac() + new String(username, StandardCharsets.UTF_8), ltpk, permissions == 1);
+    } else if (method == PairingMethod.REMOVE_PAIRING.getValue()) {
       byte[] username = d.getBytes(MessageType.USERNAME);
       authInfo.removeUser(authInfo.getMac() + new String(username, StandardCharsets.UTF_8));
       if (!authInfo.hasUser()) {
         advertiser.setDiscoverable(true);
       }
+    } else if (method == PairingMethod.LIST_PAIRINGS.getValue()) {
+      TypeLengthValueUtils.Encoder e = TypeLengthValueUtils.getEncoder();
+
+      Collection<String> usernames = authInfo.listUsers();
+      boolean first = true;
+      Iterator<String> iterator = usernames.iterator();
+      while (iterator.hasNext()) {
+        String username = iterator.next();
+        if (first) {
+          e.add(MessageType.STATE, (byte) 2);
+          first = false;
+        } else {
+          e.add(MessageType.SEPARATOR);
+        }
+        e.add(MessageType.USERNAME, username);
+        e.add(MessageType.PUBLIC_KEY, authInfo.getUserPublicKey(username));
+        e.add(MessageType.PERMISSIONS, (short) (authInfo.userIsAdmin(username) ? 1 : 0));
+      }
+      ;
+
+      return new PairingResponse(e.toByteArray());
     } else {
       throw new RuntimeException("Unrecognized method: " + method);
     }
-    return new PairingResponse(new byte[] {0x06, 0x01, 0x02});
+
+    TypeLengthValueUtils.Encoder e = TypeLengthValueUtils.getEncoder();
+    e.add(MessageType.STATE, (byte) 2);
+    return new PairingResponse(e.toByteArray());
   }
 }

src/main/java/io/github/hapjava/server/impl/pairing/TypeLengthValueUtils.java

@@ -5,6 +5,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
+import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -37,6 +38,11 @@ private Encoder() {
       baos = new ByteArrayOutputStream();
     }
 
+    public void add(MessageType type) {
+      baos.write(type.getKey());
+      baos.write(0);
+    }
+
     public void add(MessageType type, BigInteger i) throws IOException {
       add(type, ByteUtils.toByteArray(i));
     }
@@ -58,6 +64,10 @@ public void add(MessageType type, byte[] bytes) throws IOException {
       }
     }
 
+    public void add(MessageType type, String string) throws IOException {
+      add(type, string.getBytes(StandardCharsets.UTF_8));
+    }
+
     public byte[] toByteArray() {
       return baos.toByteArray();
     }