[border-agent] add api to disconnect from secure sessions (openthread…

…#10754)

include/openthread/border_agent.h

@@ -282,6 +282,19 @@ void otBorderAgentSetEphemeralKeyCallback(otInstance                       *aIns
                                           otBorderAgentEphemeralKeyCallback aCallback,
                                           void                             *aContext);
 
+/**
+ * Disconnects the Border Agent from any active secure sessions.
+ *
+ * If Border Agent is connected to a commissioner candidate with ephemeral key, calling this API
+ * will cause the ephemeral key to be cleared after the session is disconnected.
+ *
+ * The Border Agent state may not change immediately upon calling this method. The state will be
+ * updated when the connection update is notified with a delay.
+ *
+ * @param[in] aInstance    The OpenThread instance.
+ */
+void otBorderAgentDisconnect(otInstance *aInstance);
+
 /**
  * @}
  */

include/openthread/instance.h

@@ -52,7 +52,7 @@ extern "C" {
  *
  * @note This number versions both OpenThread platform and user APIs.
  */
-#define OPENTHREAD_API_VERSION (452)
+#define OPENTHREAD_API_VERSION (453)
 
 /**
  * @addtogroup api-instance

src/cli/README.md

@@ -373,6 +373,15 @@ Started
 Done
 ```
 
+### ba disconnect
+
+Disconnects border agent from any active secure sessions.
+
+```bash
+> ba disconnect
+Done
+```
+
 ### ba ephemeralkey
 
 Indicates if an ephemeral key is active.

src/cli/cli.cpp

@@ -411,6 +411,20 @@ template <> otError Interpreter::Process<Cmd("ba")>(Arg aArgs[])
 
         OutputLine("%s", Stringify(otBorderAgentGetState(GetInstancePtr()), kStateStrings));
     }
+    /**
+     * @cli ba disconnect
+     * @code
+     * ba disconnect
+     * Done
+     * @endcode
+     * @par
+     * Disconnects the Border Agent from any active secure sessions
+     * @sa otBorderAgentDisconnect
+     */
+    else if (aArgs[0] == "disconnect")
+    {
+        otBorderAgentDisconnect(GetInstancePtr());
+    }
 #if OPENTHREAD_CONFIG_BORDER_AGENT_ID_ENABLE
     /**
      * @cli ba id (get,set)

src/core/api/border_agent_api.cpp

@@ -115,4 +115,6 @@ const otBorderAgentCounters *otBorderAgentGetCounters(otInstance *aInstance)
     return AsCoreType(aInstance).Get<MeshCoP::BorderAgent>().GetCounters();
 }
 
+void otBorderAgentDisconnect(otInstance *aInstance) { AsCoreType(aInstance).Get<MeshCoP::BorderAgent>().Disconnect(); }
+
 #endif // OPENTHREAD_CONFIG_BORDER_AGENT_ENABLE

src/core/meshcop/border_agent.cpp

@@ -775,6 +775,16 @@ void BorderAgent::Stop(void)
     return;
 }
 
+void BorderAgent::Disconnect(void)
+{
+    VerifyOrExit(mState == kStateConnected || mState == kStateAccepted);
+
+    Get<Tmf::SecureAgent>().Disconnect();
+
+exit:
+    return;
+}
+
 #if OPENTHREAD_CONFIG_BORDER_AGENT_EPHEMERAL_KEY_ENABLE
 
 Error BorderAgent::SetEphemeralKey(const char *aKeyString, uint32_t aTimeout, uint16_t aUdpPort)

src/core/meshcop/border_agent.hpp

@@ -157,6 +157,17 @@ class BorderAgent : public InstanceLocator, private NonCopyable
      */
     State GetState(void) const { return mState; }
 
+    /**
+     * Disconnects the Border Agent from any active secure sessions.
+     *
+     * If Border Agent is connected to a commissioner candidate with ephemeral key, calling this API
+     * will cause the ephemeral key to be cleared after the session is disconnected.
+     *
+     * The Border Agent state may not change immediately upon calling this method, the state will be
+     * updated when the connection update is notified by `HandleConnected()`.
+     */
+    void Disconnect(void);
+
 #if OPENTHREAD_CONFIG_BORDER_AGENT_EPHEMERAL_KEY_ENABLE
     /**
      * Sets the ephemeral key for a given timeout duration.

tests/scripts/expect/cli-misc.exp

@@ -184,6 +184,9 @@ expect "Done"
 send "ba state\n"
 expect "Done"
 
+send "ba disconnect\n"
+expect "Done"
+
 send "prefix meshlocal fd00:dead:beef:cafe::/96\n"
 expect_line "Error 7: InvalidArgs"
 send "prefix meshlocal fd00:dead:beef:cafe::/64\n"