Enc/Auth: Allow full PairingMode modulation via BTSecurityLevel and SMPIOCapability: Like force JUST_WORKS by BTSecurityLevel::ENC_ONLY or SMPIOCapability::NO_INPUT_NO_OUTPUT

To allow non-auth encryption mode, user _must_ set BTSecurityLevel, SMPIOCapability or both appropriately.
Otherwise BlueZ/Kernel will chose authenticated SMP negotiation.

- DBTDevice::setConnSecurityLevel(): Will adjust SMPIOCapability automatically, if not yet set

- DBTDevice::setConnIOCapability() and DBTDevice::setConnSecurity(): Perform plain setting

- DBTDevice::processL2CAPSetup(): Sets BTSecurityLevel appropriately either if no-auth SMPIOCapability::NO_INPUT_NO_OUTPUT is chosen,
                                  or based on LE_Enc feature bit and/or SC capability.

Using new HCI ENCRYPT_CHANGE and ENCRYPT_KEY_REFRESH_COMPLETE, for non-auth BTSecurityLevel::ENC_ONLY
endpoint to set SMPPairingState::PROCESS_COMPLETED + PairingMode::JUST_WORKS.
Note: In the non-auth legacy mode, the SMP (ACL.SMP) is not being used.

....

4 files changed, 142 insertions, 16 deletions

diff --git a/java/direct_bt/tinyb/DBTDevice.java b/java/direct_bt/tinyb/DBTDevice.java
index 425472ac..2895f123 100644
--- a/java/direct_bt/tinyb/DBTDevice.java
+++ b/java/direct_bt/tinyb/DBTDevice.java
@@ -47,6 +47,7 @@ import org.tinyb.EIRDataTypeSet;
 import org.tinyb.GATTCharacteristicListener;
 import org.tinyb.HCIStatusCode;
 import org.tinyb.PairingMode;
+import org.tinyb.SMPIOCapability;
 import org.tinyb.SMPPairingState;
 
 public class DBTDevice extends DBTObject implements BluetoothDevice
@@ -334,16 +335,34 @@ public class DBTDevice extends DBTObject implements BluetoothDevice
     }
 
     @Override
-    public final void setSecurityLevel(final BTSecurityLevel sec_level) {
-        setSecurityLevelImpl(sec_level.value);
+    public final boolean  setConnSecurityLevel(final BTSecurityLevel sec_level, final boolean blocking) {
+        return setConnSecurityLevelImpl(sec_level.value, blocking);
     }
-    private final native void setSecurityLevelImpl(final byte sec_level);
+    private final native boolean setConnSecurityLevelImpl(final byte sec_level, final boolean blocking);
 
     @Override
-    public final BTSecurityLevel getCurrentSecurityLevel() {
-        return BTSecurityLevel.get( getCurrentSecurityLevelImpl() );
+    public final BTSecurityLevel getConnSecurityLevel() {
+        return BTSecurityLevel.get( getConnSecurityLevelImpl() );
     }
-    private final native byte getCurrentSecurityLevelImpl();
+    private final native byte getConnSecurityLevelImpl();
+
+    @Override
+    public final boolean setConnIOCapability(final SMPIOCapability io_cap, final boolean blocking) {
+        return setConnIOCapabilityImpl(io_cap.value, blocking);
+    }
+    private final native boolean setConnIOCapabilityImpl(final byte io_cap, final boolean blocking);
+
+    @Override
+    public final boolean setConnSecurity(final BTSecurityLevel sec_level, final SMPIOCapability io_cap, final boolean blocking) {
+        return setConnSecurityImpl(sec_level.value, io_cap.value, blocking);
+    }
+    private final native boolean setConnSecurityImpl(final byte sec_level, final byte io_cap, final boolean blocking);
+
+    @Override
+    public final SMPIOCapability getConnIOCapability() {
+        return SMPIOCapability.get( getConnIOCapabilityImpl() );
+    }
+    private final native byte getConnIOCapabilityImpl();
 
     @Override
     public HCIStatusCode setPairingPasskey(final int passkey) {
diff --git a/java/jni/direct_bt/DBTDevice.cxx b/java/jni/direct_bt/DBTDevice.cxx
index d691f4bb..ec4e6676 100644
--- a/java/jni/direct_bt/DBTDevice.cxx
+++ b/java/jni/direct_bt/DBTDevice.cxx
@@ -379,29 +379,68 @@ jbyte Java_direct_1bt_tinyb_DBTDevice_connectLEImpl1(JNIEnv *env, jobject obj,
 }
 
 
-void Java_direct_1bt_tinyb_DBTDevice_setSecurityLevelImpl(JNIEnv *env, jobject obj, jbyte jsec_level) {
+jboolean Java_direct_1bt_tinyb_DBTDevice_setConnSecurityLevelImpl(JNIEnv *env, jobject obj, jbyte jsec_level, jboolean jblocking) {
     try {
         DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
         JavaGlobalObj::check(device->getJavaObject(), E_FILE_LINE);
 
-        device->setSecurityLevel( getBTSecurityLevel( static_cast<uint8_t>(jsec_level) ) );
+        return device->setConnSecurityLevel( getBTSecurityLevel( static_cast<uint8_t>(jsec_level) ), JNI_TRUE == jblocking );
     } catch(...) {
         rethrow_and_raise_java_exception(env);
     }
+    return JNI_FALSE;
 }
 
-jbyte Java_direct_1bt_tinyb_DBTDevice_getCurrentSecurityLevelImpl(JNIEnv *env, jobject obj) {
+jbyte Java_direct_1bt_tinyb_DBTDevice_getConnSecurityLevelImpl(JNIEnv *env, jobject obj) {
     try {
         DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
         JavaGlobalObj::check(device->getJavaObject(), E_FILE_LINE);
 
-        return number( device->getCurrentSecurityLevel() );
+        return number( device->getConnSecurityLevel() );
     } catch(...) {
         rethrow_and_raise_java_exception(env);
     }
     return number( BTSecurityLevel::UNSET );
 }
 
+jboolean Java_direct_1bt_tinyb_DBTDevice_setConnIOCapabilityImpl(JNIEnv *env, jobject obj, jbyte jio_cap, jboolean jblocking) {
+    try {
+        DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
+        JavaGlobalObj::check(device->getJavaObject(), E_FILE_LINE);
+
+        return device->setConnIOCapability( getSMPIOCapability( static_cast<uint8_t>(jio_cap) ), JNI_TRUE == jblocking );
+    } catch(...) {
+        rethrow_and_raise_java_exception(env);
+    }
+    return JNI_FALSE;
+}
+
+jboolean Java_direct_1bt_tinyb_DBTDevice_setConnSecurityImpl(JNIEnv *env, jobject obj, jbyte jsec_level, jbyte jio_cap, jboolean jblocking) {
+    try {
+        DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
+        JavaGlobalObj::check(device->getJavaObject(), E_FILE_LINE);
+
+        return device->setConnSecurity( getBTSecurityLevel( static_cast<uint8_t>(jsec_level) ),
+                                        getSMPIOCapability( static_cast<uint8_t>(jio_cap) ),
+                                        JNI_TRUE == jblocking );
+    } catch(...) {
+        rethrow_and_raise_java_exception(env);
+    }
+    return JNI_FALSE;
+}
+
+jbyte Java_direct_1bt_tinyb_DBTDevice_getConnIOCapabilityImpl(JNIEnv *env, jobject obj) {
+    try {
+        DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
+        JavaGlobalObj::check(device->getJavaObject(), E_FILE_LINE);
+
+        return number( device->getConnIOCapability() );
+    } catch(...) {
+        rethrow_and_raise_java_exception(env);
+    }
+    return number( SMPIOCapability::UNSET );
+}
+
 jbyte Java_direct_1bt_tinyb_DBTDevice_getPairingModeImpl(JNIEnv *env, jobject obj) {
     try {
         DBTDevice *device = getJavaUplinkObject<DBTDevice>(env, obj);
diff --git a/java/org/tinyb/BluetoothDevice.java b/java/org/tinyb/BluetoothDevice.java
index 34b3ea93..53355a51 100644
--- a/java/org/tinyb/BluetoothDevice.java
+++ b/java/org/tinyb/BluetoothDevice.java
@@ -194,18 +194,76 @@ public interface BluetoothDevice extends BluetoothObject
     boolean pair() throws BluetoothException;
 
     /**
-     * Set the overriding security level used at device connection.
+     * Set the {@link BTSecurityLevel} used to connect to this device.
+     * <p>
+     * Method returns false if this device has already being connected,
+     * or {@link #connectLE(short, short, short, short, short, short) connectLE} or {@link #connect()} has been issued already.
+     * </p>
+     * <p>
+     * To ensure consistent no authentication setup,<br>
+     * implementation will set {@link SMPIOCapability#NO_INPUT_NO_OUTPUT} if sec_level <= {@link BTSecurityLevel#ENC_ONLY}<br>
+     * and {@link #setConnIOCapability(SMPIOCapability, boolean)} not used.
+     * </p>
+     * @param sec_level {@link BTSecurityLevel} to be applied
+     * @param blocking if true, blocks until previous {@link SMPIOCapability} setting is completed,
+     *        i.e. until connection has been completed or failed.
+     *        Otherwise returns immediately with false if previous connection result is still pending.
+     * @return
+     * @since 2.1.0
+     * @implNote not implemented in tinyb.dbus
+     */
+    boolean setConnSecurityLevel(final BTSecurityLevel sec_level, boolean blocking);
+
+    /**
+     * Return the {@link BTSecurityLevel}, determined when connection is established.
+     * @since 2.1.0
+     * @implNote not implemented in tinyb.dbus
+     */
+    BTSecurityLevel getConnSecurityLevel();
+
+    /**
+     * Sets the given {@link SMPIOCapability} used to connect to this device.
+     * <p>
+     * Method returns false if operation fails, this device has already being connected,
+     * or {@link #connectLE(short, short, short, short, short, short) connectLE} or {@link #connect()} has been issued already.
+     * </p>
+     * <p>
+     * The {@link SMPIOCapability} value will be reset to its previous value when connection is completed or failed.
+     * </p>
+     * @param io_cap {@link SMPIOCapability} to be applied
+     * @param blocking if true, blocks until previous {@link SMPIOCapability} setting is completed,
+     *        i.e. until connection has been completed or failed.
+     *        Otherwise returns immediately with false if previous connection result is still pending.
+     * @since 2.1.0
+     * @implNote not implemented in tinyb.dbus
+     */
+    boolean setConnIOCapability(final SMPIOCapability io_cap, final boolean blocking);
+
+    /**
+     * Sets the given {@link BTSecurityLevel} and {@link SMPIOCapability} used to connect to this device.
+     * <p>
+     * Method returns false if operation fails, this device has already being connected,
+     * or {@link #connectLE(short, short, short, short, short, short) connectLE} or {@link #connect()} has been issued already.
+     * </p>
+     * <p>
+     * The {@link SMPIOCapability} value will be reset to its previous value when connection is completed or failed.
+     * </p>
+     * @param sec_level {@link BTSecurityLevel} to be applied
+     * @param io_cap {@link SMPIOCapability} to be applied
+     * @param blocking if true, blocks until previous {@link SMPIOCapability} setting is completed,
+     *        i.e. until connection has been completed or failed.
+     *        Otherwise returns immediately with false if previous connection result is still pending.
      * @since 2.1.0
      * @implNote not implemented in tinyb.dbus
      */
-    void setSecurityLevel(final BTSecurityLevel sec_level);
+    boolean setConnSecurity(final BTSecurityLevel sec_level, final SMPIOCapability io_cap, final boolean blocking);
 
     /**
-     * Return the currently set security level.
+     * Return the {@link SMPIOCapability} value, determined when connection is established.
      * @since 2.1.0
      * @implNote not implemented in tinyb.dbus
      */
-    BTSecurityLevel getCurrentSecurityLevel();
+    SMPIOCapability getConnIOCapability();
 
     /**
      * Method sets the given passkey entry, see {@link PairingMode#PASSKEY_ENTRY_ini}.
diff --git a/java/tinyb/dbus/DBusDevice.java b/java/tinyb/dbus/DBusDevice.java
index e3ade052..526abe62 100644
--- a/java/tinyb/dbus/DBusDevice.java
+++ b/java/tinyb/dbus/DBusDevice.java
@@ -45,6 +45,7 @@ import org.tinyb.BluetoothUtils;
 import org.tinyb.GATTCharacteristicListener;
 import org.tinyb.HCIStatusCode;
 import org.tinyb.PairingMode;
+import org.tinyb.SMPIOCapability;
 import org.tinyb.SMPPairingState;
 
 public class DBusDevice extends DBusObject implements BluetoothDevice
@@ -109,10 +110,19 @@ public class DBusDevice extends DBusObject implements BluetoothDevice
     public native boolean pair() throws BluetoothException;
 
     @Override
-    public final void setSecurityLevel(final BTSecurityLevel sec_level) { } // FIXME
+    public final boolean setConnSecurityLevel(final BTSecurityLevel sec_level, final boolean blocking) { return false; } // FIXME
 
     @Override
-    public final BTSecurityLevel getCurrentSecurityLevel() { return BTSecurityLevel.UNSET; } // FIXME
+    public final BTSecurityLevel getConnSecurityLevel() { return BTSecurityLevel.UNSET; } // FIXME
+
+    @Override
+    public final boolean setConnIOCapability(final SMPIOCapability io_cap, final boolean blocking) { return false; } // FIXME
+
+    @Override
+    public final boolean setConnSecurity(final BTSecurityLevel sec_level, final SMPIOCapability io_cap, final boolean blocking) { return false; } // FIXME
+
+    @Override
+    public final SMPIOCapability getConnIOCapability() { return SMPIOCapability.UNSET; } // FIXME
 
     @Override
     public HCIStatusCode setPairingPasskey(final int passkey) { return HCIStatusCode.INTERNAL_FAILURE; }