DBTDevice: Handle l2cap open/security within processNotifyConnected thread, spawn-off @ notifyLEFeatures, using LEFeatures::LE_Encryption

- Move set BT_SECURITY from DBTManager -> L2CAPComm.
  Notable: setBTSecurityLevel(level) shall happen _after_ l2cap open and connect!

- Performing l2cap handling after LE_REMOTE_USER_FEATURES allows us to turn-off security completely,
  if remote device does not support LE_Encryption.

2 files changed, 14 insertions, 11 deletions

diff --git a/api/direct_bt/DBTManager.hpp b/api/direct_bt/DBTManager.hpp
index 9f0878f6..dbbc7d0c 100644
--- a/api/direct_bt/DBTManager.hpp
+++ b/api/direct_bt/DBTManager.hpp
@@ -439,13 +439,6 @@ namespace direct_bt {
 
             /** Security commands */
 
-            /**
-             * Setting the BlueZ's L2CAP socket BT_SECURITY sec_level, determining the SMP security mode per connection!
-             * @param l2cap_att_socket
-             * @param sec_level BT_SECURITY_LOW, BT_SECURITY_MEDIUM, BT_SECURITY_HIGH or BT_SECURITY_FIPS
-             * @return true if successful, otherwise false
-             */
-            bool setL2CAPSecurity(int l2cap_att_socket, uint8_t sec_level);
             MgmtStatus uploadLinkKey(const uint16_t dev_id, const bool debug_keys, const MgmtLinkKey &key) noexcept;
             MgmtStatus uploadLongTermKey(const uint16_t dev_id, const MgmtLongTermKey &key) noexcept;
             MgmtStatus userPasskeyReply(const uint16_t dev_id, const EUI48 &address, const BDAddressType addressType, const uint32_t passkey) noexcept;
diff --git a/api/direct_bt/L2CAPComm.hpp b/api/direct_bt/L2CAPComm.hpp
index 438ba522..bcbaed51 100644
--- a/api/direct_bt/L2CAPComm.hpp
+++ b/api/direct_bt/L2CAPComm.hpp
@@ -159,24 +159,34 @@ namespace direct_bt {
              * <p>
              * BT Core Spec v5.2: Vol 3, Part A: L2CAP_CONNECTION_REQ
              * </p>
-             * @return true if already open or successfully opened the channel, otherwise false
+             *
+             * @param device the remote device to establish this L2CAP connection
+             * @return true if connection has been established, otherwise false
              */
             bool open(const DBTDevice& device);
 
             bool isOpen() const { return is_open; }
 
+            /** Closing the L2CAP channel, locking {@link #mutex_write()}. */
+            bool close() noexcept;
+
             /** Return this L2CAP socket descriptor. */
             inline int getSocketDescriptor() const noexcept { return socket_descriptor; }
 
             bool hasIOError() const { return has_ioerror; }
             std::string getStateString() const { return getStateString(is_open, has_ioerror); }
 
-            /** Closing the L2CAP channel, locking {@link #mutex_write()}. */
-            bool close() noexcept;
-
             /** Return the recursive write mutex for multithreading access. */
             std::recursive_mutex & mutex_write() { return mtx_write; }
 
+            /**
+             * If not 0, sets the BlueZ's L2CAP socket BT_SECURITY sec_level, determining the SMP security mode per connection.
+             *
+             * @param sec_level BT_SECURITY_LOW, BT_SECURITY_MEDIUM, BT_SECURITY_HIGH or BT_SECURITY_FIPS. 0 leads to not set security level.
+             * @return true if successful, otherwise false
+             */
+            bool setBTSecurityLevel(const uint8_t sec_level);
+
             /** Generic read, w/o locking suitable for a unique ringbuffer sink. Using L2CAPEnv::L2CAP_READER_POLL_TIMEOUT.*/
             jau::snsize_t read(uint8_t* buffer, const jau::nsize_t capacity);