1 package org.iotivity.cloud.accountserver.resources.acl.verify;
3 import java.util.ArrayList;
4 import java.util.Arrays;
5 import java.util.HashMap;
8 import org.iotivity.cloud.accountserver.Constants;
9 import org.iotivity.cloud.accountserver.db.AccountDBManager;
10 import org.iotivity.cloud.accountserver.db.AclTable;
11 import org.iotivity.cloud.accountserver.resources.acl.id.Ace;
12 import org.iotivity.cloud.accountserver.resources.acl.id.AceResource;
13 import org.iotivity.cloud.accountserver.resources.acl.id.Acl;
14 import org.iotivity.cloud.accountserver.util.TypeCastingManager;
15 import org.iotivity.cloud.base.device.Device;
16 import org.iotivity.cloud.base.exception.ServerException;
17 import org.iotivity.cloud.base.exception.ServerException.BadRequestException;
18 import org.iotivity.cloud.base.exception.ServerException.PreconditionFailedException;
19 import org.iotivity.cloud.base.protocols.IRequest;
20 import org.iotivity.cloud.base.protocols.IResponse;
21 import org.iotivity.cloud.base.protocols.MessageBuilder;
22 import org.iotivity.cloud.base.protocols.enums.ContentFormat;
23 import org.iotivity.cloud.base.protocols.enums.ResponseStatus;
24 import org.iotivity.cloud.base.resource.Resource;
25 import org.iotivity.cloud.util.Cbor;
27 public class AclVerifyResource extends Resource {
29 private Cbor<HashMap<String, Object>> mCbor = new Cbor<>();
31 public AclVerifyResource() {
32 super(Arrays.asList(Constants.PREFIX_OIC, Constants.ACL_URI,
33 Constants.VERIFY_URI));
37 public void onDefaultRequestReceived(Device srcDevice, IRequest request)
38 throws ServerException {
40 IResponse response = null;
42 switch (request.getMethod()) {
44 response = handleGetRequest(request);
47 throw new BadRequestException(request.getMethod()
48 + " request type is not supported");
51 srcDevice.sendResponse(response);
54 private boolean checkPermission(int permissionValue, String rme)
55 throws ServerException {
56 Permission per = null;
58 if (rme.equals("get")) {
59 per = Permission.Read;
60 } else if (rme.equals("post")) {
61 per = Permission.Update;
62 } else if (rme.equals("delete")) {
63 per = Permission.Delete;
66 rm_value = per.getValue();
69 return ((permissionValue & rm_value) == rm_value);
72 private boolean checkResourceUri(List<AceResource> aceResources, String uri)
73 throws ServerException {
74 for (AceResource aceResource : aceResources) {
75 if (aceResource.getHref().equals(uri)) {
82 private boolean verifyAcl(String sid, String di, String rm, String uri)
83 throws ServerException {
85 HashMap<String, Object> condition = new HashMap<>();
86 condition.put(Constants.KEYFIELD_DI, di);
88 // Query AclTable with condition deviceId(di)
89 ArrayList<HashMap<String, Object>> aclResult = AccountDBManager
90 .getInstance().selectRecord(Constants.ACL_TABLE, condition);
92 // if aclResult size is zero then (di) does not exist
93 if (aclResult == null || aclResult.size() == 0) {
97 for (HashMap<String, Object> eachAclMap : aclResult) {
99 AclTable aclTable = Acl.convertMaptoAclObject(eachAclMap);
100 if (aclTable.getAclist() == null) {
103 for (Ace ace : aclTable.getAclist()) {
104 if (ace.getSubjectuuid().equals(sid)) {
105 // check permission matches
106 if (checkPermission(ace.getPermission(), rm.toLowerCase())) {
107 // check resource uri matches
108 if (checkResourceUri(ace.getResources(), uri)) {
118 private IResponse handleGetRequest(IRequest request) throws ServerException {
125 if (getUriPathSegments().containsAll(request.getUriPathSegments())) {
126 sid = request.getUriQueryMap().get(Constants.REQ_SEARCH_USER_ID)
128 di = request.getUriQueryMap().get(Constants.REQ_DEVICE_ID).get(0);
129 rm = request.getUriQueryMap().get(Constants.REQ_REQUEST_METHOD)
131 uri = request.getUriQueryMap().get(Constants.REQ_REQUEST_URI)
134 throw new BadRequestException("uriPath is invalid");
137 HashMap<String, Object> responsePayload = new HashMap<>();
138 if (verifyAcl(sid, di, rm, uri)) {
139 responsePayload.put("gp", Constants.RESP_ACL_ALLOWED);
141 responsePayload.put("gp", Constants.RESP_ACL_DENIED);
144 return MessageBuilder.createResponse(request, ResponseStatus.CONTENT,
145 ContentFormat.APPLICATION_CBOR,
146 mCbor.encodingPayloadToCbor(responsePayload));