1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "iotivity_config.h"
24 #elif defined(HAVE_STRINGS_H)
32 #include "ocserverrequest.h"
33 #include "oic_malloc.h"
34 #include "oic_string.h"
36 #include "ocpayload.h"
38 #include "payload_logging.h"
39 #include "srmresourcestrings.h"
40 #include "aclresource.h"
41 #include "doxmresource.h"
42 #include "resourcemanager.h"
43 #include "srmutility.h"
44 #include "psinterface.h"
45 #include "ocpayloadcbor.h"
47 #include "security_internals.h"
50 #define NUMBER_OF_SEC_PROV_RSCS 4
51 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
52 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
54 static const uint8_t ACL_MAP_SIZE = 4;
55 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
56 static const uint8_t ACL_ACES_MAP_SIZE = 3;
57 static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
60 // CborSize is the default cbor payload size being used.
61 static const uint16_t CBOR_SIZE = 2048;
63 static OicSecAcl_t *gAcl = NULL;
64 static OCResourceHandle gAclHandle = NULL;
66 void FreeRsrc(OicSecRsrc_t *rsrc)
68 //Clean each member of resource
72 if(0 < rsrc->typeLen && rsrc->types)
74 for(size_t i = 0; i < rsrc->typeLen; i++)
76 OICFree(rsrc->types[i]);
82 if(0 < rsrc->interfaceLen && rsrc->interfaces)
84 for(size_t i = 0; i < rsrc->interfaceLen; i++)
86 OICFree(rsrc->interfaces[i]);
88 OICFree(rsrc->interfaces);
89 rsrc->interfaces = NULL;
96 * This function frees OicSecAcl_t object's fields and object itself.
98 static void FreeACE(OicSecAce_t *ace)
102 OIC_LOG(ERROR, TAG, "Invalid Parameter");
107 OicSecRsrc_t* rsrc = NULL;
108 OicSecRsrc_t* tmpRsrc = NULL;
109 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
111 LL_DELETE(ace->resources, rsrc);
116 OicSecValidity_t *validity = NULL;
117 OicSecValidity_t *tmpValidity = NULL;
118 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
120 LL_DELETE(ace->validities, validity);
123 OICFree(validity->period);
126 for(size_t i = 0; i < validity->recurrenceLen; i++)
128 OICFree(validity->recurrences[i]);
130 OICFree(validity->recurrences);
140 void DeleteACLList(OicSecAcl_t* acl)
144 OicSecAce_t *ace = NULL;
145 OicSecAce_t *tmpAce = NULL;
146 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
148 LL_DELETE(acl->aces, ace);
156 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
158 OicSecAce_t* newAce = NULL;
159 size_t allocateSize = 0;
163 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
164 VERIFY_NON_NULL(TAG, newAce, ERROR);
167 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
169 OicSecRsrc_t* rsrc = NULL;
170 LL_FOREACH(ace->resources, rsrc)
172 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
173 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
174 LL_APPEND(newAce->resources, newRsrc);
177 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
178 allocateSize = strlen(rsrc->href) + 1;
179 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
180 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
181 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
185 allocateSize = strlen(rsrc->rel) + 1;
186 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
187 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
188 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
191 if(rsrc->types && 0 < rsrc->typeLen)
193 newRsrc->typeLen = rsrc->typeLen;
194 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
195 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
196 for(size_t i = 0; i < rsrc->typeLen; i++)
198 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
199 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
203 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
205 newRsrc->interfaceLen = rsrc->interfaceLen;
206 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
207 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
208 for(size_t i = 0; i < rsrc->interfaceLen; i++)
210 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
211 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
217 newAce->permission = ace->permission;
222 OicSecValidity_t* validity = NULL;
223 LL_FOREACH(ace->validities, validity)
225 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
226 VERIFY_NON_NULL(TAG, newValidity, ERROR);
227 LL_APPEND(newAce->validities, newValidity);
231 allocateSize = strlen(validity->period) + 1;
232 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
233 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
234 OICStrcpy(newValidity->period, allocateSize, validity->period);
237 if(validity->recurrences && 0 < validity->recurrenceLen)
239 newValidity->recurrenceLen = validity->recurrenceLen;
241 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
242 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
244 for(size_t i = 0; i < validity->recurrenceLen; i++)
246 allocateSize = strlen(validity->recurrences[i]) + 1;
247 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
248 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
249 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
265 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
271 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
281 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
283 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
285 return OC_STACK_INVALID_PARAM;
288 OCStackResult ret = OC_STACK_ERROR;
289 CborError cborEncoderResult = CborNoError;
290 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
291 OicSecAce_t* ace = NULL;
294 CborEncoder aclListMap;
295 CborEncoder acesArray;
296 uint8_t *outPayload = NULL;
297 size_t cborLen = *size;
306 outPayload = (uint8_t *)OICCalloc(1, cborLen);
307 VERIFY_NON_NULL(TAG, outPayload, ERROR);
308 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
310 // Create ACL Map (aclist, rownerid)
311 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
312 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
314 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
315 strlen(OIC_JSON_ACLIST_NAME));
316 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
318 // Create ACLIST Map (aces)
319 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
322 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
323 strlen(OIC_JSON_ACES_NAME));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
327 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
328 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
331 LL_FOREACH (acl->aces, ace)
333 CborEncoder oicSecAclMap;
334 // ACL Map size - Number of mandatory items
335 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
338 OicSecValidity_t* validityElts = ace->validities;
341 if(validityElts->period)
345 if(validityElts->recurrences)
351 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
352 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
354 // Subject -- Mandatory
355 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
356 strlen(OIC_JSON_SUBJECTID_NAME));
357 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
358 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
359 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
360 if(inLen == WILDCARD_SUBJECT_ID_LEN)
362 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
363 strlen(WILDCARD_RESOURCE_URI));
364 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
368 char *subject = NULL;
369 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
370 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
371 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
372 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
378 CborEncoder resources;
379 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
380 strlen(OIC_JSON_RESOURCES_NAME));
381 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
384 OicSecRsrc_t* rsrcElts = NULL;
385 LL_FOREACH(ace->resources, rsrcElts)
390 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
391 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
393 OicSecRsrc_t* rsrc = NULL;
394 LL_FOREACH(ace->resources, rsrc)
398 size_t rsrcMapSize = ACL_RESOURCE_MAP_SIZE;
404 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
405 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
408 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
409 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
410 strlen(OIC_JSON_HREF_NAME));
411 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
412 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
413 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
415 //resource type -- Mandatory
416 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
417 strlen(OIC_JSON_RT_NAME));
418 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
420 CborEncoder resourceTypes;
421 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
422 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
423 for(size_t i = 0; i < rsrc->typeLen; i++)
425 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
426 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
428 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
431 //interface -- Mandatory
432 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
433 strlen(OIC_JSON_IF_NAME));
434 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
436 CborEncoder interfaces;
437 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
438 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
439 for(size_t i = 0; i < rsrc->interfaceLen; i++)
441 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
442 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
444 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
445 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
450 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
451 strlen(OIC_JSON_REL_NAME));
452 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
453 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
454 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
457 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
458 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
460 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
461 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
464 // Permissions -- Mandatory
465 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
466 strlen(OIC_JSON_PERMISSION_NAME));
467 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
468 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
469 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
471 // TODO: Need to verfication for validity
472 // Validity(Time-interval) -- Not Mandatory
475 size_t validityLen = 0;
477 LL_FOREACH(ace->validities, validityElts)
482 CborEncoder validities;
483 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
484 strlen(OIC_JSON_VALIDITY_NAME));
485 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
486 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
487 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
489 //How to add the value w/o "title" using tinycobr...? :(
492 LL_FOREACH(ace->validities, validityElts)
494 CborEncoder validity;
495 size_t validitySize = 0;
496 if(validityElts->period)
500 if(validityElts->recurrences)
505 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
506 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
509 if (validityElts->period)
511 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
512 strlen(validityElts->period));
513 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
517 if (validityElts->recurrences)
519 CborEncoder recurrences;
520 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
521 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
523 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
525 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
526 strlen(validityElts->recurrences[i]));
527 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
529 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
533 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
534 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
537 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
538 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
541 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
542 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
546 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
547 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
550 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
551 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
556 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
557 strlen(OIC_JSON_ROWNERID_NAME));
558 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
559 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
560 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
561 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
562 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
568 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
569 strlen(OIC_JSON_RT_NAME));
570 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
571 cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
573 for (size_t i = 0; i < 1; i++)
575 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
576 strlen(OIC_RSRC_TYPE_SEC_ACL));
577 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
579 cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
580 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
584 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
585 strlen(OIC_JSON_IF_NAME));
586 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
587 cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
588 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
589 for (size_t i = 0; i < 1; i++)
591 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
592 strlen(OC_RSRVD_INTERFACE_DEFAULT));
593 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
595 cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
596 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
599 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
600 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
602 if (CborNoError == cborEncoderResult)
604 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
605 *size = encoder.ptr - outPayload;
606 *payload = outPayload;
610 if (CborErrorOutOfMemory == cborEncoderResult)
612 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
614 // reallocate and try again!
616 // Since the allocated initial memory failed, double the memory.
617 cborLen += encoder.ptr - encoder.end;
618 cborEncoderResult = CborNoError;
619 ret = AclToCBORPayload(secAcl, payload, &cborLen);
622 else if (cborEncoderResult != CborNoError)
624 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
629 ret = OC_STACK_ERROR;
635 // This function converts CBOR format to ACL data.
636 // Caller needs to invoke 'free' when done using
637 // It parses { "aclist" : [ { ... } ] } instead of { "aclist" : { "aces" : [ ] } }
638 OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size)
640 if (NULL == cborPayload || 0 == size)
644 OCStackResult ret = OC_STACK_ERROR;
645 CborValue aclCbor = { .parser = NULL };
646 CborParser parser = { .end = NULL };
647 CborError cborFindResult = CborNoError;
648 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
650 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
653 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
654 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
655 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
657 while (cbor_value_is_valid(&aclMap))
659 char* tagName = NULL;
661 CborType type = cbor_value_get_type(&aclMap);
662 if (type == CborTextStringType)
664 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
665 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
666 cborFindResult = cbor_value_advance(&aclMap);
667 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
671 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
674 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
675 cborFindResult = cbor_value_enter_container(&aclMap, &acesArray);
676 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
679 while (cbor_value_is_valid(&acesArray))
682 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
683 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
684 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
686 OicSecAce_t *ace = NULL;
687 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
688 VERIFY_NON_NULL(TAG, ace, ERROR);
689 LL_APPEND(acl->aces, ace);
691 VERIFY_NON_NULL(TAG, acl, ERROR);
693 while (cbor_value_is_valid(&aceMap))
697 CborType type = cbor_value_get_type(&aceMap);
698 if (type == CborTextStringType)
700 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
701 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
702 cborFindResult = cbor_value_advance(&aceMap);
703 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
707 // Subject -- Mandatory
708 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
710 char *subject = NULL;
711 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
712 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
713 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
715 ace->subjectuuid.id[0] = '*';
719 OIC_LOG_V(DEBUG, TAG, "Converting subjectuuid = %s to uuid...", subject);
720 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
721 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
726 // Resources -- Mandatory
727 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
729 CborValue resources = { .parser = NULL };
730 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
731 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
733 while (cbor_value_is_valid(&resources))
736 CborValue rMap = { .parser = NULL };
737 cborFindResult = cbor_value_enter_container(&resources, &rMap);
738 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
740 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
741 VERIFY_NON_NULL(TAG, rsrc, ERROR);
742 LL_APPEND(ace->resources, rsrc);
744 while(cbor_value_is_valid(&rMap))
746 char *rMapName = NULL;
747 size_t rMapNameLen = 0;
748 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
749 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
750 cborFindResult = cbor_value_advance(&rMap);
751 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
754 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
756 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
757 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
761 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
763 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
764 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
765 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
767 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
768 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
770 CborValue resourceTypes;
771 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
772 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
774 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
777 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
778 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
779 cborFindResult = cbor_value_advance(&resourceTypes);
780 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
785 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
787 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
788 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
789 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
791 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
792 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
794 CborValue interfaces;
795 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
796 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
798 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
801 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
802 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
803 cborFindResult = cbor_value_advance(&interfaces);
804 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
809 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
811 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
812 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
815 if (cbor_value_is_valid(&rMap))
817 cborFindResult = cbor_value_advance(&rMap);
818 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
823 if (cbor_value_is_valid(&resources))
825 cborFindResult = cbor_value_advance(&resources);
826 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
831 // Permissions -- Mandatory
832 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
835 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
836 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
837 ace->permission = (uint16_t)tmp64;
840 // TODO: Need to verfication for validity
841 // Validity -- Not mandatory
842 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
844 CborValue validitiesMap = {.parser = NULL};
845 size_t validitySize = 0;
847 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
848 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
850 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
851 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
853 while(cbor_value_is_valid(&validitiesMap))
855 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
856 VERIFY_NON_NULL(TAG, validity, ERROR);
857 LL_APPEND(ace->validities, validity);
859 CborValue validityMap = {.parser = NULL};
861 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
862 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
865 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
866 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
868 //recurrence (string array)
869 CborValue recurrenceMap = {.parser = NULL};
870 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
871 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
873 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
874 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
876 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
877 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
879 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
881 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
882 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
884 cborFindResult = cbor_value_advance(&recurrenceMap);
885 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
888 cborFindResult = cbor_value_advance(&validitiesMap);
889 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
895 if (type != CborMapType && cbor_value_is_valid(&aceMap))
897 cborFindResult = cbor_value_advance(&aceMap);
898 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
902 if (cbor_value_is_valid(&acesArray))
904 cborFindResult = cbor_value_advance(&acesArray);
905 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
910 //rownerID -- Mandatory
911 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
913 char *stRowner = NULL;
914 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
915 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
916 OIC_LOG_V(DEBUG, TAG, "Converting rownerid = %s to uuid...", stRowner);
917 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
918 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
923 if (cbor_value_is_valid(&aclMap))
925 cborFindResult = cbor_value_advance(&aclMap);
926 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
931 if (cborFindResult != CborNoError)
933 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
941 // This function converts CBOR format to ACL data.
942 // Caller needs to invoke 'free' when done using
943 // note: This function is used in unit test hence not declared static,
944 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
946 if (NULL == cborPayload || 0 == size)
950 OCStackResult ret = OC_STACK_ERROR;
951 CborValue aclCbor = { .parser = NULL };
952 CborParser parser = { .end = NULL };
953 CborError cborFindResult = CborNoError;
954 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
956 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
959 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
960 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
961 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
963 while (cbor_value_is_valid(&aclMap))
965 char* tagName = NULL;
967 CborType type = cbor_value_get_type(&aclMap);
968 if (type == CborTextStringType)
970 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
971 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
972 cborFindResult = cbor_value_advance(&aclMap);
973 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
977 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
980 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
981 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
982 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
985 while (cbor_value_is_valid(&aclistMap))
989 CborType acType = cbor_value_get_type(&aclistMap);
990 if (acType == CborTextStringType)
992 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
993 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
994 cborFindResult = cbor_value_advance(&aclistMap);
995 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
1000 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
1003 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1004 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
1005 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
1008 while (cbor_value_is_valid(&acesArray))
1011 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1012 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
1013 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
1015 OicSecAce_t *ace = NULL;
1016 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1017 VERIFY_NON_NULL(TAG, ace, ERROR);
1018 LL_APPEND(acl->aces, ace);
1020 VERIFY_NON_NULL(TAG, acl, ERROR);
1022 while (cbor_value_is_valid(&aceMap))
1026 CborType type = cbor_value_get_type(&aceMap);
1027 if (type == CborTextStringType)
1029 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
1030 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
1031 cborFindResult = cbor_value_advance(&aceMap);
1032 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
1036 // Subject -- Mandatory
1037 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
1039 char *subject = NULL;
1040 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
1041 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
1042 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
1044 ace->subjectuuid.id[0] = '*';
1048 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
1049 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1054 // Resources -- Mandatory
1055 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
1057 CborValue resources = { .parser = NULL };
1058 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
1059 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
1061 while (cbor_value_is_valid(&resources))
1064 CborValue rMap = { .parser = NULL };
1065 cborFindResult = cbor_value_enter_container(&resources, &rMap);
1066 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
1068 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1069 VERIFY_NON_NULL(TAG, rsrc, ERROR);
1070 LL_APPEND(ace->resources, rsrc);
1072 while(cbor_value_is_valid(&rMap))
1074 char *rMapName = NULL;
1075 size_t rMapNameLen = 0;
1076 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
1077 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
1078 cborFindResult = cbor_value_advance(&rMap);
1079 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
1082 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
1084 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
1085 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
1089 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
1091 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
1092 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
1093 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
1095 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
1096 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
1098 CborValue resourceTypes;
1099 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
1100 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
1102 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
1104 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
1105 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
1106 cborFindResult = cbor_value_advance(&resourceTypes);
1107 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
1112 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
1114 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
1115 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
1116 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
1118 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
1119 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
1121 CborValue interfaces;
1122 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
1123 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
1125 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
1127 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
1128 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
1129 cborFindResult = cbor_value_advance(&interfaces);
1130 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
1135 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
1137 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
1138 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
1141 if (cbor_value_is_valid(&rMap))
1143 cborFindResult = cbor_value_advance(&rMap);
1144 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
1149 if (cbor_value_is_valid(&resources))
1151 cborFindResult = cbor_value_advance(&resources);
1152 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
1157 // Permissions -- Mandatory
1158 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
1161 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
1162 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
1163 ace->permission = (uint16_t)tmp64;
1166 // TODO: Need to verfication for validity
1167 // Validity -- Not mandatory
1168 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
1170 CborValue validitiesMap = {.parser = NULL};
1171 size_t validitySize = 0;
1173 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
1174 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
1176 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
1177 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
1179 while(cbor_value_is_valid(&validitiesMap))
1181 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
1182 VERIFY_NON_NULL(TAG, validity, ERROR);
1183 LL_APPEND(ace->validities, validity);
1185 CborValue validityMap = {.parser = NULL};
1187 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
1188 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
1191 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
1192 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
1194 //recurrence (string array)
1195 CborValue recurrenceMap = {.parser = NULL};
1196 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
1197 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
1199 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
1200 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
1202 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
1203 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
1205 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
1207 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
1208 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
1210 cborFindResult = cbor_value_advance(&recurrenceMap);
1211 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
1214 cborFindResult = cbor_value_advance(&validitiesMap);
1215 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
1221 if (type != CborMapType && cbor_value_is_valid(&aceMap))
1223 cborFindResult = cbor_value_advance(&aceMap);
1224 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
1228 if (cbor_value_is_valid(&acesArray))
1230 cborFindResult = cbor_value_advance(&acesArray);
1231 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
1238 if (cbor_value_is_valid(&aclistMap))
1240 cborFindResult = cbor_value_advance(&aclistMap);
1241 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
1246 //rownerID -- Mandatory
1247 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
1249 char *stRowner = NULL;
1250 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
1251 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1252 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
1253 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1258 if (cbor_value_is_valid(&aclMap))
1260 cborFindResult = cbor_value_advance(&aclMap);
1261 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
1266 if (cborFindResult != CborNoError)
1268 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
1277 * This method removes ACE for the subject and resource from the ACL
1279 * @param subject of the ACE
1280 * @param resource of the ACE
1283 * ::OC_STACK_RESOURCE_DELETED on success
1284 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
1285 * ::OC_STACK_INVALID_PARAM on invalid parameter
1287 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
1289 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
1291 OicSecAce_t *ace = NULL;
1292 OicSecAce_t *tempAce = NULL;
1293 bool deleteFlag = false;
1294 OCStackResult ret = OC_STACK_NO_RESOURCE;
1296 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
1298 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
1299 return OC_STACK_INVALID_PARAM;
1302 //If resource is NULL then delete all the ACE for the subject.
1303 if (NULL == resource || resource[0] == '\0')
1305 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1307 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1309 LL_DELETE(gAcl->aces, ace);
1317 //Looping through ACL to find the right ACE to delete. If the required resource is the only
1318 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
1319 //than the required resource in the ACE, for the subject then just delete the resource from
1320 //the resource array
1321 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1323 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1325 OicSecRsrc_t* rsrc = NULL;
1326 OicSecRsrc_t* tempRsrc = NULL;
1327 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1329 if(strcmp(rsrc->href, resource) == 0)
1331 LL_DELETE(ace->resources, rsrc);
1337 //If resource list is empty
1338 if(NULL == ace->resources && true == deleteFlag)
1340 //Remove the ACE from ACL
1341 LL_DELETE(gAcl->aces, ace);
1350 // In case of unit test do not update persistant storage.
1351 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1353 ret = OC_STACK_RESOURCE_DELETED;
1357 uint8_t *payload = NULL;
1359 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1361 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1363 ret = OC_STACK_RESOURCE_DELETED;
1373 * This method parses the query string received for REST requests and
1374 * retrieves the 'subject' field.
1376 * @param query querystring passed in REST request
1377 * @param subject subject UUID parsed from query string
1379 * @return true if query parsed successfully and found 'subject', else false.
1381 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1383 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1385 ParseQueryIterInit((unsigned char *) query, &parseIter);
1387 while (GetNextQuery (&parseIter))
1389 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1391 char strUuid[STRING_UUID_SIZE] = {0};
1392 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1393 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1394 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1395 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1405 * This method parses the query string received for REST requests and
1406 * retrieves the 'resource' field.
1408 * @param query querystring passed in REST request
1409 * @param resource resource parsed from query string
1410 * @param resourceSize size of the memory pointed to resource
1412 * @return true if query parsed successfully and found 'resource', else false.
1414 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1416 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1418 ParseQueryIterInit((unsigned char *) query, &parseIter);
1420 while (GetNextQuery (&parseIter))
1422 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1425 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1426 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1436 static size_t GetNumberOfResource(OicSecRsrc_t* resources)
1441 OicSecRsrc_t* rsrc = NULL;
1442 LL_FOREACH(resources, rsrc)
1450 static size_t GetNumberOfValidity(OicSecValidity_t* val)
1456 OicSecValidity_t* temp = NULL;
1457 LL_FOREACH(val, temp)
1466 static bool IsSameStringArray(char** strArr1, size_t strArr1Len,
1467 char** strArr2, size_t strArr2Len)
1470 if(NULL == strArr1 && NULL == strArr2)
1475 if(strArr1 && strArr2 && NULL == *strArr1 && NULL == *strArr2)
1480 if(strArr1 && strArr2)
1482 if(*strArr1 && *strArr2 && strArr1Len == strArr2Len)
1484 size_t matchedStr = 0;
1485 for(size_t i = 0; i < strArr1Len; i++)
1487 for(size_t j = 0; j < strArr2Len; j++)
1489 if(strcmp(strArr1[i], strArr2[j]) == 0)
1495 if(matchedStr == strArr1Len)
1505 static bool IsSameResources(OicSecRsrc_t* resources1, OicSecRsrc_t* resources2)
1507 size_t numOfRsrc1 = 0;
1508 size_t numOfRsrc2 = 0;
1509 size_t numOfMatchedRsrc = 0;
1510 OicSecRsrc_t* rsrc1 = NULL;
1511 OicSecRsrc_t* rsrc2 = NULL;
1513 if(NULL == resources1 && NULL == resources2)
1518 if(resources1 && resources2)
1520 numOfRsrc1 = GetNumberOfResource(resources1);
1521 numOfRsrc2 = GetNumberOfResource(resources2);
1523 if(0 == numOfRsrc1 && 0 == numOfRsrc2)
1528 LL_FOREACH(resources1, rsrc1)
1531 LL_FOREACH(resources2, rsrc2)
1535 if(strcmp(rsrc1->href, rsrc2->href) == 0 &&
1536 IsSameStringArray(rsrc1->interfaces, rsrc1->interfaceLen,
1537 rsrc2->interfaces, rsrc2->interfaceLen) &&
1538 IsSameStringArray(rsrc1->types, rsrc1->typeLen,
1539 rsrc2->types, rsrc2->typeLen))
1541 // TODO: Update codes to compare 'rel' property
1548 if(numOfMatchedRsrc == numOfRsrc1)
1557 static bool IsSameValidities(OicSecValidity_t* validities1, OicSecValidity_t* validities2)
1559 size_t numOfVal1 = 0;
1560 size_t numOfVal2 = 0;
1561 size_t numOfMatchedVal = 0;
1562 OicSecValidity_t* val1 = NULL;
1563 OicSecValidity_t* val2 = NULL;
1565 if(NULL == validities1 && NULL == validities2)
1570 if(validities1 && validities2)
1572 numOfVal1 = GetNumberOfValidity(validities1);
1573 numOfVal2 = GetNumberOfValidity(validities2);
1574 if(0 == numOfVal1 && 0 == numOfVal2)
1579 if(numOfVal1 == numOfVal2)
1581 LL_FOREACH(validities1, val1)
1583 LL_FOREACH(validities2, val2)
1585 if(strcmp(val1->period, val2->period) == 0 &&
1586 IsSameStringArray(val1->recurrences, val1->recurrenceLen,
1587 val2->recurrences, val2->recurrenceLen))
1593 if(numOfVal1 == numOfMatchedVal)
1603 static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
1607 if(memcmp(ace1->subjectuuid.id, ace2->subjectuuid.id, sizeof(ace1->subjectuuid.id)) != 0)
1612 if(false == IsSameResources(ace1->resources, ace2->resources))
1617 if(ace1->permission != ace2->permission)
1622 if(false == IsSameValidities(ace1->validities, ace2->validities))
1633 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1635 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1636 uint8_t* payload = NULL;
1638 OCEntityHandlerResult ehRet;
1640 OicUuid_t subject = {.id= { 0 } };
1642 // In case, 'subject' field is included in REST request.
1643 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1645 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1646 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1648 char resource[MAX_URI_LENGTH] = { 0 };
1650 OicSecAce_t *savePtr = NULL;
1651 const OicSecAce_t *currentAce = NULL;
1652 OicSecAcl_t targetAcl;
1654 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1655 targetAcl.aces = NULL;
1657 // 'Subject' field is MUST for processing a querystring in REST request.
1658 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1661 * TODO : Currently, this code only provides one ACE for a Subject.
1662 * Below code needs to be updated for scenarios when Subject have
1663 * multiple ACE's in ACL resource.
1665 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1667 targetAcl.aces = (OicSecAce_t*)currentAce;
1670 * If REST querystring contains a specific resource, we need
1671 * to search for that resource in ACE.
1673 if (resource[0] != '\0')
1675 OicSecRsrc_t *rsrc = NULL;
1676 LL_FOREACH(currentAce->resources, rsrc)
1678 if(0 == strcmp(rsrc->href, resource) ||
1679 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1681 // Convert ACL data into CBOR format for transmission
1682 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1684 ehRet = OC_EH_ERROR;
1692 // Convert ACL data into CBOR format for transmission
1693 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1695 ehRet = OC_EH_ERROR;
1701 // In case, 'subject' field is not included in REST request.
1704 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1705 // Convert ACL data into CBOR format for transmission.
1706 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1708 ehRet = OC_EH_ERROR;
1712 // A device should always have a default acl. Therefore, payload should never be NULL.
1713 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1714 OIC_LOG(DEBUG, TAG, "ACL payload with GET response");
1715 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1717 //Send payload to request originator
1718 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1719 OC_EH_OK : OC_EH_ERROR;
1723 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1727 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1729 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1730 OCEntityHandlerResult ehRet = OC_EH_OK;
1732 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1733 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1734 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1737 OicSecAcl_t *newAcl = NULL;
1738 OIC_LOG(DEBUG, TAG, "ACL payload from POST request << ");
1739 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1741 newAcl = CBORPayloadToAcl(payload, size);
1744 bool isNewAce = true;
1745 OicSecAce_t* existAce = NULL;
1746 OicSecAce_t* newAce = NULL;
1747 OicSecAce_t* tempAce1 = NULL;
1748 OicSecAce_t* tempAce2 = NULL;
1750 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce1)
1753 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
1755 if(IsSameACE(newAce, existAce))
1762 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
1764 OicSecAce_t* insertAce = DuplicateACE(newAce);
1767 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
1768 LL_PREPEND(gAcl->aces, insertAce);
1772 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
1773 ehRet = OC_EH_ERROR;
1778 DeleteACLList(newAcl);
1780 if(OC_EH_OK == ehRet)
1783 uint8_t *cborPayload = NULL;
1784 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1786 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1788 ehRet = OC_EH_CHANGED;
1790 OICFree(cborPayload);
1793 if(OC_EH_CHANGED != ehRet)
1795 ehRet = OC_EH_ERROR;
1801 //Send response to request originator
1802 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1803 OC_EH_OK : OC_EH_ERROR;
1805 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1809 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1811 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1812 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1813 OicUuid_t subject = { .id= { 0 } };
1814 char resource[MAX_URI_LENGTH] = { 0 };
1816 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1818 // 'Subject' field is MUST for processing a querystring in REST request.
1819 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1821 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1823 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1825 ehRet = OC_EH_RESOURCE_DELETED;
1829 //Send response to request originator
1830 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1831 OC_EH_OK : OC_EH_ERROR;
1836 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1837 void* callbackParameter)
1839 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1840 (void)callbackParameter;
1841 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1848 if (flag & OC_REQUEST_FLAG)
1850 // TODO : Handle PUT method
1851 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1852 switch (ehRequest->method)
1855 ehRet = HandleACLGetRequest(ehRequest);
1859 ehRet = HandleACLPostRequest(ehRequest);
1862 case OC_REST_DELETE:
1863 ehRet = HandleACLDeleteRequest(ehRequest);
1867 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1868 OC_EH_OK : OC_EH_ERROR;
1876 * This internal method is used to create '/oic/sec/acl' resource.
1878 static OCStackResult CreateACLResource()
1882 ret = OCCreateResource(&gAclHandle,
1883 OIC_RSRC_TYPE_SEC_ACL,
1884 OC_RSRVD_INTERFACE_DEFAULT,
1890 if (OC_STACK_OK != ret)
1892 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1893 DeInitACLResource();
1898 // This function sets the default ACL and is defined for the unit test only.
1899 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1905 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1907 OCStackResult ret = OC_STACK_ERROR;
1908 OicUuid_t ownerId = { .id = { 0 } };
1909 OicSecAcl_t *acl = NULL;
1910 OicSecAce_t *ace = NULL;
1911 OicSecRsrc_t* resRsrc = NULL;
1912 OicSecRsrc_t* deviceRsrc = NULL;
1913 OicSecRsrc_t* platformRsrc = NULL;
1914 OicSecRsrc_t* aclRsrc = NULL;
1915 OicSecRsrc_t* doxmRsrc = NULL;
1916 OicSecRsrc_t* pstatRsrc = NULL;
1919 * TODO In future, when new virtual resources will be added in OIC
1920 * specification, Iotivity stack should be able to add them in
1921 * existing SVR database. To support this, we need to add 'versioning'
1922 * mechanism in SVR database.
1927 return OC_STACK_INVALID_PARAM;
1930 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1931 VERIFY_NON_NULL(TAG, acl, ERROR);
1933 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1934 VERIFY_NON_NULL(TAG, ace, ERROR);
1936 LL_APPEND(acl->aces, ace);
1938 // Subject -- Mandatory
1939 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
1941 // Resources -- Mandatory
1943 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1944 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
1945 LL_APPEND(ace->resources, resRsrc);
1946 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
1947 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
1948 resRsrc->typeLen = 1;
1949 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1950 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
1951 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
1952 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
1953 resRsrc->interfaceLen = 2;
1954 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
1955 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
1956 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1957 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
1958 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1959 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
1962 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1963 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
1964 LL_APPEND(ace->resources, deviceRsrc);
1965 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
1966 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
1967 deviceRsrc->typeLen = 1;
1968 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1969 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
1970 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
1971 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
1972 deviceRsrc->interfaceLen = 2;
1973 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
1974 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
1975 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1976 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
1977 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1978 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
1981 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1982 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
1983 LL_APPEND(ace->resources, platformRsrc);
1984 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
1985 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
1986 platformRsrc->typeLen = 1;
1987 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1988 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
1989 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
1990 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
1991 platformRsrc->interfaceLen = 2;
1992 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
1993 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
1994 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1995 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
1996 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1997 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
2000 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2001 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
2002 LL_APPEND(ace->resources, aclRsrc);
2003 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
2004 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
2005 aclRsrc->typeLen = 1;
2006 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2007 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
2008 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
2009 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
2010 aclRsrc->interfaceLen = 1;
2011 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
2012 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
2013 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2014 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
2017 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2018 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2019 LL_APPEND(ace->resources, doxmRsrc);
2020 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2021 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2022 doxmRsrc->typeLen = 1;
2023 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2024 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
2025 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
2026 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
2027 doxmRsrc->interfaceLen = 1;
2028 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
2029 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
2030 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2031 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
2034 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2035 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2036 LL_APPEND(ace->resources, pstatRsrc);
2037 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2038 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2039 pstatRsrc->typeLen = 1;
2040 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2041 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
2042 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
2043 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
2044 pstatRsrc->interfaceLen = 1;
2045 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
2046 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
2047 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2048 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
2050 ace->permission = PERMISSION_READ;
2051 ace->validities = NULL;
2053 // Device ID is the owner of this default ACL
2054 if (GetDoxmResourceData() != NULL)
2056 ret = GetDoxmDeviceID(&ownerId);
2057 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
2061 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
2062 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
2065 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
2072 if (ret != OC_STACK_OK)
2081 OCStackResult InitACLResource()
2083 OCStackResult ret = OC_STACK_ERROR;
2085 uint8_t *data = NULL;
2087 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
2088 // If database read failed
2089 if (OC_STACK_OK != ret)
2091 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
2095 // Read ACL resource from PS
2096 gAcl = CBORPayloadToAcl(data, size);
2099 * If SVR database in persistent storage got corrupted or
2100 * is not available for some reason, a default ACL is created
2101 * which allows user to initiate ACL provisioning again.
2105 ret = GetDefaultACL(&gAcl);
2106 if (OC_STACK_OK != ret)
2108 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
2110 // TODO Needs to update persistent storage
2112 VERIFY_NON_NULL(TAG, gAcl, FATAL);
2114 // Instantiate 'oic.sec.acl'
2115 ret = CreateACLResource();
2118 if (OC_STACK_OK != ret)
2120 DeInitACLResource();
2125 OCStackResult DeInitACLResource()
2127 OCStackResult ret = OCDeleteResource(gAclHandle);
2132 DeleteACLList(gAcl);
2138 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
2140 OicSecAce_t *ace = NULL;
2141 OicSecAce_t *begin = NULL;
2143 if (NULL == subjectId)
2149 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
2152 if (NULL == *savePtr)
2159 * If this is a 'successive' call, search for location pointed by
2160 * savePtr and assign 'begin' to the next ACL after it in the linked
2161 * list and start searching from there.
2163 LL_FOREACH(gAcl->aces, ace)
2165 if (ace == *savePtr)
2172 // Find the next ACL corresponding to the 'subjectID' and return it.
2173 LL_FOREACH(begin, ace)
2175 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
2182 // Cleanup in case no ACL is found
2187 void printACL(const OicSecAcl_t* acl)
2189 OIC_LOG(INFO, TAG, "Print ACL:");
2193 OIC_LOG(INFO, TAG, "Received NULL acl");
2197 char *rowner = NULL;
2198 if (OC_STACK_OK == ConvertUuidToStr(&acl->rownerID, &rowner))
2200 OIC_LOG_V(INFO, TAG, "rowner id = %s", rowner);
2204 OIC_LOG(ERROR, TAG, "Can't convert rowner uuid to string");
2208 const OicSecAce_t *ace = acl->aces;
2213 OIC_LOG_V(INFO, TAG, "Print ace[%d]:", ace_count);
2215 OIC_LOG_V(INFO, TAG, "ace permission = %d", ace->permission);
2217 char *subjectuuid = NULL;
2218 if (OC_STACK_OK == ConvertUuidToStr(&ace->subjectuuid, &subjectuuid))
2220 OIC_LOG_V(INFO, TAG, "ace subject uuid = %s", subjectuuid);
2224 OIC_LOG(ERROR, TAG, "Can't convert subjectuuid to string");
2226 OICFree(subjectuuid);
2228 OicSecRsrc_t *res = ace->resources;
2233 OIC_LOG_V(INFO, TAG, "Print resources[%d]:", res_count);
2235 OIC_LOG_V(INFO, TAG, "href = %s", res->href);
2237 for (size_t i = 0; i < res->typeLen; i++)
2239 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]);
2241 for (size_t i = 0; i < res->interfaceLen; i++)
2243 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->interfaces[i]);
2249 OicSecValidity_t *vals = ace->validities;
2254 OIC_LOG_V(INFO, TAG, "Print validities[%d]:", vals_count);
2256 OIC_LOG_V(INFO, TAG, "period = %s", vals->period);
2257 for (size_t i = 0; i < vals->recurrenceLen; i++)
2259 OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]);
2267 OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
2269 OCStackResult ret = OC_STACK_ERROR;
2273 return OC_STACK_INVALID_PARAM;
2276 // Append the new ACE to existing ACE list
2277 // Can't use LL_APPEND because it sets ace->next to NULL
2278 OicSecAce_t* ace = gAcl->aces;
2285 ace->next = acl->aces;
2289 gAcl->aces = acl->aces;
2295 uint8_t *payload = NULL;
2296 ret = AclToCBORPayload(gAcl, &payload, &size);
2297 if (OC_STACK_OK == ret)
2299 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
2306 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
2308 // Convert CBOR format to ACL data. This will also validate the ACL data received.
2309 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
2311 return InstallNewACL2(newAcl);
2315 * This function generates default ACE for security resource in case of owned status.
2317 * @return Default ACE for security resource.
2319 static OicSecAce_t* GetSecDefaultACE()
2321 const int NUM_OF_DOXM_RT = 1;
2322 const int NUM_OF_DOXM_IF = 1;
2323 const int NUM_OF_PSTAT_RT = 1;
2324 const int NUM_OF_PSTAT_IF = 1;
2325 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
2326 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
2327 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2328 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2329 OicSecRsrc_t* doxmRsrc = NULL;
2330 OicSecRsrc_t* pstatRsrc = NULL;
2332 //Generate default ACE
2333 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
2334 VERIFY_NON_NULL(TAG, newAce, ERROR);
2336 // Subject -- Mandatory
2337 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
2339 //Resources -- Mandatory
2341 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2342 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2343 LL_APPEND(newAce->resources, doxmRsrc);
2345 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2346 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2348 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
2349 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
2350 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
2351 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
2353 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
2354 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
2357 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
2358 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
2359 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
2360 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
2362 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
2363 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
2367 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2368 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2369 LL_APPEND(newAce->resources, pstatRsrc);
2371 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2372 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2374 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
2375 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
2376 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
2377 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
2379 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
2380 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
2383 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
2384 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
2385 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
2386 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
2388 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
2389 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
2392 // Permissions -- Mandatory
2393 newAce->permission = PERMISSION_READ;
2395 //Period -- Not Mandatory
2396 newAce->validities = NULL;
2405 OCStackResult UpdateDefaultSecProvACE()
2407 OCStackResult ret = OC_STACK_OK;
2408 OicSecAce_t *ace = NULL;
2409 OicSecAce_t *tempAce = NULL;
2413 int matchedRsrc = 0;
2414 bool isRemoved = false;
2416 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
2418 //Find default security resource ACL
2419 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
2420 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
2424 OicSecRsrc_t* rsrc = NULL;
2425 LL_FOREACH(ace->resources, rsrc)
2427 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
2428 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
2429 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
2430 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
2431 strncmp(rsrc->href, OIC_RSRC_ACL_URI,
2432 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
2433 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
2434 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
2440 //If default security resource ACL is detected, delete it.
2441 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
2443 LL_DELETE(gAcl->aces, ace);
2453 * Generate new security resource ACE as follows :
2455 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
2458 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
2461 LL_APPEND(gAcl->aces, secDefaultAce);
2464 uint8_t *payload = NULL;
2465 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
2467 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
2480 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
2482 OCStackResult ret = OC_STACK_ERROR;
2483 uint8_t *cborPayload = NULL;
2485 OicUuid_t prevId = {.id={0}};
2487 if(NULL == newROwner)
2489 ret = OC_STACK_INVALID_PARAM;
2493 ret = OC_STACK_NO_RESOURCE;
2496 if(newROwner && gAcl)
2498 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
2499 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
2501 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
2502 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2504 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
2505 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2507 OICFree(cborPayload);
2513 OICFree(cborPayload);
2514 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
2518 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
2520 OCStackResult retVal = OC_STACK_ERROR;
2523 *rowneruuid = gAcl->rownerID;
2524 retVal = OC_STACK_OK;