1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
29 #include "ocserverrequest.h"
30 #include "oic_malloc.h"
31 #include "oic_string.h"
33 #include "ocpayload.h"
35 #include "payload_logging.h"
36 #include "srmresourcestrings.h"
37 #include "aclresource.h"
38 #include "doxmresource.h"
39 #include "resourcemanager.h"
40 #include "srmutility.h"
41 #include "psinterface.h"
43 #include "security_internals.h"
46 #define NUMBER_OF_SEC_PROV_RSCS 4
47 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
48 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
50 static const uint8_t ACL_MAP_SIZE = 2;
51 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
52 static const uint8_t ACL_ACES_MAP_SIZE = 3;
53 static const uint8_t ACL_RESOURCE_MAP_SIZE = 4;
56 // CborSize is the default cbor payload size being used.
57 static const uint16_t CBOR_SIZE = 2048;
59 static OicSecAcl_t *gAcl = NULL;
60 static OCResourceHandle gAclHandle = NULL;
63 * This function frees OicSecAcl_t object's fields and object itself.
65 static void FreeACE(OicSecAcl_t *ace)
70 OIC_LOG(ERROR, TAG, "Invalid Parameter");
75 for (i = 0; i < ace->resourcesLen; i++)
77 OICFree(ace->resources[i]);
79 OICFree(ace->resources);
84 for (i = 0; i < ace->prdRecrLen; i++)
86 OICFree(ace->periods[i]);
88 OICFree(ace->periods);
94 for (i = 0; i < ace->prdRecrLen; i++)
96 OICFree(ace->recurrences[i]);
98 OICFree(ace->recurrences);
101 // Clean ACL node itself
105 void DeleteACLList(OicSecAcl_t* acl)
109 OicSecAcl_t *aclTmp1 = NULL;
110 OicSecAcl_t *aclTmp2 = NULL;
111 LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
113 LL_DELETE(acl, aclTmp1);
119 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
125 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
135 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
137 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
139 return OC_STACK_INVALID_PARAM;
142 OCStackResult ret = OC_STACK_ERROR;
143 CborError cborEncoderResult = CborNoError;
144 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
147 CborEncoder aclListMap;
148 CborEncoder acesArray;
149 uint8_t *outPayload = NULL;
150 size_t cborLen = *size;
159 outPayload = (uint8_t *)OICCalloc(1, cborLen);
160 VERIFY_NON_NULL(TAG, outPayload, ERROR);
161 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
163 // Create ACL Map (aclist, rownerid)
164 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
165 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
167 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
168 strlen(OIC_JSON_ACLIST_NAME));
169 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
171 // Create ACLIST Map (aces)
172 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
173 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
175 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
176 strlen(OIC_JSON_ACES_NAME));
177 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
180 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
181 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
185 CborEncoder oicSecAclMap;
186 // ACL Map size - Number of mandatory items
187 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
195 if (acl->recurrences)
200 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
201 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
203 // Subject -- Mandatory
204 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
205 strlen(OIC_JSON_SUBJECTID_NAME));
206 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
207 inLen = (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
208 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
209 if(inLen == WILDCARD_SUBJECT_ID_LEN)
211 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
212 strlen(WILDCARD_RESOURCE_URI));
213 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
217 char *subject = NULL;
218 ret = ConvertUuidToStr(&acl->subject, &subject);
219 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
220 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
221 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
227 CborEncoder resources;
228 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
229 strlen(OIC_JSON_RESOURCES_NAME));
230 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
232 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, acl->resourcesLen);
233 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
235 for (size_t i = 0; i < acl->resourcesLen; i++)
239 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, ACL_RESOURCE_MAP_SIZE);
240 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
242 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
243 strlen(OIC_JSON_HREF_NAME));
244 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
245 cborEncoderResult = cbor_encode_text_string(&rMap, acl->resources[i],
246 strlen(acl->resources[i]));
247 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
249 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
250 strlen(OIC_JSON_REL_NAME));
251 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
253 // TODO : Need to assign real value of REL
254 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
255 strlen(OIC_JSON_EMPTY_STRING));
256 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
258 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
259 strlen(OIC_JSON_RT_NAME));
260 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
262 // TODO : Need to assign real value of RT
263 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
264 strlen(OIC_JSON_EMPTY_STRING));
265 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
267 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
268 strlen(OIC_JSON_IF_NAME));
269 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
271 // TODO : Need to assign real value of IF
272 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
273 strlen(OIC_JSON_EMPTY_STRING));
274 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
277 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
278 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
281 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
282 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
286 // Permissions -- Mandatory
287 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
288 strlen(OIC_JSON_PERMISSION_NAME));
289 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
290 cborEncoderResult = cbor_encode_int(&oicSecAclMap, acl->permission);
291 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
293 // Period -- Not Mandatory
298 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERIOD_NAME,
299 strlen(OIC_JSON_PERIOD_NAME));
300 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Tag.");
301 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &period, acl->prdRecrLen);
302 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Array.");
303 for (size_t i = 0; i < acl->prdRecrLen; i++)
305 cborEncoderResult = cbor_encode_text_string(&period, acl->periods[i],
306 strlen(acl->periods[i]));
307 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value in Array.");
309 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &period);
310 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Period Array.");
313 // Recurrence -- Not Mandatory
314 if (acl->recurrences)
316 CborEncoder recurrences;
317 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RECURRENCES_NAME,
318 strlen(OIC_JSON_RECURRENCES_NAME));
319 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Tag.");
320 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &recurrences, acl->prdRecrLen);
321 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
323 for (size_t i = 0; i < acl->prdRecrLen; i++)
325 cborEncoderResult = cbor_encode_text_string(&recurrences, acl->recurrences[i],
326 strlen(acl->recurrences[i]));
327 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
329 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &recurrences);
330 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
335 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
336 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
341 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
342 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
345 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
346 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
351 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
352 strlen(OIC_JSON_ROWNERID_NAME));
353 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
354 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
355 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
356 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
357 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
362 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
363 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
365 if (CborNoError == cborEncoderResult)
367 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
368 *size = encoder.ptr - outPayload;
369 *payload = outPayload;
373 if (CborErrorOutOfMemory == cborEncoderResult)
375 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
377 // reallocate and try again!
379 // Since the allocated initial memory failed, double the memory.
380 cborLen += encoder.ptr - encoder.end;
381 cborEncoderResult = CborNoError;
382 ret = AclToCBORPayload(secAcl, payload, &cborLen);
385 else if (cborEncoderResult != CborNoError)
387 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
392 ret = OC_STACK_ERROR;
398 // This function converts CBOR format to ACL data.
399 // Caller needs to invoke 'free' when done using
400 // note: This function is used in unit test hence not declared static,
401 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
403 if (NULL == cborPayload || 0 == size)
407 OCStackResult ret = OC_STACK_ERROR;
408 CborValue aclCbor = { .parser = NULL };
409 CborParser parser = { .end = NULL };
410 CborError cborFindResult = CborNoError;
411 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
413 OicSecAcl_t *headAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
416 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
417 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
418 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
420 while (cbor_value_is_valid(&aclMap))
422 char* tagName = NULL;
424 CborType type = cbor_value_get_type(&aclMap);
425 if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
427 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
428 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
429 cborFindResult = cbor_value_advance(&aclMap);
430 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
434 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
437 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
438 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
439 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
442 while (cbor_value_is_valid(&aclistMap))
446 CborType acType = cbor_value_get_type(&aclistMap);
447 if (acType == CborTextStringType && cbor_value_is_text_string(&aclistMap))
449 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &acLen, NULL);
450 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
451 cborFindResult = cbor_value_advance(&aclistMap);
452 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
456 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
460 CborValue aclArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
461 cborFindResult = cbor_value_enter_container(&aclistMap, &aclArray);
462 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Array.");
465 while (cbor_value_is_valid(&aclArray))
469 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
470 cborFindResult = cbor_value_enter_container(&aclArray, &aclMap);
471 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
472 OicSecAcl_t *acl = NULL;
480 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
481 OicSecAcl_t *temp = headAcl;
488 VERIFY_NON_NULL(TAG, acl, ERROR);
490 while (cbor_value_is_valid(&aclMap))
494 CborType type = cbor_value_get_type(&aclMap);
495 if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
497 cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
498 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
499 cborFindResult = cbor_value_advance(&aclMap);
500 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
504 // Subject -- Mandatory
505 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0 && cbor_value_is_text_string(&aclMap))
507 char *subject = NULL;
508 cborFindResult = cbor_value_dup_text_string(&aclMap, &subject, &len, NULL);
509 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
510 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
512 acl->subject.id[0] = '*';
516 ret = ConvertStrToUuid(subject, &acl->subject);
517 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
522 // Resources -- Mandatory
523 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
525 CborValue resources = { .parser = NULL };
526 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->resourcesLen);
527 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Resource Array Len Value.");
528 cborFindResult = cbor_value_enter_container(&aclMap, &resources);
529 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
531 acl->resources = (char **) OICMalloc(acl->resourcesLen * sizeof(char*));
532 VERIFY_NON_NULL(TAG, acl->resources, ERROR);
534 while (cbor_value_is_valid(&resources))
537 CborValue rMap = { .parser = NULL };
538 cborFindResult = cbor_value_enter_container(&resources, &rMap);
539 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
542 while(cbor_value_is_valid(&rMap) && cbor_value_is_text_string(&rMap))
544 char *rMapName = NULL;
545 size_t rMapNameLen = 0;
546 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
547 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
548 cborFindResult = cbor_value_advance(&rMap);
549 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
552 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
554 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
555 cborFindResult = cbor_value_dup_text_string(&rMap, &acl->resources[i++], &len, NULL);
556 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
559 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
561 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
562 char *relData = NULL;
563 cborFindResult = cbor_value_dup_text_string(&rMap, &relData, &len, NULL);
564 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
568 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName))
570 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
572 cborFindResult = cbor_value_dup_text_string(&rMap, &rtData, &len, NULL);
573 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT Value.");
578 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName))
580 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
582 cborFindResult = cbor_value_dup_text_string(&rMap, &ifData, &len, NULL);
583 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF Value.");
587 if (cbor_value_is_valid(&rMap))
589 cborFindResult = cbor_value_advance(&rMap);
590 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
595 if (cbor_value_is_valid(&resources))
597 cborFindResult = cbor_value_advance(&resources);
598 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
603 // Permissions -- Mandatory
604 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
608 cborFindResult = cbor_value_get_uint64(&aclMap, &tmp64);
609 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
610 acl->permission = tmp64;
613 // Period -- Not mandatory
614 if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0 && cbor_value_is_array(&aclMap))
616 CborValue period = { .parser = NULL };
617 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
618 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Len.");
619 cborFindResult = cbor_value_enter_container(&aclMap, &period);
620 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Map.");
621 acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
622 VERIFY_NON_NULL(TAG, acl->periods, ERROR);
624 while (cbor_value_is_text_string(&period) && cbor_value_is_text_string(&period))
626 cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
628 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
629 cborFindResult = cbor_value_advance(&period);
630 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
634 // Recurrence -- Not mandatory
635 if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
637 CborValue recurrences = { .parser = NULL };
638 cborFindResult = cbor_value_enter_container(&aclMap, &recurrences);
639 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
640 acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
641 VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
643 while (cbor_value_is_text_string(&recurrences) && cbor_value_is_text_string(&recurrences))
645 cborFindResult = cbor_value_dup_text_string(&recurrences,
646 &acl->recurrences[i++], &len, NULL);
647 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array Value.");
648 cborFindResult = cbor_value_advance(&recurrences);
649 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Closing Recurrence Array.");
656 if (type != CborMapType && cbor_value_is_valid(&aclMap))
658 cborFindResult = cbor_value_advance(&aclMap);
659 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
665 if (cbor_value_is_valid(&aclArray))
667 cborFindResult = cbor_value_advance(&aclArray);
668 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
675 if (cbor_value_is_valid(&aclistMap))
677 cborFindResult = cbor_value_advance(&aclistMap);
678 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
683 // TODO : Need to modify headAcl->owners[0].id to headAcl->rowner based on RAML spec.
684 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&aclMap))
686 char *stRowner = NULL;
687 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
688 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
689 ret = ConvertStrToUuid(stRowner, &headAcl->rownerID);
690 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
695 if (cbor_value_is_valid(&aclMap))
697 cborFindResult = cbor_value_advance(&aclMap);
698 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
703 if (cborFindResult != CborNoError)
705 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
706 DeleteACLList(headAcl);
713 * This method removes ACE for the subject and resource from the ACL
715 * @param subject of the ACE
716 * @param resource of the ACE
719 * ::OC_STACK_RESOURCE_DELETED on success
720 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
721 * ::OC_STACK_INVALID_PARAM on invalid parameter
723 static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
725 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
727 OicSecAcl_t *acl = NULL;
728 OicSecAcl_t *tempAcl = NULL;
729 bool deleteFlag = false;
730 OCStackResult ret = OC_STACK_NO_RESOURCE;
732 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
734 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
735 return OC_STACK_INVALID_PARAM;
738 //If resource is NULL then delete all the ACE for the subject.
739 if (NULL == resource || resource[0] == '\0')
741 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
743 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
745 LL_DELETE(gAcl, acl);
753 //Looping through ACL to find the right ACE to delete. If the required resource is the only
754 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
755 //than the required resource in the ACE, for the subject then just delete the resource from
757 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
759 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
761 if (1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
763 LL_DELETE(gAcl, acl);
772 for (i = 0; i < acl->resourcesLen; i++)
774 if (strcmp(acl->resources[i], resource) == 0)
780 if (0 <= (int) resPos)
782 OICFree(acl->resources[resPos]);
783 acl->resources[resPos] = NULL;
784 acl->resourcesLen -= 1;
785 for (i = resPos; i < acl->resourcesLen; i++)
787 acl->resources[i] = acl->resources[i + 1];
799 // In case of unit test do not update persistant storage.
800 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
802 ret = OC_STACK_RESOURCE_DELETED;
806 uint8_t *payload = NULL;
808 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
810 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
812 ret = OC_STACK_RESOURCE_DELETED;
822 * This method parses the query string received for REST requests and
823 * retrieves the 'subject' field.
825 * @param query querystring passed in REST request
826 * @param subject subject UUID parsed from query string
828 * @return true if query parsed successfully and found 'subject', else false.
830 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
832 OicParseQueryIter_t parseIter = { .attrPos = NULL };
834 ParseQueryIterInit((unsigned char *) query, &parseIter);
836 while (GetNextQuery (&parseIter))
838 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
840 char strUuid[STRING_UUID_SIZE] = {0};
841 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
842 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
843 OCStackResult res = ConvertStrToUuid(strUuid, subject);
844 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
854 * This method parses the query string received for REST requests and
855 * retrieves the 'resource' field.
857 * @param query querystring passed in REST request
858 * @param resource resource parsed from query string
859 * @param resourceSize size of the memory pointed to resource
861 * @return true if query parsed successfully and found 'resource', else false.
863 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
865 OicParseQueryIter_t parseIter = { .attrPos = NULL };
867 ParseQueryIterInit((unsigned char *) query, &parseIter);
869 while (GetNextQuery (&parseIter))
871 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
874 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
875 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
885 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
887 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
888 uint8_t* payload = NULL;
890 OCEntityHandlerResult ehRet;
892 OicUuid_t subject = {.id= { 0 } };
894 // In case, 'subject' field is included in REST request.
895 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
897 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
898 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
900 char resource[MAX_URI_LENGTH] = { 0 };
902 OicSecAcl_t *savePtr = NULL;
903 const OicSecAcl_t *currentAce = NULL;
905 // 'Subject' field is MUST for processing a querystring in REST request.
906 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
909 * TODO : Currently, this code only provides one ACE for a Subject.
910 * Below code needs to be updated for scenarios when Subject have
911 * multiple ACE's in ACL resource.
913 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
916 * If REST querystring contains a specific resource, we need
917 * to search for that resource in ACE.
919 if (resource[0] != '\0')
921 for (size_t n = 0; n < currentAce->resourcesLen; n++)
923 if ((currentAce->resources[n])
924 && (0 == strcmp(resource, currentAce->resources[n])
925 || 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
927 // Convert ACL data into CBOR format for transmission
928 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
938 // Convert ACL data into CBOR format for transmission
939 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
947 // In case, 'subject' field is not included in REST request.
950 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
951 // Convert ACL data into CBOR format for transmission.
952 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
958 // A device should always have a default acl. Therefore, payload should never be NULL.
959 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
961 // Send response payload to request originator
962 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, payload, size))
965 OIC_LOG(ERROR, TAG, "SendSRMResponse failed for HandleACLGetRequest");
969 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
973 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
975 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
976 OCEntityHandlerResult ehRet = OC_EH_ERROR;
978 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
979 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
980 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
983 OicSecAcl_t *newAcl = CBORPayloadToAcl(payload, size);
986 // Append the new ACL to existing ACL
987 LL_APPEND(gAcl, newAcl);
989 // In case of unit test do not update persistant storage.
990 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
991 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
993 ehRet = OC_EH_RESOURCE_CREATED;
997 uint8_t *cborPayload = NULL;
998 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1000 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1002 ehRet = OC_EH_RESOURCE_CREATED;
1004 OICFree(cborPayload);
1010 // Send payload to request originator
1011 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1013 ehRet = OC_EH_ERROR;
1014 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLPostRequest");
1017 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1021 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1023 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1024 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1025 OicUuid_t subject = { .id= { 0 } };
1026 char resource[MAX_URI_LENGTH] = { 0 };
1028 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1030 // 'Subject' field is MUST for processing a querystring in REST request.
1031 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1033 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1035 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1037 ehRet = OC_EH_RESOURCE_DELETED;
1041 // Send payload to request originator
1042 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1044 ehRet = OC_EH_ERROR;
1045 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLDeleteRequest");
1051 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1052 void* callbackParameter)
1054 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1055 (void)callbackParameter;
1056 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1063 if (flag & OC_REQUEST_FLAG)
1065 // TODO : Handle PUT method
1066 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1067 switch (ehRequest->method)
1070 ehRet = HandleACLGetRequest(ehRequest);
1074 ehRet = HandleACLPostRequest(ehRequest);
1077 case OC_REST_DELETE:
1078 ehRet = HandleACLDeleteRequest(ehRequest);
1082 ehRet = OC_EH_ERROR;
1083 SendSRMResponse(ehRequest, ehRet, NULL, 0);
1091 * This internal method is used to create '/oic/sec/acl' resource.
1093 static OCStackResult CreateACLResource()
1097 ret = OCCreateResource(&gAclHandle,
1098 OIC_RSRC_TYPE_SEC_ACL,
1099 OC_RSRVD_INTERFACE_DEFAULT,
1103 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
1105 if (OC_STACK_OK != ret)
1107 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1108 DeInitACLResource();
1113 // This function sets the default ACL and is defined for the unit test only.
1114 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1120 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1122 OCStackResult ret = OC_STACK_ERROR;
1124 OicUuid_t ownerId = { .id = { 0 } };
1127 * TODO In future, when new virtual resources will be added in OIC
1128 * specification, Iotivity stack should be able to add them in
1129 * existing SVR database. To support this, we need to add 'versioning'
1130 * mechanism in SVR database.
1133 const char *rsrcs[] = {
1134 OC_RSRVD_WELL_KNOWN_URI,
1135 OC_RSRVD_DEVICE_URI,
1136 OC_RSRVD_PLATFORM_URI,
1137 OC_RSRVD_RESOURCE_TYPES_URI,
1138 #ifdef WITH_PRESENCE
1139 OC_RSRVD_PRESENCE_URI,
1140 #endif //WITH_PRESENCE
1148 return OC_STACK_INVALID_PARAM;
1151 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1152 VERIFY_NON_NULL(TAG, acl, ERROR);
1154 // Subject -- Mandatory
1155 memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
1157 // Resources -- Mandatory
1158 acl->resourcesLen = sizeof(rsrcs) / sizeof(rsrcs[0]);
1160 acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
1161 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
1163 for (size_t i = 0; i < acl->resourcesLen; i++)
1165 size_t len = strlen(rsrcs[i]) + 1;
1166 acl->resources[i] = (char*) OICMalloc(len * sizeof(char));
1167 VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
1168 OICStrcpy(acl->resources[i], len, rsrcs[i]);
1171 acl->permission = PERMISSION_READ;
1172 acl->prdRecrLen = 0;
1173 acl->periods = NULL;
1174 acl->recurrences = NULL;
1176 // Device ID is the owner of this default ACL
1177 if (GetDoxmResourceData() != NULL)
1179 ret = GetDoxmDeviceID(&ownerId);
1180 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
1184 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
1185 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
1188 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
1197 if (ret != OC_STACK_OK)
1206 OCStackResult InitACLResource()
1208 OCStackResult ret = OC_STACK_ERROR;
1210 uint8_t *data = NULL;
1212 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
1213 // If database read failed
1214 if (ret != OC_STACK_OK)
1216 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
1220 // Read ACL resource from PS
1221 gAcl = CBORPayloadToAcl(data, size);
1224 * If SVR database in persistent storage got corrupted or
1225 * is not available for some reason, a default ACL is created
1226 * which allows user to initiate ACL provisioning again.
1230 GetDefaultACL(&gAcl);
1231 // TODO Needs to update persistent storage
1233 VERIFY_NON_NULL(TAG, gAcl, FATAL);
1235 // Instantiate 'oic.sec.acl'
1236 ret = CreateACLResource();
1239 if (OC_STACK_OK != ret)
1241 DeInitACLResource();
1246 OCStackResult DeInitACLResource()
1248 OCStackResult ret = OCDeleteResource(gAclHandle);
1253 DeleteACLList(gAcl);
1259 const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
1261 OicSecAcl_t *acl = NULL;
1262 OicSecAcl_t *begin = NULL;
1264 if (NULL == subjectId)
1270 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
1273 if (NULL == *savePtr)
1280 * If this is a 'successive' call, search for location pointed by
1281 * savePtr and assign 'begin' to the next ACL after it in the linked
1282 * list and start searching from there.
1284 LL_FOREACH(gAcl, acl)
1286 if (acl == *savePtr)
1293 // Find the next ACL corresponding to the 'subjectID' and return it.
1294 LL_FOREACH(begin, acl)
1296 if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
1303 // Cleanup in case no ACL is found
1308 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
1310 OCStackResult ret = OC_STACK_ERROR;
1312 // Convert CBOR format to ACL data. This will also validate the ACL data received.
1313 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
1317 // Append the new ACL to existing ACL
1318 LL_APPEND(gAcl, newAcl);
1320 // Update persistent storage only if it is not WILDCARD_SUBJECT_ID
1321 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
1322 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
1329 uint8_t *payload = NULL;
1330 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1332 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1345 * This function generates default ACL for security resource in case of owned status.
1347 * @return Default ACL for security resource.
1349 static OicSecAcl_t* GetSecDefaultACL()
1351 const char *sec_rsrcs[] = {
1355 OicUuid_t ownerId = {.id = {0}};
1356 OCStackResult res = OC_STACK_ERROR;
1357 OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
1358 VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
1360 // Subject -- Mandatory
1361 memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
1363 // Resources -- Mandatory
1364 newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
1365 newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
1366 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
1368 for (size_t i = 0; i < NUMBER_OF_DEFAULT_SEC_RSCS; i++)
1370 size_t len = strlen(sec_rsrcs[i]) + 1;
1371 newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
1372 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
1373 OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
1376 // Permissions -- Mandatory
1377 newDefaultAcl->permission = PERMISSION_READ;
1379 //Period -- Not Mandatory
1380 newDefaultAcl->prdRecrLen = 0;
1381 newDefaultAcl->periods = NULL;
1383 //Recurrence -- Not Mandatory
1384 newDefaultAcl->recurrences = NULL;
1386 // Device ID is the owner of this default ACL
1387 res = GetDoxmDeviceID(&ownerId);
1388 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
1390 // Owners -- Mandatory
1391 memcpy(&newDefaultAcl->rownerID, &ownerId, sizeof(OicUuid_t));
1393 return newDefaultAcl;
1395 DeleteACLList(newDefaultAcl);
1400 OCStackResult UpdateDefaultSecProvACL()
1402 OCStackResult ret = OC_STACK_OK;
1403 OicSecAcl_t *acl = NULL;
1404 OicSecAcl_t *tmp = NULL;
1408 int matchedRsrc = 0;
1409 bool isRemoved = false;
1411 LL_FOREACH_SAFE(gAcl, acl, tmp)
1413 //Find default security resource ACL
1414 if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
1415 ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
1419 for(size_t i = 0; i < acl->resourcesLen; i++)
1421 if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
1422 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
1423 strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
1424 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
1425 strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
1426 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
1427 strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
1428 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
1434 //If default security resource ACL is detected, delete it.
1435 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
1437 LL_DELETE(gAcl, acl);
1447 * Generate new security resource ACL as follows :
1449 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
1452 OicSecAcl_t *newDefaultAcl = GetSecDefaultACL();
1455 LL_APPEND(gAcl, newDefaultAcl);
1458 uint8_t *payload = NULL;
1459 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1461 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1474 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
1476 OCStackResult ret = OC_STACK_ERROR;
1477 uint8_t *cborPayload = NULL;
1479 OicUuid_t prevId = {.id={0}};
1481 if(NULL == newROwner)
1483 ret = OC_STACK_INVALID_PARAM;
1487 ret = OC_STACK_NO_RESOURCE;
1490 if(newROwner && gAcl)
1492 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
1493 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
1495 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
1496 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1498 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
1499 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1501 OICFree(cborPayload);
1507 OICFree(cborPayload);
1508 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
1512 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
1514 OCStackResult retVal = OC_STACK_ERROR;
1517 *rowneruuid = gAcl->rownerID;
1518 retVal = OC_STACK_OK;