1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "iotivity_config.h"
24 #elif defined(HAVE_STRINGS_H)
32 #include "ocserverrequest.h"
33 #include "oic_malloc.h"
34 #include "oic_string.h"
36 #include "ocpayload.h"
38 #include "payload_logging.h"
39 #include "srmresourcestrings.h"
40 #include "aclresource.h"
41 #include "doxmresource.h"
42 #include "resourcemanager.h"
43 #include "srmutility.h"
44 #include "psinterface.h"
45 #include "ocpayloadcbor.h"
47 #include "security_internals.h"
50 #define NUMBER_OF_SEC_PROV_RSCS 4
51 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
52 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
54 static const uint8_t ACL_MAP_SIZE = 4;
55 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
56 static const uint8_t ACL_ACES_MAP_SIZE = 3;
57 static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
60 // CborSize is the default cbor payload size being used.
61 static const uint16_t CBOR_SIZE = 2048*8;
63 static OicSecAcl_t *gAcl = NULL;
64 static OCResourceHandle gAclHandle = NULL;
66 void FreeRsrc(OicSecRsrc_t *rsrc)
68 //Clean each member of resource
72 if(0 < rsrc->typeLen && rsrc->types)
74 for(size_t i = 0; i < rsrc->typeLen; i++)
76 OICFree(rsrc->types[i]);
82 if(0 < rsrc->interfaceLen && rsrc->interfaces)
84 for(size_t i = 0; i < rsrc->interfaceLen; i++)
86 OICFree(rsrc->interfaces[i]);
88 OICFree(rsrc->interfaces);
89 rsrc->interfaces = NULL;
96 * This function frees OicSecAcl_t object's fields and object itself.
98 static void FreeACE(OicSecAce_t *ace)
102 OIC_LOG(ERROR, TAG, "Invalid Parameter");
107 OicSecRsrc_t* rsrc = NULL;
108 OicSecRsrc_t* tmpRsrc = NULL;
109 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
111 LL_DELETE(ace->resources, rsrc);
116 OicSecValidity_t *validity = NULL;
117 OicSecValidity_t *tmpValidity = NULL;
118 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
120 LL_DELETE(ace->validities, validity);
123 OICFree(validity->period);
126 for(size_t i = 0; i < validity->recurrenceLen; i++)
128 OICFree(validity->recurrences[i]);
130 OICFree(validity->recurrences);
140 void DeleteACLList(OicSecAcl_t* acl)
144 OicSecAce_t *ace = NULL;
145 OicSecAce_t *tmpAce = NULL;
146 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
148 LL_DELETE(acl->aces, ace);
156 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
158 OicSecAce_t* newAce = NULL;
159 size_t allocateSize = 0;
163 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
164 VERIFY_NON_NULL(TAG, newAce, ERROR);
167 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
169 OicSecRsrc_t* rsrc = NULL;
170 LL_FOREACH(ace->resources, rsrc)
172 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
173 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
174 LL_APPEND(newAce->resources, newRsrc);
177 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
178 allocateSize = strlen(rsrc->href) + 1;
179 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
180 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
181 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
185 allocateSize = strlen(rsrc->rel) + 1;
186 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
187 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
188 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
191 if(rsrc->types && 0 < rsrc->typeLen)
193 newRsrc->typeLen = rsrc->typeLen;
194 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
195 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
196 for(size_t i = 0; i < rsrc->typeLen; i++)
198 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
199 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
203 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
205 newRsrc->interfaceLen = rsrc->interfaceLen;
206 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
207 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
208 for(size_t i = 0; i < rsrc->interfaceLen; i++)
210 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
211 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
217 newAce->permission = ace->permission;
222 OicSecValidity_t* validity = NULL;
223 LL_FOREACH(ace->validities, validity)
225 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
226 VERIFY_NON_NULL(TAG, newValidity, ERROR);
227 LL_APPEND(newAce->validities, newValidity);
231 allocateSize = strlen(validity->period) + 1;
232 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
233 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
234 OICStrcpy(newValidity->period, allocateSize, validity->period);
237 if(validity->recurrences && 0 < validity->recurrenceLen)
239 newValidity->recurrenceLen = validity->recurrenceLen;
241 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
242 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
244 for(size_t i = 0; i < validity->recurrenceLen; i++)
246 allocateSize = strlen(validity->recurrences[i]) + 1;
247 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
248 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
249 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
265 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
271 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
281 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
283 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
285 return OC_STACK_INVALID_PARAM;
288 OCStackResult ret = OC_STACK_ERROR;
289 CborError cborEncoderResult = CborNoError;
290 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
291 OicSecAce_t* ace = NULL;
294 CborEncoder aclListMap;
295 CborEncoder acesArray;
296 uint8_t *outPayload = NULL;
297 size_t cborLen = *size;
306 outPayload = (uint8_t *)OICCalloc(1, cborLen);
307 VERIFY_NON_NULL(TAG, outPayload, ERROR);
308 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
310 // Create ACL Map (aclist, rownerid)
311 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
312 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
314 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
315 strlen(OIC_JSON_ACLIST_NAME));
316 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
318 // Create ACLIST Map (aces)
319 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
322 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
323 strlen(OIC_JSON_ACES_NAME));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
327 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
328 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
331 LL_FOREACH (acl->aces, ace)
333 CborEncoder oicSecAclMap;
334 // ACL Map size - Number of mandatory items
335 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
338 OicSecValidity_t* validityElts = ace->validities;
341 if(validityElts->period)
345 if(validityElts->recurrences)
351 #ifdef _ENABLE_MULTIPLE_OWNER_
356 #endif //_ENABLE_MULTIPLE_OWNER_
358 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
359 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
361 // Subject -- Mandatory
362 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
363 strlen(OIC_JSON_SUBJECTID_NAME));
364 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
365 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
366 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
367 if(inLen == WILDCARD_SUBJECT_ID_LEN)
369 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
370 strlen(WILDCARD_RESOURCE_URI));
371 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
375 char *subject = NULL;
376 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
377 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
378 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
379 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
385 CborEncoder resources;
386 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
387 strlen(OIC_JSON_RESOURCES_NAME));
388 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
391 OicSecRsrc_t* rsrcElts = NULL;
392 LL_FOREACH(ace->resources, rsrcElts)
397 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
398 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
400 OicSecRsrc_t* rsrc = NULL;
401 LL_FOREACH(ace->resources, rsrc)
405 size_t rsrcMapSize = ACL_RESOURCE_MAP_SIZE;
411 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
412 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
415 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
416 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
417 strlen(OIC_JSON_HREF_NAME));
418 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
419 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
420 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
422 //resource type -- Mandatory
423 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
424 strlen(OIC_JSON_RT_NAME));
425 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
427 CborEncoder resourceTypes;
428 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
430 for(size_t i = 0; i < rsrc->typeLen; i++)
432 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
433 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
435 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
436 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
438 //interface -- Mandatory
439 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
440 strlen(OIC_JSON_IF_NAME));
441 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
443 CborEncoder interfaces;
444 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
445 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
446 for(size_t i = 0; i < rsrc->interfaceLen; i++)
448 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
449 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
451 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
452 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
457 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
458 strlen(OIC_JSON_REL_NAME));
459 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
460 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
461 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
464 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
465 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
467 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
468 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
471 // Permissions -- Mandatory
472 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
473 strlen(OIC_JSON_PERMISSION_NAME));
474 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
475 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
476 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
478 // TODO: Need to verfication for validity
479 // Validity(Time-interval) -- Not Mandatory
482 size_t validityLen = 0;
484 LL_FOREACH(ace->validities, validityElts)
489 CborEncoder validities;
490 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
491 strlen(OIC_JSON_VALIDITY_NAME));
492 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
493 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
494 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
496 //How to add the value w/o "title" using tinycobr...? :(
499 LL_FOREACH(ace->validities, validityElts)
501 CborEncoder validity;
502 size_t validitySize = 0;
503 if(validityElts->period)
507 if(validityElts->recurrences)
512 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
513 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
516 if (validityElts->period)
518 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
519 strlen(validityElts->period));
520 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
524 if (validityElts->recurrences)
526 CborEncoder recurrences;
527 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
528 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
530 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
532 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
533 strlen(validityElts->recurrences[i]));
534 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
536 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
540 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
541 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
544 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
545 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
548 #ifdef _ENABLE_MULTIPLE_OWNER_
549 // Eownerid -- Not Mandatory
553 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_EOWNERID_NAME,
554 strlen(OIC_JSON_EOWNERID_NAME));
555 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
556 ret = ConvertUuidToStr(ace->eownerID, &eowner);
557 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
558 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, eowner, strlen(eowner));
560 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
562 #endif //_ENABLE_MULTIPLE_OWNER_
564 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
569 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
570 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
573 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
574 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
579 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
580 strlen(OIC_JSON_ROWNERID_NAME));
581 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
582 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
583 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
584 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
585 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
591 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
592 strlen(OIC_JSON_RT_NAME));
593 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
594 cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
595 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
596 for (size_t i = 0; i < 1; i++)
598 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
599 strlen(OIC_RSRC_TYPE_SEC_ACL));
600 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
602 cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
603 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
607 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
608 strlen(OIC_JSON_IF_NAME));
609 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
610 cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
611 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
612 for (size_t i = 0; i < 1; i++)
614 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
615 strlen(OC_RSRVD_INTERFACE_DEFAULT));
616 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
618 cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
619 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
622 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
623 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
625 if (CborNoError == cborEncoderResult)
627 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
628 *size = encoder.ptr - outPayload;
629 *payload = outPayload;
633 if (CborErrorOutOfMemory == cborEncoderResult)
635 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
637 // reallocate and try again!
639 // Since the allocated initial memory failed, double the memory.
640 cborLen += encoder.ptr - encoder.end;
641 cborEncoderResult = CborNoError;
642 ret = AclToCBORPayload(secAcl, payload, &cborLen);
645 else if (cborEncoderResult != CborNoError)
647 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
652 ret = OC_STACK_ERROR;
658 // This function converts CBOR format to ACL data.
659 // Caller needs to invoke 'free' when done using
660 // It parses { "aclist" : [ { ... } ] } instead of { "aclist" : { "aces" : [ ] } }
661 OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size)
663 if (NULL == cborPayload || 0 == size)
667 OCStackResult ret = OC_STACK_ERROR;
668 CborValue aclCbor = { .parser = NULL };
669 CborParser parser = { .end = NULL };
670 CborError cborFindResult = CborNoError;
671 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
673 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
676 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
677 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
678 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
680 while (cbor_value_is_valid(&aclMap))
682 char* tagName = NULL;
684 CborType type = cbor_value_get_type(&aclMap);
685 if (type == CborTextStringType)
687 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
688 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
689 cborFindResult = cbor_value_advance(&aclMap);
690 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
694 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
697 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
698 cborFindResult = cbor_value_enter_container(&aclMap, &acesArray);
699 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
702 while (cbor_value_is_valid(&acesArray))
705 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
706 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
707 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
709 OicSecAce_t *ace = NULL;
710 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
711 VERIFY_NON_NULL(TAG, ace, ERROR);
712 LL_APPEND(acl->aces, ace);
714 VERIFY_NON_NULL(TAG, acl, ERROR);
716 while (cbor_value_is_valid(&aceMap))
720 CborType type = cbor_value_get_type(&aceMap);
721 if (type == CborTextStringType)
723 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
724 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
725 cborFindResult = cbor_value_advance(&aceMap);
726 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
730 // Subject -- Mandatory
731 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
733 char *subject = NULL;
734 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
735 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
736 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
738 ace->subjectuuid.id[0] = '*';
742 OIC_LOG_V(DEBUG, TAG, "Converting subjectuuid = %s to uuid...", subject);
743 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
744 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
749 // Resources -- Mandatory
750 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
752 CborValue resources = { .parser = NULL };
753 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
754 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
756 while (cbor_value_is_valid(&resources))
759 CborValue rMap = { .parser = NULL };
760 cborFindResult = cbor_value_enter_container(&resources, &rMap);
761 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
763 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
764 VERIFY_NON_NULL(TAG, rsrc, ERROR);
765 LL_APPEND(ace->resources, rsrc);
767 while(cbor_value_is_valid(&rMap))
769 char *rMapName = NULL;
770 size_t rMapNameLen = 0;
771 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
772 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
773 cborFindResult = cbor_value_advance(&rMap);
774 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
777 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
779 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
780 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
784 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
786 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
787 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
788 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
790 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
791 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
793 CborValue resourceTypes;
794 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
795 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
797 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
800 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
801 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
802 cborFindResult = cbor_value_advance(&resourceTypes);
803 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
808 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
810 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
811 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
812 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
814 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
815 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
817 CborValue interfaces;
818 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
819 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
821 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
824 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
825 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
826 cborFindResult = cbor_value_advance(&interfaces);
827 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
832 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
834 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
835 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
838 if (cbor_value_is_valid(&rMap))
840 cborFindResult = cbor_value_advance(&rMap);
841 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
846 if (cbor_value_is_valid(&resources))
848 cborFindResult = cbor_value_advance(&resources);
849 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
854 // Permissions -- Mandatory
855 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
858 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
859 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
860 ace->permission = (uint16_t)tmp64;
863 // TODO: Need to verfication for validity
864 // Validity -- Not mandatory
865 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
867 CborValue validitiesMap = {.parser = NULL};
868 size_t validitySize = 0;
870 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
871 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
873 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
874 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
876 while(cbor_value_is_valid(&validitiesMap))
878 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
879 VERIFY_NON_NULL(TAG, validity, ERROR);
880 LL_APPEND(ace->validities, validity);
882 CborValue validityMap = {.parser = NULL};
884 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
885 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
888 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
889 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
891 //recurrence (string array)
892 CborValue recurrenceMap = {.parser = NULL};
893 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
894 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
896 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
897 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
899 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
900 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
902 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
904 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
905 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
907 cborFindResult = cbor_value_advance(&recurrenceMap);
908 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
911 cborFindResult = cbor_value_advance(&validitiesMap);
912 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
918 if (type != CborMapType && cbor_value_is_valid(&aceMap))
920 cborFindResult = cbor_value_advance(&aceMap);
921 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
925 if (cbor_value_is_valid(&acesArray))
927 cborFindResult = cbor_value_advance(&acesArray);
928 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
933 //rownerID -- Mandatory
934 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
936 char *stRowner = NULL;
937 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
938 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
939 OIC_LOG_V(DEBUG, TAG, "Converting rownerid = %s to uuid...", stRowner);
940 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
941 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
946 if (cbor_value_is_valid(&aclMap))
948 cborFindResult = cbor_value_advance(&aclMap);
949 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
954 if (cborFindResult != CborNoError)
956 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
964 // This function converts CBOR format to ACL data.
965 // Caller needs to invoke 'free' when done using
966 // note: This function is used in unit test hence not declared static,
967 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
969 if (NULL == cborPayload || 0 == size)
973 OCStackResult ret = OC_STACK_ERROR;
974 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
975 CborValue aclCbor = { .parser = NULL };
976 CborParser parser = { .end = NULL };
977 CborError cborFindResult = CborNoError;
979 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
981 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
982 VERIFY_NON_NULL(TAG, acl, ERROR);
985 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
986 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
988 while (cbor_value_is_valid(&aclMap))
990 char* tagName = NULL;
992 CborType type = cbor_value_get_type(&aclMap);
993 if (type == CborTextStringType)
995 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
996 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
997 cborFindResult = cbor_value_advance(&aclMap);
998 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
1002 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
1005 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1006 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
1007 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
1009 while (cbor_value_is_valid(&aclistMap))
1011 char* acName = NULL;
1013 CborType acType = cbor_value_get_type(&aclistMap);
1014 if (acType == CborTextStringType)
1016 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
1017 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
1018 cborFindResult = cbor_value_advance(&aclistMap);
1019 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
1024 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
1027 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1028 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
1029 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
1032 while (cbor_value_is_valid(&acesArray))
1035 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1036 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
1037 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
1039 OicSecAce_t *ace = NULL;
1040 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1041 VERIFY_NON_NULL(TAG, ace, ERROR);
1042 LL_APPEND(acl->aces, ace);
1044 while (cbor_value_is_valid(&aceMap))
1048 CborType type = cbor_value_get_type(&aceMap);
1049 if (type == CborTextStringType)
1051 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
1052 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
1053 cborFindResult = cbor_value_advance(&aceMap);
1054 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
1058 // Subject -- Mandatory
1059 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
1061 char *subject = NULL;
1062 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
1063 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
1064 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
1066 ace->subjectuuid.id[0] = '*';
1070 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
1071 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1076 // Resources -- Mandatory
1077 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
1079 CborValue resources = { .parser = NULL };
1080 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
1081 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
1083 while (cbor_value_is_valid(&resources))
1086 CborValue rMap = { .parser = NULL };
1087 cborFindResult = cbor_value_enter_container(&resources, &rMap);
1088 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
1090 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1091 VERIFY_NON_NULL(TAG, rsrc, ERROR);
1092 LL_APPEND(ace->resources, rsrc);
1094 while(cbor_value_is_valid(&rMap))
1096 char *rMapName = NULL;
1097 size_t rMapNameLen = 0;
1098 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
1099 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
1100 cborFindResult = cbor_value_advance(&rMap);
1101 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
1104 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
1106 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
1107 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
1111 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
1113 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
1114 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
1115 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
1117 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
1118 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
1120 CborValue resourceTypes;
1121 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
1122 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
1124 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
1126 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
1127 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
1128 cborFindResult = cbor_value_advance(&resourceTypes);
1129 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
1134 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
1136 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
1137 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
1138 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
1140 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
1141 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
1143 CborValue interfaces;
1144 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
1145 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
1147 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
1149 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
1150 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
1151 cborFindResult = cbor_value_advance(&interfaces);
1152 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
1157 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
1159 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
1160 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
1163 if (cbor_value_is_valid(&rMap))
1165 cborFindResult = cbor_value_advance(&rMap);
1166 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
1171 if (cbor_value_is_valid(&resources))
1173 cborFindResult = cbor_value_advance(&resources);
1174 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
1179 // Permissions -- Mandatory
1180 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
1183 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
1184 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
1185 ace->permission = (uint16_t)tmp64;
1188 // TODO: Need to verfication for validity
1189 // Validity -- Not mandatory
1190 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
1192 CborValue validitiesMap = {.parser = NULL};
1193 size_t validitySize = 0;
1195 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
1196 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
1198 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
1199 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
1201 while(cbor_value_is_valid(&validitiesMap))
1203 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
1204 VERIFY_NON_NULL(TAG, validity, ERROR);
1205 LL_APPEND(ace->validities, validity);
1207 CborValue validityMap = {.parser = NULL};
1209 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
1210 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
1213 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
1214 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
1216 //recurrence (string array)
1217 CborValue recurrenceMap = {.parser = NULL};
1218 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
1219 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
1221 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
1222 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
1224 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
1225 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
1227 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
1229 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
1230 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
1232 cborFindResult = cbor_value_advance(&recurrenceMap);
1233 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
1236 cborFindResult = cbor_value_advance(&validitiesMap);
1237 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
1241 #ifdef _ENABLE_MULTIPLE_OWNER_
1242 // eowner uuid -- Not Mandatory
1243 if (strcmp(name, OIC_JSON_EOWNERID_NAME) == 0)
1245 char *eowner = NULL;
1246 cborFindResult = cbor_value_dup_text_string(&aceMap, &eowner, &len, NULL);
1247 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1248 if(NULL == ace->eownerID)
1250 ace->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1251 VERIFY_NON_NULL(TAG, ace->eownerID, ERROR);
1253 ret = ConvertStrToUuid(eowner, ace->eownerID);
1255 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1257 #endif //_ENABLE_MULTIPLE_OWNER_
1261 if (type != CborMapType && cbor_value_is_valid(&aceMap))
1263 cborFindResult = cbor_value_advance(&aceMap);
1264 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
1268 if (cbor_value_is_valid(&acesArray))
1270 cborFindResult = cbor_value_advance(&acesArray);
1271 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
1278 if (cbor_value_is_valid(&aclistMap))
1280 cborFindResult = cbor_value_advance(&aclistMap);
1281 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
1286 //rownerID -- Mandatory
1287 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
1289 char *stRowner = NULL;
1290 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
1291 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1292 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
1293 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1296 else if (NULL != gAcl)
1298 memcpy(&(acl->rownerID), &(gAcl->rownerID), sizeof(OicUuid_t));
1302 if (cbor_value_is_valid(&aclMap))
1304 cborFindResult = cbor_value_advance(&aclMap);
1305 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
1310 if (cborFindResult != CborNoError)
1312 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
1320 #ifdef _ENABLE_MULTIPLE_OWNER_
1321 bool IsValidAclAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, const size_t size)
1323 bool retValue = false;
1324 OicSecAcl_t* acl = NULL;
1326 VERIFY_NON_NULL(TAG, uuid, ERROR);
1327 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1328 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1330 acl = CBORPayloadToAcl(cborPayload, size);
1331 VERIFY_NON_NULL(TAG, acl, ERROR);
1333 OicSecAce_t* ace = NULL;
1334 OicSecAce_t* tempAce = NULL;
1335 LL_FOREACH_SAFE(acl->aces, ace, tempAce)
1337 OicSecRsrc_t* rsrc = NULL;
1338 OicSecRsrc_t* tempRsrc = NULL;
1340 VERIFY_NON_NULL(TAG, ace->eownerID, ERROR);
1341 VERIFY_SUCCESS(TAG, memcmp(ace->eownerID->id, uuid->id, sizeof(uuid->id)) == 0, ERROR);
1343 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1345 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_DOXM) != 0, ERROR);
1346 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_CRED) != 0, ERROR);
1347 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_ACL) != 0, ERROR);
1348 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_PSTAT) != 0, ERROR);
1349 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_CRL) != 0, ERROR);
1360 #endif //_ENABLE_MULTIPLE_OWNER_
1363 * This method removes ACE for the subject and resource from the ACL
1365 * @param subject of the ACE
1366 * @param resource of the ACE
1369 * ::OC_STACK_RESOURCE_DELETED on success
1370 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
1371 * ::OC_STACK_INVALID_PARAM on invalid parameter
1373 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
1375 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
1377 OicSecAce_t *ace = NULL;
1378 OicSecAce_t *tempAce = NULL;
1379 bool deleteFlag = false;
1380 OCStackResult ret = OC_STACK_NO_RESOURCE;
1382 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
1384 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
1385 return OC_STACK_INVALID_PARAM;
1388 //If resource is NULL then delete all the ACE for the subject.
1389 if (NULL == resource || resource[0] == '\0')
1391 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1393 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1395 LL_DELETE(gAcl->aces, ace);
1403 //Looping through ACL to find the right ACE to delete. If the required resource is the only
1404 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
1405 //than the required resource in the ACE, for the subject then just delete the resource from
1406 //the resource array
1407 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1409 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1411 OicSecRsrc_t* rsrc = NULL;
1412 OicSecRsrc_t* tempRsrc = NULL;
1413 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1415 if(strcmp(rsrc->href, resource) == 0)
1417 LL_DELETE(ace->resources, rsrc);
1423 //If resource list is empty
1424 if(NULL == ace->resources && true == deleteFlag)
1426 //Remove the ACE from ACL
1427 LL_DELETE(gAcl->aces, ace);
1436 // In case of unit test do not update persistant storage.
1437 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1439 ret = OC_STACK_RESOURCE_DELETED;
1443 uint8_t *payload = NULL;
1445 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1447 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1449 ret = OC_STACK_RESOURCE_DELETED;
1459 * This method parses the query string received for REST requests and
1460 * retrieves the 'subject' field.
1462 * @param query querystring passed in REST request
1463 * @param subject subject UUID parsed from query string
1465 * @return true if query parsed successfully and found 'subject', else false.
1467 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1469 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1471 ParseQueryIterInit((unsigned char *) query, &parseIter);
1473 while (GetNextQuery (&parseIter))
1475 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1477 char strUuid[STRING_UUID_SIZE] = {0};
1478 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1479 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1480 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1481 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1491 * This method parses the query string received for REST requests and
1492 * retrieves the 'resource' field.
1494 * @param query querystring passed in REST request
1495 * @param resource resource parsed from query string
1496 * @param resourceSize size of the memory pointed to resource
1498 * @return true if query parsed successfully and found 'resource', else false.
1500 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1502 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1504 ParseQueryIterInit((unsigned char *) query, &parseIter);
1506 while (GetNextQuery (&parseIter))
1508 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1511 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1512 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1522 static size_t GetNumberOfResource(OicSecRsrc_t* resources)
1527 OicSecRsrc_t* rsrc = NULL;
1528 LL_FOREACH(resources, rsrc)
1536 static size_t GetNumberOfValidity(OicSecValidity_t* val)
1542 OicSecValidity_t* temp = NULL;
1543 LL_FOREACH(val, temp)
1552 static bool IsSameStringArray(char** strArr1, size_t strArr1Len,
1553 char** strArr2, size_t strArr2Len)
1556 if(NULL == strArr1 && NULL == strArr2)
1561 if(strArr1 && strArr2 && NULL == *strArr1 && NULL == *strArr2)
1566 if(strArr1 && strArr2)
1568 if(*strArr1 && *strArr2 && strArr1Len == strArr2Len)
1570 size_t matchedStr = 0;
1571 for(size_t i = 0; i < strArr1Len; i++)
1573 for(size_t j = 0; j < strArr2Len; j++)
1575 if(strcmp(strArr1[i], strArr2[j]) == 0)
1581 if(matchedStr == strArr1Len)
1591 static bool IsSameResources(OicSecRsrc_t* resources1, OicSecRsrc_t* resources2)
1593 size_t numOfRsrc1 = 0;
1594 size_t numOfRsrc2 = 0;
1595 size_t numOfMatchedRsrc = 0;
1596 OicSecRsrc_t* rsrc1 = NULL;
1597 OicSecRsrc_t* rsrc2 = NULL;
1599 if(NULL == resources1 && NULL == resources2)
1604 if(resources1 && resources2)
1606 numOfRsrc1 = GetNumberOfResource(resources1);
1607 numOfRsrc2 = GetNumberOfResource(resources2);
1609 if(0 == numOfRsrc1 && 0 == numOfRsrc2)
1614 LL_FOREACH(resources1, rsrc1)
1617 LL_FOREACH(resources2, rsrc2)
1621 if(strcmp(rsrc1->href, rsrc2->href) == 0 &&
1622 IsSameStringArray(rsrc1->interfaces, rsrc1->interfaceLen,
1623 rsrc2->interfaces, rsrc2->interfaceLen) &&
1624 IsSameStringArray(rsrc1->types, rsrc1->typeLen,
1625 rsrc2->types, rsrc2->typeLen))
1627 // TODO: Update codes to compare 'rel' property
1634 if(numOfMatchedRsrc == numOfRsrc1)
1643 static bool IsSameValidities(OicSecValidity_t* validities1, OicSecValidity_t* validities2)
1645 size_t numOfVal1 = 0;
1646 size_t numOfVal2 = 0;
1647 size_t numOfMatchedVal = 0;
1648 OicSecValidity_t* val1 = NULL;
1649 OicSecValidity_t* val2 = NULL;
1651 if(NULL == validities1 && NULL == validities2)
1656 if(validities1 && validities2)
1658 numOfVal1 = GetNumberOfValidity(validities1);
1659 numOfVal2 = GetNumberOfValidity(validities2);
1660 if(0 == numOfVal1 && 0 == numOfVal2)
1665 if(numOfVal1 == numOfVal2)
1667 LL_FOREACH(validities1, val1)
1669 LL_FOREACH(validities2, val2)
1671 if(strcmp(val1->period, val2->period) == 0 &&
1672 IsSameStringArray(val1->recurrences, val1->recurrenceLen,
1673 val2->recurrences, val2->recurrenceLen))
1679 if(numOfVal1 == numOfMatchedVal)
1689 static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
1693 if(memcmp(ace1->subjectuuid.id, ace2->subjectuuid.id, sizeof(ace1->subjectuuid.id)) != 0)
1698 if(false == IsSameResources(ace1->resources, ace2->resources))
1703 if(ace1->permission != ace2->permission)
1708 if(false == IsSameValidities(ace1->validities, ace2->validities))
1720 * Internal function to remove all ACL data on ACL resource and persistent storage
1723 * OC_STACK_RESOURCE_DELETED - no errors
1726 static OCStackResult RemoveAllAce(void)
1728 OCStackResult ret = OC_STACK_ERROR;
1729 uint8_t* aclBackup = NULL;
1730 size_t backupSize = 0;
1731 uint8_t* payload = NULL;
1733 OicSecAce_t* aceItem = NULL;
1734 OicSecAce_t* tempAce = NULL;
1736 OIC_LOG(INFO, TAG, "IN RemoveAllAce");
1738 //Backup the current ACL
1739 ret = AclToCBORPayload(gAcl, &aclBackup, &backupSize);
1740 if(OC_STACK_OK == ret)
1742 // Remove all ACE from ACL
1743 LL_FOREACH_SAFE(gAcl->aces, aceItem, tempAce)
1745 LL_DELETE(gAcl->aces, aceItem);
1749 //Generate empty ACL payload
1750 ret = AclToCBORPayload(gAcl, &payload, &size);
1751 if (OC_STACK_OK == ret )
1754 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
1755 if (OC_STACK_OK != ret)
1757 OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
1761 if(OC_STACK_OK != ret)
1763 OIC_LOG_V(ERROR, TAG, "Error while DELETE ACE : %d", ret);
1765 //If some erorr is occured, revert back.
1766 OicSecAcl_t* originAcl = CBORPayloadToAcl(aclBackup, backupSize);
1769 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, aclBackup, backupSize);
1770 if (OC_STACK_OK == ret)
1772 DeleteACLList(gAcl);
1777 OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
1782 OIC_LOG(FATAL, TAG, "Error in CBORPayloadToAcl");
1783 ret = OC_STACK_ERROR;
1791 OIC_LOG(INFO, TAG, "OUT RemoveAllAce");
1793 return (OC_STACK_OK == ret ? OC_STACK_RESOURCE_DELETED : ret);
1796 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1798 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1799 uint8_t* payload = NULL;
1801 OCEntityHandlerResult ehRet;
1803 OicUuid_t subject = {.id= { 0 } };
1805 // In case, 'subject' field is included in REST request.
1806 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1808 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1809 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1811 char resource[MAX_URI_LENGTH] = { 0 };
1813 OicSecAce_t *savePtr = NULL;
1814 const OicSecAce_t *currentAce = NULL;
1815 OicSecAcl_t targetAcl;
1817 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1818 targetAcl.aces = NULL;
1820 // 'Subject' field is MUST for processing a querystring in REST request.
1821 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1824 * TODO : Currently, this code only provides one ACE for a Subject.
1825 * Below code needs to be updated for scenarios when Subject have
1826 * multiple ACE's in ACL resource.
1828 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1830 targetAcl.aces = (OicSecAce_t*)currentAce;
1833 * If REST querystring contains a specific resource, we need
1834 * to search for that resource in ACE.
1836 if (resource[0] != '\0')
1838 OicSecRsrc_t *rsrc = NULL;
1839 LL_FOREACH(currentAce->resources, rsrc)
1841 if(0 == strcmp(rsrc->href, resource) ||
1842 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1844 // Convert ACL data into CBOR format for transmission
1845 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1847 ehRet = OC_EH_ERROR;
1855 // Convert ACL data into CBOR format for transmission
1856 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1858 ehRet = OC_EH_ERROR;
1864 // In case, 'subject' field is not included in REST request.
1867 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1868 // Convert ACL data into CBOR format for transmission.
1869 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1871 ehRet = OC_EH_ERROR;
1875 // A device should always have a default acl. Therefore, payload should never be NULL.
1876 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1877 OIC_LOG(DEBUG, TAG, "ACL payload with GET response");
1878 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1880 //Send payload to request originator
1881 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1882 OC_EH_OK : OC_EH_ERROR;
1886 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1890 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1892 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1893 OCEntityHandlerResult ehRet = OC_EH_OK;
1895 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1896 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1897 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1900 OicSecAcl_t *newAcl = NULL;
1901 OIC_LOG(DEBUG, TAG, "ACL payload from POST request << ");
1902 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1904 newAcl = CBORPayloadToAcl(payload, size);
1907 bool isNewAce = true;
1908 OicSecAce_t* existAce = NULL;
1909 OicSecAce_t* newAce = NULL;
1910 OicSecAce_t* tempAce1 = NULL;
1911 OicSecAce_t* tempAce2 = NULL;
1913 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce1)
1916 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
1918 if(IsSameACE(newAce, existAce))
1925 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
1927 OicSecAce_t* insertAce = DuplicateACE(newAce);
1930 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
1931 LL_PREPEND(gAcl->aces, insertAce);
1935 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
1936 ehRet = OC_EH_ERROR;
1940 memcpy(&(gAcl->rownerID), &(newAcl->rownerID), sizeof(OicUuid_t));
1942 DeleteACLList(newAcl);
1944 if(OC_EH_OK == ehRet)
1947 uint8_t *cborPayload = NULL;
1949 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1951 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1953 ehRet = OC_EH_CHANGED;
1955 OICFree(cborPayload);
1958 if(OC_EH_CHANGED != ehRet)
1960 ehRet = OC_EH_ERROR;
1966 //Send response to request originator
1967 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1968 OC_EH_OK : OC_EH_ERROR;
1970 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1974 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1976 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1977 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1978 OicUuid_t subject = { .id= { 0 } };
1979 char resource[MAX_URI_LENGTH] = { 0 };
1981 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1983 // If 'Subject' field exist, processing a querystring in REST request.
1984 if(GetSubjectFromQueryString(ehRequest->query, &subject))
1986 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1988 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1990 ehRet = OC_EH_RESOURCE_DELETED;
1993 // If 'subject field not exist, remove all ACL data from ACL resource
1996 OIC_LOG(WARNING, TAG, "Can not find the 'subject' in querystring, All ACL list will be removed.");
1998 if(OC_STACK_RESOURCE_DELETED == RemoveAllAce())
2000 ehRet = OC_EH_RESOURCE_DELETED;
2005 //Send response to request originator
2006 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2007 OC_EH_OK : OC_EH_ERROR;
2012 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
2013 void* callbackParameter)
2015 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
2016 (void)callbackParameter;
2017 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2024 if (flag & OC_REQUEST_FLAG)
2026 // TODO : Handle PUT method
2027 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2028 switch (ehRequest->method)
2031 ehRet = HandleACLGetRequest(ehRequest);
2035 ehRet = HandleACLPostRequest(ehRequest);
2038 case OC_REST_DELETE:
2039 ehRet = HandleACLDeleteRequest(ehRequest);
2043 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2044 OC_EH_OK : OC_EH_ERROR;
2052 * This internal method is used to create '/oic/sec/acl' resource.
2054 static OCStackResult CreateACLResource()
2058 ret = OCCreateResource(&gAclHandle,
2059 OIC_RSRC_TYPE_SEC_ACL,
2060 OC_RSRVD_INTERFACE_DEFAULT,
2066 if (OC_STACK_OK != ret)
2068 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
2069 DeInitACLResource();
2074 // This function sets the default ACL and is defined for the unit test only.
2075 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
2081 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
2083 OCStackResult ret = OC_STACK_ERROR;
2084 OicUuid_t ownerId = { .id = { 0 } };
2085 OicSecAcl_t *acl = NULL;
2086 OicSecAce_t *ace = NULL;
2087 OicSecRsrc_t* resRsrc = NULL;
2088 OicSecRsrc_t* deviceRsrc = NULL;
2089 OicSecRsrc_t* platformRsrc = NULL;
2090 OicSecRsrc_t* aclRsrc = NULL;
2091 OicSecRsrc_t* doxmRsrc = NULL;
2092 OicSecRsrc_t* pstatRsrc = NULL;
2095 * TODO In future, when new virtual resources will be added in OIC
2096 * specification, Iotivity stack should be able to add them in
2097 * existing SVR database. To support this, we need to add 'versioning'
2098 * mechanism in SVR database.
2103 return OC_STACK_INVALID_PARAM;
2106 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
2107 VERIFY_NON_NULL(TAG, acl, ERROR);
2109 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
2110 VERIFY_NON_NULL(TAG, ace, ERROR);
2112 LL_APPEND(acl->aces, ace);
2114 // Subject -- Mandatory
2115 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
2117 // Resources -- Mandatory
2119 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2120 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
2121 LL_APPEND(ace->resources, resRsrc);
2122 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
2123 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
2124 resRsrc->typeLen = 1;
2125 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2126 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
2127 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
2128 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
2129 resRsrc->interfaceLen = 2;
2130 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
2131 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
2132 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2133 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
2134 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2135 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
2138 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2139 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
2140 LL_APPEND(ace->resources, deviceRsrc);
2141 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
2142 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
2143 deviceRsrc->typeLen = 1;
2144 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2145 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
2146 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
2147 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
2148 deviceRsrc->interfaceLen = 2;
2149 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
2150 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
2151 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2152 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
2153 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2154 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
2157 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2158 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
2159 LL_APPEND(ace->resources, platformRsrc);
2160 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
2161 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
2162 platformRsrc->typeLen = 1;
2163 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2164 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
2165 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
2166 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
2167 platformRsrc->interfaceLen = 2;
2168 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
2169 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
2170 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2171 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
2172 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2173 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
2176 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2177 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
2178 LL_APPEND(ace->resources, aclRsrc);
2179 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
2180 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
2181 aclRsrc->typeLen = 1;
2182 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2183 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
2184 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
2185 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
2186 aclRsrc->interfaceLen = 1;
2187 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
2188 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
2189 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2190 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
2193 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2194 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2195 LL_APPEND(ace->resources, doxmRsrc);
2196 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2197 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2198 doxmRsrc->typeLen = 1;
2199 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2200 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
2201 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
2202 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
2203 doxmRsrc->interfaceLen = 1;
2204 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
2205 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
2206 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2207 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
2210 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2211 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2212 LL_APPEND(ace->resources, pstatRsrc);
2213 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2214 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2215 pstatRsrc->typeLen = 1;
2216 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2217 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
2218 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
2219 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
2220 pstatRsrc->interfaceLen = 1;
2221 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
2222 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
2223 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2224 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
2226 ace->permission = PERMISSION_READ;
2227 ace->validities = NULL;
2229 // Device ID is the owner of this default ACL
2230 if (GetDoxmResourceData() != NULL)
2232 ret = GetDoxmDeviceID(&ownerId);
2233 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
2237 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
2238 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
2241 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
2248 if (ret != OC_STACK_OK)
2257 OCStackResult InitACLResource()
2259 OCStackResult ret = OC_STACK_ERROR;
2261 uint8_t *data = NULL;
2263 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
2264 // If database read failed
2265 if (OC_STACK_OK != ret)
2267 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
2271 // Read ACL resource from PS
2272 gAcl = CBORPayloadToAcl(data, size);
2276 * If SVR database in persistent storage got corrupted or
2277 * is not available for some reason, a default ACL is created
2278 * which allows user to initiate ACL provisioning again.
2282 ret = GetDefaultACL(&gAcl);
2283 if (OC_STACK_OK != ret)
2285 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
2287 // TODO Needs to update persistent storage
2289 VERIFY_NON_NULL(TAG, gAcl, FATAL);
2291 // Instantiate 'oic.sec.acl'
2292 ret = CreateACLResource();
2295 if (OC_STACK_OK != ret)
2297 DeInitACLResource();
2302 OCStackResult DeInitACLResource()
2304 OCStackResult ret = OCDeleteResource(gAclHandle);
2309 DeleteACLList(gAcl);
2315 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
2317 OicSecAce_t *ace = NULL;
2318 OicSecAce_t *begin = NULL;
2320 if (NULL == subjectId)
2326 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
2329 if (NULL == *savePtr)
2336 * If this is a 'successive' call, search for location pointed by
2337 * savePtr and assign 'begin' to the next ACL after it in the linked
2338 * list and start searching from there.
2340 LL_FOREACH(gAcl->aces, ace)
2342 if (ace == *savePtr)
2349 // Find the next ACL corresponding to the 'subjectID' and return it.
2350 LL_FOREACH(begin, ace)
2352 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
2359 // Cleanup in case no ACL is found
2364 void printACL(const OicSecAcl_t* acl)
2366 OIC_LOG(INFO, TAG, "Print ACL:");
2370 OIC_LOG(INFO, TAG, "Received NULL acl");
2374 char *rowner = NULL;
2375 if (OC_STACK_OK == ConvertUuidToStr(&acl->rownerID, &rowner))
2377 OIC_LOG_V(INFO, TAG, "rowner id = %s", rowner);
2381 OIC_LOG(ERROR, TAG, "Can't convert rowner uuid to string");
2385 const OicSecAce_t *ace = acl->aces;
2390 OIC_LOG_V(INFO, TAG, "Print ace[%d]:", ace_count);
2392 OIC_LOG_V(INFO, TAG, "ace permission = %d", ace->permission);
2394 char *subjectuuid = NULL;
2395 if (OC_STACK_OK == ConvertUuidToStr(&ace->subjectuuid, &subjectuuid))
2397 OIC_LOG_V(INFO, TAG, "ace subject uuid = %s", subjectuuid);
2401 OIC_LOG(ERROR, TAG, "Can't convert subjectuuid to string");
2403 OICFree(subjectuuid);
2405 OicSecRsrc_t *res = ace->resources;
2410 OIC_LOG_V(INFO, TAG, "Print resources[%d]:", res_count);
2412 OIC_LOG_V(INFO, TAG, "href = %s", res->href);
2414 for (size_t i = 0; i < res->typeLen; i++)
2416 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]);
2418 for (size_t i = 0; i < res->interfaceLen; i++)
2420 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->interfaces[i]);
2426 OicSecValidity_t *vals = ace->validities;
2431 OIC_LOG_V(INFO, TAG, "Print validities[%d]:", vals_count);
2433 OIC_LOG_V(INFO, TAG, "period = %s", vals->period);
2434 for (size_t i = 0; i < vals->recurrenceLen; i++)
2436 OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]);
2444 OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
2446 OCStackResult ret = OC_STACK_ERROR;
2450 return OC_STACK_INVALID_PARAM;
2453 // Append the new ACE to existing ACE list
2454 // Can't use LL_APPEND because it sets ace->next to NULL
2455 OicSecAce_t* ace = gAcl->aces;
2462 ace->next = acl->aces;
2466 gAcl->aces = acl->aces;
2472 uint8_t *payload = NULL;
2473 ret = AclToCBORPayload(gAcl, &payload, &size);
2474 if (OC_STACK_OK == ret)
2476 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
2483 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
2485 // Convert CBOR format to ACL data. This will also validate the ACL data received.
2486 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
2488 return InstallNewACL2(newAcl);
2492 * This function generates default ACE for security resource in case of owned status.
2494 * @return Default ACE for security resource.
2496 static OicSecAce_t* GetSecDefaultACE()
2498 const int NUM_OF_DOXM_RT = 1;
2499 const int NUM_OF_DOXM_IF = 1;
2500 const int NUM_OF_PSTAT_RT = 1;
2501 const int NUM_OF_PSTAT_IF = 1;
2502 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
2503 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
2504 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2505 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2506 OicSecRsrc_t* doxmRsrc = NULL;
2507 OicSecRsrc_t* pstatRsrc = NULL;
2509 //Generate default ACE
2510 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
2511 VERIFY_NON_NULL(TAG, newAce, ERROR);
2513 // Subject -- Mandatory
2514 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
2516 //Resources -- Mandatory
2518 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2519 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2520 LL_APPEND(newAce->resources, doxmRsrc);
2522 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2523 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2525 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
2526 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
2527 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
2528 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
2530 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
2531 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
2534 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
2535 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
2536 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
2537 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
2539 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
2540 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
2544 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2545 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2546 LL_APPEND(newAce->resources, pstatRsrc);
2548 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2549 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2551 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
2552 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
2553 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
2554 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
2556 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
2557 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
2560 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
2561 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
2562 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
2563 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
2565 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
2566 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
2569 // Permissions -- Mandatory
2570 newAce->permission = PERMISSION_READ;
2572 //Period -- Not Mandatory
2573 newAce->validities = NULL;
2582 OCStackResult UpdateDefaultSecProvACE()
2584 OCStackResult ret = OC_STACK_OK;
2585 OicSecAce_t *ace = NULL;
2586 OicSecAce_t *tempAce = NULL;
2590 int matchedRsrc = 0;
2591 bool isRemoved = false;
2593 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
2595 //Find default security resource ACL
2596 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
2597 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
2601 OicSecRsrc_t* rsrc = NULL;
2602 LL_FOREACH(ace->resources, rsrc)
2604 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
2605 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
2606 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
2607 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
2608 strncmp(rsrc->href, OIC_RSRC_ACL_URI,
2609 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
2610 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
2611 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
2617 //If default security resource ACL is detected, delete it.
2618 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
2620 LL_DELETE(gAcl->aces, ace);
2630 * Generate new security resource ACE as follows :
2632 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
2635 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
2638 LL_APPEND(gAcl->aces, secDefaultAce);
2641 uint8_t *payload = NULL;
2642 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
2644 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
2657 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
2659 OCStackResult ret = OC_STACK_ERROR;
2660 uint8_t *cborPayload = NULL;
2662 OicUuid_t prevId = {.id={0}};
2664 if(NULL == newROwner)
2666 ret = OC_STACK_INVALID_PARAM;
2670 ret = OC_STACK_NO_RESOURCE;
2673 if(newROwner && gAcl)
2675 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
2676 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
2678 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
2679 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2681 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
2682 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2684 OICFree(cborPayload);
2690 OICFree(cborPayload);
2691 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
2695 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
2697 OCStackResult retVal = OC_STACK_ERROR;
2700 *rowneruuid = gAcl->rownerID;
2701 retVal = OC_STACK_OK;