1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
31 #include "ocserverrequest.h"
32 #include "oic_malloc.h"
33 #include "oic_string.h"
35 #include "ocpayload.h"
37 #include "payload_logging.h"
38 #include "srmresourcestrings.h"
39 #include "aclresource.h"
40 #include "doxmresource.h"
41 #include "resourcemanager.h"
42 #include "srmutility.h"
43 #include "psinterface.h"
45 #include "security_internals.h"
48 #define NUMBER_OF_SEC_PROV_RSCS 4
49 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
50 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
52 static const uint8_t ACL_MAP_SIZE = 2;
53 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
54 static const uint8_t ACL_ACES_MAP_SIZE = 3;
55 static const uint8_t ACL_RESOURCE_MAP_SIZE = 4;
58 // CborSize is the default cbor payload size being used.
59 static const uint16_t CBOR_SIZE = 2048;
61 static OicSecAcl_t *gAcl = NULL;
62 static OCResourceHandle gAclHandle = NULL;
65 * This function frees OicSecRsrc_t object's fields and object itself.
67 static void FreeRsrc(OicSecRsrc_t *rsrc)
69 //Clean each member of resource
73 if(0 < rsrc->typeLen && rsrc->types)
75 for(size_t i = 0; i < rsrc->typeLen; i++)
77 OICFree(rsrc->types[i]);
83 if(0 < rsrc->interfaceLen && rsrc->interfaces)
85 for(size_t i = 0; i < rsrc->interfaceLen; i++)
87 OICFree(rsrc->interfaces[i]);
89 OICFree(rsrc->interfaces);
90 rsrc->interfaces = NULL;
97 * This function frees OicSecAcl_t object's fields and object itself.
99 static void FreeACE(OicSecAce_t *ace)
103 OIC_LOG(ERROR, TAG, "Invalid Parameter");
108 OicSecRsrc_t* rsrc = NULL;
109 OicSecRsrc_t* tmpRsrc = NULL;
110 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
112 LL_DELETE(ace->resources, rsrc);
117 OicSecValidity_t *validity = NULL;
118 OicSecValidity_t *tmpValidity = NULL;
119 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
121 LL_DELETE(ace->validities, validity);
124 OICFree(validity->period);
127 for(size_t i = 0; i < validity->recurrenceLen; i++)
129 OICFree(validity->recurrences[i]);
131 OICFree(validity->recurrences);
141 void DeleteACLList(OicSecAcl_t* acl)
145 OicSecAce_t *ace = NULL;
146 OicSecAce_t *tmpAce = NULL;
147 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
149 LL_DELETE(acl->aces, ace);
157 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
159 OicSecAce_t* newAce = NULL;
160 size_t allocateSize = 0;
164 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
165 VERIFY_NON_NULL(TAG, newAce, ERROR);
168 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
170 OicSecRsrc_t* rsrc = NULL;
171 LL_FOREACH(ace->resources, rsrc)
173 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
174 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
175 LL_APPEND(newAce->resources, newRsrc);
178 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
179 allocateSize = strlen(rsrc->href) + 1;
180 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
181 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
182 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
186 allocateSize = strlen(rsrc->rel) + 1;
187 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
188 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
189 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
192 if(rsrc->types && 0 < rsrc->typeLen)
194 newRsrc->typeLen = rsrc->typeLen;
195 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
196 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
197 for(size_t i = 0; i < rsrc->typeLen; i++)
199 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
200 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
204 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
206 newRsrc->interfaceLen = rsrc->interfaceLen;
207 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
208 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
209 for(size_t i = 0; i < rsrc->interfaceLen; i++)
211 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
212 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
218 newAce->permission = ace->permission;
223 OicSecValidity_t* validity = NULL;
224 LL_FOREACH(ace->validities, validity)
226 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
227 VERIFY_NON_NULL(TAG, newValidity, ERROR);
228 LL_APPEND(newAce->validities, newValidity);
232 allocateSize = strlen(validity->period) + 1;
233 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
234 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
235 OICStrcpy(newValidity->period, allocateSize, validity->period);
238 if(validity->recurrences && 0 < validity->recurrenceLen)
240 newValidity->recurrenceLen = validity->recurrenceLen;
242 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
243 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
245 for(size_t i = 0; i < validity->recurrenceLen; i++)
247 allocateSize = strlen(validity->recurrences[i]) + 1;
248 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
249 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
250 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
266 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
272 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
282 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
284 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
286 return OC_STACK_INVALID_PARAM;
289 OCStackResult ret = OC_STACK_ERROR;
290 CborError cborEncoderResult = CborNoError;
291 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
292 OicSecAce_t* ace = NULL;
295 CborEncoder aclListMap;
296 CborEncoder acesArray;
297 uint8_t *outPayload = NULL;
298 size_t cborLen = *size;
307 outPayload = (uint8_t *)OICCalloc(1, cborLen);
308 VERIFY_NON_NULL(TAG, outPayload, ERROR);
309 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
311 // Create ACL Map (aclist, rownerid)
312 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
313 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
315 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
316 strlen(OIC_JSON_ACLIST_NAME));
317 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
319 // Create ACLIST Map (aces)
320 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
321 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
323 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
324 strlen(OIC_JSON_ACES_NAME));
325 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
328 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
329 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
332 LL_FOREACH (acl->aces, ace)
334 CborEncoder oicSecAclMap;
335 // ACL Map size - Number of mandatory items
336 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
339 OicSecValidity_t* validityElts = ace->validities;
342 if(validityElts->period)
346 if(validityElts->recurrences)
352 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
353 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
355 // Subject -- Mandatory
356 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
357 strlen(OIC_JSON_SUBJECTID_NAME));
358 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
359 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
360 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
361 if(inLen == WILDCARD_SUBJECT_ID_LEN)
363 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
364 strlen(WILDCARD_RESOURCE_URI));
365 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
369 char *subject = NULL;
370 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
371 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
372 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
373 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
379 CborEncoder resources;
380 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
381 strlen(OIC_JSON_RESOURCES_NAME));
382 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
385 OicSecRsrc_t* rsrcElts = NULL;
386 LL_FOREACH(ace->resources, rsrcElts)
391 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
392 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
394 OicSecRsrc_t* rsrc = NULL;
395 LL_FOREACH(ace->resources, rsrc)
399 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, ACL_RESOURCE_MAP_SIZE);
400 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
403 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
404 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
405 strlen(OIC_JSON_HREF_NAME));
406 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
407 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
408 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
410 //resource type -- Mandatory
411 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
412 strlen(OIC_JSON_RT_NAME));
413 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
415 CborEncoder resourceTypes;
416 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
417 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
418 for(size_t i = 0; i < rsrc->typeLen; i++)
420 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
421 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
423 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
424 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
426 //interface -- Mandatory
427 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
428 strlen(OIC_JSON_IF_NAME));
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
431 CborEncoder interfaces;
432 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
433 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
434 for(size_t i = 0; i < rsrc->interfaceLen; i++)
436 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
437 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
439 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
440 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
445 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
446 strlen(OIC_JSON_REL_NAME));
447 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
448 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
449 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
453 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
454 strlen(OIC_JSON_REL_NAME));
455 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
456 cborEncoderResult = cbor_encode_text_string(&rMap, "", 0);
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
460 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
461 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
463 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
464 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
467 // Permissions -- Mandatory
468 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
469 strlen(OIC_JSON_PERMISSION_NAME));
470 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
471 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
472 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
474 // TODO: Need to verfication for validity
475 // Validity(Time-interval) -- Not Mandatory
478 size_t validityLen = 0;
480 LL_FOREACH(ace->validities, validityElts)
485 CborEncoder validities;
486 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
487 strlen(OIC_JSON_VALIDITY_NAME));
488 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
489 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
490 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
492 //How to add the value w/o "title" using tinycobr...? :(
495 LL_FOREACH(ace->validities, validityElts)
497 CborEncoder validity;
498 size_t validitySize = 0;
499 if(validityElts->period)
503 if(validityElts->recurrences)
508 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
509 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
512 if (validityElts->period)
514 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
515 strlen(validityElts->period));
516 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
520 if (validityElts->recurrences)
522 CborEncoder recurrences;
523 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
524 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
526 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
528 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
529 strlen(validityElts->recurrences[i]));
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
532 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
533 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
536 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
540 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
541 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
544 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
545 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
549 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
550 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
553 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
554 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
559 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
560 strlen(OIC_JSON_ROWNERID_NAME));
561 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
562 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
563 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
564 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
570 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
571 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
573 if (CborNoError == cborEncoderResult)
575 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
576 *size = encoder.ptr - outPayload;
577 *payload = outPayload;
581 if (CborErrorOutOfMemory == cborEncoderResult)
583 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
585 // reallocate and try again!
587 // Since the allocated initial memory failed, double the memory.
588 cborLen += encoder.ptr - encoder.end;
589 cborEncoderResult = CborNoError;
590 ret = AclToCBORPayload(secAcl, payload, &cborLen);
593 else if (cborEncoderResult != CborNoError)
595 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
600 ret = OC_STACK_ERROR;
606 // This function converts CBOR format to ACL data.
607 // Caller needs to invoke 'free' when done using
608 // note: This function is used in unit test hence not declared static,
609 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
611 if (NULL == cborPayload || 0 == size)
615 OCStackResult ret = OC_STACK_ERROR;
616 CborValue aclCbor = { .parser = NULL };
617 CborParser parser = { .end = NULL };
618 CborError cborFindResult = CborNoError;
619 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
621 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
624 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
625 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
626 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
628 while (cbor_value_is_valid(&aclMap))
630 char* tagName = NULL;
632 CborType type = cbor_value_get_type(&aclMap);
633 if (type == CborTextStringType)
635 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
636 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
637 cborFindResult = cbor_value_advance(&aclMap);
638 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
642 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
645 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
646 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
647 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
650 while (cbor_value_is_valid(&aclistMap))
654 CborType acType = cbor_value_get_type(&aclistMap);
655 if (acType == CborTextStringType)
657 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
658 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
659 cborFindResult = cbor_value_advance(&aclistMap);
660 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
665 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
668 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
669 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
670 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
673 while (cbor_value_is_valid(&acesArray))
676 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
677 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
678 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
680 OicSecAce_t *ace = NULL;
681 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
682 VERIFY_NON_NULL(TAG, ace, ERROR);
683 LL_APPEND(acl->aces, ace);
685 VERIFY_NON_NULL(TAG, acl, ERROR);
687 while (cbor_value_is_valid(&aceMap))
691 CborType type = cbor_value_get_type(&aceMap);
692 if (type == CborTextStringType)
694 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
695 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
696 cborFindResult = cbor_value_advance(&aceMap);
697 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
701 // Subject -- Mandatory
702 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
704 char *subject = NULL;
705 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
706 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
707 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
709 ace->subjectuuid.id[0] = '*';
713 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
714 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
719 // Resources -- Mandatory
720 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
722 CborValue resources = { .parser = NULL };
723 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
724 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
726 while (cbor_value_is_valid(&resources))
729 CborValue rMap = { .parser = NULL };
730 cborFindResult = cbor_value_enter_container(&resources, &rMap);
731 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
733 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
734 VERIFY_NON_NULL(TAG, rsrc, ERROR);
735 LL_APPEND(ace->resources, rsrc);
737 while(cbor_value_is_valid(&rMap))
739 char *rMapName = NULL;
740 size_t rMapNameLen = 0;
741 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
742 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
743 cborFindResult = cbor_value_advance(&rMap);
744 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
747 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
749 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
750 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
754 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
756 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
757 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
758 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
760 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
761 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
763 CborValue resourceTypes;
764 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
765 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
767 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
769 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
770 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
771 cborFindResult = cbor_value_advance(&resourceTypes);
772 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
777 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
779 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
780 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
781 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
783 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
784 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
786 CborValue interfaces;
787 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
788 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
790 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
792 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
793 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
794 cborFindResult = cbor_value_advance(&interfaces);
795 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
800 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
802 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
803 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
806 if (cbor_value_is_valid(&rMap))
808 cborFindResult = cbor_value_advance(&rMap);
809 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
814 if (cbor_value_is_valid(&resources))
816 cborFindResult = cbor_value_advance(&resources);
817 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
822 // Permissions -- Mandatory
823 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
826 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
827 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
828 ace->permission = (uint16_t)tmp64;
831 // TODO: Need to verfication for validity
832 // Validity -- Not mandatory
833 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
835 CborValue validitiesMap = {.parser = NULL};
836 size_t validitySize = 0;
838 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
839 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
841 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
842 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
844 while(cbor_value_is_valid(&validitiesMap))
846 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
847 VERIFY_NON_NULL(TAG, validity, ERROR);
848 LL_APPEND(ace->validities, validity);
850 CborValue validityMap = {.parser = NULL};
852 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
853 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
856 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
857 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
859 //recurrence (string array)
860 CborValue recurrenceMap = {.parser = NULL};
861 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
862 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
864 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
865 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
867 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
868 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
870 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
872 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
873 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
875 cborFindResult = cbor_value_advance(&recurrenceMap);
876 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
879 cborFindResult = cbor_value_advance(&validitiesMap);
880 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
886 if (type != CborMapType && cbor_value_is_valid(&aceMap))
888 cborFindResult = cbor_value_advance(&aceMap);
889 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
893 if (cbor_value_is_valid(&acesArray))
895 cborFindResult = cbor_value_advance(&acesArray);
896 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
903 if (cbor_value_is_valid(&aclistMap))
905 cborFindResult = cbor_value_advance(&aclistMap);
906 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
911 //rownerID -- Mandatory
912 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
914 char *stRowner = NULL;
915 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
916 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
917 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
918 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
923 if (cbor_value_is_valid(&aclMap))
925 cborFindResult = cbor_value_advance(&aclMap);
926 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
931 if (cborFindResult != CborNoError)
933 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
942 * This method removes ACE for the subject and resource from the ACL
944 * @param subject of the ACE
945 * @param resource of the ACE
948 * ::OC_STACK_RESOURCE_DELETED on success
949 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
950 * ::OC_STACK_INVALID_PARAM on invalid parameter
952 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
954 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
956 OicSecAce_t *ace = NULL;
957 OicSecAce_t *tempAce = NULL;
958 bool deleteFlag = false;
959 OCStackResult ret = OC_STACK_NO_RESOURCE;
961 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
963 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
964 return OC_STACK_INVALID_PARAM;
967 //If resource is NULL then delete all the ACE for the subject.
968 if (NULL == resource || resource[0] == '\0')
970 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
972 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
974 LL_DELETE(gAcl->aces, ace);
982 //Looping through ACL to find the right ACE to delete. If the required resource is the only
983 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
984 //than the required resource in the ACE, for the subject then just delete the resource from
986 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
988 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
990 OicSecRsrc_t* rsrc = NULL;
991 OicSecRsrc_t* tempRsrc = NULL;
992 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
994 if(strcmp(rsrc->href, resource) == 0)
996 LL_DELETE(ace->resources, rsrc);
1002 //If resource list is empty
1003 if(NULL == ace->resources && true == deleteFlag)
1005 //Remove the ACE from ACL
1006 LL_DELETE(gAcl->aces, ace);
1015 // In case of unit test do not update persistant storage.
1016 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1018 ret = OC_STACK_RESOURCE_DELETED;
1022 uint8_t *payload = NULL;
1024 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1026 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1028 ret = OC_STACK_RESOURCE_DELETED;
1038 * This method parses the query string received for REST requests and
1039 * retrieves the 'subject' field.
1041 * @param query querystring passed in REST request
1042 * @param subject subject UUID parsed from query string
1044 * @return true if query parsed successfully and found 'subject', else false.
1046 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1048 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1050 ParseQueryIterInit((unsigned char *) query, &parseIter);
1052 while (GetNextQuery (&parseIter))
1054 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1056 char strUuid[STRING_UUID_SIZE] = {0};
1057 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1058 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1059 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1060 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1070 * This method parses the query string received for REST requests and
1071 * retrieves the 'resource' field.
1073 * @param query querystring passed in REST request
1074 * @param resource resource parsed from query string
1075 * @param resourceSize size of the memory pointed to resource
1077 * @return true if query parsed successfully and found 'resource', else false.
1079 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1081 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1083 ParseQueryIterInit((unsigned char *) query, &parseIter);
1085 while (GetNextQuery (&parseIter))
1087 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1090 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1091 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1101 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1103 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1104 uint8_t* payload = NULL;
1106 OCEntityHandlerResult ehRet;
1108 OicUuid_t subject = {.id= { 0 } };
1110 // In case, 'subject' field is included in REST request.
1111 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1113 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1114 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1116 char resource[MAX_URI_LENGTH] = { 0 };
1118 OicSecAce_t *savePtr = NULL;
1119 const OicSecAce_t *currentAce = NULL;
1120 OicSecAcl_t targetAcl;
1122 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1123 targetAcl.aces = NULL;
1125 // 'Subject' field is MUST for processing a querystring in REST request.
1126 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1129 * TODO : Currently, this code only provides one ACE for a Subject.
1130 * Below code needs to be updated for scenarios when Subject have
1131 * multiple ACE's in ACL resource.
1133 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1135 targetAcl.aces = (OicSecAce_t*)currentAce;
1138 * If REST querystring contains a specific resource, we need
1139 * to search for that resource in ACE.
1141 if (resource[0] != '\0')
1143 OicSecRsrc_t *rsrc = NULL;
1144 LL_FOREACH(currentAce->resources, rsrc)
1146 if(0 == strcmp(rsrc->href, resource) ||
1147 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1149 // Convert ACL data into CBOR format for transmission
1150 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1152 ehRet = OC_EH_ERROR;
1160 // Convert ACL data into CBOR format for transmission
1161 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1163 ehRet = OC_EH_ERROR;
1169 // In case, 'subject' field is not included in REST request.
1172 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1173 // Convert ACL data into CBOR format for transmission.
1174 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1176 ehRet = OC_EH_ERROR;
1180 // A device should always have a default acl. Therefore, payload should never be NULL.
1181 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1183 // Send response payload to request originator
1184 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, payload, size))
1186 ehRet = OC_EH_ERROR;
1187 OIC_LOG(ERROR, TAG, "SendSRMResponse failed for HandleACLGetRequest");
1191 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1195 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1197 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1198 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1200 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1201 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1202 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1205 OicSecAcl_t *newAcl = CBORPayloadToAcl(payload, size);
1208 // Append the new ACL to existing ACL
1209 OicSecAce_t* newAce = NULL;
1210 OicSecAce_t* tempAce = NULL;
1211 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce)
1213 LL_APPEND(gAcl->aces, newAce);
1215 newAcl->aces = NULL;
1218 uint8_t *cborPayload = NULL;
1219 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1221 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1223 ehRet = OC_EH_RESOURCE_CREATED;
1225 OICFree(cborPayload);
1229 DeleteACLList(newAcl);
1232 // Send payload to request originator
1233 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1235 ehRet = OC_EH_ERROR;
1236 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLPostRequest");
1239 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1243 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1245 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1246 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1247 OicUuid_t subject = { .id= { 0 } };
1248 char resource[MAX_URI_LENGTH] = { 0 };
1250 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1252 // 'Subject' field is MUST for processing a querystring in REST request.
1253 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1255 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1257 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1259 ehRet = OC_EH_RESOURCE_DELETED;
1263 // Send payload to request originator
1264 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1266 ehRet = OC_EH_ERROR;
1267 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLDeleteRequest");
1273 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1274 void* callbackParameter)
1276 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1277 (void)callbackParameter;
1278 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1285 if (flag & OC_REQUEST_FLAG)
1287 // TODO : Handle PUT method
1288 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1289 switch (ehRequest->method)
1292 ehRet = HandleACLGetRequest(ehRequest);
1296 ehRet = HandleACLPostRequest(ehRequest);
1299 case OC_REST_DELETE:
1300 ehRet = HandleACLDeleteRequest(ehRequest);
1304 ehRet = OC_EH_ERROR;
1305 SendSRMResponse(ehRequest, ehRet, NULL, 0);
1313 * This internal method is used to create '/oic/sec/acl' resource.
1315 static OCStackResult CreateACLResource()
1319 ret = OCCreateResource(&gAclHandle,
1320 OIC_RSRC_TYPE_SEC_ACL,
1321 OC_RSRVD_INTERFACE_DEFAULT,
1325 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
1327 if (OC_STACK_OK != ret)
1329 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1330 DeInitACLResource();
1335 // This function sets the default ACL and is defined for the unit test only.
1336 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1342 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1344 OCStackResult ret = OC_STACK_ERROR;
1345 OicUuid_t ownerId = { .id = { 0 } };
1346 OicSecAcl_t *acl = NULL;
1347 OicSecAce_t *ace = NULL;
1348 OicSecRsrc_t* resRsrc = NULL;
1349 OicSecRsrc_t* deviceRsrc = NULL;
1350 OicSecRsrc_t* platformRsrc = NULL;
1351 OicSecRsrc_t* aclRsrc = NULL;
1352 OicSecRsrc_t* doxmRsrc = NULL;
1353 OicSecRsrc_t* pstatRsrc = NULL;
1356 * TODO In future, when new virtual resources will be added in OIC
1357 * specification, Iotivity stack should be able to add them in
1358 * existing SVR database. To support this, we need to add 'versioning'
1359 * mechanism in SVR database.
1364 return OC_STACK_INVALID_PARAM;
1367 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1368 VERIFY_NON_NULL(TAG, acl, ERROR);
1370 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1371 VERIFY_NON_NULL(TAG, ace, ERROR);
1373 LL_APPEND(acl->aces, ace);
1375 // Subject -- Mandatory
1376 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
1378 // Resources -- Mandatory
1380 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1381 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
1382 LL_APPEND(ace->resources, resRsrc);
1383 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
1384 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
1385 resRsrc->typeLen = 1;
1386 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1387 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
1388 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
1389 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
1390 resRsrc->interfaceLen = 2;
1391 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
1392 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
1393 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1394 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
1395 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1396 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
1399 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1400 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
1401 LL_APPEND(ace->resources, deviceRsrc);
1402 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
1403 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
1404 deviceRsrc->typeLen = 1;
1405 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1406 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
1407 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
1408 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
1409 deviceRsrc->interfaceLen = 2;
1410 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
1411 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
1412 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1413 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
1414 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1415 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
1418 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1419 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
1420 LL_APPEND(ace->resources, platformRsrc);
1421 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
1422 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
1423 platformRsrc->typeLen = 1;
1424 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1425 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
1426 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
1427 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
1428 platformRsrc->interfaceLen = 2;
1429 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
1430 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
1431 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1432 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
1433 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1434 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
1437 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1438 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
1439 LL_APPEND(ace->resources, aclRsrc);
1440 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
1441 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
1442 aclRsrc->typeLen = 1;
1443 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1444 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
1445 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
1446 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
1447 aclRsrc->interfaceLen = 1;
1448 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
1449 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
1450 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1451 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
1454 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1455 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
1456 LL_APPEND(ace->resources, doxmRsrc);
1457 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
1458 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
1459 doxmRsrc->typeLen = 1;
1460 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1461 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
1462 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
1463 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
1464 doxmRsrc->interfaceLen = 1;
1465 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
1466 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
1467 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1468 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
1471 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1472 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
1473 LL_APPEND(ace->resources, pstatRsrc);
1474 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
1475 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
1476 pstatRsrc->typeLen = 1;
1477 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1478 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
1479 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
1480 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
1481 pstatRsrc->interfaceLen = 1;
1482 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
1483 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
1484 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1485 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
1487 ace->permission = PERMISSION_READ;
1488 ace->validities = NULL;
1490 // Device ID is the owner of this default ACL
1491 if (GetDoxmResourceData() != NULL)
1493 ret = GetDoxmDeviceID(&ownerId);
1494 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
1498 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
1499 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
1502 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
1509 if (ret != OC_STACK_OK)
1518 OCStackResult InitACLResource()
1520 OCStackResult ret = OC_STACK_ERROR;
1522 uint8_t *data = NULL;
1524 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
1525 // If database read failed
1526 if (OC_STACK_OK != ret)
1528 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
1532 // Read ACL resource from PS
1533 gAcl = CBORPayloadToAcl(data, size);
1536 * If SVR database in persistent storage got corrupted or
1537 * is not available for some reason, a default ACL is created
1538 * which allows user to initiate ACL provisioning again.
1542 ret = GetDefaultACL(&gAcl);
1543 if (OC_STACK_OK != ret)
1545 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
1547 // TODO Needs to update persistent storage
1549 VERIFY_NON_NULL(TAG, gAcl, FATAL);
1551 // Instantiate 'oic.sec.acl'
1552 ret = CreateACLResource();
1555 if (OC_STACK_OK != ret)
1557 DeInitACLResource();
1562 OCStackResult DeInitACLResource()
1564 OCStackResult ret = OCDeleteResource(gAclHandle);
1569 DeleteACLList(gAcl);
1575 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
1577 OicSecAce_t *ace = NULL;
1578 OicSecAce_t *begin = NULL;
1580 if (NULL == subjectId)
1586 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
1589 if (NULL == *savePtr)
1596 * If this is a 'successive' call, search for location pointed by
1597 * savePtr and assign 'begin' to the next ACL after it in the linked
1598 * list and start searching from there.
1600 LL_FOREACH(gAcl->aces, ace)
1602 if (ace == *savePtr)
1609 // Find the next ACL corresponding to the 'subjectID' and return it.
1610 LL_FOREACH(begin, ace)
1612 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
1619 // Cleanup in case no ACL is found
1624 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
1626 OCStackResult ret = OC_STACK_ERROR;
1628 // Convert CBOR format to ACL data. This will also validate the ACL data received.
1629 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
1633 // Append the new ACL to existing ACL
1634 OicSecAce_t* newAce = NULL;
1635 LL_FOREACH(newAcl->aces, newAce)
1637 LL_APPEND(gAcl->aces, newAce);
1641 uint8_t *payload = NULL;
1642 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1644 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1656 * This function generates default ACE for security resource in case of owned status.
1658 * @return Default ACE for security resource.
1660 static OicSecAce_t* GetSecDefaultACE()
1662 const int NUM_OF_DOXM_RT = 1;
1663 const int NUM_OF_DOXM_IF = 1;
1664 const int NUM_OF_PSTAT_RT = 1;
1665 const int NUM_OF_PSTAT_IF = 1;
1666 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
1667 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
1668 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
1669 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
1670 OicSecRsrc_t* doxmRsrc = NULL;
1671 OicSecRsrc_t* pstatRsrc = NULL;
1673 //Generate default ACE
1674 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
1675 VERIFY_NON_NULL(TAG, newAce, ERROR);
1677 // Subject -- Mandatory
1678 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
1680 //Resources -- Mandatory
1682 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1683 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
1684 LL_APPEND(newAce->resources, doxmRsrc);
1686 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
1687 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
1689 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
1690 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
1691 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
1692 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
1694 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
1695 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
1698 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
1699 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
1700 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
1701 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
1703 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
1704 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
1708 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1709 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
1710 LL_APPEND(newAce->resources, pstatRsrc);
1712 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
1713 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
1715 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
1716 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
1717 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
1718 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
1720 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
1721 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
1724 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
1725 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
1726 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
1727 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
1729 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
1730 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
1733 // Permissions -- Mandatory
1734 newAce->permission = PERMISSION_READ;
1736 //Period -- Not Mandatory
1737 newAce->validities = NULL;
1746 OCStackResult UpdateDefaultSecProvACE()
1748 OCStackResult ret = OC_STACK_OK;
1749 OicSecAce_t *ace = NULL;
1750 OicSecAce_t *tempAce = NULL;
1754 int matchedRsrc = 0;
1755 bool isRemoved = false;
1757 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1759 //Find default security resource ACL
1760 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
1761 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
1765 OicSecRsrc_t* rsrc = NULL;
1766 LL_FOREACH(ace->resources, rsrc)
1768 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
1769 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
1770 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
1771 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
1772 strncmp(rsrc->href, OIC_RSRC_ACL_URI,
1773 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
1774 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
1775 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
1781 //If default security resource ACL is detected, delete it.
1782 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
1784 LL_DELETE(gAcl->aces, ace);
1794 * Generate new security resource ACE as follows :
1796 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
1799 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
1802 LL_APPEND(gAcl->aces, secDefaultAce);
1805 uint8_t *payload = NULL;
1806 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1808 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1821 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
1823 OCStackResult ret = OC_STACK_ERROR;
1824 uint8_t *cborPayload = NULL;
1826 OicUuid_t prevId = {.id={0}};
1828 if(NULL == newROwner)
1830 ret = OC_STACK_INVALID_PARAM;
1834 ret = OC_STACK_NO_RESOURCE;
1837 if(newROwner && gAcl)
1839 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
1840 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
1842 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
1843 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1845 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
1846 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1848 OICFree(cborPayload);
1854 OICFree(cborPayload);
1855 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
1859 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
1861 OCStackResult retVal = OC_STACK_ERROR;
1864 *rowneruuid = gAcl->rownerID;
1865 retVal = OC_STACK_OK;
projects / platform / upstream / iotivity.git / blob