1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "iotivity_config.h"
24 #elif defined(HAVE_STRINGS_H)
32 #include "ocserverrequest.h"
33 #include "oic_malloc.h"
34 #include "oic_string.h"
36 #include "ocpayload.h"
38 #include "payload_logging.h"
39 #include "srmresourcestrings.h"
40 #include "aclresource.h"
41 #include "doxmresource.h"
42 #include "resourcemanager.h"
43 #include "srmutility.h"
44 #include "psinterface.h"
45 #include "ocpayloadcbor.h"
47 #include "security_internals.h"
49 #define TAG "OIC_SRM_ACL"
50 #define NUMBER_OF_SEC_PROV_RSCS 3
51 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
52 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
54 static const uint8_t ACL_MAP_SIZE = 4;
55 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
56 static const uint8_t ACL_ACES_MAP_SIZE = 3;
57 static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
60 // CborSize is the default cbor payload size being used.
61 static const uint16_t CBOR_SIZE = 2048*8;
63 static OicSecAcl_t *gAcl = NULL;
64 static OCResourceHandle gAclHandle = NULL;
66 void FreeRsrc(OicSecRsrc_t *rsrc)
68 //Clean each member of resource
72 if(0 < rsrc->typeLen && rsrc->types)
74 for(size_t i = 0; i < rsrc->typeLen; i++)
76 OICFree(rsrc->types[i]);
82 if(0 < rsrc->interfaceLen && rsrc->interfaces)
84 for(size_t i = 0; i < rsrc->interfaceLen; i++)
86 OICFree(rsrc->interfaces[i]);
88 OICFree(rsrc->interfaces);
89 rsrc->interfaces = NULL;
96 * This function frees OicSecAcl_t object's fields and object itself.
98 static void FreeACE(OicSecAce_t *ace)
102 OIC_LOG(ERROR, TAG, "Invalid Parameter");
107 OicSecRsrc_t* rsrc = NULL;
108 OicSecRsrc_t* tmpRsrc = NULL;
109 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
111 LL_DELETE(ace->resources, rsrc);
116 OicSecValidity_t *validity = NULL;
117 OicSecValidity_t *tmpValidity = NULL;
118 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
120 LL_DELETE(ace->validities, validity);
123 OICFree(validity->period);
126 for(size_t i = 0; i < validity->recurrenceLen; i++)
128 OICFree(validity->recurrences[i]);
130 OICFree(validity->recurrences);
135 #ifdef MULTIPLE_OWNER
136 OICFree(ace->eownerID);
144 void DeleteACLList(OicSecAcl_t* acl)
148 OicSecAce_t *ace = NULL;
149 OicSecAce_t *tmpAce = NULL;
150 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
152 LL_DELETE(acl->aces, ace);
160 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
162 OicSecAce_t* newAce = NULL;
163 size_t allocateSize = 0;
167 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
168 VERIFY_NON_NULL(TAG, newAce, ERROR);
171 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
173 OicSecRsrc_t* rsrc = NULL;
174 LL_FOREACH(ace->resources, rsrc)
176 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
177 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
178 LL_APPEND(newAce->resources, newRsrc);
181 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
182 allocateSize = strlen(rsrc->href) + 1;
183 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
184 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
185 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
189 allocateSize = strlen(rsrc->rel) + 1;
190 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
191 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
192 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
195 if(rsrc->types && 0 < rsrc->typeLen)
197 newRsrc->typeLen = rsrc->typeLen;
198 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
199 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
200 for(size_t i = 0; i < rsrc->typeLen; i++)
202 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
203 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
207 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
209 newRsrc->interfaceLen = rsrc->interfaceLen;
210 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
211 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
212 for(size_t i = 0; i < rsrc->interfaceLen; i++)
214 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
215 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
221 newAce->permission = ace->permission;
226 OicSecValidity_t* validity = NULL;
227 LL_FOREACH(ace->validities, validity)
229 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
230 VERIFY_NON_NULL(TAG, newValidity, ERROR);
231 LL_APPEND(newAce->validities, newValidity);
235 allocateSize = strlen(validity->period) + 1;
236 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
237 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
238 OICStrcpy(newValidity->period, allocateSize, validity->period);
241 if(validity->recurrences && 0 < validity->recurrenceLen)
243 newValidity->recurrenceLen = validity->recurrenceLen;
245 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
246 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
248 for(size_t i = 0; i < validity->recurrenceLen; i++)
250 allocateSize = strlen(validity->recurrences[i]) + 1;
251 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
252 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
253 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
259 #ifdef MULTIPLE_OWNER
262 if (NULL == newAce->eownerID)
264 newAce->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
265 VERIFY_NON_NULL(TAG, (newAce->eownerID), ERROR);
267 memcpy(newAce->eownerID->id, ace->eownerID->id, sizeof(ace->eownerID->id));
281 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
287 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
297 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
299 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
301 return OC_STACK_INVALID_PARAM;
304 OCStackResult ret = OC_STACK_ERROR;
305 CborError cborEncoderResult = CborNoError;
306 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
307 OicSecAce_t* ace = NULL;
310 CborEncoder aclListMap;
311 CborEncoder acesArray;
312 uint8_t *outPayload = NULL;
313 size_t cborLen = *size;
322 outPayload = (uint8_t *)OICCalloc(1, cborLen);
323 VERIFY_NON_NULL(TAG, outPayload, ERROR);
324 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
326 // Create ACL Map (aclist, rownerid)
327 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
328 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
330 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
331 strlen(OIC_JSON_ACLIST_NAME));
332 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
334 // Create ACLIST Map (aces)
335 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
336 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
338 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
339 strlen(OIC_JSON_ACES_NAME));
340 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
343 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
344 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
347 LL_FOREACH (acl->aces, ace)
349 CborEncoder oicSecAclMap;
350 // ACL Map size - Number of mandatory items
351 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
354 OicSecValidity_t* validityElts = ace->validities;
357 if(validityElts->period)
361 if(validityElts->recurrences)
365 validityElts = validityElts->next;
368 #ifdef MULTIPLE_OWNER
373 #endif //MULTIPLE_OWNER
375 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
376 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
378 // Subject -- Mandatory
379 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
380 strlen(OIC_JSON_SUBJECTID_NAME));
381 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
382 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
383 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
384 if(inLen == WILDCARD_SUBJECT_ID_LEN)
386 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
387 strlen(WILDCARD_RESOURCE_URI));
388 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
392 char *subject = NULL;
393 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
394 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
395 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
396 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
402 CborEncoder resources;
403 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
404 strlen(OIC_JSON_RESOURCES_NAME));
405 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
408 OicSecRsrc_t* rsrcElts = NULL;
409 LL_FOREACH(ace->resources, rsrcElts)
414 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
415 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
417 OicSecRsrc_t* rsrc = NULL;
418 LL_FOREACH(ace->resources, rsrc)
422 size_t rsrcMapSize = ACL_RESOURCE_MAP_SIZE;
428 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
432 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
433 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
434 strlen(OIC_JSON_HREF_NAME));
435 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
436 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
437 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
439 //resource type -- Mandatory
440 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
441 strlen(OIC_JSON_RT_NAME));
442 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
444 CborEncoder resourceTypes;
445 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
446 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
447 for(size_t i = 0; i < rsrc->typeLen; i++)
449 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
450 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
452 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
453 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
455 //interface -- Mandatory
456 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
457 strlen(OIC_JSON_IF_NAME));
458 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
460 CborEncoder interfaces;
461 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
462 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
463 for(size_t i = 0; i < rsrc->interfaceLen; i++)
465 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
466 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
468 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
469 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
474 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
475 strlen(OIC_JSON_REL_NAME));
476 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
477 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
478 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
481 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
482 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
484 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
485 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
488 // Permissions -- Mandatory
489 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
490 strlen(OIC_JSON_PERMISSION_NAME));
491 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
492 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
493 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
495 // TODO: Need to verfication for validity
496 // Validity(Time-interval) -- Not Mandatory
499 size_t validityLen = 0;
501 LL_FOREACH(ace->validities, validityElts)
506 CborEncoder validities;
507 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
508 strlen(OIC_JSON_VALIDITY_NAME));
509 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
510 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
511 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
513 //How to add the value w/o "title" using tinycobr...? :(
516 LL_FOREACH(ace->validities, validityElts)
518 CborEncoder validity;
519 size_t validitySize = 0;
520 if(validityElts->period)
524 if(validityElts->recurrences)
529 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
533 if (validityElts->period)
535 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
536 strlen(validityElts->period));
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
541 if (validityElts->recurrences)
543 CborEncoder recurrences;
544 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
545 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
547 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
549 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
550 strlen(validityElts->recurrences[i]));
551 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
553 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
554 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
557 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
558 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
561 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
562 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
565 #ifdef MULTIPLE_OWNER
566 // Eownerid -- Not Mandatory
570 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_EOWNERID_NAME,
571 strlen(OIC_JSON_EOWNERID_NAME));
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
573 ret = ConvertUuidToStr(ace->eownerID, &eowner);
574 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
575 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, eowner, strlen(eowner));
577 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
579 #endif //MULTIPLE_OWNER
581 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
582 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
586 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
587 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
590 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
591 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
596 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
597 strlen(OIC_JSON_ROWNERID_NAME));
598 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
599 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
600 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
601 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
602 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
608 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
609 strlen(OIC_JSON_RT_NAME));
610 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
611 cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
612 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
613 for (size_t i = 0; i < 1; i++)
615 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
616 strlen(OIC_RSRC_TYPE_SEC_ACL));
617 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
619 cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
620 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
624 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
625 strlen(OIC_JSON_IF_NAME));
626 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
627 cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
628 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
629 for (size_t i = 0; i < 1; i++)
631 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
632 strlen(OC_RSRVD_INTERFACE_DEFAULT));
633 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
635 cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
636 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
639 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
640 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
642 if (CborNoError == cborEncoderResult)
644 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
645 *size = cbor_encoder_get_buffer_size(&encoder, outPayload);
646 *payload = outPayload;
650 if (CborErrorOutOfMemory == cborEncoderResult)
652 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
654 // reallocate and try again!
656 // Since the allocated initial memory failed, double the memory.
657 cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
658 cborEncoderResult = CborNoError;
659 ret = AclToCBORPayload(secAcl, payload, &cborLen);
662 else if (cborEncoderResult != CborNoError)
664 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
669 ret = OC_STACK_ERROR;
675 // This function converts CBOR format to ACL data.
676 // Caller needs to invoke 'free' when done using
677 // It parses { "aclist" : [ { ... } ] } instead of { "aclist" : { "aces" : [ ] } }
678 OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size)
680 if (NULL == cborPayload || 0 == size)
684 OCStackResult ret = OC_STACK_ERROR;
685 CborValue aclCbor = { .parser = NULL };
686 CborParser parser = { .end = NULL };
687 CborError cborFindResult = CborNoError;
688 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
690 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
691 VERIFY_NON_NULL(TAG, acl, ERROR);
694 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
695 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
696 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
698 while (cbor_value_is_valid(&aclMap))
700 char* tagName = NULL;
702 CborType type = cbor_value_get_type(&aclMap);
703 if (type == CborTextStringType)
705 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
706 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
707 cborFindResult = cbor_value_advance(&aclMap);
708 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
712 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
715 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
716 cborFindResult = cbor_value_enter_container(&aclMap, &acesArray);
717 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
720 while (cbor_value_is_valid(&acesArray))
723 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
724 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
725 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
727 OicSecAce_t *ace = NULL;
728 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
729 VERIFY_NON_NULL(TAG, ace, ERROR);
730 LL_APPEND(acl->aces, ace);
732 while (cbor_value_is_valid(&aceMap))
736 CborType type = cbor_value_get_type(&aceMap);
737 if (type == CborTextStringType)
739 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
740 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
741 cborFindResult = cbor_value_advance(&aceMap);
742 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
746 // Subject -- Mandatory
747 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
749 char *subject = NULL;
750 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
751 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
752 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
754 ace->subjectuuid.id[0] = '*';
758 OIC_LOG_V(DEBUG, TAG, "Converting subjectuuid = %s to uuid...", subject);
759 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
760 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
765 // Resources -- Mandatory
766 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
768 CborValue resources = { .parser = NULL };
769 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
770 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
772 while (cbor_value_is_valid(&resources))
775 CborValue rMap = { .parser = NULL };
776 cborFindResult = cbor_value_enter_container(&resources, &rMap);
777 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
779 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
780 VERIFY_NON_NULL(TAG, rsrc, ERROR);
781 LL_APPEND(ace->resources, rsrc);
783 while(cbor_value_is_valid(&rMap))
785 char *rMapName = NULL;
786 size_t rMapNameLen = 0;
787 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
788 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
789 cborFindResult = cbor_value_advance(&rMap);
790 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
793 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
795 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
796 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
800 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
802 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
803 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
804 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
806 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
807 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
809 CborValue resourceTypes;
810 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
811 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
813 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
816 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
817 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
818 cborFindResult = cbor_value_advance(&resourceTypes);
819 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
824 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
826 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
827 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
828 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
830 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
831 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
833 CborValue interfaces;
834 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
835 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
837 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
840 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
841 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
842 cborFindResult = cbor_value_advance(&interfaces);
843 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
848 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
850 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
851 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
854 if (cbor_value_is_valid(&rMap))
856 cborFindResult = cbor_value_advance(&rMap);
857 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
862 if (cbor_value_is_valid(&resources))
864 cborFindResult = cbor_value_advance(&resources);
865 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
870 // Permissions -- Mandatory
871 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
874 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
875 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
876 ace->permission = (uint16_t)tmp64;
879 // TODO: Need to verfication for validity
880 // Validity -- Not mandatory
881 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
883 CborValue validitiesMap = {.parser = NULL};
884 size_t validitySize = 0;
886 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
887 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
889 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
890 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
892 while(cbor_value_is_valid(&validitiesMap))
894 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
895 VERIFY_NON_NULL(TAG, validity, ERROR);
896 LL_APPEND(ace->validities, validity);
898 CborValue validityMap = {.parser = NULL};
900 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
901 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
904 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
905 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
907 //recurrence (string array)
908 CborValue recurrenceMap = {.parser = NULL};
909 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
910 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
912 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
913 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
915 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
916 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
918 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
920 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
921 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
923 cborFindResult = cbor_value_advance(&recurrenceMap);
924 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
927 cborFindResult = cbor_value_advance(&validitiesMap);
928 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
934 if (type != CborMapType && cbor_value_is_valid(&aceMap))
936 cborFindResult = cbor_value_advance(&aceMap);
937 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
941 if (cbor_value_is_valid(&acesArray))
943 cborFindResult = cbor_value_advance(&acesArray);
944 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
949 //rownerID -- Mandatory
950 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
952 char *stRowner = NULL;
953 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
954 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
955 OIC_LOG_V(DEBUG, TAG, "Converting rownerid = %s to uuid...", stRowner);
956 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
957 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
962 if (cbor_value_is_valid(&aclMap))
964 cborFindResult = cbor_value_advance(&aclMap);
965 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
970 if (cborFindResult != CborNoError)
972 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
980 // This function converts CBOR format to ACL data.
981 // Caller needs to invoke 'free' when done using
982 // note: This function is used in unit test hence not declared static,
983 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
985 if (NULL == cborPayload || 0 == size)
989 OCStackResult ret = OC_STACK_ERROR;
990 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
991 CborValue aclCbor = { .parser = NULL };
992 CborParser parser = { .end = NULL };
993 CborError cborFindResult = CborNoError;
995 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
997 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
998 VERIFY_NON_NULL(TAG, acl, ERROR);
1001 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
1002 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
1004 while (cbor_value_is_valid(&aclMap))
1006 char* tagName = NULL;
1008 CborType type = cbor_value_get_type(&aclMap);
1009 if (type == CborTextStringType)
1011 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
1012 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
1013 cborFindResult = cbor_value_advance(&aclMap);
1014 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
1018 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
1021 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1022 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
1023 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
1025 while (cbor_value_is_valid(&aclistMap))
1027 char* acName = NULL;
1029 CborType acType = cbor_value_get_type(&aclistMap);
1030 if (acType == CborTextStringType)
1032 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
1033 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
1034 cborFindResult = cbor_value_advance(&aclistMap);
1035 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
1040 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
1043 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1044 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
1045 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
1048 while (cbor_value_is_valid(&acesArray))
1051 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1052 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
1053 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
1055 OicSecAce_t *ace = NULL;
1056 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1057 VERIFY_NON_NULL(TAG, ace, ERROR);
1058 LL_APPEND(acl->aces, ace);
1060 while (cbor_value_is_valid(&aceMap))
1064 CborType type = cbor_value_get_type(&aceMap);
1065 if (type == CborTextStringType)
1067 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
1068 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
1069 cborFindResult = cbor_value_advance(&aceMap);
1070 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
1074 // Subject -- Mandatory
1075 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
1077 char *subject = NULL;
1078 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
1079 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
1080 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
1082 ace->subjectuuid.id[0] = '*';
1086 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
1087 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1092 // Resources -- Mandatory
1093 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
1095 CborValue resources = { .parser = NULL };
1096 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
1097 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
1099 while (cbor_value_is_valid(&resources))
1102 CborValue rMap = { .parser = NULL };
1103 cborFindResult = cbor_value_enter_container(&resources, &rMap);
1104 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
1106 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1107 VERIFY_NON_NULL(TAG, rsrc, ERROR);
1108 LL_APPEND(ace->resources, rsrc);
1110 while(cbor_value_is_valid(&rMap))
1112 char *rMapName = NULL;
1113 size_t rMapNameLen = 0;
1114 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
1115 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
1116 cborFindResult = cbor_value_advance(&rMap);
1117 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
1120 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
1122 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
1123 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
1127 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
1129 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
1130 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
1131 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
1133 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
1134 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
1136 CborValue resourceTypes;
1137 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
1138 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
1140 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
1142 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
1143 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
1144 cborFindResult = cbor_value_advance(&resourceTypes);
1145 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
1150 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
1152 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
1153 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
1154 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
1156 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
1157 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
1159 CborValue interfaces;
1160 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
1161 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
1163 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
1165 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
1166 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
1167 cborFindResult = cbor_value_advance(&interfaces);
1168 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
1173 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
1175 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
1176 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
1179 if (cbor_value_is_valid(&rMap))
1181 cborFindResult = cbor_value_advance(&rMap);
1182 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
1187 if (cbor_value_is_valid(&resources))
1189 cborFindResult = cbor_value_advance(&resources);
1190 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
1195 // Permissions -- Mandatory
1196 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
1199 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
1200 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
1201 ace->permission = (uint16_t)tmp64;
1204 // TODO: Need to verfication for validity
1205 // Validity -- Not mandatory
1206 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
1208 CborValue validitiesMap = {.parser = NULL};
1209 size_t validitySize = 0;
1211 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
1212 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
1214 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
1215 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
1217 while(cbor_value_is_valid(&validitiesMap))
1219 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
1220 VERIFY_NON_NULL(TAG, validity, ERROR);
1221 LL_APPEND(ace->validities, validity);
1223 CborValue validityMap = {.parser = NULL};
1225 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
1226 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
1229 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
1230 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
1232 //recurrence (string array)
1233 CborValue recurrenceMap = {.parser = NULL};
1234 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
1235 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
1237 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
1238 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
1240 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
1241 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
1243 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
1245 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
1246 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
1248 cborFindResult = cbor_value_advance(&recurrenceMap);
1249 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
1252 cborFindResult = cbor_value_advance(&validitiesMap);
1253 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
1257 #ifdef MULTIPLE_OWNER
1258 // eowner uuid -- Not Mandatory
1259 if (strcmp(name, OIC_JSON_EOWNERID_NAME) == 0)
1261 char *eowner = NULL;
1262 cborFindResult = cbor_value_dup_text_string(&aceMap, &eowner, &len, NULL);
1263 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1264 if(NULL == ace->eownerID)
1266 ace->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1267 VERIFY_NON_NULL(TAG, ace->eownerID, ERROR);
1269 ret = ConvertStrToUuid(eowner, ace->eownerID);
1271 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1273 #endif //MULTIPLE_OWNER
1277 if (type != CborMapType && cbor_value_is_valid(&aceMap))
1279 cborFindResult = cbor_value_advance(&aceMap);
1280 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
1284 if (cbor_value_is_valid(&acesArray))
1286 cborFindResult = cbor_value_advance(&acesArray);
1287 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
1294 if (cbor_value_is_valid(&aclistMap))
1296 cborFindResult = cbor_value_advance(&aclistMap);
1297 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
1302 //rownerID -- Mandatory
1303 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
1305 char *stRowner = NULL;
1306 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
1307 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1308 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
1309 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1312 else if (NULL != gAcl)
1314 memcpy(&(acl->rownerID), &(gAcl->rownerID), sizeof(OicUuid_t));
1318 if (cbor_value_is_valid(&aclMap))
1320 cborFindResult = cbor_value_advance(&aclMap);
1321 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
1326 if (cborFindResult != CborNoError)
1328 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
1336 #ifdef MULTIPLE_OWNER
1337 bool IsValidAclAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, const size_t size)
1339 bool retValue = false;
1340 OicSecAcl_t* acl = NULL;
1342 VERIFY_NON_NULL(TAG, uuid, ERROR);
1343 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1344 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1346 acl = CBORPayloadToAcl(cborPayload, size);
1347 VERIFY_NON_NULL(TAG, acl, ERROR);
1349 OicSecAce_t* ace = NULL;
1350 OicSecAce_t* tempAce = NULL;
1351 LL_FOREACH_SAFE(acl->aces, ace, tempAce)
1353 OicSecRsrc_t* rsrc = NULL;
1354 OicSecRsrc_t* tempRsrc = NULL;
1356 VERIFY_NON_NULL(TAG, ace->eownerID, ERROR);
1357 VERIFY_SUCCESS(TAG, memcmp(ace->eownerID->id, uuid->id, sizeof(uuid->id)) == 0, ERROR);
1359 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1361 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_DOXM) != 0, ERROR);
1362 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_CRED) != 0, ERROR);
1363 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_ACL) != 0, ERROR);
1364 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_PSTAT) != 0, ERROR);
1365 VERIFY_SUCCESS(TAG, strcmp(rsrc->href, OIC_RSRC_TYPE_SEC_CRL) != 0, ERROR);
1376 #endif //MULTIPLE_OWNER
1379 * This method removes ACE for the subject and resource from the ACL
1381 * @param subject of the ACE
1382 * @param resource of the ACE
1385 * ::OC_STACK_RESOURCE_DELETED on success
1386 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
1387 * ::OC_STACK_INVALID_PARAM on invalid parameter
1389 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
1391 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
1395 OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
1396 return OC_STACK_INVALID_PARAM;
1399 OicSecAce_t *ace = NULL;
1400 OicSecAce_t *tempAce = NULL;
1401 bool deleteFlag = false;
1402 OCStackResult ret = OC_STACK_NO_RESOURCE;
1404 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
1406 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
1407 return OC_STACK_INVALID_PARAM;
1410 //If resource is NULL then delete all the ACE for the subject.
1411 if (NULL == resource || resource[0] == '\0')
1413 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1415 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1417 LL_DELETE(gAcl->aces, ace);
1425 //Looping through ACL to find the right ACE to delete. If the required resource is the only
1426 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
1427 //than the required resource in the ACE, for the subject then just delete the resource from
1428 //the resource array
1429 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1431 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1433 OicSecRsrc_t* rsrc = NULL;
1434 OicSecRsrc_t* tempRsrc = NULL;
1435 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1437 if(strcmp(rsrc->href, resource) == 0)
1439 LL_DELETE(ace->resources, rsrc);
1445 //If resource list is empty
1446 if(NULL == ace->resources && true == deleteFlag)
1448 //Remove the ACE from ACL
1449 LL_DELETE(gAcl->aces, ace);
1458 // In case of unit test do not update persistant storage.
1459 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1461 ret = OC_STACK_RESOURCE_DELETED;
1465 uint8_t *payload = NULL;
1467 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1469 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1471 ret = OC_STACK_RESOURCE_DELETED;
1481 * This method parses the query string received for REST requests and
1482 * retrieves the 'subject' field.
1484 * @param query querystring passed in REST request
1485 * @param subject subject UUID parsed from query string
1487 * @return true if query parsed successfully and found 'subject', else false.
1489 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1491 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1493 ParseQueryIterInit((unsigned char *) query, &parseIter);
1495 while (GetNextQuery (&parseIter))
1497 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1499 char strUuid[STRING_UUID_SIZE] = {0};
1500 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1501 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1502 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1503 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1513 * This method parses the query string received for REST requests and
1514 * retrieves the 'resource' field.
1516 * @param query querystring passed in REST request
1517 * @param resource resource parsed from query string
1518 * @param resourceSize size of the memory pointed to resource
1520 * @return true if query parsed successfully and found 'resource', else false.
1522 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1524 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1526 ParseQueryIterInit((unsigned char *) query, &parseIter);
1528 while (GetNextQuery (&parseIter))
1530 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1533 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1534 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1544 static size_t GetNumberOfResource(OicSecRsrc_t* resources)
1549 OicSecRsrc_t* rsrc = NULL;
1550 LL_FOREACH(resources, rsrc)
1558 static size_t GetNumberOfValidity(OicSecValidity_t* val)
1564 OicSecValidity_t* temp = NULL;
1565 LL_FOREACH(val, temp)
1574 static bool IsSameStringArray(char** strArr1, size_t strArr1Len,
1575 char** strArr2, size_t strArr2Len)
1578 if(NULL == strArr1 && NULL == strArr2)
1583 if(strArr1 && strArr2 && NULL == *strArr1 && NULL == *strArr2)
1588 if(strArr1 && strArr2)
1590 if(*strArr1 && *strArr2 && strArr1Len == strArr2Len)
1592 size_t matchedStr = 0;
1593 for(size_t i = 0; i < strArr1Len; i++)
1595 for(size_t j = 0; j < strArr2Len; j++)
1597 if(strcmp(strArr1[i], strArr2[j]) == 0)
1603 if(matchedStr == strArr1Len)
1613 static bool IsSameResources(OicSecRsrc_t* resources1, OicSecRsrc_t* resources2)
1615 size_t numOfRsrc1 = 0;
1616 size_t numOfRsrc2 = 0;
1617 size_t numOfMatchedRsrc = 0;
1618 OicSecRsrc_t* rsrc1 = NULL;
1619 OicSecRsrc_t* rsrc2 = NULL;
1621 if(NULL == resources1 && NULL == resources2)
1626 if(resources1 && resources2)
1628 numOfRsrc1 = GetNumberOfResource(resources1);
1629 numOfRsrc2 = GetNumberOfResource(resources2);
1631 if(0 == numOfRsrc1 && 0 == numOfRsrc2)
1636 LL_FOREACH(resources1, rsrc1)
1639 LL_FOREACH(resources2, rsrc2)
1643 if(strcmp(rsrc1->href, rsrc2->href) == 0 &&
1644 IsSameStringArray(rsrc1->interfaces, rsrc1->interfaceLen,
1645 rsrc2->interfaces, rsrc2->interfaceLen) &&
1646 IsSameStringArray(rsrc1->types, rsrc1->typeLen,
1647 rsrc2->types, rsrc2->typeLen))
1649 // TODO: Update codes to compare 'rel' property
1656 if(numOfMatchedRsrc == numOfRsrc1)
1665 static bool IsSameValidities(OicSecValidity_t* validities1, OicSecValidity_t* validities2)
1667 size_t numOfVal1 = 0;
1668 size_t numOfVal2 = 0;
1669 size_t numOfMatchedVal = 0;
1670 OicSecValidity_t* val1 = NULL;
1671 OicSecValidity_t* val2 = NULL;
1673 if(NULL == validities1 && NULL == validities2)
1678 if(validities1 && validities2)
1680 numOfVal1 = GetNumberOfValidity(validities1);
1681 numOfVal2 = GetNumberOfValidity(validities2);
1682 if(0 == numOfVal1 && 0 == numOfVal2)
1687 if(numOfVal1 == numOfVal2)
1689 LL_FOREACH(validities1, val1)
1691 LL_FOREACH(validities2, val2)
1693 if(strcmp(val1->period, val2->period) == 0 &&
1694 IsSameStringArray(val1->recurrences, val1->recurrenceLen,
1695 val2->recurrences, val2->recurrenceLen))
1701 if(numOfVal1 == numOfMatchedVal)
1711 #ifdef MULTIPLE_OWNER
1712 static bool IsSameEowner(OicUuid_t* eowner1, OicUuid_t* eowner2)
1714 if (NULL != eowner1 && NULL != eowner2)
1716 if (memcmp(eowner1->id, eowner2->id, sizeof(eowner1->id)) == 0)
1721 else if (NULL == eowner1 && NULL == eowner2)
1723 OIC_LOG(DEBUG, TAG, "Both eowner1 and eowner2 are NULL");
1731 static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
1735 if(memcmp(ace1->subjectuuid.id, ace2->subjectuuid.id, sizeof(ace1->subjectuuid.id)) != 0)
1740 if(false == IsSameResources(ace1->resources, ace2->resources))
1745 if(ace1->permission != ace2->permission)
1750 if(false == IsSameValidities(ace1->validities, ace2->validities))
1755 #ifdef MULTIPLE_OWNER
1756 if(false == IsSameEowner(ace1->eownerID, ace2->eownerID))
1769 * Internal function to remove all ACL data on ACL resource and persistent storage
1772 * OC_STACK_RESOURCE_DELETED - no errors
1775 static OCStackResult RemoveAllAce(void)
1777 OCStackResult ret = OC_STACK_ERROR;
1778 uint8_t* aclBackup = NULL;
1779 size_t backupSize = 0;
1780 uint8_t* payload = NULL;
1782 OicSecAce_t* aceItem = NULL;
1783 OicSecAce_t* tempAce = NULL;
1785 OIC_LOG(INFO, TAG, "IN RemoveAllAce");
1787 //Backup the current ACL
1788 ret = AclToCBORPayload(gAcl, &aclBackup, &backupSize);
1789 if(OC_STACK_OK == ret)
1791 // Remove all ACE from ACL
1792 LL_FOREACH_SAFE(gAcl->aces, aceItem, tempAce)
1794 LL_DELETE(gAcl->aces, aceItem);
1798 //Generate empty ACL payload
1799 ret = AclToCBORPayload(gAcl, &payload, &size);
1800 if (OC_STACK_OK == ret )
1803 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
1804 if (OC_STACK_OK != ret)
1806 OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
1810 if(OC_STACK_OK != ret)
1812 OIC_LOG_V(ERROR, TAG, "Error while DELETE ACE : %d", ret);
1814 //If some erorr is occured, revert back.
1815 OicSecAcl_t* originAcl = CBORPayloadToAcl(aclBackup, backupSize);
1818 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, aclBackup, backupSize);
1819 if (OC_STACK_OK == ret)
1821 DeleteACLList(gAcl);
1826 OIC_LOG_V(ERROR, TAG, "Error in UpdateSecureResourceInPS : %d", ret);
1831 OIC_LOG(FATAL, TAG, "Error in CBORPayloadToAcl");
1832 ret = OC_STACK_ERROR;
1840 OIC_LOG(INFO, TAG, "OUT RemoveAllAce");
1842 return (OC_STACK_OK == ret ? OC_STACK_RESOURCE_DELETED : ret);
1845 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1847 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1849 uint8_t* payload = NULL;
1851 OCEntityHandlerResult ehRet;
1853 OicUuid_t subject = {.id= { 0 } };
1855 // In case, 'subject' field is included in REST request.
1856 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1858 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1859 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1861 char resource[MAX_URI_LENGTH] = { 0 };
1863 OicSecAce_t *savePtr = NULL;
1864 const OicSecAce_t *currentAce = NULL;
1865 OicSecAcl_t targetAcl;
1869 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1873 OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
1877 targetAcl.aces = NULL;
1879 // 'Subject' field is MUST for processing a querystring in REST request.
1880 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1883 * TODO : Currently, this code only provides one ACE for a Subject.
1884 * Below code needs to be updated for scenarios when Subject have
1885 * multiple ACE's in ACL resource.
1887 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1889 targetAcl.aces = (OicSecAce_t*)currentAce;
1892 * If REST querystring contains a specific resource, we need
1893 * to search for that resource in ACE.
1895 if (resource[0] != '\0')
1897 OicSecRsrc_t *rsrc = NULL;
1898 LL_FOREACH(currentAce->resources, rsrc)
1900 if(0 == strcmp(rsrc->href, resource) ||
1901 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1903 // Convert ACL data into CBOR format for transmission
1904 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1906 ehRet = OC_EH_ERROR;
1914 // Convert ACL data into CBOR format for transmission
1915 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1917 ehRet = OC_EH_ERROR;
1923 // In case, 'subject' field is not included in REST request.
1926 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1927 // Convert ACL data into CBOR format for transmission.
1928 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1930 ehRet = OC_EH_ERROR;
1934 // A device should always have a default acl. Therefore, payload should never be NULL.
1935 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1936 OIC_LOG(DEBUG, TAG, "ACL payload with GET response");
1937 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1939 //Send payload to request originator
1940 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1941 OC_EH_OK : OC_EH_ERROR;
1945 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1949 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1951 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1952 OCEntityHandlerResult ehRet = OC_EH_OK;
1954 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1955 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1956 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1959 OicSecAcl_t *newAcl = NULL;
1960 OIC_LOG(DEBUG, TAG, "ACL payload from POST request << ");
1961 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1963 newAcl = CBORPayloadToAcl(payload, size);
1964 if (NULL != newAcl && NULL != gAcl)
1966 bool isNewAce = true;
1967 OicSecAce_t* existAce = NULL;
1968 OicSecAce_t* newAce = NULL;
1969 OicSecAce_t* tempAce1 = NULL;
1970 OicSecAce_t* tempAce2 = NULL;
1972 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce1)
1975 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
1977 if(IsSameACE(newAce, existAce))
1984 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
1986 OicSecAce_t* insertAce = DuplicateACE(newAce);
1989 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
1990 LL_PREPEND(gAcl->aces, insertAce);
1994 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
1995 ehRet = OC_EH_ERROR;
1999 memcpy(&(gAcl->rownerID), &(newAcl->rownerID), sizeof(OicUuid_t));
2001 DeleteACLList(newAcl);
2003 if(OC_EH_OK == ehRet)
2006 uint8_t *cborPayload = NULL;
2008 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
2010 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
2012 ehRet = OC_EH_CHANGED;
2014 OICFree(cborPayload);
2017 if(OC_EH_CHANGED != ehRet)
2019 ehRet = OC_EH_ERROR;
2025 OIC_LOG_V(ERROR, TAG, "%s: %s", __func__, (NULL == newAcl) ? "no new ACL" : "gAcl is NULL");
2029 //Send response to request originator
2030 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2031 OC_EH_OK : OC_EH_ERROR;
2033 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
2037 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
2039 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
2040 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2041 OicUuid_t subject = { .id= { 0 } };
2042 char resource[MAX_URI_LENGTH] = { 0 };
2044 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
2046 // If 'Subject' field exist, processing a querystring in REST request.
2047 if(GetSubjectFromQueryString(ehRequest->query, &subject))
2049 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
2051 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
2053 ehRet = OC_EH_RESOURCE_DELETED;
2056 // If 'subject field not exist, remove all ACL data from ACL resource
2059 OIC_LOG(WARNING, TAG, "Can not find the 'subject' in querystring, All ACL list will be removed.");
2061 if(OC_STACK_RESOURCE_DELETED == RemoveAllAce())
2063 ehRet = OC_EH_RESOURCE_DELETED;
2068 //Send response to request originator
2069 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2070 OC_EH_OK : OC_EH_ERROR;
2075 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
2076 void* callbackParameter)
2078 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
2079 (void)callbackParameter;
2080 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2087 if (flag & OC_REQUEST_FLAG)
2089 // TODO : Handle PUT method
2090 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2091 switch (ehRequest->method)
2094 ehRet = HandleACLGetRequest(ehRequest);
2098 ehRet = HandleACLPostRequest(ehRequest);
2101 case OC_REST_DELETE:
2102 ehRet = HandleACLDeleteRequest(ehRequest);
2106 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2107 OC_EH_OK : OC_EH_ERROR;
2115 * This internal method is used to create '/oic/sec/acl' resource.
2117 static OCStackResult CreateACLResource()
2121 ret = OCCreateResource(&gAclHandle,
2122 OIC_RSRC_TYPE_SEC_ACL,
2123 OC_RSRVD_INTERFACE_DEFAULT,
2129 if (OC_STACK_OK != ret)
2131 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
2132 DeInitACLResource();
2137 // This function sets the default ACL and is defined for the unit test only.
2138 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
2144 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
2146 OCStackResult ret = OC_STACK_ERROR;
2147 OicUuid_t ownerId = { .id = { 0 } };
2148 OicSecAcl_t *acl = NULL;
2149 OicSecAce_t *ace = NULL;
2150 OicSecRsrc_t* resRsrc = NULL;
2151 OicSecRsrc_t* deviceRsrc = NULL;
2152 OicSecRsrc_t* platformRsrc = NULL;
2153 OicSecRsrc_t* aclRsrc = NULL;
2154 OicSecRsrc_t* doxmRsrc = NULL;
2155 OicSecRsrc_t* pstatRsrc = NULL;
2158 * TODO In future, when new virtual resources will be added in OIC
2159 * specification, Iotivity stack should be able to add them in
2160 * existing SVR database. To support this, we need to add 'versioning'
2161 * mechanism in SVR database.
2166 return OC_STACK_INVALID_PARAM;
2169 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
2170 VERIFY_NON_NULL(TAG, acl, ERROR);
2172 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
2173 VERIFY_NON_NULL(TAG, ace, ERROR);
2175 LL_APPEND(acl->aces, ace);
2177 // Subject -- Mandatory
2178 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
2180 // Resources -- Mandatory
2182 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2183 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
2184 LL_APPEND(ace->resources, resRsrc);
2185 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
2186 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
2187 resRsrc->typeLen = 1;
2188 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2189 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
2190 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
2191 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
2192 resRsrc->interfaceLen = 2;
2193 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
2194 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
2195 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2196 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
2197 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2198 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
2201 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2202 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
2203 LL_APPEND(ace->resources, deviceRsrc);
2204 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
2205 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
2206 deviceRsrc->typeLen = 1;
2207 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2208 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
2209 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
2210 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
2211 deviceRsrc->interfaceLen = 2;
2212 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
2213 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
2214 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2215 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
2216 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2217 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
2220 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2221 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
2222 LL_APPEND(ace->resources, platformRsrc);
2223 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
2224 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
2225 platformRsrc->typeLen = 1;
2226 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2227 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
2228 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
2229 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
2230 platformRsrc->interfaceLen = 2;
2231 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
2232 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
2233 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2234 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
2235 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2236 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
2239 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2240 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
2241 LL_APPEND(ace->resources, aclRsrc);
2242 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
2243 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
2244 aclRsrc->typeLen = 1;
2245 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2246 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
2247 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
2248 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
2249 aclRsrc->interfaceLen = 1;
2250 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
2251 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
2252 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2253 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
2256 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2257 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2258 LL_APPEND(ace->resources, doxmRsrc);
2259 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2260 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2261 doxmRsrc->typeLen = 1;
2262 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2263 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
2264 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
2265 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
2266 doxmRsrc->interfaceLen = 1;
2267 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
2268 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
2269 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2270 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
2273 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2274 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2275 LL_APPEND(ace->resources, pstatRsrc);
2276 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2277 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2278 pstatRsrc->typeLen = 1;
2279 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2280 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
2281 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
2282 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
2283 pstatRsrc->interfaceLen = 1;
2284 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
2285 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
2286 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2287 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
2289 ace->permission = PERMISSION_READ;
2290 ace->validities = NULL;
2292 // Device ID is the owner of this default ACL
2293 if (GetDoxmResourceData() != NULL)
2295 ret = GetDoxmDeviceID(&ownerId);
2296 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
2300 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
2301 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
2304 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
2311 if (ret != OC_STACK_OK)
2320 OCStackResult InitACLResource()
2322 OCStackResult ret = OC_STACK_ERROR;
2324 uint8_t *data = NULL;
2326 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
2327 // If database read failed
2328 if (OC_STACK_OK != ret)
2330 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
2334 // Read ACL resource from PS
2335 gAcl = CBORPayloadToAcl(data, size);
2339 * If SVR database in persistent storage got corrupted or
2340 * is not available for some reason, a default ACL is created
2341 * which allows user to initiate ACL provisioning again.
2345 ret = GetDefaultACL(&gAcl);
2346 if (OC_STACK_OK != ret)
2348 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
2350 // TODO Needs to update persistent storage
2352 VERIFY_NON_NULL(TAG, gAcl, FATAL);
2354 // Instantiate 'oic.sec.acl'
2355 ret = CreateACLResource();
2358 if (OC_STACK_OK != ret)
2360 DeInitACLResource();
2365 OCStackResult DeInitACLResource()
2367 OCStackResult ret = OCDeleteResource(gAclHandle);
2372 DeleteACLList(gAcl);
2378 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
2380 OicSecAce_t *ace = NULL;
2381 OicSecAce_t *begin = NULL;
2383 if (NULL == subjectId || NULL == savePtr || NULL == gAcl)
2389 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
2392 if (NULL == *savePtr)
2399 * If this is a 'successive' call, search for location pointed by
2400 * savePtr and assign 'begin' to the next ACL after it in the linked
2401 * list and start searching from there.
2403 LL_FOREACH(gAcl->aces, ace)
2405 if (ace == *savePtr)
2412 // Find the next ACL corresponding to the 'subjectID' and return it.
2413 LL_FOREACH(begin, ace)
2415 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
2422 // Cleanup in case no ACL is found
2427 void printACL(const OicSecAcl_t* acl)
2429 OIC_LOG(INFO, TAG, "Print ACL:");
2433 OIC_LOG(INFO, TAG, "Received NULL acl");
2437 char *rowner = NULL;
2438 if (OC_STACK_OK == ConvertUuidToStr(&acl->rownerID, &rowner))
2440 OIC_LOG_V(INFO, TAG, "rowner id = %s", rowner);
2444 OIC_LOG(ERROR, TAG, "Can't convert rowner uuid to string");
2448 const OicSecAce_t *ace = acl->aces;
2453 OIC_LOG_V(INFO, TAG, "Print ace[%d]:", ace_count);
2455 OIC_LOG_V(INFO, TAG, "ace permission = %d", ace->permission);
2457 char *subjectuuid = NULL;
2458 if (OC_STACK_OK == ConvertUuidToStr(&ace->subjectuuid, &subjectuuid))
2460 OIC_LOG_V(INFO, TAG, "ace subject uuid = %s", subjectuuid);
2464 OIC_LOG(ERROR, TAG, "Can't convert subjectuuid to string");
2466 OICFree(subjectuuid);
2468 OicSecRsrc_t *res = ace->resources;
2473 OIC_LOG_V(INFO, TAG, "Print resources[%d]:", res_count);
2475 OIC_LOG_V(INFO, TAG, "href = %s", res->href);
2477 for (size_t i = 0; i < res->typeLen; i++)
2479 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]);
2481 for (size_t i = 0; i < res->interfaceLen; i++)
2483 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->interfaces[i]);
2489 OicSecValidity_t *vals = ace->validities;
2494 OIC_LOG_V(INFO, TAG, "Print validities[%d]:", vals_count);
2496 OIC_LOG_V(INFO, TAG, "period = %s", vals->period);
2497 for (size_t i = 0; i < vals->recurrenceLen; i++)
2499 OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]);
2507 OCStackResult AppendACL2(const OicSecAcl_t* acl)
2509 OCStackResult ret = OC_STACK_ERROR;
2511 OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
2515 OIC_LOG_V(ERROR, TAG, "%s: acl is NULL", __func__);
2516 return OC_STACK_INVALID_PARAM;
2521 OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
2522 return OC_STACK_INVALID_PARAM;
2525 // Append the new ACE to existing ACE list
2526 // Can't use LL_APPEND because it sets ace->next to NULL
2527 OicSecAce_t* ace = gAcl->aces;
2534 ace->next = acl->aces;
2538 gAcl->aces = acl->aces;
2544 uint8_t *payload = NULL;
2545 ret = AclToCBORPayload(gAcl, &payload, &size);
2546 if (OC_STACK_OK == ret)
2548 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
2552 OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
2557 OCStackResult AppendACL(const uint8_t *cborPayload, const size_t size)
2559 // Convert CBOR format to ACL data. This will also validate the ACL data received.
2560 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
2562 return AppendACL2(newAcl);
2565 OCStackResult InstallACL(const OicSecAcl_t* acl)
2567 OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
2569 OCStackResult ret = OC_STACK_ERROR;
2573 OIC_LOG_V(ERROR, TAG, "%s: acl is NULL", __func__);
2574 return OC_STACK_INVALID_PARAM;
2579 OIC_LOG_V(ERROR, TAG, "%s: gAcl is NULL", __func__);
2580 return OC_STACK_INVALID_PARAM;
2583 bool isNewAce = true;
2584 OicSecAce_t* existAce = NULL;
2585 OicSecAce_t* newAce = NULL;
2586 OicSecAce_t* tempAce1 = NULL;
2587 OicSecAce_t* tempAce2 = NULL;
2588 OicSecAcl_t* newInstallAcl = NULL;
2590 LL_FOREACH_SAFE(acl->aces, newAce, tempAce1)
2593 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
2595 if(IsSameACE(newAce, existAce))
2597 OIC_LOG(DEBUG, TAG, "Duplicated ACE dectected.");
2598 ret = OC_STACK_DUPLICATE_REQUEST;
2604 // Append new ACE to existing ACL
2605 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
2607 OicSecAce_t* insertAce = DuplicateACE(newAce);
2610 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
2614 newInstallAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
2615 if (NULL == newInstallAcl)
2617 OIC_LOG(ERROR, TAG, "Failed to acllocate ACL");
2618 return OC_STACK_NO_MEMORY;
2621 LL_PREPEND(newInstallAcl->aces, insertAce);
2625 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE");
2626 DeleteACLList(newInstallAcl);
2627 return OC_STACK_ERROR;
2634 ret = AppendACL2(newInstallAcl);
2635 if (OC_STACK_OK != ret)
2637 OIC_LOG(ERROR, TAG, "Failed to append ACL");
2639 OICFree(newInstallAcl);
2642 OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
2648 * This function generates default ACE for security resource in case of owned status.
2650 * @return Default ACE for security resource.
2652 static OicSecAce_t* GetSecDefaultACE()
2654 const int NUM_OF_DOXM_RT = 1;
2655 const int NUM_OF_DOXM_IF = 1;
2656 const int NUM_OF_PSTAT_RT = 1;
2657 const int NUM_OF_PSTAT_IF = 1;
2658 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
2659 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
2660 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2661 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2662 OicSecRsrc_t* doxmRsrc = NULL;
2663 OicSecRsrc_t* pstatRsrc = NULL;
2665 //Generate default ACE
2666 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
2667 VERIFY_NON_NULL(TAG, newAce, ERROR);
2669 // Subject -- Mandatory
2670 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
2672 //Resources -- Mandatory
2674 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2675 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2676 LL_APPEND(newAce->resources, doxmRsrc);
2678 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2679 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2681 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
2682 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
2683 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
2684 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
2686 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
2687 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
2690 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
2691 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
2692 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
2693 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
2695 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
2696 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
2700 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2701 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2702 LL_APPEND(newAce->resources, pstatRsrc);
2704 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2705 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2707 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
2708 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
2709 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
2710 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
2712 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
2713 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
2716 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
2717 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
2718 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
2719 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
2721 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
2722 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
2725 // Permissions -- Mandatory
2726 newAce->permission = PERMISSION_READ;
2728 //Period -- Not Mandatory
2729 newAce->validities = NULL;
2738 OCStackResult UpdateDefaultSecProvACE()
2740 OCStackResult ret = OC_STACK_OK;
2741 OicSecAce_t *ace = NULL;
2742 OicSecAce_t *tempAce = NULL;
2746 int matchedRsrc = 0;
2747 bool isRemoved = false;
2749 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
2751 //Find default security resource ACL
2752 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
2753 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
2757 OicSecRsrc_t* rsrc = NULL;
2758 LL_FOREACH(ace->resources, rsrc)
2760 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
2761 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
2762 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
2763 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
2764 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
2765 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
2771 //If default security resource ACL is detected, delete it.
2772 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
2774 LL_DELETE(gAcl->aces, ace);
2784 * Generate new security resource ACE as follows :
2786 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
2789 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
2792 LL_APPEND(gAcl->aces, secDefaultAce);
2795 uint8_t *payload = NULL;
2796 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
2798 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
2811 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
2813 OCStackResult ret = OC_STACK_ERROR;
2814 uint8_t *cborPayload = NULL;
2816 OicUuid_t prevId = {.id={0}};
2818 if(NULL == newROwner)
2820 ret = OC_STACK_INVALID_PARAM;
2824 ret = OC_STACK_NO_RESOURCE;
2827 if(newROwner && gAcl)
2829 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
2830 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
2832 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
2833 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2835 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
2836 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2838 OICFree(cborPayload);
2844 OICFree(cborPayload);
2845 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
2849 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
2851 OCStackResult retVal = OC_STACK_ERROR;
2854 *rowneruuid = gAcl->rownerID;
2855 retVal = OC_STACK_OK;