1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "iotivity_config.h"
24 #elif defined(HAVE_STRINGS_H)
32 #include "ocserverrequest.h"
33 #include "oic_malloc.h"
34 #include "oic_string.h"
36 #include "ocpayload.h"
38 #include "payload_logging.h"
39 #include "srmresourcestrings.h"
40 #include "aclresource.h"
41 #include "doxmresource.h"
42 #include "resourcemanager.h"
43 #include "srmutility.h"
44 #include "psinterface.h"
45 #include "ocpayloadcbor.h"
47 #include "security_internals.h"
50 #define NUMBER_OF_SEC_PROV_RSCS 4
51 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
52 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
54 static const uint8_t ACL_MAP_SIZE = 4;
55 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
56 static const uint8_t ACL_ACES_MAP_SIZE = 3;
57 static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
60 // CborSize is the default cbor payload size being used.
61 static const uint16_t CBOR_SIZE = 2048;
63 static OicSecAcl_t *gAcl = NULL;
64 static OCResourceHandle gAclHandle = NULL;
67 * This function frees OicSecRsrc_t object's fields and object itself.
69 static void FreeRsrc(OicSecRsrc_t *rsrc)
71 //Clean each member of resource
75 if(0 < rsrc->typeLen && rsrc->types)
77 for(size_t i = 0; i < rsrc->typeLen; i++)
79 OICFree(rsrc->types[i]);
85 if(0 < rsrc->interfaceLen && rsrc->interfaces)
87 for(size_t i = 0; i < rsrc->interfaceLen; i++)
89 OICFree(rsrc->interfaces[i]);
91 OICFree(rsrc->interfaces);
92 rsrc->interfaces = NULL;
99 * This function frees OicSecAcl_t object's fields and object itself.
101 static void FreeACE(OicSecAce_t *ace)
105 OIC_LOG(ERROR, TAG, "Invalid Parameter");
110 OicSecRsrc_t* rsrc = NULL;
111 OicSecRsrc_t* tmpRsrc = NULL;
112 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
114 LL_DELETE(ace->resources, rsrc);
119 OicSecValidity_t *validity = NULL;
120 OicSecValidity_t *tmpValidity = NULL;
121 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
123 LL_DELETE(ace->validities, validity);
126 OICFree(validity->period);
129 for(size_t i = 0; i < validity->recurrenceLen; i++)
131 OICFree(validity->recurrences[i]);
133 OICFree(validity->recurrences);
143 void DeleteACLList(OicSecAcl_t* acl)
147 OicSecAce_t *ace = NULL;
148 OicSecAce_t *tmpAce = NULL;
149 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
151 LL_DELETE(acl->aces, ace);
159 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
161 OicSecAce_t* newAce = NULL;
162 size_t allocateSize = 0;
166 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
167 VERIFY_NON_NULL(TAG, newAce, ERROR);
170 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
172 OicSecRsrc_t* rsrc = NULL;
173 LL_FOREACH(ace->resources, rsrc)
175 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
176 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
177 LL_APPEND(newAce->resources, newRsrc);
180 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
181 allocateSize = strlen(rsrc->href) + 1;
182 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
183 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
184 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
188 allocateSize = strlen(rsrc->rel) + 1;
189 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
190 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
191 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
194 if(rsrc->types && 0 < rsrc->typeLen)
196 newRsrc->typeLen = rsrc->typeLen;
197 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
198 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
199 for(size_t i = 0; i < rsrc->typeLen; i++)
201 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
202 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
206 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
208 newRsrc->interfaceLen = rsrc->interfaceLen;
209 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
210 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
211 for(size_t i = 0; i < rsrc->interfaceLen; i++)
213 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
214 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
220 newAce->permission = ace->permission;
225 OicSecValidity_t* validity = NULL;
226 LL_FOREACH(ace->validities, validity)
228 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
229 VERIFY_NON_NULL(TAG, newValidity, ERROR);
230 LL_APPEND(newAce->validities, newValidity);
234 allocateSize = strlen(validity->period) + 1;
235 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
236 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
237 OICStrcpy(newValidity->period, allocateSize, validity->period);
240 if(validity->recurrences && 0 < validity->recurrenceLen)
242 newValidity->recurrenceLen = validity->recurrenceLen;
244 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
245 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
247 for(size_t i = 0; i < validity->recurrenceLen; i++)
249 allocateSize = strlen(validity->recurrences[i]) + 1;
250 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
251 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
252 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
268 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
274 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
284 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
286 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
288 return OC_STACK_INVALID_PARAM;
291 OCStackResult ret = OC_STACK_ERROR;
292 CborError cborEncoderResult = CborNoError;
293 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
294 OicSecAce_t* ace = NULL;
297 CborEncoder aclListMap;
298 CborEncoder acesArray;
299 uint8_t *outPayload = NULL;
300 size_t cborLen = *size;
309 outPayload = (uint8_t *)OICCalloc(1, cborLen);
310 VERIFY_NON_NULL(TAG, outPayload, ERROR);
311 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
313 // Create ACL Map (aclist, rownerid)
314 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
315 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
317 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
318 strlen(OIC_JSON_ACLIST_NAME));
319 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
321 // Create ACLIST Map (aces)
322 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
323 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
325 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
326 strlen(OIC_JSON_ACES_NAME));
327 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
330 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
331 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
334 LL_FOREACH (acl->aces, ace)
336 CborEncoder oicSecAclMap;
337 // ACL Map size - Number of mandatory items
338 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
341 OicSecValidity_t* validityElts = ace->validities;
344 if(validityElts->period)
348 if(validityElts->recurrences)
354 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
355 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
357 // Subject -- Mandatory
358 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
359 strlen(OIC_JSON_SUBJECTID_NAME));
360 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
361 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
362 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
363 if(inLen == WILDCARD_SUBJECT_ID_LEN)
365 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
366 strlen(WILDCARD_RESOURCE_URI));
367 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
371 char *subject = NULL;
372 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
373 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
374 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
375 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
381 CborEncoder resources;
382 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
383 strlen(OIC_JSON_RESOURCES_NAME));
384 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
387 OicSecRsrc_t* rsrcElts = NULL;
388 LL_FOREACH(ace->resources, rsrcElts)
393 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
394 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
396 OicSecRsrc_t* rsrc = NULL;
397 LL_FOREACH(ace->resources, rsrc)
401 size_t rsrcMapSize = ACL_RESOURCE_MAP_SIZE;
407 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
408 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
411 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
412 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
413 strlen(OIC_JSON_HREF_NAME));
414 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
415 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
416 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
418 //resource type -- Mandatory
419 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
420 strlen(OIC_JSON_RT_NAME));
421 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
423 CborEncoder resourceTypes;
424 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
425 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
426 for(size_t i = 0; i < rsrc->typeLen; i++)
428 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
431 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
432 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
434 //interface -- Mandatory
435 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
436 strlen(OIC_JSON_IF_NAME));
437 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
439 CborEncoder interfaces;
440 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
441 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
442 for(size_t i = 0; i < rsrc->interfaceLen; i++)
444 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
445 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
447 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
448 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
453 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
454 strlen(OIC_JSON_REL_NAME));
455 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
456 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
460 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
461 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
463 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
464 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
467 // Permissions -- Mandatory
468 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
469 strlen(OIC_JSON_PERMISSION_NAME));
470 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
471 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
472 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
474 // TODO: Need to verfication for validity
475 // Validity(Time-interval) -- Not Mandatory
478 size_t validityLen = 0;
480 LL_FOREACH(ace->validities, validityElts)
485 CborEncoder validities;
486 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
487 strlen(OIC_JSON_VALIDITY_NAME));
488 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
489 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
490 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
492 //How to add the value w/o "title" using tinycobr...? :(
495 LL_FOREACH(ace->validities, validityElts)
497 CborEncoder validity;
498 size_t validitySize = 0;
499 if(validityElts->period)
503 if(validityElts->recurrences)
508 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
509 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
512 if (validityElts->period)
514 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
515 strlen(validityElts->period));
516 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
520 if (validityElts->recurrences)
522 CborEncoder recurrences;
523 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
524 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
526 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
528 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
529 strlen(validityElts->recurrences[i]));
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
532 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
533 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
536 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
540 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
541 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
544 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
545 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
549 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
550 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
553 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
554 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
559 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
560 strlen(OIC_JSON_ROWNERID_NAME));
561 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
562 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
563 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
564 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
571 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
572 strlen(OIC_JSON_RT_NAME));
573 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
574 cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
575 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
576 for (size_t i = 0; i < 1; i++)
578 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
579 strlen(OIC_RSRC_TYPE_SEC_ACL));
580 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
582 cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
583 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
587 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
588 strlen(OIC_JSON_IF_NAME));
589 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
590 cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
591 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
592 for (size_t i = 0; i < 1; i++)
594 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
595 strlen(OC_RSRVD_INTERFACE_DEFAULT));
596 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
598 cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
599 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
602 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
603 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
605 if (CborNoError == cborEncoderResult)
607 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
608 *size = encoder.ptr - outPayload;
609 *payload = outPayload;
613 if (CborErrorOutOfMemory == cborEncoderResult)
615 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
617 // reallocate and try again!
619 // Since the allocated initial memory failed, double the memory.
620 cborLen += encoder.ptr - encoder.end;
621 cborEncoderResult = CborNoError;
622 ret = AclToCBORPayload(secAcl, payload, &cborLen);
625 else if (cborEncoderResult != CborNoError)
627 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
632 ret = OC_STACK_ERROR;
638 // This function converts CBOR format to ACL data.
639 // Caller needs to invoke 'free' when done using
640 // It parses { "aclist" : [ { ... } ] } instead of { "aclist" : { "aces" : [ ] } }
641 OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size)
643 if (NULL == cborPayload || 0 == size)
647 OCStackResult ret = OC_STACK_ERROR;
648 CborValue aclCbor = { .parser = NULL };
649 CborParser parser = { .end = NULL };
650 CborError cborFindResult = CborNoError;
651 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
653 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
656 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
657 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
658 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
660 while (cbor_value_is_valid(&aclMap))
662 char* tagName = NULL;
664 CborType type = cbor_value_get_type(&aclMap);
665 if (type == CborTextStringType)
667 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
668 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
669 cborFindResult = cbor_value_advance(&aclMap);
670 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
674 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
677 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
678 cborFindResult = cbor_value_enter_container(&aclMap, &acesArray);
679 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
682 while (cbor_value_is_valid(&acesArray))
685 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
686 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
687 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
689 OicSecAce_t *ace = NULL;
690 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
691 VERIFY_NON_NULL(TAG, ace, ERROR);
692 LL_APPEND(acl->aces, ace);
694 VERIFY_NON_NULL(TAG, acl, ERROR);
696 while (cbor_value_is_valid(&aceMap))
700 CborType type = cbor_value_get_type(&aceMap);
701 if (type == CborTextStringType)
703 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
704 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
705 cborFindResult = cbor_value_advance(&aceMap);
706 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
710 // Subject -- Mandatory
711 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
713 char *subject = NULL;
714 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
715 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
716 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
718 ace->subjectuuid.id[0] = '*';
722 OIC_LOG_V(DEBUG, TAG, "Converting subjectuuid = %s to uuid...", subject);
723 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
724 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
729 // Resources -- Mandatory
730 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
732 CborValue resources = { .parser = NULL };
733 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
734 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
736 while (cbor_value_is_valid(&resources))
739 CborValue rMap = { .parser = NULL };
740 cborFindResult = cbor_value_enter_container(&resources, &rMap);
741 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
743 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
744 VERIFY_NON_NULL(TAG, rsrc, ERROR);
745 LL_APPEND(ace->resources, rsrc);
747 while(cbor_value_is_valid(&rMap))
749 char *rMapName = NULL;
750 size_t rMapNameLen = 0;
751 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
752 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
753 cborFindResult = cbor_value_advance(&rMap);
754 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
757 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
759 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
760 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
764 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
766 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
767 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
768 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
770 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
771 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
773 CborValue resourceTypes;
774 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
775 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
777 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
780 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
781 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
782 cborFindResult = cbor_value_advance(&resourceTypes);
783 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
788 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
790 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
791 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
792 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
794 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
795 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
797 CborValue interfaces;
798 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
799 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
801 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
804 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
805 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
806 cborFindResult = cbor_value_advance(&interfaces);
807 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
812 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
814 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
815 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
818 if (cbor_value_is_valid(&rMap))
820 cborFindResult = cbor_value_advance(&rMap);
821 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
826 if (cbor_value_is_valid(&resources))
828 cborFindResult = cbor_value_advance(&resources);
829 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
834 // Permissions -- Mandatory
835 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
838 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
839 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
840 ace->permission = (uint16_t)tmp64;
843 // TODO: Need to verfication for validity
844 // Validity -- Not mandatory
845 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
847 CborValue validitiesMap = {.parser = NULL};
848 size_t validitySize = 0;
850 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
851 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
853 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
854 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
856 while(cbor_value_is_valid(&validitiesMap))
858 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
859 VERIFY_NON_NULL(TAG, validity, ERROR);
860 LL_APPEND(ace->validities, validity);
862 CborValue validityMap = {.parser = NULL};
864 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
865 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
868 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
869 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
871 //recurrence (string array)
872 CborValue recurrenceMap = {.parser = NULL};
873 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
874 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
876 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
877 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
879 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
880 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
882 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
884 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
885 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
887 cborFindResult = cbor_value_advance(&recurrenceMap);
888 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
891 cborFindResult = cbor_value_advance(&validitiesMap);
892 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
898 if (type != CborMapType && cbor_value_is_valid(&aceMap))
900 cborFindResult = cbor_value_advance(&aceMap);
901 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
905 if (cbor_value_is_valid(&acesArray))
907 cborFindResult = cbor_value_advance(&acesArray);
908 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
913 //rownerID -- Mandatory
914 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
916 char *stRowner = NULL;
917 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
918 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
919 OIC_LOG_V(DEBUG, TAG, "Converting rownerid = %s to uuid...", stRowner);
920 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
921 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
926 if (cbor_value_is_valid(&aclMap))
928 cborFindResult = cbor_value_advance(&aclMap);
929 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
934 if (cborFindResult != CborNoError)
936 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
944 // This function converts CBOR format to ACL data.
945 // Caller needs to invoke 'free' when done using
946 // note: This function is used in unit test hence not declared static,
947 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
949 if (NULL == cborPayload || 0 == size)
953 OCStackResult ret = OC_STACK_ERROR;
954 CborValue aclCbor = { .parser = NULL };
955 CborParser parser = { .end = NULL };
956 CborError cborFindResult = CborNoError;
957 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
959 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
962 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
963 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
964 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
966 while (cbor_value_is_valid(&aclMap))
968 char* tagName = NULL;
970 CborType type = cbor_value_get_type(&aclMap);
971 if (type == CborTextStringType)
973 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
974 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
975 cborFindResult = cbor_value_advance(&aclMap);
976 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
980 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
983 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
984 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
985 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
988 while (cbor_value_is_valid(&aclistMap))
992 CborType acType = cbor_value_get_type(&aclistMap);
993 if (acType == CborTextStringType)
995 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
996 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
997 cborFindResult = cbor_value_advance(&aclistMap);
998 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
1003 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
1006 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1007 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
1008 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
1011 while (cbor_value_is_valid(&acesArray))
1014 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1015 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
1016 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
1018 OicSecAce_t *ace = NULL;
1019 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1020 VERIFY_NON_NULL(TAG, ace, ERROR);
1021 LL_APPEND(acl->aces, ace);
1023 VERIFY_NON_NULL(TAG, acl, ERROR);
1025 while (cbor_value_is_valid(&aceMap))
1029 CborType type = cbor_value_get_type(&aceMap);
1030 if (type == CborTextStringType)
1032 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
1033 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
1034 cborFindResult = cbor_value_advance(&aceMap);
1035 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
1039 // Subject -- Mandatory
1040 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
1042 char *subject = NULL;
1043 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
1044 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
1045 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
1047 ace->subjectuuid.id[0] = '*';
1051 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
1052 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1057 // Resources -- Mandatory
1058 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
1060 CborValue resources = { .parser = NULL };
1061 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
1062 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
1064 while (cbor_value_is_valid(&resources))
1067 CborValue rMap = { .parser = NULL };
1068 cborFindResult = cbor_value_enter_container(&resources, &rMap);
1069 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
1071 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1072 VERIFY_NON_NULL(TAG, rsrc, ERROR);
1073 LL_APPEND(ace->resources, rsrc);
1075 while(cbor_value_is_valid(&rMap))
1077 char *rMapName = NULL;
1078 size_t rMapNameLen = 0;
1079 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
1080 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
1081 cborFindResult = cbor_value_advance(&rMap);
1082 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
1085 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
1087 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
1088 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
1092 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
1094 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
1095 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
1096 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
1098 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
1099 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
1101 CborValue resourceTypes;
1102 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
1103 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
1105 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
1107 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
1108 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
1109 cborFindResult = cbor_value_advance(&resourceTypes);
1110 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
1115 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
1117 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
1118 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
1119 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
1121 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
1122 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
1124 CborValue interfaces;
1125 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
1126 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
1128 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
1130 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
1131 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
1132 cborFindResult = cbor_value_advance(&interfaces);
1133 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
1138 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
1140 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
1141 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
1144 if (cbor_value_is_valid(&rMap))
1146 cborFindResult = cbor_value_advance(&rMap);
1147 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
1152 if (cbor_value_is_valid(&resources))
1154 cborFindResult = cbor_value_advance(&resources);
1155 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
1160 // Permissions -- Mandatory
1161 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
1164 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
1165 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
1166 ace->permission = (uint16_t)tmp64;
1169 // TODO: Need to verfication for validity
1170 // Validity -- Not mandatory
1171 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
1173 CborValue validitiesMap = {.parser = NULL};
1174 size_t validitySize = 0;
1176 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
1177 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
1179 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
1180 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
1182 while(cbor_value_is_valid(&validitiesMap))
1184 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
1185 VERIFY_NON_NULL(TAG, validity, ERROR);
1186 LL_APPEND(ace->validities, validity);
1188 CborValue validityMap = {.parser = NULL};
1190 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
1191 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
1194 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
1195 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
1197 //recurrence (string array)
1198 CborValue recurrenceMap = {.parser = NULL};
1199 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
1200 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
1202 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
1203 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
1205 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
1206 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
1208 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
1210 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
1211 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
1213 cborFindResult = cbor_value_advance(&recurrenceMap);
1214 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
1217 cborFindResult = cbor_value_advance(&validitiesMap);
1218 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
1224 if (type != CborMapType && cbor_value_is_valid(&aceMap))
1226 cborFindResult = cbor_value_advance(&aceMap);
1227 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
1231 if (cbor_value_is_valid(&acesArray))
1233 cborFindResult = cbor_value_advance(&acesArray);
1234 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
1241 if (cbor_value_is_valid(&aclistMap))
1243 cborFindResult = cbor_value_advance(&aclistMap);
1244 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
1249 //rownerID -- Mandatory
1250 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
1252 char *stRowner = NULL;
1253 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
1254 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1255 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
1256 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1261 if (cbor_value_is_valid(&aclMap))
1263 cborFindResult = cbor_value_advance(&aclMap);
1264 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
1269 if (cborFindResult != CborNoError)
1271 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
1280 * This method removes ACE for the subject and resource from the ACL
1282 * @param subject of the ACE
1283 * @param resource of the ACE
1286 * ::OC_STACK_RESOURCE_DELETED on success
1287 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
1288 * ::OC_STACK_INVALID_PARAM on invalid parameter
1290 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
1292 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
1294 OicSecAce_t *ace = NULL;
1295 OicSecAce_t *tempAce = NULL;
1296 bool deleteFlag = false;
1297 OCStackResult ret = OC_STACK_NO_RESOURCE;
1299 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
1301 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
1302 return OC_STACK_INVALID_PARAM;
1305 //If resource is NULL then delete all the ACE for the subject.
1306 if (NULL == resource || resource[0] == '\0')
1308 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1310 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1312 LL_DELETE(gAcl->aces, ace);
1320 //Looping through ACL to find the right ACE to delete. If the required resource is the only
1321 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
1322 //than the required resource in the ACE, for the subject then just delete the resource from
1323 //the resource array
1324 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1326 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1328 OicSecRsrc_t* rsrc = NULL;
1329 OicSecRsrc_t* tempRsrc = NULL;
1330 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1332 if(strcmp(rsrc->href, resource) == 0)
1334 LL_DELETE(ace->resources, rsrc);
1340 //If resource list is empty
1341 if(NULL == ace->resources && true == deleteFlag)
1343 //Remove the ACE from ACL
1344 LL_DELETE(gAcl->aces, ace);
1353 // In case of unit test do not update persistant storage.
1354 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1356 ret = OC_STACK_RESOURCE_DELETED;
1360 uint8_t *payload = NULL;
1362 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1364 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1366 ret = OC_STACK_RESOURCE_DELETED;
1376 * This method parses the query string received for REST requests and
1377 * retrieves the 'subject' field.
1379 * @param query querystring passed in REST request
1380 * @param subject subject UUID parsed from query string
1382 * @return true if query parsed successfully and found 'subject', else false.
1384 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1386 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1388 ParseQueryIterInit((unsigned char *) query, &parseIter);
1390 while (GetNextQuery (&parseIter))
1392 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1394 char strUuid[STRING_UUID_SIZE] = {0};
1395 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1396 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1397 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1398 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1408 * This method parses the query string received for REST requests and
1409 * retrieves the 'resource' field.
1411 * @param query querystring passed in REST request
1412 * @param resource resource parsed from query string
1413 * @param resourceSize size of the memory pointed to resource
1415 * @return true if query parsed successfully and found 'resource', else false.
1417 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1419 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1421 ParseQueryIterInit((unsigned char *) query, &parseIter);
1423 while (GetNextQuery (&parseIter))
1425 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1428 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1429 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1439 static size_t GetNumberOfResource(OicSecRsrc_t* resources)
1444 OicSecRsrc_t* rsrc = NULL;
1445 LL_FOREACH(resources, rsrc)
1453 static size_t GetNumberOfValidity(OicSecValidity_t* val)
1459 OicSecValidity_t* temp = NULL;
1460 LL_FOREACH(val, temp)
1469 static bool IsSameStringArray(char** strArr1, size_t strArr1Len,
1470 char** strArr2, size_t strArr2Len)
1473 if(NULL == strArr1 && NULL == strArr2)
1478 if(strArr1 && strArr2 && NULL == *strArr1 && NULL == *strArr2)
1483 if(strArr1 && strArr2)
1485 if(*strArr1 && *strArr2 && strArr1Len == strArr2Len)
1487 size_t matchedStr = 0;
1488 for(size_t i = 0; i < strArr1Len; i++)
1490 for(size_t j = 0; j < strArr2Len; j++)
1492 if(strcmp(strArr1[i], strArr2[j]) == 0)
1498 if(matchedStr == strArr1Len)
1508 static bool IsSameResources(OicSecRsrc_t* resources1, OicSecRsrc_t* resources2)
1510 size_t numOfRsrc1 = 0;
1511 size_t numOfRsrc2 = 0;
1512 size_t numOfMatchedRsrc = 0;
1513 OicSecRsrc_t* rsrc1 = NULL;
1514 OicSecRsrc_t* rsrc2 = NULL;
1516 if(NULL == resources1 && NULL == resources2)
1521 if(resources1 && resources2)
1523 numOfRsrc1 = GetNumberOfResource(resources1);
1524 numOfRsrc2 = GetNumberOfResource(resources2);
1526 if(0 == numOfRsrc1 && 0 == numOfRsrc2)
1531 LL_FOREACH(resources1, rsrc1)
1534 LL_FOREACH(resources2, rsrc2)
1538 if(strcmp(rsrc1->href, rsrc2->href) == 0 &&
1539 IsSameStringArray(rsrc1->interfaces, rsrc1->interfaceLen,
1540 rsrc2->interfaces, rsrc2->interfaceLen) &&
1541 IsSameStringArray(rsrc1->types, rsrc1->typeLen,
1542 rsrc2->types, rsrc2->typeLen))
1544 // TODO: Update codes to compare 'rel' property
1551 if(numOfMatchedRsrc == numOfRsrc1)
1560 static bool IsSameValidities(OicSecValidity_t* validities1, OicSecValidity_t* validities2)
1562 size_t numOfVal1 = 0;
1563 size_t numOfVal2 = 0;
1564 size_t numOfMatchedVal = 0;
1565 OicSecValidity_t* val1 = NULL;
1566 OicSecValidity_t* val2 = NULL;
1568 if(NULL == validities1 && NULL == validities2)
1573 if(validities1 && validities2)
1575 numOfVal1 = GetNumberOfValidity(validities1);
1576 numOfVal2 = GetNumberOfValidity(validities2);
1577 if(0 == numOfVal1 && 0 == numOfVal2)
1582 if(numOfVal1 == numOfVal2)
1584 LL_FOREACH(validities1, val1)
1586 LL_FOREACH(validities2, val2)
1588 if(strcmp(val1->period, val2->period) == 0 &&
1589 IsSameStringArray(val1->recurrences, val1->recurrenceLen,
1590 val2->recurrences, val2->recurrenceLen))
1596 if(numOfVal1 == numOfMatchedVal)
1606 static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
1610 if(memcmp(ace1->subjectuuid.id, ace2->subjectuuid.id, sizeof(ace1->subjectuuid.id)) != 0)
1615 if(false == IsSameResources(ace1->resources, ace2->resources))
1620 if(ace1->permission != ace2->permission)
1625 if(false == IsSameValidities(ace1->validities, ace2->validities))
1636 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1638 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1639 uint8_t* payload = NULL;
1641 OCEntityHandlerResult ehRet;
1643 OicUuid_t subject = {.id= { 0 } };
1645 // In case, 'subject' field is included in REST request.
1646 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1648 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1649 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1651 char resource[MAX_URI_LENGTH] = { 0 };
1653 OicSecAce_t *savePtr = NULL;
1654 const OicSecAce_t *currentAce = NULL;
1655 OicSecAcl_t targetAcl;
1657 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1658 targetAcl.aces = NULL;
1660 // 'Subject' field is MUST for processing a querystring in REST request.
1661 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1664 * TODO : Currently, this code only provides one ACE for a Subject.
1665 * Below code needs to be updated for scenarios when Subject have
1666 * multiple ACE's in ACL resource.
1668 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1670 targetAcl.aces = (OicSecAce_t*)currentAce;
1673 * If REST querystring contains a specific resource, we need
1674 * to search for that resource in ACE.
1676 if (resource[0] != '\0')
1678 OicSecRsrc_t *rsrc = NULL;
1679 LL_FOREACH(currentAce->resources, rsrc)
1681 if(0 == strcmp(rsrc->href, resource) ||
1682 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1684 // Convert ACL data into CBOR format for transmission
1685 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1687 ehRet = OC_EH_ERROR;
1695 // Convert ACL data into CBOR format for transmission
1696 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1698 ehRet = OC_EH_ERROR;
1704 // In case, 'subject' field is not included in REST request.
1707 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1708 // Convert ACL data into CBOR format for transmission.
1709 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1711 ehRet = OC_EH_ERROR;
1715 // A device should always have a default acl. Therefore, payload should never be NULL.
1716 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1717 OIC_LOG(DEBUG, TAG, "ACL payload with GET response");
1718 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1720 //Send payload to request originator
1721 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1722 OC_EH_OK : OC_EH_ERROR;
1726 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1730 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1732 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1733 OCEntityHandlerResult ehRet = OC_EH_OK;
1735 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1736 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1737 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1740 OicSecAcl_t *newAcl = NULL;
1741 OIC_LOG(DEBUG, TAG, "ACL payload from POST request << ");
1742 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1744 newAcl = CBORPayloadToAcl(payload, size);
1747 bool isNewAce = true;
1748 OicSecAce_t* existAce = NULL;
1749 OicSecAce_t* newAce = NULL;
1750 OicSecAce_t* tempAce1 = NULL;
1751 OicSecAce_t* tempAce2 = NULL;
1753 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce1)
1756 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
1758 if(IsSameACE(newAce, existAce))
1765 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
1767 OicSecAce_t* insertAce = DuplicateACE(newAce);
1770 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
1771 LL_PREPEND(gAcl->aces, insertAce);
1775 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
1776 ehRet = OC_EH_ERROR;
1781 DeleteACLList(newAcl);
1783 if(OC_EH_OK == ehRet)
1786 uint8_t *cborPayload = NULL;
1787 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1789 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1791 ehRet = OC_EH_CHANGED;
1793 OICFree(cborPayload);
1796 if(OC_EH_CHANGED != ehRet)
1798 ehRet = OC_EH_ERROR;
1804 //Send response to request originator
1805 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1806 OC_EH_OK : OC_EH_ERROR;
1808 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1812 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1814 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1815 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1816 OicUuid_t subject = { .id= { 0 } };
1817 char resource[MAX_URI_LENGTH] = { 0 };
1819 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1821 // 'Subject' field is MUST for processing a querystring in REST request.
1822 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1824 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1826 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1828 ehRet = OC_EH_RESOURCE_DELETED;
1832 //Send response to request originator
1833 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1834 OC_EH_OK : OC_EH_ERROR;
1839 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1840 void* callbackParameter)
1842 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1843 (void)callbackParameter;
1844 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1851 if (flag & OC_REQUEST_FLAG)
1853 // TODO : Handle PUT method
1854 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1855 switch (ehRequest->method)
1858 ehRet = HandleACLGetRequest(ehRequest);
1862 ehRet = HandleACLPostRequest(ehRequest);
1865 case OC_REST_DELETE:
1866 ehRet = HandleACLDeleteRequest(ehRequest);
1870 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1871 OC_EH_OK : OC_EH_ERROR;
1879 * This internal method is used to create '/oic/sec/acl' resource.
1881 static OCStackResult CreateACLResource()
1885 ret = OCCreateResource(&gAclHandle,
1886 OIC_RSRC_TYPE_SEC_ACL,
1887 OC_RSRVD_INTERFACE_DEFAULT,
1891 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
1893 if (OC_STACK_OK != ret)
1895 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1896 DeInitACLResource();
1901 // This function sets the default ACL and is defined for the unit test only.
1902 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1908 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1910 OCStackResult ret = OC_STACK_ERROR;
1911 OicUuid_t ownerId = { .id = { 0 } };
1912 OicSecAcl_t *acl = NULL;
1913 OicSecAce_t *ace = NULL;
1914 OicSecRsrc_t* resRsrc = NULL;
1915 OicSecRsrc_t* deviceRsrc = NULL;
1916 OicSecRsrc_t* platformRsrc = NULL;
1917 OicSecRsrc_t* aclRsrc = NULL;
1918 OicSecRsrc_t* doxmRsrc = NULL;
1919 OicSecRsrc_t* pstatRsrc = NULL;
1922 * TODO In future, when new virtual resources will be added in OIC
1923 * specification, Iotivity stack should be able to add them in
1924 * existing SVR database. To support this, we need to add 'versioning'
1925 * mechanism in SVR database.
1930 return OC_STACK_INVALID_PARAM;
1933 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1934 VERIFY_NON_NULL(TAG, acl, ERROR);
1936 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1937 VERIFY_NON_NULL(TAG, ace, ERROR);
1939 LL_APPEND(acl->aces, ace);
1941 // Subject -- Mandatory
1942 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
1944 // Resources -- Mandatory
1946 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1947 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
1948 LL_APPEND(ace->resources, resRsrc);
1949 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
1950 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
1951 resRsrc->typeLen = 1;
1952 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1953 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
1954 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
1955 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
1956 resRsrc->interfaceLen = 2;
1957 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
1958 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
1959 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1960 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
1961 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1962 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
1965 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1966 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
1967 LL_APPEND(ace->resources, deviceRsrc);
1968 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
1969 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
1970 deviceRsrc->typeLen = 1;
1971 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1972 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
1973 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
1974 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
1975 deviceRsrc->interfaceLen = 2;
1976 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
1977 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
1978 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1979 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
1980 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1981 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
1984 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1985 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
1986 LL_APPEND(ace->resources, platformRsrc);
1987 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
1988 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
1989 platformRsrc->typeLen = 1;
1990 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1991 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
1992 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
1993 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
1994 platformRsrc->interfaceLen = 2;
1995 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
1996 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
1997 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1998 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
1999 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2000 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
2003 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2004 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
2005 LL_APPEND(ace->resources, aclRsrc);
2006 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
2007 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
2008 aclRsrc->typeLen = 1;
2009 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2010 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
2011 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
2012 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
2013 aclRsrc->interfaceLen = 1;
2014 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
2015 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
2016 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2017 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
2020 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2021 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2022 LL_APPEND(ace->resources, doxmRsrc);
2023 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2024 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2025 doxmRsrc->typeLen = 1;
2026 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2027 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
2028 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
2029 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
2030 doxmRsrc->interfaceLen = 1;
2031 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
2032 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
2033 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2034 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
2037 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2038 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2039 LL_APPEND(ace->resources, pstatRsrc);
2040 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2041 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2042 pstatRsrc->typeLen = 1;
2043 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2044 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
2045 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
2046 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
2047 pstatRsrc->interfaceLen = 1;
2048 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
2049 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
2050 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2051 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
2053 ace->permission = PERMISSION_READ;
2054 ace->validities = NULL;
2056 // Device ID is the owner of this default ACL
2057 if (GetDoxmResourceData() != NULL)
2059 ret = GetDoxmDeviceID(&ownerId);
2060 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
2064 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
2065 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
2068 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
2075 if (ret != OC_STACK_OK)
2084 OCStackResult InitACLResource()
2086 OCStackResult ret = OC_STACK_ERROR;
2088 uint8_t *data = NULL;
2090 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
2091 // If database read failed
2092 if (OC_STACK_OK != ret)
2094 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
2098 // Read ACL resource from PS
2099 gAcl = CBORPayloadToAcl(data, size);
2102 * If SVR database in persistent storage got corrupted or
2103 * is not available for some reason, a default ACL is created
2104 * which allows user to initiate ACL provisioning again.
2108 ret = GetDefaultACL(&gAcl);
2109 if (OC_STACK_OK != ret)
2111 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
2113 // TODO Needs to update persistent storage
2115 VERIFY_NON_NULL(TAG, gAcl, FATAL);
2117 // Instantiate 'oic.sec.acl'
2118 ret = CreateACLResource();
2121 if (OC_STACK_OK != ret)
2123 DeInitACLResource();
2128 OCStackResult DeInitACLResource()
2130 OCStackResult ret = OCDeleteResource(gAclHandle);
2135 DeleteACLList(gAcl);
2141 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
2143 OicSecAce_t *ace = NULL;
2144 OicSecAce_t *begin = NULL;
2146 if (NULL == subjectId)
2152 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
2155 if (NULL == *savePtr)
2162 * If this is a 'successive' call, search for location pointed by
2163 * savePtr and assign 'begin' to the next ACL after it in the linked
2164 * list and start searching from there.
2166 LL_FOREACH(gAcl->aces, ace)
2168 if (ace == *savePtr)
2175 // Find the next ACL corresponding to the 'subjectID' and return it.
2176 LL_FOREACH(begin, ace)
2178 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
2185 // Cleanup in case no ACL is found
2190 OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
2192 OCStackResult ret = OC_STACK_ERROR;
2196 return OC_STACK_INVALID_PARAM;
2199 // Append the new ACL to existing ACL
2200 OicSecAce_t* newAce = NULL;
2201 LL_FOREACH(acl->aces, newAce)
2203 LL_APPEND(gAcl->aces, newAce);
2207 uint8_t *payload = NULL;
2208 ret = AclToCBORPayload(gAcl, &payload, &size);
2209 if (OC_STACK_OK == ret)
2211 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
2218 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
2220 // Convert CBOR format to ACL data. This will also validate the ACL data received.
2221 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
2223 return InstallNewACL2(newAcl);
2227 * This function generates default ACE for security resource in case of owned status.
2229 * @return Default ACE for security resource.
2231 static OicSecAce_t* GetSecDefaultACE()
2233 const int NUM_OF_DOXM_RT = 1;
2234 const int NUM_OF_DOXM_IF = 1;
2235 const int NUM_OF_PSTAT_RT = 1;
2236 const int NUM_OF_PSTAT_IF = 1;
2237 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
2238 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
2239 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2240 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2241 OicSecRsrc_t* doxmRsrc = NULL;
2242 OicSecRsrc_t* pstatRsrc = NULL;
2244 //Generate default ACE
2245 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
2246 VERIFY_NON_NULL(TAG, newAce, ERROR);
2248 // Subject -- Mandatory
2249 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
2251 //Resources -- Mandatory
2253 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2254 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2255 LL_APPEND(newAce->resources, doxmRsrc);
2257 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2258 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2260 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
2261 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
2262 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
2263 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
2265 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
2266 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
2269 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
2270 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
2271 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
2272 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
2274 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
2275 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
2279 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2280 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2281 LL_APPEND(newAce->resources, pstatRsrc);
2283 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2284 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2286 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
2287 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
2288 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
2289 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
2291 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
2292 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
2295 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
2296 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
2297 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
2298 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
2300 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
2301 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
2304 // Permissions -- Mandatory
2305 newAce->permission = PERMISSION_READ;
2307 //Period -- Not Mandatory
2308 newAce->validities = NULL;
2317 OCStackResult UpdateDefaultSecProvACE()
2319 OCStackResult ret = OC_STACK_OK;
2320 OicSecAce_t *ace = NULL;
2321 OicSecAce_t *tempAce = NULL;
2325 int matchedRsrc = 0;
2326 bool isRemoved = false;
2328 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
2330 //Find default security resource ACL
2331 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
2332 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
2336 OicSecRsrc_t* rsrc = NULL;
2337 LL_FOREACH(ace->resources, rsrc)
2339 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
2340 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
2341 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
2342 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
2343 strncmp(rsrc->href, OIC_RSRC_ACL_URI,
2344 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
2345 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
2346 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
2352 //If default security resource ACL is detected, delete it.
2353 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
2355 LL_DELETE(gAcl->aces, ace);
2365 * Generate new security resource ACE as follows :
2367 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
2370 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
2373 LL_APPEND(gAcl->aces, secDefaultAce);
2376 uint8_t *payload = NULL;
2377 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
2379 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
2392 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
2394 OCStackResult ret = OC_STACK_ERROR;
2395 uint8_t *cborPayload = NULL;
2397 OicUuid_t prevId = {.id={0}};
2399 if(NULL == newROwner)
2401 ret = OC_STACK_INVALID_PARAM;
2405 ret = OC_STACK_NO_RESOURCE;
2408 if(newROwner && gAcl)
2410 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
2411 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
2413 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
2414 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2416 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
2417 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2419 OICFree(cborPayload);
2425 OICFree(cborPayload);
2426 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
2430 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
2432 OCStackResult retVal = OC_STACK_ERROR;
2435 *rowneruuid = gAcl->rownerID;
2436 retVal = OC_STACK_OK;