1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
29 #include "ocserverrequest.h"
30 #include "oic_malloc.h"
31 #include "oic_string.h"
33 #include "ocpayload.h"
35 #include "payload_logging.h"
36 #include "srmresourcestrings.h"
37 #include "aclresource.h"
38 #include "doxmresource.h"
39 #include "resourcemanager.h"
40 #include "srmutility.h"
41 #include "psinterface.h"
43 #include "security_internals.h"
46 #define NUMBER_OF_SEC_PROV_RSCS 4
47 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
49 static const uint8_t ACL_MAP_SIZE = 2;
50 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
51 static const uint8_t ACL_ACES_MAP_SIZE = 3;
52 static const uint8_t ACL_RESOURCE_MAP_SIZE = 4;
55 // CborSize is the default cbor payload size being used.
56 static const uint16_t CBOR_SIZE = 2048;
58 static OicSecAcl_t *gAcl = NULL;
59 static OCResourceHandle gAclHandle = NULL;
62 * This function frees OicSecAcl_t object's fields and object itself.
64 static void FreeACE(OicSecAcl_t *ace)
69 OIC_LOG(ERROR, TAG, "Invalid Parameter");
74 for (i = 0; i < ace->resourcesLen; i++)
76 OICFree(ace->resources[i]);
78 OICFree(ace->resources);
83 for (i = 0; i < ace->prdRecrLen; i++)
85 OICFree(ace->periods[i]);
87 OICFree(ace->periods);
93 for (i = 0; i < ace->prdRecrLen; i++)
95 OICFree(ace->recurrences[i]);
97 OICFree(ace->recurrences);
100 // Clean ACL node itself
104 void DeleteACLList(OicSecAcl_t* acl)
108 OicSecAcl_t *aclTmp1 = NULL;
109 OicSecAcl_t *aclTmp2 = NULL;
110 LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
112 LL_DELETE(acl, aclTmp1);
118 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
124 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
134 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
136 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
138 return OC_STACK_INVALID_PARAM;
141 OCStackResult ret = OC_STACK_ERROR;
142 CborError cborEncoderResult = CborNoError;
143 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
146 CborEncoder aclListMap;
147 CborEncoder acesArray;
148 uint8_t *outPayload = NULL;
149 size_t cborLen = *size;
158 outPayload = (uint8_t *)OICCalloc(1, cborLen);
159 VERIFY_NON_NULL(TAG, outPayload, ERROR);
160 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
162 // Create ACL Map (aclist, rownerid)
163 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
164 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
166 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
167 strlen(OIC_JSON_ACLIST_NAME));
168 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
170 // Create ACLIST Map (aces)
171 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
172 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
174 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
175 strlen(OIC_JSON_ACES_NAME));
176 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
179 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
180 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
184 CborEncoder oicSecAclMap;
185 // ACL Map size - Number of mandatory items
186 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
194 if (acl->recurrences)
199 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
200 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
202 // Subject -- Mandatory
203 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
204 strlen(OIC_JSON_SUBJECTID_NAME));
205 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
206 inLen = (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
207 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
208 if(inLen == WILDCARD_SUBJECT_ID_LEN)
210 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
211 strlen(WILDCARD_RESOURCE_URI));
212 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
216 char *subject = NULL;
217 ret = ConvertUuidToStr(&acl->subject, &subject);
218 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
219 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
220 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
226 CborEncoder resources;
227 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
228 strlen(OIC_JSON_RESOURCES_NAME));
229 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
231 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, acl->resourcesLen);
232 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
234 for (size_t i = 0; i < acl->resourcesLen; i++)
238 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, ACL_RESOURCE_MAP_SIZE);
239 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
241 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
242 strlen(OIC_JSON_HREF_NAME));
243 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
244 cborEncoderResult = cbor_encode_text_string(&rMap, acl->resources[i],
245 strlen(acl->resources[i]));
246 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
248 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
249 strlen(OIC_JSON_REL_NAME));
250 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
252 // TODO : Need to assign real value of REL
253 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
254 strlen(OIC_JSON_EMPTY_STRING));
255 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
257 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
258 strlen(OIC_JSON_RT_NAME));
259 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
261 // TODO : Need to assign real value of RT
262 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
263 strlen(OIC_JSON_EMPTY_STRING));
264 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
266 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
267 strlen(OIC_JSON_IF_NAME));
268 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
270 // TODO : Need to assign real value of IF
271 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
272 strlen(OIC_JSON_EMPTY_STRING));
273 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
276 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
277 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
280 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
281 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
285 // Permissions -- Mandatory
286 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
287 strlen(OIC_JSON_PERMISSION_NAME));
288 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
289 cborEncoderResult = cbor_encode_int(&oicSecAclMap, acl->permission);
290 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
292 // Period -- Not Mandatory
297 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERIOD_NAME,
298 strlen(OIC_JSON_PERIOD_NAME));
299 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Tag.");
300 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &period, acl->prdRecrLen);
301 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Array.");
302 for (size_t i = 0; i < acl->prdRecrLen; i++)
304 cborEncoderResult = cbor_encode_text_string(&period, acl->periods[i],
305 strlen(acl->periods[i]));
306 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value in Array.");
308 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &period);
309 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Period Array.");
312 // Recurrence -- Not Mandatory
313 if (acl->recurrences)
315 CborEncoder recurrences;
316 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RECURRENCES_NAME,
317 strlen(OIC_JSON_RECURRENCES_NAME));
318 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Tag.");
319 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &recurrences, acl->prdRecrLen);
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
322 for (size_t i = 0; i < acl->prdRecrLen; i++)
324 cborEncoderResult = cbor_encode_text_string(&recurrences, acl->recurrences[i],
325 strlen(acl->recurrences[i]));
326 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
328 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &recurrences);
329 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
334 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
335 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
340 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
341 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
344 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
345 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
350 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
351 strlen(OIC_JSON_ROWNERID_NAME));
352 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
353 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
354 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
355 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
356 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
361 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
362 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
364 if (CborNoError == cborEncoderResult)
366 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
367 *size = encoder.ptr - outPayload;
368 *payload = outPayload;
372 if (CborErrorOutOfMemory == cborEncoderResult)
374 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
376 // reallocate and try again!
378 // Since the allocated initial memory failed, double the memory.
379 cborLen += encoder.ptr - encoder.end;
380 cborEncoderResult = CborNoError;
381 ret = AclToCBORPayload(secAcl, payload, &cborLen);
384 else if (cborEncoderResult != CborNoError)
386 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
391 ret = OC_STACK_ERROR;
397 // This function converts CBOR format to ACL data.
398 // Caller needs to invoke 'free' when done using
399 // note: This function is used in unit test hence not declared static,
400 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
402 if (NULL == cborPayload || 0 == size)
406 OCStackResult ret = OC_STACK_ERROR;
407 CborValue aclCbor = { .parser = NULL };
408 CborParser parser = { .end = NULL };
409 CborError cborFindResult = CborNoError;
410 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
412 OicSecAcl_t *headAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
415 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
416 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
417 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
419 while (cbor_value_is_valid(&aclMap))
421 char* tagName = NULL;
423 CborType type = cbor_value_get_type(&aclMap);
424 if (type == CborTextStringType)
426 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
427 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
428 cborFindResult = cbor_value_advance(&aclMap);
429 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
433 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
436 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
437 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
438 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
441 while (cbor_value_is_valid(&aclistMap))
445 CborType acType = cbor_value_get_type(&aclistMap);
446 if (acType == CborTextStringType)
448 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &acLen, NULL);
449 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
450 cborFindResult = cbor_value_advance(&aclistMap);
451 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
455 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
459 CborValue aclArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
460 cborFindResult = cbor_value_enter_container(&aclistMap, &aclArray);
461 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Array.");
464 while (cbor_value_is_valid(&aclArray))
468 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
469 cborFindResult = cbor_value_enter_container(&aclArray, &aclMap);
470 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
471 OicSecAcl_t *acl = NULL;
479 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
480 OicSecAcl_t *temp = headAcl;
487 VERIFY_NON_NULL(TAG, acl, ERROR);
489 while (cbor_value_is_valid(&aclMap))
493 CborType type = cbor_value_get_type(&aclMap);
494 if (type == CborTextStringType)
496 cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
497 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
498 cborFindResult = cbor_value_advance(&aclMap);
499 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
503 // Subject -- Mandatory
504 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
506 char *subject = NULL;
507 cborFindResult = cbor_value_dup_text_string(&aclMap, &subject, &len, NULL);
508 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
509 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
511 acl->subject.id[0] = '*';
515 ret = ConvertStrToUuid(subject, &acl->subject);
516 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
521 // Resources -- Mandatory
522 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
524 CborValue resources = { .parser = NULL };
525 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->resourcesLen);
526 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Resource Array Len Value.");
527 cborFindResult = cbor_value_enter_container(&aclMap, &resources);
528 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
530 acl->resources = (char **) OICMalloc(acl->resourcesLen * sizeof(char*));
531 VERIFY_NON_NULL(TAG, acl->resources, ERROR);
533 while (cbor_value_is_valid(&resources))
536 CborValue rMap = { .parser = NULL };
537 cborFindResult = cbor_value_enter_container(&resources, &rMap);
538 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
541 while(cbor_value_is_valid(&rMap))
543 char *rMapName = NULL;
544 size_t rMapNameLen = 0;
545 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
546 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
547 cborFindResult = cbor_value_advance(&rMap);
548 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
551 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
553 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
554 cborFindResult = cbor_value_dup_text_string(&rMap, &acl->resources[i++], &len, NULL);
555 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
558 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
560 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
561 char *relData = NULL;
562 cborFindResult = cbor_value_dup_text_string(&rMap, &relData, &len, NULL);
563 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
567 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName))
569 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
571 cborFindResult = cbor_value_dup_text_string(&rMap, &rtData, &len, NULL);
572 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT Value.");
577 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName))
579 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
581 cborFindResult = cbor_value_dup_text_string(&rMap, &ifData, &len, NULL);
582 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF Value.");
586 if (cbor_value_is_valid(&rMap))
588 cborFindResult = cbor_value_advance(&rMap);
589 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
594 if (cbor_value_is_valid(&resources))
596 cborFindResult = cbor_value_advance(&resources);
597 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
602 // Permissions -- Mandatory
603 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
605 cborFindResult = cbor_value_get_uint64(&aclMap, (uint64_t *) &acl->permission);
606 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
609 // Period -- Not mandatory
610 if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0)
612 CborValue period = { .parser = NULL };
613 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
614 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Len.");
615 cborFindResult = cbor_value_enter_container(&aclMap, &period);
616 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Map.");
617 acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
618 VERIFY_NON_NULL(TAG, acl->periods, ERROR);
620 while (cbor_value_is_text_string(&period))
622 cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
624 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
625 cborFindResult = cbor_value_advance(&period);
626 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
630 // Recurrence -- Not mandatory
631 if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
633 CborValue recurrences = { .parser = NULL };
634 cborFindResult = cbor_value_enter_container(&aclMap, &recurrences);
635 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
636 acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
637 VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
639 while (cbor_value_is_text_string(&recurrences))
641 cborFindResult = cbor_value_dup_text_string(&recurrences,
642 &acl->recurrences[i++], &len, NULL);
643 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array Value.");
644 cborFindResult = cbor_value_advance(&recurrences);
645 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Closing Recurrence Array.");
652 if (type != CborMapType && cbor_value_is_valid(&aclMap))
654 cborFindResult = cbor_value_advance(&aclMap);
655 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
661 if (cbor_value_is_valid(&aclArray))
663 cborFindResult = cbor_value_advance(&aclArray);
664 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
671 if (cbor_value_is_valid(&aclistMap))
673 cborFindResult = cbor_value_advance(&aclistMap);
674 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
679 // TODO : Need to modify headAcl->owners[0].id to headAcl->rowner based on RAML spec.
680 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
682 char *stRowner = NULL;
683 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
684 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
685 ret = ConvertStrToUuid(stRowner, &headAcl->rownerID);
686 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
691 if (cbor_value_is_valid(&aclMap))
693 cborFindResult = cbor_value_advance(&aclMap);
694 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
699 if (cborFindResult != CborNoError)
701 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
702 DeleteACLList(headAcl);
709 * This method removes ACE for the subject and resource from the ACL
711 * @param subject of the ACE
712 * @param resource of the ACE
715 * ::OC_STACK_RESOURCE_DELETED on success
716 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
717 * ::OC_STACK_INVALID_PARAM on invalid parameter
719 static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
721 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
723 OicSecAcl_t *acl = NULL;
724 OicSecAcl_t *tempAcl = NULL;
725 bool deleteFlag = false;
726 OCStackResult ret = OC_STACK_NO_RESOURCE;
728 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
730 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
731 return OC_STACK_INVALID_PARAM;
734 //If resource is NULL then delete all the ACE for the subject.
735 if (NULL == resource || resource[0] == '\0')
737 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
739 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
741 LL_DELETE(gAcl, acl);
749 //Looping through ACL to find the right ACE to delete. If the required resource is the only
750 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
751 //than the required resource in the ACE, for the subject then just delete the resource from
753 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
755 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
757 if (1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
759 LL_DELETE(gAcl, acl);
768 for (i = 0; i < acl->resourcesLen; i++)
770 if (strcmp(acl->resources[i], resource) == 0)
776 if (0 <= (int) resPos)
778 OICFree(acl->resources[resPos]);
779 acl->resources[resPos] = NULL;
780 acl->resourcesLen -= 1;
781 for (i = resPos; i < acl->resourcesLen; i++)
783 acl->resources[i] = acl->resources[i + 1];
795 // In case of unit test do not update persistant storage.
796 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
798 ret = OC_STACK_RESOURCE_DELETED;
802 uint8_t *payload = NULL;
804 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
806 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
808 ret = OC_STACK_RESOURCE_DELETED;
818 * This method parses the query string received for REST requests and
819 * retrieves the 'subject' field.
821 * @param query querystring passed in REST request
822 * @param subject subject UUID parsed from query string
824 * @return true if query parsed successfully and found 'subject', else false.
826 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
828 OicParseQueryIter_t parseIter = { .attrPos = NULL };
830 ParseQueryIterInit((unsigned char *) query, &parseIter);
832 while (GetNextQuery (&parseIter))
834 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
836 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
837 memcpy(subject->id, parseIter.valPos, parseIter.valLen);
847 * This method parses the query string received for REST requests and
848 * retrieves the 'resource' field.
850 * @param query querystring passed in REST request
851 * @param resource resource parsed from query string
852 * @param resourceSize size of the memory pointed to resource
854 * @return true if query parsed successfully and found 'resource', else false.
856 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
858 OicParseQueryIter_t parseIter = { .attrPos = NULL };
860 ParseQueryIterInit((unsigned char *) query, &parseIter);
862 while (GetNextQuery (&parseIter))
864 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
867 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
868 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
878 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
880 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
881 uint8_t* payload = NULL;
883 OCEntityHandlerResult ehRet;
885 // Process the REST querystring parameters
886 if (ehRequest->query)
888 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
890 OicUuid_t subject = {.id= { 0 } };
891 char resource[MAX_URI_LENGTH] = { 0 };
893 OicSecAcl_t *savePtr = NULL;
894 const OicSecAcl_t *currentAce = NULL;
896 // 'Subject' field is MUST for processing a querystring in REST request.
897 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
899 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
902 * TODO : Currently, this code only provides one ACE for a Subject.
903 * Below code needs to be updated for scenarios when Subject have
904 * multiple ACE's in ACL resource.
906 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
909 * If REST querystring contains a specific resource, we need
910 * to search for that resource in ACE.
912 if (resource[0] != '\0')
914 for (size_t n = 0; n < currentAce->resourcesLen; n++)
916 if ((currentAce->resources[n])
917 && (0 == strcmp(resource, currentAce->resources[n])
918 || 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
920 // Convert ACL data into CBOR format for transmission
921 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
931 // Convert ACL data into CBOR format for transmission
932 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
942 // Convert ACL data into CBOR format for transmission.
943 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
949 // A device should always have a default acl. Therefore, payload should never be NULL.
950 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
952 // Send response payload to request originator
953 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, payload, size))
956 OIC_LOG(ERROR, TAG, "SendSRMResponse failed for HandleACLGetRequest");
960 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
964 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
966 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
967 OCEntityHandlerResult ehRet = OC_EH_ERROR;
969 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
970 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
971 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
974 OicSecAcl_t *newAcl = CBORPayloadToAcl(payload, size);
977 // Append the new ACL to existing ACL
978 LL_APPEND(gAcl, newAcl);
980 // In case of unit test do not update persistant storage.
981 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
982 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
984 ehRet = OC_EH_RESOURCE_CREATED;
988 uint8_t *cborPayload = NULL;
989 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
991 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
993 ehRet = OC_EH_RESOURCE_CREATED;
995 OICFree(cborPayload);
1001 // Send payload to request originator
1002 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1004 ehRet = OC_EH_ERROR;
1005 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLPostRequest");
1008 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1012 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1014 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1015 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1016 OicUuid_t subject = { .id= { 0 } };
1017 char resource[MAX_URI_LENGTH] = { 0 };
1019 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1021 // 'Subject' field is MUST for processing a querystring in REST request.
1022 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1024 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1026 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1028 ehRet = OC_EH_RESOURCE_DELETED;
1032 // Send payload to request originator
1033 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL, 0))
1035 ehRet = OC_EH_ERROR;
1036 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleACLDeleteRequest");
1042 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1043 void* callbackParameter)
1045 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1046 (void)callbackParameter;
1047 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1054 if (flag & OC_REQUEST_FLAG)
1056 // TODO : Handle PUT method
1057 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1058 switch (ehRequest->method)
1061 ehRet = HandleACLGetRequest(ehRequest);
1065 ehRet = HandleACLPostRequest(ehRequest);
1068 case OC_REST_DELETE:
1069 ehRet = HandleACLDeleteRequest(ehRequest);
1073 ehRet = OC_EH_ERROR;
1074 SendSRMResponse(ehRequest, ehRet, NULL, 0);
1082 * This internal method is used to create '/oic/sec/acl' resource.
1084 static OCStackResult CreateACLResource()
1088 ret = OCCreateResource(&gAclHandle,
1089 OIC_RSRC_TYPE_SEC_ACL,
1094 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
1096 if (OC_STACK_OK != ret)
1098 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1099 DeInitACLResource();
1104 // This function sets the default ACL and is defined for the unit test only.
1105 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1111 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1113 OCStackResult ret = OC_STACK_ERROR;
1115 OicUuid_t ownerId = { .id = { 0 } };
1118 * TODO In future, when new virtual resources will be added in OIC
1119 * specification, Iotivity stack should be able to add them in
1120 * existing SVR database. To support this, we need to add 'versioning'
1121 * mechanism in SVR database.
1124 const char *rsrcs[] = {
1125 OC_RSRVD_WELL_KNOWN_URI,
1126 OC_RSRVD_DEVICE_URI,
1127 OC_RSRVD_PLATFORM_URI,
1128 OC_RSRVD_RESOURCE_TYPES_URI,
1129 #ifdef WITH_PRESENCE
1130 OC_RSRVD_PRESENCE_URI,
1131 #endif //WITH_PRESENCE
1139 return OC_STACK_INVALID_PARAM;
1142 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1143 VERIFY_NON_NULL(TAG, acl, ERROR);
1145 // Subject -- Mandatory
1146 memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
1148 // Resources -- Mandatory
1149 acl->resourcesLen = sizeof(rsrcs) / sizeof(rsrcs[0]);
1151 acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
1152 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
1154 for (size_t i = 0; i < acl->resourcesLen; i++)
1156 size_t len = strlen(rsrcs[i]) + 1;
1157 acl->resources[i] = (char*) OICMalloc(len * sizeof(char));
1158 VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
1159 OICStrcpy(acl->resources[i], len, rsrcs[i]);
1162 acl->permission = PERMISSION_READ;
1163 acl->prdRecrLen = 0;
1164 acl->periods = NULL;
1165 acl->recurrences = NULL;
1167 // Device ID is the owner of this default ACL
1168 if (GetDoxmResourceData() != NULL)
1170 ret = GetDoxmDeviceID(&ownerId);
1171 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
1175 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
1176 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
1179 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
1188 if (ret != OC_STACK_OK)
1197 OCStackResult InitACLResource()
1199 OCStackResult ret = OC_STACK_ERROR;
1201 uint8_t *data = NULL;
1203 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
1204 // If database read failed
1205 if (ret != OC_STACK_OK)
1207 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
1211 // Read ACL resource from PS
1212 gAcl = CBORPayloadToAcl(data, size);
1215 * If SVR database in persistent storage got corrupted or
1216 * is not available for some reason, a default ACL is created
1217 * which allows user to initiate ACL provisioning again.
1221 GetDefaultACL(&gAcl);
1222 // TODO Needs to update persistent storage
1224 VERIFY_NON_NULL(TAG, gAcl, FATAL);
1226 // Instantiate 'oic.sec.acl'
1227 ret = CreateACLResource();
1230 if (OC_STACK_OK != ret)
1232 DeInitACLResource();
1237 OCStackResult DeInitACLResource()
1239 OCStackResult ret = OCDeleteResource(gAclHandle);
1244 DeleteACLList(gAcl);
1250 const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
1252 OicSecAcl_t *acl = NULL;
1253 OicSecAcl_t *begin = NULL;
1255 if (NULL == subjectId)
1261 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
1264 if (NULL == *savePtr)
1271 * If this is a 'successive' call, search for location pointed by
1272 * savePtr and assign 'begin' to the next ACL after it in the linked
1273 * list and start searching from there.
1275 LL_FOREACH(gAcl, acl)
1277 if (acl == *savePtr)
1284 // Find the next ACL corresponding to the 'subjectID' and return it.
1285 LL_FOREACH(begin, acl)
1287 if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
1294 // Cleanup in case no ACL is found
1299 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
1301 OCStackResult ret = OC_STACK_ERROR;
1303 // Convert CBOR format to ACL data. This will also validate the ACL data received.
1304 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
1308 // Append the new ACL to existing ACL
1309 LL_APPEND(gAcl, newAcl);
1311 // Update persistent storage only if it is not WILDCARD_SUBJECT_ID
1312 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
1313 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
1320 uint8_t *payload = NULL;
1321 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1323 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1336 * This function generates default ACL for security resource in case of owned status.
1338 * @return Default ACL for security resource.
1340 static OicSecAcl_t* GetSecDefaultACL()
1342 const char *sec_rsrcs[] = {
1346 OicUuid_t ownerId = {.id = {0}};
1347 OCStackResult res = OC_STACK_ERROR;
1348 OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
1349 VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
1351 // Subject -- Mandatory
1352 memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
1354 // Resources -- Mandatory
1355 newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
1356 newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
1357 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
1359 for (size_t i = 0; i < NUMBER_OF_DEFAULT_SEC_RSCS; i++)
1361 size_t len = strlen(sec_rsrcs[i]) + 1;
1362 newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
1363 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
1364 OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
1367 // Permissions -- Mandatory
1368 newDefaultAcl->permission = PERMISSION_READ;
1370 //Period -- Not Mandatory
1371 newDefaultAcl->prdRecrLen = 0;
1372 newDefaultAcl->periods = NULL;
1374 //Recurrence -- Not Mandatory
1375 newDefaultAcl->recurrences = NULL;
1377 // Device ID is the owner of this default ACL
1378 res = GetDoxmDeviceID(&ownerId);
1379 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
1381 // Owners -- Mandatory
1382 memcpy(&newDefaultAcl->rownerID, &ownerId, sizeof(OicUuid_t));
1384 return newDefaultAcl;
1386 DeleteACLList(newDefaultAcl);
1391 OCStackResult UpdateDefaultSecProvACL()
1393 OCStackResult ret = OC_STACK_OK;
1394 OicSecAcl_t *acl = NULL;
1395 OicSecAcl_t *tmp = NULL;
1399 int matchedRsrc = 0;
1400 bool isRemoved = false;
1402 LL_FOREACH_SAFE(gAcl, acl, tmp)
1404 //Find default security resource ACL
1405 if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
1406 ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
1410 for(size_t i = 0; i < acl->resourcesLen; i++)
1412 if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
1413 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
1414 strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
1415 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
1416 strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
1417 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
1418 strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
1419 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
1425 //If default security resource ACL is detected, delete it.
1426 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
1428 LL_DELETE(gAcl, acl);
1438 * Generate new security resource ACL as follows :
1440 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
1443 OicSecAcl_t *newDefaultAcl = GetSecDefaultACL();
1446 LL_APPEND(gAcl, newDefaultAcl);
1449 uint8_t *payload = NULL;
1450 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1452 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1465 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
1467 OCStackResult ret = OC_STACK_ERROR;
1468 uint8_t *cborPayload = NULL;
1470 OicUuid_t prevId = {.id={0}};
1472 if(NULL == newROwner)
1474 ret = OC_STACK_INVALID_PARAM;
1478 ret = OC_STACK_NO_RESOURCE;
1481 if(newROwner && gAcl)
1483 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
1484 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
1486 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
1487 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1489 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
1490 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1492 OICFree(cborPayload);
1498 OICFree(cborPayload);
1499 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
1503 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
1505 OCStackResult retVal = OC_STACK_ERROR;
1508 *rowneruuid = gAcl->rownerID;
1509 retVal = OC_STACK_OK;