1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #include "iotivity_config.h"
24 #elif defined(HAVE_STRINGS_H)
32 #include "ocserverrequest.h"
33 #include "oic_malloc.h"
34 #include "oic_string.h"
36 #include "ocpayload.h"
38 #include "payload_logging.h"
39 #include "srmresourcestrings.h"
40 #include "aclresource.h"
41 #include "doxmresource.h"
42 #include "resourcemanager.h"
43 #include "srmutility.h"
44 #include "psinterface.h"
45 #include "ocpayloadcbor.h"
47 #include "security_internals.h"
50 #define NUMBER_OF_SEC_PROV_RSCS 4
51 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
52 #define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
54 static const uint8_t ACL_MAP_SIZE = 4;
55 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
56 static const uint8_t ACL_ACES_MAP_SIZE = 3;
57 static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
60 // CborSize is the default cbor payload size being used.
61 static const uint16_t CBOR_SIZE = 2048*8;
63 static OicSecAcl_t *gAcl = NULL;
64 static OCResourceHandle gAclHandle = NULL;
66 void FreeRsrc(OicSecRsrc_t *rsrc)
68 //Clean each member of resource
72 if(0 < rsrc->typeLen && rsrc->types)
74 for(size_t i = 0; i < rsrc->typeLen; i++)
76 OICFree(rsrc->types[i]);
82 if(0 < rsrc->interfaceLen && rsrc->interfaces)
84 for(size_t i = 0; i < rsrc->interfaceLen; i++)
86 OICFree(rsrc->interfaces[i]);
88 OICFree(rsrc->interfaces);
89 rsrc->interfaces = NULL;
96 * This function frees OicSecAcl_t object's fields and object itself.
98 static void FreeACE(OicSecAce_t *ace)
102 OIC_LOG(ERROR, TAG, "Invalid Parameter");
107 OicSecRsrc_t* rsrc = NULL;
108 OicSecRsrc_t* tmpRsrc = NULL;
109 LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
111 LL_DELETE(ace->resources, rsrc);
116 OicSecValidity_t *validity = NULL;
117 OicSecValidity_t *tmpValidity = NULL;
118 LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
120 LL_DELETE(ace->validities, validity);
123 OICFree(validity->period);
126 for(size_t i = 0; i < validity->recurrenceLen; i++)
128 OICFree(validity->recurrences[i]);
130 OICFree(validity->recurrences);
140 void DeleteACLList(OicSecAcl_t* acl)
144 OicSecAce_t *ace = NULL;
145 OicSecAce_t *tmpAce = NULL;
146 LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
148 LL_DELETE(acl->aces, ace);
156 OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
158 OicSecAce_t* newAce = NULL;
159 size_t allocateSize = 0;
163 newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
164 VERIFY_NON_NULL(TAG, newAce, ERROR);
167 memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
169 OicSecRsrc_t* rsrc = NULL;
170 LL_FOREACH(ace->resources, rsrc)
172 OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
173 VERIFY_NON_NULL(TAG, newRsrc, ERROR);
174 LL_APPEND(newAce->resources, newRsrc);
177 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
178 allocateSize = strlen(rsrc->href) + 1;
179 newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
180 VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
181 OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
185 allocateSize = strlen(rsrc->rel) + 1;
186 newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
187 VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
188 OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
191 if(rsrc->types && 0 < rsrc->typeLen)
193 newRsrc->typeLen = rsrc->typeLen;
194 newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
195 VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
196 for(size_t i = 0; i < rsrc->typeLen; i++)
198 newRsrc->types[i] = OICStrdup(rsrc->types[i]);
199 VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
203 if(rsrc->interfaces && 0 < rsrc->interfaceLen)
205 newRsrc->interfaceLen = rsrc->interfaceLen;
206 newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
207 VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
208 for(size_t i = 0; i < rsrc->interfaceLen; i++)
210 newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
211 VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
217 newAce->permission = ace->permission;
222 OicSecValidity_t* validity = NULL;
223 LL_FOREACH(ace->validities, validity)
225 OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
226 VERIFY_NON_NULL(TAG, newValidity, ERROR);
227 LL_APPEND(newAce->validities, newValidity);
231 allocateSize = strlen(validity->period) + 1;
232 newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
233 VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
234 OICStrcpy(newValidity->period, allocateSize, validity->period);
237 if(validity->recurrences && 0 < validity->recurrenceLen)
239 newValidity->recurrenceLen = validity->recurrenceLen;
241 newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
242 VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
244 for(size_t i = 0; i < validity->recurrenceLen; i++)
246 allocateSize = strlen(validity->recurrences[i]) + 1;
247 newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
248 VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
249 OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
265 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
271 OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
281 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
283 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
285 return OC_STACK_INVALID_PARAM;
288 OCStackResult ret = OC_STACK_ERROR;
289 CborError cborEncoderResult = CborNoError;
290 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
291 OicSecAce_t* ace = NULL;
294 CborEncoder aclListMap;
295 CborEncoder acesArray;
296 uint8_t *outPayload = NULL;
297 size_t cborLen = *size;
306 outPayload = (uint8_t *)OICCalloc(1, cborLen);
307 VERIFY_NON_NULL(TAG, outPayload, ERROR);
308 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
310 // Create ACL Map (aclist, rownerid)
311 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
312 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
314 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
315 strlen(OIC_JSON_ACLIST_NAME));
316 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
318 // Create ACLIST Map (aces)
319 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
322 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
323 strlen(OIC_JSON_ACES_NAME));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
327 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
328 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
331 LL_FOREACH (acl->aces, ace)
333 CborEncoder oicSecAclMap;
334 // ACL Map size - Number of mandatory items
335 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
338 OicSecValidity_t* validityElts = ace->validities;
341 if(validityElts->period)
345 if(validityElts->recurrences)
351 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
352 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
354 // Subject -- Mandatory
355 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
356 strlen(OIC_JSON_SUBJECTID_NAME));
357 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
358 inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
359 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
360 if(inLen == WILDCARD_SUBJECT_ID_LEN)
362 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
363 strlen(WILDCARD_RESOURCE_URI));
364 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
368 char *subject = NULL;
369 ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
370 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
371 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
372 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
378 CborEncoder resources;
379 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
380 strlen(OIC_JSON_RESOURCES_NAME));
381 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
384 OicSecRsrc_t* rsrcElts = NULL;
385 LL_FOREACH(ace->resources, rsrcElts)
390 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
391 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
393 OicSecRsrc_t* rsrc = NULL;
394 LL_FOREACH(ace->resources, rsrc)
398 size_t rsrcMapSize = ACL_RESOURCE_MAP_SIZE;
404 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
405 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
408 VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
409 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
410 strlen(OIC_JSON_HREF_NAME));
411 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
412 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
413 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
415 //resource type -- Mandatory
416 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
417 strlen(OIC_JSON_RT_NAME));
418 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
420 CborEncoder resourceTypes;
421 cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
422 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
423 for(size_t i = 0; i < rsrc->typeLen; i++)
425 cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
426 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
428 cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
431 //interface -- Mandatory
432 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
433 strlen(OIC_JSON_IF_NAME));
434 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
436 CborEncoder interfaces;
437 cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
438 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
439 for(size_t i = 0; i < rsrc->interfaceLen; i++)
441 cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
442 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
444 cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
445 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
450 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
451 strlen(OIC_JSON_REL_NAME));
452 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
453 cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
454 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
457 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
458 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
460 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
461 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
464 // Permissions -- Mandatory
465 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
466 strlen(OIC_JSON_PERMISSION_NAME));
467 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
468 cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
469 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
471 // TODO: Need to verfication for validity
472 // Validity(Time-interval) -- Not Mandatory
475 size_t validityLen = 0;
477 LL_FOREACH(ace->validities, validityElts)
482 CborEncoder validities;
483 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
484 strlen(OIC_JSON_VALIDITY_NAME));
485 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
486 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
487 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
489 //How to add the value w/o "title" using tinycobr...? :(
492 LL_FOREACH(ace->validities, validityElts)
494 CborEncoder validity;
495 size_t validitySize = 0;
496 if(validityElts->period)
500 if(validityElts->recurrences)
505 cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
506 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
509 if (validityElts->period)
511 cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
512 strlen(validityElts->period));
513 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
517 if (validityElts->recurrences)
519 CborEncoder recurrences;
520 cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
521 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
523 for (size_t i = 0; i < validityElts->recurrenceLen; i++)
525 cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
526 strlen(validityElts->recurrences[i]));
527 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
529 cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
530 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
533 cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
534 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
537 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
538 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
541 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
542 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
546 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
547 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
550 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
551 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
556 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
557 strlen(OIC_JSON_ROWNERID_NAME));
558 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
559 ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
560 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
561 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
562 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
568 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
569 strlen(OIC_JSON_RT_NAME));
570 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
571 cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
573 for (size_t i = 0; i < 1; i++)
575 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
576 strlen(OIC_RSRC_TYPE_SEC_ACL));
577 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
579 cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
580 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
584 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
585 strlen(OIC_JSON_IF_NAME));
586 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
587 cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
588 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
589 for (size_t i = 0; i < 1; i++)
591 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
592 strlen(OC_RSRVD_INTERFACE_DEFAULT));
593 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
595 cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
596 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
599 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
600 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
602 if (CborNoError == cborEncoderResult)
604 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
605 *size = encoder.ptr - outPayload;
606 *payload = outPayload;
610 if (CborErrorOutOfMemory == cborEncoderResult)
612 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
614 // reallocate and try again!
616 // Since the allocated initial memory failed, double the memory.
617 cborLen += encoder.ptr - encoder.end;
618 cborEncoderResult = CborNoError;
619 ret = AclToCBORPayload(secAcl, payload, &cborLen);
622 else if (cborEncoderResult != CborNoError)
624 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
629 ret = OC_STACK_ERROR;
635 // This function converts CBOR format to ACL data.
636 // Caller needs to invoke 'free' when done using
637 // It parses { "aclist" : [ { ... } ] } instead of { "aclist" : { "aces" : [ ] } }
638 OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size)
640 if (NULL == cborPayload || 0 == size)
644 OCStackResult ret = OC_STACK_ERROR;
645 CborValue aclCbor = { .parser = NULL };
646 CborParser parser = { .end = NULL };
647 CborError cborFindResult = CborNoError;
648 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
650 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
653 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
654 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
655 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
657 while (cbor_value_is_valid(&aclMap))
659 char* tagName = NULL;
661 CborType type = cbor_value_get_type(&aclMap);
662 if (type == CborTextStringType)
664 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
665 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
666 cborFindResult = cbor_value_advance(&aclMap);
667 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
671 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
674 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
675 cborFindResult = cbor_value_enter_container(&aclMap, &acesArray);
676 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
679 while (cbor_value_is_valid(&acesArray))
682 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
683 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
684 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
686 OicSecAce_t *ace = NULL;
687 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
688 VERIFY_NON_NULL(TAG, ace, ERROR);
689 LL_APPEND(acl->aces, ace);
691 VERIFY_NON_NULL(TAG, acl, ERROR);
693 while (cbor_value_is_valid(&aceMap))
697 CborType type = cbor_value_get_type(&aceMap);
698 if (type == CborTextStringType)
700 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
701 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
702 cborFindResult = cbor_value_advance(&aceMap);
703 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
707 // Subject -- Mandatory
708 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
710 char *subject = NULL;
711 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
712 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
713 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
715 ace->subjectuuid.id[0] = '*';
719 OIC_LOG_V(DEBUG, TAG, "Converting subjectuuid = %s to uuid...", subject);
720 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
721 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
726 // Resources -- Mandatory
727 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
729 CborValue resources = { .parser = NULL };
730 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
731 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
733 while (cbor_value_is_valid(&resources))
736 CborValue rMap = { .parser = NULL };
737 cborFindResult = cbor_value_enter_container(&resources, &rMap);
738 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
740 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
741 VERIFY_NON_NULL(TAG, rsrc, ERROR);
742 LL_APPEND(ace->resources, rsrc);
744 while(cbor_value_is_valid(&rMap))
746 char *rMapName = NULL;
747 size_t rMapNameLen = 0;
748 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
749 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
750 cborFindResult = cbor_value_advance(&rMap);
751 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
754 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
756 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
757 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
761 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
763 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
764 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
765 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
767 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
768 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
770 CborValue resourceTypes;
771 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
772 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
774 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
777 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
778 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
779 cborFindResult = cbor_value_advance(&resourceTypes);
780 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
785 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
787 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
788 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
789 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
791 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
792 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
794 CborValue interfaces;
795 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
796 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
798 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
801 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
802 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
803 cborFindResult = cbor_value_advance(&interfaces);
804 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
809 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
811 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
812 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
815 if (cbor_value_is_valid(&rMap))
817 cborFindResult = cbor_value_advance(&rMap);
818 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
823 if (cbor_value_is_valid(&resources))
825 cborFindResult = cbor_value_advance(&resources);
826 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
831 // Permissions -- Mandatory
832 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
835 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
836 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
837 ace->permission = (uint16_t)tmp64;
840 // TODO: Need to verfication for validity
841 // Validity -- Not mandatory
842 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
844 CborValue validitiesMap = {.parser = NULL};
845 size_t validitySize = 0;
847 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
848 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
850 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
851 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
853 while(cbor_value_is_valid(&validitiesMap))
855 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
856 VERIFY_NON_NULL(TAG, validity, ERROR);
857 LL_APPEND(ace->validities, validity);
859 CborValue validityMap = {.parser = NULL};
861 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
862 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
865 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
866 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
868 //recurrence (string array)
869 CborValue recurrenceMap = {.parser = NULL};
870 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
871 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
873 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
874 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
876 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
877 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
879 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
881 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
882 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
884 cborFindResult = cbor_value_advance(&recurrenceMap);
885 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
888 cborFindResult = cbor_value_advance(&validitiesMap);
889 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
895 if (type != CborMapType && cbor_value_is_valid(&aceMap))
897 cborFindResult = cbor_value_advance(&aceMap);
898 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
902 if (cbor_value_is_valid(&acesArray))
904 cborFindResult = cbor_value_advance(&acesArray);
905 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
910 //rownerID -- Mandatory
911 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
913 char *stRowner = NULL;
914 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
915 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
916 OIC_LOG_V(DEBUG, TAG, "Converting rownerid = %s to uuid...", stRowner);
917 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
918 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
923 if (cbor_value_is_valid(&aclMap))
925 cborFindResult = cbor_value_advance(&aclMap);
926 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
931 if (cborFindResult != CborNoError)
933 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
941 // This function converts CBOR format to ACL data.
942 // Caller needs to invoke 'free' when done using
943 // note: This function is used in unit test hence not declared static,
944 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
946 if (NULL == cborPayload || 0 == size)
950 OCStackResult ret = OC_STACK_ERROR;
951 CborValue aclCbor = { .parser = NULL };
952 CborParser parser = { .end = NULL };
953 CborError cborFindResult = CborNoError;
954 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
956 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
959 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
960 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
961 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
963 while (cbor_value_is_valid(&aclMap))
965 char* tagName = NULL;
967 CborType type = cbor_value_get_type(&aclMap);
968 if (type == CborTextStringType)
970 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
971 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
972 cborFindResult = cbor_value_advance(&aclMap);
973 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
977 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
980 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
981 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
982 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
985 while (cbor_value_is_valid(&aclistMap))
989 CborType acType = cbor_value_get_type(&aclistMap);
990 if (acType == CborTextStringType)
992 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
993 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
994 cborFindResult = cbor_value_advance(&aclistMap);
995 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
1000 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
1003 CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1004 cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
1005 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
1008 while (cbor_value_is_valid(&acesArray))
1011 CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
1012 cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
1013 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
1015 OicSecAce_t *ace = NULL;
1016 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1017 VERIFY_NON_NULL(TAG, ace, ERROR);
1018 LL_APPEND(acl->aces, ace);
1020 VERIFY_NON_NULL(TAG, acl, ERROR);
1022 while (cbor_value_is_valid(&aceMap))
1026 CborType type = cbor_value_get_type(&aceMap);
1027 if (type == CborTextStringType)
1029 cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
1030 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
1031 cborFindResult = cbor_value_advance(&aceMap);
1032 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
1036 // Subject -- Mandatory
1037 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
1039 char *subject = NULL;
1040 cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
1041 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
1042 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
1044 ace->subjectuuid.id[0] = '*';
1048 ret = ConvertStrToUuid(subject, &ace->subjectuuid);
1049 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1054 // Resources -- Mandatory
1055 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
1057 CborValue resources = { .parser = NULL };
1058 cborFindResult = cbor_value_enter_container(&aceMap, &resources);
1059 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
1061 while (cbor_value_is_valid(&resources))
1064 CborValue rMap = { .parser = NULL };
1065 cborFindResult = cbor_value_enter_container(&resources, &rMap);
1066 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
1068 OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1069 VERIFY_NON_NULL(TAG, rsrc, ERROR);
1070 LL_APPEND(ace->resources, rsrc);
1072 while(cbor_value_is_valid(&rMap))
1074 char *rMapName = NULL;
1075 size_t rMapNameLen = 0;
1076 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
1077 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
1078 cborFindResult = cbor_value_advance(&rMap);
1079 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
1082 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
1084 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
1085 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
1089 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
1091 cbor_value_get_array_length(&rMap, &rsrc->typeLen);
1092 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
1093 VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
1095 rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
1096 VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
1098 CborValue resourceTypes;
1099 cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
1100 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
1102 for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
1104 cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
1105 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
1106 cborFindResult = cbor_value_advance(&resourceTypes);
1107 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
1112 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
1114 cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
1115 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
1116 VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
1118 rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
1119 VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
1121 CborValue interfaces;
1122 cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
1123 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
1125 for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
1127 cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
1128 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
1129 cborFindResult = cbor_value_advance(&interfaces);
1130 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
1135 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
1137 cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
1138 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
1141 if (cbor_value_is_valid(&rMap))
1143 cborFindResult = cbor_value_advance(&rMap);
1144 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
1149 if (cbor_value_is_valid(&resources))
1151 cborFindResult = cbor_value_advance(&resources);
1152 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
1157 // Permissions -- Mandatory
1158 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
1161 cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
1162 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
1163 ace->permission = (uint16_t)tmp64;
1166 // TODO: Need to verfication for validity
1167 // Validity -- Not mandatory
1168 if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
1170 CborValue validitiesMap = {.parser = NULL};
1171 size_t validitySize = 0;
1173 cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
1174 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
1176 cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
1177 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
1179 while(cbor_value_is_valid(&validitiesMap))
1181 OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
1182 VERIFY_NON_NULL(TAG, validity, ERROR);
1183 LL_APPEND(ace->validities, validity);
1185 CborValue validityMap = {.parser = NULL};
1187 cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
1188 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
1191 cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
1192 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
1194 //recurrence (string array)
1195 CborValue recurrenceMap = {.parser = NULL};
1196 cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
1197 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
1199 cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
1200 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
1202 validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
1203 VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
1205 for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
1207 cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
1208 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
1210 cborFindResult = cbor_value_advance(&recurrenceMap);
1211 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
1214 cborFindResult = cbor_value_advance(&validitiesMap);
1215 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
1221 if (type != CborMapType && cbor_value_is_valid(&aceMap))
1223 cborFindResult = cbor_value_advance(&aceMap);
1224 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
1228 if (cbor_value_is_valid(&acesArray))
1230 cborFindResult = cbor_value_advance(&acesArray);
1231 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
1238 if (cbor_value_is_valid(&aclistMap))
1240 cborFindResult = cbor_value_advance(&aclistMap);
1241 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
1246 //rownerID -- Mandatory
1247 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
1249 char *stRowner = NULL;
1250 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
1251 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1252 ret = ConvertStrToUuid(stRowner, &acl->rownerID);
1253 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1256 else if (NULL != gAcl)
1258 memcpy(&(acl->rownerID), &(gAcl->rownerID), sizeof(OicUuid_t));
1262 if (cbor_value_is_valid(&aclMap))
1264 cborFindResult = cbor_value_advance(&aclMap);
1265 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
1270 if (cborFindResult != CborNoError)
1272 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
1281 * This method removes ACE for the subject and resource from the ACL
1283 * @param subject of the ACE
1284 * @param resource of the ACE
1287 * ::OC_STACK_RESOURCE_DELETED on success
1288 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
1289 * ::OC_STACK_INVALID_PARAM on invalid parameter
1291 OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
1293 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
1295 OicSecAce_t *ace = NULL;
1296 OicSecAce_t *tempAce = NULL;
1297 bool deleteFlag = false;
1298 OCStackResult ret = OC_STACK_NO_RESOURCE;
1300 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
1302 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
1303 return OC_STACK_INVALID_PARAM;
1306 //If resource is NULL then delete all the ACE for the subject.
1307 if (NULL == resource || resource[0] == '\0')
1309 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1311 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1313 LL_DELETE(gAcl->aces, ace);
1321 //Looping through ACL to find the right ACE to delete. If the required resource is the only
1322 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
1323 //than the required resource in the ACE, for the subject then just delete the resource from
1324 //the resource array
1325 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
1327 if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
1329 OicSecRsrc_t* rsrc = NULL;
1330 OicSecRsrc_t* tempRsrc = NULL;
1331 LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
1333 if(strcmp(rsrc->href, resource) == 0)
1335 LL_DELETE(ace->resources, rsrc);
1341 //If resource list is empty
1342 if(NULL == ace->resources && true == deleteFlag)
1344 //Remove the ACE from ACL
1345 LL_DELETE(gAcl->aces, ace);
1354 // In case of unit test do not update persistant storage.
1355 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
1357 ret = OC_STACK_RESOURCE_DELETED;
1361 uint8_t *payload = NULL;
1363 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1365 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
1367 ret = OC_STACK_RESOURCE_DELETED;
1377 * This method parses the query string received for REST requests and
1378 * retrieves the 'subject' field.
1380 * @param query querystring passed in REST request
1381 * @param subject subject UUID parsed from query string
1383 * @return true if query parsed successfully and found 'subject', else false.
1385 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
1387 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1389 ParseQueryIterInit((unsigned char *) query, &parseIter);
1391 while (GetNextQuery (&parseIter))
1393 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
1395 char strUuid[STRING_UUID_SIZE] = {0};
1396 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1397 memcpy(strUuid, parseIter.valPos, parseIter.valLen);
1398 OCStackResult res = ConvertStrToUuid(strUuid, subject);
1399 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
1409 * This method parses the query string received for REST requests and
1410 * retrieves the 'resource' field.
1412 * @param query querystring passed in REST request
1413 * @param resource resource parsed from query string
1414 * @param resourceSize size of the memory pointed to resource
1416 * @return true if query parsed successfully and found 'resource', else false.
1418 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
1420 OicParseQueryIter_t parseIter = { .attrPos = NULL };
1422 ParseQueryIterInit((unsigned char *) query, &parseIter);
1424 while (GetNextQuery (&parseIter))
1426 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
1429 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
1430 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
1440 static size_t GetNumberOfResource(OicSecRsrc_t* resources)
1445 OicSecRsrc_t* rsrc = NULL;
1446 LL_FOREACH(resources, rsrc)
1454 static size_t GetNumberOfValidity(OicSecValidity_t* val)
1460 OicSecValidity_t* temp = NULL;
1461 LL_FOREACH(val, temp)
1470 static bool IsSameStringArray(char** strArr1, size_t strArr1Len,
1471 char** strArr2, size_t strArr2Len)
1474 if(NULL == strArr1 && NULL == strArr2)
1479 if(strArr1 && strArr2 && NULL == *strArr1 && NULL == *strArr2)
1484 if(strArr1 && strArr2)
1486 if(*strArr1 && *strArr2 && strArr1Len == strArr2Len)
1488 size_t matchedStr = 0;
1489 for(size_t i = 0; i < strArr1Len; i++)
1491 for(size_t j = 0; j < strArr2Len; j++)
1493 if(strcmp(strArr1[i], strArr2[j]) == 0)
1499 if(matchedStr == strArr1Len)
1509 static bool IsSameResources(OicSecRsrc_t* resources1, OicSecRsrc_t* resources2)
1511 size_t numOfRsrc1 = 0;
1512 size_t numOfRsrc2 = 0;
1513 size_t numOfMatchedRsrc = 0;
1514 OicSecRsrc_t* rsrc1 = NULL;
1515 OicSecRsrc_t* rsrc2 = NULL;
1517 if(NULL == resources1 && NULL == resources2)
1522 if(resources1 && resources2)
1524 numOfRsrc1 = GetNumberOfResource(resources1);
1525 numOfRsrc2 = GetNumberOfResource(resources2);
1527 if(0 == numOfRsrc1 && 0 == numOfRsrc2)
1532 LL_FOREACH(resources1, rsrc1)
1535 LL_FOREACH(resources2, rsrc2)
1539 if(strcmp(rsrc1->href, rsrc2->href) == 0 &&
1540 IsSameStringArray(rsrc1->interfaces, rsrc1->interfaceLen,
1541 rsrc2->interfaces, rsrc2->interfaceLen) &&
1542 IsSameStringArray(rsrc1->types, rsrc1->typeLen,
1543 rsrc2->types, rsrc2->typeLen))
1545 // TODO: Update codes to compare 'rel' property
1552 if(numOfMatchedRsrc == numOfRsrc1)
1561 static bool IsSameValidities(OicSecValidity_t* validities1, OicSecValidity_t* validities2)
1563 size_t numOfVal1 = 0;
1564 size_t numOfVal2 = 0;
1565 size_t numOfMatchedVal = 0;
1566 OicSecValidity_t* val1 = NULL;
1567 OicSecValidity_t* val2 = NULL;
1569 if(NULL == validities1 && NULL == validities2)
1574 if(validities1 && validities2)
1576 numOfVal1 = GetNumberOfValidity(validities1);
1577 numOfVal2 = GetNumberOfValidity(validities2);
1578 if(0 == numOfVal1 && 0 == numOfVal2)
1583 if(numOfVal1 == numOfVal2)
1585 LL_FOREACH(validities1, val1)
1587 LL_FOREACH(validities2, val2)
1589 if(strcmp(val1->period, val2->period) == 0 &&
1590 IsSameStringArray(val1->recurrences, val1->recurrenceLen,
1591 val2->recurrences, val2->recurrenceLen))
1597 if(numOfVal1 == numOfMatchedVal)
1607 static bool IsSameACE(OicSecAce_t* ace1, OicSecAce_t* ace2)
1611 if(memcmp(ace1->subjectuuid.id, ace2->subjectuuid.id, sizeof(ace1->subjectuuid.id)) != 0)
1616 if(false == IsSameResources(ace1->resources, ace2->resources))
1621 if(ace1->permission != ace2->permission)
1626 if(false == IsSameValidities(ace1->validities, ace2->validities))
1637 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
1639 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
1640 uint8_t* payload = NULL;
1642 OCEntityHandlerResult ehRet;
1644 OicUuid_t subject = {.id= { 0 } };
1646 // In case, 'subject' field is included in REST request.
1647 if (ehRequest->query && GetSubjectFromQueryString(ehRequest->query, &subject))
1649 OIC_LOG(DEBUG,TAG,"'subject' field is inculded in REST request.");
1650 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
1652 char resource[MAX_URI_LENGTH] = { 0 };
1654 OicSecAce_t *savePtr = NULL;
1655 const OicSecAce_t *currentAce = NULL;
1656 OicSecAcl_t targetAcl;
1658 memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
1659 targetAcl.aces = NULL;
1661 // 'Subject' field is MUST for processing a querystring in REST request.
1662 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1665 * TODO : Currently, this code only provides one ACE for a Subject.
1666 * Below code needs to be updated for scenarios when Subject have
1667 * multiple ACE's in ACL resource.
1669 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
1671 targetAcl.aces = (OicSecAce_t*)currentAce;
1674 * If REST querystring contains a specific resource, we need
1675 * to search for that resource in ACE.
1677 if (resource[0] != '\0')
1679 OicSecRsrc_t *rsrc = NULL;
1680 LL_FOREACH(currentAce->resources, rsrc)
1682 if(0 == strcmp(rsrc->href, resource) ||
1683 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
1685 // Convert ACL data into CBOR format for transmission
1686 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1688 ehRet = OC_EH_ERROR;
1696 // Convert ACL data into CBOR format for transmission
1697 if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
1699 ehRet = OC_EH_ERROR;
1705 // In case, 'subject' field is not included in REST request.
1708 OIC_LOG(DEBUG,TAG,"'subject' field is not inculded in REST request.");
1709 // Convert ACL data into CBOR format for transmission.
1710 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
1712 ehRet = OC_EH_ERROR;
1716 // A device should always have a default acl. Therefore, payload should never be NULL.
1717 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
1718 OIC_LOG(DEBUG, TAG, "ACL payload with GET response");
1719 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1721 //Send payload to request originator
1722 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1723 OC_EH_OK : OC_EH_ERROR;
1727 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1731 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
1733 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
1734 OCEntityHandlerResult ehRet = OC_EH_OK;
1736 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
1737 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData;
1738 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
1741 OicSecAcl_t *newAcl = NULL;
1742 OIC_LOG(DEBUG, TAG, "ACL payload from POST request << ");
1743 OIC_LOG_BUFFER(DEBUG, TAG, payload, size);
1745 newAcl = CBORPayloadToAcl(payload, size);
1748 bool isNewAce = true;
1749 OicSecAce_t* existAce = NULL;
1750 OicSecAce_t* newAce = NULL;
1751 OicSecAce_t* tempAce1 = NULL;
1752 OicSecAce_t* tempAce2 = NULL;
1754 LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce1)
1757 LL_FOREACH_SAFE(gAcl->aces, existAce, tempAce2)
1759 if(IsSameACE(newAce, existAce))
1766 OIC_LOG(DEBUG, TAG, "NEW ACE dectected.");
1768 OicSecAce_t* insertAce = DuplicateACE(newAce);
1771 OIC_LOG(DEBUG, TAG, "Appending new ACE..");
1772 LL_PREPEND(gAcl->aces, insertAce);
1776 OIC_LOG(ERROR, TAG, "Failed to duplicate ACE.");
1777 ehRet = OC_EH_ERROR;
1781 memcpy(&(gAcl->rownerID), &(newAcl->rownerID), sizeof(OicUuid_t));
1783 DeleteACLList(newAcl);
1785 if(OC_EH_OK == ehRet)
1788 uint8_t *cborPayload = NULL;
1790 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1792 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1794 ehRet = OC_EH_CHANGED;
1796 OICFree(cborPayload);
1799 if(OC_EH_CHANGED != ehRet)
1801 ehRet = OC_EH_ERROR;
1807 //Send response to request originator
1808 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1809 OC_EH_OK : OC_EH_ERROR;
1811 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1815 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1817 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1818 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1819 OicUuid_t subject = { .id= { 0 } };
1820 char resource[MAX_URI_LENGTH] = { 0 };
1822 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1824 // 'Subject' field is MUST for processing a querystring in REST request.
1825 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1827 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1829 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1831 ehRet = OC_EH_RESOURCE_DELETED;
1835 //Send response to request originator
1836 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1837 OC_EH_OK : OC_EH_ERROR;
1842 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1843 void* callbackParameter)
1845 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1846 (void)callbackParameter;
1847 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1854 if (flag & OC_REQUEST_FLAG)
1856 // TODO : Handle PUT method
1857 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1858 switch (ehRequest->method)
1861 ehRet = HandleACLGetRequest(ehRequest);
1865 ehRet = HandleACLPostRequest(ehRequest);
1868 case OC_REST_DELETE:
1869 ehRet = HandleACLDeleteRequest(ehRequest);
1873 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1874 OC_EH_OK : OC_EH_ERROR;
1882 * This internal method is used to create '/oic/sec/acl' resource.
1884 static OCStackResult CreateACLResource()
1888 ret = OCCreateResource(&gAclHandle,
1889 OIC_RSRC_TYPE_SEC_ACL,
1890 OC_RSRVD_INTERFACE_DEFAULT,
1896 if (OC_STACK_OK != ret)
1898 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1899 DeInitACLResource();
1904 // This function sets the default ACL and is defined for the unit test only.
1905 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1911 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1913 OCStackResult ret = OC_STACK_ERROR;
1914 OicUuid_t ownerId = { .id = { 0 } };
1915 OicSecAcl_t *acl = NULL;
1916 OicSecAce_t *ace = NULL;
1917 OicSecRsrc_t* resRsrc = NULL;
1918 OicSecRsrc_t* deviceRsrc = NULL;
1919 OicSecRsrc_t* platformRsrc = NULL;
1920 OicSecRsrc_t* aclRsrc = NULL;
1921 OicSecRsrc_t* doxmRsrc = NULL;
1922 OicSecRsrc_t* pstatRsrc = NULL;
1925 * TODO In future, when new virtual resources will be added in OIC
1926 * specification, Iotivity stack should be able to add them in
1927 * existing SVR database. To support this, we need to add 'versioning'
1928 * mechanism in SVR database.
1933 return OC_STACK_INVALID_PARAM;
1936 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1937 VERIFY_NON_NULL(TAG, acl, ERROR);
1939 ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
1940 VERIFY_NON_NULL(TAG, ace, ERROR);
1942 LL_APPEND(acl->aces, ace);
1944 // Subject -- Mandatory
1945 memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
1947 // Resources -- Mandatory
1949 resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1950 VERIFY_NON_NULL(TAG, resRsrc, ERROR);
1951 LL_APPEND(ace->resources, resRsrc);
1952 resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
1953 VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
1954 resRsrc->typeLen = 1;
1955 resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1956 VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
1957 resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
1958 VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
1959 resRsrc->interfaceLen = 2;
1960 resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
1961 VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
1962 resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1963 VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
1964 resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1965 VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
1968 deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1969 VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
1970 LL_APPEND(ace->resources, deviceRsrc);
1971 deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
1972 VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
1973 deviceRsrc->typeLen = 1;
1974 deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1975 VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
1976 deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
1977 VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
1978 deviceRsrc->interfaceLen = 2;
1979 deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
1980 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
1981 deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
1982 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
1983 deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
1984 VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
1987 platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
1988 VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
1989 LL_APPEND(ace->resources, platformRsrc);
1990 platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
1991 VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
1992 platformRsrc->typeLen = 1;
1993 platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
1994 VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
1995 platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
1996 VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
1997 platformRsrc->interfaceLen = 2;
1998 platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
1999 VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
2000 platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2001 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
2002 platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
2003 VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
2006 aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2007 VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
2008 LL_APPEND(ace->resources, aclRsrc);
2009 aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
2010 VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
2011 aclRsrc->typeLen = 1;
2012 aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2013 VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
2014 aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
2015 VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
2016 aclRsrc->interfaceLen = 1;
2017 aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
2018 VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
2019 aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2020 VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
2023 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2024 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2025 LL_APPEND(ace->resources, doxmRsrc);
2026 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2027 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2028 doxmRsrc->typeLen = 1;
2029 doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2030 VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
2031 doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
2032 VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
2033 doxmRsrc->interfaceLen = 1;
2034 doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
2035 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
2036 doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2037 VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
2040 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2041 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2042 LL_APPEND(ace->resources, pstatRsrc);
2043 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2044 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2045 pstatRsrc->typeLen = 1;
2046 pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
2047 VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
2048 pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
2049 VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
2050 pstatRsrc->interfaceLen = 1;
2051 pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
2052 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
2053 pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
2054 VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
2056 ace->permission = PERMISSION_READ;
2057 ace->validities = NULL;
2059 // Device ID is the owner of this default ACL
2060 if (GetDoxmResourceData() != NULL)
2062 ret = GetDoxmDeviceID(&ownerId);
2063 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
2067 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
2068 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
2071 memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
2078 if (ret != OC_STACK_OK)
2087 OCStackResult InitACLResource()
2089 OCStackResult ret = OC_STACK_ERROR;
2091 uint8_t *data = NULL;
2093 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
2094 // If database read failed
2095 if (OC_STACK_OK != ret)
2097 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
2101 // Read ACL resource from PS
2102 gAcl = CBORPayloadToAcl(data, size);
2106 * If SVR database in persistent storage got corrupted or
2107 * is not available for some reason, a default ACL is created
2108 * which allows user to initiate ACL provisioning again.
2112 ret = GetDefaultACL(&gAcl);
2113 if (OC_STACK_OK != ret)
2115 OIC_LOG(ERROR, TAG, "Failed to create default ACL");
2117 // TODO Needs to update persistent storage
2119 VERIFY_NON_NULL(TAG, gAcl, FATAL);
2121 // Instantiate 'oic.sec.acl'
2122 ret = CreateACLResource();
2125 if (OC_STACK_OK != ret)
2127 DeInitACLResource();
2132 OCStackResult DeInitACLResource()
2134 OCStackResult ret = OCDeleteResource(gAclHandle);
2139 DeleteACLList(gAcl);
2145 const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
2147 OicSecAce_t *ace = NULL;
2148 OicSecAce_t *begin = NULL;
2150 if (NULL == subjectId)
2156 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
2159 if (NULL == *savePtr)
2166 * If this is a 'successive' call, search for location pointed by
2167 * savePtr and assign 'begin' to the next ACL after it in the linked
2168 * list and start searching from there.
2170 LL_FOREACH(gAcl->aces, ace)
2172 if (ace == *savePtr)
2179 // Find the next ACL corresponding to the 'subjectID' and return it.
2180 LL_FOREACH(begin, ace)
2182 if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
2189 // Cleanup in case no ACL is found
2194 void printACL(const OicSecAcl_t* acl)
2196 OIC_LOG(INFO, TAG, "Print ACL:");
2200 OIC_LOG(INFO, TAG, "Received NULL acl");
2204 char *rowner = NULL;
2205 if (OC_STACK_OK == ConvertUuidToStr(&acl->rownerID, &rowner))
2207 OIC_LOG_V(INFO, TAG, "rowner id = %s", rowner);
2211 OIC_LOG(ERROR, TAG, "Can't convert rowner uuid to string");
2215 const OicSecAce_t *ace = acl->aces;
2220 OIC_LOG_V(INFO, TAG, "Print ace[%d]:", ace_count);
2222 OIC_LOG_V(INFO, TAG, "ace permission = %d", ace->permission);
2224 char *subjectuuid = NULL;
2225 if (OC_STACK_OK == ConvertUuidToStr(&ace->subjectuuid, &subjectuuid))
2227 OIC_LOG_V(INFO, TAG, "ace subject uuid = %s", subjectuuid);
2231 OIC_LOG(ERROR, TAG, "Can't convert subjectuuid to string");
2233 OICFree(subjectuuid);
2235 OicSecRsrc_t *res = ace->resources;
2240 OIC_LOG_V(INFO, TAG, "Print resources[%d]:", res_count);
2242 OIC_LOG_V(INFO, TAG, "href = %s", res->href);
2244 for (size_t i = 0; i < res->typeLen; i++)
2246 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->types[i]);
2248 for (size_t i = 0; i < res->interfaceLen; i++)
2250 OIC_LOG_V(INFO, TAG, "if[%zu] = %s", i, res->interfaces[i]);
2256 OicSecValidity_t *vals = ace->validities;
2261 OIC_LOG_V(INFO, TAG, "Print validities[%d]:", vals_count);
2263 OIC_LOG_V(INFO, TAG, "period = %s", vals->period);
2264 for (size_t i = 0; i < vals->recurrenceLen; i++)
2266 OIC_LOG_V(INFO, TAG, "recurrences[%zu] = %s", i, vals->recurrences[i]);
2274 OCStackResult InstallNewACL2(const OicSecAcl_t* acl)
2276 OCStackResult ret = OC_STACK_ERROR;
2280 return OC_STACK_INVALID_PARAM;
2283 // Append the new ACE to existing ACE list
2284 // Can't use LL_APPEND because it sets ace->next to NULL
2285 OicSecAce_t* ace = gAcl->aces;
2292 ace->next = acl->aces;
2296 gAcl->aces = acl->aces;
2302 uint8_t *payload = NULL;
2303 ret = AclToCBORPayload(gAcl, &payload, &size);
2304 if (OC_STACK_OK == ret)
2306 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
2313 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
2315 // Convert CBOR format to ACL data. This will also validate the ACL data received.
2316 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
2318 return InstallNewACL2(newAcl);
2322 * This function generates default ACE for security resource in case of owned status.
2324 * @return Default ACE for security resource.
2326 static OicSecAce_t* GetSecDefaultACE()
2328 const int NUM_OF_DOXM_RT = 1;
2329 const int NUM_OF_DOXM_IF = 1;
2330 const int NUM_OF_PSTAT_RT = 1;
2331 const int NUM_OF_PSTAT_IF = 1;
2332 const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
2333 const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
2334 const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2335 const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
2336 OicSecRsrc_t* doxmRsrc = NULL;
2337 OicSecRsrc_t* pstatRsrc = NULL;
2339 //Generate default ACE
2340 OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
2341 VERIFY_NON_NULL(TAG, newAce, ERROR);
2343 // Subject -- Mandatory
2344 memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
2346 //Resources -- Mandatory
2348 doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2349 VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
2350 LL_APPEND(newAce->resources, doxmRsrc);
2352 doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
2353 VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
2355 doxmRsrc->typeLen = NUM_OF_DOXM_RT;
2356 doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
2357 VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
2358 for(int i = 0; i < NUM_OF_DOXM_RT; i++)
2360 doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
2361 VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
2364 doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
2365 doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
2366 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
2367 for(int i = 0; i < NUM_OF_DOXM_IF; i++)
2369 doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
2370 VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
2374 pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
2375 VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
2376 LL_APPEND(newAce->resources, pstatRsrc);
2378 pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
2379 VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
2381 pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
2382 pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
2383 VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
2384 for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
2386 pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
2387 VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
2390 pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
2391 pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
2392 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
2393 for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
2395 pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
2396 VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
2399 // Permissions -- Mandatory
2400 newAce->permission = PERMISSION_READ;
2402 //Period -- Not Mandatory
2403 newAce->validities = NULL;
2412 OCStackResult UpdateDefaultSecProvACE()
2414 OCStackResult ret = OC_STACK_OK;
2415 OicSecAce_t *ace = NULL;
2416 OicSecAce_t *tempAce = NULL;
2420 int matchedRsrc = 0;
2421 bool isRemoved = false;
2423 LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
2425 //Find default security resource ACL
2426 if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
2427 ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
2431 OicSecRsrc_t* rsrc = NULL;
2432 LL_FOREACH(ace->resources, rsrc)
2434 if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
2435 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
2436 strncmp(rsrc->href, OIC_RSRC_CRED_URI,
2437 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
2438 strncmp(rsrc->href, OIC_RSRC_ACL_URI,
2439 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
2440 strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
2441 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
2447 //If default security resource ACL is detected, delete it.
2448 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
2450 LL_DELETE(gAcl->aces, ace);
2460 * Generate new security resource ACE as follows :
2462 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
2465 OicSecAce_t *secDefaultAce = GetSecDefaultACE();
2468 LL_APPEND(gAcl->aces, secDefaultAce);
2471 uint8_t *payload = NULL;
2472 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
2474 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
2487 OCStackResult SetAclRownerId(const OicUuid_t* newROwner)
2489 OCStackResult ret = OC_STACK_ERROR;
2490 uint8_t *cborPayload = NULL;
2492 OicUuid_t prevId = {.id={0}};
2494 if(NULL == newROwner)
2496 ret = OC_STACK_INVALID_PARAM;
2500 ret = OC_STACK_NO_RESOURCE;
2503 if(newROwner && gAcl)
2505 memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
2506 memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
2508 ret = AclToCBORPayload(gAcl, &cborPayload, &size);
2509 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2511 ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
2512 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2514 OICFree(cborPayload);
2520 OICFree(cborPayload);
2521 memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
2525 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
2527 OCStackResult retVal = OC_STACK_ERROR;
2530 *rowneruuid = gAcl->rownerID;
2531 retVal = OC_STACK_OK;
projects / platform / upstream / iotivity.git / blob