1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
29 #include "ocserverrequest.h"
30 #include "oic_malloc.h"
31 #include "oic_string.h"
33 #include "ocpayload.h"
35 #include "payload_logging.h"
36 #include "srmresourcestrings.h"
37 #include "aclresource.h"
38 #include "doxmresource.h"
39 #include "resourcemanager.h"
40 #include "srmutility.h"
41 #include "psinterface.h"
43 #include "security_internals.h"
46 #define NUMBER_OF_SEC_PROV_RSCS 4
47 #define NUMBER_OF_DEFAULT_SEC_RSCS 2
49 static const uint8_t ACL_MAP_SIZE = 2;
50 static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
51 static const uint8_t ACL_ACES_MAP_SIZE = 3;
52 static const uint8_t ACL_RESOURCE_MAP_SIZE = 4;
55 // CborSize is the default cbor payload size being used.
56 static const uint16_t CBOR_SIZE = 2048;
58 static OicSecAcl_t *gAcl = NULL;
59 static OCResourceHandle gAclHandle = NULL;
62 * This function frees OicSecAcl_t object's fields and object itself.
64 static void FreeACE(OicSecAcl_t *ace)
69 OIC_LOG(ERROR, TAG, "Invalid Parameter");
74 for (i = 0; i < ace->resourcesLen; i++)
76 OICFree(ace->resources[i]);
78 OICFree(ace->resources);
83 for (i = 0; i < ace->prdRecrLen; i++)
85 OICFree(ace->periods[i]);
87 OICFree(ace->periods);
93 for (i = 0; i < ace->prdRecrLen; i++)
95 OICFree(ace->recurrences[i]);
97 OICFree(ace->recurrences);
101 OICFree(ace->owners);
103 // Clean ACL node itself
107 void DeleteACLList(OicSecAcl_t* acl)
111 OicSecAcl_t *aclTmp1 = NULL;
112 OicSecAcl_t *aclTmp2 = NULL;
113 LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
115 LL_DELETE(acl, aclTmp1);
121 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
127 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
137 OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
139 if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
141 return OC_STACK_INVALID_PARAM;
144 OCStackResult ret = OC_STACK_ERROR;
145 CborError cborEncoderResult = CborNoError;
146 OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
147 CborEncoder encoder = { {.ptr = NULL }, .end = 0 };
148 CborEncoder aclMap = { {.ptr = NULL }, .end = 0 };
149 CborEncoder aclListMap = { {.ptr = NULL }, .end = 0 };
150 CborEncoder acesArray = { {.ptr = NULL }, .end = 0 };
151 uint8_t *outPayload = NULL;
152 size_t cborLen = *size;
161 outPayload = (uint8_t *)OICCalloc(1, cborLen);
162 VERIFY_NON_NULL(TAG, outPayload, ERROR);
163 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
165 // Create ACL Map (aclist, rownerid)
166 cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
167 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
169 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
170 strlen(OIC_JSON_ACLIST_NAME));
171 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
173 // Create ACLIST Map (aces)
174 cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
175 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
177 cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
178 strlen(OIC_JSON_ACES_NAME));
179 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
182 cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
183 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
187 CborEncoder oicSecAclMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
188 // ACL Map size - Number of mandatory items
189 uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
197 if (acl->recurrences)
202 cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
203 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
205 // Subject -- Mandatory
206 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
207 strlen(OIC_JSON_SUBJECTID_NAME));
208 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
209 inLen = (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
210 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
211 if(inLen == WILDCARD_SUBJECT_ID_LEN)
213 char *subject = NULL;
214 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
215 strlen(WILDCARD_RESOURCE_URI));
216 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
220 char *subject = NULL;
221 ret = ConvertUuidToStr(&acl->subject, &subject);
222 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
223 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
224 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
230 CborEncoder resources = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
231 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
232 strlen(OIC_JSON_RESOURCES_NAME));
233 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
235 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, acl->resourcesLen);
236 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
238 for (size_t i = 0; i < acl->resourcesLen; i++)
241 CborEncoder rMap = { {.ptr = NULL }, .end = 0 };
242 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, ACL_RESOURCE_MAP_SIZE);
243 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
245 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
246 strlen(OIC_JSON_HREF_NAME));
247 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
248 cborEncoderResult = cbor_encode_text_string(&rMap, acl->resources[i],
249 strlen(acl->resources[i]));
250 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
252 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
253 strlen(OIC_JSON_REL_NAME));
254 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
256 // TODO : Need to assign real value of REL
257 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
258 strlen(OIC_JSON_EMPTY_STRING));
259 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
261 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
262 strlen(OIC_JSON_RT_NAME));
263 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
265 // TODO : Need to assign real value of RT
266 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
267 strlen(OIC_JSON_EMPTY_STRING));
268 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
270 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
271 strlen(OIC_JSON_IF_NAME));
272 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
274 // TODO : Need to assign real value of IF
275 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
276 strlen(OIC_JSON_EMPTY_STRING));
277 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
280 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
281 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
284 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
285 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
289 // Permissions -- Mandatory
290 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
291 strlen(OIC_JSON_PERMISSION_NAME));
292 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
293 cborEncoderResult = cbor_encode_int(&oicSecAclMap, acl->permission);
294 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
296 // Period -- Not Mandatory
301 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERIOD_NAME,
302 strlen(OIC_JSON_PERIOD_NAME));
303 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Tag.");
304 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &period, acl->prdRecrLen);
305 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Array.");
306 for (size_t i = 0; i < acl->prdRecrLen; i++)
308 cborEncoderResult = cbor_encode_text_string(&period, acl->periods[i],
309 strlen(acl->periods[i]));
310 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value in Array.");
312 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &period);
313 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Period Array.");
316 // Recurrence -- Not Mandatory
317 if (acl->recurrences)
319 CborEncoder recurrences;
320 cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RECURRENCES_NAME,
321 strlen(OIC_JSON_RECURRENCES_NAME));
322 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Tag.");
323 cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &recurrences, acl->prdRecrLen);
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
326 for (size_t i = 0; i < acl->prdRecrLen; i++)
328 cborEncoderResult = cbor_encode_text_string(&recurrences, acl->recurrences[i],
329 strlen(acl->recurrences[i]));
330 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
332 cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &recurrences);
333 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
338 cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
339 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
346 cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
347 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
352 cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
353 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
357 // TODO : Need to modify acl->owners[0] to acl->rownerid based on RAML spec.
358 acl = (OicSecAcl_t *)secAcl;
360 if(acl->owners && acl->ownersLen > 0)
362 cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
363 strlen(OIC_JSON_ROWNERID_NAME));
364 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
367 ret = ConvertUuidToStr(&acl->owners[0], &rowner);
368 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
369 cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
370 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
375 cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
376 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
378 if (CborNoError == cborEncoderResult)
380 OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
381 *size = encoder.ptr - outPayload;
382 *payload = outPayload;
386 if (CborErrorOutOfMemory == cborEncoderResult)
388 OIC_LOG(DEBUG, TAG, "AclToCBORPayload:CborErrorOutOfMemory : retry with more memory");
390 // reallocate and try again!
392 // Since the allocated initial memory failed, double the memory.
393 cborLen += encoder.ptr - encoder.end;
394 cborEncoderResult = CborNoError;
395 ret = AclToCBORPayload(secAcl, payload, &cborLen);
398 else if (cborEncoderResult != CborNoError)
400 OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
405 ret = OC_STACK_ERROR;
411 // This function converts CBOR format to ACL data.
412 // Caller needs to invoke 'free' when done using
413 // note: This function is used in unit test hence not declared static,
414 OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
416 if (NULL == cborPayload)
420 OCStackResult ret = OC_STACK_ERROR;
421 CborValue aclCbor = { .parser = NULL };
422 CborParser parser = { .end = NULL };
423 CborError cborFindResult = CborNoError;
424 cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
426 OicSecAcl_t *headAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
429 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
430 cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
431 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
433 while (cbor_value_is_valid(&aclMap))
435 char* tagName = NULL;
437 CborType type = cbor_value_get_type(&aclMap);
438 if (type == CborTextStringType)
440 cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
441 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
442 cborFindResult = cbor_value_advance(&aclMap);
443 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
447 if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
450 CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
451 cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
452 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
455 while (cbor_value_is_valid(&aclistMap))
459 CborType acType = cbor_value_get_type(&aclistMap);
460 if (acType == CborTextStringType)
462 cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &acLen, NULL);
463 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
464 cborFindResult = cbor_value_advance(&aclistMap);
465 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
469 if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
473 CborValue aclArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
474 cborFindResult = cbor_value_enter_container(&aclistMap, &aclArray);
475 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Array.");
478 while (cbor_value_is_valid(&aclArray))
482 CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
483 cborFindResult = cbor_value_enter_container(&aclArray, &aclMap);
484 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
485 OicSecAcl_t *acl = NULL;
493 acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
494 OicSecAcl_t *temp = headAcl;
501 VERIFY_NON_NULL(TAG, acl, ERROR);
503 while (cbor_value_is_valid(&aclMap))
507 CborType type = cbor_value_get_type(&aclMap);
508 if (type == CborTextStringType)
510 cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
511 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
512 cborFindResult = cbor_value_advance(&aclMap);
513 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
517 // Subject -- Mandatory
518 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
520 char *subject = NULL;
521 cborFindResult = cbor_value_dup_text_string(&aclMap, &subject, &len, NULL);
522 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
523 if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
525 acl->subject.id[0] = '*';
529 ret = ConvertStrToUuid(subject, &acl->subject);
530 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
535 // Resources -- Mandatory
536 if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
538 CborValue resources = { .parser = NULL };
539 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->resourcesLen);
540 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Resource Array Len Value.");
541 cborFindResult = cbor_value_enter_container(&aclMap, &resources);
542 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
544 acl->resources = (char **) OICMalloc(acl->resourcesLen * sizeof(char*));
545 VERIFY_NON_NULL(TAG, acl->resources, ERROR);
547 while (cbor_value_is_valid(&resources))
550 CborValue rMap = { .parser = NULL };
551 cborFindResult = cbor_value_enter_container(&resources, &rMap);
552 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
555 while(cbor_value_is_valid(&rMap))
557 char *rMapName = NULL;
558 size_t rMapNameLen = 0;
559 cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
560 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
561 cborFindResult = cbor_value_advance(&rMap);
562 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
565 if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
567 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
568 cborFindResult = cbor_value_dup_text_string(&rMap, &acl->resources[i++], &len, NULL);
569 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
572 if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
574 // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
575 char *relData = NULL;
576 cborFindResult = cbor_value_dup_text_string(&rMap, &relData, &len, NULL);
577 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
581 if (0 == strcmp(OIC_JSON_RT_NAME, rMapName))
583 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
585 cborFindResult = cbor_value_dup_text_string(&rMap, &rtData, &len, NULL);
586 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT Value.");
591 if (0 == strcmp(OIC_JSON_IF_NAME, rMapName))
593 // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
595 cborFindResult = cbor_value_dup_text_string(&rMap, &ifData, &len, NULL);
596 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF Value.");
600 if (cbor_value_is_valid(&rMap))
602 cborFindResult = cbor_value_advance(&rMap);
603 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
608 if (cbor_value_is_valid(&resources))
610 cborFindResult = cbor_value_advance(&resources);
611 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
616 // Permissions -- Mandatory
617 if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
619 cborFindResult = cbor_value_get_uint64(&aclMap, (uint64_t *) &acl->permission);
620 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
623 // Period -- Not mandatory
624 if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0)
626 CborValue period = { .parser = NULL };
627 cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
628 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Len.");
629 cborFindResult = cbor_value_enter_container(&aclMap, &period);
630 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Map.");
631 acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
632 VERIFY_NON_NULL(TAG, acl->periods, ERROR);
634 while (cbor_value_is_text_string(&period))
636 cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
638 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
639 cborFindResult = cbor_value_advance(&period);
640 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
644 // Recurrence -- Not mandatory
645 if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
647 CborValue recurrences = { .parser = NULL };
648 cborFindResult = cbor_value_enter_container(&aclMap, &recurrences);
649 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
650 acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
651 VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
653 while (cbor_value_is_text_string(&recurrences))
655 cborFindResult = cbor_value_dup_text_string(&recurrences,
656 &acl->recurrences[i++], &len, NULL);
657 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array Value.");
658 cborFindResult = cbor_value_advance(&recurrences);
659 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Closing Recurrence Array.");
666 if (type != CborMapType && cbor_value_is_valid(&aclMap))
668 cborFindResult = cbor_value_advance(&aclMap);
669 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
675 if (cbor_value_is_valid(&aclArray))
677 cborFindResult = cbor_value_advance(&aclArray);
678 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
685 if (cbor_value_is_valid(&aclistMap))
687 cborFindResult = cbor_value_advance(&aclistMap);
688 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
693 // TODO : Need to modify headAcl->owners[0].id to headAcl->rowner based on RAML spec.
694 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0)
696 char *stRowner = NULL;
697 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
698 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
699 headAcl->ownersLen = 1;
700 headAcl->owners = (OicUuid_t *)OICCalloc(headAcl->ownersLen, sizeof(*headAcl->owners));
701 VERIFY_NON_NULL(TAG, headAcl->owners, ERROR);
702 ret = ConvertStrToUuid(stRowner, &headAcl->owners[0]);
703 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
708 if (cbor_value_is_valid(&aclMap))
710 cborFindResult = cbor_value_advance(&aclMap);
711 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Map.");
716 if (cborFindResult != CborNoError)
718 OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
719 DeleteACLList(headAcl);
726 * This method removes ACE for the subject and resource from the ACL
728 * @param subject of the ACE
729 * @param resource of the ACE
732 * ::OC_STACK_RESOURCE_DELETED on success
733 * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
734 * ::OC_STACK_INVALID_PARAM on invalid parameter
736 static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
738 OIC_LOG(DEBUG, TAG, "IN RemoveACE");
740 OicSecAcl_t *acl = NULL;
741 OicSecAcl_t *tempAcl = NULL;
742 bool deleteFlag = false;
743 OCStackResult ret = OC_STACK_NO_RESOURCE;
745 if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
747 OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
748 return OC_STACK_INVALID_PARAM;
751 //If resource is NULL then delete all the ACE for the subject.
752 if (NULL == resource || resource[0] == '\0')
754 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
756 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
758 LL_DELETE(gAcl, acl);
766 //Looping through ACL to find the right ACE to delete. If the required resource is the only
767 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
768 //than the required resource in the ACE, for the subject then just delete the resource from
770 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
772 if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
774 if (1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
776 LL_DELETE(gAcl, acl);
785 for (i = 0; i < acl->resourcesLen; i++)
787 if (strcmp(acl->resources[i], resource) == 0)
793 if (0 <= (int) resPos)
795 OICFree(acl->resources[resPos]);
796 acl->resources[resPos] = NULL;
797 acl->resourcesLen -= 1;
798 for (i = resPos; i < acl->resourcesLen; i++)
800 acl->resources[i] = acl->resources[i + 1];
812 // In case of unit test do not update persistant storage.
813 if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
815 ret = OC_STACK_RESOURCE_DELETED;
819 uint8_t *payload = NULL;
821 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
823 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
825 ret = OC_STACK_RESOURCE_DELETED;
835 * This method parses the query string received for REST requests and
836 * retrieves the 'subject' field.
838 * @param query querystring passed in REST request
839 * @param subject subject UUID parsed from query string
841 * @return true if query parsed successfully and found 'subject', else false.
843 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
845 OicParseQueryIter_t parseIter = { .attrPos = NULL };
847 ParseQueryIterInit((unsigned char *) query, &parseIter);
849 while (GetNextQuery (&parseIter))
851 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECTID_NAME, parseIter.attrLen) == 0)
853 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
854 memcpy(subject->id, parseIter.valPos, parseIter.valLen);
864 * This method parses the query string received for REST requests and
865 * retrieves the 'resource' field.
867 * @param query querystring passed in REST request
868 * @param resource resource parsed from query string
869 * @param resourceSize size of the memory pointed to resource
871 * @return true if query parsed successfully and found 'resource', else false.
873 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
875 OicParseQueryIter_t parseIter = { .attrPos = NULL };
877 ParseQueryIterInit((unsigned char *) query, &parseIter);
879 while (GetNextQuery (&parseIter))
881 if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
884 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
885 OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
895 static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
897 OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
898 uint8_t* payload = NULL;
900 OCEntityHandlerResult ehRet;
902 // Process the REST querystring parameters
903 if (ehRequest->query)
905 OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
907 OicUuid_t subject = {.id= { 0 } };
908 char resource[MAX_URI_LENGTH] = { 0 };
910 OicSecAcl_t *savePtr = NULL;
911 const OicSecAcl_t *currentAce = NULL;
913 // 'Subject' field is MUST for processing a querystring in REST request.
914 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
916 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
919 * TODO : Currently, this code only provides one ACE for a Subject.
920 * Below code needs to be updated for scenarios when Subject have
921 * multiple ACE's in ACL resource.
923 while ((currentAce = GetACLResourceData(&subject, &savePtr)))
926 * If REST querystring contains a specific resource, we need
927 * to search for that resource in ACE.
929 if (resource[0] != '\0')
931 for (size_t n = 0; n < currentAce->resourcesLen; n++)
933 if ((currentAce->resources[n])
934 && (0 == strcmp(resource, currentAce->resources[n])
935 || 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
937 // Convert ACL data into CBOR format for transmission
938 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
948 // Convert ACL data into CBOR format for transmission
949 if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
959 // Convert ACL data into CBOR format for transmission.
960 if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
966 // A device should always have a default acl. Therefore, payload should never be NULL.
967 ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
969 // Send response payload to request originator
970 SendSRMCBORResponse(ehRequest, ehRet, payload, size);
972 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
976 static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
978 OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
979 OCEntityHandlerResult ehRet = OC_EH_ERROR;
981 // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
982 uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData1;
983 size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
986 OicSecAcl_t *newAcl = CBORPayloadToAcl(payload, size);
989 // Append the new ACL to existing ACL
990 LL_APPEND(gAcl, newAcl);
992 // In case of unit test do not update persistant storage.
993 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
994 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
996 ehRet = OC_EH_RESOURCE_CREATED;
1000 uint8_t *cborPayload = NULL;
1001 if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
1003 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
1005 ehRet = OC_EH_RESOURCE_CREATED;
1007 OICFree(cborPayload);
1013 // Send payload to request originator
1014 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
1016 OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
1020 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1022 OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
1023 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1024 OicUuid_t subject = { .id= { 0 } };
1025 char resource[MAX_URI_LENGTH] = { 0 };
1027 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
1029 // 'Subject' field is MUST for processing a querystring in REST request.
1030 VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
1032 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
1034 if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
1036 ehRet = OC_EH_RESOURCE_DELETED;
1040 // Send payload to request originator
1041 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
1046 OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
1047 void* callbackParameter)
1049 OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
1050 (void)callbackParameter;
1051 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1058 if (flag & OC_REQUEST_FLAG)
1060 // TODO : Handle PUT method
1061 OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1062 switch (ehRequest->method)
1065 ehRet = HandleACLGetRequest(ehRequest);
1069 ehRet = HandleACLPostRequest(ehRequest);
1072 case OC_REST_DELETE:
1073 ehRet = HandleACLDeleteRequest(ehRequest);
1077 ehRet = OC_EH_ERROR;
1078 SendSRMCBORResponse(ehRequest, ehRet, NULL, 0);
1086 * This internal method is used to create '/oic/sec/acl' resource.
1088 static OCStackResult CreateACLResource()
1092 ret = OCCreateResource(&gAclHandle,
1093 OIC_RSRC_TYPE_SEC_ACL,
1098 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
1100 if (OC_STACK_OK != ret)
1102 OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
1103 DeInitACLResource();
1108 // This function sets the default ACL and is defined for the unit test only.
1109 OCStackResult SetDefaultACL(OicSecAcl_t *acl)
1115 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
1117 OCStackResult ret = OC_STACK_ERROR;
1119 OicUuid_t ownerId = { .id = { 0 } };
1122 * TODO In future, when new virtual resources will be added in OIC
1123 * specification, Iotivity stack should be able to add them in
1124 * existing SVR database. To support this, we need to add 'versioning'
1125 * mechanism in SVR database.
1128 const char *rsrcs[] = {
1129 OC_RSRVD_WELL_KNOWN_URI,
1130 OC_RSRVD_DEVICE_URI,
1131 OC_RSRVD_PLATFORM_URI,
1132 OC_RSRVD_RESOURCE_TYPES_URI,
1133 #ifdef WITH_PRESENCE
1134 OC_RSRVD_PRESENCE_URI,
1135 #endif //WITH_PRESENCE
1143 return OC_STACK_INVALID_PARAM;
1146 OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
1147 VERIFY_NON_NULL(TAG, acl, ERROR);
1149 // Subject -- Mandatory
1150 memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
1152 // Resources -- Mandatory
1153 acl->resourcesLen = sizeof(rsrcs) / sizeof(rsrcs[0]);
1155 acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
1156 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
1158 for (size_t i = 0; i < acl->resourcesLen; i++)
1160 size_t len = strlen(rsrcs[i]) + 1;
1161 acl->resources[i] = (char*) OICMalloc(len * sizeof(char));
1162 VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
1163 OICStrcpy(acl->resources[i], len, rsrcs[i]);
1166 acl->permission = PERMISSION_READ;
1167 acl->prdRecrLen = 0;
1168 acl->periods = NULL;
1169 acl->recurrences = NULL;
1171 // Device ID is the owner of this default ACL
1172 if (GetDoxmResourceData() != NULL)
1174 ret = GetDoxmDeviceID(&ownerId);
1175 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
1179 OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
1180 VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
1183 acl->owners = (OicUuid_t*) OICMalloc(sizeof(OicUuid_t));
1184 VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
1185 memcpy(acl->owners, &ownerId, sizeof(OicUuid_t));
1194 if (ret != OC_STACK_OK)
1203 OCStackResult InitACLResource()
1205 OCStackResult ret = OC_STACK_ERROR;
1207 uint8_t *data = NULL;
1209 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
1210 // If database read failed
1211 if (ret != OC_STACK_OK)
1213 OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
1217 // Read ACL resource from PS
1218 gAcl = CBORPayloadToAcl(data, size);
1221 * If SVR database in persistent storage got corrupted or
1222 * is not available for some reason, a default ACL is created
1223 * which allows user to initiate ACL provisioning again.
1227 GetDefaultACL(&gAcl);
1228 // TODO Needs to update persistent storage
1230 VERIFY_NON_NULL(TAG, gAcl, FATAL);
1232 // Instantiate 'oic.sec.acl'
1233 ret = CreateACLResource();
1236 if (OC_STACK_OK != ret)
1238 DeInitACLResource();
1243 OCStackResult DeInitACLResource()
1245 OCStackResult ret = OCDeleteResource(gAclHandle);
1250 DeleteACLList(gAcl);
1256 const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
1258 OicSecAcl_t *acl = NULL;
1259 OicSecAcl_t *begin = NULL;
1261 if (NULL == subjectId)
1267 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
1270 if (NULL == *savePtr)
1277 * If this is a 'successive' call, search for location pointed by
1278 * savePtr and assign 'begin' to the next ACL after it in the linked
1279 * list and start searching from there.
1281 LL_FOREACH(gAcl, acl)
1283 if (acl == *savePtr)
1290 // Find the next ACL corresponding to the 'subjectID' and return it.
1291 LL_FOREACH(begin, acl)
1293 if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
1300 // Cleanup in case no ACL is found
1305 OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
1307 OCStackResult ret = OC_STACK_ERROR;
1309 // Convert CBOR format to ACL data. This will also validate the ACL data received.
1310 OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
1314 // Append the new ACL to existing ACL
1315 LL_APPEND(gAcl, newAcl);
1317 // Update persistent storage only if it is not WILDCARD_SUBJECT_ID
1318 if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
1319 || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
1326 uint8_t *payload = NULL;
1327 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1329 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
1342 * This function generates default ACL for security resource in case of owned status.
1344 * @return Default ACL for security resource.
1346 static OicSecAcl_t* GetSecDefaultACL()
1348 const char *sec_rsrcs[] = {
1352 OicUuid_t ownerId = {.id = {0}};
1353 OCStackResult res = OC_STACK_ERROR;
1354 OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
1355 VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
1357 // Subject -- Mandatory
1358 memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
1360 // Resources -- Mandatory
1361 newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
1362 newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
1363 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
1365 for (size_t i = 0; i < NUMBER_OF_DEFAULT_SEC_RSCS; i++)
1367 size_t len = strlen(sec_rsrcs[i]) + 1;
1368 newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
1369 VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
1370 OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
1373 // Permissions -- Mandatory
1374 newDefaultAcl->permission = PERMISSION_READ;
1376 //Period -- Not Mandatory
1377 newDefaultAcl->prdRecrLen = 0;
1378 newDefaultAcl->periods = NULL;
1380 //Recurrence -- Not Mandatory
1381 newDefaultAcl->recurrences = NULL;
1383 // Device ID is the owner of this default ACL
1384 res = GetDoxmDeviceID(&ownerId);
1385 VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
1387 // Owners -- Mandatory
1388 newDefaultAcl->ownersLen = 1;
1389 newDefaultAcl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
1390 VERIFY_NON_NULL(TAG, (newDefaultAcl->owners), ERROR);
1391 memcpy(newDefaultAcl->owners, &ownerId, sizeof(OicUuid_t));
1393 return newDefaultAcl;
1395 DeleteACLList(newDefaultAcl);
1400 OCStackResult UpdateDefaultSecProvACL()
1402 OCStackResult ret = OC_STACK_OK;
1403 OicSecAcl_t *acl = NULL;
1404 OicSecAcl_t *tmp = NULL;
1408 int matchedRsrc = 0;
1409 bool isRemoved = false;
1411 LL_FOREACH_SAFE(gAcl, acl, tmp)
1413 //Find default security resource ACL
1414 if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
1415 ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
1419 for(size_t i = 0; i < acl->resourcesLen; i++)
1421 if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
1422 strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
1423 strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
1424 strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
1425 strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
1426 strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
1427 strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
1428 strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
1434 //If default security resource ACL is detected, delete it.
1435 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
1437 LL_DELETE(gAcl, acl);
1447 * Generate new security resource ACL as follows :
1449 * resources : '/oic/sec/doxm', '/oic/sec/pstat'
1452 OicSecAcl_t *newDefaultAcl = GetSecDefaultACL();
1455 LL_APPEND(gAcl, newDefaultAcl);
1458 uint8_t *payload = NULL;
1459 if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
1461 if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)