1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
25 #include "oic_malloc.h"
26 #include "oic_string.h"
29 #include "resourcemanager.h"
30 #include "aclresource.h"
31 #include "psinterface.h"
33 #include "srmresourcestrings.h"
34 #include "doxmresource.h"
35 #include "srmutility.h"
36 #include "ocserverrequest.h"
46 OicSecAcl_t *gAcl = NULL;
47 static OCResourceHandle gAclHandle = NULL;
50 * This function frees OicSecAcl_t object's fields and object itself.
52 static void FreeACE(OicSecAcl_t *ace)
57 OC_LOG (ERROR, TAG, "Invalid Parameter");
62 for (i = 0; i < ace->resourcesLen; i++)
64 OICFree(ace->resources[i]);
66 OICFree(ace->resources);
71 for(i = 0; i < ace->prdRecrLen; i++)
73 OICFree(ace->periods[i]);
75 OICFree(ace->periods);
81 for(i = 0; i < ace->prdRecrLen; i++)
83 OICFree(ace->recurrences[i]);
85 OICFree(ace->recurrences);
91 // Clean ACL node itself
95 void DeleteACLList(OicSecAcl_t* acl)
99 OicSecAcl_t *aclTmp1 = NULL;
100 OicSecAcl_t *aclTmp2 = NULL;
101 LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
103 LL_DELETE(acl, aclTmp1);
110 * This internal method converts ACL data into JSON format.
112 * Note: Caller needs to invoke 'free' when finished done using
115 char * BinToAclJSON(const OicSecAcl_t * acl)
117 cJSON *jsonRoot = NULL;
118 char *jsonStr = NULL;
122 jsonRoot = cJSON_CreateObject();
123 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
125 cJSON *jsonAclArray = NULL;
126 cJSON_AddItemToObject (jsonRoot, OIC_JSON_ACL_NAME, jsonAclArray = cJSON_CreateArray());
127 VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
131 char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
134 B64Result b64Ret = B64_OK;
136 cJSON *jsonAcl = cJSON_CreateObject();
138 // Subject -- Mandatory
140 if (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0)
142 inLen = WILDCARD_SUBJECT_ID_LEN;
146 inLen = sizeof(OicUuid_t);
148 b64Ret = b64Encode(acl->subject.id, inLen, base64Buff,
149 sizeof(base64Buff), &outLen);
150 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
151 cJSON_AddStringToObject(jsonAcl, OIC_JSON_SUBJECT_NAME, base64Buff );
153 // Resources -- Mandatory
154 cJSON *jsonRsrcArray = NULL;
155 cJSON_AddItemToObject (jsonAcl, OIC_JSON_RESOURCES_NAME, jsonRsrcArray = cJSON_CreateArray());
156 VERIFY_NON_NULL(TAG, jsonRsrcArray, ERROR);
157 for (size_t i = 0; i < acl->resourcesLen; i++)
159 cJSON_AddItemToArray (jsonRsrcArray, cJSON_CreateString(acl->resources[i]));
162 // Permissions -- Mandatory
163 cJSON_AddNumberToObject (jsonAcl, OIC_JSON_PERMISSION_NAME, acl->permission);
165 //Period & Recurrence -- Not Mandatory
166 if(0 != acl->prdRecrLen)
168 cJSON *jsonPeriodArray = NULL;
169 cJSON_AddItemToObject (jsonAcl, OIC_JSON_PERIODS_NAME,
170 jsonPeriodArray = cJSON_CreateArray());
171 VERIFY_NON_NULL(TAG, jsonPeriodArray, ERROR);
172 for (size_t i = 0; i < acl->prdRecrLen; i++)
174 cJSON_AddItemToArray (jsonPeriodArray,
175 cJSON_CreateString(acl->periods[i]));
179 //Recurrence -- Not Mandatory
180 if(0 != acl->prdRecrLen && acl->recurrences)
182 cJSON *jsonRecurArray = NULL;
183 cJSON_AddItemToObject (jsonAcl, OIC_JSON_RECURRENCES_NAME,
184 jsonRecurArray = cJSON_CreateArray());
185 VERIFY_NON_NULL(TAG, jsonRecurArray, ERROR);
186 for (size_t i = 0; i < acl->prdRecrLen; i++)
188 cJSON_AddItemToArray (jsonRecurArray,
189 cJSON_CreateString(acl->recurrences[i]));
193 // Owners -- Mandatory
194 cJSON *jsonOwnrArray = NULL;
195 cJSON_AddItemToObject (jsonAcl, OIC_JSON_OWNERS_NAME, jsonOwnrArray = cJSON_CreateArray());
196 VERIFY_NON_NULL(TAG, jsonOwnrArray, ERROR);
197 for (size_t i = 0; i < acl->ownersLen; i++)
201 b64Ret = b64Encode(acl->owners[i].id, sizeof(((OicUuid_t*)0)->id), base64Buff,
202 sizeof(base64Buff), &outLen);
203 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
205 cJSON_AddItemToArray (jsonOwnrArray, cJSON_CreateString(base64Buff));
208 // Attach current acl node to Acl Array
209 cJSON_AddItemToArray(jsonAclArray, jsonAcl);
213 jsonStr = cJSON_PrintUnformatted(jsonRoot);
219 cJSON_Delete(jsonRoot);
225 * This internal method converts JSON ACL into binary ACL.
227 OicSecAcl_t * JSONToAclBin(const char * jsonStr)
229 OCStackResult ret = OC_STACK_ERROR;
230 OicSecAcl_t * headAcl = NULL;
231 OicSecAcl_t * prevAcl = NULL;
232 cJSON *jsonRoot = NULL;
233 cJSON *jsonAclArray = NULL;
235 VERIFY_NON_NULL(TAG, jsonStr, ERROR);
237 jsonRoot = cJSON_Parse(jsonStr);
238 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
240 jsonAclArray = cJSON_GetObjectItem(jsonRoot, OIC_JSON_ACL_NAME);
241 VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
243 if (cJSON_Array == jsonAclArray->type)
245 int numAcl = cJSON_GetArraySize(jsonAclArray);
248 VERIFY_SUCCESS(TAG, numAcl > 0, INFO);
251 cJSON *jsonAcl = cJSON_GetArrayItem(jsonAclArray, idx);
252 VERIFY_NON_NULL(TAG, jsonAcl, ERROR);
254 OicSecAcl_t *acl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
255 VERIFY_NON_NULL(TAG, acl, ERROR);
257 headAcl = (headAcl) ? headAcl : acl;
263 size_t jsonObjLen = 0;
264 cJSON *jsonObj = NULL;
266 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
268 B64Result b64Ret = B64_OK;
270 // Subject -- Mandatory
271 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_SUBJECT_NAME);
272 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
273 VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
275 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
276 sizeof(base64Buff), &outLen);
277 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->subject.id)), ERROR);
278 memcpy(acl->subject.id, base64Buff, outLen);
280 // Resources -- Mandatory
281 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_RESOURCES_NAME);
282 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
283 VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
285 acl->resourcesLen = cJSON_GetArraySize(jsonObj);
286 VERIFY_SUCCESS(TAG, acl->resourcesLen > 0, ERROR);
287 acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
288 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
293 cJSON *jsonRsrc = cJSON_GetArrayItem(jsonObj, idxx);
294 VERIFY_NON_NULL(TAG, jsonRsrc, ERROR);
296 jsonObjLen = strlen(jsonRsrc->valuestring) + 1;
297 acl->resources[idxx] = (char*)OICMalloc(jsonObjLen);
298 VERIFY_NON_NULL(TAG, (acl->resources[idxx]), ERROR);
299 OICStrcpy(acl->resources[idxx], jsonObjLen, jsonRsrc->valuestring);
300 } while ( ++idxx < acl->resourcesLen);
302 // Permissions -- Mandatory
303 jsonObj = cJSON_GetObjectItem(jsonAcl,
304 OIC_JSON_PERMISSION_NAME);
305 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
306 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
307 acl->permission = jsonObj->valueint;
309 //Period -- Not Mandatory
310 cJSON *jsonPeriodObj = cJSON_GetObjectItem(jsonAcl,
311 OIC_JSON_PERIODS_NAME);
314 VERIFY_SUCCESS(TAG, cJSON_Array == jsonPeriodObj->type,
316 acl->prdRecrLen = cJSON_GetArraySize(jsonPeriodObj);
317 if(acl->prdRecrLen > 0)
319 acl->periods = (char**)OICCalloc(acl->prdRecrLen,
321 VERIFY_NON_NULL(TAG, acl->periods, ERROR);
323 cJSON *jsonPeriod = NULL;
324 for(size_t i = 0; i < acl->prdRecrLen; i++)
326 jsonPeriod = cJSON_GetArrayItem(jsonPeriodObj, i);
327 VERIFY_NON_NULL(TAG, jsonPeriod, ERROR);
329 jsonObjLen = strlen(jsonPeriod->valuestring) + 1;
330 acl->periods[i] = (char*)OICMalloc(jsonObjLen);
331 VERIFY_NON_NULL(TAG, acl->periods[i], ERROR);
332 OICStrcpy(acl->periods[i], jsonObjLen,
333 jsonPeriod->valuestring);
338 //Recurrence -- Not mandatory
339 cJSON *jsonRecurObj = cJSON_GetObjectItem(jsonAcl,
340 OIC_JSON_RECURRENCES_NAME);
343 VERIFY_SUCCESS(TAG, cJSON_Array == jsonRecurObj->type,
346 if(acl->prdRecrLen > 0)
348 acl->recurrences = (char**)OICCalloc(acl->prdRecrLen,
350 VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
352 cJSON *jsonRecur = NULL;
353 for(size_t i = 0; i < acl->prdRecrLen; i++)
355 jsonRecur = cJSON_GetArrayItem(jsonRecurObj, i);
356 VERIFY_NON_NULL(TAG, jsonRecur, ERROR);
357 jsonObjLen = strlen(jsonRecur->valuestring) + 1;
358 acl->recurrences[i] = (char*)OICMalloc(jsonObjLen);
359 VERIFY_NON_NULL(TAG, acl->recurrences[i], ERROR);
360 OICStrcpy(acl->recurrences[i], jsonObjLen,
361 jsonRecur->valuestring);
366 // Owners -- Mandatory
367 jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_OWNERS_NAME);
368 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
369 VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
371 acl->ownersLen = cJSON_GetArraySize(jsonObj);
372 VERIFY_SUCCESS(TAG, acl->ownersLen > 0, ERROR);
373 acl->owners = (OicUuid_t*)OICCalloc(acl->ownersLen, sizeof(OicUuid_t));
374 VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
379 cJSON *jsonOwnr = cJSON_GetArrayItem(jsonObj, idxx);
380 VERIFY_NON_NULL(TAG, jsonOwnr, ERROR);
381 VERIFY_SUCCESS(TAG, cJSON_String == jsonOwnr->type, ERROR);
384 b64Ret = b64Decode(jsonOwnr->valuestring, strlen(jsonOwnr->valuestring), base64Buff,
385 sizeof(base64Buff), &outLen);
387 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->owners[idxx].id)),
389 memcpy(acl->owners[idxx].id, base64Buff, outLen);
390 } while ( ++idxx < acl->ownersLen);
393 } while( ++idx < numAcl);
399 cJSON_Delete(jsonRoot);
400 if (OC_STACK_OK != ret)
402 DeleteACLList(headAcl);
408 static bool UpdatePersistentStorage(const OicSecAcl_t *acl)
410 // Convert ACL data into JSON for update to persistent storage
411 char *jsonStr = BinToAclJSON(acl);
414 cJSON *jsonAcl = cJSON_Parse(jsonStr);
417 if ((jsonAcl) && (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_ACL_NAME, jsonAcl)))
421 cJSON_Delete(jsonAcl);
427 * This method removes ACE for the subject and resource from the ACL
429 * @param subject - subject of the ACE
430 * @param resource - resource of the ACE
433 * OC_STACK_RESOURCE_DELETED on success
434 * OC_STACK_NO_RESOURC on failure to find the appropriate ACE
435 * OC_STACK_INVALID_PARAM on invalid parameter
437 static OCStackResult RemoveACE(const OicUuid_t * subject,
438 const char * resource)
440 OC_LOG(DEBUG, TAG, "IN RemoveACE");
442 OicSecAcl_t *acl = NULL;
443 OicSecAcl_t *tempAcl = NULL;
444 bool deleteFlag = false;
445 OCStackResult ret = OC_STACK_NO_RESOURCE;
447 if(memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
449 OC_LOG_V (ERROR, TAG, "%s received invalid parameter", __func__ );
450 return OC_STACK_INVALID_PARAM;
453 //If resource is NULL then delete all the ACE for the subject.
454 if(NULL == resource || resource[0] == '\0')
456 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
458 if(memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
460 LL_DELETE(gAcl, acl);
468 //Looping through ACL to find the right ACE to delete. If the required resource is the only
469 //resource in the ACE for the subject then delete the whole ACE. If there are more resources
470 //than the required resource in the ACE, for the subject then just delete the resource from
472 LL_FOREACH_SAFE(gAcl, acl, tempAcl)
474 if(memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
476 if(1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
478 LL_DELETE(gAcl, acl);
487 for(i = 0; i < acl->resourcesLen; i++)
489 if(strcmp(acl->resources[i], resource) == 0)
497 OICFree(acl->resources[resPos]);
498 acl->resources[resPos] = NULL;
499 acl->resourcesLen -= 1;
500 for(i = resPos; i < acl->resourcesLen; i++)
502 acl->resources[i] = acl->resources[i+1];
514 if(UpdatePersistentStorage(gAcl))
516 ret = OC_STACK_RESOURCE_DELETED;
523 * This method parses the query string received for REST requests and
524 * retrieves the 'subject' field.
526 * @param query querystring passed in REST request
527 * @param subject subject UUID parsed from query string
529 * @return true if query parsed successfully and found 'subject', else false.
531 static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
533 OicParseQueryIter_t parseIter = {.attrPos=NULL};
535 ParseQueryIterInit((unsigned char *)query, &parseIter);
538 while(GetNextQuery(&parseIter))
540 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECT_NAME, parseIter.attrLen) == 0)
542 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
543 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
545 B64Result b64Ret = B64_OK;
546 b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, base64Buff,
547 sizeof(base64Buff), &outLen);
548 VERIFY_SUCCESS(TAG, (B64_OK == b64Ret && outLen <= sizeof(subject->id)), ERROR);
549 memcpy(subject->id, base64Buff, outLen);
560 * This method parses the query string received for REST requests and
561 * retrieves the 'resource' field.
563 * @param query querystring passed in REST request
564 * @param resource resource parsed from query string
565 * @param resourceSize size of the memory pointed to resource
567 * @return true if query parsed successfully and found 'resource', else false.
569 static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
571 OicParseQueryIter_t parseIter = {.attrPos=NULL};
573 ParseQueryIterInit((unsigned char *)query, &parseIter);
575 while(GetNextQuery(&parseIter))
577 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen) == 0)
579 VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
580 OICStrcpy(resource, resourceSize, (char *)parseIter.valPos);
592 static OCEntityHandlerResult HandleACLGetRequest (const OCEntityHandlerRequest * ehRequest)
594 OCEntityHandlerResult ehRet = OC_EH_ERROR;
595 char* jsonStr = NULL;
597 // Process the REST querystring parameters
600 OC_LOG (DEBUG, TAG, "HandleACLGetRequest processing query");
602 OicUuid_t subject = {.id={0}};
603 char resource[MAX_URI_LENGTH] = {0};
605 OicSecAcl_t *savePtr = NULL;
606 const OicSecAcl_t *currentAce = NULL;
608 // 'Subject' field is MUST for processing a querystring in REST request.
610 true == GetSubjectFromQueryString(ehRequest->query, &subject),
613 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
616 * TODO : Currently, this code only provides one ACE for a Subject.
617 * Below code needs to be updated for scenarios when Subject have
618 * multiple ACE's in ACL resource.
620 while((currentAce = GetACLResourceData(&subject, &savePtr)))
623 * If REST querystring contains a specific resource, we need
624 * to search for that resource in ACE.
626 if (resource[0] != '\0')
628 for(size_t n = 0; n < currentAce->resourcesLen; n++)
630 if((currentAce->resources[n]) &&
631 (0 == strcmp(resource, currentAce->resources[n]) ||
632 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
634 // Convert ACL data into JSON for transmission
635 jsonStr = BinToAclJSON(currentAce);
642 // Convert ACL data into JSON for transmission
643 jsonStr = BinToAclJSON(currentAce);
650 // Convert ACL data into JSON for transmission
651 jsonStr = BinToAclJSON(gAcl);
655 ehRet = (jsonStr ? OC_EH_OK : OC_EH_ERROR);
657 // Send response payload to request originator
658 SendSRMResponse(ehRequest, ehRet, jsonStr);
662 OC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
666 static OCEntityHandlerResult HandleACLPostRequest (const OCEntityHandlerRequest * ehRequest)
668 OCEntityHandlerResult ehRet = OC_EH_ERROR;
670 // Convert JSON ACL data into binary. This will also validate the ACL data received.
671 OicSecAcl_t* newAcl = JSONToAclBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
675 // Append the new ACL to existing ACL
676 LL_APPEND(gAcl, newAcl);
678 if(UpdatePersistentStorage(gAcl))
680 ehRet = OC_EH_RESOURCE_CREATED;
684 // Send payload to request originator
685 SendSRMResponse(ehRequest, ehRet, NULL);
687 OC_LOG_V (DEBUG, TAG, "%s RetVal %d", __func__ , ehRet);
691 static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
693 OC_LOG (DEBUG, TAG, "Processing ACLDeleteRequest");
694 OCEntityHandlerResult ehRet = OC_EH_ERROR;
695 OicUuid_t subject = {.id={0}};
696 char resource[MAX_URI_LENGTH] = {0};
698 VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
700 // 'Subject' field is MUST for processing a querystring in REST request.
702 true == GetSubjectFromQueryString(ehRequest->query, &subject),
705 GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
707 if(OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
709 ehRet = OC_EH_RESOURCE_DELETED;
713 // Send payload to request originator
714 SendSRMResponse(ehRequest, ehRet, NULL);
720 * This internal method is the entity handler for ACL resources and
721 * will handle REST request (GET/PUT/POST/DEL) for them.
723 OCEntityHandlerResult ACLEntityHandler (OCEntityHandlerFlag flag,
724 OCEntityHandlerRequest * ehRequest,
725 void* callbackParameter)
727 OC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
728 (void)callbackParameter;
729 OCEntityHandlerResult ehRet = OC_EH_ERROR;
736 if (flag & OC_REQUEST_FLAG)
738 // TODO : Handle PUT method
739 OC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
740 switch (ehRequest->method)
743 ehRet = HandleACLGetRequest(ehRequest);
747 ehRet = HandleACLPostRequest(ehRequest);
751 ehRet = HandleACLDeleteRequest(ehRequest);
756 SendSRMResponse(ehRequest, ehRet, NULL);
764 * This internal method is used to create '/oic/sec/acl' resource.
766 OCStackResult CreateACLResource()
770 ret = OCCreateResource(&gAclHandle,
771 OIC_RSRC_TYPE_SEC_ACL,
776 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
778 if (OC_STACK_OK != ret)
780 OC_LOG (FATAL, TAG, "Unable to instantiate ACL resource");
787 * This internal method is to retrieve the default ACL.
788 * If SVR database in persistent storage got corrupted or
789 * is not available for some reason, a default ACL is created
790 * which allows user to initiate ACL provisioning again.
792 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
794 OCStackResult ret = OC_STACK_ERROR;
796 OicUuid_t ownerId = {.id = {0}};
799 * TODO In future, when new virtual resources will be added in OIC
800 * specification, Iotivity stack should be able to add them in
801 * existing SVR database. To support this, we need to add 'versioning'
802 * mechanism in SVR database.
805 const char *rsrcs[] = {
806 OC_RSRVD_WELL_KNOWN_URI,
808 OC_RSRVD_PLATFORM_URI,
809 OC_RSRVD_RESOURCE_TYPES_URI,
811 OC_RSRVD_PRESENCE_URI,
812 #endif //WITH_PRESENCE
820 return OC_STACK_INVALID_PARAM;
823 OicSecAcl_t *acl = (OicSecAcl_t *)OICCalloc(1, sizeof(OicSecAcl_t));
824 VERIFY_NON_NULL(TAG, acl, ERROR);
826 // Subject -- Mandatory
827 memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
829 // Resources -- Mandatory
830 acl->resourcesLen = sizeof(rsrcs)/sizeof(rsrcs[0]);
832 acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
833 VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
835 for (size_t i = 0; i < acl->resourcesLen; i++)
837 size_t len = strlen(rsrcs[i]) + 1;
838 acl->resources[i] = (char*)OICMalloc(len * sizeof(char));
839 VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
840 OICStrcpy(acl->resources[i], len, rsrcs[i]);
843 acl->permission = PERMISSION_READ;
846 acl->recurrences = NULL;
848 // Device ID is the owner of this default ACL
849 ret = GetDoxmDeviceID( &ownerId);
850 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
853 acl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
854 VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
855 memcpy(acl->owners, &ownerId, sizeof(OicUuid_t));
864 if (ret != OC_STACK_OK)
874 * Initialize ACL resource by loading data from persistent storage.
876 * @retval OC_STACK_OK for Success, otherwise some error value
878 OCStackResult InitACLResource()
880 OCStackResult ret = OC_STACK_ERROR;
882 // Read ACL resource from PS
883 char* jsonSVRDatabase = GetSVRDatabase();
887 // Convert JSON ACL into binary format
888 gAcl = JSONToAclBin(jsonSVRDatabase);
889 OICFree(jsonSVRDatabase);
892 * If SVR database in persistent storage got corrupted or
893 * is not available for some reason, a default ACL is created
894 * which allows user to initiate ACL provisioning again.
896 if (!jsonSVRDatabase || !gAcl)
898 GetDefaultACL(&gAcl);
899 // TODO Needs to update persistent storage
901 VERIFY_NON_NULL(TAG, gAcl, FATAL);
903 // Instantiate 'oic.sec.acl'
904 ret = CreateACLResource();
907 if (OC_STACK_OK != ret)
915 * Perform cleanup for ACL resources.
919 void DeInitACLResource()
921 OCDeleteResource(gAclHandle);
929 * This method is used by PolicyEngine to retrieve ACL for a Subject.
931 * @param subjectId ID of the subject for which ACL is required.
932 * @param savePtr is used internally by @ref GetACLResourceData to maintain index between
933 * successive calls for same subjectId.
935 * @retval reference to @ref OicSecAcl_t if ACL is found, else NULL
937 * @note On the first call to @ref GetACLResourceData, savePtr should point to NULL
939 const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
941 OicSecAcl_t *acl = NULL;
942 OicSecAcl_t *begin = NULL;
944 if ( NULL == subjectId)
950 * savePtr MUST point to NULL if this is the 'first' call to retrieve ACL for
953 if (NULL == *savePtr)
960 * If this is a 'successive' call, search for location pointed by
961 * savePtr and assign 'begin' to the next ACL after it in the linked
962 * list and start searching from there.
964 LL_FOREACH(gAcl, acl)
973 // Find the next ACL corresponding to the 'subjectID' and return it.
974 LL_FOREACH(begin, acl)
976 if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
983 // Cleanup in case no ACL is found
989 OCStackResult InstallNewACL(const char* newJsonStr)
991 OCStackResult ret = OC_STACK_ERROR;
993 // Convert JSON ACL data into binary. This will also validate the ACL data received.
994 OicSecAcl_t* newAcl = JSONToAclBin(newJsonStr);
998 // Append the new ACL to existing ACL
999 LL_APPEND(gAcl, newAcl);
1001 // Convert ACL data into JSON for update to persistent storage
1002 char *jsonStr = BinToAclJSON(gAcl);
1005 cJSON *jsonAcl = cJSON_Parse(jsonStr);
1010 ret = UpdateSVRDatabase(OIC_JSON_ACL_NAME, jsonAcl);
1012 cJSON_Delete(jsonAcl);