1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #define __STDC_LIMIT_MACROS
23 #include "iotivity_config.h"
34 #include "cainterface.h"
35 #include "payload_logging.h"
39 #include "ocserverrequest.h"
40 #include "oic_malloc.h"
41 #include "oic_string.h"
42 #include "ocpayload.h"
43 #include "ocpayloadcbor.h"
45 #include "credresource.h"
46 #include "doxmresource.h"
47 #include "pstatresource.h"
48 #include "iotvticalendar.h"
50 #include "resourcemanager.h"
51 #include "srmresourcestrings.h"
52 #include "srmutility.h"
53 #include "psinterface.h"
54 #include "pinoxmcommon.h"
57 #include <sys/types.h>
67 #define TAG "OIC_SRM_CREDL"
69 /** Max credential types number used for TLS */
71 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
72 * The value of payload size is increased until reaching belox max cbor size. */
73 static const uint16_t CBOR_SIZE = 2048;
75 /** Max cbor size payload. */
76 static const uint16_t CBOR_MAX_SIZE = 4400;
78 /** CRED size - Number of mandatory items. */
79 static const uint8_t CRED_ROOT_MAP_SIZE = 4;
80 static const uint8_t CRED_MAP_SIZE = 3;
83 static OicSecCred_t *gCred = NULL;
84 static OCResourceHandle gCredHandle = NULL;
86 typedef enum CredCompareResult{
88 CRED_CMP_NOT_EQUAL = 1,
93 * Internal function to check credential
95 static bool IsVaildCredential(const OicSecCred_t* cred)
97 OicUuid_t emptyUuid = {.id={0}};
100 OIC_LOG(DEBUG, TAG, "IN IsVaildCredential");
102 VERIFY_NON_NULL(TAG, cred, ERROR);
103 VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR);
104 OIC_LOG_V(DEBUG, TAG, "Cred ID = %d", cred->credId);
106 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
107 OIC_LOG_V(DEBUG, TAG, "Cred Type = %d", cred->credType);
109 switch(cred->credType)
111 case SYMMETRIC_PAIR_WISE_KEY:
112 case SYMMETRIC_GROUP_KEY:
115 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
116 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
117 VERIFY_SUCCESS(TAG, \
118 (OIC_ENCODING_RAW == cred->privateData.encoding || \
119 OIC_ENCODING_BASE64 == cred->privateData.encoding), \
125 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
126 VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR);
129 case SIGNED_ASYMMETRIC_KEY:
131 VERIFY_SUCCESS(TAG, (NULL != cred->publicData.data ||NULL != cred->optionalData.data) , ERROR);
132 VERIFY_SUCCESS(TAG, (0 != cred->publicData.len || 0 != cred->optionalData.len), ERROR);
134 if(NULL != cred->optionalData.data)
136 VERIFY_SUCCESS(TAG, \
137 (OIC_ENCODING_RAW == cred->optionalData.encoding ||\
138 OIC_ENCODING_BASE64 == cred->optionalData.encoding || \
139 OIC_ENCODING_PEM == cred->optionalData.encoding || \
140 OIC_ENCODING_DER == cred->optionalData.encoding), \
145 case ASYMMETRIC_ENCRYPTION_KEY:
147 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
148 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
149 VERIFY_SUCCESS(TAG, \
150 (OIC_ENCODING_RAW == cred->privateData.encoding ||\
151 OIC_ENCODING_BASE64 == cred->privateData.encoding || \
152 OIC_ENCODING_PEM == cred->privateData.encoding || \
153 OIC_ENCODING_DER == cred->privateData.encoding), \
159 OIC_LOG(WARNING, TAG, "Unknown credential type");
165 VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR);
167 OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential");
170 OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected.");
174 static bool IsEmptyCred(const OicSecCred_t* cred)
176 OicUuid_t emptyUuid = {.id={0}};
178 VERIFY_SUCCESS(TAG, (0 == memcmp(cred->subject.id, emptyUuid.id, sizeof(emptyUuid))), ERROR);
179 VERIFY_SUCCESS(TAG, (0 == cred->credId), ERROR);
180 VERIFY_SUCCESS(TAG, (0 == cred->credType), ERROR);
181 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
182 VERIFY_SUCCESS(TAG, (NULL == cred->privateData.data), ERROR);
183 VERIFY_SUCCESS(TAG, (NULL == cred->publicData.data), ERROR);
184 VERIFY_SUCCESS(TAG, (NULL == cred->optionalData.data), ERROR);
185 VERIFY_SUCCESS(TAG, (NULL == cred->credUsage), ERROR);
193 * This function frees OicSecCred_t object's fields and object itself.
195 static void FreeCred(OicSecCred_t *cred)
199 OIC_LOG(ERROR, TAG, "Invalid Parameter");
202 //Note: Need further clarification on roleID data type
205 OICFree(cred->roleIds);
208 //Clean PublicData/OptionalData/Credusage
209 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
210 // TODO: Need to check credUsage.
211 OICFree(cred->publicData.data);
212 OICFree(cred->optionalData.data);
213 OICFree(cred->credUsage);
215 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
218 OICClearMemory(cred->privateData.data, cred->privateData.len);
219 OICFree(cred->privateData.data);
222 OICFree(cred->period);
224 #ifdef _ENABLE_MULTIPLE_OWNER_
226 OICFree(cred->eownerID);
229 //Clean Cred node itself
233 void DeleteCredList(OicSecCred_t* cred)
237 OicSecCred_t *credTmp1 = NULL, *credTmp2 = NULL;
238 LL_FOREACH_SAFE(cred, credTmp1, credTmp2)
240 LL_DELETE(cred, credTmp1);
246 size_t GetCredKeyDataSize(const OicSecCred_t* cred)
251 OicSecCred_t *credPtr = NULL, *credTmp = NULL;
252 LL_FOREACH_SAFE((OicSecCred_t*)cred, credPtr, credTmp)
254 if (credPtr->privateData.data && 0 < credPtr->privateData.len)
256 size += credPtr->privateData.len;
258 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
259 if (credPtr->publicData.data && 0 < credPtr->publicData.len)
261 size += credPtr->publicData.len;
263 if (credPtr->optionalData.data && 0 < credPtr->optionalData.len)
265 size += credPtr->optionalData.len;
270 OIC_LOG_V(DEBUG, TAG, "Cred Key Data Size : %zd\n", size);
274 static size_t OicSecCredCount(const OicSecCred_t *secCred)
277 for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
284 OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
285 size_t *cborSize, int secureFlag)
287 if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
289 return OC_STACK_INVALID_PARAM;
292 OCStackResult ret = OC_STACK_ERROR;
294 CborError cborEncoderResult = CborNoError;
295 uint8_t *outPayload = NULL;
296 size_t cborLen = *cborSize;
299 const OicSecCred_t *cred = credS;
301 CborEncoder credArray;
302 CborEncoder credRootMap;
309 outPayload = (uint8_t *)OICCalloc(1, cborLen);
310 VERIFY_NON_NULL(TAG, outPayload, ERROR);
311 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
313 // Create CRED Root Map (creds, rownerid)
314 cborEncoderResult = cbor_encoder_create_map(&encoder, &credRootMap, CRED_ROOT_MAP_SIZE);
315 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Root Map");
318 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_CREDS_NAME,
319 strlen(OIC_JSON_CREDS_NAME));
320 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding creds Name Tag.");
323 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &credArray, OicSecCredCount(cred));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Array.");
329 size_t mapSize = CRED_MAP_SIZE;
336 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
337 #ifdef _ENABLE_MULTIPLE_OWNER_
342 #endif //_ENABLE_MULTIPLE_OWNER_
344 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
348 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
356 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
357 if (!secureFlag && cred->privateData.data)
361 cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
362 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
364 //CredID -- Mandatory
365 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
366 strlen(OIC_JSON_CREDID_NAME));
367 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
368 cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
369 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
371 //Subject -- Mandatory
372 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME,
373 strlen(OIC_JSON_SUBJECTID_NAME));
374 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
375 inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ?
376 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
377 if(inLen == WILDCARD_SUBJECT_ID_LEN)
379 cborEncoderResult = cbor_encode_text_string(&credMap, WILDCARD_RESOURCE_URI,
380 strlen(WILDCARD_RESOURCE_URI));
381 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
385 char *subject = NULL;
386 ret = ConvertUuidToStr(&cred->subject, &subject);
387 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
388 cborEncoderResult = cbor_encode_text_string(&credMap, subject, strlen(subject));
389 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
393 //CredType -- Mandatory
394 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
395 strlen(OIC_JSON_CREDTYPE_NAME));
396 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
397 cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
398 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
400 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
401 //PublicData -- Not Mandatory
402 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
404 CborEncoder publicMap;
405 const size_t publicMapSize = 2;
407 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME,
408 strlen(OIC_JSON_PUBLICDATA_NAME));
409 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag.");
411 cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize);
412 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map");
414 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME,
415 strlen(OIC_JSON_DATA_NAME));
416 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag.");
417 cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data,
418 cred->publicData.len);
419 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value.");
421 // TODO: Need to data strucure modification for OicSecCert_t.
422 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME,
423 strlen(OIC_JSON_ENCODING_NAME));
424 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag.");
425 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_DER,
426 strlen(OIC_SEC_ENCODING_DER));
427 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value.");
429 cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap);
430 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map.");
432 //OptionalData -- Not Mandatory
433 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
435 CborEncoder optionalMap;
436 const size_t optionalMapSize = 2;
438 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME,
439 strlen(OIC_JSON_OPTDATA_NAME));
440 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag.");
442 cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize);
443 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map");
445 // TODO: Need to data strucure modification for OicSecCert_t.
446 if(OIC_ENCODING_RAW == cred->optionalData.encoding)
448 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
449 strlen(OIC_JSON_ENCODING_NAME));
450 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
451 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW,
452 strlen(OIC_SEC_ENCODING_RAW));
453 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
455 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
456 strlen(OIC_JSON_DATA_NAME));
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
458 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
459 cred->optionalData.len);
460 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
462 else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding)
464 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
465 strlen(OIC_JSON_ENCODING_NAME));
466 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
467 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64,
468 strlen(OIC_SEC_ENCODING_BASE64));
469 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
471 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
472 strlen(OIC_JSON_DATA_NAME));
473 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
474 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
475 cred->optionalData.len);
476 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
478 else if(OIC_ENCODING_PEM == cred->optionalData.encoding)
480 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
481 strlen(OIC_JSON_ENCODING_NAME));
482 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
483 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM,
484 strlen(OIC_SEC_ENCODING_PEM));
485 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
487 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
488 strlen(OIC_JSON_DATA_NAME));
489 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
490 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
491 cred->optionalData.len);
492 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
494 else if(OIC_ENCODING_DER == cred->optionalData.encoding)
496 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
497 strlen(OIC_JSON_ENCODING_NAME));
498 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
499 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER,
500 strlen(OIC_SEC_ENCODING_DER));
501 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
503 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
504 strlen(OIC_JSON_DATA_NAME));
505 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
506 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
507 cred->optionalData.len);
508 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
512 OIC_LOG(ERROR, TAG, "Unknown encoding type for optional data.");
513 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value.");
516 cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap);
517 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map.");
519 //CredUsage -- Not Mandatory
522 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDUSAGE_NAME,
523 strlen(OIC_JSON_CREDUSAGE_NAME));
524 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Tag.");
525 cborEncoderResult = cbor_encode_text_string(&credMap, cred->credUsage,
526 strlen(cred->credUsage));
527 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Value.");
529 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
530 //PrivateData -- Not Mandatory
531 if(!secureFlag && cred->privateData.data)
533 CborEncoder privateMap;
534 const size_t privateMapSize = 2;
536 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME,
537 strlen(OIC_JSON_PRIVATEDATA_NAME));
538 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag.");
540 cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize);
541 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map");
543 // TODO: Need to data strucure modification for OicSecKey_t.
544 // TODO: Added as workaround, will be replaced soon.
545 if(OIC_ENCODING_RAW == cred->privateData.encoding)
547 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
548 strlen(OIC_JSON_ENCODING_NAME));
549 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
550 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW,
551 strlen(OIC_SEC_ENCODING_RAW));
552 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
554 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
555 strlen(OIC_JSON_DATA_NAME));
556 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
557 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
558 cred->privateData.len);
559 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
561 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
563 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
564 strlen(OIC_JSON_ENCODING_NAME));
565 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
566 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64,
567 strlen(OIC_SEC_ENCODING_BASE64));
568 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
570 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
571 strlen(OIC_JSON_DATA_NAME));
572 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
573 cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data),
574 cred->privateData.len);
575 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
577 else if(OIC_ENCODING_DER == cred->privateData.encoding)
579 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
580 strlen(OIC_JSON_ENCODING_NAME));
581 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
582 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_DER,
583 strlen(OIC_SEC_ENCODING_DER));
584 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
586 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
587 strlen(OIC_JSON_DATA_NAME));
588 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
589 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
590 cred->privateData.len);
591 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
595 OIC_LOG(ERROR, TAG, "Unknown encoding type for private data.");
596 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value.");
599 cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap);
600 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map.");
603 //Period -- Not Mandatory
606 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
607 strlen(OIC_JSON_PERIOD_NAME));
608 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
609 cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
610 strlen(cred->period));
611 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
614 #ifdef _ENABLE_MULTIPLE_OWNER_
615 // Eownerid -- Not Mandatory
619 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_EOWNERID_NAME,
620 strlen(OIC_JSON_EOWNERID_NAME));
621 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
622 ret = ConvertUuidToStr(cred->eownerID, &eowner);
623 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
624 cborEncoderResult = cbor_encode_text_string(&credMap, eowner, strlen(eowner));
625 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
628 #endif //_ENABLE_MULTIPLE_OWNER_
630 cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
631 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
635 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
636 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
643 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_ROWNERID_NAME,
644 strlen(OIC_JSON_ROWNERID_NAME));
645 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
646 ret = ConvertUuidToStr(&cred->rownerID, &rowner);
647 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
648 cborEncoderResult = cbor_encode_text_string(&credRootMap, rowner, strlen(rowner));
649 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
655 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_RT_NAME,
656 strlen(OIC_JSON_RT_NAME));
657 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
658 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &rtArray, 1);
659 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
660 for (size_t i = 0; i < 1; i++)
662 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_CRED,
663 strlen(OIC_RSRC_TYPE_SEC_CRED));
664 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
666 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &rtArray);
667 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
671 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_IF_NAME,
672 strlen(OIC_JSON_IF_NAME));
673 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
674 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &ifArray, 1);
675 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
676 for (size_t i = 0; i < 1; i++)
678 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
679 strlen(OC_RSRVD_INTERFACE_DEFAULT));
680 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
682 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &ifArray);
683 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
686 // Close CRED Root Map
687 cborEncoderResult = cbor_encoder_close_container(&encoder, &credRootMap);
688 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing CRED Root Map.");
690 if (CborNoError == cborEncoderResult)
692 OIC_LOG(DEBUG, TAG, "CredToCBORPayload Successed");
693 *cborPayload = outPayload;
694 *cborSize = cbor_encoder_get_buffer_size(&encoder, outPayload);
697 OIC_LOG(DEBUG, TAG, "CredToCBORPayload OUT");
699 if (CborErrorOutOfMemory == cborEncoderResult)
701 OIC_LOG(DEBUG, TAG, "CredToCBORPayload:CborErrorOutOfMemory : retry with more memory");
702 // reallocate and try again!
704 // Since the allocated initial memory failed, double the memory.
705 cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
706 cborEncoderResult = CborNoError;
707 ret = CredToCBORPayload(credS, cborPayload, &cborLen, secureFlag);
711 if (CborNoError != cborEncoderResult)
713 OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
718 ret = OC_STACK_ERROR;
724 OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
725 OicSecCred_t **secCred)
727 if (NULL == cborPayload || NULL == secCred || NULL != *secCred || 0 == size)
729 return OC_STACK_INVALID_PARAM;
732 OCStackResult ret = OC_STACK_ERROR;
733 CborValue credCbor = { .parser = NULL };
734 CborParser parser = { .end = NULL };
735 CborError cborFindResult = CborNoError;
736 cbor_parser_init(cborPayload, size, 0, &parser, &credCbor);
738 OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
740 // Enter CRED Root Map
741 CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
742 cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
743 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
745 while (cbor_value_is_valid(&CredRootMap))
747 char* tagName = NULL;
749 CborType type = cbor_value_get_type(&CredRootMap);
750 if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
752 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
753 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
754 cborFindResult = cbor_value_advance(&CredRootMap);
755 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Root Map.");
759 if (strcmp(tagName, OIC_JSON_CREDS_NAME) == 0)
764 CborValue credArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
765 cborFindResult = cbor_value_enter_container(&CredRootMap, &credArray);
766 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
768 while (cbor_value_is_valid(&credArray))
771 //CredId -- Mandatory
772 CborValue credMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
773 cborFindResult = cbor_value_enter_container(&credArray, &credMap);
774 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
775 OicSecCred_t *cred = NULL;
783 cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
784 OicSecCred_t *temp = headCred;
792 VERIFY_NON_NULL(TAG, cred, ERROR);
794 while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
797 CborType type = cbor_value_get_type(&credMap);
798 if (type == CborTextStringType)
800 cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
801 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Map.");
802 cborFindResult = cbor_value_advance(&credMap);
803 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Map.");
808 if (strcmp(name, OIC_JSON_CREDID_NAME) == 0)
811 cborFindResult = cbor_value_get_uint64(&credMap, &credId);
812 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredId.");
813 cred->credId = (uint16_t)credId;
816 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
818 char *subjectid = NULL;
819 cborFindResult = cbor_value_dup_text_string(&credMap, &subjectid, &len, NULL);
820 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subjectid Value.");
821 if(strcmp(subjectid, WILDCARD_RESOURCE_URI) == 0)
823 cred->subject.id[0] = '*';
827 ret = ConvertStrToUuid(subjectid, &cred->subject);
828 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
833 if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0)
835 uint64_t credType = 0;
836 cborFindResult = cbor_value_get_uint64(&credMap, &credType);
837 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType.");
838 cred->credType = (OicSecCredType_t)credType;
841 if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0)
843 CborValue privateMap = { .parser = NULL };
844 cborFindResult = cbor_value_enter_container(&credMap, &privateMap);
846 while (cbor_value_is_valid(&privateMap))
848 char* privname = NULL;
849 CborType type = cbor_value_get_type(&privateMap);
850 if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
852 cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
854 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
855 cborFindResult = cbor_value_advance(&privateMap);
856 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
860 // PrivateData::privdata -- Mandatory
861 if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
863 if(cbor_value_is_byte_string(&privateMap))
865 cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
866 &cred->privateData.len, NULL);
868 else if(cbor_value_is_text_string(&privateMap))
870 cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data),
871 &cred->privateData.len, NULL);
875 cborFindResult = CborErrorUnknownType;
876 OIC_LOG(ERROR, TAG, "Unknown type for private data.");
878 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData.");
881 // PrivateData::encoding -- Mandatory
882 if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0)
884 // TODO: Added as workaround. Will be replaced soon.
885 char* strEncoding = NULL;
886 cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL);
887 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
889 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
891 cred->privateData.encoding = OIC_ENCODING_RAW;
893 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
895 cred->privateData.encoding = OIC_ENCODING_BASE64;
900 cred->privateData.encoding = OIC_ENCODING_RAW;
901 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for private data.");
904 OICFree(strEncoding);
907 if (cbor_value_is_valid(&privateMap))
909 cborFindResult = cbor_value_advance(&privateMap);
910 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map.");
916 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
917 //PublicData -- Not Mandatory
918 if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0)
920 CborValue pubMap = { .parser = NULL };
921 cborFindResult = cbor_value_enter_container(&credMap, &pubMap);
923 while (cbor_value_is_valid(&pubMap))
925 char* pubname = NULL;
926 CborType type = cbor_value_get_type(&pubMap);
927 if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
929 cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
931 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
932 cborFindResult = cbor_value_advance(&pubMap);
933 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
937 // PrivateData::privdata -- Mandatory
938 if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
940 cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
941 &cred->publicData.len, NULL);
942 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData.");
944 // PublicData::encoding -- Mandatory
945 if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0)
947 // TODO: Need to update data structure, just ignore encoding value now.
950 if (cbor_value_is_valid(&pubMap))
952 cborFindResult = cbor_value_advance(&pubMap);
953 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map.");
958 //OptionalData -- Not Mandatory
959 if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0)
961 CborValue optMap = { .parser = NULL };
962 cborFindResult = cbor_value_enter_container(&credMap, &optMap);
964 while (cbor_value_is_valid(&optMap))
966 char* optname = NULL;
967 CborType type = cbor_value_get_type(&optMap);
968 if (type == CborTextStringType && cbor_value_is_text_string(&optMap))
970 cborFindResult = cbor_value_dup_text_string(&optMap, &optname,
972 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
973 cborFindResult = cbor_value_advance(&optMap);
974 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
978 // OptionalData::optdata -- Mandatory
979 if (strcmp(optname, OIC_JSON_DATA_NAME) == 0)
981 if(cbor_value_is_byte_string(&optMap))
983 cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data,
984 &cred->optionalData.len, NULL);
986 else if(cbor_value_is_text_string(&optMap))
988 cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data),
989 &cred->optionalData.len, NULL);
993 cborFindResult = CborErrorUnknownType;
994 OIC_LOG(ERROR, TAG, "Unknown type for optional data.");
996 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData.");
998 // OptionalData::encoding -- Mandatory
999 if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0)
1001 // TODO: Added as workaround. Will be replaced soon.
1002 char* strEncoding = NULL;
1003 cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL);
1004 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
1006 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
1008 OIC_LOG(INFO,TAG,"cbor_value_is_byte_string");
1009 cred->optionalData.encoding = OIC_ENCODING_RAW;
1011 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
1013 cred->optionalData.encoding = OIC_ENCODING_BASE64;
1015 else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0)
1017 cred->optionalData.encoding = OIC_ENCODING_PEM;
1019 else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0)
1021 cred->optionalData.encoding = OIC_ENCODING_DER;
1026 cred->optionalData.encoding = OIC_ENCODING_RAW;
1027 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for optional data.");
1029 OICFree(strEncoding);
1032 if (cbor_value_is_valid(&optMap))
1034 cborFindResult = cbor_value_advance(&optMap);
1035 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map.");
1040 //Credusage -- Not Mandatory
1041 if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name))
1043 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->credUsage, &len, NULL);
1044 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1046 #endif //__WITH_DTLS__ || __WITH_TLS__
1048 if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
1050 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->period, &len, NULL);
1051 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1054 #ifdef _ENABLE_MULTIPLE_OWNER_
1055 // Eowner uuid -- Not Mandatory
1056 if (strcmp(OIC_JSON_EOWNERID_NAME, name) == 0 && cbor_value_is_text_string(&credMap))
1058 char *eowner = NULL;
1059 cborFindResult = cbor_value_dup_text_string(&credMap, &eowner, &len, NULL);
1060 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1061 if(NULL == cred->eownerID)
1063 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1064 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1066 ret = ConvertStrToUuid(eowner, cred->eownerID);
1068 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1070 #endif //_ENABLE_MULTIPLE_OWNER_
1072 if (cbor_value_is_valid(&credMap))
1074 cborFindResult = cbor_value_advance(&credMap);
1075 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Map.");
1081 if (cbor_value_is_valid(&credArray))
1083 cborFindResult = cbor_value_advance(&credArray);
1084 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Array.");
1089 //ROwner -- Mandatory
1090 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
1092 char *stRowner = NULL;
1093 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
1094 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1096 ret = ConvertStrToUuid(stRowner, &headCred->rownerID);
1097 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1100 else if (NULL != gCred)
1102 memcpy(&(headCred->rownerID), &(gCred->rownerID), sizeof(OicUuid_t));
1106 if (cbor_value_is_valid(&CredRootMap))
1108 cborFindResult = cbor_value_advance(&CredRootMap);
1109 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Root Map.");
1113 *secCred = headCred;
1117 if (CborNoError != cborFindResult)
1119 DeleteCredList(headCred);
1122 ret = OC_STACK_ERROR;
1128 #ifdef _ENABLE_MULTIPLE_OWNER_
1129 bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size)
1131 OicSecCred_t* cred = NULL;
1132 bool isValidCred = false;
1134 OIC_LOG_BUFFER(DEBUG, TAG, cborPayload, size);
1136 VERIFY_NON_NULL(TAG, uuid, ERROR);
1137 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1138 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1139 VERIFY_SUCCESS(TAG, OC_STACK_OK == CBORPayloadToCred(cborPayload, size, &cred), ERROR);
1140 VERIFY_NON_NULL(TAG, cred, ERROR);
1141 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1142 VERIFY_SUCCESS(TAG, (memcmp(cred->eownerID->id, uuid->id, sizeof(uuid->id)) == 0), ERROR);
1147 DeleteCredList(cred);
1152 #endif //_ENABLE_MULTIPLE_OWNER_
1154 OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
1155 const OicSecCert_t * publicData, const OicSecKey_t* privateData,
1156 const OicUuid_t * rownerID, const OicUuid_t * eownerID)
1158 OIC_LOG(DEBUG, TAG, "IN GenerateCredential");
1161 OCStackResult ret = OC_STACK_ERROR;
1163 OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
1164 VERIFY_NON_NULL(TAG, cred, ERROR);
1166 //CredId is assigned before appending new cred to the existing
1167 //credential list and updating svr database in AddCredential().
1170 VERIFY_NON_NULL(TAG, subject, ERROR);
1171 memcpy(cred->subject.id, subject->id , sizeof(cred->subject.id));
1173 VERIFY_SUCCESS(TAG, credType < (NO_SECURITY_MODE | SYMMETRIC_PAIR_WISE_KEY |
1174 SYMMETRIC_GROUP_KEY | ASYMMETRIC_KEY | SIGNED_ASYMMETRIC_KEY | PIN_PASSWORD), ERROR);
1175 cred->credType = credType;
1177 #ifdef __WITH_DTLS__
1178 if (publicData && publicData->data)
1180 cred->publicData.data = (uint8_t *)OICCalloc(1, publicData->len);
1181 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
1182 memcpy(cred->publicData.data, publicData->data, publicData->len);
1183 cred->publicData.len = publicData->len;
1185 #endif // __WITH_DTLS__
1187 if (privateData && privateData->data)
1189 cred->privateData.data = (uint8_t *)OICCalloc(1, privateData->len);
1190 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1191 memcpy(cred->privateData.data, privateData->data, privateData->len);
1192 cred->privateData.len = privateData->len;
1194 // TODO: Added as workaround. Will be replaced soon.
1195 cred->privateData.encoding = OIC_ENCODING_RAW;
1198 // NOTE: Test codes to use base64 for credential.
1199 uint32_t outSize = 0;
1200 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1));
1201 char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize);
1202 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1203 b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize);
1205 OICFree( cred->privateData.data );
1206 cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
1207 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1209 strcpy(cred->privateData.data, b64Buf);
1210 cred->privateData.encoding = OIC_ENCODING_BASE64;
1211 cred->privateData.len = outSize;
1213 #endif //End of Test codes
1217 VERIFY_NON_NULL(TAG, rownerID, ERROR);
1218 memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t));
1220 #ifdef _ENABLE_MULTIPLE_OWNER_
1223 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1224 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1225 memcpy(cred->eownerID->id, eownerID->id, sizeof(eownerID->id));
1227 #endif //_ENABLE_MULTIPLE_OWNER_
1231 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : result: %d", ret);
1232 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credId: %d", cred->credId);
1233 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credType: %d", cred->credType);
1234 OIC_LOG_BUFFER(DEBUG, TAG, cred->subject.id, sizeof(cred->subject.id));
1235 if (cred->privateData.data)
1237 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : privateData len: %d", cred->privateData.len);
1238 OIC_LOG_BUFFER(DEBUG, TAG, cred->privateData.data, cred->privateData.len);
1240 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1243 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credUsage: %s", cred->credUsage);
1245 if (cred->publicData.data)
1247 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : publicData len: %d", cred->publicData.len);
1248 OIC_LOG_BUFFER(DEBUG, TAG, cred->publicData.data, cred->publicData.len);
1251 if (cred->optionalData.data)
1253 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len);
1254 OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len);
1257 #endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1260 if (OC_STACK_OK != ret)
1262 DeleteCredList(cred);
1265 OIC_LOG(DEBUG, TAG, "OUT GenerateCredential");
1269 static bool UpdatePersistentStorage(const OicSecCred_t *cred)
1272 OIC_LOG(DEBUG, TAG, "IN Cred UpdatePersistentStorage");
1274 // Convert Cred data into JSON for update to persistent storage
1277 uint8_t *payload = NULL;
1278 // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending
1279 size_t size = GetCredKeyDataSize(cred);
1280 size += (512 * OicSecCredCount(cred));
1281 OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size);
1284 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
1285 if ((OC_STACK_OK == res) && payload)
1287 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
1291 OICClearMemory(payload, size);
1295 else //Empty cred list
1297 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, 0))
1302 OIC_LOG(DEBUG, TAG, "OUT Cred UpdatePersistentStorage");
1307 * Compare function used LL_SORT for sorting credentials.
1309 * @param first pointer to OicSecCred_t struct.
1310 * @param second pointer to OicSecCred_t struct.
1312 *@return -1, if credId of first is less than credId of second.
1313 * 0, if credId of first is equal to credId of second.
1314 * 1, if credId of first is greater than credId of second.
1316 static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
1318 if (first->credId < second->credId)
1322 else if (first->credId > second->credId)
1331 * GetCredId goes through the cred list and returns the next
1332 * available credId. The next credId could be the credId that is
1333 * available due deletion of OicSecCred_t object or one more than
1334 * credId of last credential in the list.
1336 * @return next available credId if successful, else 0 for error.
1338 static uint16_t GetCredId()
1340 //Sorts credential list in incremental order of credId
1341 LL_SORT(gCred, CmpCredId);
1343 OicSecCred_t *currentCred = NULL, *credTmp = NULL;
1344 uint16_t nextCredId = 1;
1346 LL_FOREACH_SAFE(gCred, currentCred, credTmp)
1348 if (currentCred->credId == nextCredId)
1358 VERIFY_SUCCESS(TAG, nextCredId < UINT16_MAX, ERROR);
1366 * Get the default value.
1368 * @return NULL for now.
1370 static OicSecCred_t* GetCredDefault()
1372 // TODO:Update it when we finalize the default info.
1376 static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
1378 VERIFY_NON_NULL(TAG, sk1, WARNING);
1379 VERIFY_NON_NULL(TAG, sk2, WARNING);
1381 VERIFY_SUCCESS(TAG, (sk1->len == sk2->len), INFO);
1382 VERIFY_SUCCESS(TAG, (sk1->encoding == sk2->encoding), INFO);
1383 VERIFY_SUCCESS(TAG, (0 == memcmp(sk1->data, sk2->data, sk1->len)), INFO);
1389 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1390 static bool IsSameCert(const OicSecCert_t* cert1, const OicSecCert_t* cert2)
1392 VERIFY_NON_NULL(TAG, cert1, WARNING);
1393 VERIFY_NON_NULL(TAG, cert2, WARNING);
1395 VERIFY_SUCCESS(TAG, (cert1->len == cert2->len), INFO);
1396 VERIFY_SUCCESS(TAG, (0 == memcmp(cert1->data, cert2->data, cert1->len)), INFO);
1401 #endif //#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1404 * Compares credential
1406 * @return CRED_CMP_EQUAL if credentials are equal
1407 * CRED_CMP_NOT_EQUAL if not equal
1411 static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSecCred_t * r)
1413 CredCompareResult_t cmpResult = CRED_CMP_ERROR;
1414 bool isCompared = false;
1415 OIC_LOG(DEBUG, TAG, "IN CompareCredetial");
1417 VERIFY_NON_NULL(TAG, l, ERROR);
1418 VERIFY_NON_NULL(TAG, r, ERROR);
1420 cmpResult = CRED_CMP_NOT_EQUAL;
1422 VERIFY_SUCCESS(TAG, (l->credType == r->credType), INFO);
1423 VERIFY_SUCCESS(TAG, (0 == memcmp(l->subject.id, r->subject.id, sizeof(l->subject.id))), INFO);
1427 case SYMMETRIC_PAIR_WISE_KEY:
1428 case SYMMETRIC_GROUP_KEY:
1431 if(l->privateData.data && r->privateData.data)
1433 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1438 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1439 case ASYMMETRIC_KEY:
1440 case SIGNED_ASYMMETRIC_KEY:
1442 if(l->publicData.data && r->publicData.data)
1444 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1448 if(l->optionalData.data && r->optionalData.data)
1450 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1454 if(l->credUsage && r->credUsage)
1456 VERIFY_SUCCESS(TAG, (strlen(l->credUsage) == strlen(r->credUsage)), INFO);
1457 VERIFY_SUCCESS(TAG, (0 == strncmp(l->credUsage, r->credUsage, strlen(l->credUsage))), INFO);
1462 case ASYMMETRIC_ENCRYPTION_KEY:
1464 if(l->privateData.data && r->privateData.data)
1466 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1470 if(l->publicData.data && r->publicData.data)
1472 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1476 if(l->optionalData.data && r->optionalData.data)
1478 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1484 #endif //__WITH_DTLS__ or __WITH_TLS__
1487 cmpResult = CRED_CMP_ERROR;
1494 OIC_LOG(DEBUG, TAG, "Same Credentials");
1495 cmpResult = CRED_CMP_EQUAL;
1499 OIC_LOG(DEBUG, TAG, "Can not find the key data in credential");
1500 cmpResult = CRED_CMP_ERROR;
1503 OIC_LOG(DEBUG, TAG, "OUT CompareCredetial");
1508 OCStackResult AddCredential(OicSecCred_t * newCred)
1510 OCStackResult ret = OC_STACK_ERROR;
1511 OicSecCred_t * temp = NULL;
1512 bool validFlag = true;
1513 OicUuid_t emptyOwner = { .id = {0} };
1515 OIC_LOG(DEBUG, TAG, "IN AddCredential");
1517 VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
1518 //Assigning credId to the newCred
1519 newCred->credId = GetCredId();
1520 VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR);
1522 //the newCred is not valid if it is empty
1524 if (memcmp(&(newCred->subject), &emptyOwner, sizeof(OicUuid_t)) == 0)
1530 LL_FOREACH(gCred, temp)
1532 CredCompareResult_t cmpRes = CompareCredential(temp, newCred);
1533 if(CRED_CMP_EQUAL == cmpRes)
1535 OIC_LOG_V(WARNING, TAG, "Detected same credential ID(%d)" \
1536 "new credential's ID will be replaced.", temp->credId);
1537 newCred->credId = temp->credId;
1543 if (CRED_CMP_ERROR == cmpRes)
1545 OIC_LOG_V(WARNING, TAG, "Credential skipped : %d", cmpRes);
1546 ret = OC_STACK_ERROR;
1553 //Append the new Cred to existing list if new Cred is valid
1556 LL_APPEND(gCred, newCred);
1558 if (memcmp(&(newCred->rownerID), &emptyOwner, sizeof(OicUuid_t)) != 0)
1560 memcpy(&(gCred->rownerID), &(newCred->rownerID), sizeof(OicUuid_t));
1562 if (UpdatePersistentStorage(gCred))
1568 OIC_LOG(DEBUG, TAG, "OUT AddCredential");
1572 OCStackResult RemoveCredential(const OicUuid_t *subject)
1574 OCStackResult ret = OC_STACK_ERROR;
1575 OicSecCred_t *cred = NULL;
1576 OicSecCred_t *tempCred = NULL;
1577 bool deleteFlag = false;
1579 LL_FOREACH_SAFE(gCred, cred, tempCred)
1581 if (memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1583 LL_DELETE(gCred, cred);
1591 if (UpdatePersistentStorage(gCred))
1593 ret = OC_STACK_RESOURCE_DELETED;
1600 OCStackResult RemoveCredentialByCredId(uint16_t credId)
1602 OCStackResult ret = OC_STACK_ERROR;
1603 OicSecCred_t *cred = NULL;
1604 OicSecCred_t *tempCred = NULL;
1605 bool deleteFlag = false;
1607 OIC_LOG(INFO, TAG, "IN RemoveCredentialByCredId");
1611 return OC_STACK_INVALID_PARAM;
1615 LL_FOREACH_SAFE(gCred, cred, tempCred)
1617 if (cred->credId == credId)
1619 OIC_LOG_V(DEBUG, TAG, "Credential(ID=%d) will be removed.", credId);
1621 LL_DELETE(gCred, cred);
1629 if (UpdatePersistentStorage(gCred))
1631 ret = OC_STACK_RESOURCE_DELETED;
1634 OIC_LOG(INFO, TAG, "OUT RemoveCredentialByCredId");
1641 * Remove all credential data on credential resource and persistent storage
1644 * OC_STACK_OK - no errors
1645 * OC_STACK_ERROR - stack process error
1647 OCStackResult RemoveAllCredentials(void)
1649 DeleteCredList(gCred);
1650 gCred = GetCredDefault();
1652 if (!UpdatePersistentStorage(gCred))
1654 return OC_STACK_ERROR;
1659 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1661 * Internal function to fill private data of owner PSK.
1663 * @param receviedCred recevied owner credential from OBT(PT)
1664 * @param ownerAdd address of OBT(PT)
1665 * @param doxm current device's doxm resource
1668 * true successfully done and valid ower psk information
1669 * false Invalid owner psk information or failed to owner psk generation
1671 static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
1672 const OicSecDoxm_t* doxm)
1674 //Derive OwnerPSK locally
1675 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1676 char* b64Buf = NULL;
1677 size_t b64BufSize = 0;
1678 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1680 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
1681 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1682 (uint8_t*)oxmLabel, strlen(oxmLabel),
1683 doxm->owner.id, sizeof(doxm->owner.id),
1684 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1685 ownerPSK, OWNER_PSK_LENGTH_128);
1686 OICClearMemory(ownerPSK, sizeof(ownerPSK));
1687 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1689 OIC_LOG(DEBUG, TAG, "OwnerPSK dump :");
1690 OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
1692 //Generate owner credential based on recevied credential information
1694 // TODO: Added as workaround, will be replaced soon.
1695 if(OIC_ENCODING_RAW == receviedCred->privateData.encoding)
1697 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1698 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1699 receviedCred->privateData.len = OWNER_PSK_LENGTH_128;
1700 memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
1702 else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
1704 B64Result b64res = B64_OK;
1705 uint32_t b64OutSize = 0;
1706 b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1707 b64Buf = OICCalloc(1, b64BufSize);
1708 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1710 b64res = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
1711 VERIFY_SUCCESS(TAG, B64_OK == b64res, ERROR);
1713 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1714 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1715 receviedCred->privateData.len = b64OutSize;
1716 strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
1717 receviedCred->privateData.data[b64OutSize] = '\0';
1718 OICClearMemory(b64Buf, b64BufSize);
1724 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1727 OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
1729 //Verify OwnerPSK information
1730 return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
1731 receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
1733 //receviedCred->privateData.data will be deallocated when deleting credential.
1734 OICClearMemory(b64Buf, b64BufSize);
1740 #ifdef _ENABLE_MULTIPLE_OWNER_
1742 * Internal function to fill private data of SubOwner PSK.
1744 * @param receviedCred recevied owner credential from SubOwner
1745 * @param ownerAdd address of SubOwner
1746 * @param doxm current device's doxm resource
1749 * true successfully done and valid subower psk information
1750 * false Invalid subowner psk information or failed to subowner psk generation
1752 static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEndpoint_t* ownerAddr,
1753 const OicSecDoxm_t* doxm, const OicUuid_t* subOwner)
1755 char* b64Buf = NULL;
1756 //Derive OwnerPSK locally
1757 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1758 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1760 uint8_t subOwnerPSK[OWNER_PSK_LENGTH_128] = {0};
1761 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1762 (uint8_t*)oxmLabel, strlen(oxmLabel),
1763 subOwner->id, sizeof(subOwner->id),
1764 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1765 subOwnerPSK, OWNER_PSK_LENGTH_128);
1766 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1768 OIC_LOG(DEBUG, TAG, "SubOwnerPSK dump :");
1769 OIC_LOG_BUFFER(DEBUG, TAG, subOwnerPSK, OWNER_PSK_LENGTH_128);
1771 //Generate owner credential based on received credential information
1773 if(OIC_ENCODING_RAW == receivedCred->privateData.encoding)
1775 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1776 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1777 receivedCred->privateData.len = OWNER_PSK_LENGTH_128;
1778 memcpy(receivedCred->privateData.data, subOwnerPSK, OWNER_PSK_LENGTH_128);
1780 else if(OIC_ENCODING_BASE64 == receivedCred->privateData.encoding)
1782 uint32_t b64OutSize = 0;
1783 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1784 b64Buf = OICCalloc(1, b64BufSize);
1785 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1787 VERIFY_SUCCESS(TAG, \
1788 B64_OK == b64Encode(subOwnerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize), \
1791 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1792 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1793 receivedCred->privateData.len = b64OutSize;
1794 strncpy((char*)receivedCred->privateData.data, b64Buf, b64OutSize);
1795 receivedCred->privateData.data[b64OutSize] = '\0';
1799 OIC_LOG(INFO, TAG, "Unknown credential encoding type.");
1800 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1803 OIC_LOG(INFO, TAG, "PrivateData of SubOwnerPSK was calculated successfully");
1807 //receivedCred->privateData.data will be deallocated when deleting credential.
1811 #endif //_ENABLE_MULTIPLE_OWNER_
1812 #endif // __WITH_DTLS__ or __WITH_TLS__
1814 static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * ehRequest)
1816 OCEntityHandlerResult ret = OC_EH_ERROR;
1817 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest IN");
1819 static uint16_t previousMsgId = 0;
1820 //Get binary representation of cbor
1821 OicSecCred_t *cred = NULL;
1822 uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData);
1823 size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
1825 OCStackResult res = CBORPayloadToCred(payload, size, &cred);
1826 if (res == OC_STACK_OK)
1828 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1829 OicUuid_t emptyUuid = {.id={0}};
1830 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1831 if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
1833 //in case of owner PSK
1834 switch(cred->credType)
1836 case SYMMETRIC_PAIR_WISE_KEY:
1838 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1839 if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
1841 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1843 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1846 OIC_LOG(ERROR, TAG, "OwnerPSK was generated successfully.");
1847 if(OC_STACK_OK == AddCredential(cred))
1849 ret = OC_EH_CHANGED;
1853 OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
1859 OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
1863 if(OC_EH_CHANGED == ret)
1866 * in case of random PIN based OxM,
1867 * revert get_psk_info callback of tinyDTLS to use owner credential.
1869 if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
1871 SetUuidForPinBasedOxm(&emptyUuid);
1873 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1874 if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials))
1876 OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
1880 #endif // __WITH_DTLS__ or __WITH_TLS__
1883 //Select cipher suite to use owner PSK
1884 if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false))
1886 OIC_LOG(ERROR, TAG, "Failed to disable anonymous cipher suite");
1891 OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
1895 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter))
1897 OIC_LOG(ERROR, TAG, "Failed to select cipher suite");
1904 case SYMMETRIC_GROUP_KEY:
1905 case ASYMMETRIC_KEY:
1906 case SIGNED_ASYMMETRIC_KEY:
1908 case ASYMMETRIC_ENCRYPTION_KEY:
1910 OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
1916 OIC_LOG(WARNING, TAG, "Unknown credential type for owner credential.");
1922 if(OC_EH_CHANGED != ret)
1925 * If some error is occured while ownership transfer,
1926 * ownership transfer related resource should be revert back to initial status.
1928 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1931 if(!doxm->owned && previousMsgId != ehRequest->messageID)
1933 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
1934 "DOXM will be reverted.");
1935 RestoreDoxmToInitState();
1936 RestorePstatToInitState();
1941 OIC_LOG(ERROR, TAG, "Invalid DOXM resource");
1945 #ifdef _ENABLE_MULTIPLE_OWNER_
1946 // In case SubOwner Credential
1947 else if(doxm && doxm->owned && doxm->mom &&
1948 OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode &&
1949 0 == cred->privateData.len)
1951 switch(cred->credType)
1953 case SYMMETRIC_PAIR_WISE_KEY:
1955 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1956 if(FillPrivateDataOfSubOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm, &cred->subject))
1958 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1960 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1963 OIC_LOG(ERROR, TAG, "SubOwnerPSK was generated successfully.");
1964 if(OC_STACK_OK == AddCredential(cred))
1966 ret = OC_EH_CHANGED;
1970 OIC_LOG(ERROR, TAG, "Failed to save the SubOwnerPSK as cred resource");
1976 OIC_LOG(ERROR, TAG, "Failed to verify receviced SubOwner PSK.");
1982 case SYMMETRIC_GROUP_KEY:
1983 case ASYMMETRIC_KEY:
1984 case SIGNED_ASYMMETRIC_KEY:
1986 case ASYMMETRIC_ENCRYPTION_KEY:
1988 OIC_LOG(WARNING, TAG, "Unsupported credential type for SubOwner credential.");
1994 OIC_LOG(WARNING, TAG, "Unknown credential type for SubOwner credential.");
2000 #endif //_ENABLE_MULTIPLE_OWNER_
2003 if(IsEmptyCred(cred))
2005 OicUuid_t emptyUuid = {.id={0}};
2006 if(memcmp(cred->rownerID.id, emptyUuid.id, sizeof(emptyUuid.id)) != 0)
2008 OIC_LOG(INFO, TAG, "CRED's rowner will be updated.");
2009 memcpy(gCred->rownerID.id, cred->rownerID.id, sizeof(cred->rownerID.id));
2010 if (UpdatePersistentStorage(gCred))
2012 ret = OC_EH_CHANGED;
2027 * If the post request credential has credId, it will be
2028 * discarded and the next available credId will be assigned
2029 * to it before getting appended to the existing credential
2030 * list and updating svr database.
2032 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2035 #else //not __WITH_DTLS__
2037 * If the post request credential has credId, it will be
2038 * discarded and the next available credId will be assigned
2039 * to it before getting appended to the existing credential
2040 * list and updating svr database.
2042 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2043 OC_UNUSED(previousMsgId);
2044 #endif//__WITH_DTLS__
2047 if (OC_EH_CHANGED != ret)
2049 if(OC_STACK_OK != RemoveCredential(&cred->subject))
2051 OIC_LOG(WARNING, TAG, "Failed to remove the invalid credential");
2057 previousMsgId = ehRequest->messageID;
2059 //Send response to request originator
2060 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2061 OC_EH_OK : OC_EH_ERROR;
2063 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest OUT");
2068 * The entity handler determines how to process a GET request.
2070 static OCEntityHandlerResult HandleGetRequest (const OCEntityHandlerRequest * ehRequest)
2072 OIC_LOG(INFO, TAG, "HandleGetRequest processing GET request");
2074 // Convert Cred data into CBOR for transmission
2076 uint8_t *payload = NULL;
2079 const OicSecCred_t *cred = gCred;
2081 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2082 size = GetCredKeyDataSize(cred);
2083 size += (256 * OicSecCredCount(cred));
2084 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
2086 // A device should always have a default cred. Therefore, payload should never be NULL.
2087 OCEntityHandlerResult ehRet = (res == OC_STACK_OK) ? OC_EH_OK : OC_EH_ERROR;
2090 //Send payload to request originator
2091 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
2092 OC_EH_OK : OC_EH_ERROR;
2093 OICClearMemory(payload, size);
2098 static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *ehRequest)
2100 OIC_LOG(DEBUG, TAG, "Processing CredDeleteRequest");
2102 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2104 if (NULL == ehRequest->query)
2109 OicParseQueryIter_t parseIter = { .attrPos=NULL };
2110 OicUuid_t subject = {.id={0}};
2112 //Parsing REST query to get the subject
2113 ParseQueryIterInit((unsigned char *)ehRequest->query, &parseIter);
2114 while (GetNextQuery(&parseIter))
2116 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECTID_NAME,
2117 parseIter.attrLen) == 0)
2119 OCStackResult ret = ConvertStrToUuid((const char*)parseIter.valPos, &subject);
2120 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2124 if (OC_STACK_RESOURCE_DELETED == RemoveCredential(&subject))
2126 ehRet = OC_EH_RESOURCE_DELETED;
2128 //Send response to request originator
2129 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2130 OC_EH_OK : OC_EH_ERROR;
2135 OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
2136 OCEntityHandlerRequest * ehRequest,
2137 void* callbackParameter)
2139 (void)callbackParameter;
2140 OCEntityHandlerResult ret = OC_EH_ERROR;
2146 if (flag & OC_REQUEST_FLAG)
2148 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2149 //TODO : Remove Handle PUT methods once CTT have changed to POST on OTM
2150 switch (ehRequest->method)
2153 ret = HandleGetRequest(ehRequest);;
2157 ret = HandlePostRequest(ehRequest);
2159 case OC_REST_DELETE:
2160 ret = HandleDeleteRequest(ehRequest);
2163 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2164 OC_EH_OK : OC_EH_ERROR;
2171 OCStackResult CreateCredResource()
2173 OCStackResult ret = OCCreateResource(&gCredHandle,
2174 OIC_RSRC_TYPE_SEC_CRED,
2175 OC_RSRVD_INTERFACE_DEFAULT,
2181 if (OC_STACK_OK != ret)
2183 OIC_LOG (FATAL, TAG, "Unable to instantiate Cred resource");
2184 DeInitCredResource();
2189 OCStackResult InitCredResource()
2191 OCStackResult ret = OC_STACK_ERROR;
2192 OicSecCred_t* cred = NULL;
2194 //Read Cred resource from PS
2195 uint8_t *data = NULL;
2197 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
2198 // If database read failed
2199 if (ret != OC_STACK_OK)
2201 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
2205 // Read ACL resource from PS
2206 ret = CBORPayloadToCred(data, size, &gCred);
2210 * If SVR database in persistent storage got corrupted or
2211 * is not available for some reason, a default Cred is created
2212 * which allows user to initiate Cred provisioning again.
2214 if (ret != OC_STACK_OK || !data || !gCred)
2216 gCred = GetCredDefault();
2219 //Add a log to track the invalid credential.
2220 LL_FOREACH(gCred, cred)
2222 if (false == IsVaildCredential(cred))
2224 OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
2225 OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
2229 //Instantiate 'oic.sec.cred'
2230 ret = CreateCredResource();
2231 OICClearMemory(data, size);
2236 OCStackResult DeInitCredResource()
2238 OCStackResult result = OCDeleteResource(gCredHandle);
2239 DeleteCredList(gCred);
2244 OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
2246 OicSecCred_t *cred = NULL;
2248 if ( NULL == subject)
2253 LL_FOREACH(gCred, cred)
2255 if(memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
2263 const OicSecCred_t* GetCredList()
2268 OicSecCred_t* GetCredEntryByCredId(const uint16_t credId)
2270 OicSecCred_t *cred = NULL;
2271 OicSecCred_t *tmpCred = NULL;
2278 LL_FOREACH(gCred, tmpCred)
2280 if(tmpCred->credId == credId)
2282 cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
2283 VERIFY_NON_NULL(TAG, cred, ERROR);
2287 cred->credId = tmpCred->credId;
2288 cred->credType = tmpCred->credType;
2289 memcpy(cred->subject.id, tmpCred->subject.id , sizeof(cred->subject.id));
2290 memcpy(cred->rownerID.id, tmpCred->rownerID.id , sizeof(cred->rownerID.id));
2291 if (tmpCred->period)
2293 cred->period = OICStrdup(tmpCred->period);
2297 if (tmpCred->privateData.data)
2299 cred->privateData.data = (uint8_t *)OICCalloc(1, tmpCred->privateData.len);
2300 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
2302 memcpy(cred->privateData.data, tmpCred->privateData.data, tmpCred->privateData.len);
2303 cred->privateData.len = tmpCred->privateData.len;
2304 cred->privateData.encoding = tmpCred->privateData.encoding;
2306 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
2307 else if (tmpCred->publicData.data)
2309 cred->publicData.data = (uint8_t *)OICCalloc(1, tmpCred->publicData.len);
2310 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
2312 memcpy(cred->publicData.data, tmpCred->publicData.data, tmpCred->publicData.len);
2313 cred->publicData.len = tmpCred->publicData.len;
2315 else if (tmpCred->optionalData.data)
2317 cred->optionalData.data = (uint8_t *)OICCalloc(1, tmpCred->optionalData.len);
2318 VERIFY_NON_NULL(TAG, cred->optionalData.data, ERROR);
2320 memcpy(cred->optionalData.data, tmpCred->optionalData.data, tmpCred->optionalData.len);
2321 cred->optionalData.len = tmpCred->optionalData.len;
2322 cred->optionalData.encoding = tmpCred->optionalData.encoding;
2325 if (tmpCred->credUsage)
2327 cred->credUsage = OICStrdup(tmpCred->credUsage);
2329 #endif /* __WITH_X509__ or __WITH_TLS__*/
2340 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
2341 int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
2342 const uint8_t *desc, size_t desc_len,
2343 uint8_t *result, size_t result_length)
2354 case CA_DTLS_PSK_HINT:
2355 case CA_DTLS_PSK_IDENTITY:
2357 OicUuid_t deviceID = {.id={0}};
2358 // Retrieve Device ID from doxm resource
2359 if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
2361 OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
2365 if (result_length < sizeof(deviceID.id))
2367 OIC_LOG (ERROR, TAG, "Wrong value for result_length");
2370 memcpy(result, deviceID.id, sizeof(deviceID.id));
2371 return (sizeof(deviceID.id));
2375 case CA_DTLS_PSK_KEY:
2377 OicSecCred_t *cred = NULL;
2378 LL_FOREACH(gCred, cred)
2380 if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
2385 if ((desc_len == sizeof(cred->subject.id)) &&
2386 (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
2389 * If the credentials are valid for limited time,
2390 * check their expiry.
2394 if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
2396 OIC_LOG (INFO, TAG, "Credentials are expired.");
2402 // TODO: Added as workaround. Will be replaced soon.
2403 if(OIC_ENCODING_RAW == cred->privateData.encoding)
2405 ret = cred->privateData.len;
2406 memcpy(result, cred->privateData.data, ret);
2408 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
2410 size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
2411 uint8_t* outKey = OICCalloc(1, outBufSize);
2412 uint32_t outKeySize;
2415 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2419 if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
2421 memcpy(result, outKey, outKeySize);
2426 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2435 OIC_LOG(DEBUG, TAG, "Can not find subject matched credential.");
2437 #ifdef _ENABLE_MULTIPLE_OWNER_
2438 const OicSecDoxm_t* doxm = GetDoxmResourceData();
2439 if(doxm && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode)
2441 // in case of multiple owner transfer authentication
2442 if(OIC_PRECONFIG_PIN == doxm->oxmSel)
2444 OicSecCred_t* wildCardCred = GetCredResourceData(&WILDCARD_SUBJECT_ID);
2447 OIC_LOG(DEBUG, TAG, "Detected wildcard credential.");
2448 if(PIN_PASSWORD == wildCardCred->credType)
2451 char* pinBuffer = NULL;
2452 uint32_t pinLength = 0;
2453 if(OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
2455 pinBuffer = OICCalloc(1, wildCardCred->privateData.len + 1);
2456 if(NULL == pinBuffer)
2458 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2461 pinLength = wildCardCred->privateData.len;
2462 memcpy(pinBuffer, wildCardCred->privateData.data, pinLength);
2464 else if(OIC_ENCODING_BASE64 == wildCardCred->privateData.encoding)
2466 size_t pinBufSize = B64DECODE_OUT_SAFESIZE((wildCardCred->privateData.len + 1));
2467 pinBuffer = OICCalloc(1, pinBufSize);
2468 if(NULL == pinBuffer)
2470 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2474 if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength))
2476 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2482 OIC_LOG(ERROR, TAG, "Unknown encoding type of PIN/PW credential.");
2486 //Set the PIN/PW to derive PSK
2487 if (OC_STACK_OK != SetPreconfigPin(pinBuffer, pinLength))
2490 OIC_LOG(ERROR, TAG, "Failed to load PIN data.");
2496 if(OC_STACK_OK != GetDoxmDeviceID(&myUuid))
2498 OIC_LOG(ERROR, TAG, "Failed to read device ID");
2501 SetUuidForPinBasedOxm(&myUuid);
2503 //Calculate PSK using PIN/PW
2504 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2506 ret = OWNER_PSK_LENGTH_128;
2510 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN");
2513 if(CA_STATUS_OK != CAregisterSslHandshakeCallback(MultipleOwnerDTLSHandshakeCB))
2515 OIC_LOG(WARNING, TAG, "Error while bind the DTLS Handshake Callback.");
2520 else if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
2522 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2524 ret = OWNER_PSK_LENGTH_128;
2528 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN : result");
2533 #endif //_ENABLE_MULTIPLE_OWNER_
2542 * Add temporal PSK to PIN based OxM
2544 * @param[in] tmpSubject UUID of target device
2545 * @param[in] credType Type of credential to be added
2546 * @param[in] pin numeric characters
2547 * @param[in] pinSize length of 'pin'
2548 * @param[in] rownerID Resource owner's UUID
2549 * @param[out] tmpCredSubject Generated credential's subject.
2551 * @return OC_STACK_OK for success and errorcode otherwise.
2553 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
2554 const char * pin, size_t pinSize,
2555 const OicUuid_t * rownerID, OicUuid_t* tmpCredSubject)
2557 OCStackResult ret = OC_STACK_ERROR;
2558 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN IN");
2560 if(NULL == tmpSubject || NULL == pin || 0 == pinSize || NULL == tmpCredSubject)
2562 return OC_STACK_INVALID_PARAM;
2565 uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
2566 OicSecKey_t privKey = {privData, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
2567 OicSecCred_t* cred = NULL;
2568 int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, rownerID->id,
2569 UUID_LENGTH, PBKDF_ITERATIONS,
2570 OWNER_PSK_LENGTH_128, privData);
2571 VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
2573 cred = GenerateCredential(tmpSubject, credType, NULL,
2574 &privKey, rownerID, NULL);
2575 OICClearMemory(privData, sizeof(privData));
2578 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
2579 return OC_STACK_ERROR;
2582 memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
2584 ret = AddCredential(cred);
2585 if( OC_STACK_OK != ret)
2587 RemoveCredential(tmpSubject);
2588 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
2590 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT");
2596 #endif /* __WITH_DTLS__ */
2598 OCStackResult SetCredRownerId(const OicUuid_t* newROwner)
2600 OCStackResult ret = OC_STACK_ERROR;
2601 uint8_t *cborPayload = NULL;
2604 OicUuid_t prevId = {.id={0}};
2606 if(NULL == newROwner)
2608 ret = OC_STACK_INVALID_PARAM;
2612 ret = OC_STACK_NO_RESOURCE;
2615 if(newROwner && gCred)
2617 memcpy(prevId.id, gCred->rownerID.id, sizeof(prevId.id));
2618 memcpy(gCred->rownerID.id, newROwner->id, sizeof(newROwner->id));
2620 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2621 size = GetCredKeyDataSize(gCred);
2622 size += (256 * OicSecCredCount(gCred));
2623 ret = CredToCBORPayload(gCred, &cborPayload, &size, secureFlag);
2624 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2626 ret = UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, cborPayload, size);
2627 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2629 OICFree(cborPayload);
2635 OICFree(cborPayload);
2636 memcpy(gCred->rownerID.id, prevId.id, sizeof(prevId.id));
2640 OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
2642 OCStackResult retVal = OC_STACK_ERROR;
2645 *rowneruuid = gCred->rownerID;
2646 retVal = OC_STACK_OK;
2651 #if defined (__WITH_TLS__) || defined(__WITH_DTLS__)
2652 void GetDerCaCert(ByteArray_t * crt, const char * usage)
2654 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2655 if (NULL == crt || NULL == usage)
2657 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2661 OicSecCred_t * temp = NULL;
2663 LL_FOREACH(gCred, temp)
2665 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2666 0 == strcmp(temp->credUsage, usage))
2668 if(OIC_ENCODING_BASE64 == temp->optionalData.encoding)
2670 size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
2671 uint8 * buf = OICCalloc(1, bufSize);
2674 OIC_LOG(ERROR, TAG, "Failed to allocate memory");
2678 if(B64_OK != b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize))
2681 OIC_LOG(ERROR, TAG, "Failed to decode base64 data");
2684 crt->data = OICRealloc(crt->data, crt->len + outSize);
2685 memcpy(crt->data + crt->len, buf, outSize);
2686 crt->len += outSize;
2691 crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
2692 memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
2693 crt->len += temp->optionalData.len;
2695 OIC_LOG_V(DEBUG, TAG, "%s found", usage);
2700 OIC_LOG_V(WARNING, TAG, "%s not found", usage);
2702 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2706 void GetDerOwnCert(ByteArray_t * crt, const char * usage)
2708 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2709 if (NULL == crt || NULL == usage)
2711 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2715 OicSecCred_t * temp = NULL;
2716 LL_FOREACH(gCred, temp)
2718 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2719 0 == strcmp(temp->credUsage, usage))
2721 crt->data = OICRealloc(crt->data, crt->len + temp->publicData.len);
2722 memcpy(crt->data + crt->len, temp->publicData.data, temp->publicData.len);
2723 crt->len += temp->publicData.len;
2724 OIC_LOG_V(DEBUG, TAG, "%s found", usage);
2729 OIC_LOG_V(WARNING, TAG, "%s not found", usage);
2731 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2735 void GetDerKey(ByteArray_t * key, const char * usage)
2737 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2738 if (NULL == key || NULL == usage)
2740 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2744 OicSecCred_t * temp = NULL;
2746 LL_FOREACH(gCred, temp)
2748 if (SIGNED_ASYMMETRIC_KEY == temp->credType &&
2749 0 == strcmp(temp->credUsage, usage))
2751 key->data = OICRealloc(key->data, key->len + temp->privateData.len);
2752 memcpy(key->data + key->len, temp->privateData.data, temp->privateData.len);
2753 key->len += temp->privateData.len;
2754 OIC_LOG_V(DEBUG, TAG, "Key for %s found", usage);
2759 OIC_LOG_V(WARNING, TAG, "Key for %s not found", usage);
2761 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2764 void InitCipherSuiteListInternal(bool * list, const char * usage)
2766 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2767 if (NULL == list || NULL == usage)
2769 OIC_LOG(DEBUG, TAG, "NULL passed");
2770 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2773 OicSecCred_t * temp = NULL;
2774 LL_FOREACH(gCred, temp)
2776 switch (temp->credType)
2781 OIC_LOG(DEBUG, TAG, "PIN_PASSWORD found");
2784 case SYMMETRIC_PAIR_WISE_KEY:
2787 OIC_LOG(DEBUG, TAG, "SYMMETRIC_PAIR_WISE_KEY found");
2790 case SIGNED_ASYMMETRIC_KEY:
2792 if (0 == strcmp(temp->credUsage, usage))
2795 OIC_LOG_V(DEBUG, TAG, "SIGNED_ASYMMETRIC_KEY found for %s", usage);
2799 case SYMMETRIC_GROUP_KEY:
2800 case ASYMMETRIC_KEY:
2801 case ASYMMETRIC_ENCRYPTION_KEY:
2803 OIC_LOG(WARNING, TAG, "Unsupported credential type for TLS.");
2808 OIC_LOG(WARNING, TAG, "Unknown credential type for TLS.");
2813 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);