1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #define __STDC_LIMIT_MACROS
32 #include "cainterface.h"
33 #include "payload_logging.h"
37 #include "ocserverrequest.h"
38 #include "oic_malloc.h"
39 #include "ocpayload.h"
41 #include "credresource.h"
42 #include "doxmresource.h"
43 #include "pstatresource.h"
44 #include "iotvticalendar.h"
46 #include "resourcemanager.h"
47 #include "srmresourcestrings.h"
48 #include "srmutility.h"
49 #include "psinterface.h"
50 #include "pinoxmcommon.h"
56 #define TAG "SRM-CREDL"
58 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
59 * The value of payload size is increased until reaching belox max cbor size. */
60 static const uint16_t CBOR_SIZE = 2048;
62 /** Max cbor size payload. */
63 static const uint16_t CBOR_MAX_SIZE = 4400;
65 /** CRED size - Number of mandatory items. */
66 static const uint8_t CRED_ROOT_MAP_SIZE = 4;
67 static const uint8_t CRED_MAP_SIZE = 3;
70 static OicSecCred_t *gCred = NULL;
71 static OCResourceHandle gCredHandle = NULL;
74 * This function frees OicSecCred_t object's fields and object itself.
76 static void FreeCred(OicSecCred_t *cred)
80 OIC_LOG(ERROR, TAG, "Invalid Parameter");
83 //Note: Need further clarification on roleID data type
86 OICFree(cred->roleIds);
89 //Clean PublicData/OptionalData/Credusage
90 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
91 // TODO: Need to check credUsage.
92 OICFree(cred->publicData.data);
93 OICFree(cred->optionalData.data);
94 OICFree(cred->credUsage);
96 #endif /* __WITH_X509__ || __WITH_TLS__*/
99 OICFree(cred->privateData.data);
102 OICFree(cred->period);
104 //Clean Cred node itself
108 void DeleteCredList(OicSecCred_t* cred)
112 OicSecCred_t *credTmp1 = NULL, *credTmp2 = NULL;
113 LL_FOREACH_SAFE(cred, credTmp1, credTmp2)
115 LL_DELETE(cred, credTmp1);
121 static size_t OicSecCredCount(const OicSecCred_t *secCred)
124 for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
131 OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
132 size_t *cborSize, int secureFlag)
134 if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
136 return OC_STACK_INVALID_PARAM;
139 OCStackResult ret = OC_STACK_ERROR;
141 CborError cborEncoderResult = CborNoError;
142 uint8_t *outPayload = NULL;
143 size_t cborLen = *cborSize;
146 const OicSecCred_t *cred = credS;
148 CborEncoder credArray;
149 CborEncoder credRootMap;
156 outPayload = (uint8_t *)OICCalloc(1, cborLen);
157 VERIFY_NON_NULL(TAG, outPayload, ERROR);
158 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
160 // Create CRED Root Map (creds, rownerid)
161 cborEncoderResult = cbor_encoder_create_map(&encoder, &credRootMap, CRED_ROOT_MAP_SIZE);
162 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Root Map");
165 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_CREDS_NAME,
166 strlen(OIC_JSON_CREDS_NAME));
167 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding creds Name Tag.");
170 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &credArray, OicSecCredCount(cred));
171 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Array.");
176 size_t mapSize = CRED_MAP_SIZE;
182 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
183 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
187 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
195 #endif /* __WITH_X509__ || __WITH_TLS__*/
196 if (!secureFlag && cred->privateData.data)
200 cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
201 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
203 //CredID -- Mandatory
204 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
205 strlen(OIC_JSON_CREDID_NAME));
206 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
207 cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
208 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
210 //Subject -- Mandatory
211 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME,
212 strlen(OIC_JSON_SUBJECTID_NAME));
213 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
214 inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ?
215 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
216 if(inLen == WILDCARD_SUBJECT_ID_LEN)
218 cborEncoderResult = cbor_encode_text_string(&credMap, WILDCARD_RESOURCE_URI,
219 strlen(WILDCARD_RESOURCE_URI));
220 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
224 char *subject = NULL;
225 ret = ConvertUuidToStr(&cred->subject, &subject);
226 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
227 cborEncoderResult = cbor_encode_text_string(&credMap, subject, strlen(subject));
228 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
232 //CredType -- Mandatory
233 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
234 strlen(OIC_JSON_CREDTYPE_NAME));
235 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
236 cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
237 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
239 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
240 //PublicData -- Not Mandatory
241 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
243 CborEncoder publicMap;
244 const size_t publicMapSize = 2;
246 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME,
247 strlen(OIC_JSON_PUBLICDATA_NAME));
248 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag.");
250 cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize);
251 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map");
253 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME,
254 strlen(OIC_JSON_DATA_NAME));
255 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag.");
256 cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data,
257 cred->publicData.len);
258 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value.");
260 // TODO: Need to data strucure modification for OicSecCert_t.
261 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME,
262 strlen(OIC_JSON_ENCODING_NAME));
263 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag.");
264 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_RAW,
265 strlen(OIC_SEC_ENCODING_RAW));
266 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value.");
268 cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap);
269 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map.");
271 //OptionalData -- Not Mandatory
272 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
274 CborEncoder optionalMap;
275 const size_t optionalMapSize = 2;
277 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME,
278 strlen(OIC_JSON_OPTDATA_NAME));
279 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag.");
281 cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize);
282 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map");
284 // TODO: Need to data strucure modification for OicSecCert_t.
285 if(OIC_ENCODING_RAW == cred->optionalData.encoding)
287 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
288 strlen(OIC_JSON_ENCODING_NAME));
289 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
290 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW,
291 strlen(OIC_SEC_ENCODING_RAW));
292 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
294 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
295 strlen(OIC_JSON_DATA_NAME));
296 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
297 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
298 cred->optionalData.len);
299 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
301 else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding)
303 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
304 strlen(OIC_JSON_ENCODING_NAME));
305 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
306 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64,
307 strlen(OIC_SEC_ENCODING_BASE64));
308 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
310 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
311 strlen(OIC_JSON_DATA_NAME));
312 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
313 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
314 cred->optionalData.len);
315 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
317 else if(OIC_ENCODING_PEM == cred->optionalData.encoding)
319 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
320 strlen(OIC_JSON_ENCODING_NAME));
321 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
322 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM,
323 strlen(OIC_SEC_ENCODING_PEM));
324 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
326 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
327 strlen(OIC_JSON_DATA_NAME));
328 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
329 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
330 cred->optionalData.len);
331 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
333 else if(OIC_ENCODING_DER == cred->optionalData.encoding)
335 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
336 strlen(OIC_JSON_ENCODING_NAME));
337 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
338 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER,
339 strlen(OIC_SEC_ENCODING_DER));
340 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
342 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
343 strlen(OIC_JSON_DATA_NAME));
344 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
345 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
346 cred->optionalData.len);
347 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
351 OIC_LOG(ERROR, TAG, "Unknow encoding type for optional data.");
352 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value.");
355 cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap);
356 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map.");
358 //CredUsage -- Not Mandatory
361 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDUSAGE_NAME,
362 strlen(OIC_JSON_CREDUSAGE_NAME));
363 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Tag.");
364 cborEncoderResult = cbor_encode_text_string(&credMap, cred->credUsage,
365 strlen(cred->credUsage));
366 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Value.");
368 #endif /* __WITH_X509__ || __WITH_TLS__*/
369 //PrivateData -- Not Mandatory
370 if(!secureFlag && cred->privateData.data)
372 CborEncoder privateMap;
373 const size_t privateMapSize = 2;
375 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME,
376 strlen(OIC_JSON_PRIVATEDATA_NAME));
377 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag.");
379 cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize);
380 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map");
382 // TODO: Need to data strucure modification for OicSecKey_t.
383 // TODO: Added as workaround, will be replaced soon.
384 if(OIC_ENCODING_RAW == cred->privateData.encoding)
386 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
387 strlen(OIC_JSON_ENCODING_NAME));
388 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
389 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW,
390 strlen(OIC_SEC_ENCODING_RAW));
391 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
393 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
394 strlen(OIC_JSON_DATA_NAME));
395 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
396 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
397 cred->privateData.len);
398 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
400 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
402 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
403 strlen(OIC_JSON_ENCODING_NAME));
404 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
405 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64,
406 strlen(OIC_SEC_ENCODING_BASE64));
407 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
409 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
410 strlen(OIC_JSON_DATA_NAME));
411 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
412 cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data),
413 cred->privateData.len);
414 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
418 OIC_LOG(ERROR, TAG, "Unknow encoding type for private data.");
419 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value.");
422 cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap);
423 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map.");
426 //Period -- Not Mandatory
429 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
430 strlen(OIC_JSON_PERIOD_NAME));
431 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
432 cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
433 strlen(cred->period));
434 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
438 cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
439 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
443 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
444 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
451 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_ROWNERID_NAME,
452 strlen(OIC_JSON_ROWNERID_NAME));
453 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
454 ret = ConvertUuidToStr(&cred->rownerID, &rowner);
455 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
456 cborEncoderResult = cbor_encode_text_string(&credRootMap, rowner, strlen(rowner));
457 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
463 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_RT_NAME,
464 strlen(OIC_JSON_RT_NAME));
465 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
466 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &rtArray, 1);
467 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
468 for (size_t i = 0; i < 1; i++)
470 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_CRED,
471 strlen(OIC_RSRC_TYPE_SEC_CRED));
472 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
474 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &rtArray);
475 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
479 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_IF_NAME,
480 strlen(OIC_JSON_IF_NAME));
481 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
482 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &ifArray, 1);
483 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
484 for (size_t i = 0; i < 1; i++)
486 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
487 strlen(OC_RSRVD_INTERFACE_DEFAULT));
488 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
490 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &ifArray);
491 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
494 // Close CRED Root Map
495 cborEncoderResult = cbor_encoder_close_container(&encoder, &credRootMap);
496 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing CRED Root Map.");
498 if (CborNoError == cborEncoderResult)
500 OIC_LOG(DEBUG, TAG, "CredToCBORPayload Successed");
501 *cborPayload = outPayload;
502 *cborSize = encoder.ptr - outPayload;
505 OIC_LOG(DEBUG, TAG, "CredToCBORPayload OUT");
507 if (CborErrorOutOfMemory == cborEncoderResult)
509 OIC_LOG(DEBUG, TAG, "CredToCBORPayload:CborErrorOutOfMemory : retry with more memory");
510 // reallocate and try again!
512 // Since the allocated initial memory failed, double the memory.
513 cborLen += encoder.ptr - encoder.end;
514 cborEncoderResult = CborNoError;
515 ret = CredToCBORPayload(credS, cborPayload, &cborLen, secureFlag);
519 if (CborNoError != cborEncoderResult)
521 OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
526 ret = OC_STACK_ERROR;
532 OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
533 OicSecCred_t **secCred)
535 if (NULL == cborPayload || NULL == secCred || NULL != *secCred || 0 == size)
537 return OC_STACK_INVALID_PARAM;
540 OCStackResult ret = OC_STACK_ERROR;
541 CborValue credCbor = { .parser = NULL };
542 CborParser parser = { .end = NULL };
543 CborError cborFindResult = CborNoError;
544 cbor_parser_init(cborPayload, size, 0, &parser, &credCbor);
546 OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
548 // Enter CRED Root Map
549 CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
550 cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
551 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
553 while (cbor_value_is_valid(&CredRootMap))
555 char* tagName = NULL;
557 CborType type = cbor_value_get_type(&CredRootMap);
558 if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
560 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
561 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
562 cborFindResult = cbor_value_advance(&CredRootMap);
563 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Root Map.");
567 if (strcmp(tagName, OIC_JSON_CREDS_NAME) == 0)
572 CborValue credArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
573 cborFindResult = cbor_value_enter_container(&CredRootMap, &credArray);
574 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
576 while (cbor_value_is_valid(&credArray))
579 //CredId -- Mandatory
580 CborValue credMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
581 cborFindResult = cbor_value_enter_container(&credArray, &credMap);
582 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
583 OicSecCred_t *cred = NULL;
591 cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
592 OicSecCred_t *temp = headCred;
600 VERIFY_NON_NULL(TAG, cred, ERROR);
602 while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
605 CborType type = cbor_value_get_type(&credMap);
606 if (type == CborTextStringType)
608 cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
609 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Map.");
610 cborFindResult = cbor_value_advance(&credMap);
611 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Map.");
616 if (strcmp(name, OIC_JSON_CREDID_NAME) == 0)
619 cborFindResult = cbor_value_get_uint64(&credMap, &credId);
620 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredId.");
621 cred->credId = (uint16_t)credId;
624 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
626 char *subjectid = NULL;
627 cborFindResult = cbor_value_dup_text_string(&credMap, &subjectid, &len, NULL);
628 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subjectid Value.");
629 if(strcmp(subjectid, WILDCARD_RESOURCE_URI) == 0)
631 cred->subject.id[0] = '*';
635 ret = ConvertStrToUuid(subjectid, &cred->subject);
636 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
641 if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0)
643 uint64_t credType = 0;
644 cborFindResult = cbor_value_get_uint64(&credMap, &credType);
645 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType.");
646 cred->credType = (OicSecCredType_t)credType;
649 if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0)
651 CborValue privateMap = { .parser = NULL };
652 cborFindResult = cbor_value_enter_container(&credMap, &privateMap);
654 while (cbor_value_is_valid(&privateMap))
656 char* privname = NULL;
657 CborType type = cbor_value_get_type(&privateMap);
658 if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
660 cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
662 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
663 cborFindResult = cbor_value_advance(&privateMap);
664 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
668 // PrivateData::privdata -- Mandatory
669 if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
671 if(cbor_value_is_byte_string(&privateMap))
673 cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
674 &cred->privateData.len, NULL);
676 else if(cbor_value_is_text_string(&privateMap))
678 cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data),
679 &cred->privateData.len, NULL);
683 cborFindResult = CborErrorUnknownType;
684 OIC_LOG(ERROR, TAG, "Unknow type for private data.");
686 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData.");
689 // PrivateData::encoding -- Mandatory
690 if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0)
692 // TODO: Added as workaround. Will be replaced soon.
693 char* strEncoding = NULL;
694 cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL);
695 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
697 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
699 cred->privateData.encoding = OIC_ENCODING_RAW;
701 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
703 cred->privateData.encoding = OIC_ENCODING_BASE64;
708 cred->privateData.encoding = OIC_ENCODING_RAW;
709 OIC_LOG(WARNING, TAG, "Unknow encoding type dectected for private data.");
712 OICFree(strEncoding);
715 if (cbor_value_is_valid(&privateMap))
717 cborFindResult = cbor_value_advance(&privateMap);
718 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map.");
724 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
725 //PublicData -- Not Mandatory
726 if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0)
728 CborValue pubMap = { .parser = NULL };
729 cborFindResult = cbor_value_enter_container(&credMap, &pubMap);
731 while (cbor_value_is_valid(&pubMap))
733 char* pubname = NULL;
734 CborType type = cbor_value_get_type(&pubMap);
735 if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
737 cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
739 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
740 cborFindResult = cbor_value_advance(&pubMap);
741 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
745 // PrivateData::privdata -- Mandatory
746 if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
748 cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
749 &cred->publicData.len, NULL);
750 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData.");
752 // PublicData::encoding -- Mandatory
753 if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0)
755 // TODO: Need to update data structure, just ignore encoding value now.
758 if (cbor_value_is_valid(&pubMap))
760 cborFindResult = cbor_value_advance(&pubMap);
761 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map.");
766 //OptionalData -- Not Mandatory
767 if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0)
769 CborValue optMap = { .parser = NULL };
770 cborFindResult = cbor_value_enter_container(&credMap, &optMap);
772 while (cbor_value_is_valid(&optMap))
774 char* optname = NULL;
775 CborType type = cbor_value_get_type(&optMap);
776 if (type == CborTextStringType && cbor_value_is_text_string(&optMap))
778 cborFindResult = cbor_value_dup_text_string(&optMap, &optname,
780 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
781 cborFindResult = cbor_value_advance(&optMap);
782 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
786 // OptionalData::optdata -- Mandatory
787 if (strcmp(optname, OIC_JSON_DATA_NAME) == 0)
789 if(cbor_value_is_byte_string(&optMap))
791 cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data,
792 &cred->optionalData.len, NULL);
794 else if(cbor_value_is_text_string(&optMap))
796 cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data),
797 &cred->optionalData.len, NULL);
801 cborFindResult = CborErrorUnknownType;
802 OIC_LOG(ERROR, TAG, "Unknow type for optional data.");
804 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData.");
806 // OptionalData::encoding -- Mandatory
807 if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0)
809 // TODO: Added as workaround. Will be replaced soon.
810 char* strEncoding = NULL;
811 cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL);
812 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
814 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
816 OIC_LOG(INFO,TAG,"cbor_value_is_byte_string");
817 cred->optionalData.encoding = OIC_ENCODING_RAW;
819 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
821 cred->optionalData.encoding = OIC_ENCODING_BASE64;
823 else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0)
825 cred->optionalData.encoding = OIC_ENCODING_PEM;
827 else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0)
829 cred->optionalData.encoding = OIC_ENCODING_DER;
834 cred->optionalData.encoding = OIC_ENCODING_RAW;
835 OIC_LOG(WARNING, TAG, "Unknow encoding type dectected for optional data.");
837 OICFree(strEncoding);
840 if (cbor_value_is_valid(&optMap))
842 cborFindResult = cbor_value_advance(&optMap);
843 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map.");
848 //Credusage -- Not Mandatory
849 if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name))
851 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->credUsage, &len, NULL);
852 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
854 #endif //__WITH_X509__ || __WITH_TLS__
856 if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
858 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->period, &len, NULL);
859 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
862 if (cbor_value_is_valid(&credMap))
864 cborFindResult = cbor_value_advance(&credMap);
865 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Map.");
871 if (cbor_value_is_valid(&credArray))
873 cborFindResult = cbor_value_advance(&credArray);
874 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Array.");
879 //ROwner -- Mandatory
880 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
882 char *stRowner = NULL;
883 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
884 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
886 ret = ConvertStrToUuid(stRowner, &headCred->rownerID);
887 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
892 if (cbor_value_is_valid(&CredRootMap))
894 cborFindResult = cbor_value_advance(&CredRootMap);
895 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Root Map.");
903 if (CborNoError != cborFindResult)
905 DeleteCredList(headCred);
908 ret = OC_STACK_ERROR;
914 OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
915 const OicSecCert_t * publicData, const OicSecKey_t* privateData,
916 const OicUuid_t * rownerID)
919 OCStackResult ret = OC_STACK_ERROR;
921 OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
922 VERIFY_NON_NULL(TAG, cred, ERROR);
924 //CredId is assigned before appending new cred to the existing
925 //credential list and updating svr database in AddCredential().
928 VERIFY_NON_NULL(TAG, subject, ERROR);
929 memcpy(cred->subject.id, subject->id , sizeof(cred->subject.id));
931 VERIFY_SUCCESS(TAG, credType < (NO_SECURITY_MODE | SYMMETRIC_PAIR_WISE_KEY |
932 SYMMETRIC_GROUP_KEY | ASYMMETRIC_KEY | SIGNED_ASYMMETRIC_KEY | PIN_PASSWORD), ERROR);
933 cred->credType = credType;
936 if (publicData && publicData->data)
938 cred->publicData.data = (uint8_t *)OICCalloc(1, publicData->len);
939 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
940 memcpy(cred->publicData.data, publicData->data, publicData->len);
941 cred->publicData.len = publicData->len;
943 #endif // __WITH_X509__
945 if (privateData && privateData->data)
947 cred->privateData.data = (uint8_t *)OICCalloc(1, privateData->len);
948 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
949 memcpy(cred->privateData.data, privateData->data, privateData->len);
950 cred->privateData.len = privateData->len;
952 // TODO: Added as workaround. Will be replaced soon.
953 cred->privateData.encoding = OIC_ENCODING_RAW;
956 // NOTE: Test codes to use base64 for credential.
957 uint32_t outSize = 0;
958 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1));
959 char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize);
960 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
961 b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize);
963 OICFree( cred->privateData.data );
964 cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
965 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
967 strcpy(cred->privateData.data, b64Buf);
968 cred->privateData.encoding = OIC_ENCODING_BASE64;
969 cred->privateData.len = outSize;
971 #endif //End of Test codes
975 VERIFY_NON_NULL(TAG, rownerID, ERROR);
976 memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t));
980 if (OC_STACK_OK != ret)
982 DeleteCredList(cred);
988 static bool UpdatePersistentStorage(const OicSecCred_t *cred)
992 // Convert Cred data into JSON for update to persistent storage
995 uint8_t *payload = NULL;
998 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
999 if ((OC_STACK_OK == res) && payload)
1001 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
1008 else //Empty cred list
1010 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, 0))
1019 * Compare function used LL_SORT for sorting credentials.
1021 * @param first pointer to OicSecCred_t struct.
1022 * @param second pointer to OicSecCred_t struct.
1024 *@return -1, if credId of first is less than credId of second.
1025 * 0, if credId of first is equal to credId of second.
1026 * 1, if credId of first is greater than credId of second.
1028 static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
1030 if (first->credId < second->credId)
1034 else if (first->credId > second->credId)
1043 * GetCredId goes through the cred list and returns the next
1044 * available credId. The next credId could be the credId that is
1045 * available due deletion of OicSecCred_t object or one more than
1046 * credId of last credential in the list.
1048 * @return next available credId if successful, else 0 for error.
1050 static uint16_t GetCredId()
1052 //Sorts credential list in incremental order of credId
1053 LL_SORT(gCred, CmpCredId);
1055 OicSecCred_t *currentCred = NULL, *credTmp = NULL;
1056 uint16_t nextCredId = 1;
1058 LL_FOREACH_SAFE(gCred, currentCred, credTmp)
1060 if (currentCred->credId == nextCredId)
1070 VERIFY_SUCCESS(TAG, nextCredId < UINT16_MAX, ERROR);
1078 * Get the default value.
1080 * @return NULL for now.
1082 static OicSecCred_t* GetCredDefault()
1084 // TODO:Update it when we finalize the default info.
1088 OCStackResult AddCredential(OicSecCred_t * newCred)
1090 OCStackResult ret = OC_STACK_ERROR;
1091 VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
1093 //Assigning credId to the newCred
1094 newCred->credId = GetCredId();
1095 VERIFY_SUCCESS(TAG, newCred->credId != 0, ERROR);
1097 //Append the new Cred to existing list
1098 LL_APPEND(gCred, newCred);
1100 if (UpdatePersistentStorage(gCred))
1109 OCStackResult RemoveCredential(const OicUuid_t *subject)
1111 OCStackResult ret = OC_STACK_ERROR;
1112 OicSecCred_t *cred = NULL;
1113 OicSecCred_t *tempCred = NULL;
1114 bool deleteFlag = false;
1116 LL_FOREACH_SAFE(gCred, cred, tempCred)
1118 if (memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1120 LL_DELETE(gCred, cred);
1128 if (UpdatePersistentStorage(gCred))
1130 ret = OC_STACK_RESOURCE_DELETED;
1138 * Remove all credential data on credential resource and persistent storage
1141 * OC_STACK_OK - no errors
1142 * OC_STACK_ERROR - stack process error
1144 OCStackResult RemoveAllCredentials(void)
1146 DeleteCredList(gCred);
1147 gCred = GetCredDefault();
1149 if (!UpdatePersistentStorage(gCred))
1151 return OC_STACK_ERROR;
1156 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1158 * Internal function to fill private data of owner PSK.
1160 * @param receviedCred recevied owner credential from OBT(PT)
1161 * @param ownerAdd address of OBT(PT)
1162 * @param doxm current device's doxm resource
1165 * true successfully done and valid ower psk information
1166 * false Invalid owner psk information or failed to owner psk generation
1168 static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
1169 const OicSecDoxm_t* doxm)
1171 //Derive OwnerPSK locally
1172 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1173 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1175 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
1176 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1177 (uint8_t*)oxmLabel, strlen(oxmLabel),
1178 doxm->owner.id, sizeof(doxm->owner.id),
1179 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1180 ownerPSK, OWNER_PSK_LENGTH_128);
1181 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1183 OIC_LOG(DEBUG, TAG, "OwnerPSK dump :");
1184 OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
1186 //Generate owner credential based on recevied credential information
1188 // TODO: Added as workaround, will be replaced soon.
1189 if(OIC_ENCODING_RAW == receviedCred->privateData.encoding)
1191 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1192 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1193 receviedCred->privateData.len = OWNER_PSK_LENGTH_128;
1194 memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
1196 else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
1198 uint32_t b64OutSize = 0;
1199 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1200 char* b64Buf = OICCalloc(1, b64BufSize);
1201 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1203 b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
1205 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1206 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1207 receviedCred->privateData.len = b64OutSize;
1208 strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
1209 receviedCred->privateData.data[b64OutSize] = '\0';
1214 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1217 OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
1219 //Verify OwnerPSK information
1220 return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
1221 receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
1223 //receviedCred->privateData.data will be deallocated when deleting credential.
1227 #endif //__WITH_DTLS__
1229 static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * ehRequest)
1231 OCEntityHandlerResult ret = OC_EH_ERROR;
1232 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest IN");
1234 static uint16_t previousMsgId = 0;
1235 //Get binary representation of cbor
1236 OicSecCred_t *cred = NULL;
1237 uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData);
1238 size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
1240 OCStackResult res = CBORPayloadToCred(payload, size, &cred);
1241 if (res == OC_STACK_OK)
1243 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1244 OicUuid_t emptyUuid = {.id={0}};
1245 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1246 if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
1248 //in case of owner PSK
1249 switch(cred->credType)
1251 case SYMMETRIC_PAIR_WISE_KEY:
1253 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1254 if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
1256 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1258 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1261 OIC_LOG(ERROR, TAG, "OwnerPSK was generated successfully.");
1262 if(OC_STACK_OK == AddCredential(cred))
1264 ret = OC_EH_CHANGED;
1268 OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
1274 OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
1278 if(OC_EH_CHANGED == ret)
1281 * in case of random PIN based OxM,
1282 * revert get_psk_info callback of tinyDTLS to use owner credential.
1284 if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
1286 OicUuid_t emptyUuid = { .id={0}};
1287 SetUuidForRandomPinOxm(&emptyUuid);
1290 if(CA_STATUS_OK != CAregisterTlsCredentialsHandler(GetDtlsPskCredentials))
1292 OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
1297 if(CA_STATUS_OK != CARegisterDTLSCredentialsHandler(GetDtlsPskCredentials))
1299 OIC_LOG(ERROR, TAG, "Failed to revert DTLS credential handler.");
1305 //Select cipher suite to use owner PSK
1306 if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false))
1308 OIC_LOG(ERROR, TAG, "Failed to disable anonymous cipher suite");
1313 OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
1317 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter))
1319 OIC_LOG(ERROR, TAG, "Failed to select cipher suite");
1326 case SYMMETRIC_GROUP_KEY:
1327 case ASYMMETRIC_KEY:
1328 case SIGNED_ASYMMETRIC_KEY:
1330 case ASYMMETRIC_ENCRYPTION_KEY:
1332 OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
1338 OIC_LOG(WARNING, TAG, "Unknow credential type for owner credential.");
1344 if(OC_EH_CHANGED != ret)
1347 * If some error is occured while ownership transfer,
1348 * ownership transfer related resource should be revert back to initial status.
1350 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1353 if(!doxm->owned && previousMsgId != ehRequest->messageID)
1355 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
1356 "DOXM will be reverted.");
1357 RestoreDoxmToInitState();
1358 RestorePstatToInitState();
1363 OIC_LOG(ERROR, TAG, "Invalid DOXM resource");
1370 * If the post request credential has credId, it will be
1371 * discarded and the next available credId will be assigned
1372 * to it before getting appended to the existing credential
1373 * list and updating svr database.
1375 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
1377 #else //not __WITH_DTLS__
1379 * If the post request credential has credId, it will be
1380 * discarded and the next available credId will be assigned
1381 * to it before getting appended to the existing credential
1382 * list and updating svr database.
1384 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
1385 #endif//__WITH_DTLS__
1388 if (OC_EH_CHANGED != ret)
1390 if(OC_STACK_OK != RemoveCredential(&cred->subject))
1392 OIC_LOG(WARNING, TAG, "Failed to remove the invalid credential");
1398 previousMsgId = ehRequest->messageID;
1400 //Send response to request originator
1401 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
1402 OC_EH_OK : OC_EH_ERROR;
1404 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest OUT");
1409 * The entity handler determines how to process a GET request.
1411 static OCEntityHandlerResult HandleGetRequest (const OCEntityHandlerRequest * ehRequest)
1413 OIC_LOG(INFO, TAG, "HandleGetRequest processing GET request");
1415 // Convert Cred data into CBOR for transmission
1417 uint8_t *payload = NULL;
1420 const OicSecCred_t *cred = gCred;
1421 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
1423 // A device should always have a default cred. Therefore, payload should never be NULL.
1424 OCEntityHandlerResult ehRet = (res == OC_STACK_OK) ? OC_EH_OK : OC_EH_ERROR;
1427 //Send payload to request originator
1428 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
1429 OC_EH_OK : OC_EH_ERROR;
1434 static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *ehRequest)
1436 OIC_LOG(DEBUG, TAG, "Processing CredDeleteRequest");
1438 OCEntityHandlerResult ehRet = OC_EH_ERROR;
1440 if (NULL == ehRequest->query)
1445 OicParseQueryIter_t parseIter = { .attrPos=NULL };
1446 OicUuid_t subject = {.id={0}};
1448 //Parsing REST query to get the subject
1449 ParseQueryIterInit((unsigned char *)ehRequest->query, &parseIter);
1450 while (GetNextQuery(&parseIter))
1452 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECTID_NAME,
1453 parseIter.attrLen) == 0)
1455 OCStackResult ret = ConvertStrToUuid((const char*)parseIter.valPos, &subject);
1456 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1460 if (OC_STACK_RESOURCE_DELETED == RemoveCredential(&subject))
1462 ehRet = OC_EH_RESOURCE_DELETED;
1464 //Send response to request originator
1465 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
1466 OC_EH_OK : OC_EH_ERROR;
1471 OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
1472 OCEntityHandlerRequest * ehRequest,
1473 void* callbackParameter)
1475 (void)callbackParameter;
1476 OCEntityHandlerResult ret = OC_EH_ERROR;
1482 if (flag & OC_REQUEST_FLAG)
1484 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
1485 //TODO : Remove Handle PUT methods once CTT have changed to POST on OTM
1486 switch (ehRequest->method)
1489 ret = HandleGetRequest(ehRequest);;
1493 ret = HandlePostRequest(ehRequest);
1495 case OC_REST_DELETE:
1496 ret = HandleDeleteRequest(ehRequest);
1499 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
1500 OC_EH_OK : OC_EH_ERROR;
1507 OCStackResult CreateCredResource()
1509 OCStackResult ret = OCCreateResource(&gCredHandle,
1510 OIC_RSRC_TYPE_SEC_CRED,
1511 OC_RSRVD_INTERFACE_DEFAULT,
1517 if (OC_STACK_OK != ret)
1519 OIC_LOG (FATAL, TAG, "Unable to instantiate Cred resource");
1520 DeInitCredResource();
1525 OCStackResult InitCredResource()
1527 OCStackResult ret = OC_STACK_ERROR;
1529 //Read Cred resource from PS
1530 uint8_t *data = NULL;
1532 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
1533 // If database read failed
1534 if (ret != OC_STACK_OK)
1536 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
1540 // Read ACL resource from PS
1541 ret = CBORPayloadToCred(data, size, &gCred);
1545 * If SVR database in persistent storage got corrupted or
1546 * is not available for some reason, a default Cred is created
1547 * which allows user to initiate Cred provisioning again.
1549 if (ret != OC_STACK_OK || !data || !gCred)
1551 gCred = GetCredDefault();
1553 //Instantiate 'oic.sec.cred'
1554 ret = CreateCredResource();
1559 OCStackResult DeInitCredResource()
1561 OCStackResult result = OCDeleteResource(gCredHandle);
1562 DeleteCredList(gCred);
1567 OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
1569 OicSecCred_t *cred = NULL;
1571 if ( NULL == subject)
1576 LL_FOREACH(gCred, cred)
1578 if(memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1586 OicSecCred_t* GetCredResourceDataByCredId(const uint16_t credId)
1588 OicSecCred_t *cred = NULL;
1595 LL_FOREACH(gCred, cred)
1597 if(cred->credId == credId)
1605 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1606 int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
1607 const uint8_t *desc, size_t desc_len,
1608 uint8_t *result, size_t result_length)
1619 case CA_DTLS_PSK_HINT:
1620 case CA_DTLS_PSK_IDENTITY:
1622 OicUuid_t deviceID = {.id={0}};
1623 // Retrieve Device ID from doxm resource
1624 if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
1626 OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
1630 if (result_length < sizeof(deviceID.id))
1632 OIC_LOG (ERROR, TAG, "Wrong value for result_length");
1635 memcpy(result, deviceID.id, sizeof(deviceID.id));
1636 return (sizeof(deviceID.id));
1640 case CA_DTLS_PSK_KEY:
1642 OicSecCred_t *cred = NULL;
1643 LL_FOREACH(gCred, cred)
1645 if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
1650 if ((desc_len == sizeof(cred->subject.id)) &&
1651 (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
1654 * If the credentials are valid for limited time,
1655 * check their expiry.
1659 if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
1661 OIC_LOG (INFO, TAG, "Credentials are expired.");
1667 // TODO: Added as workaround. Will be replaced soon.
1668 if(OIC_ENCODING_RAW == cred->privateData.encoding)
1670 ret = cred->privateData.len;
1671 memcpy(result, cred->privateData.data, ret);
1673 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
1675 size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
1676 uint8_t* outKey = OICCalloc(1, outBufSize);
1677 uint32_t outKeySize;
1680 OIC_LOG (ERROR, TAG, "Failed to memoray allocation.");
1684 if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
1686 memcpy(result, outKey, outKeySize);
1691 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
1705 OIC_LOG (ERROR, TAG, "Wrong value passed for CADtlsPskCredType_t.");
1714 * Add temporal PSK to PIN based OxM
1716 * @param[in] tmpSubject UUID of target device
1717 * @param[in] credType Type of credential to be added
1718 * @param[in] pin numeric characters
1719 * @param[in] pinSize length of 'pin'
1720 * @param[in] rownerID Resource owner's UUID
1721 * @param[out] tmpCredSubject Generated credential's subject.
1723 * @return OC_STACK_OK for success and errorcode otherwise.
1725 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
1726 const char * pin, size_t pinSize,
1727 const OicUuid_t * rownerID, OicUuid_t* tmpCredSubject)
1729 OCStackResult ret = OC_STACK_ERROR;
1730 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN IN");
1732 if(NULL == tmpSubject || NULL == pin || 0 == pinSize || NULL == tmpCredSubject)
1734 return OC_STACK_INVALID_PARAM;
1737 uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
1738 OicSecKey_t privKey = {privData, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
1739 OicSecCred_t* cred = NULL;
1740 int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, rownerID->id,
1741 UUID_LENGTH, PBKDF_ITERATIONS,
1742 OWNER_PSK_LENGTH_128, privData);
1743 VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
1745 cred = GenerateCredential(tmpSubject, credType, NULL,
1746 &privKey, rownerID);
1749 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
1750 return OC_STACK_ERROR;
1753 memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
1755 ret = AddCredential(cred);
1756 if( OC_STACK_OK != ret)
1758 RemoveCredential(tmpSubject);
1759 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
1761 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT");
1767 #endif /* __WITH_DTLS__ */
1768 #ifdef __WITH_X509__
1769 #define CERT_LEN_PREFIX (3)
1770 #define BYTE_SIZE (8) //bits
1771 #define PUB_KEY_X_COORD ("x")
1772 #define PUB_KEY_Y_COORD ("y")
1773 #define CERTIFICATE ("x5c")
1774 #define PRIVATE_KEY ("d")
1776 static uint32_t parseCertPrefix(uint8_t *prefix)
1781 for (int i = 0; i < CERT_LEN_PREFIX; ++i)
1783 res |= (((uint32_t) prefix[i]) << ((CERT_LEN_PREFIX - 1 -i) * BYTE_SIZE));
1789 static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo)
1791 OCStackResult ret = OC_STACK_ERROR;
1792 uint8_t *ccPtr = credInfo->certificateChain;
1793 for (uint8_t i = 0; i < credInfo->chainLen - 1; ++i)
1795 ccPtr += CERT_LEN_PREFIX + parseCertPrefix(ccPtr);
1798 ByteArray cert = { .data = ccPtr + CERT_LEN_PREFIX, .len = parseCertPrefix(ccPtr) };
1799 CertificateX509 certStruct;
1801 VERIFY_SUCCESS(TAG, PKI_SUCCESS == DecodeCertificate(cert, &certStruct), ERROR);
1803 INC_BYTE_ARRAY(certStruct.pubKey, 2);
1805 memcpy(credInfo->rootPublicKeyX, certStruct.pubKey.data, PUBLIC_KEY_SIZE / 2);
1806 memcpy(credInfo->rootPublicKeyY, certStruct.pubKey.data + PUBLIC_KEY_SIZE / 2, PUBLIC_KEY_SIZE / 2);
1813 int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
1816 VERIFY_NON_NULL(TAG, credInfo, ERROR);
1819 VERIFY_SUCCESS(TAG, OC_STACK_OK == InitCredResource(), ERROR);
1822 OicSecCred_t *cred = NULL;
1823 LL_SEARCH_SCALAR(gCred, cred, credType, SIGNED_ASYMMETRIC_KEY);
1824 VERIFY_NON_NULL(TAG, cred, ERROR);
1826 if (cred->publicData.len > MAX_CERT_MESSAGE_LEN || cred->privateData.len > PRIVATE_KEY_SIZE)
1830 credInfo->chainLen = 2;
1831 memcpy(credInfo->certificateChain, cred->publicData.data, cred->publicData.len);
1832 memcpy(credInfo->devicePrivateKey, cred->privateData.data, cred->privateData.len);
1833 credInfo->certificateChainLen = cred->publicData.len;
1834 GetCAPublicKeyData(credInfo);
1841 #undef CERT_LEN_PREFIX
1842 #endif /* __WITH_X509__ */
1844 OCStackResult SetCredRownerId(const OicUuid_t* newROwner)
1846 OCStackResult ret = OC_STACK_ERROR;
1847 uint8_t *cborPayload = NULL;
1850 OicUuid_t prevId = {.id={0}};
1852 if(NULL == newROwner)
1854 ret = OC_STACK_INVALID_PARAM;
1858 ret = OC_STACK_NO_RESOURCE;
1861 if(newROwner && gCred)
1863 memcpy(prevId.id, gCred->rownerID.id, sizeof(prevId.id));
1864 memcpy(gCred->rownerID.id, newROwner->id, sizeof(newROwner->id));
1866 ret = CredToCBORPayload(gCred, &cborPayload, &size, secureFlag);
1867 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1869 ret = UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, cborPayload, size);
1870 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1872 OICFree(cborPayload);
1878 OICFree(cborPayload);
1879 memcpy(gCred->rownerID.id, prevId.id, sizeof(prevId.id));
1883 OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
1885 OCStackResult retVal = OC_STACK_ERROR;
1888 *rowneruuid = gCred->rownerID;
1889 retVal = OC_STACK_OK;
1895 OCStackResult AddCA(OicSecCert_t * cert)
1897 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
1898 OCStackResult ret = OC_STACK_ERROR;
1899 if (NULL == cert || NULL == cert->data)
1901 return OC_STACK_INVALID_PARAM;
1905 ret = GetCredRownerId(&rowner);
1906 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1907 ret = ConvertStrToUuid(CA_SUBJECT_ID, &subject);
1908 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
1910 OicSecCred_t * cred = GetCredResourceData(&subject);
1913 //Generating new credential for CA
1914 cred = GenerateCredential(&subject, SIGNED_ASYMMETRIC_KEY, cert, NULL, &rowner);
1915 VERIFY_NON_NULL(TAG, cred, ERROR);
1916 return AddCredential(cred);
1919 uint8_t * tempData = OICRealloc(cred->publicData.data, cred->publicData.len + cert->len);
1920 if (NULL == tempData)
1922 return OC_STACK_NO_MEMORY;
1925 memcpy(tempData + cred->publicData.len, cert->data, cert->len);
1926 cred->publicData.data = tempData;
1927 cred->publicData.len += cert->len;
1929 if (UpdatePersistentStorage(gCred))
1935 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
1938 // TODO for testing only
1940 const unsigned char ca_cert[] = {
1942 0x30, 0x82, 0x02, 0xFE, 0x30, 0x82, 0x01, 0xE6, 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A,
1943 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09,
1944 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
1945 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21,
1946 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x18, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65,
1947 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4C, 0x74,
1948 0x64, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x36, 0x32, 0x38, 0x30, 0x35, 0x33, 0x33, 0x35,
1949 0x38, 0x5A, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x36, 0x32, 0x36, 0x30, 0x35, 0x33, 0x33, 0x35, 0x38,
1950 0x5A, 0x30, 0x45, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x41, 0x55,
1951 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x53, 0x6F, 0x6D, 0x65, 0x2D,
1952 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x18,
1953 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, 0x69, 0x74, 0x73,
1954 0x20, 0x50, 0x74, 0x79, 0x20, 0x4C, 0x74, 0x64, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09,
1955 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00,
1956 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xB5, 0x1C, 0x79, 0x1F, 0x30, 0x6F, 0x5C,
1957 0x04, 0x9E, 0xD9, 0x78, 0x22, 0x01, 0x29, 0xEE, 0xE9, 0x4A, 0x3A, 0x69, 0xB6, 0xF8, 0xBE, 0x87,
1958 0x3A, 0x5D, 0x57, 0xBD, 0x96, 0xEE, 0xCC, 0xE9, 0x58, 0x39, 0x53, 0x41, 0xD5, 0x1A, 0x47, 0x12,
1959 0x8B, 0xF5, 0xAA, 0x0D, 0xC5, 0xBC, 0xAE, 0x17, 0x93, 0x8B, 0xF3, 0x10, 0x10, 0xF6, 0xCD, 0xBC,
1960 0x22, 0xA2, 0x31, 0x74, 0xF5, 0xBB, 0x5F, 0x72, 0x40, 0x9A, 0x42, 0xE2, 0x83, 0x33, 0x02, 0xA3,
1961 0x6C, 0x6D, 0x5C, 0x7C, 0xFF, 0x3B, 0x2B, 0xE8, 0x99, 0x4E, 0x9F, 0x86, 0x26, 0xE7, 0x79, 0x0C,
1962 0x39, 0x0D, 0xEF, 0xA2, 0x52, 0x80, 0xFA, 0xF3, 0x37, 0x46, 0xFB, 0xF9, 0x35, 0x35, 0xC0, 0x16,
1963 0xC7, 0x1F, 0x95, 0x10, 0x03, 0x30, 0xE1, 0xFB, 0xD9, 0xBD, 0x84, 0x95, 0x11, 0x0D, 0x5A, 0x28,
1964 0x59, 0xE3, 0xB6, 0xB4, 0x3C, 0xA3, 0xA6, 0x5F, 0x7B, 0x9F, 0x8C, 0x45, 0x3B, 0xC1, 0xAB, 0xE1,
1965 0xB4, 0xFA, 0x3C, 0x19, 0x58, 0x91, 0x28, 0x29, 0xBA, 0x71, 0x20, 0xFA, 0x4D, 0x58, 0xF1, 0xB1,
1966 0x01, 0x5D, 0x7B, 0xB4, 0x4A, 0x5E, 0xFA, 0x58, 0x36, 0xEE, 0x31, 0x18, 0x0D, 0x81, 0xB5, 0x41,
1967 0x48, 0x8B, 0xD9, 0x31, 0xBC, 0xD1, 0x98, 0xD0, 0x40, 0xBF, 0x79, 0x3A, 0x31, 0x13, 0x61, 0xFF,
1968 0x04, 0x23, 0x1A, 0x2A, 0xAC, 0xA1, 0xEF, 0x1C, 0x2B, 0xC3, 0x8A, 0x7D, 0x33, 0x75, 0xDF, 0x84,
1969 0xA8, 0xF3, 0x74, 0x63, 0xE4, 0x61, 0x92, 0x5D, 0xCF, 0x62, 0x8C, 0x56, 0x9B, 0xB7, 0x7C, 0xCF,
1970 0x4A, 0x75, 0x98, 0x3E, 0xE5, 0x73, 0x03, 0x8C, 0xBF, 0x2D, 0x4A, 0x80, 0x48, 0x2D, 0x27, 0xB4,
1971 0x87, 0xCB, 0x40, 0xF6, 0x48, 0x85, 0xBF, 0x29, 0xA0, 0xE8, 0xC7, 0xF9, 0x11, 0x3C, 0x2D, 0x4F,
1972 0x92, 0xC1, 0x5E, 0x01, 0x2D, 0x81, 0xD1, 0x9F, 0x73, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0D,
1973 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01,
1974 0x01, 0x00, 0x0B, 0x47, 0x8E, 0x29, 0x8C, 0xCB, 0x05, 0xE7, 0xF3, 0xDD, 0xC8, 0x7E, 0xED, 0x6F,
1975 0xB4, 0xD9, 0xCB, 0xF4, 0x84, 0xCC, 0xA5, 0x08, 0x6C, 0x1C, 0x09, 0x60, 0xD5, 0x00, 0x55, 0x13,
1976 0x28, 0xC6, 0x64, 0xB2, 0x23, 0x52, 0x03, 0x21, 0xB1, 0x69, 0x63, 0x57, 0x04, 0xC2, 0xD4, 0xF7,
1977 0x41, 0xAC, 0xEE, 0xD5, 0xD0, 0x49, 0x58, 0x6D, 0xE5, 0x7E, 0x2C, 0xA6, 0x06, 0xC0, 0x39, 0x3A,
1978 0x7E, 0x30, 0x49, 0xA2, 0x00, 0x8B, 0x81, 0x98, 0x94, 0xC3, 0x5F, 0x05, 0xF1, 0x38, 0xC7, 0x0B,
1979 0xFA, 0x83, 0xB2, 0x85, 0x84, 0xB2, 0x6D, 0x62, 0x07, 0x82, 0x9C, 0x4D, 0x99, 0x24, 0xD2, 0x79,
1980 0xBF, 0xDA, 0xF8, 0x9D, 0x1C, 0xAD, 0x13, 0x30, 0xBC, 0xC2, 0xA2, 0x14, 0x7B, 0xD7, 0xFB, 0xCD,
1981 0x29, 0x2D, 0xAB, 0xB6, 0x24, 0x03, 0x60, 0x62, 0x9E, 0xF4, 0x4C, 0xE3, 0x35, 0x23, 0xB7, 0x1A,
1982 0x50, 0x96, 0x91, 0x54, 0xD8, 0xB4, 0x93, 0x61, 0x00, 0xB6, 0xBF, 0x05, 0xF0, 0xF3, 0x6B, 0x99,
1983 0x1E, 0x46, 0x4C, 0x26, 0x95, 0xD2, 0x58, 0x86, 0x5C, 0x78, 0xAD, 0x01, 0xF9, 0xC9, 0x54, 0x67,
1984 0xB7, 0x99, 0x3C, 0xEE, 0xF8, 0xD7, 0xD2, 0x1E, 0xE6, 0xF0, 0xCC, 0xC8, 0xC2, 0x20, 0x1B, 0xDA,
1985 0xCF, 0xDB, 0xF5, 0x70, 0x65, 0x33, 0x51, 0x6E, 0x17, 0x1D, 0xC5, 0xC5, 0xC5, 0x63, 0x06, 0x5E,
1986 0xCA, 0xB5, 0x40, 0x14, 0xEE, 0xDC, 0x14, 0xF2, 0xFE, 0x4B, 0x7A, 0x78, 0xD6, 0x0D, 0x21, 0xF5,
1987 0x0F, 0x58, 0xE7, 0x2A, 0x26, 0x54, 0x52, 0xCA, 0x60, 0xA2, 0xF8, 0x68, 0xB0, 0xF4, 0x6A, 0x9B,
1988 0x11, 0x8D, 0x5E, 0x57, 0x5A, 0x5F, 0x51, 0x3E, 0x44, 0x99, 0xB1, 0x76, 0xDA, 0x94, 0x56, 0x0E,
1989 0x1C, 0xA3, 0xFC, 0xE3, 0x01, 0xB4, 0xD8, 0xEC, 0x2F, 0xBB, 0x65, 0x82, 0x19, 0x06, 0x8E, 0x3A,
1993 0x30, 0x82, 0x03, 0x54, 0x30, 0x82, 0x02, 0x3c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x02,
1994 0x34, 0x56, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
1995 0x00, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
1996 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47, 0x65, 0x6f, 0x54, 0x72,
1997 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04,
1998 0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x47, 0x6c, 0x6f, 0x62,
1999 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x32, 0x30, 0x35, 0x32, 0x31, 0x30,
2000 0x34, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x35, 0x32, 0x31, 0x30, 0x34,
2001 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30, 0x42, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
2002 0x13, 0x02, 0x55, 0x53, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0d, 0x47,
2003 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1b, 0x30, 0x19,
2004 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20,
2005 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
2006 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
2007 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0xcc, 0x18, 0x63, 0x30, 0xfd,
2008 0xf4, 0x17, 0x23, 0x1a, 0x56, 0x7e, 0x5b, 0xdf, 0x3c, 0x6c, 0x38, 0xe4, 0x71, 0xb7, 0x78, 0x91,
2009 0xd4, 0xbc, 0xa1, 0xd8, 0x4c, 0xf8, 0xa8, 0x43, 0xb6, 0x03, 0xe9, 0x4d, 0x21, 0x07, 0x08, 0x88,
2010 0xda, 0x58, 0x2f, 0x66, 0x39, 0x29, 0xbd, 0x05, 0x78, 0x8b, 0x9d, 0x38, 0xe8, 0x05, 0xb7, 0x6a,
2011 0x7e, 0x71, 0xa4, 0xe6, 0xc4, 0x60, 0xa6, 0xb0, 0xef, 0x80, 0xe4, 0x89, 0x28, 0x0f, 0x9e, 0x25,
2012 0xd6, 0xed, 0x83, 0xf3, 0xad, 0xa6, 0x91, 0xc7, 0x98, 0xc9, 0x42, 0x18, 0x35, 0x14, 0x9d, 0xad,
2013 0x98, 0x46, 0x92, 0x2e, 0x4f, 0xca, 0xf1, 0x87, 0x43, 0xc1, 0x16, 0x95, 0x57, 0x2d, 0x50, 0xef,
2014 0x89, 0x2d, 0x80, 0x7a, 0x57, 0xad, 0xf2, 0xee, 0x5f, 0x6b, 0xd2, 0x00, 0x8d, 0xb9, 0x14, 0xf8,
2015 0x14, 0x15, 0x35, 0xd9, 0xc0, 0x46, 0xa3, 0x7b, 0x72, 0xc8, 0x91, 0xbf, 0xc9, 0x55, 0x2b, 0xcd,
2016 0xd0, 0x97, 0x3e, 0x9c, 0x26, 0x64, 0xcc, 0xdf, 0xce, 0x83, 0x19, 0x71, 0xca, 0x4e, 0xe6, 0xd4,
2017 0xd5, 0x7b, 0xa9, 0x19, 0xcd, 0x55, 0xde, 0xc8, 0xec, 0xd2, 0x5e, 0x38, 0x53, 0xe5, 0x5c, 0x4f,
2018 0x8c, 0x2d, 0xfe, 0x50, 0x23, 0x36, 0xfc, 0x66, 0xe6, 0xcb, 0x8e, 0xa4, 0x39, 0x19, 0x00, 0xb7,
2019 0x95, 0x02, 0x39, 0x91, 0x0b, 0x0e, 0xfe, 0x38, 0x2e, 0xd1, 0x1d, 0x05, 0x9a, 0xf6, 0x4d, 0x3e,
2020 0x6f, 0x0f, 0x07, 0x1d, 0xaf, 0x2c, 0x1e, 0x8f, 0x60, 0x39, 0xe2, 0xfa, 0x36, 0x53, 0x13, 0x39,
2021 0xd4, 0x5e, 0x26, 0x2b, 0xdb, 0x3d, 0xa8, 0x14, 0xbd, 0x32, 0xeb, 0x18, 0x03, 0x28, 0x52, 0x04,
2022 0x71, 0xe5, 0xab, 0x33, 0x3d, 0xe1, 0x38, 0xbb, 0x07, 0x36, 0x84, 0x62, 0x9c, 0x79, 0xea, 0x16,
2023 0x30, 0xf4, 0x5f, 0xc0, 0x2b, 0xe8, 0x71, 0x6b, 0xe4, 0xf9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
2024 0x53, 0x30, 0x51, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30,
2025 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xc0,
2026 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65, 0xb8,
2027 0xca, 0xcc, 0x4e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
2028 0xc0, 0x7a, 0x98, 0x68, 0x8d, 0x89, 0xfb, 0xab, 0x05, 0x64, 0x0c, 0x11, 0x7d, 0xaa, 0x7d, 0x65,
2029 0xb8, 0xca, 0xcc, 0x4e, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
2030 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x35, 0xe3, 0x29, 0x6a, 0xe5, 0x2f, 0x5d, 0x54,
2031 0x8e, 0x29, 0x50, 0x94, 0x9f, 0x99, 0x1a, 0x14, 0xe4, 0x8f, 0x78, 0x2a, 0x62, 0x94, 0xa2, 0x27,
2032 0x67, 0x9e, 0xd0, 0xcf, 0x1a, 0x5e, 0x47, 0xe9, 0xc1, 0xb2, 0xa4, 0xcf, 0xdd, 0x41, 0x1a, 0x05,
2033 0x4e, 0x9b, 0x4b, 0xee, 0x4a, 0x6f, 0x55, 0x52, 0xb3, 0x24, 0xa1, 0x37, 0x0a, 0xeb, 0x64, 0x76,
2034 0x2a, 0x2e, 0x2c, 0xf3, 0xfd, 0x3b, 0x75, 0x90, 0xbf, 0xfa, 0x71, 0xd8, 0xc7, 0x3d, 0x37, 0xd2,
2035 0xb5, 0x05, 0x95, 0x62, 0xb9, 0xa6, 0xde, 0x89, 0x3d, 0x36, 0x7b, 0x38, 0x77, 0x48, 0x97, 0xac,
2036 0xa6, 0x20, 0x8f, 0x2e, 0xa6, 0xc9, 0x0c, 0xc2, 0xb2, 0x99, 0x45, 0x00, 0xc7, 0xce, 0x11, 0x51,
2037 0x22, 0x22, 0xe0, 0xa5, 0xea, 0xb6, 0x15, 0x48, 0x09, 0x64, 0xea, 0x5e, 0x4f, 0x74, 0xf7, 0x05,
2038 0x3e, 0xc7, 0x8a, 0x52, 0x0c, 0xdb, 0x15, 0xb4, 0xbd, 0x6d, 0x9b, 0xe5, 0xc6, 0xb1, 0x54, 0x68,
2039 0xa9, 0xe3, 0x69, 0x90, 0xb6, 0x9a, 0xa5, 0x0f, 0xb8, 0xb9, 0x3f, 0x20, 0x7d, 0xae, 0x4a, 0xb5,
2040 0xb8, 0x9c, 0xe4, 0x1d, 0xb6, 0xab, 0xe6, 0x94, 0xa5, 0xc1, 0xc7, 0x83, 0xad, 0xdb, 0xf5, 0x27,
2041 0x87, 0x0e, 0x04, 0x6c, 0xd5, 0xff, 0xdd, 0xa0, 0x5d, 0xed, 0x87, 0x52, 0xb7, 0x2b, 0x15, 0x02,
2042 0xae, 0x39, 0xa6, 0x6a, 0x74, 0xe9, 0xda, 0xc4, 0xe7, 0xbc, 0x4d, 0x34, 0x1e, 0xa9, 0x5c, 0x4d,
2043 0x33, 0x5f, 0x92, 0x09, 0x2f, 0x88, 0x66, 0x5d, 0x77, 0x97, 0xc7, 0x1d, 0x76, 0x13, 0xa9, 0xd5,
2044 0xe5, 0xf1, 0x16, 0x09, 0x11, 0x35, 0xd5, 0xac, 0xdb, 0x24, 0x71, 0x70, 0x2c, 0x98, 0x56, 0x0b,
2045 0xd9, 0x17, 0xb4, 0xd1, 0xe3, 0x51, 0x2b, 0x5e, 0x75, 0xe8, 0xd5, 0xd0, 0xdc, 0x4f, 0x34, 0xed,
2046 0xc2, 0x05, 0x66, 0x80, 0xa1, 0xcb, 0xe6, 0x33,
2048 0x30, 0x82, 0x01, 0x55, 0x30, 0x81, 0xFB, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30,
2049 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x34, 0x31, 0x32, 0x30,
2050 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x29, 0x75, 0x75, 0x69, 0x64, 0x3A, 0x33, 0x32, 0x33,
2051 0x32, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D,
2052 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33,
2053 0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x32, 0x36, 0x31, 0x34, 0x31, 0x32, 0x32,
2054 0x31, 0x5A, 0x17, 0x0D, 0x31, 0x37, 0x30, 0x31, 0x30, 0x31, 0x32, 0x32, 0x30, 0x30, 0x30, 0x30,
2055 0x5A, 0x30, 0x34, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x29, 0x75, 0x75,
2056 0x69, 0x64, 0x3A, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32,
2057 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x33,
2058 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
2059 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42,
2060 0x00, 0x04, 0x19, 0x1D, 0x6B, 0x4A, 0x12, 0xA7, 0x20, 0xF1, 0x95, 0xC6, 0x6D, 0x2A, 0xD7, 0x3B,
2061 0xFA, 0x90, 0x8C, 0x52, 0xEB, 0x75, 0x67, 0xFF, 0x0A, 0x3F, 0xF2, 0xDF, 0x8D, 0x81, 0x44, 0xC7,
2062 0xC8, 0x84, 0x60, 0xD4, 0x07, 0x57, 0xB1, 0x96, 0xAF, 0x5E, 0x00, 0xA5, 0xED, 0xA1, 0x48, 0x3F,
2063 0x88, 0x43, 0x8D, 0x15, 0x81, 0x0A, 0x21, 0x9B, 0x6C, 0xD3, 0xBD, 0x85, 0x86, 0xE1, 0xA6, 0xDA,
2064 0xC5, 0xCE, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49,
2065 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF7, 0x8E, 0x43, 0x19, 0xD2, 0x86, 0xF9, 0x21, 0x84, 0x66,
2066 0x23, 0x4B, 0x18, 0x7C, 0x56, 0x18, 0x37, 0x48, 0xDF, 0x16, 0x3B, 0x70, 0x52, 0x26, 0x62, 0xB3,
2067 0xAA, 0xD8, 0x3D, 0xE9, 0x43, 0xC3, 0x02, 0x21, 0x00, 0xD0, 0x16, 0xA4, 0x33, 0x7A, 0xE3, 0x7C,
2068 0x62, 0x88, 0x88, 0x7B, 0x76, 0x99, 0xBF, 0x2D, 0xDF, 0x6C, 0xF5, 0xD0, 0x5F, 0xBE, 0x4B, 0xAE,
2069 0xBA, 0xE5, 0xC0, 0x05, 0x26, 0xBC, 0x8B, 0x20, 0x84
2071 const unsigned char own_cert[] = {
2072 0x30, 0x82, 0x01, 0x55, 0x30, 0x81, 0xFB, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30,
2073 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x34, 0x31, 0x32, 0x30,
2074 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x29, 0x75, 0x75, 0x69, 0x64, 0x3A, 0x33, 0x32, 0x33,
2075 0x32, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D,
2076 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33,
2077 0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x32, 0x36, 0x31, 0x34, 0x31, 0x32, 0x32,
2078 0x31, 0x5A, 0x17, 0x0D, 0x31, 0x37, 0x30, 0x31, 0x30, 0x31, 0x32, 0x32, 0x30, 0x30, 0x30, 0x30,
2079 0x5A, 0x30, 0x34, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x29, 0x75, 0x75,
2080 0x69, 0x64, 0x3A, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32,
2081 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x2D, 0x33, 0x32, 0x33, 0x32, 0x33,
2082 0x32, 0x33, 0x32, 0x33, 0x32, 0x33, 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
2083 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42,
2084 0x00, 0x04, 0x19, 0x1D, 0x6B, 0x4A, 0x12, 0xA7, 0x20, 0xF1, 0x95, 0xC6, 0x6D, 0x2A, 0xD7, 0x3B,
2085 0xFA, 0x90, 0x8C, 0x52, 0xEB, 0x75, 0x67, 0xFF, 0x0A, 0x3F, 0xF2, 0xDF, 0x8D, 0x81, 0x44, 0xC7,
2086 0xC8, 0x84, 0x60, 0xD4, 0x07, 0x57, 0xB1, 0x96, 0xAF, 0x5E, 0x00, 0xA5, 0xED, 0xA1, 0x48, 0x3F,
2087 0x88, 0x43, 0x8D, 0x15, 0x81, 0x0A, 0x21, 0x9B, 0x6C, 0xD3, 0xBD, 0x85, 0x86, 0xE1, 0xA6, 0xDA,
2088 0xC5, 0xCE, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49,
2089 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xF7, 0x8E, 0x43, 0x19, 0xD2, 0x86, 0xF9, 0x21, 0x84, 0x66,
2090 0x23, 0x4B, 0x18, 0x7C, 0x56, 0x18, 0x37, 0x48, 0xDF, 0x16, 0x3B, 0x70, 0x52, 0x26, 0x62, 0xB3,
2091 0xAA, 0xD8, 0x3D, 0xE9, 0x43, 0xC3, 0x02, 0x21, 0x00, 0xD0, 0x16, 0xA4, 0x33, 0x7A, 0xE3, 0x7C,
2092 0x62, 0x88, 0x88, 0x7B, 0x76, 0x99, 0xBF, 0x2D, 0xDF, 0x6C, 0xF5, 0xD0, 0x5F, 0xBE, 0x4B, 0xAE,
2093 0xBA, 0xE5, 0xC0, 0x05, 0x26, 0xBC, 0x8B, 0x20, 0x84
2095 const unsigned char ca_key[] = {
2096 0x30, 0x81, 0x93, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
2097 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x79, 0x30, 0x77, 0x02,
2098 0x01, 0x01, 0x04, 0x20, 0xe9, 0xe4, 0x27, 0xb2, 0x5c, 0xe1, 0xe9, 0xc4, 0x9d, 0x23, 0x55, 0x67,
2099 0x08, 0x66, 0x0c, 0xe5, 0x83, 0xa9, 0xf1, 0xe2, 0x09, 0xfb, 0x89, 0xea, 0xa8, 0xe4, 0x46, 0x6e,
2100 0x76, 0xff, 0x75, 0x02, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
2101 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x19, 0x1d, 0x6b, 0x4a, 0x12, 0xa7, 0x20, 0xf1, 0x95, 0xc6,
2102 0x6d, 0x2a, 0xd7, 0x3b, 0xfa, 0x90, 0x8c, 0x52, 0xeb, 0x75, 0x67, 0xff, 0x0a, 0x3f, 0xf2, 0xdf,
2103 0x8d, 0x81, 0x44, 0xc7, 0xc8, 0x84, 0x60, 0xd4, 0x07, 0x57, 0xb1, 0x96, 0xaf, 0x5e, 0x00, 0xa5,
2104 0xed, 0xa1, 0x48, 0x3f, 0x88, 0x43, 0x8d, 0x15, 0x81, 0x0a, 0x21, 0x9b, 0x6c, 0xd3, 0xbd, 0x85,
2105 0x86, 0xe1, 0xa6, 0xda, 0xc5, 0xce
2108 void GetDerCaCert(ByteArray * crt)
2110 uint8_t *data = NULL;
2111 OCStackResult ret = OC_STACK_ERROR;
2112 OicSecCred_t * cred;
2113 OicSecCred_t * temp = NULL;
2114 OIC_LOG(DEBUG, TAG, "IN GetDerCaCert");
2115 LL_FOREACH(gCred, temp)
2117 if (0==memcmp((temp->credUsage), TRUST_CA, sizeof(TRUST_CA)))
2119 OIC_LOG_V(DEBUG, TAG, "len: %d, crt len: %d", temp->optionalData.len, crt->len);
2120 if(OIC_ENCODING_BASE64 == temp->optionalData.encoding)
2122 size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
2123 uint8 * buf = OICCalloc(1, bufSize);
2126 OIC_LOG(ERROR, TAG, "Failed to allocate memory");
2130 b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize);
2131 crt->data = OICRealloc(crt->data, crt->len + outSize);
2132 memcpy(crt->data + crt->len, buf, outSize);
2133 crt->len += outSize;
2138 crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
2139 memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
2140 crt->len += temp->optionalData.len;
2142 OIC_LOG_V(DEBUG, TAG, "Trust CA Found!! %d", crt->len);
2145 if(!crt->len) OIC_LOG(DEBUG, TAG, "Trust CA Not Found!!");
2150 void GetDerKey(ByteArray * key)
2152 key->data = OICMalloc(sizeof(ca_key));
2153 memcpy(key->data, ca_key, sizeof(ca_key));
2154 key->len = sizeof(ca_key);