1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
21 #define __STDC_LIMIT_MACROS
23 #include "iotivity_config.h"
34 #include "cainterface.h"
35 #include "payload_logging.h"
39 #include "ocserverrequest.h"
40 #include "oic_malloc.h"
41 #include "oic_string.h"
42 #include "ocpayload.h"
43 #include "ocpayloadcbor.h"
45 #include "credresource.h"
46 #include "doxmresource.h"
47 #include "pstatresource.h"
48 #include "iotvticalendar.h"
50 #include "resourcemanager.h"
51 #include "srmresourcestrings.h"
52 #include "srmutility.h"
53 #include "psinterface.h"
54 #include "pinoxmcommon.h"
57 #include <sys/types.h>
67 #define TAG "OIC_SRM_CREDL"
69 /** Max credential types number used for TLS */
71 /** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
72 * The value of payload size is increased until reaching belox max cbor size. */
73 static const uint16_t CBOR_SIZE = 2048;
75 /** Max cbor size payload. */
76 static const uint16_t CBOR_MAX_SIZE = 4400;
78 /** CRED size - Number of mandatory items. */
79 static const uint8_t CRED_ROOT_MAP_SIZE = 4;
80 static const uint8_t CRED_MAP_SIZE = 3;
83 static OicSecCred_t *gCred = NULL;
84 static OCResourceHandle gCredHandle = NULL;
86 typedef enum CredCompareResult{
88 CRED_CMP_NOT_EQUAL = 1,
93 * Internal function to check credential
95 static bool IsVaildCredential(const OicSecCred_t* cred)
97 OicUuid_t emptyUuid = {.id={0}};
100 OIC_LOG(DEBUG, TAG, "IN IsVaildCredential");
102 VERIFY_NON_NULL(TAG, cred, ERROR);
103 VERIFY_SUCCESS(TAG, 0 != cred->credId, ERROR);
104 OIC_LOG_V(DEBUG, TAG, "Cred ID = %d", cred->credId);
106 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
107 OIC_LOG_V(DEBUG, TAG, "Cred Type = %d", cred->credType);
109 switch(cred->credType)
111 case SYMMETRIC_PAIR_WISE_KEY:
112 case SYMMETRIC_GROUP_KEY:
115 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
116 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
117 VERIFY_SUCCESS(TAG, \
118 (OIC_ENCODING_RAW == cred->privateData.encoding || \
119 OIC_ENCODING_BASE64 == cred->privateData.encoding), \
125 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
126 VERIFY_SUCCESS(TAG, 0 != cred->publicData.len, ERROR);
129 case SIGNED_ASYMMETRIC_KEY:
131 VERIFY_SUCCESS(TAG, (NULL != cred->publicData.data ||NULL != cred->optionalData.data) , ERROR);
132 VERIFY_SUCCESS(TAG, (0 != cred->publicData.len || 0 != cred->optionalData.len), ERROR);
134 if(NULL != cred->optionalData.data)
136 VERIFY_SUCCESS(TAG, \
137 (OIC_ENCODING_RAW == cred->optionalData.encoding ||\
138 OIC_ENCODING_BASE64 == cred->optionalData.encoding || \
139 OIC_ENCODING_PEM == cred->optionalData.encoding || \
140 OIC_ENCODING_DER == cred->optionalData.encoding), \
145 case ASYMMETRIC_ENCRYPTION_KEY:
147 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
148 VERIFY_SUCCESS(TAG, 0 != cred->privateData.len, ERROR);
149 VERIFY_SUCCESS(TAG, \
150 (OIC_ENCODING_RAW == cred->privateData.encoding ||\
151 OIC_ENCODING_BASE64 == cred->privateData.encoding || \
152 OIC_ENCODING_PEM == cred->privateData.encoding || \
153 OIC_ENCODING_DER == cred->privateData.encoding), \
159 OIC_LOG(WARNING, TAG, "Unknown credential type");
165 VERIFY_SUCCESS(TAG, 0 != memcmp(emptyUuid.id, cred->subject.id, sizeof(cred->subject.id)), ERROR);
167 OIC_LOG(DEBUG, TAG, "OUT IsVaildCredential");
170 OIC_LOG(WARNING, TAG, "OUT IsVaildCredential : Invalid Credential detected.");
174 static bool IsEmptyCred(const OicSecCred_t* cred)
176 OicUuid_t emptyUuid = {.id={0}};
178 VERIFY_SUCCESS(TAG, (0 == memcmp(cred->subject.id, emptyUuid.id, sizeof(emptyUuid))), ERROR);
179 VERIFY_SUCCESS(TAG, (0 == cred->credId), ERROR);
180 VERIFY_SUCCESS(TAG, (0 == cred->credType), ERROR);
181 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
182 VERIFY_SUCCESS(TAG, (NULL == cred->privateData.data), ERROR);
183 VERIFY_SUCCESS(TAG, (NULL == cred->publicData.data), ERROR);
184 VERIFY_SUCCESS(TAG, (NULL == cred->optionalData.data), ERROR);
185 VERIFY_SUCCESS(TAG, (NULL == cred->credUsage), ERROR);
193 * This function frees OicSecCred_t object's fields and object itself.
195 static void FreeCred(OicSecCred_t *cred)
199 OIC_LOG(ERROR, TAG, "Invalid Parameter");
202 //Note: Need further clarification on roleID data type
205 OICFree(cred->roleIds);
208 //Clean PublicData/OptionalData/Credusage
209 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
210 // TODO: Need to check credUsage.
211 OICFree(cred->publicData.data);
212 OICFree(cred->optionalData.data);
213 OICFree(cred->credUsage);
215 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
218 OICFree(cred->privateData.data);
221 OICFree(cred->period);
223 #ifdef _ENABLE_MULTIPLE_OWNER_
225 OICFree(cred->eownerID);
228 //Clean Cred node itself
232 void DeleteCredList(OicSecCred_t* cred)
236 OicSecCred_t *credTmp1 = NULL, *credTmp2 = NULL;
237 LL_FOREACH_SAFE(cred, credTmp1, credTmp2)
239 LL_DELETE(cred, credTmp1);
245 size_t GetCredKeyDataSize(const OicSecCred_t* cred)
250 OicSecCred_t *credPtr = NULL, *credTmp = NULL;
251 LL_FOREACH_SAFE((OicSecCred_t*)cred, credPtr, credTmp)
253 if (credPtr->privateData.data && 0 < credPtr->privateData.len)
255 size += credPtr->privateData.len;
257 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
258 if (credPtr->publicData.data && 0 < credPtr->publicData.len)
260 size += credPtr->publicData.len;
262 if (credPtr->optionalData.data && 0 < credPtr->optionalData.len)
264 size += credPtr->optionalData.len;
269 OIC_LOG_V(DEBUG, TAG, "Cred Key Data Size : %zd\n", size);
273 static size_t OicSecCredCount(const OicSecCred_t *secCred)
276 for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
283 OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
284 size_t *cborSize, int secureFlag)
286 if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
288 return OC_STACK_INVALID_PARAM;
291 OCStackResult ret = OC_STACK_ERROR;
293 CborError cborEncoderResult = CborNoError;
294 uint8_t *outPayload = NULL;
295 size_t cborLen = *cborSize;
298 const OicSecCred_t *cred = credS;
300 CborEncoder credArray;
301 CborEncoder credRootMap;
308 outPayload = (uint8_t *)OICCalloc(1, cborLen);
309 VERIFY_NON_NULL(TAG, outPayload, ERROR);
310 cbor_encoder_init(&encoder, outPayload, cborLen, 0);
312 // Create CRED Root Map (creds, rownerid)
313 cborEncoderResult = cbor_encoder_create_map(&encoder, &credRootMap, CRED_ROOT_MAP_SIZE);
314 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Root Map");
317 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_CREDS_NAME,
318 strlen(OIC_JSON_CREDS_NAME));
319 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding creds Name Tag.");
322 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &credArray, OicSecCredCount(cred));
323 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Array.");
328 size_t mapSize = CRED_MAP_SIZE;
335 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
336 #ifdef _ENABLE_MULTIPLE_OWNER_
341 #endif //_ENABLE_MULTIPLE_OWNER_
343 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
347 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
355 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
356 if (!secureFlag && cred->privateData.data)
360 cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
361 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
363 //CredID -- Mandatory
364 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
365 strlen(OIC_JSON_CREDID_NAME));
366 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
367 cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
368 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
370 //Subject -- Mandatory
371 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECTID_NAME,
372 strlen(OIC_JSON_SUBJECTID_NAME));
373 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
374 inLen = (memcmp(&(cred->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN) == 0) ?
375 WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
376 if(inLen == WILDCARD_SUBJECT_ID_LEN)
378 cborEncoderResult = cbor_encode_text_string(&credMap, WILDCARD_RESOURCE_URI,
379 strlen(WILDCARD_RESOURCE_URI));
380 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
384 char *subject = NULL;
385 ret = ConvertUuidToStr(&cred->subject, &subject);
386 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
387 cborEncoderResult = cbor_encode_text_string(&credMap, subject, strlen(subject));
388 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
392 //CredType -- Mandatory
393 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
394 strlen(OIC_JSON_CREDTYPE_NAME));
395 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
396 cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
397 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
399 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
400 //PublicData -- Not Mandatory
401 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data)
403 CborEncoder publicMap;
404 const size_t publicMapSize = 2;
406 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PUBLICDATA_NAME,
407 strlen(OIC_JSON_PUBLICDATA_NAME));
408 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Tag.");
410 cborEncoderResult = cbor_encoder_create_map(&credMap, &publicMap, publicMapSize);
411 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PublicData Map");
413 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_DATA_NAME,
414 strlen(OIC_JSON_DATA_NAME));
415 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Data Tag.");
416 cborEncoderResult = cbor_encode_byte_string(&publicMap, cred->publicData.data,
417 cred->publicData.len);
418 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Pub Value.");
420 // TODO: Need to data strucure modification for OicSecCert_t.
421 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_JSON_ENCODING_NAME,
422 strlen(OIC_JSON_ENCODING_NAME));
423 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Tag.");
424 cborEncoderResult = cbor_encode_text_string(&publicMap, OIC_SEC_ENCODING_DER,
425 strlen(OIC_SEC_ENCODING_DER));
426 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Encoding Value.");
428 cborEncoderResult = cbor_encoder_close_container(&credMap, &publicMap);
429 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PublicData Map.");
431 //OptionalData -- Not Mandatory
432 if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->optionalData.data)
434 CborEncoder optionalMap;
435 const size_t optionalMapSize = 2;
437 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OPTDATA_NAME,
438 strlen(OIC_JSON_OPTDATA_NAME));
439 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Tag.");
441 cborEncoderResult = cbor_encoder_create_map(&credMap, &optionalMap, optionalMapSize);
442 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding OptionalData Map");
444 // TODO: Need to data strucure modification for OicSecCert_t.
445 if(OIC_ENCODING_RAW == cred->optionalData.encoding)
447 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
448 strlen(OIC_JSON_ENCODING_NAME));
449 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
450 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_RAW,
451 strlen(OIC_SEC_ENCODING_RAW));
452 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
454 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
455 strlen(OIC_JSON_DATA_NAME));
456 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
457 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
458 cred->optionalData.len);
459 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
461 else if(OIC_ENCODING_BASE64 == cred->optionalData.encoding)
463 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
464 strlen(OIC_JSON_ENCODING_NAME));
465 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
466 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_BASE64,
467 strlen(OIC_SEC_ENCODING_BASE64));
468 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
470 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
471 strlen(OIC_JSON_DATA_NAME));
472 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
473 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
474 cred->optionalData.len);
475 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
477 else if(OIC_ENCODING_PEM == cred->optionalData.encoding)
479 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
480 strlen(OIC_JSON_ENCODING_NAME));
481 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
482 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_PEM,
483 strlen(OIC_SEC_ENCODING_PEM));
484 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
486 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
487 strlen(OIC_JSON_DATA_NAME));
488 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
489 cborEncoderResult = cbor_encode_text_string(&optionalMap, (char*)(cred->optionalData.data),
490 cred->optionalData.len);
491 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
493 else if(OIC_ENCODING_DER == cred->optionalData.encoding)
495 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_ENCODING_NAME,
496 strlen(OIC_JSON_ENCODING_NAME));
497 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Tag.");
498 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_SEC_ENCODING_DER,
499 strlen(OIC_SEC_ENCODING_DER));
500 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Encoding Value.");
502 cborEncoderResult = cbor_encode_text_string(&optionalMap, OIC_JSON_DATA_NAME,
503 strlen(OIC_JSON_DATA_NAME));
504 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Tag.");
505 cborEncoderResult = cbor_encode_byte_string(&optionalMap, cred->optionalData.data,
506 cred->optionalData.len);
507 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding optional Value.");
511 OIC_LOG(ERROR, TAG, "Unknown encoding type for optional data.");
512 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding optional Encoding Value.");
515 cborEncoderResult = cbor_encoder_close_container(&credMap, &optionalMap);
516 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing OptionalData Map.");
518 //CredUsage -- Not Mandatory
521 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDUSAGE_NAME,
522 strlen(OIC_JSON_CREDUSAGE_NAME));
523 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Tag.");
524 cborEncoderResult = cbor_encode_text_string(&credMap, cred->credUsage,
525 strlen(cred->credUsage));
526 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Credusage Name Value.");
528 #endif /* __WITH_DTLS__ || __WITH_TLS__*/
529 //PrivateData -- Not Mandatory
530 if(!secureFlag && cred->privateData.data)
532 CborEncoder privateMap;
533 const size_t privateMapSize = 2;
535 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PRIVATEDATA_NAME,
536 strlen(OIC_JSON_PRIVATEDATA_NAME));
537 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Tag.");
539 cborEncoderResult = cbor_encoder_create_map(&credMap, &privateMap, privateMapSize);
540 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding PrivateData Map");
542 // TODO: Need to data strucure modification for OicSecKey_t.
543 // TODO: Added as workaround, will be replaced soon.
544 if(OIC_ENCODING_RAW == cred->privateData.encoding)
546 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
547 strlen(OIC_JSON_ENCODING_NAME));
548 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
549 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_RAW,
550 strlen(OIC_SEC_ENCODING_RAW));
551 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
553 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
554 strlen(OIC_JSON_DATA_NAME));
555 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
556 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
557 cred->privateData.len);
558 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
560 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
562 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
563 strlen(OIC_JSON_ENCODING_NAME));
564 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
565 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_BASE64,
566 strlen(OIC_SEC_ENCODING_BASE64));
567 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
569 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
570 strlen(OIC_JSON_DATA_NAME));
571 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
572 cborEncoderResult = cbor_encode_text_string(&privateMap, (char*)(cred->privateData.data),
573 cred->privateData.len);
574 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
576 else if(OIC_ENCODING_DER == cred->privateData.encoding)
578 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_ENCODING_NAME,
579 strlen(OIC_JSON_ENCODING_NAME));
580 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Tag.");
581 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_SEC_ENCODING_DER,
582 strlen(OIC_SEC_ENCODING_DER));
583 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Encoding Value.");
585 cborEncoderResult = cbor_encode_text_string(&privateMap, OIC_JSON_DATA_NAME,
586 strlen(OIC_JSON_DATA_NAME));
587 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Tag.");
588 cborEncoderResult = cbor_encode_byte_string(&privateMap, cred->privateData.data,
589 cred->privateData.len);
590 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Priv Value.");
594 OIC_LOG(ERROR, TAG, "Unknown encoding type for private data.");
595 VERIFY_CBOR_SUCCESS(TAG, CborErrorUnknownType, "Failed Adding Private Encoding Value.");
598 cborEncoderResult = cbor_encoder_close_container(&credMap, &privateMap);
599 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing PrivateData Map.");
602 //Period -- Not Mandatory
605 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
606 strlen(OIC_JSON_PERIOD_NAME));
607 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
608 cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
609 strlen(cred->period));
610 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
613 #ifdef _ENABLE_MULTIPLE_OWNER_
614 // Eownerid -- Not Mandatory
618 cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_EOWNERID_NAME,
619 strlen(OIC_JSON_EOWNERID_NAME));
620 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Name Tag.");
621 ret = ConvertUuidToStr(cred->eownerID, &eowner);
622 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
623 cborEncoderResult = cbor_encode_text_string(&credMap, eowner, strlen(eowner));
624 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
627 #endif //_ENABLE_MULTIPLE_OWNER_
629 cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
630 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
634 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &credArray);
635 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
642 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_ROWNERID_NAME,
643 strlen(OIC_JSON_ROWNERID_NAME));
644 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
645 ret = ConvertUuidToStr(&cred->rownerID, &rowner);
646 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
647 cborEncoderResult = cbor_encode_text_string(&credRootMap, rowner, strlen(rowner));
648 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
654 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_RT_NAME,
655 strlen(OIC_JSON_RT_NAME));
656 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
657 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &rtArray, 1);
658 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
659 for (size_t i = 0; i < 1; i++)
661 cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_CRED,
662 strlen(OIC_RSRC_TYPE_SEC_CRED));
663 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
665 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &rtArray);
666 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
670 cborEncoderResult = cbor_encode_text_string(&credRootMap, OIC_JSON_IF_NAME,
671 strlen(OIC_JSON_IF_NAME));
672 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
673 cborEncoderResult = cbor_encoder_create_array(&credRootMap, &ifArray, 1);
674 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
675 for (size_t i = 0; i < 1; i++)
677 cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
678 strlen(OC_RSRVD_INTERFACE_DEFAULT));
679 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
681 cborEncoderResult = cbor_encoder_close_container(&credRootMap, &ifArray);
682 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
685 // Close CRED Root Map
686 cborEncoderResult = cbor_encoder_close_container(&encoder, &credRootMap);
687 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing CRED Root Map.");
689 if (CborNoError == cborEncoderResult)
691 OIC_LOG(DEBUG, TAG, "CredToCBORPayload Successed");
692 *cborPayload = outPayload;
693 *cborSize = cbor_encoder_get_buffer_size(&encoder, outPayload);
696 OIC_LOG(DEBUG, TAG, "CredToCBORPayload OUT");
698 if (CborErrorOutOfMemory == cborEncoderResult)
700 OIC_LOG(DEBUG, TAG, "CredToCBORPayload:CborErrorOutOfMemory : retry with more memory");
701 // reallocate and try again!
703 // Since the allocated initial memory failed, double the memory.
704 cborLen += cbor_encoder_get_buffer_size(&encoder, encoder.end);
705 cborEncoderResult = CborNoError;
706 ret = CredToCBORPayload(credS, cborPayload, &cborLen, secureFlag);
710 if (CborNoError != cborEncoderResult)
712 OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
717 ret = OC_STACK_ERROR;
723 OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
724 OicSecCred_t **secCred)
726 if (NULL == cborPayload || NULL == secCred || NULL != *secCred || 0 == size)
728 return OC_STACK_INVALID_PARAM;
731 OCStackResult ret = OC_STACK_ERROR;
732 CborValue credCbor = { .parser = NULL };
733 CborParser parser = { .end = NULL };
734 CborError cborFindResult = CborNoError;
735 cbor_parser_init(cborPayload, size, 0, &parser, &credCbor);
737 OicSecCred_t *headCred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
739 // Enter CRED Root Map
740 CborValue CredRootMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
741 cborFindResult = cbor_value_enter_container(&credCbor, &CredRootMap);
742 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering CRED Root Map.");
744 while (cbor_value_is_valid(&CredRootMap))
746 char* tagName = NULL;
748 CborType type = cbor_value_get_type(&CredRootMap);
749 if (type == CborTextStringType && cbor_value_is_text_string(&CredRootMap))
751 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &tagName, &len, NULL);
752 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Root Map.");
753 cborFindResult = cbor_value_advance(&CredRootMap);
754 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Root Map.");
758 if (strcmp(tagName, OIC_JSON_CREDS_NAME) == 0)
763 CborValue credArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
764 cborFindResult = cbor_value_enter_container(&CredRootMap, &credArray);
765 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
767 while (cbor_value_is_valid(&credArray))
770 //CredId -- Mandatory
771 CborValue credMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
772 cborFindResult = cbor_value_enter_container(&credArray, &credMap);
773 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
774 OicSecCred_t *cred = NULL;
782 cred = (OicSecCred_t *) OICCalloc(1, sizeof(OicSecCred_t));
783 OicSecCred_t *temp = headCred;
791 VERIFY_NON_NULL(TAG, cred, ERROR);
793 while(cbor_value_is_valid(&credMap) && cbor_value_is_text_string(&credMap))
796 CborType type = cbor_value_get_type(&credMap);
797 if (type == CborTextStringType)
799 cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
800 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in CRED Map.");
801 cborFindResult = cbor_value_advance(&credMap);
802 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in CRED Map.");
807 if (strcmp(name, OIC_JSON_CREDID_NAME) == 0)
810 cborFindResult = cbor_value_get_uint64(&credMap, &credId);
811 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredId.");
812 cred->credId = (uint16_t)credId;
815 if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
817 char *subjectid = NULL;
818 cborFindResult = cbor_value_dup_text_string(&credMap, &subjectid, &len, NULL);
819 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subjectid Value.");
820 if(strcmp(subjectid, WILDCARD_RESOURCE_URI) == 0)
822 cred->subject.id[0] = '*';
826 ret = ConvertStrToUuid(subjectid, &cred->subject);
827 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
832 if (strcmp(name, OIC_JSON_CREDTYPE_NAME) == 0)
834 uint64_t credType = 0;
835 cborFindResult = cbor_value_get_uint64(&credMap, &credType);
836 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CredType.");
837 cred->credType = (OicSecCredType_t)credType;
840 if (strcmp(name, OIC_JSON_PRIVATEDATA_NAME) == 0)
842 CborValue privateMap = { .parser = NULL };
843 cborFindResult = cbor_value_enter_container(&credMap, &privateMap);
845 while (cbor_value_is_valid(&privateMap))
847 char* privname = NULL;
848 CborType type = cbor_value_get_type(&privateMap);
849 if (type == CborTextStringType && cbor_value_is_text_string(&privateMap))
851 cborFindResult = cbor_value_dup_text_string(&privateMap, &privname,
853 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
854 cborFindResult = cbor_value_advance(&privateMap);
855 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
859 // PrivateData::privdata -- Mandatory
860 if (strcmp(privname, OIC_JSON_DATA_NAME) == 0)
862 if(cbor_value_is_byte_string(&privateMap))
864 cborFindResult = cbor_value_dup_byte_string(&privateMap, &cred->privateData.data,
865 &cred->privateData.len, NULL);
867 else if(cbor_value_is_text_string(&privateMap))
869 cborFindResult = cbor_value_dup_text_string(&privateMap, (char**)(&cred->privateData.data),
870 &cred->privateData.len, NULL);
874 cborFindResult = CborErrorUnknownType;
875 OIC_LOG(ERROR, TAG, "Unknown type for private data.");
877 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PrivateData.");
880 // PrivateData::encoding -- Mandatory
881 if (strcmp(privname, OIC_JSON_ENCODING_NAME) == 0)
883 // TODO: Added as workaround. Will be replaced soon.
884 char* strEncoding = NULL;
885 cborFindResult = cbor_value_dup_text_string(&privateMap, &strEncoding, &len, NULL);
886 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
888 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
890 cred->privateData.encoding = OIC_ENCODING_RAW;
892 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
894 cred->privateData.encoding = OIC_ENCODING_BASE64;
899 cred->privateData.encoding = OIC_ENCODING_RAW;
900 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for private data.");
903 OICFree(strEncoding);
906 if (cbor_value_is_valid(&privateMap))
908 cborFindResult = cbor_value_advance(&privateMap);
909 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing privatedata Map.");
915 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
916 //PublicData -- Not Mandatory
917 if (strcmp(name, OIC_JSON_PUBLICDATA_NAME) == 0)
919 CborValue pubMap = { .parser = NULL };
920 cborFindResult = cbor_value_enter_container(&credMap, &pubMap);
922 while (cbor_value_is_valid(&pubMap))
924 char* pubname = NULL;
925 CborType type = cbor_value_get_type(&pubMap);
926 if (type == CborTextStringType && cbor_value_is_text_string(&pubMap))
928 cborFindResult = cbor_value_dup_text_string(&pubMap, &pubname,
930 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
931 cborFindResult = cbor_value_advance(&pubMap);
932 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
936 // PrivateData::privdata -- Mandatory
937 if (strcmp(pubname, OIC_JSON_DATA_NAME) == 0 && cbor_value_is_byte_string(&pubMap))
939 cborFindResult = cbor_value_dup_byte_string(&pubMap, &cred->publicData.data,
940 &cred->publicData.len, NULL);
941 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding PubData.");
943 // PublicData::encoding -- Mandatory
944 if (strcmp(pubname, OIC_JSON_ENCODING_NAME) == 0)
946 // TODO: Need to update data structure, just ignore encoding value now.
949 if (cbor_value_is_valid(&pubMap))
951 cborFindResult = cbor_value_advance(&pubMap);
952 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing publicdata Map.");
957 //OptionalData -- Not Mandatory
958 if (strcmp(name, OIC_JSON_OPTDATA_NAME) == 0)
960 CborValue optMap = { .parser = NULL };
961 cborFindResult = cbor_value_enter_container(&credMap, &optMap);
963 while (cbor_value_is_valid(&optMap))
965 char* optname = NULL;
966 CborType type = cbor_value_get_type(&optMap);
967 if (type == CborTextStringType && cbor_value_is_text_string(&optMap))
969 cborFindResult = cbor_value_dup_text_string(&optMap, &optname,
971 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to get text");
972 cborFindResult = cbor_value_advance(&optMap);
973 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed to advance value");
977 // OptionalData::optdata -- Mandatory
978 if (strcmp(optname, OIC_JSON_DATA_NAME) == 0)
980 if(cbor_value_is_byte_string(&optMap))
982 cborFindResult = cbor_value_dup_byte_string(&optMap, &cred->optionalData.data,
983 &cred->optionalData.len, NULL);
985 else if(cbor_value_is_text_string(&optMap))
987 cborFindResult = cbor_value_dup_text_string(&optMap, (char**)(&cred->optionalData.data),
988 &cred->optionalData.len, NULL);
992 cborFindResult = CborErrorUnknownType;
993 OIC_LOG(ERROR, TAG, "Unknown type for optional data.");
995 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding OptionalData.");
997 // OptionalData::encoding -- Mandatory
998 if (strcmp(optname, OIC_JSON_ENCODING_NAME) == 0)
1000 // TODO: Added as workaround. Will be replaced soon.
1001 char* strEncoding = NULL;
1002 cborFindResult = cbor_value_dup_text_string(&optMap, &strEncoding, &len, NULL);
1003 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding EncodingType");
1005 if(strcmp(strEncoding, OIC_SEC_ENCODING_RAW) == 0)
1007 OIC_LOG(INFO,TAG,"cbor_value_is_byte_string");
1008 cred->optionalData.encoding = OIC_ENCODING_RAW;
1010 else if(strcmp(strEncoding, OIC_SEC_ENCODING_BASE64) == 0)
1012 cred->optionalData.encoding = OIC_ENCODING_BASE64;
1014 else if(strcmp(strEncoding, OIC_SEC_ENCODING_PEM) == 0)
1016 cred->optionalData.encoding = OIC_ENCODING_PEM;
1018 else if(strcmp(strEncoding, OIC_SEC_ENCODING_DER) == 0)
1020 cred->optionalData.encoding = OIC_ENCODING_DER;
1025 cred->optionalData.encoding = OIC_ENCODING_RAW;
1026 OIC_LOG(WARNING, TAG, "Unknown encoding type dectected for optional data.");
1028 OICFree(strEncoding);
1031 if (cbor_value_is_valid(&optMap))
1033 cborFindResult = cbor_value_advance(&optMap);
1034 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing optdata Map.");
1039 //Credusage -- Not Mandatory
1040 if (0 == strcmp(OIC_JSON_CREDUSAGE_NAME, name))
1042 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->credUsage, &len, NULL);
1043 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1045 #endif //__WITH_DTLS__ || __WITH_TLS__
1047 if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
1049 cborFindResult = cbor_value_dup_text_string(&credMap, &cred->period, &len, NULL);
1050 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period.");
1053 #ifdef _ENABLE_MULTIPLE_OWNER_
1054 // Eowner uuid -- Not Mandatory
1055 if (strcmp(OIC_JSON_EOWNERID_NAME, name) == 0 && cbor_value_is_text_string(&credMap))
1057 char *eowner = NULL;
1058 cborFindResult = cbor_value_dup_text_string(&credMap, &eowner, &len, NULL);
1059 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
1060 if(NULL == cred->eownerID)
1062 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1063 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1065 ret = ConvertStrToUuid(eowner, cred->eownerID);
1067 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
1069 #endif //_ENABLE_MULTIPLE_OWNER_
1071 if (cbor_value_is_valid(&credMap))
1073 cborFindResult = cbor_value_advance(&credMap);
1074 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Map.");
1080 if (cbor_value_is_valid(&credArray))
1082 cborFindResult = cbor_value_advance(&credArray);
1083 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Array.");
1088 //ROwner -- Mandatory
1089 if (strcmp(tagName, OIC_JSON_ROWNERID_NAME) == 0 && cbor_value_is_text_string(&CredRootMap))
1091 char *stRowner = NULL;
1092 cborFindResult = cbor_value_dup_text_string(&CredRootMap, &stRowner, &len, NULL);
1093 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
1095 ret = ConvertStrToUuid(stRowner, &headCred->rownerID);
1096 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
1099 else if (NULL != gCred)
1101 memcpy(&(headCred->rownerID), &(gCred->rownerID), sizeof(OicUuid_t));
1105 if (cbor_value_is_valid(&CredRootMap))
1107 cborFindResult = cbor_value_advance(&CredRootMap);
1108 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing CRED Root Map.");
1112 *secCred = headCred;
1116 if (CborNoError != cborFindResult)
1118 DeleteCredList(headCred);
1121 ret = OC_STACK_ERROR;
1127 #ifdef _ENABLE_MULTIPLE_OWNER_
1128 bool IsValidCredentialAccessForSubOwner(const OicUuid_t* uuid, const uint8_t *cborPayload, size_t size)
1130 OicSecCred_t* cred = NULL;
1131 bool isValidCred = false;
1133 OIC_LOG_BUFFER(DEBUG, TAG, cborPayload, size);
1135 VERIFY_NON_NULL(TAG, uuid, ERROR);
1136 VERIFY_NON_NULL(TAG, cborPayload, ERROR);
1137 VERIFY_SUCCESS(TAG, 0 != size, ERROR);
1138 VERIFY_SUCCESS(TAG, OC_STACK_OK == CBORPayloadToCred(cborPayload, size, &cred), ERROR);
1139 VERIFY_NON_NULL(TAG, cred, ERROR);
1140 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1141 VERIFY_SUCCESS(TAG, (memcmp(cred->eownerID->id, uuid->id, sizeof(uuid->id)) == 0), ERROR);
1146 DeleteCredList(cred);
1151 #endif //_ENABLE_MULTIPLE_OWNER_
1153 OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
1154 const OicSecCert_t * publicData, const OicSecKey_t* privateData,
1155 const OicUuid_t * rownerID, const OicUuid_t * eownerID)
1157 OIC_LOG(DEBUG, TAG, "IN GenerateCredential");
1160 OCStackResult ret = OC_STACK_ERROR;
1162 OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
1163 VERIFY_NON_NULL(TAG, cred, ERROR);
1165 //CredId is assigned before appending new cred to the existing
1166 //credential list and updating svr database in AddCredential().
1169 VERIFY_NON_NULL(TAG, subject, ERROR);
1170 memcpy(cred->subject.id, subject->id , sizeof(cred->subject.id));
1172 VERIFY_SUCCESS(TAG, credType < (NO_SECURITY_MODE | SYMMETRIC_PAIR_WISE_KEY |
1173 SYMMETRIC_GROUP_KEY | ASYMMETRIC_KEY | SIGNED_ASYMMETRIC_KEY | PIN_PASSWORD), ERROR);
1174 cred->credType = credType;
1176 #ifdef __WITH_DTLS__
1177 if (publicData && publicData->data)
1179 cred->publicData.data = (uint8_t *)OICCalloc(1, publicData->len);
1180 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
1181 memcpy(cred->publicData.data, publicData->data, publicData->len);
1182 cred->publicData.len = publicData->len;
1184 #endif // __WITH_DTLS__
1186 if (privateData && privateData->data)
1188 cred->privateData.data = (uint8_t *)OICCalloc(1, privateData->len);
1189 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1190 memcpy(cred->privateData.data, privateData->data, privateData->len);
1191 cred->privateData.len = privateData->len;
1193 // TODO: Added as workaround. Will be replaced soon.
1194 cred->privateData.encoding = OIC_ENCODING_RAW;
1197 // NOTE: Test codes to use base64 for credential.
1198 uint32_t outSize = 0;
1199 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((privateData->len + 1));
1200 char* b64Buf = (uint8_t *)OICCalloc(1, b64BufSize);
1201 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1202 b64Encode(privateData->data, privateData->len, b64Buf, b64BufSize, &outSize);
1204 OICFree( cred->privateData.data );
1205 cred->privateData.data = (uint8_t *)OICCalloc(1, outSize + 1);
1206 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
1208 strcpy(cred->privateData.data, b64Buf);
1209 cred->privateData.encoding = OIC_ENCODING_BASE64;
1210 cred->privateData.len = outSize;
1212 #endif //End of Test codes
1216 VERIFY_NON_NULL(TAG, rownerID, ERROR);
1217 memcpy(&cred->rownerID, rownerID, sizeof(OicUuid_t));
1219 #ifdef _ENABLE_MULTIPLE_OWNER_
1222 cred->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
1223 VERIFY_NON_NULL(TAG, cred->eownerID, ERROR);
1224 memcpy(cred->eownerID->id, eownerID->id, sizeof(eownerID->id));
1226 #endif //_ENABLE_MULTIPLE_OWNER_
1230 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : result: %d", ret);
1231 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credId: %d", cred->credId);
1232 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credType: %d", cred->credType);
1233 OIC_LOG_BUFFER(DEBUG, TAG, cred->subject.id, sizeof(cred->subject.id));
1234 if (cred->privateData.data)
1236 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : privateData len: %d", cred->privateData.len);
1237 OIC_LOG_BUFFER(DEBUG, TAG, cred->privateData.data, cred->privateData.len);
1239 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1242 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : credUsage: %s", cred->credUsage);
1244 if (cred->publicData.data)
1246 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : publicData len: %d", cred->publicData.len);
1247 OIC_LOG_BUFFER(DEBUG, TAG, cred->publicData.data, cred->publicData.len);
1250 if (cred->optionalData.data)
1252 OIC_LOG_V(DEBUG, TAG, "GenerateCredential : optionalData len: %d", cred->optionalData.len);
1253 OIC_LOG_BUFFER(DEBUG, TAG, cred->optionalData.data, cred->optionalData.len);
1256 #endif //defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1259 if (OC_STACK_OK != ret)
1261 DeleteCredList(cred);
1264 OIC_LOG(DEBUG, TAG, "OUT GenerateCredential");
1268 static bool UpdatePersistentStorage(const OicSecCred_t *cred)
1271 OIC_LOG(DEBUG, TAG, "IN Cred UpdatePersistentStorage");
1273 // Convert Cred data into JSON for update to persistent storage
1276 uint8_t *payload = NULL;
1277 // This added '512' is arbitrary value that is added to cover the name of the resource, map addition and ending
1278 size_t size = GetCredKeyDataSize(cred);
1279 size += (512 * OicSecCredCount(cred));
1280 OIC_LOG_V(DEBUG, TAG, "cred size: %" PRIu64, size);
1283 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
1284 if ((OC_STACK_OK == res) && payload)
1286 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
1293 else //Empty cred list
1295 if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, 0))
1300 OIC_LOG(DEBUG, TAG, "OUT Cred UpdatePersistentStorage");
1305 * Compare function used LL_SORT for sorting credentials.
1307 * @param first pointer to OicSecCred_t struct.
1308 * @param second pointer to OicSecCred_t struct.
1310 *@return -1, if credId of first is less than credId of second.
1311 * 0, if credId of first is equal to credId of second.
1312 * 1, if credId of first is greater than credId of second.
1314 static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
1316 if (first->credId < second->credId)
1320 else if (first->credId > second->credId)
1329 * GetCredId goes through the cred list and returns the next
1330 * available credId. The next credId could be the credId that is
1331 * available due deletion of OicSecCred_t object or one more than
1332 * credId of last credential in the list.
1334 * @return next available credId if successful, else 0 for error.
1336 static uint16_t GetCredId()
1338 //Sorts credential list in incremental order of credId
1339 LL_SORT(gCred, CmpCredId);
1341 OicSecCred_t *currentCred = NULL, *credTmp = NULL;
1342 uint16_t nextCredId = 1;
1344 LL_FOREACH_SAFE(gCred, currentCred, credTmp)
1346 if (currentCred->credId == nextCredId)
1356 VERIFY_SUCCESS(TAG, nextCredId < UINT16_MAX, ERROR);
1364 * Get the default value.
1366 * @return NULL for now.
1368 static OicSecCred_t* GetCredDefault()
1370 // TODO:Update it when we finalize the default info.
1374 static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
1376 VERIFY_NON_NULL(TAG, sk1, WARNING);
1377 VERIFY_NON_NULL(TAG, sk2, WARNING);
1379 VERIFY_SUCCESS(TAG, (sk1->len == sk2->len), INFO);
1380 VERIFY_SUCCESS(TAG, (sk1->encoding == sk2->encoding), INFO);
1381 VERIFY_SUCCESS(TAG, (0 == memcmp(sk1->data, sk2->data, sk1->len)), INFO);
1387 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1388 static bool IsSameCert(const OicSecCert_t* cert1, const OicSecCert_t* cert2)
1390 VERIFY_NON_NULL(TAG, cert1, WARNING);
1391 VERIFY_NON_NULL(TAG, cert2, WARNING);
1393 VERIFY_SUCCESS(TAG, (cert1->len == cert2->len), INFO);
1394 VERIFY_SUCCESS(TAG, (0 == memcmp(cert1->data, cert2->data, cert1->len)), INFO);
1399 #endif //#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1402 * Compares credential
1404 * @return CRED_CMP_EQUAL if credentials are equal
1405 * CRED_CMP_NOT_EQUAL if not equal
1409 static CredCompareResult_t CompareCredential(const OicSecCred_t * l, const OicSecCred_t * r)
1411 CredCompareResult_t cmpResult = CRED_CMP_ERROR;
1412 bool isCompared = false;
1413 OIC_LOG(DEBUG, TAG, "IN CompareCredetial");
1415 VERIFY_NON_NULL(TAG, l, ERROR);
1416 VERIFY_NON_NULL(TAG, r, ERROR);
1418 cmpResult = CRED_CMP_NOT_EQUAL;
1420 VERIFY_SUCCESS(TAG, (l->credType == r->credType), INFO);
1421 VERIFY_SUCCESS(TAG, (0 == memcmp(l->subject.id, r->subject.id, sizeof(l->subject.id))), INFO);
1425 case SYMMETRIC_PAIR_WISE_KEY:
1426 case SYMMETRIC_GROUP_KEY:
1429 if(l->privateData.data && r->privateData.data)
1431 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1436 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1437 case ASYMMETRIC_KEY:
1438 case SIGNED_ASYMMETRIC_KEY:
1440 if(l->publicData.data && r->publicData.data)
1442 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1446 if(l->optionalData.data && r->optionalData.data)
1448 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1452 if(l->credUsage && r->credUsage)
1454 VERIFY_SUCCESS(TAG, (strlen(l->credUsage) == strlen(r->credUsage)), INFO);
1455 VERIFY_SUCCESS(TAG, (0 == strncmp(l->credUsage, r->credUsage, strlen(l->credUsage))), INFO);
1460 case ASYMMETRIC_ENCRYPTION_KEY:
1462 if(l->privateData.data && r->privateData.data)
1464 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->privateData, &r->privateData), INFO);
1468 if(l->publicData.data && r->publicData.data)
1470 VERIFY_SUCCESS(TAG, IsSameCert(&l->publicData, &r->publicData), INFO);
1474 if(l->optionalData.data && r->optionalData.data)
1476 VERIFY_SUCCESS(TAG, IsSameSecKey(&l->optionalData, &r->optionalData), INFO);
1482 #endif //__WITH_DTLS__ or __WITH_TLS__
1485 cmpResult = CRED_CMP_ERROR;
1492 OIC_LOG(DEBUG, TAG, "Same Credentials");
1493 cmpResult = CRED_CMP_EQUAL;
1497 OIC_LOG(DEBUG, TAG, "Can not find the key data in credential");
1498 cmpResult = CRED_CMP_ERROR;
1501 OIC_LOG(DEBUG, TAG, "OUT CompareCredetial");
1506 OCStackResult AddCredential(OicSecCred_t * newCred)
1508 OCStackResult ret = OC_STACK_ERROR;
1509 OicSecCred_t * temp = NULL;
1510 bool validFlag = true;
1511 OicUuid_t emptyOwner = { .id = {0} };
1513 OIC_LOG(DEBUG, TAG, "IN AddCredential");
1515 VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
1516 //Assigning credId to the newCred
1517 newCred->credId = GetCredId();
1518 VERIFY_SUCCESS(TAG, true == IsVaildCredential(newCred), ERROR);
1520 //the newCred is not valid if it is empty
1522 if (memcmp(&(newCred->subject.id), &emptyOwner, UUID_IDENTITY_SIZE) == 0)
1528 LL_FOREACH(gCred, temp)
1530 CredCompareResult_t cmpRes = CompareCredential(temp, newCred);
1531 if(CRED_CMP_EQUAL == cmpRes)
1533 OIC_LOG_V(WARNING, TAG, "Detected same credential ID(%d)" \
1534 "new credential's ID will be replaced.", temp->credId);
1535 newCred->credId = temp->credId;
1541 if (CRED_CMP_ERROR == cmpRes)
1543 OIC_LOG_V(WARNING, TAG, "Credential skipped : %d", cmpRes);
1544 ret = OC_STACK_ERROR;
1551 //Append the new Cred to existing list if new Cred is valid
1554 LL_APPEND(gCred, newCred);
1557 memcpy(&(gCred->rownerID), &(newCred->rownerID), sizeof(OicUuid_t));
1558 if (UpdatePersistentStorage(gCred))
1564 OIC_LOG(DEBUG, TAG, "OUT AddCredential");
1568 OCStackResult RemoveCredential(const OicUuid_t *subject)
1570 OCStackResult ret = OC_STACK_ERROR;
1571 OicSecCred_t *cred = NULL;
1572 OicSecCred_t *tempCred = NULL;
1573 bool deleteFlag = false;
1575 LL_FOREACH_SAFE(gCred, cred, tempCred)
1577 if (memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
1579 LL_DELETE(gCred, cred);
1587 if (UpdatePersistentStorage(gCred))
1589 ret = OC_STACK_RESOURCE_DELETED;
1596 OCStackResult RemoveCredentialByCredId(uint16_t credId)
1598 OCStackResult ret = OC_STACK_ERROR;
1599 OicSecCred_t *cred = NULL;
1600 OicSecCred_t *tempCred = NULL;
1601 bool deleteFlag = false;
1603 OIC_LOG(INFO, TAG, "IN RemoveCredentialByCredId");
1607 return OC_STACK_INVALID_PARAM;
1611 LL_FOREACH_SAFE(gCred, cred, tempCred)
1613 if (cred->credId == credId)
1615 OIC_LOG_V(DEBUG, TAG, "Credential(ID=%d) will be removed.", credId);
1617 LL_DELETE(gCred, cred);
1625 if (UpdatePersistentStorage(gCred))
1627 ret = OC_STACK_RESOURCE_DELETED;
1630 OIC_LOG(INFO, TAG, "OUT RemoveCredentialByCredId");
1637 * Remove all credential data on credential resource and persistent storage
1640 * OC_STACK_OK - no errors
1641 * OC_STACK_ERROR - stack process error
1643 OCStackResult RemoveAllCredentials(void)
1645 DeleteCredList(gCred);
1646 gCred = GetCredDefault();
1648 if (!UpdatePersistentStorage(gCred))
1650 return OC_STACK_ERROR;
1655 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1657 * Internal function to fill private data of owner PSK.
1659 * @param receviedCred recevied owner credential from OBT(PT)
1660 * @param ownerAdd address of OBT(PT)
1661 * @param doxm current device's doxm resource
1664 * true successfully done and valid ower psk information
1665 * false Invalid owner psk information or failed to owner psk generation
1667 static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoint_t* ownerAddr,
1668 const OicSecDoxm_t* doxm)
1670 //Derive OwnerPSK locally
1671 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1672 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1674 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {0};
1675 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1676 (uint8_t*)oxmLabel, strlen(oxmLabel),
1677 doxm->owner.id, sizeof(doxm->owner.id),
1678 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1679 ownerPSK, OWNER_PSK_LENGTH_128);
1680 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1682 OIC_LOG(DEBUG, TAG, "OwnerPSK dump :");
1683 OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
1685 //Generate owner credential based on recevied credential information
1687 // TODO: Added as workaround, will be replaced soon.
1688 if(OIC_ENCODING_RAW == receviedCred->privateData.encoding)
1690 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1691 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1692 receviedCred->privateData.len = OWNER_PSK_LENGTH_128;
1693 memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
1695 else if(OIC_ENCODING_BASE64 == receviedCred->privateData.encoding)
1697 uint32_t b64OutSize = 0;
1698 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1699 char* b64Buf = OICCalloc(1, b64BufSize);
1700 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1702 b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize);
1704 receviedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1705 VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
1706 receviedCred->privateData.len = b64OutSize;
1707 strncpy((char*)receviedCred->privateData.data, b64Buf, b64OutSize);
1708 receviedCred->privateData.data[b64OutSize] = '\0';
1712 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1715 OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
1717 //Verify OwnerPSK information
1718 return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
1719 receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
1721 //receviedCred->privateData.data will be deallocated when deleting credential.
1726 #ifdef _ENABLE_MULTIPLE_OWNER_
1728 * Internal function to fill private data of SubOwner PSK.
1730 * @param receviedCred recevied owner credential from SubOwner
1731 * @param ownerAdd address of SubOwner
1732 * @param doxm current device's doxm resource
1735 * true successfully done and valid subower psk information
1736 * false Invalid subowner psk information or failed to subowner psk generation
1738 static bool FillPrivateDataOfSubOwnerPSK(OicSecCred_t* receivedCred, const CAEndpoint_t* ownerAddr,
1739 const OicSecDoxm_t* doxm, const OicUuid_t* subOwner)
1741 char* b64Buf = NULL;
1742 //Derive OwnerPSK locally
1743 const char* oxmLabel = GetOxmString(doxm->oxmSel);
1744 VERIFY_NON_NULL(TAG, oxmLabel, ERROR);
1746 uint8_t subOwnerPSK[OWNER_PSK_LENGTH_128] = {0};
1747 CAResult_t pskRet = CAGenerateOwnerPSK(ownerAddr,
1748 (uint8_t*)oxmLabel, strlen(oxmLabel),
1749 subOwner->id, sizeof(subOwner->id),
1750 doxm->deviceID.id, sizeof(doxm->deviceID.id),
1751 subOwnerPSK, OWNER_PSK_LENGTH_128);
1752 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
1754 OIC_LOG(DEBUG, TAG, "SubOwnerPSK dump :");
1755 OIC_LOG_BUFFER(DEBUG, TAG, subOwnerPSK, OWNER_PSK_LENGTH_128);
1757 //Generate owner credential based on received credential information
1759 if(OIC_ENCODING_RAW == receivedCred->privateData.encoding)
1761 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
1762 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1763 receivedCred->privateData.len = OWNER_PSK_LENGTH_128;
1764 memcpy(receivedCred->privateData.data, subOwnerPSK, OWNER_PSK_LENGTH_128);
1766 else if(OIC_ENCODING_BASE64 == receivedCred->privateData.encoding)
1768 uint32_t b64OutSize = 0;
1769 size_t b64BufSize = B64ENCODE_OUT_SAFESIZE((OWNER_PSK_LENGTH_128 + 1));
1770 b64Buf = OICCalloc(1, b64BufSize);
1771 VERIFY_NON_NULL(TAG, b64Buf, ERROR);
1773 VERIFY_SUCCESS(TAG, \
1774 B64_OK == b64Encode(subOwnerPSK, OWNER_PSK_LENGTH_128, b64Buf, b64BufSize, &b64OutSize), \
1777 receivedCred->privateData.data = (uint8_t *)OICCalloc(1, b64OutSize + 1);
1778 VERIFY_NON_NULL(TAG, receivedCred->privateData.data, ERROR);
1779 receivedCred->privateData.len = b64OutSize;
1780 strncpy((char*)receivedCred->privateData.data, b64Buf, b64OutSize);
1781 receivedCred->privateData.data[b64OutSize] = '\0';
1785 OIC_LOG(INFO, TAG, "Unknown credential encoding type.");
1786 VERIFY_SUCCESS(TAG, OIC_ENCODING_UNKNOW, ERROR);
1789 OIC_LOG(INFO, TAG, "PrivateData of SubOwnerPSK was calculated successfully");
1793 //receivedCred->privateData.data will be deallocated when deleting credential.
1797 #endif //_ENABLE_MULTIPLE_OWNER_
1798 #endif // __WITH_DTLS__ or __WITH_TLS__
1800 static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * ehRequest)
1802 OCEntityHandlerResult ret = OC_EH_ERROR;
1803 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest IN");
1805 static uint16_t previousMsgId = 0;
1806 //Get binary representation of cbor
1807 OicSecCred_t *cred = NULL;
1808 uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData);
1809 size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
1811 OCStackResult res = CBORPayloadToCred(payload, size, &cred);
1812 if (res == OC_STACK_OK)
1814 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1815 OicUuid_t emptyUuid = {.id={0}};
1816 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1817 if(doxm && false == doxm->owned && memcmp(&(doxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0)
1819 //in case of owner PSK
1820 switch(cred->credType)
1822 case SYMMETRIC_PAIR_WISE_KEY:
1824 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1825 if(FillPrivateDataOfOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm))
1827 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1829 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1832 OIC_LOG(ERROR, TAG, "OwnerPSK was generated successfully.");
1833 if(OC_STACK_OK == AddCredential(cred))
1835 ret = OC_EH_CHANGED;
1839 OIC_LOG(ERROR, TAG, "Failed to save the OwnerPSK as cred resource");
1845 OIC_LOG(ERROR, TAG, "Failed to verify receviced OwnerPKS.");
1849 if(OC_EH_CHANGED == ret)
1852 * in case of random PIN based OxM,
1853 * revert get_psk_info callback of tinyDTLS to use owner credential.
1855 if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
1857 SetUuidForPinBasedOxm(&emptyUuid);
1859 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
1860 if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials))
1862 OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
1866 #endif // __WITH_DTLS__ or __WITH_TLS__
1869 //Select cipher suite to use owner PSK
1870 if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false))
1872 OIC_LOG(ERROR, TAG, "Failed to disable anonymous cipher suite");
1877 OIC_LOG(INFO, TAG, "Anonymous cipher suite is DISABLED");
1881 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256, ehRequest->devAddr.adapter))
1883 OIC_LOG(ERROR, TAG, "Failed to select cipher suite");
1890 case SYMMETRIC_GROUP_KEY:
1891 case ASYMMETRIC_KEY:
1892 case SIGNED_ASYMMETRIC_KEY:
1894 case ASYMMETRIC_ENCRYPTION_KEY:
1896 OIC_LOG(WARNING, TAG, "Unsupported credential type for owner credential.");
1902 OIC_LOG(WARNING, TAG, "Unknown credential type for owner credential.");
1908 if(OC_EH_CHANGED != ret)
1911 * If some error is occured while ownership transfer,
1912 * ownership transfer related resource should be revert back to initial status.
1914 const OicSecDoxm_t* doxm = GetDoxmResourceData();
1917 if(!doxm->owned && previousMsgId != ehRequest->messageID)
1919 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
1920 "DOXM will be reverted.");
1921 RestoreDoxmToInitState();
1922 RestorePstatToInitState();
1927 OIC_LOG(ERROR, TAG, "Invalid DOXM resource");
1931 #ifdef _ENABLE_MULTIPLE_OWNER_
1932 // In case SubOwner Credential
1933 else if(doxm && doxm->owned && doxm->mom &&
1934 OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode &&
1935 0 == cred->privateData.len)
1937 switch(cred->credType)
1939 case SYMMETRIC_PAIR_WISE_KEY:
1941 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
1942 if(FillPrivateDataOfSubOwnerPSK(cred, (CAEndpoint_t *)&request->devAddr, doxm, &cred->subject))
1944 if(OC_STACK_RESOURCE_DELETED == RemoveCredential(&cred->subject))
1946 OIC_LOG(WARNING, TAG, "The credential with the same subject ID was detected!");
1949 OIC_LOG(ERROR, TAG, "SubOwnerPSK was generated successfully.");
1950 if(OC_STACK_OK == AddCredential(cred))
1952 ret = OC_EH_CHANGED;
1956 OIC_LOG(ERROR, TAG, "Failed to save the SubOwnerPSK as cred resource");
1962 OIC_LOG(ERROR, TAG, "Failed to verify receviced SubOwner PSK.");
1968 case SYMMETRIC_GROUP_KEY:
1969 case ASYMMETRIC_KEY:
1970 case SIGNED_ASYMMETRIC_KEY:
1972 case ASYMMETRIC_ENCRYPTION_KEY:
1974 OIC_LOG(WARNING, TAG, "Unsupported credential type for SubOwner credential.");
1980 OIC_LOG(WARNING, TAG, "Unknown credential type for SubOwner credential.");
1986 #endif //_ENABLE_MULTIPLE_OWNER_
1989 if(IsEmptyCred(cred))
1991 OicUuid_t emptyUuid = {.id={0}};
1992 if(memcmp(cred->rownerID.id, emptyUuid.id, sizeof(emptyUuid.id)) != 0)
1994 OIC_LOG(INFO, TAG, "CRED's rowner will be updated.");
1995 memcpy(gCred->rownerID.id, cred->rownerID.id, sizeof(cred->rownerID.id));
1996 if (UpdatePersistentStorage(gCred))
1998 ret = OC_EH_CHANGED;
2013 * If the post request credential has credId, it will be
2014 * discarded and the next available credId will be assigned
2015 * to it before getting appended to the existing credential
2016 * list and updating svr database.
2018 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2021 #else //not __WITH_DTLS__
2023 * If the post request credential has credId, it will be
2024 * discarded and the next available credId will be assigned
2025 * to it before getting appended to the existing credential
2026 * list and updating svr database.
2028 ret = (OC_STACK_OK == AddCredential(cred))? OC_EH_CHANGED : OC_EH_ERROR;
2029 OC_UNUSED(previousMsgId);
2030 #endif//__WITH_DTLS__
2033 if (OC_EH_CHANGED != ret)
2035 if(OC_STACK_OK != RemoveCredential(&cred->subject))
2037 OIC_LOG(WARNING, TAG, "Failed to remove the invalid credential");
2043 previousMsgId = ehRequest->messageID;
2045 //Send response to request originator
2046 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2047 OC_EH_OK : OC_EH_ERROR;
2049 OIC_LOG(DEBUG, TAG, "HandleCREDPostRequest OUT");
2054 * The entity handler determines how to process a GET request.
2056 static OCEntityHandlerResult HandleGetRequest (const OCEntityHandlerRequest * ehRequest)
2058 OIC_LOG(INFO, TAG, "HandleGetRequest processing GET request");
2060 // Convert Cred data into CBOR for transmission
2062 uint8_t *payload = NULL;
2065 const OicSecCred_t *cred = gCred;
2067 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2068 size = GetCredKeyDataSize(cred);
2069 size += (256 * OicSecCredCount(cred));
2070 OCStackResult res = CredToCBORPayload(cred, &payload, &size, secureFlag);
2072 // A device should always have a default cred. Therefore, payload should never be NULL.
2073 OCEntityHandlerResult ehRet = (res == OC_STACK_OK) ? OC_EH_OK : OC_EH_ERROR;
2076 //Send payload to request originator
2077 ehRet = ((SendSRMResponse(ehRequest, ehRet, payload, size)) == OC_STACK_OK) ?
2078 OC_EH_OK : OC_EH_ERROR;
2083 static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *ehRequest)
2085 OIC_LOG(DEBUG, TAG, "Processing CredDeleteRequest");
2087 OCEntityHandlerResult ehRet = OC_EH_ERROR;
2089 if (NULL == ehRequest->query)
2094 OicParseQueryIter_t parseIter = { .attrPos=NULL };
2095 OicUuid_t subject = {.id={0}};
2097 //Parsing REST query to get the subject
2098 ParseQueryIterInit((unsigned char *)ehRequest->query, &parseIter);
2099 while (GetNextQuery(&parseIter))
2101 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECTID_NAME,
2102 parseIter.attrLen) == 0)
2104 OCStackResult ret = ConvertStrToUuid((const char*)parseIter.valPos, &subject);
2105 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2109 if (OC_STACK_RESOURCE_DELETED == RemoveCredential(&subject))
2111 ehRet = OC_EH_RESOURCE_DELETED;
2113 //Send response to request originator
2114 ehRet = ((SendSRMResponse(ehRequest, ehRet, NULL, 0)) == OC_STACK_OK) ?
2115 OC_EH_OK : OC_EH_ERROR;
2120 OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
2121 OCEntityHandlerRequest * ehRequest,
2122 void* callbackParameter)
2124 (void)callbackParameter;
2125 OCEntityHandlerResult ret = OC_EH_ERROR;
2131 if (flag & OC_REQUEST_FLAG)
2133 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
2134 //TODO : Remove Handle PUT methods once CTT have changed to POST on OTM
2135 switch (ehRequest->method)
2138 ret = HandleGetRequest(ehRequest);;
2142 ret = HandlePostRequest(ehRequest);
2144 case OC_REST_DELETE:
2145 ret = HandleDeleteRequest(ehRequest);
2148 ret = ((SendSRMResponse(ehRequest, ret, NULL, 0)) == OC_STACK_OK) ?
2149 OC_EH_OK : OC_EH_ERROR;
2156 OCStackResult CreateCredResource()
2158 OCStackResult ret = OCCreateResource(&gCredHandle,
2159 OIC_RSRC_TYPE_SEC_CRED,
2160 OC_RSRVD_INTERFACE_DEFAULT,
2166 if (OC_STACK_OK != ret)
2168 OIC_LOG (FATAL, TAG, "Unable to instantiate Cred resource");
2169 DeInitCredResource();
2174 OCStackResult InitCredResource()
2176 OCStackResult ret = OC_STACK_ERROR;
2177 OicSecCred_t* cred = NULL;
2179 //Read Cred resource from PS
2180 uint8_t *data = NULL;
2182 ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
2183 // If database read failed
2184 if (ret != OC_STACK_OK)
2186 OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
2190 // Read ACL resource from PS
2191 ret = CBORPayloadToCred(data, size, &gCred);
2195 * If SVR database in persistent storage got corrupted or
2196 * is not available for some reason, a default Cred is created
2197 * which allows user to initiate Cred provisioning again.
2199 if (ret != OC_STACK_OK || !data || !gCred)
2201 gCred = GetCredDefault();
2204 //Add a log to track the invalid credential.
2205 LL_FOREACH(gCred, cred)
2207 if (false == IsVaildCredential(cred))
2209 OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
2210 OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
2214 //Instantiate 'oic.sec.cred'
2215 ret = CreateCredResource();
2220 OCStackResult DeInitCredResource()
2222 OCStackResult result = OCDeleteResource(gCredHandle);
2223 DeleteCredList(gCred);
2228 OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
2230 OicSecCred_t *cred = NULL;
2232 if ( NULL == subject)
2237 LL_FOREACH(gCred, cred)
2239 if(memcmp(cred->subject.id, subject->id, sizeof(subject->id)) == 0)
2247 const OicSecCred_t* GetCredList()
2252 OicSecCred_t* GetCredEntryByCredId(const uint16_t credId)
2254 OicSecCred_t *cred = NULL;
2255 OicSecCred_t *tmpCred = NULL;
2262 LL_FOREACH(gCred, tmpCred)
2264 if(tmpCred->credId == credId)
2266 cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
2267 VERIFY_NON_NULL(TAG, cred, ERROR);
2271 cred->credId = tmpCred->credId;
2272 cred->credType = tmpCred->credType;
2273 memcpy(cred->subject.id, tmpCred->subject.id , sizeof(cred->subject.id));
2274 memcpy(cred->rownerID.id, tmpCred->rownerID.id , sizeof(cred->rownerID.id));
2275 if (tmpCred->period)
2277 cred->period = OICStrdup(tmpCred->period);
2281 if (tmpCred->privateData.data)
2283 cred->privateData.data = (uint8_t *)OICCalloc(1, tmpCred->privateData.len);
2284 VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
2286 memcpy(cred->privateData.data, tmpCred->privateData.data, tmpCred->privateData.len);
2287 cred->privateData.len = tmpCred->privateData.len;
2288 cred->privateData.encoding = tmpCred->privateData.encoding;
2290 #if defined(__WITH_X509__) || defined(__WITH_TLS__)
2291 else if (tmpCred->publicData.data)
2293 cred->publicData.data = (uint8_t *)OICCalloc(1, tmpCred->publicData.len);
2294 VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
2296 memcpy(cred->publicData.data, tmpCred->publicData.data, tmpCred->publicData.len);
2297 cred->publicData.len = tmpCred->publicData.len;
2299 else if (tmpCred->optionalData.data)
2301 cred->optionalData.data = (uint8_t *)OICCalloc(1, tmpCred->optionalData.len);
2302 VERIFY_NON_NULL(TAG, cred->optionalData.data, ERROR);
2304 memcpy(cred->optionalData.data, tmpCred->optionalData.data, tmpCred->optionalData.len);
2305 cred->optionalData.len = tmpCred->optionalData.len;
2306 cred->optionalData.encoding = tmpCred->optionalData.encoding;
2309 if (tmpCred->credUsage)
2311 cred->credUsage = OICStrdup(tmpCred->credUsage);
2313 #endif /* __WITH_X509__ or __WITH_TLS__*/
2324 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
2325 int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
2326 const uint8_t *desc, size_t desc_len,
2327 uint8_t *result, size_t result_length)
2338 case CA_DTLS_PSK_HINT:
2339 case CA_DTLS_PSK_IDENTITY:
2341 OicUuid_t deviceID = {.id={0}};
2342 // Retrieve Device ID from doxm resource
2343 if ( OC_STACK_OK != GetDoxmDeviceID(&deviceID) )
2345 OIC_LOG (ERROR, TAG, "Unable to retrieve doxm Device ID");
2349 if (result_length < sizeof(deviceID.id))
2351 OIC_LOG (ERROR, TAG, "Wrong value for result_length");
2354 memcpy(result, deviceID.id, sizeof(deviceID.id));
2355 return (sizeof(deviceID.id));
2359 case CA_DTLS_PSK_KEY:
2361 OicSecCred_t *cred = NULL;
2362 LL_FOREACH(gCred, cred)
2364 if (cred->credType != SYMMETRIC_PAIR_WISE_KEY)
2369 if ((desc_len == sizeof(cred->subject.id)) &&
2370 (memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
2373 * If the credentials are valid for limited time,
2374 * check their expiry.
2378 if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
2380 OIC_LOG (INFO, TAG, "Credentials are expired.");
2386 // TODO: Added as workaround. Will be replaced soon.
2387 if(OIC_ENCODING_RAW == cred->privateData.encoding)
2389 ret = cred->privateData.len;
2390 memcpy(result, cred->privateData.data, ret);
2392 else if(OIC_ENCODING_BASE64 == cred->privateData.encoding)
2394 size_t outBufSize = B64DECODE_OUT_SAFESIZE((cred->privateData.len + 1));
2395 uint8_t* outKey = OICCalloc(1, outBufSize);
2396 uint32_t outKeySize;
2399 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2403 if(B64_OK == b64Decode((char*)cred->privateData.data, cred->privateData.len, outKey, outBufSize, &outKeySize))
2405 memcpy(result, outKey, outKeySize);
2410 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2419 OIC_LOG(DEBUG, TAG, "Can not find subject matched credential.");
2421 #ifdef _ENABLE_MULTIPLE_OWNER_
2422 const OicSecDoxm_t* doxm = GetDoxmResourceData();
2423 if(doxm && doxm->mom && OIC_MULTIPLE_OWNER_DISABLE != doxm->mom->mode)
2425 // in case of multiple owner transfer authentication
2426 if(OIC_PRECONFIG_PIN == doxm->oxmSel)
2428 OicSecCred_t* wildCardCred = GetCredResourceData(&WILDCARD_SUBJECT_ID);
2431 OIC_LOG(DEBUG, TAG, "Detected wildcard credential.");
2432 if(PIN_PASSWORD == wildCardCred->credType)
2435 char* pinBuffer = NULL;
2436 uint32_t pinLength = 0;
2437 if(OIC_ENCODING_RAW == wildCardCred->privateData.encoding)
2439 pinBuffer = OICCalloc(1, wildCardCred->privateData.len + 1);
2440 if(NULL == pinBuffer)
2442 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2445 pinLength = wildCardCred->privateData.len;
2446 memcpy(pinBuffer, wildCardCred->privateData.data, pinLength);
2448 else if(OIC_ENCODING_BASE64 == wildCardCred->privateData.encoding)
2450 size_t pinBufSize = B64DECODE_OUT_SAFESIZE((wildCardCred->privateData.len + 1));
2451 pinBuffer = OICCalloc(1, pinBufSize);
2452 if(NULL == pinBuffer)
2454 OIC_LOG (ERROR, TAG, "Failed to allocate memory.");
2458 if(B64_OK != b64Decode((char*)wildCardCred->privateData.data, wildCardCred->privateData.len, pinBuffer, pinBufSize, &pinLength))
2460 OIC_LOG (ERROR, TAG, "Failed to base64 decoding.");
2466 OIC_LOG(ERROR, TAG, "Unknown encoding type of PIN/PW credential.");
2470 //Set the PIN/PW to derive PSK
2471 if (OC_STACK_OK != SetPreconfigPin(pinBuffer, pinLength))
2474 OIC_LOG(ERROR, TAG, "Failed to load PIN data.");
2480 if(OC_STACK_OK != GetDoxmDeviceID(&myUuid))
2482 OIC_LOG(ERROR, TAG, "Failed to read device ID");
2485 SetUuidForPinBasedOxm(&myUuid);
2487 //Calculate PSK using PIN/PW
2488 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2490 ret = OWNER_PSK_LENGTH_128;
2494 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN");
2497 if(CA_STATUS_OK != CAregisterSslHandshakeCallback(MultipleOwnerDTLSHandshakeCB))
2499 OIC_LOG(WARNING, TAG, "Error while bind the DTLS Handshake Callback.");
2504 else if(OIC_RANDOM_DEVICE_PIN == doxm->oxmSel)
2506 if(0 == DerivePSKUsingPIN((uint8_t*)result))
2508 ret = OWNER_PSK_LENGTH_128;
2512 OIC_LOG_V(ERROR, TAG, "Failed to derive crypto key from PIN : result");
2517 #endif //_ENABLE_MULTIPLE_OWNER_
2526 * Add temporal PSK to PIN based OxM
2528 * @param[in] tmpSubject UUID of target device
2529 * @param[in] credType Type of credential to be added
2530 * @param[in] pin numeric characters
2531 * @param[in] pinSize length of 'pin'
2532 * @param[in] rownerID Resource owner's UUID
2533 * @param[out] tmpCredSubject Generated credential's subject.
2535 * @return OC_STACK_OK for success and errorcode otherwise.
2537 OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
2538 const char * pin, size_t pinSize,
2539 const OicUuid_t * rownerID, OicUuid_t* tmpCredSubject)
2541 OCStackResult ret = OC_STACK_ERROR;
2542 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN IN");
2544 if(NULL == tmpSubject || NULL == pin || 0 == pinSize || NULL == tmpCredSubject)
2546 return OC_STACK_INVALID_PARAM;
2549 uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
2550 OicSecKey_t privKey = {privData, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
2551 OicSecCred_t* cred = NULL;
2552 int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, rownerID->id,
2553 UUID_LENGTH, PBKDF_ITERATIONS,
2554 OWNER_PSK_LENGTH_128, privData);
2555 VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
2557 cred = GenerateCredential(tmpSubject, credType, NULL,
2558 &privKey, rownerID, NULL);
2561 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
2562 return OC_STACK_ERROR;
2565 memcpy(tmpCredSubject->id, cred->subject.id, UUID_LENGTH);
2567 ret = AddCredential(cred);
2568 if( OC_STACK_OK != ret)
2570 RemoveCredential(tmpSubject);
2571 OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to add credential");
2573 OIC_LOG(DEBUG, TAG, "AddTmpPskWithPIN OUT");
2579 #endif /* __WITH_DTLS__ */
2581 OCStackResult SetCredRownerId(const OicUuid_t* newROwner)
2583 OCStackResult ret = OC_STACK_ERROR;
2584 uint8_t *cborPayload = NULL;
2587 OicUuid_t prevId = {.id={0}};
2589 if(NULL == newROwner)
2591 ret = OC_STACK_INVALID_PARAM;
2595 ret = OC_STACK_NO_RESOURCE;
2598 if(newROwner && gCred)
2600 memcpy(prevId.id, gCred->rownerID.id, sizeof(prevId.id));
2601 memcpy(gCred->rownerID.id, newROwner->id, sizeof(newROwner->id));
2603 // This added '256' is arbitrary value that is added to cover the name of the resource, map addition and ending
2604 size = GetCredKeyDataSize(gCred);
2605 size += (256 * OicSecCredCount(gCred));
2606 ret = CredToCBORPayload(gCred, &cborPayload, &size, secureFlag);
2607 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2609 ret = UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, cborPayload, size);
2610 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
2612 OICFree(cborPayload);
2618 OICFree(cborPayload);
2619 memcpy(gCred->rownerID.id, prevId.id, sizeof(prevId.id));
2623 OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
2625 OCStackResult retVal = OC_STACK_ERROR;
2628 *rowneruuid = gCred->rownerID;
2629 retVal = OC_STACK_OK;
2634 #if defined (__WITH_TLS__) || defined(__WITH_DTLS__)
2635 void GetDerCaCert(ByteArray_t * crt)
2641 uint8_t *data = NULL;
2643 OCStackResult ret = OC_STACK_ERROR;
2644 OicSecCred_t * cred;
2645 OicSecCred_t * temp = NULL;
2646 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2647 LL_FOREACH(gCred, temp)
2649 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), TRUST_CA, strlen(TRUST_CA) + 1))
2651 OIC_LOG_V(DEBUG, TAG, "len: %d, crt len: %d", temp->optionalData.len, crt->len);
2652 if(OIC_ENCODING_BASE64 == temp->optionalData.encoding)
2654 size_t bufSize = B64DECODE_OUT_SAFESIZE((temp->optionalData.len + 1));
2655 uint8 * buf = OICCalloc(1, bufSize);
2658 OIC_LOG(ERROR, TAG, "Failed to allocate memory");
2662 if(B64_OK != b64Decode(temp->optionalData.data, temp->optionalData.len, buf, bufSize, &outSize))
2665 OIC_LOG(ERROR, TAG, "Failed to decode base64 data");
2668 crt->data = OICRealloc(crt->data, crt->len + outSize);
2669 memcpy(crt->data + crt->len, buf, outSize);
2670 crt->len += outSize;
2675 crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
2676 memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
2677 crt->len += temp->optionalData.len;
2679 OIC_LOG_V(DEBUG, TAG, "Trust CA Found!! %d", crt->len);
2684 OIC_LOG(DEBUG, TAG, "Trust CA Not Found!!");
2686 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2690 void GetDerOwnCert(ByteArray_t * crt)
2697 uint8_t *data = NULL;
2698 OicSecCred_t * temp = NULL;
2699 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2700 LL_FOREACH(gCred, temp)
2702 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), PRIMARY_CERT, strlen(PRIMARY_CERT) + 1))
2704 OIC_LOG_V(DEBUG, TAG, "len: %d, crt len: %d", temp->publicData.len, crt->len);
2705 crt->data = OICRealloc(crt->data, crt->len + temp->publicData.len);
2706 memcpy(crt->data + crt->len, temp->publicData.data, temp->publicData.len);
2707 crt->len += temp->publicData.len;
2709 OIC_LOG_V(DEBUG, TAG, "Trust CA Found!! %d", crt->len);
2714 OIC_LOG(DEBUG, TAG, "Trust CA Not Found!!");
2716 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2720 void GetDerKey(ByteArray_t * key)
2727 uint8_t *data = NULL;
2728 OicSecCred_t * temp = NULL;
2730 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2731 LL_FOREACH(gCred, temp)
2733 if (SIGNED_ASYMMETRIC_KEY == temp->credType && 0 == memcmp((temp->credUsage), PRIMARY_CERT, strlen(PRIMARY_CERT) + 1))
2735 OIC_LOG_V(DEBUG, TAG, "len: %d, key len: %d", temp->privateData.len, key->len);
2736 key->data = OICRealloc(key->data, key->len + temp->privateData.len);
2737 memcpy(key->data + key->len, temp->privateData.data, temp->privateData.len);
2738 key->len += temp->privateData.len;
2740 OIC_LOG_V(DEBUG, TAG, "Key Found!! %d", key->len);
2745 OIC_LOG(DEBUG, TAG, "Key Not Found!!");
2747 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2750 void InitCipherSuiteList(bool * list)
2752 OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
2755 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
2756 OIC_LOG(DEBUG, TAG, "NULL list param");
2759 OicSecCred_t * temp = NULL;
2760 LL_FOREACH(gCred, temp)
2762 switch (temp->credType)
2767 OIC_LOG(DEBUG, TAG, "PIN_PASSWORD found");
2770 case SYMMETRIC_PAIR_WISE_KEY:
2773 OIC_LOG(DEBUG, TAG, "SYMMETRIC_PAIR_WISE_KEY found");
2776 case SIGNED_ASYMMETRIC_KEY:
2779 OIC_LOG(DEBUG, TAG, "SIGNED_ASYMMETRIC_KEY found");
2782 case SYMMETRIC_GROUP_KEY:
2783 case ASYMMETRIC_KEY:
2784 case ASYMMETRIC_ENCRYPTION_KEY:
2786 OIC_LOG(WARNING, TAG, "Unsupported credential type for TLS.");
2791 OIC_LOG(WARNING, TAG, "Unknown credential type for TLS.");
2796 OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);