1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23 #include "oic_malloc.h"
25 #include "resourcemanager.h"
26 #include "doxmresource.h"
27 #include "psinterface.h"
29 #include "srmresourcestrings.h"
30 #include "securevirtualresourcetypes.h"
33 #include "cainterface.h"
34 #include "credresource.h"
35 #include "ocserverrequest.h"
36 #include "srmutility.h"
37 #include "pinoxmcommon.h"
50 #define TAG "SRM-DOXM"
52 static OicSecDoxm_t *gDoxm = NULL;
53 static OCResourceHandle gDoxmHandle = NULL;
55 static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS;
56 static OicSecDoxm_t gDefaultDoxm =
58 NULL, /* OicUrn_t *oxmType */
59 0, /* size_t oxmTypeLen */
60 &gOicSecDoxmJustWorks, /* uint16_t *oxm */
61 1, /* size_t oxmLen */
62 OIC_JUST_WORKS, /* uint16_t oxmSel */
63 SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */
64 false, /* bool owned */
65 {.id = {0}}, /* OicUuid_t deviceID */
66 {.id = {0}}, /* OicUuid_t owner */
69 void DeleteDoxmBinData(OicSecDoxm_t* doxm)
74 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
76 OICFree(doxm->oxmType[i]);
78 OICFree(doxm->oxmType);
88 char * BinToDoxmJSON(const OicSecDoxm_t * doxm)
96 cJSON *jsonDoxm = NULL;
97 char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
99 B64Result b64Ret = B64_OK;
101 cJSON *jsonRoot = cJSON_CreateObject();
102 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
104 jsonDoxm = cJSON_CreateObject();
105 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
106 cJSON_AddItemToObject(jsonRoot, OIC_JSON_DOXM_NAME, jsonDoxm );
108 //OxmType -- Not Mandatory
109 if(doxm->oxmTypeLen > 0)
111 cJSON *jsonOxmTyArray = cJSON_CreateArray();
112 VERIFY_NON_NULL(TAG, jsonOxmTyArray, ERROR);
113 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_TYPE_NAME, jsonOxmTyArray );
114 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
116 cJSON_AddItemToArray (jsonOxmTyArray, cJSON_CreateString(doxm->oxmType[i]));
120 //Oxm -- Not Mandatory
123 cJSON *jsonOxmArray = cJSON_CreateArray();
124 VERIFY_NON_NULL(TAG, jsonOxmArray, ERROR);
125 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_NAME,jsonOxmArray );
126 for (size_t i = 0; i < doxm->oxmLen; i++)
128 cJSON_AddItemToArray (jsonOxmArray, cJSON_CreateNumber(doxm->oxm[i]));
132 //OxmSel -- Mandatory
133 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_OXM_SEL_NAME, (int)doxm->oxmSel);
136 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME, (int)doxm->sct);
139 cJSON_AddBoolToObject(jsonDoxm, OIC_JSON_OWNED_NAME, doxm->owned);
141 //TODO: Need more clarification on deviceIDFormat field type.
143 //DeviceIdFormat -- Mandatory
144 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_DEVICE_ID_FORMAT_NAME, doxm->deviceIDFormat);
147 //DeviceId -- Mandatory
149 b64Ret = b64Encode(doxm->deviceID.id, sizeof(doxm->deviceID.id), base64Buff,
150 sizeof(base64Buff), &outLen);
151 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
152 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_DEVICE_ID_NAME, base64Buff);
156 b64Ret = b64Encode(doxm->owner.id, sizeof(doxm->owner.id), base64Buff,
157 sizeof(base64Buff), &outLen);
158 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
159 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_OWNER_NAME, base64Buff);
161 jsonStr = cJSON_PrintUnformatted(jsonRoot);
166 cJSON_Delete(jsonRoot);
171 OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr)
179 OCStackResult ret = OC_STACK_ERROR;
180 OicSecDoxm_t *doxm = NULL;
181 cJSON *jsonDoxm = NULL;
182 cJSON *jsonObj = NULL;
184 size_t jsonObjLen = 0;
185 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
187 B64Result b64Ret = B64_OK;
189 cJSON *jsonRoot = cJSON_Parse(jsonStr);
190 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
192 jsonDoxm = cJSON_GetObjectItem(jsonRoot, OIC_JSON_DOXM_NAME);
193 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
195 doxm = (OicSecDoxm_t*)OICCalloc(1, sizeof(OicSecDoxm_t));
196 VERIFY_NON_NULL(TAG, doxm, ERROR);
198 //OxmType -- not Mandatory
199 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_TYPE_NAME);
200 if ((jsonObj) && (cJSON_Array == jsonObj->type))
202 doxm->oxmTypeLen = cJSON_GetArraySize(jsonObj);
203 VERIFY_SUCCESS(TAG, doxm->oxmTypeLen > 0, ERROR);
205 doxm->oxmType = (OicUrn_t *)OICCalloc(doxm->oxmTypeLen, sizeof(char *));
206 VERIFY_NON_NULL(TAG, (doxm->oxmType), ERROR);
208 for (size_t i = 0; i < doxm->oxmTypeLen ; i++)
210 cJSON *jsonOxmTy = cJSON_GetArrayItem(jsonObj, i);
211 VERIFY_NON_NULL(TAG, jsonOxmTy, ERROR);
213 jsonObjLen = strlen(jsonOxmTy->valuestring) + 1;
214 doxm->oxmType[i] = (char*)OICMalloc(jsonObjLen);
215 VERIFY_NON_NULL(TAG, doxm->oxmType[i], ERROR);
216 strncpy((char *)doxm->oxmType[i], (char *)jsonOxmTy->valuestring, jsonObjLen);
220 //Oxm -- not Mandatory
221 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_NAME);
222 if (jsonObj && cJSON_Array == jsonObj->type)
224 doxm->oxmLen = cJSON_GetArraySize(jsonObj);
225 VERIFY_SUCCESS(TAG, doxm->oxmLen > 0, ERROR);
227 doxm->oxm = (OicSecOxm_t*)OICCalloc(doxm->oxmLen, sizeof(OicSecOxm_t));
228 VERIFY_NON_NULL(TAG, doxm->oxm, ERROR);
230 for (size_t i = 0; i < doxm->oxmLen ; i++)
232 cJSON *jsonOxm = cJSON_GetArrayItem(jsonObj, i);
233 VERIFY_NON_NULL(TAG, jsonOxm, ERROR);
234 doxm->oxm[i] = (OicSecOxm_t)jsonOxm->valueint;
238 //OxmSel -- Mandatory
239 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_SEL_NAME);
242 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
243 doxm->oxmSel = (OicSecOxm_t)jsonObj->valueint;
245 else // PUT/POST JSON may not have oxmsel so set it to the gDoxm->oxmSel
247 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
248 doxm->oxmSel = gDoxm->oxmSel;
252 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME);
255 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
256 doxm->sct = (OicSecCredType_t)jsonObj->valueint;
258 else // PUT/POST JSON may not have sct so set it to the gDoxm->sct
260 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
261 doxm->sct = gDoxm->sct;
265 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNED_NAME);
268 VERIFY_SUCCESS(TAG, (cJSON_True == jsonObj->type || cJSON_False == jsonObj->type), ERROR);
269 doxm->owned = jsonObj->valueint;
271 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
273 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
274 doxm->owned = gDoxm->owned;
277 //DeviceId -- Mandatory
278 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_DEVICE_ID_NAME);
281 VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
282 if(cJSON_String == jsonObj->type)
284 //Check for empty string, in case DeviceId field has not been set yet
285 if (jsonObj->valuestring[0])
288 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
289 sizeof(base64Buff), &outLen);
290 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(doxm->deviceID.id)),
292 memcpy(doxm->deviceID.id, base64Buff, outLen);
296 else // PUT/POST JSON will not have deviceID so set it to the gDoxm->deviceID.id
298 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
299 memcpy((char *)doxm->deviceID.id, (char *)gDoxm->deviceID.id, sizeof(doxm->deviceID.id));
302 //Owner -- will be empty when device status is unowned.
303 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNER_NAME);
304 if(true == doxm->owned)
306 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
310 VERIFY_SUCCESS(TAG, (cJSON_String == jsonObj->type), ERROR);
312 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
313 sizeof(base64Buff), &outLen);
314 VERIFY_SUCCESS(TAG, ((b64Ret == B64_OK) && (outLen <= sizeof(doxm->owner.id))), ERROR);
315 memcpy(doxm->owner.id, base64Buff, outLen);
321 cJSON_Delete(jsonRoot);
322 if (OC_STACK_OK != ret)
324 DeleteDoxmBinData(doxm);
332 * @todo document this function including why code might need to call this.
333 * The current suspicion is that it's not being called as much as it should.
335 static bool UpdatePersistentStorage(OicSecDoxm_t * doxm)
341 // Convert Doxm data into JSON for update to persistent storage
342 char *jsonStr = BinToDoxmJSON(doxm);
345 cJSON *jsonDoxm = cJSON_Parse(jsonStr);
349 (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_DOXM_NAME, jsonDoxm)))
353 cJSON_Delete(jsonDoxm);
360 static bool ValidateQuery(const char * query)
362 // Send doxm resource data if the state of doxm resource
363 // matches with the query parameters.
364 // else send doxm resource data as NULL
365 // TODO Remove this check and rely on Policy Engine
366 // and Provisioning Mode to enforce provisioning-state
367 // access rules. Eventually, the PE and PM code will
368 // not send a request to the /doxm Entity Handler at all
369 // if it should not respond.
370 OIC_LOG (DEBUG, TAG, "In ValidateQuery");
376 bool bOwnedQry = false; // does querystring contains 'owned' query ?
377 bool bOwnedMatch = false; // does 'owned' query value matches with doxm.owned status?
378 bool bDeviceIDQry = false; // does querystring contains 'deviceid' query ?
379 bool bDeviceIDMatch = false; // does 'deviceid' query matches with doxm.deviceid ?
381 OicParseQueryIter_t parseIter = {.attrPos = NULL};
383 ParseQueryIterInit((unsigned char*)query, &parseIter);
385 while(GetNextQuery(&parseIter))
387 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_OWNED_NAME, parseIter.attrLen) == 0)
390 if((strncasecmp((char *)parseIter.valPos, OIC_SEC_TRUE, parseIter.valLen) == 0) &&
395 else if((strncasecmp((char *)parseIter.valPos, OIC_SEC_FALSE, parseIter.valLen) == 0)
402 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_DEVICE_ID_NAME, parseIter.attrLen) == 0)
405 OicUuid_t subject = {.id={0}};
406 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
408 B64Result b64Ret = B64_OK;
410 b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, base64Buff,
411 sizeof(base64Buff), &outLen);
413 VERIFY_SUCCESS(TAG, (B64_OK == b64Ret && outLen <= sizeof(subject.id)), ERROR);
414 memcpy(subject.id, base64Buff, outLen);
415 if(0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
417 bDeviceIDMatch = true;
423 return ((bOwnedQry ? bOwnedMatch : true) && (bDeviceIDQry ? bDeviceIDMatch : true));
426 static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest * ehRequest)
428 char* jsonStr = NULL;
429 OCEntityHandlerResult ehRet = OC_EH_OK;
431 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing GET request");
433 //Checking if Get request is a query.
436 OIC_LOG (DEBUG, TAG, "HandleDoxmGetRequest processing query");
437 if(!ValidateQuery(ehRequest->query))
444 * For GET or Valid Query request return doxm resource json payload.
445 * For non-valid query return NULL json payload.
446 * A device will 'always' have a default Doxm, so BinToDoxmJSON will
447 * return valid doxm resource json.
450 jsonStr = (ehRet == OC_EH_OK) ? BinToDoxmJSON(gDoxm) : NULL;
452 // Send response payload to request originator
453 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, jsonStr))
455 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandleDoxmGetRequest");
465 * Generating new credential for provisioning tool
469 static OCEntityHandlerResult AddOwnerPSK(const CAEndpoint_t* endpoint,
470 OicSecDoxm_t* ptDoxm,
471 const uint8_t* label, const size_t labelLen)
475 OicSecCred_t *cred = NULL;
476 uint8_t ownerPSK[OWNER_PSK_LENGTH_128] = {};
478 CAResult_t pskRet = CAGenerateOwnerPSK(endpoint,
480 ptDoxm->owner.id, sizeof(ptDoxm->owner.id),
481 gDoxm->deviceID.id, sizeof(gDoxm->deviceID.id),
482 ownerPSK, OWNER_PSK_LENGTH_128);
484 VERIFY_SUCCESS(TAG, pskRet == CA_STATUS_OK, ERROR);
486 char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {};
487 B64Result b64Ret = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128, base64Buff,
488 sizeof(base64Buff), &outLen);
489 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
491 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle generating Credential");
492 cred = GenerateCredential(&ptDoxm->owner, SYMMETRIC_PAIR_WISE_KEY,
493 NULL, base64Buff, ownLen, &ptDoxm->owner);
494 VERIFY_NON_NULL(TAG, cred, ERROR);
496 //Adding provisioning tool credential to cred Resource.
497 VERIFY_SUCCESS(TAG, OC_STACK_OK == AddCredential(cred), ERROR);
500 gDoxm->oxmSel = ptDoxm->oxmSel;
501 memcpy(&(gDoxm->owner), &(ptDoxm->owner), sizeof(OicUuid_t));
508 #endif //__WITH_DTLS__
510 static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
512 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
513 OCEntityHandlerResult ehRet = OC_EH_ERROR;
514 OicUuid_t emptyOwner = {.id = {0}};
517 * Convert JSON Doxm data into binary. This will also validate
518 * the Doxm data received.
520 OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
524 // Iotivity SRM ONLY supports OIC_JUST_WORKS now
525 if (OIC_JUST_WORKS == newDoxm->oxmSel)
528 * If current state of the device is un-owned, enable
529 * anonymous ECDH cipher in tinyDTLS so that Provisioning
530 * tool can initiate JUST_WORKS ownership transfer process.
532 if ((false == gDoxm->owned) && (false == newDoxm->owned))
534 OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
536 ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
537 #endif //__WITH_DTLS__
542 * When current state of the device is un-owned and Provisioning
543 * Tool is attempting to change the state to 'Owned' with a
544 * qualified value for the field 'Owner'
546 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
547 (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
550 * Generate OwnerPSK and create credential for Provisioning
551 * tool with the generated OwnerPSK.
552 * Update persistent storage and disable anonymous ECDH cipher
556 OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
558 //Generating OwnerPSK
559 OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
561 //Generate new credential for provisioning tool
562 ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
563 (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
565 VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
567 // Update new state in persistent storage
568 if (true == UpdatePersistentStorage(gDoxm))
577 * If persistent storage update failed, revert back the state
578 * for global variable.
580 gDoxm->owned = false;
582 memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
586 * Disable anonymous ECDH cipher in tinyDTLS since device is now
589 CAEnableAnonECDHCipherSuite(false);
591 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
592 CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
593 #endif //__WITH_X509__
594 #endif //__WITH_DTLS__
597 else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
600 //this temp Credential ID is used to track temporal Cred Id
601 static OicUuid_t tmpCredId = {.id={0}};
602 static bool tmpCredGenFlag = false;
603 #endif //__WITH_DTLS__
605 if ((false == gDoxm->owned) && (false == newDoxm->owned))
608 CAEnableAnonECDHCipherSuite(false);
609 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
610 CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
612 char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
613 if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
617 OIC_LOG(INFO, TAG, "Corrupted PSK is detected!!!");
619 OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
623 OCStackResult res = AddTmpPskWithPIN( &(newDoxm->owner), SYMMETRIC_PAIR_WISE_KEY,
624 ranPin, OXM_RANDOM_PIN_SIZE, 1, &(newDoxm->owner), &tmpCredId);
625 VERIFY_SUCCESS(TAG, res == OC_STACK_OK, ERROR);
626 tmpCredGenFlag = true;
631 OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
635 #endif //__WITH_DTLS__
639 * When current state of the device is un-owned and Provisioning
640 * Tool is attempting to change the state to 'Owned' with a
641 * qualified value for the field 'Owner'
643 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
644 (memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) != 0))
647 OCServerRequest * request = (OCServerRequest *)ehRequest->requestHandle;
649 //Remove Temporal Credential resource
653 OC_STACK_RESOURCE_DELETED == RemoveCredential(&tmpCredId),
655 tmpCredGenFlag = false;
658 //Generate new credential for provisioning tool
659 ehRet = AddOwnerPSK((CAEndpoint_t*)(&request->devAddr), newDoxm,
660 (uint8_t*)OXM_RANDOM_DEVICE_PIN, strlen(OXM_RANDOM_DEVICE_PIN));
661 VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
663 //Update new state in persistent storage
664 if((UpdatePersistentStorage(gDoxm) == true))
671 * If persistent storage update failed, revert back the state
672 * for global variable.
674 gDoxm->owned = false;
676 memset(&(gDoxm->owner), 0, sizeof(OicUuid_t));
687 //Send payload to request originator
688 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
690 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest");
692 DeleteDoxmBinData(newDoxm);
698 * This internal method is the entity handler for DOXM resources.
700 OCEntityHandlerResult DoxmEntityHandler (OCEntityHandlerFlag flag,
701 OCEntityHandlerRequest * ehRequest,
705 OCEntityHandlerResult ehRet = OC_EH_ERROR;
707 if(NULL == ehRequest)
713 if (flag & OC_REQUEST_FLAG)
715 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
716 switch (ehRequest->method)
719 ehRet = HandleDoxmGetRequest(ehRequest);
723 ehRet = HandleDoxmPutRequest(ehRequest);
728 SendSRMResponse(ehRequest, ehRet, NULL);
737 * This internal method is used to create '/oic/sec/doxm' resource.
739 OCStackResult CreateDoxmResource()
743 ret = OCCreateResource(&gDoxmHandle,
744 OIC_RSRC_TYPE_SEC_DOXM,
749 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
751 if (OC_STACK_OK != ret)
753 OIC_LOG (FATAL, TAG, "Unable to instantiate Doxm resource");
754 DeInitDoxmResource();
760 * Checks if DeviceID is generated during provisioning for the new device.
761 * If DeviceID is NULL then generates the new DeviceID.
762 * Once DeviceID is assigned to the device it does not change for the lifetime of the device.
765 static OCStackResult CheckDeviceID()
767 OCStackResult ret = OC_STACK_ERROR;
768 bool validId = false;
769 for (uint8_t i = 0; i < UUID_LENGTH; i++)
771 if (gDoxm->deviceID.id[i] != 0)
780 if (OCGenerateUuid(gDoxm->deviceID.id) != RAND_UUID_OK)
782 OIC_LOG(FATAL, TAG, "Generate UUID for Server Instance failed!");
787 if (UpdatePersistentStorage(gDoxm))
789 //TODO: After registering PSI handler in all samples, do ret = OC_STACK_OK here.
790 OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
801 * Get the default value.
802 * @retval the gDefaultDoxm pointer;
804 static OicSecDoxm_t* GetDoxmDefault()
806 OIC_LOG (DEBUG, TAG, "GetDoxmToDefault");
807 return &gDefaultDoxm;
811 * This method is used by SRM to retrieve DOXM resource data.
813 * @retval reference to @ref OicSecDoxm_t, binary format of Doxm resource data
815 const OicSecDoxm_t* GetDoxmResourceData()
821 * Initialize DOXM resource by loading data from persistent storage.
823 * @retval OC_STACK_OK for Success, otherwise some error value
825 OCStackResult InitDoxmResource()
827 OCStackResult ret = OC_STACK_ERROR;
829 //Read DOXM resource from PS
830 char* jsonSVRDatabase = GetSVRDatabase();
833 //Convert JSON DOXM into binary format
834 gDoxm = JSONToDoxmBin(jsonSVRDatabase);
837 * If SVR database in persistent storage got corrupted or
838 * is not available for some reason, a default doxm is created
839 * which allows user to initiate doxm provisioning again.
841 if(!jsonSVRDatabase || !gDoxm)
843 gDoxm = GetDoxmDefault();
845 ret = CheckDeviceID();
846 if (ret == OC_STACK_OK)
848 //Instantiate 'oic.sec.doxm'
849 ret = CreateDoxmResource();
853 OIC_LOG (ERROR, TAG, "CheckDeviceID failed");
855 OICFree(jsonSVRDatabase);
860 * Perform cleanup for DOXM resources.
863 * OC_STACK_OK - no error
864 * OC_STACK_ERROR - stack process error
867 OCStackResult DeInitDoxmResource()
869 OCStackResult ret = OCDeleteResource(gDoxmHandle);
870 if(gDoxm != &gDefaultDoxm)
872 DeleteDoxmBinData(gDoxm);
876 if(OC_STACK_OK == ret)
882 return OC_STACK_ERROR;
888 * This method returns the SRM device ID for this device.
890 * @retval OC_STACK_OK for Success, otherwise some error value
892 OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
894 if(deviceID && gDoxm)
896 *deviceID = gDoxm->deviceID;
899 return OC_STACK_ERROR;
903 * @brief Gets the OicUuid_t value for the owner of this device.
905 * @return OC_STACK_OK if devOwner is a valid UUID, otherwise OC_STACK_ERROR.
907 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
909 OCStackResult retVal = OC_STACK_ERROR;
913 *devOwner = gDoxm->owner; // TODO change to devOwner when available
914 retVal = OC_STACK_OK;