1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
33 #include "oic_malloc.h"
35 #include "resourcemanager.h"
36 #include "doxmresource.h"
37 #include "pstatresource.h"
38 #include "aclresource.h"
39 #include "psinterface.h"
41 #include "srmresourcestrings.h"
42 #include "securevirtualresourcetypes.h"
45 #include "cainterface.h"
46 #include "credresource.h"
47 #include "ocserverrequest.h"
48 #include "srmutility.h"
49 #include "pinoxmcommon.h"
51 #define TAG "SRM-DOXM"
53 static OicSecDoxm_t *gDoxm = NULL;
54 static OCResourceHandle gDoxmHandle = NULL;
56 static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS;
57 static OicSecDoxm_t gDefaultDoxm =
59 NULL, /* OicUrn_t *oxmType */
60 0, /* size_t oxmTypeLen */
61 &gOicSecDoxmJustWorks, /* uint16_t *oxm */
62 1, /* size_t oxmLen */
63 OIC_JUST_WORKS, /* uint16_t oxmSel */
64 SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */
65 false, /* bool owned */
66 {.id = {0}}, /* OicUuid_t deviceID */
68 {.id = {0}}, /* OicUuid_t owner */
71 void DeleteDoxmBinData(OicSecDoxm_t* doxm)
76 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
78 OICFree(doxm->oxmType[i]);
80 OICFree(doxm->oxmType);
90 char * BinToDoxmJSON(const OicSecDoxm_t * doxm)
98 cJSON *jsonDoxm = NULL;
99 char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
101 B64Result b64Ret = B64_OK;
103 cJSON *jsonRoot = cJSON_CreateObject();
104 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
106 jsonDoxm = cJSON_CreateObject();
107 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
108 cJSON_AddItemToObject(jsonRoot, OIC_JSON_DOXM_NAME, jsonDoxm );
110 //OxmType -- Not Mandatory
111 if (doxm->oxmTypeLen > 0)
113 cJSON *jsonOxmTyArray = cJSON_CreateArray();
114 VERIFY_NON_NULL(TAG, jsonOxmTyArray, ERROR);
115 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_TYPE_NAME, jsonOxmTyArray );
116 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
118 cJSON_AddItemToArray (jsonOxmTyArray, cJSON_CreateString(doxm->oxmType[i]));
122 //Oxm -- Not Mandatory
123 if (doxm->oxmLen > 0)
125 cJSON *jsonOxmArray = cJSON_CreateArray();
126 VERIFY_NON_NULL(TAG, jsonOxmArray, ERROR);
127 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_NAME,jsonOxmArray );
128 for (size_t i = 0; i < doxm->oxmLen; i++)
130 cJSON_AddItemToArray (jsonOxmArray, cJSON_CreateNumber(doxm->oxm[i]));
134 //OxmSel -- Mandatory
135 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_OXM_SEL_NAME, (int)doxm->oxmSel);
138 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME, (int)doxm->sct);
141 cJSON_AddBoolToObject(jsonDoxm, OIC_JSON_OWNED_NAME, doxm->owned);
143 //TODO: Need more clarification on deviceIDFormat field type.
145 //DeviceIdFormat -- Mandatory
146 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_DEVICE_ID_FORMAT_NAME, doxm->deviceIDFormat);
149 //DeviceId -- Mandatory
151 b64Ret = b64Encode(doxm->deviceID.id, sizeof(doxm->deviceID.id), base64Buff,
152 sizeof(base64Buff), &outLen);
153 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
154 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_DEVICE_ID_NAME, base64Buff);
157 cJSON_AddBoolToObject(jsonDoxm, OIC_JSON_DPC_NAME, doxm->dpc);
161 b64Ret = b64Encode(doxm->owner.id, sizeof(doxm->owner.id), base64Buff,
162 sizeof(base64Buff), &outLen);
163 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
164 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_OWNER_NAME, base64Buff);
166 jsonStr = cJSON_PrintUnformatted(jsonRoot);
171 cJSON_Delete(jsonRoot);
176 OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr)
183 OCStackResult ret = OC_STACK_ERROR;
184 OicSecDoxm_t *doxm = NULL;
185 cJSON *jsonDoxm = NULL;
186 cJSON *jsonObj = NULL;
188 size_t jsonObjLen = 0;
189 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
191 B64Result b64Ret = B64_OK;
193 cJSON *jsonRoot = cJSON_Parse(jsonStr);
194 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
196 jsonDoxm = cJSON_GetObjectItem(jsonRoot, OIC_JSON_DOXM_NAME);
197 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
199 doxm = (OicSecDoxm_t*)OICCalloc(1, sizeof(OicSecDoxm_t));
200 VERIFY_NON_NULL(TAG, doxm, ERROR);
202 //OxmType -- not Mandatory
203 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_TYPE_NAME);
204 if ((jsonObj) && (cJSON_Array == jsonObj->type))
206 doxm->oxmTypeLen = (size_t)cJSON_GetArraySize(jsonObj);
207 VERIFY_SUCCESS(TAG, doxm->oxmTypeLen > 0, ERROR);
209 doxm->oxmType = (OicUrn_t *)OICCalloc(doxm->oxmTypeLen, sizeof(char *));
210 VERIFY_NON_NULL(TAG, (doxm->oxmType), ERROR);
212 for (size_t i = 0; i < doxm->oxmTypeLen ; i++)
214 cJSON *jsonOxmTy = cJSON_GetArrayItem(jsonObj, i);
215 VERIFY_NON_NULL(TAG, jsonOxmTy, ERROR);
217 jsonObjLen = strlen(jsonOxmTy->valuestring) + 1;
218 doxm->oxmType[i] = (char*)OICMalloc(jsonObjLen);
219 VERIFY_NON_NULL(TAG, doxm->oxmType[i], ERROR);
220 strncpy((char *)doxm->oxmType[i], (char *)jsonOxmTy->valuestring, jsonObjLen);
224 //Oxm -- not Mandatory
225 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_NAME);
226 if (jsonObj && cJSON_Array == jsonObj->type)
228 doxm->oxmLen = (size_t)cJSON_GetArraySize(jsonObj);
229 VERIFY_SUCCESS(TAG, doxm->oxmLen > 0, ERROR);
231 doxm->oxm = (OicSecOxm_t*)OICCalloc(doxm->oxmLen, sizeof(OicSecOxm_t));
232 VERIFY_NON_NULL(TAG, doxm->oxm, ERROR);
234 for (size_t i = 0; i < doxm->oxmLen ; i++)
236 cJSON *jsonOxm = cJSON_GetArrayItem(jsonObj, i);
237 VERIFY_NON_NULL(TAG, jsonOxm, ERROR);
238 doxm->oxm[i] = (OicSecOxm_t)jsonOxm->valueint;
242 //OxmSel -- Mandatory
243 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_SEL_NAME);
246 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
247 doxm->oxmSel = (OicSecOxm_t)jsonObj->valueint;
249 else // PUT/POST JSON may not have oxmsel so set it to the gDoxm->oxmSel
251 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
252 doxm->oxmSel = gDoxm->oxmSel;
256 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME);
259 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
260 doxm->sct = (OicSecCredType_t)jsonObj->valueint;
262 else // PUT/POST JSON may not have sct so set it to the gDoxm->sct
264 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
265 doxm->sct = gDoxm->sct;
269 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNED_NAME);
272 VERIFY_SUCCESS(TAG, (cJSON_True == jsonObj->type || cJSON_False == jsonObj->type), ERROR);
273 doxm->owned = jsonObj->valueint;
275 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
277 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
278 doxm->owned = gDoxm->owned;
281 //DeviceId -- Mandatory
282 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_DEVICE_ID_NAME);
285 VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
286 if (cJSON_String == jsonObj->type)
288 //Check for empty string, in case DeviceId field has not been set yet
289 if (jsonObj->valuestring[0])
292 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
293 sizeof(base64Buff), &outLen);
294 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(doxm->deviceID.id)),
296 memcpy(doxm->deviceID.id, base64Buff, outLen);
300 else // PUT/POST JSON will not have deviceID so set it to the gDoxm->deviceID.id
302 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
303 memcpy((char *)doxm->deviceID.id, (char *)gDoxm->deviceID.id, sizeof(doxm->deviceID.id));
307 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_DPC_NAME);
310 VERIFY_SUCCESS(TAG, (cJSON_True == jsonObj->type || cJSON_False == jsonObj->type), ERROR);
311 doxm->dpc = jsonObj->valueint;
313 else // PUT/POST JSON may not have owned so set it to the gDomx->dpc
317 doxm->dpc = gDoxm->dpc;
321 doxm->dpc = false; // default is false
325 //Owner -- will be empty when device status is unowned.
326 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNER_NAME);
327 if (true == doxm->owned)
329 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
333 VERIFY_SUCCESS(TAG, (cJSON_String == jsonObj->type), ERROR);
335 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
336 sizeof(base64Buff), &outLen);
337 VERIFY_SUCCESS(TAG, ((b64Ret == B64_OK) && (outLen <= sizeof(doxm->owner.id))), ERROR);
338 memcpy(doxm->owner.id, base64Buff, outLen);
344 cJSON_Delete(jsonRoot);
345 if (OC_STACK_OK != ret)
347 DeleteDoxmBinData(doxm);
355 * @todo document this function including why code might need to call this.
356 * The current suspicion is that it's not being called as much as it should.
358 static bool UpdatePersistentStorage(OicSecDoxm_t * doxm)
364 // Convert Doxm data into JSON for update to persistent storage
365 char *jsonStr = BinToDoxmJSON(doxm);
368 cJSON *jsonDoxm = cJSON_Parse(jsonStr);
372 (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_DOXM_NAME, jsonDoxm)))
376 cJSON_Delete(jsonDoxm);
383 static bool ValidateQuery(const char * query)
385 // Send doxm resource data if the state of doxm resource
386 // matches with the query parameters.
387 // else send doxm resource data as NULL
388 // TODO Remove this check and rely on Policy Engine
389 // and Provisioning Mode to enforce provisioning-state
390 // access rules. Eventually, the PE and PM code will
391 // not send a request to the /doxm Entity Handler at all
392 // if it should not respond.
393 OIC_LOG (DEBUG, TAG, "In ValidateQuery");
399 bool bOwnedQry = false; // does querystring contains 'owned' query ?
400 bool bOwnedMatch = false; // does 'owned' query value matches with doxm.owned status?
401 bool bDeviceIDQry = false; // does querystring contains 'deviceid' query ?
402 bool bDeviceIDMatch = false; // does 'deviceid' query matches with doxm.deviceid ?
404 OicParseQueryIter_t parseIter = {.attrPos = NULL};
406 ParseQueryIterInit((unsigned char*)query, &parseIter);
408 while (GetNextQuery(&parseIter))
410 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_OWNED_NAME, parseIter.attrLen) == 0)
413 if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_TRUE, parseIter.valLen) == 0) &&
418 else if ((strncasecmp((char *)parseIter.valPos, OIC_SEC_FALSE, parseIter.valLen) == 0)
425 if (strncasecmp((char *)parseIter.attrPos, OIC_JSON_DEVICE_ID_NAME, parseIter.attrLen) == 0)
428 OicUuid_t subject = {.id={0}};
429 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
431 B64Result b64Ret = B64_OK;
433 b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, base64Buff,
434 sizeof(base64Buff), &outLen);
436 VERIFY_SUCCESS(TAG, (B64_OK == b64Ret && outLen <= sizeof(subject.id)), ERROR);
437 memcpy(subject.id, base64Buff, outLen);
438 if (0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
440 bDeviceIDMatch = true;
446 return ((bOwnedQry ? bOwnedMatch : true) && (bDeviceIDQry ? bDeviceIDMatch : true));
449 static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest * ehRequest)
451 char* jsonStr = NULL;
452 OCEntityHandlerResult ehRet = OC_EH_OK;
454 OIC_LOG(DEBUG, TAG, "Doxm EntityHandle processing GET request");
456 //Checking if Get request is a query.
457 if (ehRequest->query)
459 OIC_LOG(DEBUG, TAG, "HandleDoxmGetRequest processing query");
460 if (!ValidateQuery(ehRequest->query))
467 * For GET or Valid Query request return doxm resource json payload.
468 * For non-valid query return NULL json payload.
469 * A device will 'always' have a default Doxm, so BinToDoxmJSON will
470 * return valid doxm resource json.
473 jsonStr = (ehRet == OC_EH_OK) ? BinToDoxmJSON(gDoxm) : NULL;
475 // Send response payload to request originator
476 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, jsonStr))
478 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandleDoxmGetRequest");
486 static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
488 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
489 OCEntityHandlerResult ehRet = OC_EH_ERROR;
490 OicUuid_t emptyOwner = {.id = {0}};
493 * Convert JSON Doxm data into binary. This will also validate
494 * the Doxm data received.
496 OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
500 // Iotivity SRM ONLY supports OIC_JUST_WORKS now
501 if (OIC_JUST_WORKS == newDoxm->oxmSel)
503 if ((false == gDoxm->owned) && (false == newDoxm->owned))
506 * If current state of the device is un-owned, enable
507 * anonymous ECDH cipher in tinyDTLS so that Provisioning
508 * tool can initiate JUST_WORKS ownership transfer process.
510 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
512 OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
514 ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
515 #endif //__WITH_DTLS__
521 //Save the owner's UUID to derive owner credential
522 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
524 // OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
525 // //Generating OwnerPSK
526 // OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
527 // //Generate new credential for provisioning tool
528 // ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
529 // (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
530 // VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
532 // Update new state in persistent storage
533 if (true == UpdatePersistentStorage(gDoxm))
539 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
544 * Disable anonymous ECDH cipher in tinyDTLS since device is now
547 CAResult_t caRes = CA_STATUS_OK;
548 caRes = CAEnableAnonECDHCipherSuite(false);
549 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
550 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
553 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
554 CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
555 #endif //__WITH_X509__
556 #endif //__WITH_DTLS__
560 else if (OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
562 if ((false == gDoxm->owned) && (false == newDoxm->owned))
565 * If current state of the device is un-owned, enable
566 * anonymous ECDH cipher in tinyDTLS so that Provisioning
567 * tool can initiate JUST_WORKS ownership transfer process.
569 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
571 gDoxm->oxmSel = newDoxm->oxmSel;
572 //Update new state in persistent storage
573 if ((UpdatePersistentStorage(gDoxm) == true))
579 OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
584 CAResult_t caRes = CA_STATUS_OK;
586 caRes = CAEnableAnonECDHCipherSuite(false);
587 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
588 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
590 caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
591 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
593 char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
594 if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
596 //Set the device id to derive temporal PSK
597 SetUuidForRandomPinOxm(&gDoxm->deviceID);
600 * Since PSK will be used directly by DTLS layer while PIN based ownership transfer,
601 * Credential should not be saved into SVR.
602 * For this reason, use a temporary get_psk_info callback to random PIN OxM.
604 caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm);
605 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
610 OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
613 #endif //__WITH_DTLS__
618 //Save the owner's UUID to derive owner credential
619 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
621 //Update new state in persistent storage
622 if((UpdatePersistentStorage(gDoxm) == true))
628 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
637 * When current state of the device is un-owned and Provisioning
638 * Tool is attempting to change the state to 'Owned' with a
639 * qualified value for the field 'Owner'
641 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
642 (memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0))
645 // Update new state in persistent storage
646 if (UpdatePersistentStorage(gDoxm))
648 //Update default ACL of security resource to prevent anonymous user access.
649 if(OC_STACK_OK == UpdateDefaultSecProvACL())
655 OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning");
661 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
668 if(OC_EH_OK != ehRet)
670 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
671 "DOXM will be reverted.");
674 * If some error is occured while ownership transfer,
675 * ownership transfer related resource should be revert back to initial status.
677 RestoreDoxmToInitState();
678 RestorePstatToInitState();
681 //Send payload to request originator
682 if (OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
684 OIC_LOG(ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest");
686 DeleteDoxmBinData(newDoxm);
692 * This internal method is the entity handler for DOXM resources.
694 OCEntityHandlerResult DoxmEntityHandler(OCEntityHandlerFlag flag,
695 OCEntityHandlerRequest * ehRequest,
699 OCEntityHandlerResult ehRet = OC_EH_ERROR;
701 if(NULL == ehRequest)
706 if (flag & OC_REQUEST_FLAG)
708 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
709 switch (ehRequest->method)
712 ehRet = HandleDoxmGetRequest(ehRequest);
716 ehRet = HandleDoxmPutRequest(ehRequest);
721 SendSRMResponse(ehRequest, ehRet, NULL);
730 * This internal method is used to create '/oic/sec/doxm' resource.
732 OCStackResult CreateDoxmResource()
734 OCStackResult ret = OCCreateResource(&gDoxmHandle,
735 OIC_RSRC_TYPE_SEC_DOXM,
740 OC_OBSERVABLE | OC_SECURE |
741 OC_EXPLICIT_DISCOVERABLE);
743 if (OC_STACK_OK != ret)
745 OIC_LOG (FATAL, TAG, "Unable to instantiate Doxm resource");
746 DeInitDoxmResource();
752 * Checks if DeviceID is generated during provisioning for the new device.
753 * If DeviceID is NULL then generates the new DeviceID.
754 * Once DeviceID is assigned to the device it does not change for the lifetime of the device.
756 static OCStackResult CheckDeviceID()
758 OCStackResult ret = OC_STACK_ERROR;
759 bool validId = false;
760 for (uint8_t i = 0; i < UUID_LENGTH; i++)
762 if (gDoxm->deviceID.id[i] != 0)
771 if (OCGenerateUuid(gDoxm->deviceID.id) != RAND_UUID_OK)
773 OIC_LOG(FATAL, TAG, "Generate UUID for Server Instance failed!");
778 if (UpdatePersistentStorage(gDoxm))
780 //TODO: After registering PSI handler in all samples, do ret = OC_STACK_OK here.
781 OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
792 * Get the default value.
794 * @return the default value of doxm, @ref OicSecDoxm_t.
796 static OicSecDoxm_t* GetDoxmDefault()
798 OIC_LOG(DEBUG, TAG, "GetDoxmToDefault");
799 return &gDefaultDoxm;
802 const OicSecDoxm_t* GetDoxmResourceData()
807 OCStackResult InitDoxmResource()
809 OCStackResult ret = OC_STACK_ERROR;
811 //Read DOXM resource from PS
812 char* jsonSVRDatabase = GetSVRDatabase();
815 //Convert JSON DOXM into binary format
816 gDoxm = JSONToDoxmBin(jsonSVRDatabase);
819 * If SVR database in persistent storage got corrupted or
820 * is not available for some reason, a default doxm is created
821 * which allows user to initiate doxm provisioning again.
823 if (!jsonSVRDatabase || !gDoxm)
825 gDoxm = GetDoxmDefault();
828 //In case of the server is shut down unintentionally, we should initialize the owner
829 if(false == gDoxm->owned)
831 OicUuid_t emptyUuid = {.id={0}};
832 memcpy(&gDoxm->owner, &emptyUuid, sizeof(OicUuid_t));
835 ret = CheckDeviceID();
836 if (ret == OC_STACK_OK)
838 //Instantiate 'oic.sec.doxm'
839 ret = CreateDoxmResource();
843 OIC_LOG (ERROR, TAG, "CheckDeviceID failed");
845 OICFree(jsonSVRDatabase);
849 OCStackResult DeInitDoxmResource()
851 OCStackResult ret = OCDeleteResource(gDoxmHandle);
852 if (gDoxm != &gDefaultDoxm)
854 DeleteDoxmBinData(gDoxm);
858 if (OC_STACK_OK == ret)
864 return OC_STACK_ERROR;
868 OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
870 if (deviceID && gDoxm)
872 *deviceID = gDoxm->deviceID;
875 return OC_STACK_ERROR;
878 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
880 OCStackResult retVal = OC_STACK_ERROR;
884 *devOwner = gDoxm->owner; // TODO change to devOwner when available
885 retVal = OC_STACK_OK;
892 * Function to restore doxm resurce to initial status.
893 * This function will use in case of error while ownership transfer
895 void RestoreDoxmToInitState()
899 OIC_LOG(INFO, TAG, "DOXM resource will revert back to initial status.");
901 OicUuid_t emptyUuid = {.id={0}};
902 memcpy(&(gDoxm->owner), &emptyUuid, sizeof(OicUuid_t));
903 gDoxm->owned = false;
904 gDoxm->oxmSel = OIC_JUST_WORKS;
906 if(!UpdatePersistentStorage(gDoxm))
908 OIC_LOG(ERROR, TAG, "Failed to revert DOXM in persistent storage");