1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23 #include "oic_malloc.h"
25 #include "resourcemanager.h"
26 #include "doxmresource.h"
27 #include "pstatresource.h"
28 #include "aclresource.h"
29 #include "psinterface.h"
31 #include "srmresourcestrings.h"
32 #include "securevirtualresourcetypes.h"
35 #include "cainterface.h"
36 #include "credresource.h"
37 #include "ocserverrequest.h"
38 #include "srmutility.h"
39 #include "pinoxmcommon.h"
52 #define TAG "SRM-DOXM"
54 static OicSecDoxm_t *gDoxm = NULL;
55 static OCResourceHandle gDoxmHandle = NULL;
57 static OicSecOxm_t gOicSecDoxmJustWorks = OIC_JUST_WORKS;
58 static OicSecDoxm_t gDefaultDoxm =
60 NULL, /* OicUrn_t *oxmType */
61 0, /* size_t oxmTypeLen */
62 &gOicSecDoxmJustWorks, /* uint16_t *oxm */
63 1, /* size_t oxmLen */
64 OIC_JUST_WORKS, /* uint16_t oxmSel */
65 SYMMETRIC_PAIR_WISE_KEY,/* OicSecCredType_t sct */
66 false, /* bool owned */
67 {.id = {0}}, /* OicUuid_t deviceID */
69 {.id = {0}}, /* OicUuid_t owner */
72 void DeleteDoxmBinData(OicSecDoxm_t* doxm)
77 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
79 OICFree(doxm->oxmType[i]);
81 OICFree(doxm->oxmType);
91 char * BinToDoxmJSON(const OicSecDoxm_t * doxm)
99 cJSON *jsonDoxm = NULL;
100 char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
102 B64Result b64Ret = B64_OK;
104 cJSON *jsonRoot = cJSON_CreateObject();
105 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
107 jsonDoxm = cJSON_CreateObject();
108 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
109 cJSON_AddItemToObject(jsonRoot, OIC_JSON_DOXM_NAME, jsonDoxm );
111 //OxmType -- Not Mandatory
112 if(doxm->oxmTypeLen > 0)
114 cJSON *jsonOxmTyArray = cJSON_CreateArray();
115 VERIFY_NON_NULL(TAG, jsonOxmTyArray, ERROR);
116 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_TYPE_NAME, jsonOxmTyArray );
117 for (size_t i = 0; i < doxm->oxmTypeLen; i++)
119 cJSON_AddItemToArray (jsonOxmTyArray, cJSON_CreateString(doxm->oxmType[i]));
123 //Oxm -- Not Mandatory
126 cJSON *jsonOxmArray = cJSON_CreateArray();
127 VERIFY_NON_NULL(TAG, jsonOxmArray, ERROR);
128 cJSON_AddItemToObject (jsonDoxm, OIC_JSON_OXM_NAME,jsonOxmArray );
129 for (size_t i = 0; i < doxm->oxmLen; i++)
131 cJSON_AddItemToArray (jsonOxmArray, cJSON_CreateNumber(doxm->oxm[i]));
135 //OxmSel -- Mandatory
136 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_OXM_SEL_NAME, (int)doxm->oxmSel);
139 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME, (int)doxm->sct);
142 cJSON_AddBoolToObject(jsonDoxm, OIC_JSON_OWNED_NAME, doxm->owned);
144 //TODO: Need more clarification on deviceIDFormat field type.
146 //DeviceIdFormat -- Mandatory
147 cJSON_AddNumberToObject(jsonDoxm, OIC_JSON_DEVICE_ID_FORMAT_NAME, doxm->deviceIDFormat);
150 //DeviceId -- Mandatory
152 b64Ret = b64Encode(doxm->deviceID.id, sizeof(doxm->deviceID.id), base64Buff,
153 sizeof(base64Buff), &outLen);
154 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
155 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_DEVICE_ID_NAME, base64Buff);
158 cJSON_AddBoolToObject(jsonDoxm, OIC_JSON_DPC_NAME, doxm->dpc);
162 b64Ret = b64Encode(doxm->owner.id, sizeof(doxm->owner.id), base64Buff,
163 sizeof(base64Buff), &outLen);
164 VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
165 cJSON_AddStringToObject(jsonDoxm, OIC_JSON_OWNER_NAME, base64Buff);
167 jsonStr = cJSON_PrintUnformatted(jsonRoot);
172 cJSON_Delete(jsonRoot);
177 OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr)
185 OCStackResult ret = OC_STACK_ERROR;
186 OicSecDoxm_t *doxm = NULL;
187 cJSON *jsonDoxm = NULL;
188 cJSON *jsonObj = NULL;
190 size_t jsonObjLen = 0;
191 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
193 B64Result b64Ret = B64_OK;
195 cJSON *jsonRoot = cJSON_Parse(jsonStr);
196 VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
198 jsonDoxm = cJSON_GetObjectItem(jsonRoot, OIC_JSON_DOXM_NAME);
199 VERIFY_NON_NULL(TAG, jsonDoxm, ERROR);
201 doxm = (OicSecDoxm_t*)OICCalloc(1, sizeof(OicSecDoxm_t));
202 VERIFY_NON_NULL(TAG, doxm, ERROR);
204 //OxmType -- not Mandatory
205 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_TYPE_NAME);
206 if ((jsonObj) && (cJSON_Array == jsonObj->type))
208 doxm->oxmTypeLen = (size_t)cJSON_GetArraySize(jsonObj);
209 VERIFY_SUCCESS(TAG, doxm->oxmTypeLen > 0, ERROR);
211 doxm->oxmType = (OicUrn_t *)OICCalloc(doxm->oxmTypeLen, sizeof(char *));
212 VERIFY_NON_NULL(TAG, (doxm->oxmType), ERROR);
214 for (size_t i = 0; i < doxm->oxmTypeLen ; i++)
216 cJSON *jsonOxmTy = cJSON_GetArrayItem(jsonObj, i);
217 VERIFY_NON_NULL(TAG, jsonOxmTy, ERROR);
219 jsonObjLen = strlen(jsonOxmTy->valuestring) + 1;
220 doxm->oxmType[i] = (char*)OICMalloc(jsonObjLen);
221 VERIFY_NON_NULL(TAG, doxm->oxmType[i], ERROR);
222 strncpy((char *)doxm->oxmType[i], (char *)jsonOxmTy->valuestring, jsonObjLen);
226 //Oxm -- not Mandatory
227 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_NAME);
228 if (jsonObj && cJSON_Array == jsonObj->type)
230 doxm->oxmLen = (size_t)cJSON_GetArraySize(jsonObj);
231 VERIFY_SUCCESS(TAG, doxm->oxmLen > 0, ERROR);
233 doxm->oxm = (OicSecOxm_t*)OICCalloc(doxm->oxmLen, sizeof(OicSecOxm_t));
234 VERIFY_NON_NULL(TAG, doxm->oxm, ERROR);
236 for (size_t i = 0; i < doxm->oxmLen ; i++)
238 cJSON *jsonOxm = cJSON_GetArrayItem(jsonObj, i);
239 VERIFY_NON_NULL(TAG, jsonOxm, ERROR);
240 doxm->oxm[i] = (OicSecOxm_t)jsonOxm->valueint;
244 //OxmSel -- Mandatory
245 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OXM_SEL_NAME);
248 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
249 doxm->oxmSel = (OicSecOxm_t)jsonObj->valueint;
251 else // PUT/POST JSON may not have oxmsel so set it to the gDoxm->oxmSel
253 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
254 doxm->oxmSel = gDoxm->oxmSel;
258 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_SUPPORTED_CRED_TYPE_NAME);
261 VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
262 doxm->sct = (OicSecCredType_t)jsonObj->valueint;
264 else // PUT/POST JSON may not have sct so set it to the gDoxm->sct
266 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
267 doxm->sct = gDoxm->sct;
271 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNED_NAME);
274 VERIFY_SUCCESS(TAG, (cJSON_True == jsonObj->type || cJSON_False == jsonObj->type), ERROR);
275 doxm->owned = jsonObj->valueint;
277 else // PUT/POST JSON may not have owned so set it to the gDomx->owned
279 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
280 doxm->owned = gDoxm->owned;
283 //DeviceId -- Mandatory
284 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_DEVICE_ID_NAME);
287 VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
288 if(cJSON_String == jsonObj->type)
290 //Check for empty string, in case DeviceId field has not been set yet
291 if (jsonObj->valuestring[0])
294 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
295 sizeof(base64Buff), &outLen);
296 VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(doxm->deviceID.id)),
298 memcpy(doxm->deviceID.id, base64Buff, outLen);
302 else // PUT/POST JSON will not have deviceID so set it to the gDoxm->deviceID.id
304 VERIFY_NON_NULL(TAG, gDoxm, ERROR);
305 memcpy((char *)doxm->deviceID.id, (char *)gDoxm->deviceID.id, sizeof(doxm->deviceID.id));
309 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_DPC_NAME);
312 VERIFY_SUCCESS(TAG, (cJSON_True == jsonObj->type || cJSON_False == jsonObj->type), ERROR);
313 doxm->dpc = jsonObj->valueint;
315 else // PUT/POST JSON may not have owned so set it to the gDomx->dpc
319 doxm->dpc = gDoxm->dpc;
323 doxm->dpc = false; // default is false
327 //Owner -- will be empty when device status is unowned.
328 jsonObj = cJSON_GetObjectItem(jsonDoxm, OIC_JSON_OWNER_NAME);
329 if(true == doxm->owned)
331 VERIFY_NON_NULL(TAG, jsonObj, ERROR);
335 VERIFY_SUCCESS(TAG, (cJSON_String == jsonObj->type), ERROR);
337 b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
338 sizeof(base64Buff), &outLen);
339 VERIFY_SUCCESS(TAG, ((b64Ret == B64_OK) && (outLen <= sizeof(doxm->owner.id))), ERROR);
340 memcpy(doxm->owner.id, base64Buff, outLen);
346 cJSON_Delete(jsonRoot);
347 if (OC_STACK_OK != ret)
349 DeleteDoxmBinData(doxm);
357 * @todo document this function including why code might need to call this.
358 * The current suspicion is that it's not being called as much as it should.
360 static bool UpdatePersistentStorage(OicSecDoxm_t * doxm)
366 // Convert Doxm data into JSON for update to persistent storage
367 char *jsonStr = BinToDoxmJSON(doxm);
370 cJSON *jsonDoxm = cJSON_Parse(jsonStr);
374 (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_DOXM_NAME, jsonDoxm)))
378 cJSON_Delete(jsonDoxm);
385 static bool ValidateQuery(const char * query)
387 // Send doxm resource data if the state of doxm resource
388 // matches with the query parameters.
389 // else send doxm resource data as NULL
390 // TODO Remove this check and rely on Policy Engine
391 // and Provisioning Mode to enforce provisioning-state
392 // access rules. Eventually, the PE and PM code will
393 // not send a request to the /doxm Entity Handler at all
394 // if it should not respond.
395 OIC_LOG (DEBUG, TAG, "In ValidateQuery");
401 bool bOwnedQry = false; // does querystring contains 'owned' query ?
402 bool bOwnedMatch = false; // does 'owned' query value matches with doxm.owned status?
403 bool bDeviceIDQry = false; // does querystring contains 'deviceid' query ?
404 bool bDeviceIDMatch = false; // does 'deviceid' query matches with doxm.deviceid ?
406 OicParseQueryIter_t parseIter = {.attrPos = NULL};
408 ParseQueryIterInit((unsigned char*)query, &parseIter);
410 while(GetNextQuery(&parseIter))
412 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_OWNED_NAME, parseIter.attrLen) == 0)
415 if((strncasecmp((char *)parseIter.valPos, OIC_SEC_TRUE, parseIter.valLen) == 0) &&
420 else if((strncasecmp((char *)parseIter.valPos, OIC_SEC_FALSE, parseIter.valLen) == 0)
427 if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_DEVICE_ID_NAME, parseIter.attrLen) == 0)
430 OicUuid_t subject = {.id={0}};
431 unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
433 B64Result b64Ret = B64_OK;
435 b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen, base64Buff,
436 sizeof(base64Buff), &outLen);
438 VERIFY_SUCCESS(TAG, (B64_OK == b64Ret && outLen <= sizeof(subject.id)), ERROR);
439 memcpy(subject.id, base64Buff, outLen);
440 if(0 == memcmp(&gDoxm->deviceID.id, &subject.id, sizeof(gDoxm->deviceID.id)))
442 bDeviceIDMatch = true;
448 return ((bOwnedQry ? bOwnedMatch : true) && (bDeviceIDQry ? bDeviceIDMatch : true));
451 static OCEntityHandlerResult HandleDoxmGetRequest (const OCEntityHandlerRequest * ehRequest)
453 char* jsonStr = NULL;
454 OCEntityHandlerResult ehRet = OC_EH_OK;
456 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing GET request");
458 //Checking if Get request is a query.
461 OIC_LOG (DEBUG, TAG, "HandleDoxmGetRequest processing query");
462 if(!ValidateQuery(ehRequest->query))
469 * For GET or Valid Query request return doxm resource json payload.
470 * For non-valid query return NULL json payload.
471 * A device will 'always' have a default Doxm, so BinToDoxmJSON will
472 * return valid doxm resource json.
475 jsonStr = (ehRet == OC_EH_OK) ? BinToDoxmJSON(gDoxm) : NULL;
477 // Send response payload to request originator
478 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, jsonStr))
480 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandleDoxmGetRequest");
488 static OCEntityHandlerResult HandleDoxmPutRequest (const OCEntityHandlerRequest * ehRequest)
490 OIC_LOG (DEBUG, TAG, "Doxm EntityHandle processing PUT request");
491 OCEntityHandlerResult ehRet = OC_EH_ERROR;
492 OicUuid_t emptyOwner = {.id = {0}};
495 * Convert JSON Doxm data into binary. This will also validate
496 * the Doxm data received.
498 OicSecDoxm_t* newDoxm = JSONToDoxmBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
502 // Iotivity SRM ONLY supports OIC_JUST_WORKS now
503 if (OIC_JUST_WORKS == newDoxm->oxmSel)
505 if ((false == gDoxm->owned) && (false == newDoxm->owned))
508 * If current state of the device is un-owned, enable
509 * anonymous ECDH cipher in tinyDTLS so that Provisioning
510 * tool can initiate JUST_WORKS ownership transfer process.
512 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
514 OIC_LOG (INFO, TAG, "Doxm EntityHandle enabling AnonECDHCipherSuite");
516 ehRet = (CAEnableAnonECDHCipherSuite(true) == CA_STATUS_OK) ? OC_EH_OK : OC_EH_ERROR;
517 #endif //__WITH_DTLS__
523 //Save the owner's UUID to derive owner credential
524 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
526 // OCServerRequest *request = (OCServerRequest *)ehRequest->requestHandle;
527 // //Generating OwnerPSK
528 // OIC_LOG (INFO, TAG, "Doxm EntityHandle generating OwnerPSK");
529 // //Generate new credential for provisioning tool
530 // ehRet = AddOwnerPSK((CAEndpoint_t *)&request->devAddr, newDoxm,
531 // (uint8_t*) OXM_JUST_WORKS, strlen(OXM_JUST_WORKS));
532 // VERIFY_SUCCESS(TAG, OC_EH_OK == ehRet, ERROR);
534 // Update new state in persistent storage
535 if (true == UpdatePersistentStorage(gDoxm))
541 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
546 * Disable anonymous ECDH cipher in tinyDTLS since device is now
549 CAResult_t caRes = CA_STATUS_OK;
550 caRes = CAEnableAnonECDHCipherSuite(false);
551 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
552 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
555 #define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
556 CASelectCipherSuite(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
557 #endif //__WITH_X509__
558 #endif //__WITH_DTLS__
562 else if(OIC_RANDOM_DEVICE_PIN == newDoxm->oxmSel)
564 if ((false == gDoxm->owned) && (false == newDoxm->owned))
567 * If current state of the device is un-owned, enable
568 * anonymous ECDH cipher in tinyDTLS so that Provisioning
569 * tool can initiate JUST_WORKS ownership transfer process.
571 if(memcmp(&(newDoxm->owner), &emptyOwner, sizeof(OicUuid_t)) == 0)
573 gDoxm->oxmSel = newDoxm->oxmSel;
574 //Update new state in persistent storage
575 if((UpdatePersistentStorage(gDoxm) == true))
581 OIC_LOG(WARNING, TAG, "Failed to update DOXM in persistent storage");
586 CAResult_t caRes = CA_STATUS_OK;
588 caRes = CAEnableAnonECDHCipherSuite(false);
589 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
590 OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");
592 caRes = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
593 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
595 char ranPin[OXM_RANDOM_PIN_SIZE + 1] = {0,};
596 if(OC_STACK_OK == GeneratePin(ranPin, OXM_RANDOM_PIN_SIZE + 1))
598 //Set the device id to derive temporal PSK
599 SetUuidForRandomPinOxm(&gDoxm->deviceID);
602 * Since PSK will be used directly by DTLS layer while PIN based ownership transfer,
603 * Credential should not be saved into SVR.
604 * For this reason, use a temporary get_psk_info callback to random PIN OxM.
606 caRes = CARegisterDTLSCredentialsHandler(GetDtlsPskForRandomPinOxm);
607 VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
612 OIC_LOG(ERROR, TAG, "Failed to generate random PIN");
615 #endif //__WITH_DTLS__
620 //Save the owner's UUID to derive owner credential
621 memcpy(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t));
623 //Update new state in persistent storage
624 if((UpdatePersistentStorage(gDoxm) == true))
630 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
639 * When current state of the device is un-owned and Provisioning
640 * Tool is attempting to change the state to 'Owned' with a
641 * qualified value for the field 'Owner'
643 if ((false == gDoxm->owned) && (true == newDoxm->owned) &&
644 (memcmp(&(gDoxm->owner), &(newDoxm->owner), sizeof(OicUuid_t)) == 0))
647 // Update new state in persistent storage
648 if (UpdatePersistentStorage(gDoxm))
650 //Update default ACL of security resource to prevent anonymous user access.
651 if(OC_STACK_OK == UpdateDefaultSecProvACL())
657 OIC_LOG(ERROR, TAG, "Failed to remove default ACL for security provisioning");
663 OIC_LOG(ERROR, TAG, "Failed to update DOXM in persistent storage");
670 if(OC_EH_OK != ehRet)
672 OIC_LOG(WARNING, TAG, "The operation failed during handle DOXM request,"\
673 "DOXM will be reverted.");
676 * If some error is occured while ownership transfer,
677 * ownership transfer related resource should be revert back to initial status.
679 RestoreDoxmToInitState();
680 RestorePstatToInitState();
683 //Send payload to request originator
684 if(OC_STACK_OK != SendSRMResponse(ehRequest, ehRet, NULL))
686 OIC_LOG (ERROR, TAG, "SendSRMResponse failed in HandlePstatPostRequest");
688 DeleteDoxmBinData(newDoxm);
694 * This internal method is the entity handler for DOXM resources.
696 OCEntityHandlerResult DoxmEntityHandler (OCEntityHandlerFlag flag,
697 OCEntityHandlerRequest * ehRequest,
701 OCEntityHandlerResult ehRet = OC_EH_ERROR;
703 if(NULL == ehRequest)
709 if (flag & OC_REQUEST_FLAG)
711 OIC_LOG (DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
712 switch (ehRequest->method)
715 ehRet = HandleDoxmGetRequest(ehRequest);
719 ehRet = HandleDoxmPutRequest(ehRequest);
724 SendSRMResponse(ehRequest, ehRet, NULL);
733 * This internal method is used to create '/oic/sec/doxm' resource.
735 OCStackResult CreateDoxmResource()
739 ret = OCCreateResource(&gDoxmHandle,
740 OIC_RSRC_TYPE_SEC_DOXM,
745 OC_OBSERVABLE | OC_SECURE | OC_EXPLICIT_DISCOVERABLE);
747 if (OC_STACK_OK != ret)
749 OIC_LOG (FATAL, TAG, "Unable to instantiate Doxm resource");
750 DeInitDoxmResource();
756 * Checks if DeviceID is generated during provisioning for the new device.
757 * If DeviceID is NULL then generates the new DeviceID.
758 * Once DeviceID is assigned to the device it does not change for the lifetime of the device.
761 static OCStackResult CheckDeviceID()
763 OCStackResult ret = OC_STACK_ERROR;
764 bool validId = false;
765 for (uint8_t i = 0; i < UUID_LENGTH; i++)
767 if (gDoxm->deviceID.id[i] != 0)
776 if (OCGenerateUuid(gDoxm->deviceID.id) != RAND_UUID_OK)
778 OIC_LOG(FATAL, TAG, "Generate UUID for Server Instance failed!");
783 if (UpdatePersistentStorage(gDoxm))
785 //TODO: After registering PSI handler in all samples, do ret = OC_STACK_OK here.
786 OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
797 * Get the default value.
798 * @retval the gDefaultDoxm pointer;
800 static OicSecDoxm_t* GetDoxmDefault()
802 OIC_LOG (DEBUG, TAG, "GetDoxmToDefault");
803 return &gDefaultDoxm;
807 * This method is used by SRM to retrieve DOXM resource data.
809 * @retval reference to @ref OicSecDoxm_t, binary format of Doxm resource data
811 const OicSecDoxm_t* GetDoxmResourceData()
817 * Initialize DOXM resource by loading data from persistent storage.
819 * @retval OC_STACK_OK for Success, otherwise some error value
821 OCStackResult InitDoxmResource()
823 OCStackResult ret = OC_STACK_ERROR;
825 //Read DOXM resource from PS
826 char* jsonSVRDatabase = GetSVRDatabase();
829 //Convert JSON DOXM into binary format
830 gDoxm = JSONToDoxmBin(jsonSVRDatabase);
833 * If SVR database in persistent storage got corrupted or
834 * is not available for some reason, a default doxm is created
835 * which allows user to initiate doxm provisioning again.
837 if(!jsonSVRDatabase || !gDoxm)
839 gDoxm = GetDoxmDefault();
842 //In case of the server is shut down unintentionally, we should initialize the owner
843 if(false == gDoxm->owned)
845 OicUuid_t emptyUuid = {.id={0}};
846 memcpy(&gDoxm->owner, &emptyUuid, sizeof(OicUuid_t));
849 ret = CheckDeviceID();
850 if (ret == OC_STACK_OK)
852 //Instantiate 'oic.sec.doxm'
853 ret = CreateDoxmResource();
857 OIC_LOG (ERROR, TAG, "CheckDeviceID failed");
859 OICFree(jsonSVRDatabase);
864 * Perform cleanup for DOXM resources.
867 * OC_STACK_OK - no error
868 * OC_STACK_ERROR - stack process error
871 OCStackResult DeInitDoxmResource()
873 OCStackResult ret = OCDeleteResource(gDoxmHandle);
874 if(gDoxm != &gDefaultDoxm)
876 DeleteDoxmBinData(gDoxm);
880 if(OC_STACK_OK == ret)
886 return OC_STACK_ERROR;
892 * This method returns the SRM device ID for this device.
894 * @retval OC_STACK_OK for Success, otherwise some error value
896 OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
898 if(deviceID && gDoxm)
900 *deviceID = gDoxm->deviceID;
903 return OC_STACK_ERROR;
907 * @brief Gets the OicUuid_t value for the owner of this device.
909 * @return OC_STACK_OK if devOwner is a valid UUID, otherwise OC_STACK_ERROR.
911 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
913 OCStackResult retVal = OC_STACK_ERROR;
917 *devOwner = gDoxm->owner; // TODO change to devOwner when available
918 retVal = OC_STACK_OK;
925 * Function to restore doxm resurce to initial status.
926 * This function will use in case of error while ownership transfer
928 void RestoreDoxmToInitState()
932 OIC_LOG(INFO, TAG, "DOXM resource will revert back to initial status.");
934 OicUuid_t emptyUuid = {.id={0}};
935 memcpy(&(gDoxm->owner), &emptyUuid, sizeof(OicUuid_t));
936 gDoxm->owned = false;
937 gDoxm->oxmSel = OIC_JUST_WORKS;
939 if(!UpdatePersistentStorage(gDoxm))
941 OIC_LOG(ERROR, TAG, "Failed to revert DOXM in persistent storage");