#include <thread>
#include "pinoxmcommon.h"
+#ifdef __APPLE__
+#include "../csdk/security/provisioning/include/ocprovisioningmanager.h"
+#else
#include "ocprovisioningmanager.h"
+#endif
#include "OCApi.h"
#include "OCPlatform_impl.h"
+#include "oxmverifycommon.h"
+#include "casecurityinterface.h"
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+#include "mbedtls/x509_crt.h"
+#endif
namespace OC
{
typedef std::function<void(PMResultList_t *result, int hasError)> ResultCallBack;
typedef std::function<void(uint16_t credId, uint8_t *trustCertChain,
size_t chainSize)>CertChainCallBack;
+ typedef std::function<OCStackResult(uint8_t verifNum[])> DisplayNumCB;
+ typedef std::function<OCStackResult()> UserConfirmNumCB;
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+ typedef std::function<OCStackResult(const mbedtls_x509_crt *peerCert,
+ int depth)> PeerCertCB;
+#endif
struct ProvisionContext
{
CertChainCallBack callback;
TrustCertChainContext(CertChainCallBack cb) : callback(cb){}
};
+
+ struct DisplayNumContext
+ {
+ DisplayNumCB callback;
+ DisplayNumContext(DisplayNumCB cb) : callback(cb){}
+ };
+
+ struct UserConfirmNumContext
+ {
+ UserConfirmNumCB callback;
+ UserConfirmNumContext(UserConfirmNumCB cb) : callback(cb){}
+ };
+
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+ struct PeerCertContext
+ {
+ PeerCertCB callback;
+ PeerCertContext(PeerCertCB cb) : callback(cb){}
+ };
+#endif
+
/**
* This class is for credential's to be set to devices.
* The types supported are
static OCStackResult provisionInit(const std::string& dbPath);
/**
+ * API to terminate the OTM process
+ *
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult terminatePM();
+
+ /**
* API is responsible for discovery of devices in it's subnet. It will list
* all the device in subnet which are not yet owned.
*
std::shared_ptr<OCSecureResource> &foundDevice);
/**
- * API for registering Ownership transfer methods for a particular transfer Type.
+ * API is responsible for discovery of devices in specified endpoint/deviceID.
+ * And this function will only return the specified device's response.
+ *
+ * @param timeout Timeout in seconds, time until which function will listen to
+ * responses from server before returning the specified device.
+ * @param deviceID deviceID of target device.
+ * @param hostAddress MAC address of target device.
+ * @param connType ConnectivityType for discovery.
+ * @param foundDevice OCSecureResource object of found device.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ * ::OC_STACK_INVALID_PARAM when deviceID is NULL or ppFoundDevice is not
+ * initailized.
+ */
+ static OCStackResult discoverSingleDeviceInUnicast(unsigned short timeout,
+ const OicUuid_t* deviceID,
+ const std::string& hostAddress,
+ OCConnectivityType connType,
+ std::shared_ptr<OCSecureResource> &foundDevice);
+
+#ifdef MULTIPLE_OWNER
+ /**
+ * API is responsible for discovery of MOT(Mutilple Owner Transfer)
+ * devices in current subnet.
+ *
+ * @param timeout Timeout in seconds, time until which function will listen to
+ * responses from server before returning the list of devices.
+ * @param list List of MOT enabled devices.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult discoverMultipleOwnerEnabledDevices(unsigned short timeout,
+ DeviceList_t &list);
+
+ /**
+ * API is responsible for discovery of Multiple owned device in
+ * current subnet.
+ *
+ * @param timeout Timeout in seconds, time until which function will listen to
+ * responses from server before returning the list of devices.
+ * @param list List of Multiple Owned devices.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult discoverMultipleOwnedDevices(unsigned short timeout,
+ DeviceList_t &list);
+
+#endif
+
+ /**
+ * API for registering Pin Callback.
*
- * @param oxm Ownership transfer method.
- * @param callbackData CallbackData Methods for ownership transfer.
- * @param inputPin Callback method to input pin for verification.
+ * @param InputPinCallback inputPin callback function.
* @return ::OC_STACK_OK in case of success and other value otherwise.
*/
- static OCStackResult setOwnerTransferCallbackData(OicSecOxm_t oxm,
- OTMCallbackData_t* callbackData, InputPinCallback inputPin);
+ static OCStackResult setInputPinCallback(InputPinCallback inputPin);
+
+ /**
+ * API for de-registering Pin Callback.
+ *
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult unsetInputPinCallback();
+
+ /**
+ * API to set Pin Type policy.
+ *
+ * @param pinSize pin Size
+ * @param pinType Type of the pin.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult setRandomPinPolicy(size_t pinSize, OicSecPinType_t pinType);
/**
* API to get status of all the devices in current subnet. The status include endpoint
*/
static OCStackResult saveACL(const OicSecAcl_t* acl);
+ /**
+ * api to register Callback for displaying verifNum in verification Just-Works
+ *
+ * @param displayNumCB Callback which is to be registered.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult registerDisplayNumCallback(DisplayNumCB displayNumCB);
+
+ /**
+ * API to De-register Callback for displaying verifNum in verification Just-Works
+ *
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult deregisterDisplayNumCallback();
+
+ /**
+ * API to reister Callback for getting user confirmation in verification Just-Works
+ *@param userConfirmCB Callback which is to be registered.
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult registerUserConfirmCallback(UserConfirmNumCB userConfirmCB);
+
+ /**
+ * API to De-register Callback for getting user confirmation in verification Just-Works
+ *
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult deregisterUserConfirmCallback();
+
+ /*
+ * Set option for Mutual Verified Just-Works
+ * The default is both display PIN and get user confirmation.
+ */
+ static OCStackResult setVerifyOptionMask(VerifyOptionBitmask_t optionMask);
+
+ /**
+ * Callback function to display Verification Number.
+ *
+ * @param[in] ctx User context returned in callback
+ * @param[in] verifNum Array of MUTUAL_VERIF_NUM_LEN size bytes
+ *
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult displayNumCallbackWrapper(void* ctx,
+ uint8_t verifNum[MUTUAL_VERIF_NUM_LEN]);
+
+ /**
+ * Callback function to get 'Num' verification result.
+ *
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult confirmUserCallbackWrapper(void* ctx);
+
+ /**
+ * API to cleanup PDM in case of timeout.
+ * It will remove the PDM_DEVICE_INIT state devices from PDM.
+ *
+ * @return OC_STACK_OK in case of success and other value otherwise.
+ */
+ static OCStackResult pdmCleanupForTimeout();
+
#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
/**
* API to save Trust certificate chain into Cred of SVR.
*/
static void certCallbackWrapper(void* ctx, uint16_t credId, uint8_t *trustCertChain,
size_t chainSize);
+
+ /**
+ * Wrapper to save the seed value to generate device UUID
+ *
+ * @param[in] seed buffer of seed value
+ * @param[in] seedSize byte length of seed
+ */
+ static OCStackResult setDeviceIdSeed(const uint8_t* seed, size_t seedSize);
+
+ /**
+ * Callback wrapper for getting peer certificate.
+ *
+ * @param[in] ctx User context returned in callback
+ * @param[in] cert certificate
+ * @param[in] depth depth of chain
+ */
+ static int peerCertCallbackWrapper(void *ctx, const mbedtls_x509_crt *cert,
+ int depth);
+
+ /**
+ * API to set the function for getting peer certificate.
+ */
+ static OCStackResult setPeerCertCallback(PeerCertCB cb);
#endif // __WITH_DTLS__ || __WITH_TLS__
+ /**
+ * This function configures SVR DB as self-ownership.
+ *
+ *@return OC_STACK_OK in case of successful configue and other value otherwise.
+ */
+ static OCStackResult configSelfOwnership();
+
};
/**
*/
bool getOwnedStatus();
+ /**
+ * API to get the proper OxM for OT.
+ *
+ * @param oxm Address to save the selected OxM.
+ *
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult getOTMethod(OicSecOxm_t* oxm);
/**
* Common callback wrapper, which will be called from OC-APIs.
static void callbackWrapper(void* ctx, int nOfRes,
OCProvisionResult_t *arr, bool hasError);
+#ifdef MULTIPLE_OWNER
+ /**
+ * API to update 'doxm.oxmsel' to resource server.
+ *
+ * @param resultCallback Callback provided by API user, callback will be
+ * called when credential revocation is finished.
+ * @param oxmSelVal Method of multiple ownership transfer (ref. oic.sec.oxm)
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult selectMOTMethod( const OicSecOxm_t oxmSelVal,
+ ResultCallBack resultCallback);
+
+ /**
+ * API to update 'doxm.mom' to resource server.
+ *
+ * @param resultCallback Callback provided by API user, callback will be
+ * called when credential revocation is finished.
+ * @param momType Mode of multiple ownership transfer (ref. oic.sec.mom)
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult changeMOTMode( const OicSecMomType_t momType,
+ ResultCallBack resultCallback);
+
+ /**
+ * API to add preconfigured PIN to local SVR DB.
+ *
+ * @param preconfPIN Preconfig PIN which is used while multiple owner authentication
+ * @param preconfPINLength Byte length of preconfig PIN
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult addPreconfigPIN(const char* preconfPIN,
+ size_t preconfPINLength);
+
+ /**
+ * API to provision preconfigured PIN.
+ *
+ * @param resultCallback Callback provided by API user, callback will be called when
+ * credential revocation is finished.
+ * @param preconfPin Preconfig PIN which is used while multiple owner authentication
+ * @param preconfPinLength Byte length of preconfig PIN
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult provisionPreconfPin(const char * preconfPin,
+ size_t preconfPinLength, ResultCallBack resultCallback);
+
+ /**
+ * API to do multiple ownership transfer for MOT enabled device.
+ *
+ * @param resultCallback Result callback function to be invoked when
+ * multiple ownership transfer finished.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult doMultipleOwnershipTransfer(ResultCallBack resultCallback);
+
+ /**
+ * API to remove sub-owner from resource server
+ *
+ * @param[in] subOwner sub-owner UUID to be removed
+ * @param[in] resultCallback callback provided by API user, callback will be invoked when
+ * DELETE 'subowneruuid' request recieves a response from resource server.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult removeSubOwner(const OicUuid_t* subOwnerId, ResultCallBack resultCallback);
+
+ /**
+ * API to remove all sub-owner from resource server
+ *
+ * @param[in] resultCallback callback provided by API user, callback will be invoked when
+ * DELETE 'subowneruuid' request recieves a response from resource server.
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult removeAllSubOwner(ResultCallBack resultCallback);
+
+ /**
+ * API to get a sub-owner list
+ *
+ * @param[out] Sub-owner list of resource server
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult getSubOwnerList(UuidList_t &uuidList);
+
+ /**
+ * API to get the proper OxM for MOT.
+ *
+ * @param oxm Address to save the selected OxM.
+ *
+ * @return ::OC_STACK_OK in case of success and other value otherwise.
+ */
+ OCStackResult getMOTMethod( OicSecOxm_t* oxm);
+
+ /**
+ * API to check whether MOT is supported.
+ *
+ * @return ::true in case of MOT supported.
+ */
+ bool isMOTSupported();
+
+ /**
+ * API to check whether MOT is enabled.
+ *
+ * @return ::true in case of MOT enabled.
+ */
+ bool isMOTEnabled();
+
+
+#endif // MULTIPLE_OWNER
+
private:
void validateSecureResource();
};