#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <pthread.h>
#include "ocstack.h"
#include "logger.h"
-#include "camutex.h"
+#include "octhread.h"
#include "cathreadpool.h"
#include "ocpayload.h"
#include "payload_logging.h"
#include "aclresource.h"
#include "crlresource.h"
#include "ocprovisioningmanager.h"
+#include "casecurityinterface.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "pkix_interface.h"
+#include "../hw_emul/hw_interface.h"
#include "utils.h"
#include "cloudAuth.h"
static uint64_t timeout;
static uint16_t g_credId = 0;
-static ca_cond cond;
-static ca_mutex mutex;
+static oc_cond cond;
+static oc_mutex mutex;
typedef enum {
SIGN_UP = 1,
USE_RSA = 8,
SAVE_TRUST_CERT = 9,
USE_SECURE_CONN = 10,
+ CONFIG_SELF_OWNERSHIP = 11,
+ SECURE_STORAGE_HW_EMULATION = 12,
DISCOVERY = 13,
GET = 14,
ACL_INDIVIDUAL_GET_INFO = 40,
ACL_INDIVIDUAL_UPDATE_ACE = 41,
- ACL_INDIVIDUAL_DELETE = 42,
+ ACL_INDIVIDUAL_UPDATE = 42,
+ ACL_INDIVIDUAL_DELETE = 43,
+ ACL_INDIVIDUAL_DELETE_ACE = 44,
ACL_GROUP_CREATE = 50,
ACL_GROUP_FIND = 51,
printf("** %d - Change default port\n", PORT);
printf("** %d - Change default database filename\n", DB_FILE);
printf("** %d - Change default auth provider\n", AUTH_PROVIDER);
- printf("** %d - Change TLS cipher suite to RSA\n", USE_RSA);
+ printf("** %d - Change TLS cipher suite (ECDSA/RSA)\n", USE_RSA);
printf("** %d - Save Trust Cert. Chain into Cred of SVR\n", SAVE_TRUST_CERT);
printf("** %d - Change Protocol type (CoAP/CoAPs)\n", USE_SECURE_CONN);
+ printf("** %d - Configure SVRdb as Self-OwnerShip\n", CONFIG_SELF_OWNERSHIP);
+ printf("** %d - Configure Secure Storage HW Emulation\n", SECURE_STORAGE_HW_EMULATION);
if (OC_CLIENT == mode)
{
printf("** ACL INDIVIDUAL\n");
printf("** %d - ACL individual get info Request\n", ACL_INDIVIDUAL_GET_INFO);
printf("** %d - ACL individual update ACE Request\n", ACL_INDIVIDUAL_UPDATE_ACE);
+ printf("** %d - ACL individual update Request\n", ACL_INDIVIDUAL_UPDATE);
printf("** %d - ACL individual delete Request\n", ACL_INDIVIDUAL_DELETE);
+ printf("** %d - ACL individual delete ACE Request\n", ACL_INDIVIDUAL_DELETE_ACE);
printf("** ACL GROUP MANAGER\n");
printf("** %d - ACL Create Group Request\n", ACL_GROUP_CREATE);
if (!fExit)
{
- ca_mutex_lock(mutex);
- ca_cond_signal(cond);
- ca_mutex_unlock(mutex);
+ oc_mutex_lock(mutex);
+ oc_cond_signal(cond);
+ oc_mutex_unlock(mutex);
}
}
OCStackResult res = OC_STACK_ERROR;
OIC_LOG(INFO, TAG, "Save Trust Cert. Chain into Cred of SVR");
- ByteArray trustCertChainArray = {0, 0};
+ OCByteString trustCertChainArray = {0, 0};
const char *filename = "rootca.crt";
- if (!readFile(filename, (OCByteString *)&trustCertChainArray))
+ if (!readFile(filename, &trustCertChainArray))
{
OIC_LOG_V(ERROR, TAG, "Can't read %s file", filename);
+ OICFree(trustCertChainArray.bytes);
return OC_STACK_ERROR;
}
- OIC_LOG_BUFFER(DEBUG, TAG, trustCertChainArray.data, trustCertChainArray.len);
+ OIC_LOG_BUFFER(DEBUG, TAG, trustCertChainArray.bytes, trustCertChainArray.len);
- res = OCSaveTrustCertChain(trustCertChainArray.data, trustCertChainArray.len, OIC_ENCODING_PEM,&g_credId);
+ res = OCSaveTrustCertChain(trustCertChainArray.bytes, trustCertChainArray.len, OIC_ENCODING_PEM,&g_credId);
- if(OC_STACK_OK != res)
+ if (OC_STACK_OK != res)
{
- OIC_LOG(ERROR, TAG, "OCSaveTrustCertChainBin API error");
- return res;
+ OIC_LOG(ERROR, TAG, "OCSaveTrustCertChain API error");
+ }
+ else
+ {
+ OIC_LOG_V(INFO, TAG, "CredId of Saved Trust Cert. Chain into Cred of SVR : %d.\n", g_credId);
+ }
+ OICFree(trustCertChainArray.bytes);
+
+ return res;
+}
+
+static OCStackResult configSelfOwnership(void)
+{
+ OCStackResult res = OC_STACK_ERROR;
+ OIC_LOG(INFO, TAG, "Configures SVR DB as self-ownership.");
+
+ res = OCConfigSelfOwnership();
+
+ if (OC_STACK_OK != res)
+ {
+ OIC_LOG(ERROR, TAG, "OCConfigSelfOwnership API error. Please check SVR DB");
+ }
+ else
+ {
+ OIC_LOG(INFO, TAG, "Success to configures SVR DB as self-ownership");
}
- OIC_LOG_V(INFO, TAG, "CredId of Saved Trust Cert. Chain into Cred of SVR : %d.\n", g_credId);
return res;
}
+static void configSecureStorageHwEmulation()
+{
+ OIC_LOG(INFO, TAG, "Enable Secure Storage HW Emulation");
+
+ printf(" Enter Own Certificate File Path[~4095]: ");
+ char cert_filepath[4096] = {0,};
+ for(int ret=0; 1!=ret; )
+ {
+ ret = scanf("%255s", cert_filepath);
+ for( ; 0x20<=getchar(); ); // for removing overflow garbages
+ // '0x20<=code' is character region
+ }
+
+ printf(" Enter Private Key File Path[~4095]: ");
+ char key_filepath[4096] = {0,};
+ for(int ret=0; 1!=ret; )
+ {
+ ret = scanf("%255s", key_filepath);
+ for( ; 0x20<=getchar(); ); // for removing overflow garbages
+ // '0x20<=code' is character region
+ }
+
+ printf(" Enter Password for Key Password[~31][Press (Enter) to not set]: ");
+ char pwd[32] = {0,};
+ for(int i=0; i < 31; i++)
+ {
+ pwd[i] = (char)getchar();
+ if (0x20 <= pwd[i])
+ {
+ pwd[i--] = '\0';
+ continue;
+ }
+ if (0x0A == pwd[i])
+ {
+ pwd[i] = '\0';
+ break;
+ }
+ }
+
+ if (0 != SSemulSetCertkeyFilepath(cert_filepath, key_filepath, pwd))
+ {
+ OIC_LOG(ERROR, TAG, " Fail to set cert/key file path");
+ return;
+ }
+
+ if (0 != SetHwPkixCallbacks(HWGetKeyContext,
+ HWFreeKeyContext,
+ HWGetOwnCertificateChain,
+ HWSetupPkContext))
+ {
+ OIC_LOG(ERROR, TAG, " Fail to regist HW Pkix Callbacks");
+ return;
+ }
+ OIC_LOG(INFO, TAG, " Success to regist HW Pkix Callbacks");
+}
+
static void wrongRequest()
{
printf(">> Entered Wrong Menu Number. Please Enter Again\n\n");
strncpy(endPoint.addr, DEFAULT_HOST, sizeof(endPoint.addr));
endPoint.port = DEFAULT_PORT;
- mutex = ca_mutex_new();
- cond = ca_cond_new();
+ mutex = oc_mutex_new();
+ cond = oc_cond_new();
while (false == fExit)
{
case ACL_INDIVIDUAL_UPDATE_ACE:
res = OCWrapperAclIndividualUpdateAce(&endPoint, handleCB);
break;
+ case ACL_INDIVIDUAL_UPDATE:
+ res = OCWrapperAclIndividualUpdate(&endPoint, handleCB);
+ break;
case ACL_INDIVIDUAL_DELETE:
res = OCWrapperAclIndividualDelete(&endPoint, handleCB);
break;
+ case ACL_INDIVIDUAL_DELETE_ACE:
+ res = OCWrapperAclIndividualDeleteAce(&endPoint, handleCB);
+ break;
case CSR_SIGN:
res = OCWrapperCertificateIssueRequest(&endPoint, handleCB);
break;
res= InitRequest(OC_REST_POST);
break;
case USE_RSA:
- CASelectCipherSuite(0x35, CA_ADAPTER_TCP);
+ {
+ int tmp = 0;
+ readInteger(&tmp, "Select Cipher Suite", "0 - ECDSA, other - RSA");
+ uint16_t cipher = tmp? MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256:
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
+ if (CA_STATUS_OK != CASelectCipherSuite(cipher, CA_ADAPTER_TCP))
+ {
+ OIC_LOG(ERROR, TAG, "CASelectCipherSuite returned an error");
+ }
sendDataToServer = false;
+ }
break;
case SAVE_TRUST_CERT:
saveTrustCert();
sendDataToServer = false;
}
break;
+ case CONFIG_SELF_OWNERSHIP:
+ configSelfOwnership();
+ sendDataToServer = false;
+ break;
+ case SECURE_STORAGE_HW_EMULATION:
+ configSecureStorageHwEmulation();
+ sendDataToServer = false;
+ break;
case EXIT:
- ca_mutex_free(mutex);
- ca_cond_free(cond);
+ oc_mutex_free(mutex);
+ oc_cond_free(cond);
fExit = true;
sendDataToServer = false;
break;
{
if (OC_STACK_OK == res)
{
- ca_mutex_lock(mutex);
- ca_cond_wait_for(cond, mutex, timeout);
- ca_mutex_unlock(mutex);
+ oc_mutex_lock(mutex);
+ oc_cond_wait_for(cond, mutex, timeout);
+ oc_mutex_unlock(mutex);
}
else
{
OCStackResult initPersistentStorage()
{
//Initialize Persistent Storage for SVR database
- static OCPersistentStorage ps = {server_fopen, fread, fwrite, fclose, unlink};
+ static OCPersistentStorage ps = {server_fopen, fread, fwrite, fclose, unlink, NULL, NULL};
return OCRegisterPersistentStorageHandler(&ps);
}
return res;
}
- res = ca_thread_pool_add_task(g_threadPoolHandle, userRequests, mode);
+ res = ca_thread_pool_add_task(g_threadPoolHandle, userRequests, mode, NULL);
if (CA_STATUS_OK != res)
{
OIC_LOG(ERROR, TAG, "thread pool add task error.");
void startProcess()
{
+ struct timespec timeout;
+ timeout.tv_sec = 0;
+ timeout.tv_nsec = 100000000L;
+
while(false == fExit)
{
if (OCProcess() != OC_STACK_OK)
OIC_LOG(ERROR, TAG,"OCProcess process error, exit\n");
break;
}
+ nanosleep(&timeout, NULL);
}
if (OCStop() != OC_STACK_OK)