projects / platform / upstream / iotivity.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Pstat payload conversion from JSON to CBOR
[platform/upstream/iotivity.git] / resource / csdk / security / provisioning / src / ownershiptransfermanager.c
diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
index 66c9179..e1ba69b 100644 (file)
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -58,6 +58,8 @@
 #include "srmutility.h"
 #include "provisioningdatabasemanager.h"
 #include "oxmrandompin.h"
+#include "ocpayload.h"
+#include "payload_logging.h"
 
 #define TAG "OTM"
 
@@ -85,24 +87,6 @@ static size_t gNumOfProvisioningMethodsPT = 1;
 static OTMContext_t* g_otmCtx = NULL;
 
 /**
- * Function to getting string of ownership transfer method
- */
-static const char* GetOxmString(OicSecOxm_t oxmType)
-{
-    switch(oxmType)
-    {
-        case OIC_JUST_WORKS:
-            return OXM_JUST_WORKS;
-        case OIC_RANDOM_DEVICE_PIN:
-            return OXM_RANDOM_DEVICE_PIN;
-        case OIC_MANUFACTURER_CERTIFICATE:
-            return OXM_MANUFACTURER_CERTIFICATE;
-        default:
-            return NULL;
-    }
-}
-
-/**
  * Function to select appropriate  provisioning method.
  *
  * @param[in] supportedMethods   Array of supported methods
@@ -165,10 +149,23 @@ static void SelectOperationMode(const OCProvisionDev_t *selectedDeviceInfo,
             break;
         }
     }
+    OIC_LOG_V(DEBUG, TAG, "Selected Operation Mode = %d", *selectedMode);
+
     OIC_LOG(DEBUG, TAG, "OUT SelectOperationMode");
 }
 
 /**
+ * Function to start ownership transfer.
+ * This function will send the first request for provisioning,
+ * The next request message is sent from the response handler for this request.
+ *
+ * @param[in] ctx   context value passed to callback from calling function.
+ * @param[in] selectedDevice   selected device information to performing provisioning.
+ * @return  OC_STACK_OK on success
+ */
+static OCStackResult StartOwnershipTransfer(void* ctx, OCProvisionDev_t* selectedDevice);
+
+/**
  * Function to update owner transfer mode
  *
  * @param[in]  otmCtx  Context value of ownership transfer.
@@ -186,44 +183,50 @@ static OCStackResult GetProvisioningStatusResource(OTMContext_t* otmCtx);
 
 
 /**
- * Function to send ownerShip info. This function would update Owned as true and
- * owner as UUID for provisioning tool
+ * Function to send  uuid of owner device to new device.
+ * This function would update 'owner of doxm' as UUID for provisioning tool.
  *
  * @param[in]  otmCtx  Context value of ownership transfer.
  * @return  OC_STACK_OK on success
  */
-static OCStackResult PutOwnershipInformation(OTMContext_t* otmCtx);
+static OCStackResult PutOwnerUuid(OTMContext_t* otmCtx);
 
 /**
  * Function to update the operation mode. As per the spec. Operation mode in client driven
  * single service provisioning it will be updated to 0x3
  *
  * @param[in]  otmCtx  Context value of ownership transfer.
+ * @return  OC_STACK_OK on success
+ */
+static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx);
+
+/**
+ * Function to update the owner credential to new device
+ *
+ * @param[in]  otmCtx  Context value of ownership transfer.
  * @param[in] selectedOperationMode selected operation mode
  * @return  OC_STACK_OK on success
  */
-static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
-                                    OicSecDpom_t selectedOperationMode);
+static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx);
 
 /**
- * Function to start ownership transfer.
- * This function will send the first request for provisioning,
- * The next request message is sent from the response handler for this request.
+ * Function to send ownerShip info.
+ * This function would update 'owned of doxm' as true.
  *
- * @param[in] ctx   context value passed to callback from calling function.
- * @param[in] selectedDevice   selected device information to performing provisioning.
+ * @param[in]  otmCtx  Context value of ownership transfer.
  * @return  OC_STACK_OK on success
  */
-static OCStackResult StartOwnershipTransfer(void* ctx, OCProvisionDev_t* selectedDevice);
+static OCStackResult PutOwnershipInformation(OTMContext_t* otmCtx);
 
-/*
- * Function to finalize provisioning.
- * This function will send default ACL and commit hash.
+/**
+ * Function to update pstat when finalize provisioning.
+ * This function would update 'cm' as bx0011,1100 and 'tm' as bx0000,0000.
  *
- * @param[in] otmCtx   Context value of ownership transfer.
+ * @param[in] ctx   context value passed to callback from calling function.
+ * @param[in] selectedDevice   selected device information to performing provisioning.
  * @return  OC_STACK_OK on success
  */
-static OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx);
+static OCStackResult PutProvisioningStatus(OTMContext_t* otmCtx);
 
 static bool IsComplete(OTMContext_t* otmCtx)
 {
@@ -256,6 +259,17 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
 
     if(otmCtx->selectedDeviceInfo)
     {
+        //Revert psk_info callback and new deivce uuid in case of random PIN OxM
+        if(OIC_RANDOM_DEVICE_PIN == otmCtx->selectedDeviceInfo->doxm->oxmSel)
+        {
+            if(CA_STATUS_OK != CARegisterDTLSCredentialsHandler(GetDtlsPskCredentials))
+            {
+                OIC_LOG(WARNING, TAG, "Failed to revert  is DTLS credential handler.");
+            }
+            OicUuid_t emptyUuid = { .id={0}};
+            SetUuidForRandomPinOxm(&emptyUuid);
+        }
+
         for(size_t i = 0; i < otmCtx->ctxResultArraySize; i++)
         {
             if(memcmp(otmCtx->selectedDeviceInfo->doxm->deviceID.id,
@@ -301,66 +315,84 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
  */
 void DTLSHandshakeCB(const CAEndpoint_t *endpoint, const CAErrorInfo_t *info)
 {
-    if(g_otmCtx && endpoint && info)
+    if(NULL != g_otmCtx && NULL != g_otmCtx->selectedDeviceInfo &&
+       NULL != endpoint && NULL != info)
     {
         OIC_LOG_V(INFO, TAG, "Received status from remote device(%s:%d) : %d",
                  endpoint->addr, endpoint->port, info->result);
 
-        //Make sure the address matches.
-        if(strncmp(g_otmCtx->selectedDeviceInfo->endpoint.addr,
-           endpoint->addr,
-           sizeof(endpoint->addr)) == 0 &&
-           g_otmCtx->selectedDeviceInfo->securePort == endpoint->port)
-        {
-            OCStackResult res;
+        OicSecDoxm_t* newDevDoxm = g_otmCtx->selectedDeviceInfo->doxm;
 
-            CARegisterDTLSHandshakeCallback(NULL);
+        if(NULL != newDevDoxm)
+        {
+            OicUuid_t emptyUuid = {.id={0}};
 
-            //In case of success, send next coaps request.
-            if(CA_STATUS_OK == info->result)
+            //Make sure the address matches.
+            if(strncmp(g_otmCtx->selectedDeviceInfo->endpoint.addr,
+               endpoint->addr,
+               sizeof(endpoint->addr)) == 0 &&
+               g_otmCtx->selectedDeviceInfo->securePort == endpoint->port)
             {
-                //Send request : PUT /oic/sec/doxm [{"Owned":"True", .. , "Owner":"PT's UUID"}]
-                res = PutOwnershipInformation(g_otmCtx);
-                if(OC_STACK_OK != res)
-                {
-                    OIC_LOG(ERROR, TAG, "OperationModeUpdate : Failed to send owner information");
-                    SetResult(g_otmCtx, res);
-                }
-            }
-            //In case of failure, re-start the ownership transfer in case of PIN OxM
-            else if(CA_DTLS_AUTHENTICATION_FAILURE == info->result)
-            {
-                g_otmCtx->selectedDeviceInfo->doxm->owned = false;
-                g_otmCtx->attemptCnt++;
+                OCStackResult res = OC_STACK_ERROR;
 
-                if(g_otmCtx->selectedDeviceInfo->doxm->oxmSel == OIC_RANDOM_DEVICE_PIN)
+                //If temporal secure sesstion established successfully
+                if(CA_STATUS_OK == info->result &&
+                   false == newDevDoxm->owned &&
+                   memcmp(&(newDevDoxm->owner), &emptyUuid, sizeof(OicUuid_t)) == 0)
                 {
-                    res = RemoveCredential(&g_otmCtx->subIdForPinOxm);
-                    if(OC_STACK_RESOURCE_DELETED != res)
+                    //Send request : PUT /oic/sec/doxm [{... , "devowner":"PT's UUID"}]
+                    res = PutOwnerUuid(g_otmCtx);
+                    if(OC_STACK_OK != res)
                     {
-                        OIC_LOG_V(ERROR, TAG, "Failed to remove temporal PSK : %d", res);
+                        OIC_LOG(ERROR, TAG, "OperationModeUpdate : Failed to send owner information");
                         SetResult(g_otmCtx, res);
-                        return;
                     }
+                }
+                //In case of authentication failure
+                else if(CA_DTLS_AUTHENTICATION_FAILURE == info->result)
+                {
+                    //in case of error from owner credential
+                    if(memcmp(&(newDevDoxm->owner), &emptyUuid, sizeof(OicUuid_t)) != 0 &&
+                        true == newDevDoxm->owned)
+                    {
+                        OIC_LOG(ERROR, TAG, "The owner credential may incorrect.");
 
-                    if(WRONG_PIN_MAX_ATTEMP > g_otmCtx->attemptCnt)
+                        if(OC_STACK_OK != RemoveCredential(&(newDevDoxm->deviceID)))
+                        {
+                            OIC_LOG(WARNING, TAG, "Failed to remove the invaild owner credential");
+                        }
+                        SetResult(g_otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
+                    }
+                    //in case of error from wrong PIN, re-start the ownership transfer
+                    else if(OIC_RANDOM_DEVICE_PIN == newDevDoxm->oxmSel)
                     {
-                        res = StartOwnershipTransfer(g_otmCtx, g_otmCtx->selectedDeviceInfo);
-                        if(OC_STACK_OK != res)
+                        OIC_LOG(ERROR, TAG, "The PIN number may incorrect.");
+
+                        memcpy(&(newDevDoxm->owner), &emptyUuid, sizeof(OicUuid_t));
+                        newDevDoxm->owned = false;
+                        g_otmCtx->attemptCnt++;
+
+                        if(WRONG_PIN_MAX_ATTEMP > g_otmCtx->attemptCnt)
                         {
-                            SetResult(g_otmCtx, res);
-                            OIC_LOG(ERROR, TAG, "Failed to Re-StartOwnershipTransfer");
+                            res = StartOwnershipTransfer(g_otmCtx, g_otmCtx->selectedDeviceInfo);
+                            if(OC_STACK_OK != res)
+                            {
+                                SetResult(g_otmCtx, res);
+                                OIC_LOG(ERROR, TAG, "Failed to Re-StartOwnershipTransfer");
+                            }
+                        }
+                        else
+                        {
+                            OIC_LOG(ERROR, TAG, "User has exceeded the number of authentication attempts.");
+                            SetResult(g_otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
                         }
                     }
                     else
                     {
+                        OIC_LOG(ERROR, TAG, "Failed to establish secure session.");
                         SetResult(g_otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
                     }
                 }
-                else
-                {
-                    SetResult(g_otmCtx, OC_STACK_AUTHENTICATION_FAILURE);
-                }
             }
         }
     }
@@ -396,10 +428,10 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
     //Generating OwnerPSK
     CAResult_t pskRet = CAGenerateOwnerPSK(&endpoint,
             (uint8_t *)GetOxmString(selectedDeviceInfo->doxm->oxmSel),
-            strlen(GetOxmString(selectedDeviceInfo->doxm->oxmSel)), ptDeviceID.id,
-            sizeof(ptDeviceID.id), selectedDeviceInfo->doxm->deviceID.id,
-            sizeof(selectedDeviceInfo->doxm->deviceID.id), ownerPSK,
-            OWNER_PSK_LENGTH_128);
+            strlen(GetOxmString(selectedDeviceInfo->doxm->oxmSel)),
+            ptDeviceID.id, sizeof(ptDeviceID.id),
+            selectedDeviceInfo->doxm->deviceID.id, sizeof(selectedDeviceInfo->doxm->deviceID.id),
+            ownerPSK, OWNER_PSK_LENGTH_128);
 
     if (CA_STATUS_OK == pskRet)
     {
@@ -513,23 +545,24 @@ static OCStackApplicationResult ListMethodsHandler(void *ctx, OCDoHandle UNUSED,
             SetResult(otmCtx, OC_STACK_ERROR);
             return OC_STACK_DELETE_TRANSACTION;
         }
-
-        OicSecPstat_t* pstat = JSONToPstatBin(
-                ((OCSecurityPayload*)clientResponse->payload)->securityData);
-        if(NULL == pstat)
+        uint8_t size = 0;
+        OicSecPstat_t* pstat = NULL;
+        OCStackResult result = CBORPayloadToPstat(
+                ((OCSecurityPayload*)clientResponse->payload)->securityData1,
+                size, &pstat);
+        if(NULL == pstat && result != OC_STACK_OK)
         {
-            OIC_LOG(ERROR, TAG, "Error while converting json to pstat bin");
+            OIC_LOG(ERROR, TAG, "Error while converting cbor to pstat.");
             SetResult(otmCtx, OC_STACK_ERROR);
             return OC_STACK_DELETE_TRANSACTION;
         }
         otmCtx->selectedDeviceInfo->pstat = pstat;
 
         //Select operation mode (Currently supported SINGLE_SERVICE_CLIENT_DRIVEN only)
-        OicSecDpom_t selectedOperationMode;
-        SelectOperationMode(otmCtx->selectedDeviceInfo, &selectedOperationMode);
+        SelectOperationMode(otmCtx->selectedDeviceInfo, &(otmCtx->selectedDeviceInfo->pstat->om));
 
-        //Send request : PUT /oic/sec/pstat [{"OM":"0x11", .. }]
-        OCStackResult res = PutUpdateOperationMode(otmCtx, selectedOperationMode);
+        //Send request : PUT /oic/sec/pstat [{"om":"bx11", .. }]
+        OCStackResult res = PutUpdateOperationMode(otmCtx);
         if (OC_STACK_OK != res)
         {
             OIC_LOG(ERROR, TAG, "Error while updating operation mode.");
@@ -549,7 +582,7 @@ exit:
 }
 
 /**
- * Callback handler for OwnershipInformationHandler API.
+ * Response handler for update owner uuid request.
  *
  * @param[in] ctx             ctx value passed to callback from calling function.
  * @param[in] UNUSED          handle to an invocation
@@ -557,13 +590,13 @@ exit:
  * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
  *          and  OC_STACK_KEEP_TRANSACTION to keep it.
  */
-static OCStackApplicationResult OwnershipInformationHandler(void *ctx, OCDoHandle UNUSED,
+static OCStackApplicationResult OwnerUuidUpdateHandler(void *ctx, OCDoHandle UNUSED,
                                 OCClientResponse *clientResponse)
 {
     VERIFY_NON_NULL(TAG, clientResponse, WARNING);
     VERIFY_NON_NULL(TAG, ctx, WARNING);
 
-    OIC_LOG(DEBUG, TAG, "IN OwnershipInformationHandler");
+    OIC_LOG(DEBUG, TAG, "IN OwnerUuidUpdateHandler");
     (void)UNUSED;
     OCStackResult res = OC_STACK_OK;
     OTMContext_t* otmCtx = (OTMContext_t*)ctx;
@@ -572,64 +605,33 @@ static OCStackApplicationResult OwnershipInformationHandler(void *ctx, OCDoHandl
     {
         if(otmCtx && otmCtx->selectedDeviceInfo)
         {
-            if(OIC_RANDOM_DEVICE_PIN == otmCtx->selectedDeviceInfo->doxm->oxmSel)
-            {
-                res = RemoveCredential(&otmCtx->subIdForPinOxm);
-                if(OC_STACK_RESOURCE_DELETED != res)
-                {
-                    OIC_LOG_V(ERROR, TAG, "Failed to remove temporal PSK : %d", res);
-                    return OC_STACK_DELETE_TRANSACTION;
-                }
-            }
-
             res = SaveOwnerPSK(otmCtx->selectedDeviceInfo);
             if(OC_STACK_OK != res)
             {
-                OIC_LOG(ERROR, TAG, "OperationModeUpdate : Failed to owner PSK generation");
+                OIC_LOG(ERROR, TAG, "OwnerUuidUpdateHandler:Failed to owner PSK generation");
                 SetResult(otmCtx, res);
                 return OC_STACK_DELETE_TRANSACTION;
             }
 
-            CAEndpoint_t* endpoint = (CAEndpoint_t *)&otmCtx->selectedDeviceInfo->endpoint;
-            endpoint->port = otmCtx->selectedDeviceInfo->securePort;
-            CAResult_t caResult = CACloseDtlsSession(endpoint);
-            if(CA_STATUS_OK != caResult)
-            {
-                OIC_LOG(ERROR, TAG, "Failed to close DTLS session");
-                SetResult(otmCtx, caResult);
-                return OC_STACK_DELETE_TRANSACTION;
-            }
-
-            /**
-             * If we select NULL cipher,
-             * client will select appropriate cipher suite according to server's cipher-suite list.
-             */
-            caResult = CASelectCipherSuite(TLS_NULL_WITH_NULL_NULL);
-            if(CA_STATUS_OK != caResult)
-            {
-                OIC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL");
-                SetResult(otmCtx, caResult);
-                return OC_STACK_DELETE_TRANSACTION;
-            }
-
-            OIC_LOG(INFO, TAG, "Ownership transfer was successfully completed.");
-            OIC_LOG(INFO, TAG, "Start defualt ACL & commit-hash provisioning.");
-
-            res = FinalizeProvisioning(otmCtx);
+            //PUT owner credential to new device according to security spec B.
+            res = PutOwnerCredential(otmCtx);
             if(OC_STACK_OK != res)
             {
+                OIC_LOG(ERROR, TAG,
+                        "OwnerUuidUpdateHandler:Failed to send PUT request for onwer credential");
                 SetResult(otmCtx, res);
+                return OC_STACK_DELETE_TRANSACTION;
             }
         }
     }
     else
     {
         res = clientResponse->result;
-        OIC_LOG_V(ERROR, TAG, "OwnershipInformationHandler : Unexpected result %d", res);
+        OIC_LOG_V(ERROR, TAG, "OwnerUuidHandler : Unexpected result %d", res);
         SetResult(otmCtx, res);
     }
 
-    OIC_LOG(DEBUG, TAG, "OUT OwnershipInformationHandler");
+    OIC_LOG(DEBUG, TAG, "OUT OwnerUuidUpdateHandler");
 
 exit:
     return  OC_STACK_DELETE_TRANSACTION;
@@ -698,6 +700,273 @@ exit:
     return  OC_STACK_DELETE_TRANSACTION;
 }
 
+/**
+ * Response handler for update owner crendetial request.
+ *
+ * @param[in] ctx             ctx value passed to callback from calling function.
+ * @param[in] UNUSED          handle to an invocation
+ * @param[in] clientResponse  Response from queries to remote servers.
+ * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
+ *          and  OC_STACK_KEEP_TRANSACTION to keep it.
+ */
+static OCStackApplicationResult OwnerCredentialHandler(void *ctx, OCDoHandle UNUSED,
+                                OCClientResponse *clientResponse)
+{
+    VERIFY_NON_NULL(TAG, clientResponse, WARNING);
+    VERIFY_NON_NULL(TAG, ctx, WARNING);
+
+    OIC_LOG(DEBUG, TAG, "IN OwnerCredentialHandler");
+    (void)UNUSED;
+    OCStackResult res = OC_STACK_OK;
+    OTMContext_t* otmCtx = (OTMContext_t*)ctx;
+
+    if(OC_STACK_RESOURCE_CREATED == clientResponse->result)
+    {
+        if(otmCtx && otmCtx->selectedDeviceInfo)
+        {
+            //Close the temporal secure session to verify the owner credential
+            CAEndpoint_t* endpoint = (CAEndpoint_t *)&otmCtx->selectedDeviceInfo->endpoint;
+            endpoint->port = otmCtx->selectedDeviceInfo->securePort;
+            CAResult_t caResult = CACloseDtlsSession(endpoint);
+            if(CA_STATUS_OK != caResult)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to close DTLS session");
+                SetResult(otmCtx, caResult);
+                return OC_STACK_DELETE_TRANSACTION;
+            }
+
+            /**
+             * If we select NULL cipher,
+             * client will select appropriate cipher suite according to server's cipher-suite list.
+             */
+            caResult = CASelectCipherSuite(TLS_NULL_WITH_NULL_NULL);
+            if(CA_STATUS_OK != caResult)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL");
+                SetResult(otmCtx, caResult);
+                return OC_STACK_DELETE_TRANSACTION;
+            }
+
+            /**
+             * in case of random PIN based OxM,
+             * revert get_psk_info callback of tinyDTLS to use owner credential.
+             */
+            if(OIC_RANDOM_DEVICE_PIN == otmCtx->selectedDeviceInfo->doxm->oxmSel)
+            {
+                OicUuid_t emptyUuid = { .id={0}};
+                SetUuidForRandomPinOxm(&emptyUuid);
+
+                if(CA_STATUS_OK != CARegisterDTLSCredentialsHandler(GetDtlsPskCredentials))
+                {
+                    OIC_LOG(ERROR, TAG, "Failed to revert DTLS credential handler.");
+                    SetResult(otmCtx, OC_STACK_INVALID_CALLBACK);
+                    return OC_STACK_DELETE_TRANSACTION;
+                }
+            }
+
+            //PUT /oic/sec/doxm [{ ..., "owned":"TRUE" }]
+            res = PutOwnershipInformation(otmCtx);
+            if(OC_STACK_OK != res)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to put ownership information to new device");
+                SetResult(otmCtx, res);
+                return OC_STACK_DELETE_TRANSACTION;
+            }
+        }
+    }
+    else
+    {
+        res = clientResponse->result;
+        OIC_LOG_V(ERROR, TAG, "OwnerCredentialHandler : Unexpected result %d", res);
+        SetResult(otmCtx, res);
+    }
+
+    OIC_LOG(DEBUG, TAG, "OUT OwnerCredentialHandler");
+
+exit:
+    return  OC_STACK_DELETE_TRANSACTION;
+}
+
+
+/**
+ * Response handler for update owner information request.
+ *
+ * @param[in] ctx             ctx value passed to callback from calling function.
+ * @param[in] UNUSED          handle to an invocation
+ * @param[in] clientResponse  Response from queries to remote servers.
+ * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
+ *          and  OC_STACK_KEEP_TRANSACTION to keep it.
+ */
+static OCStackApplicationResult OwnershipInformationHandler(void *ctx, OCDoHandle UNUSED,
+                                OCClientResponse *clientResponse)
+{
+    VERIFY_NON_NULL(TAG, clientResponse, WARNING);
+    VERIFY_NON_NULL(TAG, ctx, WARNING);
+
+    OIC_LOG(DEBUG, TAG, "IN OwnershipInformationHandler");
+    (void)UNUSED;
+    OCStackResult res = OC_STACK_OK;
+    OTMContext_t* otmCtx = (OTMContext_t*)ctx;
+
+    if(OC_STACK_OK == clientResponse->result)
+    {
+        if(otmCtx && otmCtx->selectedDeviceInfo)
+        {
+            OIC_LOG(INFO, TAG, "Ownership transfer was successfully completed.");
+            OIC_LOG(INFO, TAG, "Start defualt ACL & commit-hash provisioning.");
+
+            res = PutProvisioningStatus(otmCtx);
+            if(OC_STACK_OK != res)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to update pstat");
+                SetResult(otmCtx, res);
+            }
+        }
+    }
+    else
+    {
+        res = clientResponse->result;
+        OIC_LOG_V(ERROR, TAG, "OwnershipInformationHandler : Unexpected result %d", res);
+        SetResult(otmCtx, res);
+    }
+
+    OIC_LOG(DEBUG, TAG, "OUT OwnershipInformationHandler");
+
+exit:
+    return  OC_STACK_DELETE_TRANSACTION;
+}
+
+/**
+ * Response handler of update provisioning status.
+ *
+ * @param[in] ctx             ctx value passed to callback from calling function.
+ * @param[in] UNUSED          handle to an invocation
+ * @param[in] clientResponse  Response from queries to remote servers.
+ * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
+ *          and OC_STACK_KEEP_TRANSACTION to keep it.
+ */
+static OCStackApplicationResult ProvisioningStatusHandler(void *ctx, OCDoHandle UNUSED,
+                                                       OCClientResponse *clientResponse)
+{
+    OIC_LOG_V(INFO, TAG, "IN ProvisioningStatusHandler.");
+
+    VERIFY_NON_NULL(TAG, clientResponse, ERROR);
+    VERIFY_NON_NULL(TAG, ctx, ERROR);
+
+    OTMContext_t* otmCtx = (OTMContext_t*) ctx;
+    (void)UNUSED;
+
+    if (OC_STACK_OK == clientResponse->result)
+    {
+        OCStackResult res = PDMAddDevice(&otmCtx->selectedDeviceInfo->doxm->deviceID);
+         if (OC_STACK_OK == res)
+         {
+                OIC_LOG_V(INFO, TAG, "Add device's UUID in PDM_DB");
+                SetResult(otmCtx, OC_STACK_OK);
+                return OC_STACK_DELETE_TRANSACTION;
+         }
+          else
+         {
+              OIC_LOG(ERROR, TAG, "Ownership transfer is complete but adding information to DB is failed.");
+         }
+    }
+    else
+    {
+        OIC_LOG_V(INFO, TAG, "Error occured in provisionDefaultACLCB :: %d\n",
+                            clientResponse->result);
+        SetResult(otmCtx, clientResponse->result);
+    }
+
+
+exit:
+    OIC_LOG_V(INFO, TAG, "OUT ProvisioningStatusHandler.");
+    return OC_STACK_DELETE_TRANSACTION;
+}
+
+static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx)
+{
+    OIC_LOG(DEBUG, TAG, "IN PutOwnerCredential");
+
+    if(!otmCtx || !otmCtx->selectedDeviceInfo)
+    {
+        OIC_LOG(ERROR, TAG, "Invalid parameters");
+        return OC_STACK_INVALID_PARAM;
+    }
+
+    OCProvisionDev_t* deviceInfo = otmCtx->selectedDeviceInfo;
+    char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
+
+    if(!PMGenerateQuery(true,
+                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->connType,
+                        query, sizeof(query), OIC_RSRC_CRED_URI))
+    {
+        OIC_LOG(ERROR, TAG, "PutOwnerCredential : Failed to generate query");
+        return OC_STACK_ERROR;
+    }
+    OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
+    OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
+    if(!secPayload)
+    {
+        OIC_LOG(ERROR, TAG, "Failed to memory allocation");
+        return OC_STACK_NO_MEMORY;
+    }
+
+    //Generate owner credential for new device
+    secPayload->base.type = PAYLOAD_TYPE_SECURITY;
+    OicSecCred_t* ownerCredential =
+        GetCredResourceData(&(deviceInfo->doxm->deviceID));
+    if(!ownerCredential)
+    {
+        OIC_LOG(ERROR, TAG, "Can not find OwnerPSK.");
+        return OC_STACK_NO_RESOURCE;
+    }
+
+    OicUuid_t credSubjectId = {.id={0}};
+    if(OC_STACK_OK == GetDoxmDeviceID(&credSubjectId))
+    {
+        OicSecCred_t newCredential;
+        memcpy(&newCredential, ownerCredential, sizeof(OicSecCred_t));
+        newCredential.next = NULL;
+
+        //Set subject ID as PT's ID
+        memcpy(&(newCredential.subject), &credSubjectId, sizeof(OicUuid_t));
+
+        //Fill private data as empty string
+        newCredential.privateData.data = NULL;
+
+        //Send owner credential to new device : PUT /oic/sec/cred [ owner credential ]
+        secPayload->securityData = BinToCredJSON(&newCredential);
+        if (NULL == secPayload->securityData)
+        {
+            OICFree(secPayload);
+            OIC_LOG(ERROR, TAG, "Error while converting bin to json");
+            return OC_STACK_ERROR;
+        }
+        OIC_LOG_V(DEBUG, TAG, "Payload : %s", secPayload->securityData);
+
+        OCCallbackData cbData;
+        cbData.cb = &OwnerCredentialHandler;
+        cbData.context = (void *)otmCtx;
+        cbData.cd = NULL;
+        OCStackResult res = OCDoResource(NULL, OC_REST_PUT, query,
+                                         &deviceInfo->endpoint, (OCPayload*)secPayload,
+                                         deviceInfo->connType, OC_LOW_QOS, &cbData, NULL, 0);
+        if (res != OC_STACK_OK)
+        {
+            OIC_LOG(ERROR, TAG, "OCStack resource error");
+        }
+    }
+    else
+    {
+        OIC_LOG(ERROR, TAG, "Failed to read DOXM device ID.");
+        return OC_STACK_NO_RESOURCE;
+    }
+
+    OIC_LOG(DEBUG, TAG, "OUT PutOwnerCredential");
+
+    return OC_STACK_OK;
+}
 
 static OCStackResult PutOwnerTransferModeToResource(OTMContext_t* otmCtx)
 {
@@ -736,7 +1005,6 @@ static OCStackResult PutOwnerTransferModeToResource(OTMContext_t* otmCtx)
         OIC_LOG(ERROR, TAG, "Error while converting bin to json");
         return OC_STACK_ERROR;
     }
-    OIC_LOG_V(DEBUG, TAG, "Payload : %s", secPayload->securityData);
 
     OCCallbackData cbData;
     cbData.cb = &OwnerTransferModeHandler;
@@ -793,6 +1061,62 @@ static OCStackResult GetProvisioningStatusResource(OTMContext_t* otmCtx)
     return res;
 }
 
+static OCStackResult PutOwnerUuid(OTMContext_t* otmCtx)
+{
+    OIC_LOG(DEBUG, TAG, "IN PutOwnerUuid");
+
+    if(!otmCtx || !otmCtx->selectedDeviceInfo)
+    {
+        OIC_LOG(ERROR, TAG, "Invailed parameters");
+        return OC_STACK_INVALID_PARAM;
+    }
+
+    OCProvisionDev_t* deviceInfo = otmCtx->selectedDeviceInfo;
+    char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
+    if(!PMGenerateQuery(true,
+                        deviceInfo->endpoint.addr, deviceInfo->securePort,
+                        deviceInfo->connType,
+                        query, sizeof(query), OIC_RSRC_DOXM_URI))
+    {
+        OIC_LOG(ERROR, TAG, "PutOwnershipInformation : Failed to generate query");
+        return OC_STACK_ERROR;
+    }
+    OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
+
+    //PUT PT's uuid to new device
+    OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
+    if(!secPayload)
+    {
+        OIC_LOG(ERROR, TAG, "Failed to memory allocation");
+        return OC_STACK_NO_MEMORY;
+    }
+    secPayload->base.type = PAYLOAD_TYPE_SECURITY;
+    secPayload->securityData =
+        g_OTMDatas[deviceInfo->doxm->oxmSel].createOwnerTransferPayloadCB(otmCtx);
+    if (NULL == secPayload->securityData)
+    {
+        OICFree(secPayload);
+        OIC_LOG(ERROR, TAG, "Error while converting doxm bin to json");
+        return OC_STACK_INVALID_PARAM;
+    }
+    OIC_LOG_V(DEBUG, TAG, "Payload : %s", secPayload->securityData);
+
+    OCCallbackData cbData;
+    cbData.cb = &OwnerUuidUpdateHandler;
+    cbData.context = (void *)otmCtx;
+    cbData.cd = NULL;
+
+    OCStackResult res = OCDoResource(NULL, OC_REST_PUT, query, 0, (OCPayload*)secPayload,
+                                     deviceInfo->connType, OC_LOW_QOS, &cbData, NULL, 0);
+    if (res != OC_STACK_OK)
+    {
+        OIC_LOG(ERROR, TAG, "OCStack resource error");
+    }
+
+    OIC_LOG(DEBUG, TAG, "OUT PutOwnerUuid");
+
+    return res;
+}
 
 static OCStackResult PutOwnershipInformation(OTMContext_t* otmCtx)
 {
@@ -817,21 +1141,22 @@ static OCStackResult PutOwnershipInformation(OTMContext_t* otmCtx)
     OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
 
     //OwnershipInformationHandler
-    OicSecOxm_t selOxm = deviceInfo->doxm->oxmSel;
     OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
     if(!secPayload)
     {
         OIC_LOG(ERROR, TAG, "Failed to memory allocation");
         return OC_STACK_NO_MEMORY;
     }
-    secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-    secPayload->securityData = g_OTMDatas[selOxm].createOwnerTransferPayloadCB(otmCtx);
+
+    otmCtx->selectedDeviceInfo->doxm->owned = true;
+    secPayload->securityData = BinToDoxmJSON(otmCtx->selectedDeviceInfo->doxm);
     if (NULL == secPayload->securityData)
     {
         OICFree(secPayload);
         OIC_LOG(ERROR, TAG, "Error while converting doxm bin to json");
         return OC_STACK_INVALID_PARAM;
     }
+    secPayload->base.type = PAYLOAD_TYPE_SECURITY;
 
     OCCallbackData cbData;
     cbData.cb = &OwnershipInformationHandler;
@@ -850,8 +1175,7 @@ static OCStackResult PutOwnershipInformation(OTMContext_t* otmCtx)
     return res;
 }
 
-static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
-                                    OicSecDpom_t selectedOperationMode)
+static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx)
 {
     OIC_LOG(DEBUG, TAG, "IN PutUpdateOperationMode");
 
@@ -872,8 +1196,6 @@ static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
     }
     OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
 
-    deviceInfo->pstat->om = selectedOperationMode;
-
     OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
     if(!secPayload)
     {
@@ -881,11 +1203,13 @@ static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
         return OC_STACK_NO_MEMORY;
     }
     secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-    secPayload->securityData = BinToPstatJSON(deviceInfo->pstat);
-    if (NULL == secPayload->securityData)
+    size_t size = 0;
+    OCStackResult res = PstatToCBORPayload(deviceInfo->pstat, &secPayload->securityData1,
+                                           &size);
+   if (OC_STACK_OK != res)
     {
-        OICFree(secPayload);
-        OIC_LOG(ERROR, TAG, "Error while converting pstat bin to json");
+        OCPayloadDestroy((OCPayload *)secPayload);
+        OIC_LOG(ERROR, TAG, "Error while converting pstat to cbor.");
         return OC_STACK_INVALID_PARAM;
     }
 
@@ -893,8 +1217,8 @@ static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
     cbData.cb = &OperationModeUpdateHandler;
     cbData.context = (void *)otmCtx;
     cbData.cd = NULL;
-    OCStackResult res = OCDoResource(NULL, OC_REST_PUT, query, 0, (OCPayload*)secPayload,
-                                     deviceInfo->connType, OC_LOW_QOS, &cbData, NULL, 0);
+    res = OCDoResource(NULL, OC_REST_PUT, query, 0, (OCPayload*)secPayload,
+                       deviceInfo->connType, OC_LOW_QOS, &cbData, NULL, 0);
     if (res != OC_STACK_OK)
     {
         OIC_LOG(ERROR, TAG, "OCStack resource error");
@@ -978,10 +1302,14 @@ OCStackResult OTMDoOwnershipTransfer(void* ctx,
 {
     OIC_LOG(DEBUG, TAG, "IN OTMDoOwnershipTransfer");
 
-    if (NULL == selectedDevicelist || NULL == resultCallback )
+    if (NULL == selectedDevicelist)
     {
         return OC_STACK_INVALID_PARAM;
     }
+    if (NULL == resultCallback)
+    {
+        return OC_STACK_INVALID_CALLBACK;
+    }
 
     OTMContext_t* otmCtx = (OTMContext_t*)OICCalloc(1,sizeof(OTMContext_t));
     if(!otmCtx)
@@ -1045,129 +1373,11 @@ error:
     OICFree(otmCtx->ctxResultArray);
     OICFree(otmCtx);
     return res;
-
-}
-
-/**
- * Callback handler of SRPFinalizeProvisioning.
- *
- * @param[in] ctx             ctx value passed to callback from calling function.
- * @param[in] UNUSED          handle to an invocation
- * @param[in] clientResponse  Response from queries to remote servers.
- * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
- *          and OC_STACK_KEEP_TRANSACTION to keep it.
- */
-static OCStackApplicationResult FinalizeProvisioningCB(void *ctx, OCDoHandle UNUSED,
-                                                       OCClientResponse *clientResponse)
-{
-    OIC_LOG_V(INFO, TAG, "IN FinalizeProvisioningCB.");
-
-    VERIFY_NON_NULL(TAG, clientResponse, ERROR);
-    VERIFY_NON_NULL(TAG, ctx, ERROR);
-
-    OTMContext_t* otmCtx = (OTMContext_t*)ctx;
-    (void)UNUSED;
-    if(OC_STACK_OK == clientResponse->result)
-    {
-        OCStackResult res = PDMAddDevice(&otmCtx->selectedDeviceInfo->doxm->deviceID);
-
-         if (OC_STACK_OK == res)
-         {
-                OIC_LOG_V(INFO, TAG, "Add device's UUID in PDM_DB");
-                SetResult(otmCtx, OC_STACK_OK);
-                return OC_STACK_DELETE_TRANSACTION;
-         }
-         else
-         {
-              OIC_LOG(ERROR, TAG, "Ownership transfer is complete but adding information to DB is failed.");
-         }
-    }
-exit:
-    return OC_STACK_DELETE_TRANSACTION;
-}
-
-/**
- * Callback handler of default ACL provisioning.
- *
- * @param[in] ctx             ctx value passed to callback from calling function.
- * @param[in] UNUSED          handle to an invocation
- * @param[in] clientResponse  Response from queries to remote servers.
- * @return  OC_STACK_DELETE_TRANSACTION to delete the transaction
- *          and OC_STACK_KEEP_TRANSACTION to keep it.
- */
-static OCStackApplicationResult ProvisionDefaultACLCB(void *ctx, OCDoHandle UNUSED,
-                                                       OCClientResponse *clientResponse)
-{
-    OIC_LOG_V(INFO, TAG, "IN ProvisionDefaultACLCB.");
-
-    VERIFY_NON_NULL(TAG, clientResponse, ERROR);
-    VERIFY_NON_NULL(TAG, ctx, ERROR);
-
-    OTMContext_t* otmCtx = (OTMContext_t*) ctx;
-    (void)UNUSED;
-
-    if (OC_STACK_RESOURCE_CREATED == clientResponse->result)
-    {
-        OIC_LOG_V(INFO, TAG, "Staring commit hash task.");
-        // TODO hash currently have fixed value 0.
-        uint16_t aclHash = 0;
-        otmCtx->selectedDeviceInfo->pstat->commitHash = aclHash;
-        otmCtx->selectedDeviceInfo->pstat->tm = NORMAL;
-        OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
-        if(!secPayload)
-        {
-            OIC_LOG(ERROR, TAG, "Failed to memory allocation");
-            return OC_STACK_NO_MEMORY;
-        }
-        secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-        secPayload->securityData = BinToPstatJSON(otmCtx->selectedDeviceInfo->pstat);
-        if (NULL == secPayload->securityData)
-        {
-            OICFree(secPayload);
-            SetResult(otmCtx, OC_STACK_INVALID_JSON);
-            return OC_STACK_DELETE_TRANSACTION;
-        }
-        OIC_LOG_V(INFO, TAG, "Created payload for commit hash: %s",secPayload->securityData);
-
-        char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
-        if(!PMGenerateQuery(true,
-                            otmCtx->selectedDeviceInfo->endpoint.addr,
-                            otmCtx->selectedDeviceInfo->securePort,
-                            otmCtx->selectedDeviceInfo->connType,
-                            query, sizeof(query), OIC_RSRC_PSTAT_URI))
-        {
-            OIC_LOG(ERROR, TAG, "ProvisionDefaultACLCB : Failed to generate query");
-            return OC_STACK_ERROR;
-        }
-        OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
-
-        OCCallbackData cbData = {.context=NULL, .cb=NULL, .cd=NULL};
-        cbData.cb = &FinalizeProvisioningCB;
-        cbData.context = (void*)otmCtx;
-        cbData.cd = NULL;
-        OCStackResult ret = OCDoResource(NULL, OC_REST_PUT, query, 0, (OCPayload*)secPayload,
-                otmCtx->selectedDeviceInfo->connType, OC_HIGH_QOS, &cbData, NULL, 0);
-        OIC_LOG_V(INFO, TAG, "OCDoResource returned: %d",ret);
-        if (ret != OC_STACK_OK)
-        {
-            OIC_LOG(ERROR, TAG, "OCStack resource error");
-            SetResult(otmCtx, ret);
-        }
-    }
-    else
-    {
-        OIC_LOG_V(INFO, TAG, "Error occured in provisionDefaultACLCB :: %d\n",
-                            clientResponse->result);
-        SetResult(otmCtx, clientResponse->result);
-    }
-exit:
-    return OC_STACK_DELETE_TRANSACTION;
 }
 
-
-OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx)
+OCStackResult PutProvisioningStatus(OTMContext_t* otmCtx)
 {
-    OIC_LOG(INFO, TAG, "IN FinalizeProvisioning");
+    OIC_LOG(INFO, TAG, "IN PutProvisioningStatus");
 
     if(!otmCtx)
     {
@@ -1180,42 +1390,10 @@ OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx)
         OICFree(otmCtx);
         return OC_STACK_INVALID_PARAM;
     }
-    // Provision Default ACL to device
-    OicSecAcl_t defaultAcl =
-    { {.id={0}},
-        1,
-        NULL,
-        0x001F,
-        0,
-        NULL,
-        NULL,
-        1,
-        NULL,
-        NULL,
-    };
-
-    OicUuid_t provTooldeviceID = {.id={0}};
-    if (OC_STACK_OK != GetDoxmDeviceID(&provTooldeviceID))
-    {
-        OIC_LOG(ERROR, TAG, "Error while retrieving provisioning tool's device ID");
-        SetResult(otmCtx, OC_STACK_ERROR);
-        return OC_STACK_ERROR;
-    }
-    OIC_LOG(INFO, TAG, "Retieved deviceID");
-    memcpy(defaultAcl.subject.id, provTooldeviceID.id, sizeof(defaultAcl.subject.id));
-    char *wildCardResource = "*";
-    defaultAcl.resources = &wildCardResource;
-
-    defaultAcl.owners = (OicUuid_t *) OICCalloc(1, UUID_LENGTH);
-    if(!defaultAcl.owners)
-    {
-        OIC_LOG(ERROR, TAG, "Failed to memory allocation for default ACL");
-        SetResult(otmCtx, OC_STACK_NO_MEMORY);
-        return OC_STACK_NO_MEMORY;
-    }
-    memcpy(defaultAcl.owners->id, provTooldeviceID.id, UUID_LENGTH);
-    OIC_LOG(INFO, TAG, "Provisioning default ACL");
 
+    otmCtx->selectedDeviceInfo->pstat->tm = NORMAL;
+    otmCtx->selectedDeviceInfo->pstat->cm = PROVISION_ACLS | PROVISION_CREDENTIALS |
+                                            SECURITY_MANAGEMENT_SERVICES | BOOTSTRAP_SERVICE;
     OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
     if(!secPayload)
     {
@@ -1223,47 +1401,42 @@ OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx)
         return OC_STACK_NO_MEMORY;
     }
     secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-    secPayload->securityData = BinToAclJSON(&defaultAcl);
-    OICFree(defaultAcl.owners);
-    if(!secPayload->securityData)
+    size_t size = 0;
+    if (OC_STACK_OK != PstatToCBORPayload(otmCtx->selectedDeviceInfo->pstat,
+            &secPayload->securityData1, &size))
     {
-        OICFree(secPayload);
-        OIC_LOG(INFO, TAG, "FinalizeProvisioning : Failed to BinToAclJSON");
-        SetResult(otmCtx, OC_STACK_ERROR);
-        return OC_STACK_ERROR;
+        OCPayloadDestroy((OCPayload *)secPayload);
+        SetResult(otmCtx, OC_STACK_INVALID_JSON);
+        return OC_STACK_INVALID_JSON;
     }
-    OIC_LOG_V(INFO, TAG, "Provisioning default ACL : %s",secPayload->securityData);
+    OIC_LOG_V(INFO, TAG, "Created payload for commit hash: %s",secPayload->securityData1);
 
     char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
     if(!PMGenerateQuery(true,
                         otmCtx->selectedDeviceInfo->endpoint.addr,
                         otmCtx->selectedDeviceInfo->securePort,
                         otmCtx->selectedDeviceInfo->connType,
-                        query, sizeof(query), OIC_RSRC_ACL_URI))
+                        query, sizeof(query), OIC_RSRC_PSTAT_URI))
     {
-        OIC_LOG(ERROR, TAG, "FinalizeProvisioning : Failed to generate query");
+        OIC_LOG(ERROR, TAG, "PutProvisioningStatus : Failed to generate query");
         return OC_STACK_ERROR;
     }
     OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
 
-    OIC_LOG_V(INFO, TAG, "Request URI for Provisioning default ACL : %s", query);
-
-    OCCallbackData cbData =  {.context=NULL, .cb=NULL, .cd=NULL};
-    cbData.cb = &ProvisionDefaultACLCB;
-    cbData.context = (void *)otmCtx;
+    OCCallbackData cbData = {.context=NULL, .cb=NULL, .cd=NULL};
+    cbData.cb = &ProvisioningStatusHandler;
+    cbData.context = (void*)otmCtx;
     cbData.cd = NULL;
-    OCStackResult ret = OCDoResource(NULL, OC_REST_POST, query,
-            &otmCtx->selectedDeviceInfo->endpoint, (OCPayload*)secPayload,
+    OCStackResult ret = OCDoResource(NULL, OC_REST_PUT, query, 0, (OCPayload*)secPayload,
             otmCtx->selectedDeviceInfo->connType, OC_HIGH_QOS, &cbData, NULL, 0);
-    if (OC_STACK_OK != ret)
+    OIC_LOG_V(INFO, TAG, "OCDoResource returned: %d",ret);
+    if (ret != OC_STACK_OK)
     {
+        OIC_LOG(ERROR, TAG, "OCStack resource error");
         SetResult(otmCtx, ret);
-        return ret;
     }
 
-    OIC_LOG(INFO, TAG, "OUT FinalizeProvisioning");
+    OIC_LOG(INFO, TAG, "OUT PutProvisioningStatus");
 
     return ret;
-
 }
-
Domain: Network & Connectivity / IoT Connectivity;