//
//-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-#include <stdlib.h>
+#ifdef WITH_ARDUINO
#include <string.h>
+#else
+#include <strings.h>
+#endif
+#include <stdlib.h>
+
#include "ocstack.h"
-#include "logger.h"
+#include "ocserverrequest.h"
#include "oic_malloc.h"
-#include "cJSON.h"
-#include "base64.h"
-#include "resourcemanager.h"
-#include "aclresource.h"
-#include "psinterface.h"
+#include "oic_string.h"
+#include "ocrandom.h"
+#include "ocpayload.h"
#include "utlist.h"
+#include "payload_logging.h"
#include "srmresourcestrings.h"
+#include "aclresource.h"
#include "doxmresource.h"
+#include "resourcemanager.h"
#include "srmutility.h"
-#include <stdlib.h>
-#include <string.h>
+#include "psinterface.h"
+
+#include "security_internals.h"
+
+#define TAG "SRM-ACL"
+#define NUMBER_OF_SEC_PROV_RSCS 4
+#define NUMBER_OF_DEFAULT_SEC_RSCS 2
+
+// CborSize is the default cbor payload size being used.
+static uint64_t CborSize = 255;
+
+static OicSecAcl_t *gAcl = NULL;
+static OCResourceHandle gAclHandle = NULL;
+
+/**
+ * This function frees OicSecAcl_t object's fields and object itself.
+ */
+static void FreeACE(OicSecAcl_t *ace)
+{
+ size_t i;
+ if (NULL == ace)
+ {
+ OIC_LOG(ERROR, TAG, "Invalid Parameter");
+ return;
+ }
+
+ // Clean Resources
+ for (i = 0; i < ace->resourcesLen; i++)
+ {
+ OICFree(ace->resources[i]);
+ }
+ OICFree(ace->resources);
+
+ //Clean Period
+ if (ace->periods)
+ {
+ for (i = 0; i < ace->prdRecrLen; i++)
+ {
+ OICFree(ace->periods[i]);
+ }
+ OICFree(ace->periods);
+ }
+
+ //Clean Recurrence
+ if (ace->recurrences)
+ {
+ for (i = 0; i < ace->prdRecrLen; i++)
+ {
+ OICFree(ace->recurrences[i]);
+ }
+ OICFree(ace->recurrences);
+ }
-#define TAG PCF("SRM-ACL")
+ // Clean Owners
+ OICFree(ace->owners);
-OicSecAcl_t *gAcl = NULL;
-static OCResourceHandle gAclHandle = NULL;
+ // Clean ACL node itself
+ OICFree(ace);
+}
void DeleteACLList(OicSecAcl_t* acl)
{
if (acl)
{
- OicSecAcl_t *aclTmp1 = NULL, *aclTmp2 = NULL;
+ OicSecAcl_t *aclTmp1 = NULL;
+ OicSecAcl_t *aclTmp2 = NULL;
LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
{
- int i = 0;
-
LL_DELETE(acl, aclTmp1);
+ FreeACE(aclTmp1);
+ }
+ }
+}
+
+static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
+{
+ if (!secAcl)
+ {
+ return 0;
+ }
+ OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
+ size_t size = 0;
+ while (acl)
+ {
+ size++;
+ acl = acl->next;
+ }
+ return size;
+}
+
+OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, size_t *size)
+{
+ OCStackResult ret = OC_STACK_INVALID_PARAM;
+ int64_t cborEncoderResult = CborNoError;
+ uint8_t *outPayload = NULL;
+ size_t cborLen = *size;
+ OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
+ VERIFY_NON_NULL(TAG, secAcl, ERROR);
+
+ CborEncoder encoder;
+ CborEncoder oicSecAclArray;
+ if (cborLen == 0)
+ {
+ cborLen = CborSize;
+ }
+ *size = 0;
+ *payload = NULL;
+
+ // Please note: This has been initialized prior to use because of VERIFY macro
+
+ outPayload = (uint8_t *)OICCalloc(1, cborLen);
+ VERIFY_NON_NULL(TAG, outPayload, ERROR);
+ cbor_encoder_init(&encoder, outPayload, cborLen, 0);
+
+ // Create ACL Array
+ cborEncoderResult |= cbor_encoder_create_array(&encoder, &oicSecAclArray, OicSecAclSize(secAcl));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Array.");
+
+ while (acl)
+ {
+ CborEncoder oicSecAclMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
+ // ACL Map size - Number of mandatory items
+ uint8_t aclMapSize = 4;
+ // Create ACL Map
+ if (acl->periods)
+ {
+ ++aclMapSize;
+ }
+ if (acl->recurrences)
+ {
+ ++aclMapSize;
+ }
+ cborEncoderResult |= cbor_encoder_create_map(&oicSecAclArray, &oicSecAclMap, aclMapSize);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map");
+
+ // Subject -- Mandatory
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECT_NAME,
+ sizeof(OIC_JSON_SUBJECT_NAME) - 1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
+ size_t inLen = 0;
+ if (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0)
+ {
+ inLen = WILDCARD_SUBJECT_ID_LEN;
+ }
+ else
+ {
+ inLen = sizeof(OicUuid_t);
+ }
+ cborEncoderResult |= cbor_encode_byte_string(&oicSecAclMap, (uint8_t *)acl->subject.id, inLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
+
+ // Resources
+ CborEncoder resources = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
+ sizeof(OIC_JSON_RESOURCES_NAME) -1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
+ cborEncoderResult |= cbor_encoder_create_array(&oicSecAclMap, &resources, acl->resourcesLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
+ for (size_t i = 0; i < acl->resourcesLen; i++)
+ {
+ cborEncoderResult |= cbor_encode_text_string(&resources, acl->resources[i],
+ strlen(acl->resources[i]));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array Value.");
+
+ }
+ cborEncoderResult |= cbor_encoder_close_container(&oicSecAclMap, &resources);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
+
+ // Permissions -- Mandatory
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
+ sizeof(OIC_JSON_PERMISSION_NAME) -1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
+ cborEncoderResult |= cbor_encode_int(&oicSecAclMap, acl->permission);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
+
+ // Period -- Not Mandatory
+ if (acl->periods)
+ {
+ CborEncoder period = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERIODS_NAME,
+ sizeof(OIC_JSON_PERIODS_NAME) -1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Tag.");
+ cborEncoderResult |= cbor_encoder_create_array(&oicSecAclMap, &period, acl->prdRecrLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Array.");
+ for (size_t i = 0; i < acl->prdRecrLen; i++)
+ {
+ cborEncoderResult |= cbor_encode_text_string(&period, acl->periods[i],
+ strlen(acl->periods[i]));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value in Array.");
+
+ }
+ cborEncoderResult |= cbor_encoder_close_container(&oicSecAclMap, &period);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Period Array.");
+ }
- // Clean Resources
- for (i = 0; i < aclTmp1->resourcesLen; i++)
+ // Recurrence -- Not Mandatory
+ if (acl->recurrences)
+ {
+ CborEncoder recurrences = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RECURRENCES_NAME,
+ sizeof(OIC_JSON_RECURRENCES_NAME) -1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Tag.");
+ cborEncoderResult |= cbor_encoder_create_array(&oicSecAclMap, &recurrences, acl->prdRecrLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
+ for (size_t i = 0; i < acl->prdRecrLen; i++)
{
- OICFree(aclTmp1->resources[i]);
+ cborEncoderResult |= cbor_encode_text_string(&recurrences, acl->recurrences[i],
+ strlen(acl->recurrences[i]));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
}
- OICFree(aclTmp1->resources);
+ cborEncoderResult |= cbor_encoder_close_container(&oicSecAclMap, &recurrences);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
+ }
- // Clean Owners
- OICFree(aclTmp1->owners);
+ cborEncoderResult |= cbor_encode_text_string(&oicSecAclMap, OIC_JSON_OWNERS_NAME,
+ sizeof(OIC_JSON_OWNERS_NAME) - 1);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Name.");
+ CborEncoder owners = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
+ cborEncoderResult |= cbor_encoder_create_array(&oicSecAclMap, &owners, acl->ownersLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Array.");
+ for (size_t i = 0; i < acl->ownersLen; i++)
+ {
+ cborEncoderResult = cbor_encode_byte_string(&owners, (uint8_t *)acl->owners[i].id,
+ sizeof(acl->owners[i].id));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owner Array Value.");
- // Clean ACL node itself
- OICFree(aclTmp1);
}
+ cborEncoderResult |= cbor_encoder_close_container(&oicSecAclMap, &owners);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Owner Array.");
+
+ cborEncoderResult |= cbor_encoder_close_container(&oicSecAclArray, &oicSecAclMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
+
+ acl = acl->next;
}
+ cborEncoderResult |= cbor_encoder_close_container(&encoder, &oicSecAclArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Array.");
+
+ if (CborNoError == cborEncoderResult)
+ {
+ *size = encoder.ptr - outPayload;
+ *payload = outPayload;
+ ret = OC_STACK_OK;
+ }
+exit:
+ if (CborErrorOutOfMemory == cborEncoderResult)
+ {
+ // reallocate and try again!
+ OICFree(outPayload);
+ // Since the allocated initial memory failed, double the memory.
+ cborLen += encoder.ptr - encoder.end;
+ cborEncoderResult = CborNoError;
+ if (OC_STACK_OK == AclToCBORPayload(secAcl, &outPayload, &cborLen))
+ {
+ *size = cborLen;
+ *payload = outPayload;
+ ret = OC_STACK_OK;
+ }
+ }
+
+ if (cborEncoderResult != CborNoError)
+ {
+ OICFree(outPayload);
+ outPayload = NULL;
+ *size = 0;
+ ret = OC_STACK_ERROR;
+ }
+
+ return ret;
}
-/*
- * This internal method converts ACL data into JSON format.
- *
- * Note: Caller needs to invoke 'free' when finished done using
- * return string.
- */
-char * BinToAclJSON(const OicSecAcl_t * acl)
+// This function converts CBOR format to ACL data.
+// Caller needs to invoke 'free' when done using
+// note: This function is used in unit test hence not declared static,
+OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
{
- cJSON *jsonRoot = NULL;
- char *jsonStr = NULL;
-
- if (acl)
+ if (NULL == cborPayload)
{
- jsonRoot = cJSON_CreateObject();
- VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
+ return NULL;
+ }
- cJSON *jsonAclArray = NULL;
- cJSON_AddItemToObject (jsonRoot, OIC_JSON_ACL_NAME, jsonAclArray = cJSON_CreateArray());
- VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
+ CborValue aclCbor = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ CborParser parser = { .end = NULL, .flags = 0 };
+ CborError cborFindResult = CborNoError;
+ cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
- while(acl)
- {
- char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
- uint32_t outLen = 0;
- size_t inLen = 0;
- B64Result b64Ret = B64_OK;
+ OicSecAcl_t *headAcl = NULL;
+
+ CborValue aclArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_enter_container(&aclCbor, &aclArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Array.");
- cJSON *jsonAcl = cJSON_CreateObject();
+ while (cbor_value_is_valid(&aclArray))
+ {
+ CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_enter_container(&aclArray, &aclMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
- // Subject -- Mandatory
- outLen = 0;
- if (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0)
+ OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+ VERIFY_NON_NULL(TAG, acl, ERROR);
+
+ while (cbor_value_is_valid(&aclMap))
+ {
+ char* name = NULL;
+ size_t len = 0;
+ CborType type = cbor_value_get_type(&aclMap);
+ if (type == CborTextStringType)
{
- inLen = WILDCARD_SUBJECT_ID_LEN;
+ cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
+ cborFindResult = cbor_value_advance(&aclMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
}
- else
+ if (name)
{
- inLen = sizeof(OicUuid_t);
+ // Subject -- Mandatory
+ if (strcmp(name, OIC_JSON_SUBJECT_NAME) == 0)
+ {
+ uint8_t *subjectId = NULL;
+ cborFindResult = cbor_value_dup_byte_string(&aclMap, &subjectId, &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Subject Name Value.");
+ memcpy(acl->subject.id, subjectId, len);
+ OICFree(subjectId);
+ }
+
+ // Resources -- Mandatory
+ if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
+ {
+ CborValue resources = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_get_array_length(&aclMap, &acl->resourcesLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Rec Array Len Value.");
+
+ cborFindResult = cbor_value_enter_container(&aclMap, &resources);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Rec Array.");
+
+ acl->resources = (char **) OICMalloc(acl->resourcesLen * sizeof(char*));
+ VERIFY_NON_NULL(TAG, acl->resources, ERROR);
+ int i = 0;
+ while (cbor_value_is_text_string(&resources))
+ {
+ cborFindResult = cbor_value_dup_text_string(&resources, &acl->resources[i++],
+ &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Rec Array Value.");
+ cborFindResult = cbor_value_advance(&resources);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Rec Array Advance.");
+ }
+ }
+
+ // Permissions -- Mandatory
+ if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
+ {
+ cborFindResult = cbor_value_get_uint64(&aclMap, (uint64_t *) &acl->permission);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
+ }
+
+ // Period -- Not mandatory
+ if (strcmp(name, OIC_JSON_PERIODS_NAME) == 0)
+ {
+ CborValue period = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Len.");
+ cborFindResult = cbor_value_enter_container(&aclMap, &period);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Map.");
+ int i = 0;
+ while (cbor_value_is_text_string(&period))
+ {
+ cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
+ &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
+ cborFindResult = cbor_value_advance(&period);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
+ }
+ }
+
+ // Recurrence -- Not mandatory
+ if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
+ {
+ CborValue recurrences = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_enter_container(&aclMap, &recurrences);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
+ int i = 0;
+ while (cbor_value_is_text_string(&recurrences))
+ {
+ cborFindResult = cbor_value_dup_text_string(&recurrences,
+ &acl->recurrences[i++], &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array Value.");
+ cborFindResult = cbor_value_advance(&recurrences);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Closing Recurrence Array.");
+ }
+ }
+
+ // Owners -- Mandatory
+ if (strcmp(name, OIC_JSON_OWNERS_NAME) == 0)
+ {
+ CborValue owners = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_get_array_length(&aclMap, &acl->ownersLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Getting Owner Array Len.");
+ cborFindResult = cbor_value_enter_container(&aclMap, &owners);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Owner Array.");
+ int i = 0;
+ acl->owners = (OicUuid_t *)OICMalloc(acl->ownersLen * sizeof(OicUuid_t));
+ VERIFY_NON_NULL(TAG, acl->owners, ERROR);
+ while (cbor_value_is_valid(&owners))
+ {
+ uint8_t *owner = NULL;
+ cborFindResult = cbor_value_dup_byte_string(&owners, &owner, &len, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Owner Array Value.");
+ cborFindResult = cbor_value_advance(&owners);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Owners Array.");
+ memcpy(acl->owners[i].id, owner, len);
+ OICFree(owner);
+ }
+ }
}
- b64Ret = b64Encode(acl->subject.id, inLen, base64Buff,
- sizeof(base64Buff), &outLen);
- VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
- cJSON_AddStringToObject(jsonAcl, OIC_JSON_SUBJECT_NAME, base64Buff );
-
- // Resources -- Mandatory
- cJSON *jsonRsrcArray = NULL;
- cJSON_AddItemToObject (jsonAcl, OIC_JSON_RESOURCES_NAME, jsonRsrcArray = cJSON_CreateArray());
- VERIFY_NON_NULL(TAG, jsonRsrcArray, ERROR);
- for (int i = 0; i < acl->resourcesLen; i++)
+ if (type != CborMapType && cbor_value_is_valid(&aclMap))
{
- cJSON_AddItemToArray (jsonRsrcArray, cJSON_CreateString(acl->resources[i]));
+ cborFindResult = cbor_value_advance(&aclMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
}
+ }
- // Permissions -- Mandatory
- cJSON_AddNumberToObject (jsonAcl, OIC_JSON_PERMISSION_NAME, acl->permission);
-
- // Owners -- Mandatory
- cJSON *jsonOwnrArray = NULL;
- cJSON_AddItemToObject (jsonAcl, OIC_JSON_OWNERS_NAME, jsonOwnrArray = cJSON_CreateArray());
- VERIFY_NON_NULL(TAG, jsonOwnrArray, ERROR);
- for (int i = 0; i < acl->ownersLen; i++)
+ acl->next = NULL;
+ if (headAcl == NULL)
+ {
+ headAcl = acl;
+ }
+ else
+ {
+ OicSecAcl_t *temp = headAcl;
+ while (temp->next)
{
- outLen = 0;
-
- b64Ret = b64Encode(acl->owners[i].id, sizeof(((OicUuid_t*)0)->id), base64Buff,
- sizeof(base64Buff), &outLen);
- VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
-
- cJSON_AddItemToArray (jsonOwnrArray, cJSON_CreateString(base64Buff));
+ temp = temp->next;
}
-
- // Attach current acl node to Acl Array
- cJSON_AddItemToArray(jsonAclArray, jsonAcl);
- acl = acl->next;
+ temp->next = acl;
+ }
+ if (cbor_value_is_valid(&aclArray))
+ {
+ cborFindResult = cbor_value_advance(&aclArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
}
-
- jsonStr = cJSON_PrintUnformatted(jsonRoot);
}
exit:
- if (jsonRoot)
+ if (cborFindResult != CborNoError)
{
- cJSON_Delete(jsonRoot);
+ DeleteACLList(headAcl);
+ headAcl = NULL;
}
- return jsonStr;
+ return headAcl;
}
-/*
- * This internal method converts JSON ACL into binary ACL.
+/**
+ * This method removes ACE for the subject and resource from the ACL
+ *
+ * @param subject of the ACE
+ * @param resource of the ACE
+ *
+ * @return
+ * ::OC_STACK_RESOURCE_DELETED on success
+ * ::OC_STACK_NO_RESOURCE on failure to find the appropriate ACE
+ * ::OC_STACK_INVALID_PARAM on invalid parameter
*/
-OicSecAcl_t * JSONToAclBin(const char * jsonStr)
+static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
{
- OCStackResult ret = OC_STACK_ERROR;
- OicSecAcl_t * headAcl = NULL;
- OicSecAcl_t * prevAcl = NULL;
- cJSON *jsonRoot = NULL;
- cJSON *jsonAclArray = NULL;
-
- VERIFY_NON_NULL(TAG, jsonStr, ERROR);
+ OIC_LOG(DEBUG, TAG, "IN RemoveACE");
- jsonRoot = cJSON_Parse(jsonStr);
- VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
-
- jsonAclArray = cJSON_GetObjectItem(jsonRoot, OIC_JSON_ACL_NAME);
- VERIFY_NON_NULL(TAG, jsonAclArray, ERROR);
+ OicSecAcl_t *acl = NULL;
+ OicSecAcl_t *tempAcl = NULL;
+ bool deleteFlag = false;
+ OCStackResult ret = OC_STACK_NO_RESOURCE;
- if (cJSON_Array == jsonAclArray->type)
+ if (memcmp(subject->id, &WILDCARD_SUBJECT_ID, sizeof(subject->id)) == 0)
{
- int numAcl = cJSON_GetArraySize(jsonAclArray);
- int idx = 0;
+ OIC_LOG_V(ERROR, TAG, "%s received invalid parameter", __func__ );
+ return OC_STACK_INVALID_PARAM;
+ }
- VERIFY_SUCCESS(TAG, numAcl > 0, INFO);
- do
+ //If resource is NULL then delete all the ACE for the subject.
+ if (NULL == resource || resource[0] == '\0')
+ {
+ LL_FOREACH_SAFE(gAcl, acl, tempAcl)
{
- cJSON *jsonAcl = cJSON_GetArrayItem(jsonAclArray, idx);
- VERIFY_NON_NULL(TAG, jsonAcl, ERROR);
-
- OicSecAcl_t *acl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
- VERIFY_NON_NULL(TAG, acl, ERROR);
-
- headAcl = (headAcl) ? headAcl : acl;
- if (prevAcl)
+ if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
{
- prevAcl->next = acl;
+ LL_DELETE(gAcl, acl);
+ FreeACE(acl);
+ deleteFlag = true;
}
-
- size_t jsonObjLen = 0;
- cJSON *jsonObj = NULL;
-
- unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
- uint32_t outLen = 0;
- B64Result b64Ret = B64_OK;
-
- // Subject -- Mandatory
- jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_SUBJECT_NAME);
- VERIFY_NON_NULL(TAG, jsonObj, ERROR);
- VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
- outLen = 0;
- b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring), base64Buff,
- sizeof(base64Buff), &outLen);
- VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->subject.id)), ERROR);
- memcpy(acl->subject.id, base64Buff, outLen);
-
- // Resources -- Mandatory
- jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_RESOURCES_NAME);
- VERIFY_NON_NULL(TAG, jsonObj, ERROR);
- VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
-
- acl->resourcesLen = cJSON_GetArraySize(jsonObj);
- VERIFY_SUCCESS(TAG, acl->resourcesLen > 0, ERROR);
- acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
- VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
-
- int idxx = 0;
- do
+ }
+ }
+ else
+ {
+ //Looping through ACL to find the right ACE to delete. If the required resource is the only
+ //resource in the ACE for the subject then delete the whole ACE. If there are more resources
+ //than the required resource in the ACE, for the subject then just delete the resource from
+ //the resource array
+ LL_FOREACH_SAFE(gAcl, acl, tempAcl)
+ {
+ if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
{
- cJSON *jsonRsrc = cJSON_GetArrayItem(jsonObj, idxx);
- VERIFY_NON_NULL(TAG, jsonRsrc, ERROR);
-
- jsonObjLen = strlen(jsonRsrc->valuestring) + 1;
- acl->resources[idxx] = (char*)OICMalloc(jsonObjLen);
- VERIFY_NON_NULL(TAG, (acl->resources[idxx]), ERROR);
- strncpy(acl->resources[idxx], jsonRsrc->valuestring, jsonObjLen);
- } while ( ++idxx < acl->resourcesLen);
-
- // Permissions -- Mandatory
- jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_PERMISSION_NAME);
- VERIFY_NON_NULL(TAG, jsonObj, ERROR);
- VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
- acl->permission = jsonObj->valueint;
-
- // Owners -- Mandatory
- jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_OWNERS_NAME);
- VERIFY_NON_NULL(TAG, jsonObj, ERROR);
- VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
-
- acl->ownersLen = cJSON_GetArraySize(jsonObj);
- VERIFY_SUCCESS(TAG, acl->ownersLen > 0, ERROR);
- acl->owners = (OicUuid_t*)OICCalloc(acl->ownersLen, sizeof(OicUuid_t));
- VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
-
- idxx = 0;
- do
+ if (1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
+ {
+ LL_DELETE(gAcl, acl);
+ FreeACE(acl);
+ deleteFlag = true;
+ break;
+ }
+ else
+ {
+ size_t resPos = -1;
+ size_t i;
+ for (i = 0; i < acl->resourcesLen; i++)
+ {
+ if (strcmp(acl->resources[i], resource) == 0)
+ {
+ resPos = i;
+ break;
+ }
+ }
+ if (0 <= (int) resPos)
+ {
+ OICFree(acl->resources[resPos]);
+ acl->resources[resPos] = NULL;
+ acl->resourcesLen -= 1;
+ for (i = resPos; i < acl->resourcesLen; i++)
+ {
+ acl->resources[i] = acl->resources[i + 1];
+ }
+ deleteFlag = true;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ if (deleteFlag)
+ {
+ // In case of unit test do not update persistant storage.
+ if (memcmp(subject->id, &WILDCARD_SUBJECT_B64_ID, sizeof(subject->id)) == 0)
+ {
+ ret = OC_STACK_RESOURCE_DELETED;
+ }
+ else
+ {
+ uint8_t *payload = NULL;
+ size_t size = 0;
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
{
- cJSON *jsonOwnr = cJSON_GetArrayItem(jsonObj, idxx);
- VERIFY_NON_NULL(TAG, jsonOwnr, ERROR);
- VERIFY_SUCCESS(TAG, cJSON_String == jsonOwnr->type, ERROR);
+ if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size))
+ {
+ ret = OC_STACK_RESOURCE_DELETED;
+ }
+ OICFree(payload);
+ }
+ }
+ }
+ return ret;
+}
- outLen = 0;
- b64Ret = b64Decode(jsonOwnr->valuestring, strlen(jsonOwnr->valuestring), base64Buff,
- sizeof(base64Buff), &outLen);
+/**
+ * This method parses the query string received for REST requests and
+ * retrieves the 'subject' field.
+ *
+ * @param query querystring passed in REST request
+ * @param subject subject UUID parsed from query string
+ *
+ * @return true if query parsed successfully and found 'subject', else false.
+ */
+static bool GetSubjectFromQueryString(const char *query, OicUuid_t *subject)
+{
+ OicParseQueryIter_t parseIter = { .attrPos = NULL };
- VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(acl->owners[idxx].id)),
- ERROR);
- memcpy(acl->owners[idxx].id, base64Buff, outLen);
- } while ( ++idxx < acl->ownersLen);
+ ParseQueryIterInit((unsigned char *) query, &parseIter);
- prevAcl = acl;
- } while( ++idx < numAcl);
+ while (GetNextQuery (&parseIter))
+ {
+ if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_SUBJECT_NAME, parseIter.attrLen) == 0)
+ {
+ VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
+ memcpy(subject->id, parseIter.valPos, parseIter.valLen);
+ return true;
+ }
}
- ret = OC_STACK_OK;
-
exit:
- cJSON_Delete(jsonRoot);
- if (OC_STACK_OK != ret)
+ return false;
+}
+
+/**
+ * This method parses the query string received for REST requests and
+ * retrieves the 'resource' field.
+ *
+ * @param query querystring passed in REST request
+ * @param resource resource parsed from query string
+ * @param resourceSize size of the memory pointed to resource
+ *
+ * @return true if query parsed successfully and found 'resource', else false.
+ */
+static bool GetResourceFromQueryString(const char *query, char *resource, size_t resourceSize)
+{
+ OicParseQueryIter_t parseIter = { .attrPos = NULL };
+
+ ParseQueryIterInit((unsigned char *) query, &parseIter);
+
+ while (GetNextQuery (&parseIter))
{
- DeleteACLList(headAcl);
- headAcl = NULL;
+ if (strncasecmp((char *) parseIter.attrPos, OIC_JSON_RESOURCES_NAME, parseIter.attrLen)
+ == 0)
+ {
+ VERIFY_SUCCESS(TAG, 0 != parseIter.valLen, ERROR);
+ OICStrcpy(resource, resourceSize, (char *) parseIter.valPos);
+
+ return true;
+ }
}
- return headAcl;
+
+exit:
+ return false;
}
-static OCEntityHandlerResult HandleACLGetRequest (const OCEntityHandlerRequest * ehRequest)
+static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *ehRequest)
{
- // Convert ACL data into JSON for transmission
- char* jsonStr = BinToAclJSON(gAcl);
+ OIC_LOG(INFO, TAG, "HandleACLGetRequest processing the request");
+ uint8_t* payload = NULL;
+ size_t size = 0;
+ OCEntityHandlerResult ehRet;
- /*
- * A device should 'always' have a default ACL. Therefore,
- * jsonStr should never be NULL.
- */
- OCEntityHandlerResult ehRet = (jsonStr ? OC_EH_OK : OC_EH_ERROR);
+ // Process the REST querystring parameters
+ if (ehRequest->query)
+ {
+ OIC_LOG(DEBUG, TAG, "HandleACLGetRequest processing query");
- // Send response payload to request originator
- SendSRMResponse(ehRequest, ehRet, jsonStr);
+ OicUuid_t subject = {.id= { 0 } };
+ char resource[MAX_URI_LENGTH] = { 0 };
+
+ OicSecAcl_t *savePtr = NULL;
+ const OicSecAcl_t *currentAce = NULL;
+
+ // 'Subject' field is MUST for processing a querystring in REST request.
+ VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
- OICFree(jsonStr);
+ GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
- OC_LOG_V (INFO, TAG, PCF("%s RetVal %d"), __func__ , ehRet);
+ /*
+ * TODO : Currently, this code only provides one ACE for a Subject.
+ * Below code needs to be updated for scenarios when Subject have
+ * multiple ACE's in ACL resource.
+ */
+ while ((currentAce = GetACLResourceData(&subject, &savePtr)))
+ {
+ /*
+ * If REST querystring contains a specific resource, we need
+ * to search for that resource in ACE.
+ */
+ if (resource[0] != '\0')
+ {
+ for (size_t n = 0; n < currentAce->resourcesLen; n++)
+ {
+ if ((currentAce->resources[n])
+ && (0 == strcmp(resource, currentAce->resources[n])
+ || 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
+ {
+ // Convert ACL data into CBOR format for transmission
+ if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
+ {
+ ehRet = OC_EH_ERROR;
+ }
+ goto exit;
+ }
+ }
+ }
+ else
+ {
+ // Convert ACL data into CBOR format for transmission
+ if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
+ {
+ ehRet = OC_EH_ERROR;
+ }
+ goto exit;
+ }
+ }
+ }
+ else
+ {
+ // Convert ACL data into CBOR format for transmission.
+ if (OC_STACK_OK != AclToCBORPayload(gAcl, &payload, &size))
+ {
+ ehRet = OC_EH_ERROR;
+ }
+ }
+exit:
+ // A device should always have a default acl. Therefore, payload should never be NULL.
+ ehRet = (payload ? OC_EH_OK : OC_EH_ERROR);
+
+ // Send response payload to request originator
+ SendSRMCBORResponse(ehRequest, ehRet, payload);
+
+ OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
return ehRet;
}
-static OCEntityHandlerResult HandleACLPostRequest (const OCEntityHandlerRequest * ehRequest)
+static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *ehRequest)
{
+ OIC_LOG(INFO, TAG, "HandleACLPostRequest processing the request");
OCEntityHandlerResult ehRet = OC_EH_ERROR;
- // Convert JSON ACL data into binary. This will also validate the ACL data received.
- OicSecAcl_t* newAcl = JSONToAclBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
-
- if (newAcl)
+ // Convert CBOR into ACL data and update to SVR buffers. This will also validate the ACL data received.
+ uint8_t *payload = ((OCSecurityPayload *) ehRequest->payload)->securityData1;;
+ if (payload)
{
- // Append the new ACL to existing ACL
- LL_APPEND(gAcl, newAcl);
-
- // Convert ACL data into JSON for update to persistent storage
- char *jsonStr = BinToAclJSON(gAcl);
- if (jsonStr)
+ OicSecAcl_t *newAcl = CBORPayloadToAcl(payload, CborSize);
+ if (newAcl)
{
- cJSON *jsonAcl = cJSON_Parse(jsonStr);
- OICFree(jsonStr);
-
- if ((jsonAcl) &&
- (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_ACL_NAME, jsonAcl)))
+ // Append the new ACL to existing ACL
+ LL_APPEND(gAcl, newAcl);
+ size_t size = 0;
+ // In case of unit test do not update persistant storage.
+ if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
+ || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
{
ehRet = OC_EH_RESOURCE_CREATED;
}
- cJSON_Delete(jsonAcl);
+ else
+ {
+ uint8_t *cborPayload = NULL;
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
+ {
+ if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
+ {
+ ehRet = OC_EH_RESOURCE_CREATED;
+ }
+ }
+ }
}
}
// Send payload to request originator
- SendSRMResponse(ehRequest, ehRet, NULL);
+ SendSRMCBORResponse(ehRequest, ehRet, NULL);
- OC_LOG_V (INFO, TAG, PCF("%s RetVal %d"), __func__ , ehRet);
+ OIC_LOG_V(DEBUG, TAG, "%s RetVal %d", __func__, ehRet);
return ehRet;
}
-/*
- * This internal method is the entity handler for ACL resources and
- * will handle REST request (GET/PUT/POST/DEL) for them.
- */
-OCEntityHandlerResult ACLEntityHandler (OCEntityHandlerFlag flag,
- OCEntityHandlerRequest * ehRequest,
- void* callbackParameter)
+static OCEntityHandlerResult HandleACLDeleteRequest(const OCEntityHandlerRequest *ehRequest)
+{
+ OIC_LOG(DEBUG, TAG, "Processing ACLDeleteRequest");
+ OCEntityHandlerResult ehRet = OC_EH_ERROR;
+ OicUuid_t subject = { .id= { 0 } };
+ char resource[MAX_URI_LENGTH] = { 0 };
+
+ VERIFY_NON_NULL(TAG, ehRequest->query, ERROR);
+
+ // 'Subject' field is MUST for processing a querystring in REST request.
+ VERIFY_SUCCESS(TAG, true == GetSubjectFromQueryString(ehRequest->query, &subject), ERROR);
+
+ GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
+
+ if (OC_STACK_RESOURCE_DELETED == RemoveACE(&subject, resource))
+ {
+ ehRet = OC_EH_RESOURCE_DELETED;
+ }
+
+exit:
+ // Send payload to request originator
+ SendSRMCBORResponse(ehRequest, ehRet, NULL);
+
+ return ehRet;
+}
+
+OCEntityHandlerResult ACLEntityHandler(OCEntityHandlerFlag flag, OCEntityHandlerRequest * ehRequest,
+ void* callbackParameter)
{
+ OIC_LOG(DEBUG, TAG, "Received request ACLEntityHandler");
+ (void)callbackParameter;
OCEntityHandlerResult ehRet = OC_EH_ERROR;
if (!ehRequest)
if (flag & OC_REQUEST_FLAG)
{
- // TODO : Handle PUT and DEL methods
- OC_LOG (INFO, TAG, PCF("Flag includes OC_REQUEST_FLAG"));
+ // TODO : Handle PUT method
+ OIC_LOG(DEBUG, TAG, "Flag includes OC_REQUEST_FLAG");
switch (ehRequest->method)
{
case OC_REST_GET:
ehRet = HandleACLPostRequest(ehRequest);
break;
+ case OC_REST_DELETE:
+ ehRet = HandleACLDeleteRequest(ehRequest);
+ break;
+
default:
ehRet = OC_EH_ERROR;
- SendSRMResponse(ehRequest, ehRet, NULL);
+ SendSRMCBORResponse(ehRequest, ehRet, NULL);
}
}
return ehRet;
}
-/*
+/**
* This internal method is used to create '/oic/sec/acl' resource.
*/
-OCStackResult CreateACLResource()
+static OCStackResult CreateACLResource()
{
OCStackResult ret;
if (OC_STACK_OK != ret)
{
- OC_LOG (FATAL, TAG, PCF("Unable to instantiate ACL resource"));
+ OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
DeInitACLResource();
}
return ret;
}
-/*
- * This internal method is to retrieve the default ACL.
- * If SVR database in persistent storage got corrupted or
- * is not available for some reason, a default ACL is created
- * which allows user to initiate ACL provisioning again.
- */
-OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
+// This function sets the default ACL and is defined for the unit test only.
+OCStackResult SetDefaultACL(OicSecAcl_t *acl)
+{
+ gAcl = acl;
+ return OC_STACK_OK;
+}
+
+OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
{
OCStackResult ret = OC_STACK_ERROR;
- OicUuid_t ownerId = {};
+ OicUuid_t ownerId = { .id = { 0 } };
/*
* TODO In future, when new virtual resources will be added in OIC
return OC_STACK_INVALID_PARAM;
}
- OicSecAcl_t *acl = (OicSecAcl_t *)OICCalloc(1, sizeof(OicSecAcl_t));
+ OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
VERIFY_NON_NULL(TAG, acl, ERROR);
// Subject -- Mandatory
memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
// Resources -- Mandatory
- acl->resourcesLen = sizeof(rsrcs)/sizeof(rsrcs[0]);
+ acl->resourcesLen = sizeof(rsrcs) / sizeof(rsrcs[0]);
- acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
+ acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
- for (int i = 0; i < acl->resourcesLen; i++)
+ for (size_t i = 0; i < acl->resourcesLen; i++)
{
size_t len = strlen(rsrcs[i]) + 1;
- acl->resources[i] = (char*)OICMalloc(len * sizeof(char));
+ acl->resources[i] = (char*) OICMalloc(len * sizeof(char));
VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
- strncpy(acl->resources[i], rsrcs[i], len);
+ OICStrcpy(acl->resources[i], len, rsrcs[i]);
}
acl->permission = PERMISSION_READ;
- acl->periodsLen = 0;
+ acl->prdRecrLen = 0;
acl->periods = NULL;
acl->recurrences = NULL;
// Device ID is the owner of this default ACL
- ret = GetDoxmDeviceID( &ownerId);
- VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
-
+ if (GetDoxmResourceData() != NULL)
+ {
+ ret = GetDoxmDeviceID(&ownerId);
+ VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, FATAL);
+ }
+ else
+ {
+ OCRandomUuidResult rdm = OCGenerateUuid(ownerId.id);
+ VERIFY_SUCCESS(TAG, RAND_UUID_OK == rdm, FATAL);
+ }
acl->ownersLen = 1;
- acl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
+ acl->owners = (OicUuid_t*) OICMalloc(sizeof(OicUuid_t));
VERIFY_NON_NULL(TAG, (acl->owners), ERROR);
memcpy(acl->owners, &ownerId, sizeof(OicUuid_t));
return ret;
}
-/**
- * Initialize ACL resource by loading data from persistent storage.
- *
- * @retval OC_STACK_OK for Success, otherwise some error value
- */
OCStackResult InitACLResource()
{
OCStackResult ret = OC_STACK_ERROR;
- // Read ACL resource from PS
- char* jsonSVRDatabase = GetSVRDatabase();
-
- if (jsonSVRDatabase)
+ uint8_t *data = NULL;
+ size_t size = 0;
+ ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
+ // If database read failed
+ if (ret != OC_STACK_OK)
{
- // Convert JSON ACL into binary format
- gAcl = JSONToAclBin(jsonSVRDatabase);
- OICFree(jsonSVRDatabase);
+ OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
+ }
+ if (data)
+ {
+ // Read ACL resource from PS
+ gAcl = CBORPayloadToAcl(data, size);
}
/*
* If SVR database in persistent storage got corrupted or
* is not available for some reason, a default ACL is created
* which allows user to initiate ACL provisioning again.
*/
- if (!jsonSVRDatabase || !gAcl)
+ if (!gAcl)
{
GetDefaultACL(&gAcl);
// TODO Needs to update persistent storage
return ret;
}
-/**
- * Perform cleanup for ACL resources.
- *
- * @retval none
- */
-void DeInitACLResource()
+OCStackResult DeInitACLResource()
{
- OCDeleteResource(gAclHandle);
+ OCStackResult ret = OCDeleteResource(gAclHandle);
gAclHandle = NULL;
- DeleteACLList(gAcl);
- gAcl = NULL;
+ if (gAcl)
+ {
+ DeleteACLList(gAcl);
+ gAcl = NULL;
+ }
+ return ret;
}
-/**
- * This method is used by PolicyEngine to retrieve ACL for a Subject.
- *
- * @param subjectId ID of the subject for which ACL is required.
- * @param savePtr is used internally by @ref GetACLResourceData to maintain index between
- * successive calls for same subjectId.
- *
- * @retval reference to @ref OicSecAcl_t if ACL is found, else NULL
- *
- * @note On the first call to @ref GetACLResourceData, savePtr should point to NULL
- */
const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
{
OicSecAcl_t *acl = NULL;
OicSecAcl_t *begin = NULL;
- if ( NULL == subjectId)
+ if (NULL == subjectId)
{
return NULL;
}
*savePtr = NULL;
return NULL;
}
+
+OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
+{
+ OCStackResult ret = OC_STACK_ERROR;
+
+ // Convert CBOR format to ACL data. This will also validate the ACL data received.
+ OicSecAcl_t* newAcl = CBORPayloadToAcl(cborPayload, size);
+
+ if (newAcl)
+ {
+ // Append the new ACL to existing ACL
+ LL_APPEND(gAcl, newAcl);
+
+ // Update persistent storage only if it is not WILDCARD_SUBJECT_ID
+ if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
+ || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
+ {
+ ret = OC_STACK_OK;
+ }
+ else
+ {
+ size_t size = 0;
+ uint8_t *payload = NULL;
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
+ {
+ if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
+ {
+ ret = OC_STACK_OK;
+ }
+ OICFree(payload);
+ }
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * This function generates default ACL for security resource in case of owned status.
+ *
+ * @return Default ACL for security resource.
+ */
+static OicSecAcl_t* GetSecDefaultACL()
+{
+ const char *sec_rsrcs[] = {
+ OIC_RSRC_DOXM_URI,
+ OIC_RSRC_PSTAT_URI
+ };
+ OicUuid_t ownerId = {.id = {0}};
+ OCStackResult res = OC_STACK_ERROR;
+ OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
+ VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
+
+ // Subject -- Mandatory
+ memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
+
+ // Resources -- Mandatory
+ newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
+ newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
+
+ for (size_t i = 0; i < NUMBER_OF_DEFAULT_SEC_RSCS; i++)
+ {
+ size_t len = strlen(sec_rsrcs[i]) + 1;
+ newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
+ OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
+ }
+
+ // Permissions -- Mandatory
+ newDefaultAcl->permission = PERMISSION_READ;
+
+ //Period -- Not Mandatory
+ newDefaultAcl->prdRecrLen = 0;
+ newDefaultAcl->periods = NULL;
+
+ //Recurrence -- Not Mandatory
+ newDefaultAcl->recurrences = NULL;
+
+ // Device ID is the owner of this default ACL
+ res = GetDoxmDeviceID(&ownerId);
+ VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
+
+ // Owners -- Mandatory
+ newDefaultAcl->ownersLen = 1;
+ newDefaultAcl->owners = (OicUuid_t*)OICMalloc(sizeof(OicUuid_t));
+ VERIFY_NON_NULL(TAG, (newDefaultAcl->owners), ERROR);
+ memcpy(newDefaultAcl->owners, &ownerId, sizeof(OicUuid_t));
+
+ return newDefaultAcl;
+exit:
+ DeleteACLList(newDefaultAcl);
+ return NULL;
+
+}
+
+OCStackResult UpdateDefaultSecProvACL()
+{
+ OCStackResult ret = OC_STACK_OK;
+ OicSecAcl_t *acl = NULL;
+ OicSecAcl_t *tmp = NULL;
+
+ if(gAcl)
+ {
+ int matchedRsrc = 0;
+ bool isRemoved = false;
+
+ LL_FOREACH_SAFE(gAcl, acl, tmp)
+ {
+ //Find default security resource ACL
+ if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
+ ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
+ {
+ matchedRsrc = 0;
+
+ for(size_t i = 0; i < acl->resourcesLen; i++)
+ {
+ if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
+ strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
+ strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
+ strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
+ strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
+ strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
+ {
+ matchedRsrc++;
+ }
+ }
+
+ //If default security resource ACL is detected, delete it.
+ if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
+ {
+ LL_DELETE(gAcl, acl);
+ FreeACE(acl);
+ isRemoved = true;
+ }
+ }
+ }
+
+ if(isRemoved)
+ {
+ /*
+ * Generate new security resource ACL as follows :
+ * subject : "*"
+ * resources : '/oic/sec/doxm', '/oic/sec/pstat'
+ * permission : READ
+ */
+ OicSecAcl_t *newDefaultAcl = GetSecDefaultACL();
+ if (newDefaultAcl)
+ {
+ LL_APPEND(gAcl, newDefaultAcl);
+
+ size_t size = 0;
+ uint8_t *payload = NULL;
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
+ {
+ if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
+ {
+ ret = OC_STACK_OK;
+ }
+ OICFree(payload);
+ }
+ }
+ }
+ }
+
+ return ret;
+}