Iotivity should refuse DTLS session formation with devices whose
credentials have been expired.
Change-Id: Ic4708fbdd50ebc59e57f09c37211e7f36dbcf931
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/3015
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
(cherry picked from commit
7fc33d509a8de4dd328386a7f155a52d4c347833)
Reviewed-on: https://gerrit.iotivity.org/gerrit/3291
#include "cainterface.h"
#include "pbkdf2.h"
#include <stdlib.h>
+#include "iotvticalendar.h"
#ifdef WITH_ARDUINO
#include <string.h>
#else
if ((desc_len == sizeof(cred->subject.id)) &&
(memcmp(desc, cred->subject.id, sizeof(cred->subject.id)) == 0))
{
+ /*
+ * If the credentials are valid for limited time,
+ * check their expiry.
+ */
+ if (cred->period)
+ {
+ if(IOTVTICAL_VALID_ACCESS != IsRequestWithinValidTime(cred->period, NULL))
+ {
+ OC_LOG (INFO, TAG, "Credentials are expired.");
+ ret = -1;
+ return ret;
+ }
+ }
+
// Convert PSK from Base64 encoding to binary before copying
uint32_t outLen = 0;
B64Result b64Ret = b64Decode(cred->privateData.data,
"credid": 1,
"sub": "MTExMTExMTExMTExMTExMQ==",
"credtyp": 1,
+ "prd": "20150630T060000/20990920T220000",
"pvdata": "QUFBQUFBQUFBQUFBQUFBQQ==",
"ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="]
}]