[IOT-1582] Change "PUT" to count as "Create" and never as "Update"
authorNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Mon, 21 Nov 2016 19:41:01 +0000 (11:41 -0800)
committerRandeep Singh <randeep.s@samsung.com>
Thu, 24 Nov 2016 07:10:50 +0000 (07:10 +0000)
Per Core Spec conventions, even though PUT is technically legal
for Create or Update, PUT is only ever used for Create.  Therefore
we need to change the CRUDN permission bit check in security layer.

Updated Readme.scons.txt and README-building-and-running-secure-IoTivity-
stack.txt to clarify build and use of secure IoTivity stack.

Change-Id: Id362c9c0225e53240b2d1f844c5f05d55cfa2938
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14579
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Phil Coval <philippe.coval@osg.samsung.com>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Craig Pratt <craig@ecaspia.com>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
(cherry picked from commit da4ccd548c926669896e844a672edb32f8de6d70)
Reviewed-on: https://gerrit.iotivity.org/gerrit/14719
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Readme.scons.txt
resource/csdk/security/README-building-and-running-secure-IoTivity-stack.txt
resource/csdk/security/src/policyengine.c
resource/csdk/stack/samples/linux/secure/occlientbasicops.cpp
resource/csdk/stack/samples/linux/secure/ocserverbasicops.cpp

index cc56b27..c1a94a4 100644 (file)
@@ -31,6 +31,10 @@ message to install tinycbor)
 ('<iotivity>' is the path to 'iotivity' project. If your device is x86, arm,
 or arm64, please change 'x86_64' to the proper arch)
 
+3. To build and test IoTivity with Security enabled (required for certification) 
+follow the instructions found in:
+  <iotivity>/resource/csdk/security/README-building-and-running-secure-IoTivity-stack.txt
+
 == How to build IoTivity projects ==
 
 IoTivity includes a series of projects. You can find all these projects here:
index bc19b1b..4ab7597 100644 (file)
@@ -1,6 +1,18 @@
-LAST UPDATED 9/29/2016
+LAST UPDATED 11/20/2016
 
-To build the IoTivity stack with the security features enabled:
+To prepare the environment for building IoTivity:
+
+1)  Install the tools and libraries for building IoTivity by following the
+       instructions in the <iotivity-base>/Readme.scons.txt file.
+
+2)     In addition, install the sqlite3 developer library:
+       $ sudo apt-get install libsqlite3-dev
+
+3)  Finally, download the mbedtls library:
+       $ git clone https://github.com/ARMmbed/mbedtls.git extlibs/mbedtls/mbedtls
+
+To build the IoTivity stack with the security features enabled (required for
+       certification):
 
 1) Build IoTivity with security enabled:
        $ cd <iotivity-base>
@@ -11,10 +23,39 @@ To build the IoTivity stack with the security features enabled:
        $ export LD_LIBRARY_PATH=<iotivity-base>/out/<...>/release
        $ ./ocserverbasicops &
        $ ./occlientbasicops -t 1
-        NOTE: Console messages below indicate success:
+        NOTE: Console messages below indicate success (may not be at bottom of
+        response printout... search up a page or so on the console):
          "INFO: occlientbasicops: Uri -- /a/led
-          INFO: occlientbasicops: SECUREPORT udp: 51516
+          INFO: occlientbasicops: SECUREPORT udp: 51516 <-- actual port may differ
           INFO: occlientbasicops: Secure -- YES"
+    Press <ctrl-c> to quit occlientbasicops, then run:
        $ ./occlientbasicops -t 2
-        NOTE: Completion of 'GET' and 'PUT' query to /a/led indicates success!
-
+        NOTE: receipt of of 'Get Response', 'Put Response' and 'Post Response'
+        from /a/led indicates success.
+        Example Response:
+         "33:43.222 INFO: occlientbasicops: Callback Context for PUT recvd successfully
+                 33:43.222 INFO: occlientbasicops: StackResult: OC_STACK_UNAUTHORIZED_REQ
+                 33:43.222 INFO: PayloadLog: NULL Payload
+                 33:43.222 INFO: occlientbasicops: =============> Put Response
+                 33:43.326 INFO: occlientbasicops: Callback Context for POST recvd successfully
+                 33:43.326 INFO: occlientbasicops: StackResult: UNKNOWN
+                 33:43.326 INFO: PayloadLog: Payload Type: Representation
+                 33:43.326 INFO: PayloadLog:   Resource #1
+                 33:43.326 INFO: PayloadLog:   Values:
+                 33:43.326 INFO: PayloadLog:           createduri(string):/a/led/0
+                 33:43.326 INFO: occlientbasicops: =============> Post Response
+                 33:43.426 INFO: occlientbasicops: Callback Context for POST recvd successfully
+                 33:43.426 INFO: occlientbasicops: StackResult: UNKNOWN
+                 33:43.426 INFO: PayloadLog: Payload Type: Representation
+                 33:43.426 INFO: PayloadLog:   Resource #1
+                 33:43.426 INFO: PayloadLog:   Values:
+                 33:43.426 INFO: PayloadLog:           createduri(string):/a/led/1
+                 33:43.426 INFO: occlientbasicops: =============> Post Response
+                 33:43.526 INFO: occlientbasicops: Callback Context for POST recvd successfully
+                 33:43.526 INFO: occlientbasicops: StackResult: UNKNOWN
+                 33:43.526 INFO: PayloadLog: Payload Type: Representation
+                 33:43.526 INFO: PayloadLog:   Resource #1
+                 33:43.526 INFO: PayloadLog:   Values:
+                 33:43.526 INFO: PayloadLog:           state(bool):true
+                 33:43.526 INFO: PayloadLog:           power(int):15
+                 33:43.526 INFO: occlientbasicops: =============> Post Response"
index 5aea971..d5ba721 100644 (file)
@@ -47,10 +47,15 @@ uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method)
         case CA_GET:
             perm = (uint16_t)PERMISSION_READ;
             break;
-        case CA_POST: // For now we treat all PUT & POST as Write
-        case CA_PUT:  // because we don't know if resource exists yet.
+        case CA_POST: // Treat all POST as Write (Update) because
+                      // we don't know if resource exists yet.
+                      // This will be addressed in IoTivity impl of OCF 1.0
             perm = (uint16_t)PERMISSION_WRITE;
             break;
+        case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
+                     // never for Update.
+            perm = (uint16_t)PERMISSION_CREATE;
+            break;
         case CA_DELETE:
             perm = (uint16_t)PERMISSION_DELETE;
             break;
index 9890e39..10aa3ff 100644 (file)
@@ -204,12 +204,12 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle,
                     case TEST_NON_CON_OP:
                         InitGetRequest(OC_LOW_QOS);
                         InitPutRequest(OC_LOW_QOS);
-                        //InitPostRequest(OC_LOW_QOS);
+                        InitPostRequest(OC_LOW_QOS);
                         break;
                     case TEST_CON_OP:
                         InitGetRequest(OC_HIGH_QOS);
                         InitPutRequest(OC_HIGH_QOS);
-                        //InitPostRequest(OC_HIGH_QOS);
+                        InitPostRequest(OC_HIGH_QOS);
                         break;
                 }
             }
@@ -219,7 +219,6 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle,
     return (UnicastDiscovery) ? OC_STACK_DELETE_TRANSACTION : OC_STACK_KEEP_TRANSACTION ;
 
 }
-
 int InitPutRequest(OCQualityOfService qos)
 {
     OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
@@ -241,6 +240,10 @@ int InitPostRequest(OCQualityOfService qos)
     OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
     std::ostringstream query;
     query << coapServerResource;
+    if(WithTcp)
+    {
+        endpoint.adapter = OC_ADAPTER_TCP;
+    }
     endpoint.flags = (OCTransportFlags)(endpoint.flags|OC_SECURE);
 
     // First POST operation (to create an LED instance)
@@ -262,10 +265,16 @@ int InitPostRequest(OCQualityOfService qos)
         OIC_LOG(INFO, TAG, "Second POST call did not succeed");
     }
 
-    // This POST operation will update the original resourced /a/led
-    return (InvokeOCDoResource(query, OC_REST_POST, &endpoint,
-                ((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS),
-                postReqCB, NULL, 0));
+    // This POST operation will update the original resourced /a/led (as long as
+    // the server is set to max 2 /lcd resources)
+    result = InvokeOCDoResource(query, OC_REST_POST, &endpoint,
+            ((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS),
+            postReqCB, NULL, 0);
+    if (OC_STACK_OK != result)
+    {
+        OIC_LOG(INFO, TAG, "Third POST call did not succeed");
+    }
+    return result;
 }
 
 int InitGetRequest(OCQualityOfService qos)
index 61db06a..6ebc856 100644 (file)
@@ -95,7 +95,8 @@ OCRepPayload* constructResponse (OCEntityHandlerRequest *ehRequest)
         gResourceUri = (char *) "/a/led/1";
     }
 
-    if(OC_REST_PUT == ehRequest->method)
+    if(OC_REST_PUT == ehRequest->method
+        || OC_REST_POST == ehRequest->method)
     {
         // Get pointer to query
         int64_t pow;
@@ -168,7 +169,7 @@ OCEntityHandlerResult ProcessPostRequest (OCEntityHandlerRequest *ehRequest,
      * resource is created with default representation (if representation is included in
      * POST payload it can be used as initial values) as long as the instance is
      * lesser than max new instance count. Once max instance count is reached, POST on
-     * /a/led updated the representation of /a/led (just like PUT)
+     * /a/led updated the representation of /a/led.
      */
 
     if (ehRequest->resource == LED.handle)