Per Core Spec conventions, even though PUT is technically legal
for Create or Update, PUT is only ever used for Create. Therefore
we need to change the CRUDN permission bit check in security layer.
Updated Readme.scons.txt and README-building-and-running-secure-IoTivity-
stack.txt to clarify build and use of secure IoTivity stack.
Change-Id: Id362c9c0225e53240b2d1f844c5f05d55cfa2938
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14579
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Phil Coval <philippe.coval@osg.samsung.com>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Craig Pratt <craig@ecaspia.com>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
(cherry picked from commit
da4ccd548c926669896e844a672edb32f8de6d70)
Reviewed-on: https://gerrit.iotivity.org/gerrit/14719
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
('<iotivity>' is the path to 'iotivity' project. If your device is x86, arm,
or arm64, please change 'x86_64' to the proper arch)
+3. To build and test IoTivity with Security enabled (required for certification)
+follow the instructions found in:
+ <iotivity>/resource/csdk/security/README-building-and-running-secure-IoTivity-stack.txt
+
== How to build IoTivity projects ==
IoTivity includes a series of projects. You can find all these projects here:
-LAST UPDATED 9/29/2016
+LAST UPDATED 11/20/2016
-To build the IoTivity stack with the security features enabled:
+To prepare the environment for building IoTivity:
+
+1) Install the tools and libraries for building IoTivity by following the
+ instructions in the <iotivity-base>/Readme.scons.txt file.
+
+2) In addition, install the sqlite3 developer library:
+ $ sudo apt-get install libsqlite3-dev
+
+3) Finally, download the mbedtls library:
+ $ git clone https://github.com/ARMmbed/mbedtls.git extlibs/mbedtls/mbedtls
+
+To build the IoTivity stack with the security features enabled (required for
+ certification):
1) Build IoTivity with security enabled:
$ cd <iotivity-base>
$ export LD_LIBRARY_PATH=<iotivity-base>/out/<...>/release
$ ./ocserverbasicops &
$ ./occlientbasicops -t 1
- NOTE: Console messages below indicate success:
+ NOTE: Console messages below indicate success (may not be at bottom of
+ response printout... search up a page or so on the console):
"INFO: occlientbasicops: Uri -- /a/led
- INFO: occlientbasicops: SECUREPORT udp: 51516
+ INFO: occlientbasicops: SECUREPORT udp: 51516 <-- actual port may differ
INFO: occlientbasicops: Secure -- YES"
+ Press <ctrl-c> to quit occlientbasicops, then run:
$ ./occlientbasicops -t 2
- NOTE: Completion of 'GET' and 'PUT' query to /a/led indicates success!
-
+ NOTE: receipt of of 'Get Response', 'Put Response' and 'Post Response'
+ from /a/led indicates success.
+ Example Response:
+ "33:43.222 INFO: occlientbasicops: Callback Context for PUT recvd successfully
+ 33:43.222 INFO: occlientbasicops: StackResult: OC_STACK_UNAUTHORIZED_REQ
+ 33:43.222 INFO: PayloadLog: NULL Payload
+ 33:43.222 INFO: occlientbasicops: =============> Put Response
+ 33:43.326 INFO: occlientbasicops: Callback Context for POST recvd successfully
+ 33:43.326 INFO: occlientbasicops: StackResult: UNKNOWN
+ 33:43.326 INFO: PayloadLog: Payload Type: Representation
+ 33:43.326 INFO: PayloadLog: Resource #1
+ 33:43.326 INFO: PayloadLog: Values:
+ 33:43.326 INFO: PayloadLog: createduri(string):/a/led/0
+ 33:43.326 INFO: occlientbasicops: =============> Post Response
+ 33:43.426 INFO: occlientbasicops: Callback Context for POST recvd successfully
+ 33:43.426 INFO: occlientbasicops: StackResult: UNKNOWN
+ 33:43.426 INFO: PayloadLog: Payload Type: Representation
+ 33:43.426 INFO: PayloadLog: Resource #1
+ 33:43.426 INFO: PayloadLog: Values:
+ 33:43.426 INFO: PayloadLog: createduri(string):/a/led/1
+ 33:43.426 INFO: occlientbasicops: =============> Post Response
+ 33:43.526 INFO: occlientbasicops: Callback Context for POST recvd successfully
+ 33:43.526 INFO: occlientbasicops: StackResult: UNKNOWN
+ 33:43.526 INFO: PayloadLog: Payload Type: Representation
+ 33:43.526 INFO: PayloadLog: Resource #1
+ 33:43.526 INFO: PayloadLog: Values:
+ 33:43.526 INFO: PayloadLog: state(bool):true
+ 33:43.526 INFO: PayloadLog: power(int):15
+ 33:43.526 INFO: occlientbasicops: =============> Post Response"
case CA_GET:
perm = (uint16_t)PERMISSION_READ;
break;
- case CA_POST: // For now we treat all PUT & POST as Write
- case CA_PUT: // because we don't know if resource exists yet.
+ case CA_POST: // Treat all POST as Write (Update) because
+ // we don't know if resource exists yet.
+ // This will be addressed in IoTivity impl of OCF 1.0
perm = (uint16_t)PERMISSION_WRITE;
break;
+ case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
+ // never for Update.
+ perm = (uint16_t)PERMISSION_CREATE;
+ break;
case CA_DELETE:
perm = (uint16_t)PERMISSION_DELETE;
break;
case TEST_NON_CON_OP:
InitGetRequest(OC_LOW_QOS);
InitPutRequest(OC_LOW_QOS);
- //InitPostRequest(OC_LOW_QOS);
+ InitPostRequest(OC_LOW_QOS);
break;
case TEST_CON_OP:
InitGetRequest(OC_HIGH_QOS);
InitPutRequest(OC_HIGH_QOS);
- //InitPostRequest(OC_HIGH_QOS);
+ InitPostRequest(OC_HIGH_QOS);
break;
}
}
return (UnicastDiscovery) ? OC_STACK_DELETE_TRANSACTION : OC_STACK_KEEP_TRANSACTION ;
}
-
int InitPutRequest(OCQualityOfService qos)
{
OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
std::ostringstream query;
query << coapServerResource;
+ if(WithTcp)
+ {
+ endpoint.adapter = OC_ADAPTER_TCP;
+ }
endpoint.flags = (OCTransportFlags)(endpoint.flags|OC_SECURE);
// First POST operation (to create an LED instance)
OIC_LOG(INFO, TAG, "Second POST call did not succeed");
}
- // This POST operation will update the original resourced /a/led
- return (InvokeOCDoResource(query, OC_REST_POST, &endpoint,
- ((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS),
- postReqCB, NULL, 0));
+ // This POST operation will update the original resourced /a/led (as long as
+ // the server is set to max 2 /lcd resources)
+ result = InvokeOCDoResource(query, OC_REST_POST, &endpoint,
+ ((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS),
+ postReqCB, NULL, 0);
+ if (OC_STACK_OK != result)
+ {
+ OIC_LOG(INFO, TAG, "Third POST call did not succeed");
+ }
+ return result;
}
int InitGetRequest(OCQualityOfService qos)
gResourceUri = (char *) "/a/led/1";
}
- if(OC_REST_PUT == ehRequest->method)
+ if(OC_REST_PUT == ehRequest->method
+ || OC_REST_POST == ehRequest->method)
{
// Get pointer to query
int64_t pow;
* resource is created with default representation (if representation is included in
* POST payload it can be used as initial values) as long as the instance is
* lesser than max new instance count. Once max instance count is reached, POST on
- * /a/led updated the representation of /a/led (just like PUT)
+ * /a/led updated the representation of /a/led.
*/
if (ehRequest->resource == LED.handle)