#ifdef __WITH_X509__
#include "pki.h"
+#include "crl.h"
#include "cainterface.h"
-#include "credresource.h"
+
+/* lenght of ASN.1 header in DER format
+ * for subject field in X.509 certificate */
+#define DER_SUBJECT_HEADER_LEN (9)
+
#undef VERIFY_SUCCESS
#define VERIFY_SUCCESS(op, successCode) { if ((op) != (successCode)) \
{OIC_LOG_V(FATAL, NET_DTLS_TAG, "%s failed!!", #op); goto exit;} }
*/
static CAGetDTLSCredentialsHandler g_getCredentialsCallback = NULL;
+#ifdef __WITH_X509__
+/**
+ * @var g_getX509CredentialsCallback
+ * @brief callback to get DTLS certificate credentials
+ */
+static CAGetDTLSX509CredentialsHandler g_getX509CredentialsCallback = NULL;
+/**
+ * @var g_getCrlCallback
+ * @brief callback to get CRL for DTLS
+ */
+static CAGetDTLSCrlHandler g_getCrlCallback = NULL;
+#endif //__WITH_X509__
+
static CASecureEndpoint_t *GetPeerInfo(const CAEndpoint_t *peer)
{
uint32_t list_index = 0;
OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT");
}
+#ifdef __WITH_X509__
+void CADTLSSetX509CredentialsCallback(CAGetDTLSX509CredentialsHandler credCallback)
+{
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "IN");
+ g_getX509CredentialsCallback = credCallback;
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT");
+}
+void CADTLSSetCrlCallback(CAGetDTLSCrlHandler crlCallback)
+{
+ // TODO Does this method needs protection of DtlsContextMutex ?
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "IN");
+ g_getCrlCallback = crlCallback;
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT");
+}
+#endif // __WITH_X509__
+
CAResult_t CADtlsSelectCipherSuite(const dtls_cipher_t cipher)
{
OIC_LOG(DEBUG, NET_DTLS_TAG, "IN CADtlsSelectCipherSuite");
}
#ifdef __WITH_X509__
-static CADtlsCertCreds_t g_X509Cred = {{0}, 0, 0, {0}, {0}, {0}};
-
-static int g_IsX509Init = 0;
+static CADtlsX509Creds_t g_X509Cred = {{0}, 0, 0, {0}, {0}, {0}};
int CAInitX509()
{
OIC_LOG(DEBUG, NET_DTLS_TAG, "IN CAInitX509");
- g_IsX509Init = (OC_STACK_OK == GetDtlsCertCredentials(&g_X509Cred));
-
- OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT CAInitX509");
- return !g_IsX509Init;
-}
+ VERIFY_NON_NULL_RET(g_getX509CredentialsCallback, NET_DTLS_TAG, "GetX509Credential callback", -1);
+ int isX509Init = (0 == g_getX509CredentialsCallback(&g_X509Cred));
+ if (isX509Init)
+ {
+ uint8_t crlData[CRL_MAX_LEN] = {0};
+ ByteArray crlArray = {crlData, CRL_MAX_LEN};
+ g_getCrlCallback(crlArray);
+ if (crlArray.len > 0)
+ {
+ uint8_t keyData[PUBLIC_KEY_SIZE] = {0};
+ CertificateList crl = CRL_INITIALIZER;
+ ByteArray rootPubKey = {keyData, PUBLIC_KEY_SIZE};
+ memcpy(keyData, g_X509Cred.rootPublicKeyX, PUBLIC_KEY_SIZE / 2);
+ memcpy(keyData + PUBLIC_KEY_SIZE / 2, g_X509Cred.rootPublicKeyY, PUBLIC_KEY_SIZE / 2);
+ DecodeCertificateList(crlArray, &crl, rootPubKey);
+ }
+ }
-void CADeInitX509()
-{
- g_IsX509Init = 0;
+ OIC_LOG(DEBUG, NET_DTLS_TAG, "OUT CAInitX509");
+ if (isX509Init)
+ {
+ return 0;
+ }
+ else
+ {
+ return 1;
+ }
}
static dtls_ecc_key_t ecdsa_key = {DTLS_ECDH_CURVE_SECP256R1, NULL, NULL, NULL};
int ret = 1;
- if (!g_IsX509Init)
- {
- VERIFY_SUCCESS(CAInitX509(), 0);
- }
+ VERIFY_SUCCESS(CAInitX509(), 0);
ecdsa_key.priv_key = g_X509Cred.devicePrivateKey;
*result = &ecdsa_key;
{
OIC_LOG(DEBUG, NET_DTLS_TAG, "CAGetDeviceCertificate");
int ret = 1;
- if (!g_IsX509Init)
- {
- VERIFY_SUCCESS(CAInitX509(), 0);
- }
+
+ VERIFY_SUCCESS(CAInitX509(), 0);
+
*cert = g_X509Cred.certificateChain;
*cert_size = g_X509Cred.certificateChainLen;
#ifdef X509_DEBUG
{
OIC_LOG(DEBUG, NET_DTLS_TAG, "CAGetRootKey");
int ret = 1;
- if (!g_IsX509Init)
- {
- VERIFY_SUCCESS(CAInitX509(), 0);
- }
+
+ VERIFY_SUCCESS(CAInitX509(), 0);
+
*ca_pub_x = g_X509Cred.rootPublicKeyX;
*ca_pub_y = g_X509Cred.rootPublicKeyY;
CAConvertAddrToName(&(addrInfo->addr.st), peerAddr, &port);
CAResult_t result = CAAddIdToPeerInfoList(peerAddr, port,
- crtChain[0].subject.data + crtChain[0].subject.len - sizeof(OicUuid_t), sizeof(OicUuid_t));
+ crtChain[0].subject.data + DER_SUBJECT_HEADER_LEN + 2, crtChain[0].subject.data[DER_SUBJECT_HEADER_LEN + 1]);
if (CA_STATUS_OK != result )
{
OIC_LOG(ERROR, NET_DTLS_TAG, "Fail to add peer id to gDtlsPeerInfoList");
#endif
-
-
-
CAResult_t CAAdapterNetDtlsInit()
{
OIC_LOG(DEBUG, NET_DTLS_TAG, "IN");
g_caDtlsContext->callbacks.event = CAHandleSecureEvent;
#ifdef __WITH_X509__
- CAInitX509();
- if (g_IsX509Init == 0)
+ if (0 == CAInitX509())
#endif //__WITH_X509__
g_caDtlsContext->callbacks.get_psk_info = CAGetPskCredentials;
#ifdef __WITH_X509__
extern void CADTLSSetCredentialsCallback(CAGetDTLSCredentialsHandler credCallback);
#endif
+#ifdef __WITH_X509__
+// CAAdapterNetDTLS will register the callback.
+// Taking callback all the way through adapters not the right approach, hence calling here.
+extern void CADTLSSetX509CredentialsCallback(CAGetDTLSX509CredentialsHandler credCallback);
+extern void CADTLSSetCrlCallback(CAGetDTLSCrlHandler crlCallback);
+#endif
+
CAResult_t CAInitialize()
{
OIC_LOG(DEBUG, TAG, "CAInitialize");
}
#endif //__WITH_DTLS__
+#ifdef __WITH_X509__
+CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetDTLSX509CredentialsHandler)
+{
+ OIC_LOG(DEBUG, TAG, "CARegisterDTLSX509CredentialsHandler");
+
+ if(!g_isInitialized)
+ {
+ return CA_STATUS_NOT_INITIALIZED;
+ }
+
+ CADTLSSetX509CredentialsCallback(GetDTLSX509CredentialsHandler);
+ return CA_STATUS_OK;
+}
+
+CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetDTLSCrlHandler)
+{
+ OIC_LOG(DEBUG, TAG, "CARegisterDTLSCrlHandler");
+
+ if(!g_isInitialized)
+ {
+ return CA_STATUS_NOT_INITIALIZED;
+ }
+
+ CADTLSSetCrlCallback(GetDTLSCrlHandler);
+ return CA_STATUS_OK;
+}
+#endif //__WITH_X509__
+
CAResult_t CACreateEndpoint(CATransportFlags_t flags,
CATransportAdapter_t adapter,
const char *addr,
return ret;
}
-static OCStackResult GetCAPublicKeyData(CADtlsCertCreds_t *credInfo){
+static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){
OCStackResult ret = OC_STACK_ERROR;
uint8_t *ccPtr = credInfo->certificateChain;
for(uint32_t i =0; i < credInfo->chainLen - 1; ++i)
return ret;
}
-static OCStackResult GetCertCredPublicData(CADtlsCertCreds_t *credInfo, OicSecCred_t *cred)
+static OCStackResult GetCertCredPublicData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
{
OCStackResult ret = OC_STACK_ERROR;
VERIFY_NON_NULL(TAG, credInfo, ERROR);
return ret;
}
-static OCStackResult GetCertCredPrivateData(CADtlsCertCreds_t *credInfo, OicSecCred_t *cred)
+static OCStackResult GetCertCredPrivateData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
{
OCStackResult ret = OC_STACK_ERROR;
VERIFY_NON_NULL(TAG, credInfo, ERROR);
return ret;
}
-OCStackResult GetDtlsCertCredentials(CADtlsCertCreds_t *credInfo)
+int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
{
- OCStackResult ret = OC_STACK_ERROR;
+ int ret = 1;
VERIFY_NON_NULL(TAG, credInfo, ERROR);
if (NULL == gCred)
{
VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPrivateData(credInfo, cred), ERROR);
VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPublicData(credInfo, cred), ERROR);
- ret = OC_STACK_OK;
+ ret = 0;
exit:
return ret;
projects / platform / upstream / iotivity.git / commitdiff