Add an API to provision ACL of cloud server

Mediator should provision ACL of cloud server to Enrollee so that
cloud server can access to Enrollee. For that we need to know a device ID
represented by cloud server which Enrollee will register.

Change-Id: Ic8099f6e821bccb909b5e6d11317a3d563c778ca
Signed-off-by: Jihun Ha <jihun.ha@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/9603
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Heewon Park <h_w.park@samsung.com>
Reviewed-by: Uze Choi <uzchoi@samsung.com>

diff --git a/service/easy-setup/mediator/richsdk/inc/EnrolleeSecurity.h b/service/easy-setup/mediator/richsdk/inc/EnrolleeSecurity.h
index 580b9ba..33c576f 100755 (executable)
--- a/service/easy-setup/mediator/richsdk/inc/EnrolleeSecurity.h
+++ b/service/easy-setup/mediator/richsdk/inc/EnrolleeSecurity.h
@@ -35,6 +35,8 @@ namespace OIC
         class EnrolleeResource;
         class OCSecureResource;
 
+        typedef std::vector<OCProvisionResult_t> PMResultList_t;
+
         /**
          * This class contains the methods needed for security  layer interaction.
          *
@@ -48,6 +50,7 @@ namespace OIC
             void registerCallbackHandler(SecurityProvStatusCb securityProvStatusCb,
                     SecurityPinCb securityPinCb, SecProvisioningDbPathCb secProvisioningDbPathCb);
             void performOwnershipTransfer();
+            void performACLProvisioningForCloudServer(OicUuid_t serverUuid);
 
         private:
             std::shared_ptr< OC::OCResource > m_ocResource;
@@ -62,6 +65,9 @@ namespace OIC
             std::shared_ptr< OC::OCSecureResource > getEnrollee(OC::DeviceList_t &list);
             void ownershipTransferCb(OC::PMResultList_t *result, int hasError);
             void convertUUIDToString(OicUuid_t uuid, std::string& uuidString);
+            OicSecAcl_t* createAcl(OicUuid_t serverUuid);
+
+            void ACLProvisioningCb(PMResultList_t *result, int hasError);
         };
     }
 }

diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp
index f485748..332fe34 100755 (executable)
--- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp
+++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp
@@ -28,6 +28,7 @@
 #include "ESException.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
+#include "utlist.h"
 
 namespace OIC
 {
@@ -50,6 +51,7 @@ namespace OIC
         std::shared_ptr< OC::OCResource > resource,
         std::string secDbPath)
         {
+            (void) secDbPath;
             m_ocResource = resource;
         }
 
@@ -210,5 +212,119 @@ namespace OIC
                 throw ESException("No unOwned devices found.");
             }
         }
+
+        void EnrolleeSecurity::performACLProvisioningForCloudServer(OicUuid_t serverUuid)
+        {
+            // Need to discover Owned device in a given network, again
+            OC::DeviceList_t pOwnedDevList;
+            std::shared_ptr< OC::OCSecureResource > ownedDevice = NULL;
+
+            pOwnedDevList.clear();
+
+            OCStackResult result;
+
+            result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT,
+                    pOwnedDevList);
+            if (result != OC_STACK_OK)
+            {
+                OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed.");
+                //Throw exception
+                throw ESPlatformException(result);
+            }
+            else if (pOwnedDevList.size())
+            {
+                OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d",
+                        pOwnedDevList.size());
+                ownedDevice = getEnrollee(pOwnedDevList);
+
+                if (!ownedDevice)
+                {
+                    OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+                    return;
+                }
+            }
+            else
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+                return;
+            }
+
+            // Create Acl for Cloud Server to be provisioned to Enrollee
+            OicSecAcl_t* acl = createAcl(serverUuid);
+            if(!acl)
+            {
+                OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "createAcl error return");
+                return;
+            }
+
+            OC::ResultCallBack aclProvisioningCb = std::bind(
+                            &EnrolleeSecurity::ACLProvisioningCb, this, std::placeholders::_1,
+                            std::placeholders::_2);
+            // ACL provisioning to Enrollee
+            OCStackResult rst = ownedDevice->provisionACL(acl, aclProvisioningCb);
+            if(OC_STACK_OK != rst)
+            {
+                OIC_LOG_V(ERROR, ENROLEE_SECURITY_TAG, "OCProvisionACL API error: %d", rst);
+                return;
+            }
+        }
+
+        OicSecAcl_t* EnrolleeSecurity::createAcl(OicUuid_t serverUuid)
+        {
+            // allocate memory for |acl| struct
+            OicSecAcl_t* acl = (OicSecAcl_t*) OICCalloc(1, sizeof(OicSecAcl_t));
+            if(!acl)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+                return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
+            }
+            OicSecAce_t* ace = (OicSecAce_t*) OICCalloc(1, sizeof(OicSecAce_t));
+            if(!ace)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,  "createAcl: OICCalloc error return");
+                return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
+            }
+            LL_APPEND(acl->aces, ace);
+
+            memcpy(&ace->subjectuuid, &serverUuid, UUID_LENGTH);
+
+            OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+            if(!rsrc)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+                OCDeleteACLList(acl);
+                return NULL;
+            }
+
+            char href[] = "*";
+            size_t len = strlen(href)+1;  // '1' for null termination
+            rsrc->href = (char*) OICCalloc(len, sizeof(char));
+            if(!rsrc)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,  "createAcl: OICCalloc error return");
+                OCDeleteACLList(acl);
+                return NULL;
+            }
+            OICStrcpy(rsrc->href, len, href);
+
+            int arrLen = 1;
+            rsrc->typeLen = arrLen;
+            rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+            rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
+            rsrc->types[0] = OICStrdup("rt");   // ignore
+            rsrc->interfaces[0] = OICStrdup("if");  // ignore
+
+            LL_APPEND(ace->resources, rsrc);
+
+            ace->permission = 31;   // R/W/U/D
+
+            return acl;
+        }
+
+        void EnrolleeSecurity::ACLProvisioningCb(PMResultList_t *result, int hasError)
+        {
+            (void) result;
+            (void) hasError;
+        }
     }
 }