class EnrolleeResource;
class OCSecureResource;
+ typedef std::vector<OCProvisionResult_t> PMResultList_t;
+
/**
* This class contains the methods needed for security layer interaction.
*
void registerCallbackHandler(SecurityProvStatusCb securityProvStatusCb,
SecurityPinCb securityPinCb, SecProvisioningDbPathCb secProvisioningDbPathCb);
void performOwnershipTransfer();
+ void performACLProvisioningForCloudServer(OicUuid_t serverUuid);
private:
std::shared_ptr< OC::OCResource > m_ocResource;
std::shared_ptr< OC::OCSecureResource > getEnrollee(OC::DeviceList_t &list);
void ownershipTransferCb(OC::PMResultList_t *result, int hasError);
void convertUUIDToString(OicUuid_t uuid, std::string& uuidString);
+ OicSecAcl_t* createAcl(OicUuid_t serverUuid);
+
+ void ACLProvisioningCb(PMResultList_t *result, int hasError);
};
}
}
#include "ESException.h"
#include "oic_malloc.h"
#include "oic_string.h"
+#include "utlist.h"
namespace OIC
{
std::shared_ptr< OC::OCResource > resource,
std::string secDbPath)
{
+ (void) secDbPath;
m_ocResource = resource;
}
throw ESException("No unOwned devices found.");
}
}
+
+ void EnrolleeSecurity::performACLProvisioningForCloudServer(OicUuid_t serverUuid)
+ {
+ // Need to discover Owned device in a given network, again
+ OC::DeviceList_t pOwnedDevList;
+ std::shared_ptr< OC::OCSecureResource > ownedDevice = NULL;
+
+ pOwnedDevList.clear();
+
+ OCStackResult result;
+
+ result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT,
+ pOwnedDevList);
+ if (result != OC_STACK_OK)
+ {
+ OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed.");
+ //Throw exception
+ throw ESPlatformException(result);
+ }
+ else if (pOwnedDevList.size())
+ {
+ OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d",
+ pOwnedDevList.size());
+ ownedDevice = getEnrollee(pOwnedDevList);
+
+ if (!ownedDevice)
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+ return;
+ }
+ }
+ else
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+ return;
+ }
+
+ // Create Acl for Cloud Server to be provisioned to Enrollee
+ OicSecAcl_t* acl = createAcl(serverUuid);
+ if(!acl)
+ {
+ OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "createAcl error return");
+ return;
+ }
+
+ OC::ResultCallBack aclProvisioningCb = std::bind(
+ &EnrolleeSecurity::ACLProvisioningCb, this, std::placeholders::_1,
+ std::placeholders::_2);
+ // ACL provisioning to Enrollee
+ OCStackResult rst = ownedDevice->provisionACL(acl, aclProvisioningCb);
+ if(OC_STACK_OK != rst)
+ {
+ OIC_LOG_V(ERROR, ENROLEE_SECURITY_TAG, "OCProvisionACL API error: %d", rst);
+ return;
+ }
+ }
+
+ OicSecAcl_t* EnrolleeSecurity::createAcl(OicUuid_t serverUuid)
+ {
+ // allocate memory for |acl| struct
+ OicSecAcl_t* acl = (OicSecAcl_t*) OICCalloc(1, sizeof(OicSecAcl_t));
+ if(!acl)
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+ return NULL; // not need to 'goto' |ERROR| before allocating |acl|
+ }
+ OicSecAce_t* ace = (OicSecAce_t*) OICCalloc(1, sizeof(OicSecAce_t));
+ if(!ace)
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+ return NULL; // not need to 'goto' |ERROR| before allocating |acl|
+ }
+ LL_APPEND(acl->aces, ace);
+
+ memcpy(&ace->subjectuuid, &serverUuid, UUID_LENGTH);
+
+ OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+ if(!rsrc)
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+ OCDeleteACLList(acl);
+ return NULL;
+ }
+
+ char href[] = "*";
+ size_t len = strlen(href)+1; // '1' for null termination
+ rsrc->href = (char*) OICCalloc(len, sizeof(char));
+ if(!rsrc)
+ {
+ OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+ OCDeleteACLList(acl);
+ return NULL;
+ }
+ OICStrcpy(rsrc->href, len, href);
+
+ int arrLen = 1;
+ rsrc->typeLen = arrLen;
+ rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+ rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
+ rsrc->types[0] = OICStrdup("rt"); // ignore
+ rsrc->interfaces[0] = OICStrdup("if"); // ignore
+
+ LL_APPEND(ace->resources, rsrc);
+
+ ace->permission = 31; // R/W/U/D
+
+ return acl;
+ }
+
+ void EnrolleeSecurity::ACLProvisioningCb(PMResultList_t *result, int hasError)
+ {
+ (void) result;
+ (void) hasError;
+ }
}
}