Add an API to provision ACL of cloud server
authorJihun Ha <jihun.ha@samsung.com>
Fri, 22 Jul 2016 07:40:04 +0000 (16:40 +0900)
committerUze Choi <uzchoi@samsung.com>
Thu, 28 Jul 2016 08:14:01 +0000 (08:14 +0000)
Mediator should provision ACL of cloud server to Enrollee so that
cloud server can access to Enrollee. For that we need to know a device ID
represented by cloud server which Enrollee will register.

Change-Id: Ic8099f6e821bccb909b5e6d11317a3d563c778ca
Signed-off-by: Jihun Ha <jihun.ha@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/9603
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Heewon Park <h_w.park@samsung.com>
Reviewed-by: Uze Choi <uzchoi@samsung.com>
service/easy-setup/mediator/richsdk/inc/EnrolleeSecurity.h
service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp

index 580b9ba371dab2535cc9aebf2b6e0fa431460cc2..33c576f55f25b003d88398a3b1679eea0469824f 100755 (executable)
@@ -35,6 +35,8 @@ namespace OIC
         class EnrolleeResource;
         class OCSecureResource;
 
+        typedef std::vector<OCProvisionResult_t> PMResultList_t;
+
         /**
          * This class contains the methods needed for security  layer interaction.
          *
@@ -48,6 +50,7 @@ namespace OIC
             void registerCallbackHandler(SecurityProvStatusCb securityProvStatusCb,
                     SecurityPinCb securityPinCb, SecProvisioningDbPathCb secProvisioningDbPathCb);
             void performOwnershipTransfer();
+            void performACLProvisioningForCloudServer(OicUuid_t serverUuid);
 
         private:
             std::shared_ptr< OC::OCResource > m_ocResource;
@@ -62,6 +65,9 @@ namespace OIC
             std::shared_ptr< OC::OCSecureResource > getEnrollee(OC::DeviceList_t &list);
             void ownershipTransferCb(OC::PMResultList_t *result, int hasError);
             void convertUUIDToString(OicUuid_t uuid, std::string& uuidString);
+            OicSecAcl_t* createAcl(OicUuid_t serverUuid);
+
+            void ACLProvisioningCb(PMResultList_t *result, int hasError);
         };
     }
 }
index f485748d995f00e084a79233c784490a70688f95..332fe3430e19791daa982f83366367dea23dbbce 100755 (executable)
@@ -28,6 +28,7 @@
 #include "ESException.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
+#include "utlist.h"
 
 namespace OIC
 {
@@ -50,6 +51,7 @@ namespace OIC
         std::shared_ptr< OC::OCResource > resource,
         std::string secDbPath)
         {
+            (void) secDbPath;
             m_ocResource = resource;
         }
 
@@ -210,5 +212,119 @@ namespace OIC
                 throw ESException("No unOwned devices found.");
             }
         }
+
+        void EnrolleeSecurity::performACLProvisioningForCloudServer(OicUuid_t serverUuid)
+        {
+            // Need to discover Owned device in a given network, again
+            OC::DeviceList_t pOwnedDevList;
+            std::shared_ptr< OC::OCSecureResource > ownedDevice = NULL;
+
+            pOwnedDevList.clear();
+
+            OCStackResult result;
+
+            result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT,
+                    pOwnedDevList);
+            if (result != OC_STACK_OK)
+            {
+                OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed.");
+                //Throw exception
+                throw ESPlatformException(result);
+            }
+            else if (pOwnedDevList.size())
+            {
+                OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d",
+                        pOwnedDevList.size());
+                ownedDevice = getEnrollee(pOwnedDevList);
+
+                if (!ownedDevice)
+                {
+                    OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+                    return;
+                }
+            }
+            else
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices.");
+                return;
+            }
+
+            // Create Acl for Cloud Server to be provisioned to Enrollee
+            OicSecAcl_t* acl = createAcl(serverUuid);
+            if(!acl)
+            {
+                OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "createAcl error return");
+                return;
+            }
+
+            OC::ResultCallBack aclProvisioningCb = std::bind(
+                            &EnrolleeSecurity::ACLProvisioningCb, this, std::placeholders::_1,
+                            std::placeholders::_2);
+            // ACL provisioning to Enrollee
+            OCStackResult rst = ownedDevice->provisionACL(acl, aclProvisioningCb);
+            if(OC_STACK_OK != rst)
+            {
+                OIC_LOG_V(ERROR, ENROLEE_SECURITY_TAG, "OCProvisionACL API error: %d", rst);
+                return;
+            }
+        }
+
+        OicSecAcl_t* EnrolleeSecurity::createAcl(OicUuid_t serverUuid)
+        {
+            // allocate memory for |acl| struct
+            OicSecAcl_t* acl = (OicSecAcl_t*) OICCalloc(1, sizeof(OicSecAcl_t));
+            if(!acl)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+                return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
+            }
+            OicSecAce_t* ace = (OicSecAce_t*) OICCalloc(1, sizeof(OicSecAce_t));
+            if(!ace)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,  "createAcl: OICCalloc error return");
+                return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
+            }
+            LL_APPEND(acl->aces, ace);
+
+            memcpy(&ace->subjectuuid, &serverUuid, UUID_LENGTH);
+
+            OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+            if(!rsrc)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "createAcl: OICCalloc error return");
+                OCDeleteACLList(acl);
+                return NULL;
+            }
+
+            char href[] = "*";
+            size_t len = strlen(href)+1;  // '1' for null termination
+            rsrc->href = (char*) OICCalloc(len, sizeof(char));
+            if(!rsrc)
+            {
+                OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,  "createAcl: OICCalloc error return");
+                OCDeleteACLList(acl);
+                return NULL;
+            }
+            OICStrcpy(rsrc->href, len, href);
+
+            int arrLen = 1;
+            rsrc->typeLen = arrLen;
+            rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+            rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
+            rsrc->types[0] = OICStrdup("rt");   // ignore
+            rsrc->interfaces[0] = OICStrdup("if");  // ignore
+
+            LL_APPEND(ace->resources, rsrc);
+
+            ace->permission = 31;   // R/W/U/D
+
+            return acl;
+        }
+
+        void EnrolleeSecurity::ACLProvisioningCb(PMResultList_t *result, int hasError)
+        {
+            (void) result;
+            (void) hasError;
+        }
     }
 }