[IOT-1366] coaps request for secure resource

author Randeep Singh <randeep.s@samsung.com>

Fri, 30 Sep 2016 06:31:21 +0000 (12:01 +0530)

committer Randeep Singh <randeep.s@samsung.com>

Thu, 6 Oct 2016 09:10:31 +0000 (09:10 +0000)
author Randeep Singh <randeep.s@samsung.com>
Fri, 30 Sep 2016 06:31:21 +0000 (12:01 +0530)
committer Randeep Singh <randeep.s@samsung.com>
Thu, 6 Oct 2016 09:10:31 +0000 (09:10 +0000)
diff --git a/resource/csdk/octbstack_product.def b/resource/csdk/octbstack_product.def

index d5edf44..f55aa1d 100644 (file)
--- a/resource/csdk/octbstack_product.def
+++ b/resource/csdk/octbstack_product.def
@@ -99,3 +99,4 @@ OCStopPresence
  OCUnBindResource
  OCSetHeaderOption
  OCGetHeaderOption
+FindResourceByUri
diff --git a/resource/csdk/security/src/secureresourcemanager.c b/resource/csdk/security/src/secureresourcemanager.c

index f9644d4..1d6b0f2 100644 (file)
--- a/resource/csdk/security/src/secureresourcemanager.c
+++ b/resource/csdk/security/src/secureresourcemanager.c
@@ -32,6 +32,8 @@
  #include "securevirtualresourcetypes.h"
  #include "secureresourcemanager.h"
  #include "srmresourcestrings.h"
+#include "ocresourcehandler.h"
+
  #ifdef __WITH_TLS__
  #include "pkix_interface.h"
  #endif //__WITH_TLS__
@@ -137,6 +139,7 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ
  {
      OIC_LOG(DEBUG, TAG, "Received request from remote device");
  
+    bool isRequestOverSecureChannel = false;
      if (!endPoint || !requestInfo)
      {
          OIC_LOG(ERROR, TAG, "Invalid arguments");
@@ -147,6 +150,13 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ
      OicUuid_t subjectId = {.id = {0}};
      memcpy(subjectId.id, requestInfo->info.identity.id, sizeof(subjectId.id));
  
+    // if subject id is null that means request is sent thru coap.
+    if (NULL != subjectId.id)
+    {
+        OIC_LOG(INFO, TAG, "request over secure channel");
+        isRequestOverSecureChannel = true;
+    }
+
      //Check the URI has the query and skip it before checking the permission
      char *uri = strstr(requestInfo->info.resourceUri, "?");
      int position = 0;
@@ -170,6 +180,32 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ
  
      SetResourceRequestType(&g_policyEngineContext, newUri);
  
+     // Form a 'Error', 'slow response' or 'access deny' response and send to peer
+    CAResponseInfo_t responseInfo = {.result = CA_EMPTY};
+    memcpy(&responseInfo.info, &(requestInfo->info), sizeof(responseInfo.info));
+    responseInfo.info.payload = NULL;
+    responseInfo.info.dataType = CA_RESPONSE_DATA;
+
+    OCResource *resPtr = FindResourceByUri(newUri);
+    if (NULL != resPtr)
+    {
+        // check whether request is for secure resource or not
+        if (((resPtr->resourceProperties) & OC_SECURE))
+        {
+           // if resource is secure and request is over insecure channel
+            if (!isRequestOverSecureChannel)
+            {
+                // Reject all the requests over coap for secure resource.
+                responseInfo.result = CA_FORBIDDEN_REQ;
+                if (CA_STATUS_OK != CASendResponse(endPoint, &responseInfo))
+                {
+                    OIC_LOG(ERROR, TAG, "Failed in sending response to a unauthorized request!");
+                }
+                return;
+            }
+        }
+    }
+
      //New request are only processed if the policy engine state is AWAITING_REQUEST.
      if (AWAITING_REQUEST == g_policyEngineContext.state)
      {
@@ -190,12 +226,6 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ
          return;
      }
  
-    // Form a 'Error', 'slow response' or 'access deny' response and send to peer
-    CAResponseInfo_t responseInfo = {.result = CA_EMPTY};
-    memcpy(&responseInfo.info, &(requestInfo->info), sizeof(responseInfo.info));
-    responseInfo.info.payload = NULL;
-    responseInfo.info.dataType = CA_RESPONSE_DATA;
-
      VERIFY_NON_NULL(TAG, gRequestHandler, ERROR);
  
      if (ACCESS_WAITING_FOR_AMS == response)
diff --git a/resource/csdk/stack/include/internal/ocresourcehandler.h b/resource/csdk/stack/include/internal/ocresourcehandler.h

index ba25f5d..fbc1b9b 100644 (file)
--- a/resource/csdk/stack/include/internal/ocresourcehandler.h
+++ b/resource/csdk/stack/include/internal/ocresourcehandler.h
@@ -25,6 +25,10 @@
  #include "ocstackinternal.h"
  #include "ocserverrequest.h"
  
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
  /**
   * Common JSON string components used by the stack to build JSON strings.
   * These details are exposed in ocstackconfig.h file in the form of documentation.
@@ -185,5 +189,8 @@ OCStackResult BuildResponseRepresentation(const OCResource *resourcePtr,
   */
  OCStackResult EntityHandlerCodeToOCStackCode(OCEntityHandlerResult ehResult);
  
+#ifdef __cplusplus
+}
+#endif // __cplusplus
  #endif //OC_RESOURCEHANDLER_H
author	Randeep Singh <randeep.s@samsung.com>
	Fri, 30 Sep 2016 06:31:21 +0000 (12:01 +0530)
committer	Randeep Singh <randeep.s@samsung.com>
	Thu, 6 Oct 2016 09:10:31 +0000 (09:10 +0000)
resource/csdk/octbstack_product.def		patch \| blob \| history
resource/csdk/security/src/secureresourcemanager.c		patch \| blob \| history
resource/csdk/stack/include/internal/ocresourcehandler.h		patch \| blob \| history