#include "securevirtualresourcetypes.h"
#include "secureresourcemanager.h"
#include "srmresourcestrings.h"
+#include "ocresourcehandler.h"
+
#ifdef __WITH_TLS__
#include "pkix_interface.h"
#endif //__WITH_TLS__
{
OIC_LOG(DEBUG, TAG, "Received request from remote device");
+ bool isRequestOverSecureChannel = false;
if (!endPoint || !requestInfo)
{
OIC_LOG(ERROR, TAG, "Invalid arguments");
OicUuid_t subjectId = {.id = {0}};
memcpy(subjectId.id, requestInfo->info.identity.id, sizeof(subjectId.id));
+ // if subject id is null that means request is sent thru coap.
+ if (NULL != subjectId.id)
+ {
+ OIC_LOG(INFO, TAG, "request over secure channel");
+ isRequestOverSecureChannel = true;
+ }
+
//Check the URI has the query and skip it before checking the permission
char *uri = strstr(requestInfo->info.resourceUri, "?");
int position = 0;
SetResourceRequestType(&g_policyEngineContext, newUri);
+ // Form a 'Error', 'slow response' or 'access deny' response and send to peer
+ CAResponseInfo_t responseInfo = {.result = CA_EMPTY};
+ memcpy(&responseInfo.info, &(requestInfo->info), sizeof(responseInfo.info));
+ responseInfo.info.payload = NULL;
+ responseInfo.info.dataType = CA_RESPONSE_DATA;
+
+ OCResource *resPtr = FindResourceByUri(newUri);
+ if (NULL != resPtr)
+ {
+ // check whether request is for secure resource or not
+ if (((resPtr->resourceProperties) & OC_SECURE))
+ {
+ // if resource is secure and request is over insecure channel
+ if (!isRequestOverSecureChannel)
+ {
+ // Reject all the requests over coap for secure resource.
+ responseInfo.result = CA_FORBIDDEN_REQ;
+ if (CA_STATUS_OK != CASendResponse(endPoint, &responseInfo))
+ {
+ OIC_LOG(ERROR, TAG, "Failed in sending response to a unauthorized request!");
+ }
+ return;
+ }
+ }
+ }
+
//New request are only processed if the policy engine state is AWAITING_REQUEST.
if (AWAITING_REQUEST == g_policyEngineContext.state)
{
return;
}
- // Form a 'Error', 'slow response' or 'access deny' response and send to peer
- CAResponseInfo_t responseInfo = {.result = CA_EMPTY};
- memcpy(&responseInfo.info, &(requestInfo->info), sizeof(responseInfo.info));
- responseInfo.info.payload = NULL;
- responseInfo.info.dataType = CA_RESPONSE_DATA;
-
VERIFY_NON_NULL(TAG, gRequestHandler, ERROR);
if (ACCESS_WAITING_FOR_AMS == response)