#define NUMBER_OF_DEFAULT_SEC_RSCS 2
#define STRING_UUID_SIZE (UUID_LENGTH * 2 + 5)
-static const uint8_t ACL_MAP_SIZE = 4;
-static const uint8_t ACL_ACLIST_MAP_SIZE = 1;
-static const uint8_t ACL_ACES_MAP_SIZE = 3;
+static const uint8_t ACL_MAP_SIZE = 4; // aclist, rowneruuid, RT and IF
+static const uint8_t ACL_ACLIST_MAP_SIZE = 1; // aces object
+static const uint8_t ACL_ACLIST2_MAP_SIZE = 1; // array
+static const uint8_t ACL_ACE_MAP_SIZE = 3; // subject, resource, permissions
+static const uint8_t ACL_ACE2_MAP_SIZE = 4; // aceid, subject, resource, permissions
static const uint8_t ACL_RESOURCE_MAP_SIZE = 3;
+static const uint8_t ACE_DID_MAP_SIZE = 1;
static const uint8_t ACE_ROLE_MAP_SIZE = 1;
-
+static const uint8_t ACE_CONN_MAP_SIZE = 1;
// CborSize is the default cbor payload size being used.
static const uint16_t CBOR_SIZE = 2048*8;
case OicSecAceRoleSubject:
memcpy(&newAce->subjectRole, &ace->subjectRole, sizeof(ace->subjectRole));
break;
+ case OicSecAceConntypeSubject:
+ newAce->subjectConn = ace->subjectConn;
+ break;
default:
assert(!"Unsupported ACE type");
OICFree(newAce);
VERIFY_NOT_NULL(TAG, newRsrc, ERROR);
LL_APPEND(newAce->resources, newRsrc);
- //href is mandatory
- VERIFY_NOT_NULL(TAG, rsrc->href, ERROR);
- newRsrc->href = (char*)OICStrdup(rsrc->href);
- VERIFY_NOT_NULL(TAG, newRsrc->href, ERROR);
+ // href is not mandatory in OCF 1.0/ACE2
+ if (rsrc->href)
+ {
+ newRsrc->href = OICStrdup(rsrc->href);
+ VERIFY_NOT_NULL(TAG, newRsrc->href, ERROR);
+ }
if(rsrc->rel)
{
VERIFY_NOT_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
}
}
+
+ newRsrc->wildcard = rsrc->wildcard;
}
//Permission
return size;
}
-OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, OicSecAclVersion_t aclVersion, uint8_t **payload, size_t *size)
+OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl,
+ OicSecAclVersion_t aclVersion, uint8_t **payload, size_t *size)
{
if (NULL == secAcl || NULL == payload || NULL != *payload || NULL == size)
{
switch (aclVersion)
{
case OIC_SEC_ACL_V1:
+ OIC_LOG_V(DEBUG, TAG, "%s encoding v1 ACL.", __func__);
+ break;
case OIC_SEC_ACL_V2:
+ OIC_LOG_V(DEBUG, TAG, "%s encoding v2 ACL.", __func__);
break;
default:
return OC_STACK_INVALID_PARAM;
size_t cborLen = *size;
*size = 0;
*payload = NULL;
+ char *subjectuuidstring = NULL;
+ const char *aclRsrcType = NULL;
+ const char *wcstring = NULL;
if (cborLen == 0)
{
cbor_encoder_init(&encoder, outPayload, cborLen, 0);
- // Create ACL Map (aclist, rownerid)
+ // Create ACL Map which contains aclist or aclist2, rowneruuid, rt and if
cborEncoderResult = cbor_encoder_create_map(&encoder, &aclMap, ACL_MAP_SIZE);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACL Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s starting encoding of %s resource.",
+ __func__, (OIC_SEC_ACL_V1 == aclVersion)?"v1 acl":"v2 acl2");
- cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
- strlen(OIC_JSON_ACLIST_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Name Tag.");
+ // v1 uses "aclist" as the top-level tag, containing an "aces" object
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST_NAME,
+ strlen(OIC_JSON_ACLIST_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1 %s tag.", __func__, OIC_JSON_ACLIST_NAME);
+ }
+ // v2 uses "aclist2" as the top-level tag, containing an array of ace2 objects
+ else
+ {
+ cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ACLIST2_NAME,
+ strlen(OIC_JSON_ACLIST2_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aclist2 Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_ACLIST2_NAME);
+ }
- // Create ACLIST Map (aces)
- cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACLIST Map.");
+ // v1 puts "aces" inside an "aclist" object, so create size 1 map
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encoder_create_map(&aclMap, &aclListMap, ACL_ACLIST_MAP_SIZE);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating aclist Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1 %s map.", __func__, OIC_JSON_ACLIST_NAME);
- cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
- strlen(OIC_JSON_ACES_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
+ // v1 precedes ACE object array with "ace" tag
+ cborEncoderResult = cbor_encode_text_string(&aclListMap, OIC_JSON_ACES_NAME,
+ strlen(OIC_JSON_ACES_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ACES Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1 %s tag.", __func__, OIC_JSON_ACES_NAME);
+ }
- // Create ACES Array
- cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
+ // v1 Create ACE Array in aclist map
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACE Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1 ACE array.", __func__);
+ }
+ else
+ // v2 create ACE2 array in acl map
+ {
+ cborEncoderResult = cbor_encoder_create_array(&aclMap, &acesArray, OicSecAclSize(secAcl));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACE2 Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v2 ACE2 array.", __func__);
+ }
+ // encode the ACE objects
ace = NULL;
LL_FOREACH (acl->aces, ace)
{
CborEncoder oicSecAclMap;
- // ACL Map size - Number of mandatory items
- uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
- size_t inLen = 0;
+
+ uint8_t aceMapSize = 0;
+ // ACE object Map size
+ if(OIC_SEC_ACL_V1 == aclVersion)
+ {
+ aceMapSize = ACL_ACE_MAP_SIZE;
+ }
+ else
+ {
+ aceMapSize = ACL_ACE2_MAP_SIZE; // v2 has "aceid" so 1 more item
+ }
// Version 1 doesn't support role subjects. If we have any, we can't comply with the request.
if ((OIC_SEC_ACL_V2 > aclVersion) && (OicSecAceRoleSubject == ace->subjectType))
{
if(validityElts->period)
{
- aclMapSize++;
+ aceMapSize++;
}
if(validityElts->recurrences)
{
- aclMapSize++;
+ aceMapSize++;
}
}
#ifdef MULTIPLE_OWNER
if(ace->eownerID)
{
- aclMapSize++;
+ aceMapSize++;
}
#endif //MULTIPLE_OWNER
- cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
+ cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aceMapSize);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Map");
+ OIC_LOG_V(DEBUG, TAG, "%s created %s map.",
+ __func__, OIC_SEC_ACL_V1 == aclVersion?"v1 ACE":"v2 ACE2");
+
+ // v2 has an "aceid" property
+ if (OIC_SEC_ACL_V2 == aclVersion) // v2
+ {
+ cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_ACEID_NAME,
+ strlen(OIC_JSON_ACEID_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aceid Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_ACEID_NAME);
+ cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->aceid);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding aceid Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 aceid value %d.", __func__, ace->aceid);
+ }
+
+ // v1 has a "subjectuuid" tag, followed by a UUID string
+ if (OIC_SEC_ACL_V1 == aclVersion) //v1
+ {
+ cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
+ strlen(OIC_JSON_SUBJECTID_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding subjectuuid Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1 %s tag.", __func__, OIC_JSON_SUBJECTID_NAME);
+ }
+ // v2 has a "subject" tag, and then one of three different subject types: UUID, roletype or conntype
+ else
+ {
+ cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECT_NAME,
+ strlen(OIC_JSON_SUBJECT_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding subject Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_SUBJECT_NAME);
+ }
- // Subject -- Mandatory
- cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
- strlen(OIC_JSON_SUBJECTID_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
+ // UUID type v1 or v2
if (OicSecAceUuidSubject == ace->subjectType)
{
- inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
- WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
- if (inLen == WILDCARD_SUBJECT_ID_LEN)
+ size_t len = (0 == memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(ace->subjectuuid))) ?
+ WILDCARD_SUBJECT_ID_LEN : sizeof(ace->subjectuuid);
+ if (WILDCARD_SUBJECT_ID_LEN == len)
{
- cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
- strlen(WILDCARD_RESOURCE_URI));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id wildcard Value.");
+ if (OIC_SEC_ACL_V1 == aclVersion) // v1
+ {
+ cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, WILDCARD_RESOURCE_URI,
+ strlen(WILDCARD_RESOURCE_URI));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding subjectuud wildcard URI value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded subjectuuid wildcard value %s.", __func__, WILDCARD_RESOURCE_URI);
+ }
+ else // v2
+ {
+ cborEncoderResult = CborUnknownError;
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "ACE has wildcard subjectuuid; cannot encode into oic.sec.ace2 object.");
+ }
}
else
{
- char *subject = NULL;
- ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
+ if (NULL != subjectuuidstring)
+ {
+ OICFree(subjectuuidstring);
+ subjectuuidstring = NULL;
+ }
+ ret = ConvertUuidToStr(&ace->subjectuuid, &subjectuuidstring);
cborEncoderResult = (OC_STACK_OK == ret) ? CborNoError : CborUnknownError;
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed to convert subject UUID to string");
- cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
- OICFree(subject);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding Subject UUID Value");
+ OIC_LOG_V(DEBUG, TAG, "%s converted UUID to %s", __func__, subjectuuidstring);
+
+ // v1 encodes the UUID immediately after the "subjectuuid" tag encoded above
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subjectuuidstring, strlen(subjectuuidstring));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding subjectuuid Value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1 UUID value %s.", __func__, subjectuuidstring);
+ }
+ // v2 encodes another tag and then the value, depending on the type (UUID, role or conn)
+ else
+ {
+ // v2 UUID type uses "uuid" tag and then UUID string value
+ CborEncoder didMap;
+
+ cborEncoderResult = cbor_encoder_create_map(&oicSecAclMap, &didMap, ACE_DID_MAP_SIZE);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating did map");
+ OIC_LOG_V(DEBUG, TAG, "%s created v2 did map.", __func__);
+
+ cborEncoderResult = cbor_encode_text_string(&didMap, OIC_JSON_UUID_NAME, strlen(OIC_JSON_UUID_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding uuid tag");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_UUID_NAME);
+
+ cborEncoderResult = cbor_encode_text_string(&didMap, subjectuuidstring, strlen(subjectuuidstring));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding Subject UUID Value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 UUID value %s.", __func__, subjectuuidstring);
+ if (NULL != subjectuuidstring)
+ {
+ OICFree(subjectuuidstring);
+ subjectuuidstring = NULL;
+ }
+
+ cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &didMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed closing did map");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v2 did map.", __func__);
+ }
}
}
+ // v2 roletype
else if (OicSecAceRoleSubject == ace->subjectType)
{
assert(OIC_SEC_ACL_V2 <= aclVersion);
cborEncoderResult = cbor_encoder_create_map(&oicSecAclMap, &roleMap, ACE_ROLE_MAP_SIZE + includeAuthority?1:0);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating role map");
+ OIC_LOG_V(DEBUG, TAG, "%s created v2 role map.", __func__);
cborEncoderResult = cbor_encode_text_string(&roleMap, OIC_JSON_ROLE_NAME, strlen(OIC_JSON_ROLE_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding roleid tag");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_ROLE_NAME);
cborEncoderResult = cbor_encode_text_string(&roleMap, ace->subjectRole.id, strlen(ace->subjectRole.id));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding roleid value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 roleid value %s.", __func__, ace->subjectRole.id);
if (includeAuthority)
{
cborEncoderResult = cbor_encode_text_string(&roleMap, OIC_JSON_AUTHORITY_NAME, strlen(OIC_JSON_AUTHORITY_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding authority tag");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_AUTHORITY_NAME);
cborEncoderResult = cbor_encode_text_string(&roleMap, ace->subjectRole.authority, strlen(ace->subjectRole.authority));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding authority value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 authority value %s.", __func__, ace->subjectRole.authority);
}
cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &roleMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed closing role map");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v2 role map.", __func__);
+ }
+ // v2 conntype
+ else if (OicSecAceConntypeSubject == ace->subjectType)
+ {
+ assert(OIC_SEC_ACL_V2 <= aclVersion);
+ CborEncoder connMap;
+
+ cborEncoderResult = cbor_encoder_create_map(&oicSecAclMap, &connMap, ACE_CONN_MAP_SIZE);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating conn map");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 conn map.", __func__);
+
+ cborEncoderResult = cbor_encode_text_string(&connMap, OIC_JSON_CONNTYPE_NAME, strlen(OIC_JSON_CONNTYPE_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding conntype tag");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_CONNTYPE_NAME);
+
+ if (AUTH_CRYPT == ace->subjectConn)
+ {
+ cborEncoderResult = cbor_encode_text_string(&connMap, OIC_JSON_AUTHCRYPT_NAME, strlen(OIC_JSON_AUTHCRYPT_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding auth-crypt value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 conntype value %s.", __func__, OIC_JSON_AUTHCRYPT_NAME);
+ }
+ else if (ANON_CLEAR == ace->subjectConn)
+ {
+ cborEncoderResult = cbor_encode_text_string(&connMap, OIC_JSON_ANONCLEAR_NAME, strlen(OIC_JSON_AUTHCRYPT_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed adding anon-clear value");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 conntype value %s.", __func__, OIC_JSON_ANONCLEAR_NAME);
+ }
+ else
+ {
+ OIC_LOG_V(ERROR, TAG, "%s unknown conntype value %d.", __func__, ace->subjectConn);
+ assert(!"unknown conntype value");
+ cborEncoderResult = CborUnknownError;
+ ret = OC_STACK_ERROR;
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "unknown conntype value");
+ }
+
+ cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &connMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed closing conn map");
+ ret = OC_STACK_ERROR;
+ OIC_LOG_V(DEBUG, TAG, "%s closed v2 conn map.", __func__);
}
else
{
assert(!"Unknown ACE subject type");
cborEncoderResult = CborUnknownError;
+ ret = OC_STACK_ERROR;
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Unknown ACE subject type");
}
cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RESOURCES_NAME,
strlen(OIC_JSON_RESOURCES_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_RESOURCES_NAME);
size_t rsrcLen = 0;
OicSecRsrc_t* rsrcElts = NULL;
}
cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating resources Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1/v2 resources array.", __func__);
OicSecRsrc_t* rsrc = NULL;
LL_FOREACH(ace->resources, rsrc)
}
cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, rsrcMapSize);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1/v2 resource map.", __func__);
- //href -- Mandatory
- VERIFY_NOT_NULL(TAG, rsrc->href, ERROR);
- cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
+ // href
+ if (NULL != rsrc->href)
+ {
+ cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
strlen(OIC_JSON_HREF_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
- cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
-
- //resource type -- Mandatory
- cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
- strlen(OIC_JSON_RT_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding HREF Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_HREF_NAME);
+ cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding HREF Value in Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 href value %s.", __func__, rsrc->href);
+ }
- CborEncoder resourceTypes;
- cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
- for(size_t i = 0; i < rsrc->typeLen; i++)
+ // resource type
+ if (rsrc->typeLen > 0)
{
- cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
+ cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
+ strlen(OIC_JSON_RT_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_RT_NAME);
+
+ CborEncoder resourceTypes;
+ cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating RT Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1/v2 rt array.", __func__);
+ for(size_t i = 0; i < rsrc->typeLen; i++)
+ {
+ cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 rt value %s.", __func__, rsrc->types[i]);
+ }
+ cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1/v2 resource map.", __func__);
}
- cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
-
- //interface -- Mandatory
- cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
- strlen(OIC_JSON_IF_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
- CborEncoder interfaces;
- cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
- for(size_t i = 0; i < rsrc->interfaceLen; i++)
+ // interface
+ if (rsrc->interfaceLen > 0)
{
- cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
+ cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
+ strlen(OIC_JSON_IF_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_IF_NAME);
+
+ CborEncoder interfaces;
+ cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating IF Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created v1/v2 IF array.", __func__);
+ for(size_t i = 0; i < rsrc->interfaceLen; i++)
+ {
+ cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 IF value %s.", __func__, rsrc->interfaces[i]);
+ }
+ cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
}
- cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
- //rel
+ // rel
if(rsrc->rel)
{
cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
strlen(OIC_JSON_REL_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding REL Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_REL_NAME);
cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding REL Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 rel value %s.", __func__, rsrc->rel);
+ }
+
+ // v2 supports wildcard
+ if (OIC_SEC_ACL_V2 == aclVersion)
+ {
+ if (NO_WILDCARD != rsrc->wildcard)
+ {
+ cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_WC_NAME,
+ strlen(OIC_JSON_WC_NAME));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding WC Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 %s tag.", __func__, OIC_JSON_WC_NAME);
+ switch(rsrc->wildcard)
+ {
+ case ALL_DISCOVERABLE:
+ wcstring = OIC_JSON_WC_PLUS_NAME;
+ break;
+ case ALL_NON_DISCOVERABLE:
+ wcstring = OIC_JSON_WC_PLUS_NAME;
+ break;
+ case ALL_RESOURCES:
+ wcstring = OIC_JSON_WC_PLUS_NAME;
+ break;
+ default:
+ OIC_LOG_V(ERROR, TAG, "%s: unknown ACE2 wildcard type.", __func__);
+ VERIFY_CBOR_SUCCESS(TAG, CborUnknownError, "unknown ACE2 wildcard type");
+ break;
+ }
+ cborEncoderResult = cbor_encode_text_string(&rMap, wcstring, strlen(wcstring));
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding WC Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v2 wc value %s.", __func__, wcstring);
+ wcstring = NULL;
+ }
}
cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1/v2 resource map.", __func__);
}
cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1/v2 resources array.", __func__);
}
// Permissions -- Mandatory
cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
strlen(OIC_JSON_PERMISSION_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_PERMISSION_NAME);
cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 permission value %d.", __func__, ace->permission);
// TODO: Need to verfication for validity
// Validity(Time-interval) -- Not Mandatory
VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, eowner, strlen(eowner));
OICFree(eowner);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding eownerId Value.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding eownerId Value.");
}
#endif //MULTIPLE_OWNER
+ // close the map of the oic.sec.ace/ace2 object
cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1/v2 aces map.", __func__);
}
- // Close ACES Array
- cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Array.");
+ // close the v1 array of ace objects
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encoder_close_container(&aclListMap, &acesArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACE Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1 ACE array.", __func__);
+ }
+ else
+ {
+ cborEncoderResult = cbor_encoder_close_container(&aclMap, &acesArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACE2 Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v2 ACE2 array.", __func__);
+ }
- // Close ACLIST Map
- cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACLIST Map.");
+ // v1 has the aclist map to close (v2 just has the array, no extra map)
+ if (OIC_SEC_ACL_V1 == aclVersion)
+ {
+ cborEncoderResult = cbor_encoder_close_container(&aclMap, &aclListMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing aclist/aclist2 Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed v1/v2 aclist/aclist2 map.", __func__);
+ }
// Rownerid
{
cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_ROWNERID_NAME,
strlen(OIC_JSON_ROWNERID_NAME));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Name.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_ROWNERID_NAME);
ret = ConvertUuidToStr(&secAcl->rownerID, &rowner);
VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
cborEncoderResult = cbor_encode_text_string(&aclMap, rowner, strlen(rowner));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding rownerid Value.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding rownerid Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 rowneruuid value %s.", __func__, rowner);
OICFree(rowner);
}
CborEncoder rtArray;
cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_RT_NAME,
strlen(OIC_JSON_RT_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_RT_NAME);
cborEncoderResult = cbor_encoder_create_array(&aclMap, &rtArray, 1);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating RT array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created %s array.", __func__, OIC_JSON_RT_NAME);
+ aclRsrcType = (OIC_SEC_ACL_V1 == aclVersion)?OIC_RSRC_TYPE_SEC_ACL:OIC_RSRC_TYPE_SEC_ACL2;
for (size_t i = 0; i < 1; i++)
{
- cborEncoderResult = cbor_encode_text_string(&rtArray, OIC_RSRC_TYPE_SEC_ACL,
- strlen(OIC_RSRC_TYPE_SEC_ACL));
+ cborEncoderResult = cbor_encode_text_string(&rtArray, aclRsrcType,
+ strlen(aclRsrcType));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, aclRsrcType);
}
+ aclRsrcType = NULL;
cborEncoderResult = cbor_encoder_close_container(&aclMap, &rtArray);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing RT.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed %s array.", __func__, OIC_JSON_RT_NAME);
//IF-- Mandatory
CborEncoder ifArray;
cborEncoderResult = cbor_encode_text_string(&aclMap, OIC_JSON_IF_NAME,
strlen(OIC_JSON_IF_NAME));
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 %s tag.", __func__, OIC_JSON_IF_NAME);
cborEncoderResult = cbor_encoder_create_array(&aclMap, &ifArray, 1);
- VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
+ VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed creating IF array.");
+ OIC_LOG_V(DEBUG, TAG, "%s created %s array.", __func__, OIC_JSON_IF_NAME);
for (size_t i = 0; i < 1; i++)
{
cborEncoderResult = cbor_encode_text_string(&ifArray, OC_RSRVD_INTERFACE_DEFAULT,
strlen(OC_RSRVD_INTERFACE_DEFAULT));
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s encoded v1/v2 IF value %s.", __func__, OC_RSRVD_INTERFACE_DEFAULT);
}
cborEncoderResult = cbor_encoder_close_container(&aclMap, &ifArray);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing IF.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed IF array.", __func__);
// Close ACL Map
cborEncoderResult = cbor_encoder_close_container(&encoder, &aclMap);
VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACL Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s closed ACL map.", __func__);
if (CborNoError == cborEncoderResult)
{
- OIC_LOG(DEBUG, TAG, "AclToCBORPayload Successed");
+ OIC_LOG(DEBUG, TAG, "AclToCBORPayload Succeeded");
*size = cbor_encoder_get_buffer_size(&encoder, outPayload);
*payload = outPayload;
ret = OC_STACK_OK;
ret = OC_STACK_ERROR;
}
+ if(NULL != subjectuuidstring)
+ {
+ OICFree(subjectuuidstring);
+ subjectuuidstring = NULL;
+ }
+
return ret;
}
// This function converts CBOR format to ACL data.
// Caller needs to invoke 'OICFree' on returned value when done using
+// TODO IOT-2220 this function is a prime example of why the SVR CBOR functions need
+// to be re-factored throughout. It's even worse with the addition of /acl2.
// note: This function is used in unit test hence not declared static,
OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
{
CborParser parser = { .end = NULL };
CborError cborFindResult = CborNoError;
char *tagName = NULL;
- char *roleTagName = NULL;
+ char *subjectTag = NULL;
+ char *rMapName = NULL;
+ OicSecAclVersion_t aclistVersion = OIC_SEC_ACL_LATEST;
+ bool aclistTagJustFound = false;
+ bool aceArrayIsNextItem = false;
+ char *acName = NULL;
+ size_t readLen = 0;
cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
// Enter ACL Map
cborFindResult = cbor_value_enter_container(&aclCbor, &aclMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
-
while (cbor_value_is_valid(&aclMap))
{
size_t len = 0;
}
if(tagName)
{
- if (strcmp(tagName, OIC_JSON_ACLIST_NAME) == 0)
+ OIC_LOG_V(DEBUG, TAG, "%s found %s tag.", __func__, tagName);
+ if (0 == strcmp(tagName, OIC_JSON_ACLIST_NAME))
+ {
+ OIC_LOG_V(DEBUG, TAG, "%s decoding v1 ACL.", __func__);
+ aclistVersion = OIC_SEC_ACL_V1;
+ aclistTagJustFound = true;
+ }
+ else if (0 == strcmp(tagName, OIC_JSON_ACLIST2_NAME))
{
+ OIC_LOG_V(DEBUG, TAG, "%s decoding v2 ACL.", __func__);
+ aclistVersion = OIC_SEC_ACL_V2;
+ aclistTagJustFound = true;
+ }
+
+ CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ if (aclistTagJustFound && OIC_SEC_ACL_V1 == aclistVersion)
+ {
+ aclistTagJustFound = false; // don't enter this check a second time
// Enter ACLIST Map
- CborValue aclistMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
cborFindResult = cbor_value_enter_container(&aclMap, &aclistMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACLIST Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s entered 'aclist' map.", __func__);
+
+ bool parsedAcesTag = false;
- while (cbor_value_is_valid(&aclistMap))
+ // aclist always contains just "aces" tag and then the array so parse the tag
+ CborType acType = cbor_value_get_type(&aclistMap);
+ if (acType == CborTextStringType)
{
- char* acName = NULL;
- size_t readLen = 0;
- CborType acType = cbor_value_get_type(&aclistMap);
- if (acType == CborTextStringType)
+ cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
+ cborFindResult = cbor_value_advance(&aclistMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
+ if (acName)
{
- cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
- cborFindResult = cbor_value_advance(&aclistMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
+ if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
+ {
+ OIC_LOG_V(DEBUG, TAG, "%s found %s tag.", __func__, acName);
+ parsedAcesTag = true;
+ }
}
+ }
+ if (parsedAcesTag)
+ {
+ aceArrayIsNextItem = true;
+ }
+ else
+ {
+ OIC_LOG_V(WARNING, TAG, "%s expected aces tag, not found!", __func__);
+ }
- if(acName)
+ }
+ else if (aclistTagJustFound && OIC_SEC_ACL_V2 == aclistVersion)
+ {
+ aclistTagJustFound = false; // don't enter this check a second time
+ aceArrayIsNextItem = true;
+ aclistMap = aclMap;
+ }
+
+ // just found either "aclist2" or "aces" tag; time to parse array
+ if (aceArrayIsNextItem)
+ {
+ aceArrayIsNextItem = false; // don't enter this block again
+ bool aclistMapDone = false;
+ while (cbor_value_is_valid(&aclistMap) && !aclistMapDone)
+ {
+ // Enter ACES Array
+ CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s entered ace object array.", __func__);
+
+ // decode array of ace or ace2 objects
+ int acesCount = 0;
+ OIC_LOG_V(DEBUG, TAG, "%s begin decoding ace/ace2 array.", __func__);
+ while (cbor_value_is_valid(&acesArray))
{
- if (strcmp(acName, OIC_JSON_ACES_NAME) == 0)
+ acesCount++;
+ CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+ cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s entered %s map.", __func__,
+ (OIC_SEC_ACL_V1 == aclistVersion)?"ace":"ace2");
+
+ OicSecAce_t *ace = NULL;
+ ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
+ VERIFY_NOT_NULL(TAG, ace, ERROR);
+ LL_APPEND(acl->aces, ace);
+
+ // parse this ACE/ACE2 object
+ while (cbor_value_is_valid(&aceMap))
{
- // Enter ACES Array
- CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
- cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
-
- int acesCount = 0;
- while (cbor_value_is_valid(&acesArray))
+ char* name = NULL;
+ size_t tempLen = 0;
+ CborType aceMapType = cbor_value_get_type(&aceMap);
+ if (aceMapType == CborTextStringType)
{
- acesCount++;
- CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
- cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
-
- OicSecAce_t *ace = NULL;
- ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
- VERIFY_NOT_NULL(TAG, ace, ERROR);
- LL_APPEND(acl->aces, ace);
-
- while (cbor_value_is_valid(&aceMap))
+ cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s found %s tag.", __func__, name);
+ cborFindResult = cbor_value_advance(&aceMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced to next value.", __func__);
+ }
+ if (name)
+ {
+ // aceid
+ if (0 == strcmp(name, OIC_JSON_ACEID_NAME))
{
- char* name = NULL;
- size_t tempLen = 0;
- CborType aceMapType = cbor_value_get_type(&aceMap);
- if (aceMapType == CborTextStringType)
+ uint64_t tmp64;
+ cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding aceid Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s read aceid value %d.", __func__, (uint16_t)tmp64);
+ ace->aceid = (uint16_t)tmp64;
+ }
+ // subjectuuid
+ if (0 == strcmp(name, OIC_JSON_SUBJECTID_NAME)) // ace v1
+ {
+ if (cbor_value_is_text_string(&aceMap))
{
- cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &tempLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
- cborFindResult = cbor_value_advance(&aceMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
+ char *subject = NULL;
+ cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
+ if (0 == strcmp(subject, WILDCARD_RESOURCE_URI))
+ {
+ ace->subjectuuid.id[0] = '*';
+ ace->subjectType = OicSecAceUuidSubject;
+ OIC_LOG_V(DEBUG, TAG, "%s found subjectuuid wildcard = '*'.", __func__);
+ }
+ else
+ {
+ ret = ConvertStrToUuid(subject, &ace->subjectuuid);
+ if (OC_STACK_OK != ret)
+ {
+ cborFindResult = CborUnknownError;
+ free(subject);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed converting subject UUID");
+ }
+ OIC_LOG_V(DEBUG, TAG, "%s found subjectuuid = %s.", __func__, subject);
+ ace->subjectType = OicSecAceUuidSubject;
+ }
+ free(subject);
}
- if (name)
+ }
+ // subject
+ if (0 == strcmp(name, OIC_JSON_SUBJECT_NAME)) // ace2
+ {
+ CborValue subjectMap;
+ memset(&subjectMap, 0, sizeof(subjectMap));
+ size_t unusedLen = 0;
+
+ if (cbor_value_is_container(&aceMap))
{
- // Subject -- Mandatory
- if (strcmp(name, OIC_JSON_SUBJECTID_NAME) == 0)
+ // next container within subject is either didtype, roletype, or conntype
+ cborFindResult = cbor_value_enter_container(&aceMap, &subjectMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed entering subject map.");
+ OIC_LOG_V(DEBUG, TAG, "%s entered acl2 subject map.", __func__);
+
+ while (cbor_value_is_valid(&subjectMap) && cbor_value_is_text_string(&subjectMap))
{
- if (cbor_value_is_text_string(&aceMap))
+ cborFindResult = cbor_value_dup_text_string(&subjectMap, &subjectTag, &unusedLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting subject type tag name");
+ OIC_LOG_V(DEBUG, TAG, "%s found %s tag.", __func__, subjectTag);
+ cborFindResult = cbor_value_advance(&subjectMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed advancing subjectMap");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced acl2 subject map.", __func__);
+ if (NULL != subjectTag)
{
- /* UUID-type subject */
- char *subject = NULL;
- cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &tempLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
- if (strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
+ // didtype
+ if (0 == strcmp(subjectTag, OIC_JSON_UUID_NAME))
{
- ace->subjectuuid.id[0] = '*';
- ace->subjectType = OicSecAceUuidSubject;
+ char *subject = NULL;
+ if (cbor_value_is_valid(&subjectMap) && cbor_value_is_text_string(&subjectMap))
+ {
+ cborFindResult = cbor_value_dup_text_string(&subjectMap, &subject, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s read UUID = %s", __func__, subject);
+ ret = ConvertStrToUuid(subject, &ace->subjectuuid);
+ if (OC_STACK_OK != ret)
+ {
+ cborFindResult = CborUnknownError;
+ free(subject);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed converting subject UUID");
+ }
+ ace->subjectType = OicSecAceUuidSubject;
+ free(subject);
+ }
+ else
+ {
+ OIC_LOG_V(WARNING, TAG, "%s uuid tag not followed by valid text string value.", __func__);
+ }
}
- else
+ // role
+ else if (0 == strcmp(subjectTag, OIC_JSON_ROLE_NAME))
{
- ret = ConvertStrToUuid(subject, &ace->subjectuuid);
- if (OC_STACK_OK != ret)
+ ace->subjectType = OicSecAceRoleSubject;
+ char *roleId = NULL;
+ cborFindResult = cbor_value_dup_text_string(&subjectMap, &roleId, &unusedLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting role id value");
+ if (strlen(roleId) >= sizeof(ace->subjectRole.id))
{
cborFindResult = CborUnknownError;
- free(subject);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed converting subject UUID");
+ free(roleId);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Role ID is too long");
}
- ace->subjectType = OicSecAceUuidSubject;
+ OICStrcpy(ace->subjectRole.id, sizeof(ace->subjectRole.id), roleId);
+ free(roleId);
}
- free(subject);
- }
- else if (cbor_value_is_container(&aceMap))
- {
- /* Role subject */
- size_t unusedLen = 0;
- CborValue roleMap;
- memset(&roleMap, 0, sizeof(roleMap));
-
- cborFindResult = cbor_value_enter_container(&aceMap, &roleMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed entering role map");
-
- while (cbor_value_is_valid(&roleMap) && cbor_value_is_text_string(&roleMap))
+ // authority
+ else if (0 == strcmp(subjectTag, OIC_JSON_AUTHORITY_NAME))
{
- cborFindResult = cbor_value_dup_text_string(&roleMap, &roleTagName, &unusedLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting role map tag name");
- cborFindResult = cbor_value_advance(&roleMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed advancing role map");
-
- if (NULL != roleTagName)
+ ace->subjectType = OicSecAceRoleSubject;
+ char *authorityName = NULL;
+ cborFindResult = cbor_value_dup_text_string(&subjectMap, &authorityName, &unusedLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting role authority value");
+ if (strlen(authorityName) >= sizeof(ace->subjectRole.authority))
{
- if (strcmp(roleTagName, OIC_JSON_ROLE_NAME) == 0)
- {
- char *roleId = NULL;
- cborFindResult = cbor_value_dup_text_string(&roleMap, &roleId, &unusedLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting role id value");
- if (strlen(roleId) >= sizeof(ace->subjectRole.id))
- {
- cborFindResult = CborUnknownError;
- free(roleId);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Role ID is too long");
- }
- OICStrcpy(ace->subjectRole.id, sizeof(ace->subjectRole.id), roleId);
- free(roleId);
- }
- else if (strcmp(roleTagName, OIC_JSON_AUTHORITY_NAME) == 0)
- {
- char *authorityName = NULL;
- cborFindResult = cbor_value_dup_text_string(&roleMap, &authorityName, &unusedLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting role authority value");
- if (strlen(authorityName) >= sizeof(ace->subjectRole.authority))
- {
- cborFindResult = CborUnknownError;
- free(authorityName);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Authority name is too long");
- }
- OICStrcpy(ace->subjectRole.authority, sizeof(ace->subjectRole.authority), authorityName);
- free(authorityName);
- }
- else
- {
- OIC_LOG_V(WARNING, TAG, "Unknown tag name in role map: %s", roleTagName);
- }
-
- free(roleTagName);
- roleTagName = NULL;
+ cborFindResult = CborUnknownError;
+ free(authorityName);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Authority name is too long");
}
-
- if (cbor_value_is_valid(&roleMap))
+ OICStrcpy(ace->subjectRole.authority, sizeof(ace->subjectRole.authority), authorityName);
+ ace->subjectType = OicSecAceRoleSubject;
+ free(authorityName);
+ }
+ // conntype
+ else if (0 == strcmp(subjectTag, OIC_JSON_CONNTYPE_NAME))
+ {
+ char *conntype = NULL;
+ cborFindResult = cbor_value_dup_text_string(&subjectMap, &conntype, &unusedLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed getting conntype value");
+ OIC_LOG_V(DEBUG, TAG, "%s read conntype value %s.", __func__, conntype);
+ if (0 == strcmp(conntype, OIC_JSON_AUTHCRYPT_NAME))
+ {
+ ace->subjectConn = AUTH_CRYPT;
+ }
+ else if (0 == strcmp(conntype, OIC_JSON_ANONCLEAR_NAME))
+ {
+ ace->subjectConn = ANON_CLEAR;
+ }
+ else
{
- cborFindResult = cbor_value_advance(&roleMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed advancing role map");
+ cborFindResult = CborUnknownError;
+ free(conntype);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "conntype value not recognized.");
}
+ ace->subjectType = OicSecAceConntypeSubject;
+ free(conntype);
+ }
+ else
+ {
+ OIC_LOG_V(WARNING, TAG, "Unknown tag in subject map: %s", subjectTag);
}
+ }
- /* Make sure at least the id is present. */
+ // If roletype, make sure at least the id is present.
+ if(OicSecAceRoleSubject == ace->subjectType)
+ {
if ('\0' == ace->subjectRole.id[0])
{
cborFindResult = CborUnknownError;
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "ID for role was not present in role map");
}
-
- ace->subjectType = OicSecAceRoleSubject;
}
- else
+
+ // advance to next elt in subject map
+ if (cbor_value_is_valid(&subjectMap))
{
- cborFindResult = CborUnknownError;
- OIC_LOG_V(ERROR, TAG, "Unknown subject value type: %d", cbor_value_get_type(&aceMap));
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Type of subject value was not expected");
+ cborFindResult = cbor_value_advance(&subjectMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed advancing subject map");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced ace2 subject map.", __func__);
}
}
+ }
+ else
+ {
+ cborFindResult = CborUnknownError;
+ OIC_LOG_V(ERROR, TAG, "Unknown subject value type: %d", cbor_value_get_type(&aceMap));
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Type of subject value was not expected");
+ }
+ }
- // Resources -- Mandatory
- if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
- {
- CborValue resources = { .parser = NULL };
- cborFindResult = cbor_value_enter_container(&aceMap, &resources);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
+ // Resources -- Mandatory
+ if (0 == strcmp(name, OIC_JSON_RESOURCES_NAME))
+ {
+ CborValue resources = { .parser = NULL };
+ cborFindResult = cbor_value_enter_container(&aceMap, &resources);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s entered resources array.", __func__);
+ int resourceCount = 0;
- while (cbor_value_is_valid(&resources))
+ while (cbor_value_is_valid(&resources))
+ {
+ // rMap is the map of the current Resource being decoded
+ CborValue rMap = { .parser = NULL };
+ cborFindResult = cbor_value_enter_container(&resources, &rMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
+ resourceCount++;
+ OIC_LOG_V(DEBUG, TAG, "%s entered resource map for resource #%d.", __func__, resourceCount);
+
+ OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+ VERIFY_NOT_NULL(TAG, rsrc, ERROR);
+ LL_APPEND(ace->resources, rsrc);
+
+ while(cbor_value_is_valid(&rMap))
+ {
+ if (NULL != rMapName)
{
- // rMap
- CborValue rMap = { .parser = NULL };
- cborFindResult = cbor_value_enter_container(&resources, &rMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
-
- OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
- VERIFY_NOT_NULL(TAG, rsrc, ERROR);
- LL_APPEND(ace->resources, rsrc);
-
- while(cbor_value_is_valid(&rMap))
- {
- char *rMapName = NULL;
- size_t rMapNameLen = 0;
- cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
- cborFindResult = cbor_value_advance(&rMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Value.");
-
- // "href"
- if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
- {
- cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &tempLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
- }
-
- // "rt"
- if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
- {
- cbor_value_get_array_length(&rMap, &rsrc->typeLen);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
- VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
-
- rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
- VERIFY_NOT_NULL(TAG, rsrc->types, ERROR);
+ free(rMapName);
+ rMapName = NULL;
+ }
+ size_t rMapNameLen = 0;
+ cborFindResult = cbor_value_dup_text_string(&rMap, &rMapName, &rMapNameLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RMap Data Name Tag.");
+ OIC_LOG_V(DEBUG, TAG, "%s found %s tag in resource #%d map.", __func__, rMapName, resourceCount);
+ cborFindResult = cbor_value_advance(&rMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed advancing RMap Data Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced resource map.", __func__);
- CborValue resourceTypes;
- cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
+ // "href"
+ if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
+ {
+ cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s found href = %s.", __func__, rsrc->href);
+ }
- for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
- {
- cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
- cborFindResult = cbor_value_advance(&resourceTypes);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
- }
- }
+ // "rt"
+ if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
+ {
+ cbor_value_get_array_length(&rMap, &rsrc->typeLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
+ VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
- // "if"
- if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
- {
- cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
- VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
+ rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
+ VERIFY_NOT_NULL(TAG, rsrc->types, ERROR);
- rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
- VERIFY_NOT_NULL(TAG, rsrc->interfaces, ERROR);
+ CborValue resourceTypes;
+ cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
- CborValue interfaces;
- cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
+ for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
+ {
+ cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
+ OIC_LOG_V(DEBUG, TAG, "%s found rt = %s.", __func__, rsrc->types[i]);
+ cborFindResult = cbor_value_advance(&resourceTypes);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
+ }
+ }
- for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
- {
- cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
- cborFindResult = cbor_value_advance(&interfaces);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
- }
- }
+ // "if"
+ if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
+ {
+ cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
+ VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
- // "rel"
- if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
- {
- cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &tempLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
- }
+ rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
+ VERIFY_NOT_NULL(TAG, rsrc->interfaces, ERROR);
- if (cbor_value_is_valid(&rMap))
- {
- cborFindResult = cbor_value_advance(&rMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Rlist Map.");
- }
- OICFree(rMapName);
- }
+ CborValue interfaces;
+ cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
- if (cbor_value_is_valid(&resources))
+ for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
{
- cborFindResult = cbor_value_advance(&resources);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
+ cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
+ OIC_LOG_V(DEBUG, TAG, "%s found if = %s.", __func__, rsrc->interfaces[i]);
+ cborFindResult = cbor_value_advance(&interfaces);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
}
}
+
+ // "rel"
+ if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
+ {
+ cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
+ OIC_LOG_V(DEBUG, TAG, "%s found rel = %s.", __func__, rsrc->rel);
+ }
+
+ if (cbor_value_is_valid(&rMap))
+ {
+ cborFindResult = cbor_value_advance(&rMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing rMap.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced rMap.", __func__);
+ }
}
- // Permissions -- Mandatory
- if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
+ OIC_LOG_V(DEBUG, TAG, "%s finished decoding resource #%d.", __func__, resourceCount);
+
+ if (cbor_value_is_valid(&resources))
{
- uint64_t tmp64;
- cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
- ace->permission = (uint16_t)tmp64;
+ cborFindResult = cbor_value_advance(&resources);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Resource Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced resources map.", __func__);
}
+ }
+ } // end resources decoding
- // TODO: Need to verfication for validity
- // Validity -- Not mandatory
- if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
- {
- CborValue validitiesMap = {.parser = NULL};
- size_t validitySize = 0;
+ // Permissions -- Mandatory
+ if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
+ {
+ uint64_t tmp64;
+ cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
+ ace->permission = (uint16_t)tmp64;
+ OIC_LOG_V(DEBUG, TAG, "%s found permission = %d.", __func__, ace->permission);
+ }
- cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
+ // TODO: Need to verfication for validity
+ // Validity -- Not mandatory
+ if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
+ {
+ CborValue validitiesMap = {.parser = NULL};
+ size_t validitySize = 0;
- cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
+ cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
- while(cbor_value_is_valid(&validitiesMap))
- {
- OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
- VERIFY_NOT_NULL(TAG, validity, ERROR);
- LL_APPEND(ace->validities, validity);
+ cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
- CborValue validityMap = {.parser = NULL};
+ while(cbor_value_is_valid(&validitiesMap))
+ {
+ OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
+ VERIFY_NOT_NULL(TAG, validity, ERROR);
+ LL_APPEND(ace->validities, validity);
+
+ CborValue validityMap = {.parser = NULL};
//period (string)
- cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
+ cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
- size_t vmLen = 0;
- cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &vmLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
+ size_t vmLen = 0;
+ cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &vmLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
//recurrence (string array)
- CborValue recurrenceMap = {.parser = NULL};
- cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
+ CborValue recurrenceMap = {.parser = NULL};
+ cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
- cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
+ cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
- validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
- VERIFY_NOT_NULL(TAG, validity->recurrences, ERROR);
+ validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
+ VERIFY_NOT_NULL(TAG, validity->recurrences, ERROR);
- for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
- {
- cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &vmLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
-
- cborFindResult = cbor_value_advance(&recurrenceMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
- }
+ for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
+ {
+ cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &vmLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
- cborFindResult = cbor_value_advance(&validitiesMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
- }
+ cborFindResult = cbor_value_advance(&recurrenceMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
}
-#ifdef MULTIPLE_OWNER
- // eowner uuid -- Not Mandatory
- if (strcmp(name, OIC_JSON_EOWNERID_NAME) == 0)
- {
- char *eowner = NULL;
- cborFindResult = cbor_value_dup_text_string(&aceMap, &eowner, &tempLen, NULL);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
- if(NULL == ace->eownerID)
- {
- ace->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
- VERIFY_NOT_NULL(TAG, ace->eownerID, ERROR);
- }
- ret = ConvertStrToUuid(eowner, ace->eownerID);
- OICFree(eowner);
- VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
- }
-#endif //MULTIPLE_OWNER
- OICFree(name);
+ cborFindResult = cbor_value_advance(&validitiesMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
}
-
- if (aceMapType != CborMapType && cbor_value_is_valid(&aceMap))
+ }
+#ifdef MULTIPLE_OWNER
+ // eowner uuid -- Not Mandatory
+ if (strcmp(name, OIC_JSON_EOWNERID_NAME) == 0)
+ {
+ char *eowner = NULL;
+ cborFindResult = cbor_value_dup_text_string(&aceMap, &eowner, &tempLen, NULL);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding eownerId Value.");
+ if(NULL == ace->eownerID)
{
- cborFindResult = cbor_value_advance(&aceMap);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
+ ace->eownerID = (OicUuid_t*)OICCalloc(1, sizeof(OicUuid_t));
+ VERIFY_NOT_NULL(TAG, ace->eownerID, ERROR);
}
+ ret = ConvertStrToUuid(eowner, ace->eownerID);
+ OICFree(eowner);
+ VERIFY_SUCCESS(TAG, OC_STACK_OK == ret , ERROR);
}
+#endif //MULTIPLE_OWNER
+ OIC_LOG_V(DEBUG, TAG, "%s finished decoding %s.", __func__, name);
+ OICFree(name);
+ }
- if (cbor_value_is_valid(&acesArray))
- {
- cborFindResult = cbor_value_advance(&acesArray);
- VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
- }
+ if (aceMapType != CborMapType && cbor_value_is_valid(&aceMap))
+ {
+ cborFindResult = cbor_value_advance(&aceMap);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced aceMap.", __func__);
}
+ } // end decoding ACE/ACE2 object
+
+ OIC_LOG_V(DEBUG, TAG, "%s finished decoding ace #%d.", __func__, acesCount);
+
+ // advance to next ACE/ACE2 object in acesArray
+ if (cbor_value_is_valid(&acesArray))
+ {
+ cborFindResult = cbor_value_advance(&acesArray);
+ VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
}
- OICFree(acName);
- }
+ } // end ace array while loop
+
+ OIC_LOG_V(DEBUG, TAG, "%s finished decoding ace/ace2 array.", __func__);
if (cbor_value_is_valid(&aclistMap))
{
cborFindResult = cbor_value_advance(&aclistMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACLIST Map.");
+ OIC_LOG_V(DEBUG, TAG, "%s advanced aclist map.", __func__);
+ }
+
+ if (OIC_SEC_ACL_V2 == aclistVersion)
+ {
+ aclistMapDone = true;
}
}
}
acl = NULL;
}
+ if(NULL != subjectTag)
+ {
+ free(subjectTag);
+ subjectTag = NULL;
+ }
+
+ if (NULL != rMapName)
+ {
+ free(rMapName);
+ rMapName = NULL;
+ }
+
free(tagName);
- free(roleTagName);
return acl;
}
OIC_LOG(INFO, TAG, "IN RemoveAllAce");
//Backup the current ACL
- ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &aclBackup, &backupSize);
+ ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &aclBackup, &backupSize);
if(OC_STACK_OK == ret)
{
// Remove all ACE from ACL
}
//Generate empty ACL payload
- ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &payload, &size);
+ ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &payload, &size);
if (OC_STACK_OK == ret )
{
//Update the PS.
ehRet = OC_EH_NOT_ACCEPTABLE;
goto exit;
}
+ else
+ {
+ ehRet = OC_EH_OK;
+ }
ehRet = OC_EH_OK;
size_t cborSize = 0;
uint8_t *cborPayload = NULL;
- if (OC_STACK_OK == AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &cborPayload, &cborSize))
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &cborPayload, &cborSize))
{
if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, cborSize) == OC_STACK_OK)
{
switch (ehRequest->method)
{
case OC_REST_GET:
- ehRet = HandleACLGetRequest(ehRequest, OIC_SEC_ACL_V1);
+ ehRet = HandleACLGetRequest(ehRequest, OIC_SEC_ACL_V2);
break;
case OC_REST_POST:
{
OCStackResult ret;
- ret = OCCreateResource(&gAclHandle,
- OIC_RSRC_TYPE_SEC_ACL,
- OC_RSRVD_INTERFACE_DEFAULT,
- OIC_RSRC_ACL_URI,
- ACLEntityHandler,
- NULL,
- OC_SECURE |
- OC_DISCOVERABLE);
-
- if (OC_STACK_OK != ret)
- {
- OIC_LOG(FATAL, TAG, "Unable to instantiate ACL resource");
- DeInitACLResource();
- }
-
ret = OCCreateResource(&gAcl2Handle,
OIC_RSRC_TYPE_SEC_ACL2,
OC_RSRVD_INTERFACE_DEFAULT,
return NULL;
}
+const OicSecAce_t* GetACLResourceDataByConntype(const OicSecConntype_t conntype, OicSecAce_t **savePtr)
+{
+ OicSecAce_t *ace = NULL;
+ OicSecAce_t *begin = NULL;
+
+ OIC_LOG_V(DEBUG, TAG, "IN: %s(%d)", __func__, conntype);
+
+ if ((NULL == savePtr) || (NULL == gAcl))
+ {
+ OIC_LOG(ERROR, TAG, "Invalid parameters to GetACLResourceDataByConntype");
+ return NULL;
+ }
+
+ // savePtr MUST point to NULL if this is the 'first' call to retrieve ACL.
+ if (NULL == *savePtr)
+ {
+ begin = gAcl->aces;
+ }
+ else
+ {
+ // If this is a 'successive' call, search for location pointed by
+ // savePtr and assign 'begin' to the next ACE after it in the linked
+ // list and start searching from there.
+ LL_FOREACH(gAcl->aces, ace)
+ {
+ if (ace == *savePtr)
+ {
+ begin = ace->next;
+ }
+ }
+ }
+
+ // Find the next ACE corresponding to the conntype, and return it.
+ LL_FOREACH(begin, ace)
+ {
+ if (OicSecAceConntypeSubject == ace->subjectType)
+ {
+ if (conntype == ace->subjectConn)
+ {
+ *savePtr = ace;
+ return ace;
+ }
+ }
+ }
+
+ // Cleanup in case no ACE is found
+ *savePtr = NULL;
+
+ OIC_LOG_V(DEBUG, TAG, "OUT: %s(%d)", __func__, conntype);
+
+ return NULL;
+}
+
OCStackResult AppendACLObject(const OicSecAcl_t* acl)
{
OCStackResult ret = OC_STACK_ERROR;
size_t size = 0;
uint8_t *payload = NULL;
- ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &payload, &size);
+ ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &payload, &size);
if (OC_STACK_OK == ret)
{
ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size);
size_t size = 0;
uint8_t *payload = NULL;
- if (OC_STACK_OK == AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &payload, &size))
+ if (OC_STACK_OK == AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &payload, &size))
{
if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
{
memcpy(prevId.id, gAcl->rownerID.id, sizeof(prevId.id));
memcpy(gAcl->rownerID.id, newROwner->id, sizeof(newROwner->id));
- ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_LATEST, &cborPayload, &size);
+ ret = AclToCBORPayload(gAcl, OIC_SEC_ACL_V2, &cborPayload, &size);
VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
ret = UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size);
projects / platform / upstream / iotivity.git / commitdiff