CRED payload conversion from JSON to CBOR

author Habib Virji <habib.virji@samsung.com>

Mon, 22 Feb 2016 16:04:11 +0000 (16:04 +0000)

committer Habib Virji <habib.virji@samsung.com>

Sun, 13 Mar 2016 12:47:09 +0000 (12:47 +0000)
author Habib Virji <habib.virji@samsung.com>
Mon, 22 Feb 2016 16:04:11 +0000 (16:04 +0000)
committer Habib Virji <habib.virji@samsung.com>
Sun, 13 Mar 2016 12:47:09 +0000 (12:47 +0000)
diff --git a/resource/csdk/connectivity/api/casecurityinterface.h b/resource/csdk/connectivity/api/casecurityinterface.h

index cff8681..3d12870 100644 (file)
--- a/resource/csdk/connectivity/api/casecurityinterface.h
+++ b/resource/csdk/connectivity/api/casecurityinterface.h
@@ -66,9 +66,9 @@ typedef enum
   * @return The number of bytes written to @p result or a value
   *         less than zero on error.
   */
-typedef int (*CAGetDTLSPskCredentialsHandler)( CADtlsPskCredType_t type,
-                     const unsigned char *desc, size_t desc_len,
-                     unsigned char *result, size_t result_length);
+typedef int (*CAGetDTLSPskCredentialsHandler)(CADtlsPskCredType_t type,
+                     const uint8_t *desc, size_t desc_len,
+                     uint8_t *result, size_t result_length);
  
  /**
   * Register callback to receive the result of DTLS handshake.
diff --git a/resource/csdk/security/include/internal/credresource.h b/resource/csdk/security/include/internal/credresource.h

index 74ea373..ae36c57 100644 (file)
--- a/resource/csdk/security/include/internal/credresource.h
+++ b/resource/csdk/security/include/internal/credresource.h
@@ -32,45 +32,42 @@ extern "C" {
  /**
   * Initialize credential resource by loading data from persistent storage.
   *
- * @retval
- *     OC_STACK_OK    - no errors
- *     OC_STACK_ERROR - stack process error
+ * @return ::OC_STACK_OK, if initialization is successful, else ::OC_STACK_ERROR if
+ * initialization fails.
   */
  OCStackResult InitCredResource();
  
  /**
   * Perform cleanup for credential resources.
   *
- * @retval
- *     OC_STACK_OK              - no errors
- *     OC_STACK_ERROR           - stack process error
- *     OC_STACK_NO_RESOURCE     - resource not found
- *     OC_STACK_INVALID_PARAM   - invalid param
+ * @return ::OC_STACK_OK, if no errors. ::OC_STACK_ERROR, if stack process error.
+ * ::OC_STACK_NO_RESOURCE, if resource not found.
+ * ::OC_STACK_INVALID_PARAM, if invalid param.
   */
  OCStackResult DeInitCredResource();
  
  /**
- * This method is used by tinydtls/SRM to retrieve credential for given Subject.
+ * This method is used by tinydtls/SRM to retrieve credential for given subject.
   *
- * @param subject - subject for which credential is required.
+ * @param subjectId for which credential is required.
   *
- * @retval
- *     reference to OicSecCred_t - if credential is found
- *     NULL                      - if credential not found
+ * @return reference to @ref OicSecCred_t, if credential is found, else NULL, if credential
+ * not found.
   */
  const OicSecCred_t* GetCredResourceData(const OicUuid_t* subjectId);
  
  /**
- * This function converts credential data into JSON format.
- * Caller needs to invoke 'free' when done using
- * returned string.
- * @param cred  pointer to instance of OicSecCred_t structure.
+ * This function converts credential data into CBOR format.
+ * Caller needs to invoke 'free' when done using returned string.
   *
- * @retval
- *      pointer to JSON credential representation - if credential for subjectId found
- *      NULL                                      - if credential for subjectId not found
+ * @param cred is the pointer to instance of OicSecCred_t structure.
+ * @param cborPayload is the CBOR converted value.
+ * @param cborSize is the size of the CBOR.
+ *
+ * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
   */
-char* BinToCredJSON(const OicSecCred_t* cred);
+OCStackResult CredToCBORPayload(const OicSecCred_t* cred, uint8_t **cborPayload,
+                                size_t *cborSize);
  
  /**
   * This function generates the bin credential data.
@@ -82,33 +79,31 @@ char* BinToCredJSON(const OicSecCred_t* cred);
   * @param ownersLen length of owners array
   * @param owners array of owners.
   *
- * @retval
- *      pointer to instance of OicSecCred_t  - success
- *      NULL                                 - error
+ * @return pointer to instance of @ref OicSecCred_t if successful. else NULL in case of error.
+
   */
  OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t credType,
-                     const char * publicData, const char * privateData, size_t ownersLen,
-                     const OicUuid_t * owners);
+                     const uint8_t * publicData, const uint8_t * privateData,
+                     size_t ownersLen, const OicUuid_t * owners);
  
  /**
   * This function adds the new cred to the credential list.
   *
- * @param cred pointer to new credential.
+ * @param cred is the pointer to new credential.
   *
- * @retval
- *      OC_STACK_OK     - cred not NULL and persistent storage gets updated
- *      OC_STACK_ERROR  - cred is NULL or fails to update persistent storage
+ * @return ::OC_STACK_OK, cred not NULL and persistent storage gets updated.
+ * ::OC_STACK_ERROR, cred is NULL or fails to update persistent storage.
   */
  OCStackResult AddCredential(OicSecCred_t * cred);
  
  /**
   * Function to remove the credential from SVR DB.
   *
- * @param credId Credential ID to be deleted.
+ * @param credId is the Credential ID to be deleted.
   *
- * @return OC_STACK_OK for success and errorcode otherwise.
+ * @return ::OC_STACK_OK for success, or errorcode otherwise.
   */
-OCStackResult RemoveCredential(const OicUuid_t* credId);
+OCStackResult RemoveCredential(const OicUuid_t *credId);
  
  /**
   * Remove all credential data on credential resource and persistent storage
@@ -124,11 +119,11 @@ OCStackResult RemoveAllCredentials(void);
   * This internal callback is used by lower stack (i.e. CA layer) to
   * retrieve PSK credentials from RI security layer.
   *
- * @param[in]  type type of PSK data required by CA layer during DTLS handshake.
- * @param[in]  desc Additional request information.
- * @param[in]  desc_len The actual length of desc.
- * @param[out] result  Must be filled with the requested information.
- * @param[in]  result_length  Maximum size of @p result.
+ * @param type of PSK data required by CA layer during DTLS handshake.
+ * @param desc Additional request information.
+ * @param desc_len is the actual length of desc.
+ * @param result  is must be filled with the requested information.
+ * @param result_length is the maximum size of @p result.
   *
   * @return The number of bytes written to @p result or a value
   *         less than zero on error.
@@ -138,21 +133,22 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
                unsigned char *result, size_t result_length);
  
  /**
- * Add temporal PSK to PIN based OxM
+ * Add temporal PSK to PIN based OxM.
   *
- * @param[in] tmpSubject UUID of target device
- * @param[in] credType Type of credential to be added
- * @param[in] pin numeric characters
- * @param[in] pinSize length of 'pin'
- * @param[in] ownersLen Number of owners
- * @param[in] owners Array of owners
- * @param[out] tmpCredSubject Generated credential's subject.
+ * @param tmpSubject is the UUID of target device
+ * @param credType is the type of credential to be added
+ * @param pin is the numeric characters
+ * @param pinSize is the length of 'pin'
+ * @param ownersLen is the number of owners
+ * @param owners is the array of owners
+ * @param tmpCredSubject is the generated credential's subject.
   *
- * @return OC_STACK_OK for success and errorcode otherwise.
+ * @return ::OC_STACK_OK for success or else errorcode.
   */
  OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t credType,
                              const char * pin, size_t pinSize,
-                            size_t ownersLen, const OicUuid_t * owners, OicUuid_t* tmpCredSubject);
+                            size_t ownersLen, const OicUuid_t * owners,
+                            OicUuid_t* tmpCredSubject);
  
  #endif /* __WITH_DTLS__ */
  
@@ -160,18 +156,17 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre
  /**
   * This function is used toretrieve certificate credentials from RI security layer.
   *
- * @param credInfo
- *     binary structure containing certificate credentials
+ * @param credInfo is the binary structure containing certificate credentials
   *
- * @retval 0  on scuccess
+ * @return 0 on success.
   */
  int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo);
  #endif /*__WITH_X509__*/
  
  /**
- * Function to deallocate allocated memory to OicSecCred_t
+ * Function to deallocate allocated memory to OicSecCred_t.
   *
- * @param cred pointer to cred type
+ * @param cred pointer to cred type.
   *
   */
  void DeleteCredList(OicSecCred_t* cred);
@@ -181,5 +176,3 @@ void DeleteCredList(OicSecCred_t* cred);
  #endif
  
  #endif //IOTVT_SRM_CREDR_H
-
-
diff --git a/resource/csdk/security/include/internal/security_internals.h b/resource/csdk/security/include/internal/security_internals.h

index 70ba7e6..3961af0 100644 (file)
--- a/resource/csdk/security/include/internal/security_internals.h
+++ b/resource/csdk/security/include/internal/security_internals.h
@@ -68,6 +68,33 @@ OCEntityHandlerResult PstatEntityHandler(OCEntityHandlerFlag flag,
  OCStackResult CBORPayloadToAmacl(const uint8_t *cborPayload, size_t cborSize,
                                   OicSecAmacl_t **amacl);
  
+/**
+ * This internal method is the entity handler for Cred resources
+ * to handle REST request (PUT/POST/DEL)
+ */
+OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
+                                        OCEntityHandlerRequest * ehRequest,
+                                        void* callbackParameter);
+
+/**
+ * This internal method is used to create '/oic/sec/Cred' resource.
+ */
+OCStackResult CreateCredResource();
+
+/**
+ * This function converts from CBOR format into credential structure .
+ * Caller needs to invoke 'free' for allocated structure.
+ *
+ * @param cborPayload is the CBOR value that is assigned to the structure.
+ * @param size is the size of the CBOR.
+ * @param secCred is the pointer to instance of @ref OicSecCred_t structure that will be allocated.
+ * If it fails it will return NULL.
+ *
+ * @return ::OC_STACK_OK if conversion is successful, else ::OC_STACK_ERROR if unsuccessful.
+ */
+OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
+                                OicSecCred_t **secCred);
+
  #ifdef __cplusplus
  }
  #endif
diff --git a/resource/csdk/security/include/securevirtualresourcetypes.h b/resource/csdk/security/include/securevirtualresourcetypes.h

index d8f7048..d7597e1 100644 (file)
--- a/resource/csdk/security/include/securevirtualresourcetypes.h
+++ b/resource/csdk/security/include/securevirtualresourcetypes.h
@@ -287,7 +287,8 @@ struct OicUuid
  #define JWK_LENGTH 256/8 // 256 bit key length
  struct OicSecJwk
  {
-    char                *data;
+    uint8_t                *data;
+    size_t                  len;
  };
  
  /**
diff --git a/resource/csdk/security/provisioning/src/credentialgenerator.c b/resource/csdk/security/provisioning/src/credentialgenerator.c

index df7754b..eb16fd6 100644 (file)
--- a/resource/csdk/security/provisioning/src/credentialgenerator.c
+++ b/resource/csdk/security/provisioning/src/credentialgenerator.c
@@ -19,12 +19,14 @@
   * *****************************************************************/
  #include <string.h>
  #include "credentialgenerator.h"
+#include "base64.h"
  #include "oic_malloc.h"
  #include "oic_string.h"
-#include "logger.h"
+#include "ocpayload.h"
+#include "payload_logging.h"
  #include "credresource.h"
  #include "ocrandom.h"
-#include "base64.h"
+#include "srmutility.h"
  #include "stdbool.h"
  #include "securevirtualresourcetypes.h"
  #ifdef __WITH_X509__
@@ -35,30 +37,18 @@
  
  #define TAG "SRPAPI-CG"
  
-/**
- * @def PM_VERIFY_SUCCESS
- * @brief Macro to verify success of operation.
- *        eg: PM_VERIFY_SUCCESS(TAG, OC_STACK_OK == foo(), OC_STACK_ERROR, ERROR);
- * @note Invoking function must define "bail:" label for goto functionality to work correctly and
- *       must define "OCStackResult res" for setting error code.
- * */
-#define PM_VERIFY_SUCCESS(tag, op, errCode, logLevel) { if (!(op)) \
-                       {OIC_LOG((logLevel), tag, #op " failed!!"); res = errCode; goto bail;} }
-/**
- * @def PM_VERIFY_NON_NULL
- * @brief Macro to verify argument is not equal to NULL.
- *        eg: PM_VERIFY_NON_NULL(TAG, ptrData, ERROR);
- * @note Invoking function must define "bail:" label for goto functionality to work correctly.
- * */
-#define PM_VERIFY_NON_NULL(tag, arg, errCode, logLevel) { if (NULL == (arg)) \
-                   { OIC_LOG((logLevel), tag, #arg " is NULL"); res = errCode; goto bail;} }
+static const char OIC_JSON_CRV_NAME[] = "crv";
+static const char OIC_JSON_KTY_NAME[] = "kty";
+static const char OIC_JSON_CERTIFICATE_NAME[] = "x5c";
+static const char OIC_JSON_D_NAME[] = "d";
+static const char kty[] = "EC";
+static const char crv[] = "P-256";
+static const uint8_t CertMapSize = 3;
  
  OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySize,
-                                    const OicUuid_t *ptDeviceId,
-                                    const OicUuid_t *firstDeviceId, const OicUuid_t *secondDeviceId,
-                                    OicSecCred_t **firstCred, OicSecCred_t **secondCred)
+        const OicUuid_t *ptDeviceId, const OicUuid_t *firstDeviceId,
+        const OicUuid_t *secondDeviceId, OicSecCred_t **firstCred, OicSecCred_t **secondCred)
  {
-
      if (NULL == ptDeviceId || NULL == firstDeviceId || NULL != *firstCred || \
          NULL == secondDeviceId || NULL != *secondCred)
      {
@@ -71,42 +61,30 @@ OCStackResult PMGeneratePairWiseCredentials(OicSecCredType_t type, size_t keySiz
          return OC_STACK_INVALID_PARAM;
      }
      OCStackResult res = OC_STACK_ERROR;
-    uint8_t* privData = NULL;
-    char* base64Buff = NULL;
      OicSecCred_t *tempFirstCred = NULL;
      OicSecCred_t *tempSecondCred = NULL;
  
      size_t privDataKeySize = keySize;
  
-    privData = (uint8_t*) OICCalloc(privDataKeySize,sizeof(uint8_t));
-    PM_VERIFY_NON_NULL(TAG, privData, OC_STACK_NO_MEMORY, ERROR);
+    uint8_t *privData = (uint8_t *)OICCalloc(privDataKeySize, sizeof(uint8_t));
+    VERIFY_NON_NULL(TAG, privData, ERROR);
  
-    OCFillRandomMem(privData,privDataKeySize);
-
-    uint32_t outLen = 0;
-
-    base64Buff = (char*) OICCalloc(B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1, sizeof(char));
-    PM_VERIFY_NON_NULL(TAG, base64Buff, OC_STACK_NO_MEMORY, ERROR);
-    int memReq = (B64ENCODE_OUT_SAFESIZE(privDataKeySize) + 1) * sizeof(char);
-    B64Result b64Ret = b64Encode(privData, privDataKeySize*sizeof(uint8_t), base64Buff,
-                                 memReq, &outLen);
-    PM_VERIFY_SUCCESS(TAG, B64_OK == b64Ret, OC_STACK_ERROR, ERROR);
+    OCFillRandomMem(privData, privDataKeySize);
  
      // TODO: currently owner array is 1. only provisioning tool's id.
-    tempFirstCred =  GenerateCredential(secondDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
-    PM_VERIFY_NON_NULL(TAG, tempFirstCred, OC_STACK_ERROR, ERROR);
+    tempFirstCred =  GenerateCredential(secondDeviceId, type, NULL, privData, 1, ptDeviceId);
+    VERIFY_NON_NULL(TAG, tempFirstCred, ERROR);
  
      // TODO: currently owner array is 1. only provisioning tool's id.
-    tempSecondCred =  GenerateCredential(firstDeviceId, type, NULL, base64Buff, 1, ptDeviceId);
-    PM_VERIFY_NON_NULL(TAG, tempSecondCred, OC_STACK_ERROR, ERROR);
+    tempSecondCred =  GenerateCredential(firstDeviceId, type, NULL, privData, 1, ptDeviceId);
+    VERIFY_NON_NULL(TAG, tempSecondCred, ERROR);
  
      *firstCred = tempFirstCred;
      *secondCred = tempSecondCred;
      res = OC_STACK_OK;
  
-bail:
+exit:
      OICFree(privData);
-    OICFree(base64Buff);
  
      if(res != OC_STACK_OK)
      {
@@ -123,17 +101,22 @@ bail:
  /**
   * Function to compose JSON Web Key (JWK) string from a certificate and a public key.
   *
- * @param[in]  certificateChain    Array of Base64 encoded certificate strings.
- * @param[in]  chainLength         Number of the certificates in certificateChain.
- * @return     Valid JWK string on success, or NULL on fail.
+ * @param certificateChain    Array of Base64 encoded certificate strings.
+ * @param chainLength         Number of the certificates in certificateChain.
+ * @param payload Valid JWK CBOR on success, or NULL on fail.
+
   */
-static char *CreateCertificatePublicJWK(const char *const *certificateChain,
-                                        const size_t chainLength)
+static OCStackResult CreateCertificatePublicJWK(const char *const *certificateChain,
+       const size_t chainLength, uint8_t **cborPayload, size_t *size)
  {
+    OCStackResult ret = OC_STACK_ERROR;
+    *cborPayload = NULL;
+    *size = 0;
+
      if (NULL == certificateChain || chainLength == 0)
      {
          OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
-        return NULL;
+        return OC_STACK_INVALID_PARAM;
      }
  
      size_t certChainSize = 0;
@@ -146,70 +129,118 @@ static char *CreateCertificatePublicJWK(const char *const *certificateChain,
          else
          {
              OIC_LOG(ERROR, TAG, "Error CreateCertificatePublicJWK: Invalid params");
-            return NULL;
-        }
-
-    }
-    /* certificates in the json array taken in quotes and separated by a comma
-     * so we have to count the number of characters (number of commas and quotes) required
-     * for embedding certificates in the array depending on the number of certificates in chain
-     * each certificate except last embeded in  "\"%s\"," */
-    const int numCommasAndQuotes = chainLength * 3 - 1;
-    const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"x5c\":[";
-    const char secondPart[] = "]}";
-    /* to calculate the size of JWK public part we need to add the value of first and  second parts,
-     * size of certificate chain, number of additional commas and quotes and 1 for string termination symbol */
-    size_t certPubJWKLen = strlen(firstPart) + strlen(secondPart)
-                                             + certChainSize + numCommasAndQuotes + 1;
-    char *certPubJWK = (char *)OICMalloc(certPubJWKLen);
-
-    if (NULL != certPubJWK)
-    {
-        OICStrcpy(certPubJWK, certPubJWKLen, firstPart);
-        size_t offset = strlen(firstPart);
-        for (size_t i = 0; i < chainLength; ++i)
-        {
-            offset += snprintf(certPubJWK + offset, certPubJWKLen - offset, "\"%s\",", certificateChain[i]);
+            return OC_STACK_INVALID_PARAM;
          }
-        snprintf(certPubJWK + offset - 1, certPubJWK - offset - 1, secondPart);
      }
-    else
+
+    // cborArbitraryLen is a value to conver field names and cbor map, cbor array.
+    size_t cborArbitraryLen = 255;
+    size_t cborLen = certChainSize + cborArbitraryLen;
+    int64_t cborEncoderResult = CborNoError;
+    CborEncoder encoder = { .end = 0 };
+    uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
+    VERIFY_NON_NULL(TAG, outPayload, ERROR);
+    cbor_encoder_init(&encoder, outPayload, cborLen, 0);
+
+    CborEncoder credMap = { .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, CertMapSize);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map.");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
+            strlen(OIC_JSON_KTY_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
+            strlen(OIC_JSON_CRV_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CERTIFICATE_NAME,
+            strlen(OIC_JSON_CERTIFICATE_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Name.");
+    CborEncoder certs = { {.ptr = NULL }, .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_array(&credMap, &certs, chainLength);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Array.");
+    for (size_t i = 0; i < chainLength; i++)
      {
-        OIC_LOG(ERROR, TAG, "Error while memory allocation");
+        cborEncoderResult |= cbor_encode_byte_string(&certs, (uint8_t *)certificateChain[i], strlen(certificateChain[i]));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Certificate Chain.");
      }
-    return certPubJWK;
+    cborEncoderResult |= cbor_encoder_close_container(&credMap, &certs);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Certificate Chain.");
+
+    cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
+
+    *cborPayload = outPayload;
+    *size = encoder.ptr - outPayload;
+    ret = OC_STACK_OK;
+
+exit:
+    return ret;
  }
  
  /**
   * Function to compose JWK string from a private key.
   *
- * @param[in]  privateKey    Base64 encoded private key.
- * @return     Valid JWK string on success, or NULL on fail.
+ * @param privateKey to be converted to CBOR.
+ * @ Valid JWK string on success, or NULL on fail.
   */
-static char *CreateCertificatePrivateJWK(const char *privateKey)
+OCStackResult CreateCertificatePrivateJWK(const char *privateKey, uint8_t **cborPayload,
+        size_t *size)
  {
-    if (NULL == privateKey)
-    {
-        OIC_LOG(ERROR, TAG, "Error privateKey is NULL");
-        return NULL;
-    }
-    const char firstPart[] = "{\"kty\":\"EC\",\"crv\":\"P-256\",\"d\":\"";
-    const char secondPart[] = "\"}";
-    size_t len = strlen(firstPart) + strlen(secondPart) + strlen(privateKey) + 1;
-    char *certPrivJWK = (char *)OICMalloc(len);
-
-    if (NULL != certPrivJWK)
-    {
-        snprintf(certPrivJWK, len, "%s%s%s", firstPart, privateKey, secondPart);
-    }
-    else
-    {
-        OIC_LOG(ERROR, TAG, "Error while memory allocation");
-    }
-    return certPrivJWK;
+    *cborPayload = NULL;
+    *size = 0;
+    OCStackResult ret = OC_STACK_INVALID_PARAM;
+    VERIFY_NON_NULL(TAG, privateKey, ERROR);
+
+    // cborArbitraryLen is a value to conver field names and cbor map, cbor array.
+    size_t cborArbitraryLen = 255;
+    size_t cborLen = strlen(privateKey) + cborArbitraryLen;
+    int64_t cborEncoderResult = CborNoError;
+    ret = OC_STACK_ERROR;
+    uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
+    VERIFY_NON_NULL(TAG, outPayload, ERROR);
+
+    CborEncoder encoder = { .end = 0 };
+    cbor_encoder_init(&encoder, outPayload, cborLen, 0);
+
+    CborEncoder credMap = { .end = 0 };
+    cborEncoderResult |= cbor_encoder_create_map(&encoder, &credMap, 3);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_KTY_NAME,
+            strlen(OIC_JSON_KTY_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, kty, strlen(kty));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_CRV_NAME,
+            strlen(OIC_JSON_CRV_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+    cborEncoderResult |= cbor_encode_text_string(&credMap, crv, strlen(crv));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding ");
+
+    cborEncoderResult |= cbor_encode_text_string(&credMap, OIC_JSON_D_NAME,
+            strlen(OIC_JSON_D_NAME));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D tag.");
+    cborEncoderResult |= cbor_encode_byte_string(&credMap, (uint8_t *)privateKey, strlen(privateKey));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding D Value.");
+
+    cborEncoderResult |= cbor_encoder_close_container(&encoder, &credMap);
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
+
+    *cborPayload = outPayload;
+    *size = encoder.ptr - outPayload;
+    ret = OC_STACK_OK;
+
+exit:
+    return ret;
  }
  
-
  /**
   * Function to generate Base64 encoded credential data for device.
   *
@@ -339,7 +370,6 @@ memclean:
      return OC_STACK_OK;
  }
  
-
  OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
          const OicUuid_t *deviceId, OicSecCred_t **const cred)
  {
@@ -357,8 +387,18 @@ OCStackResult PMGenerateCertificateCredentials(const OicUuid_t *ptDeviceId,
          return OC_STACK_ERROR;
      }
  
-    char *publicJWK = CreateCertificatePublicJWK(certificateChain, certChainLen);
-    char *privateJWK = CreateCertificatePrivateJWK(privKey);
+    uint8_t *publicJWK = NULL;
+    size_t len = 0;
+    if (OC_STACK_OK == CreateCertificatePublicJWK(certificateChain, certChainLen, &publicJWK, &len))
+    {
+
+    }
+    uint8_t *privateJWK = NULL;
+    size_t len1 = 0;
+    if (OC_STACK_OK == CreateCertificatePrivateJWK(privKey, &privateJWK, &len1))
+    {
+
+    }
      for (size_t i = 0; i < certChainLen; ++i)
      {
          OICFree(certificateChain[i]);
diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c

index e1ba69b..0ae6b4f 100644 (file)
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -439,16 +439,10 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
          OIC_LOG_BUFFER(INFO, TAG,ownerPSK, OWNER_PSK_LENGTH_128);
          //Generating new credential for provisioning tool
          size_t ownLen = 1;
-        uint32_t outLen = 0;
-
-        char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(ownerPSK)) + 1] = {};
-        B64Result b64Ret = b64Encode(ownerPSK, sizeof(ownerPSK), base64Buff, sizeof(base64Buff),
-                &outLen);
-        VERIFY_SUCCESS(TAG, B64_OK == b64Ret, ERROR);
  
          OicSecCred_t *cred = GenerateCredential(&selectedDeviceInfo->doxm->deviceID,
                  SYMMETRIC_PAIR_WISE_KEY, NULL,
-                base64Buff, ownLen, &ptDeviceID);
+                ownerPSK, ownLen, &ptDeviceID);
          VERIFY_NON_NULL(TAG, cred, ERROR);
  
          res = AddCredential(cred);
@@ -936,8 +930,8 @@ static OCStackResult PutOwnerCredential(OTMContext_t* otmCtx)
          newCredential.privateData.data = NULL;
  
          //Send owner credential to new device : PUT /oic/sec/cred [ owner credential ]
-        secPayload->securityData = BinToCredJSON(&newCredential);
-        if (NULL == secPayload->securityData)
+        size_t size = 0;
+        if (OC_STACK_OK != CredToCBORPayload(&newCredential, &secPayload->securityData1, &size))
          {
              OICFree(secPayload);
              OIC_LOG(ERROR, TAG, "Error while converting bin to json");
diff --git a/resource/csdk/security/provisioning/src/secureresourceprovider.c b/resource/csdk/security/provisioning/src/secureresourceprovider.c

index 2214164..35bcd77 100644 (file)
--- a/resource/csdk/security/provisioning/src/secureresourceprovider.c
+++ b/resource/csdk/security/provisioning/src/secureresourceprovider.c
@@ -298,21 +298,21 @@ static OCStackResult provisionCredentials(const OicSecCred_t *cred,
          OCClientResponseHandler responseHandler)
  {
      OCSecurityPayload* secPayload = (OCSecurityPayload*)OICCalloc(1, sizeof(OCSecurityPayload));
-    if(!secPayload)
+    if (!secPayload)
      {
          OIC_LOG(ERROR, TAG, "Failed to memory allocation");
          return OC_STACK_NO_MEMORY;
      }
      secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-    secPayload->securityData = BinToCredJSON(cred);
-    if(NULL == secPayload->securityData)
+    size_t size = 0;
+    OCStackResult res = CredToCBORPayload(cred, &secPayload->securityData1, &size);
+    if((OC_STACK_OK != res) && (NULL == secPayload->securityData1))
      {
-        OICFree(secPayload);
-        OIC_LOG(ERROR, TAG, "Failed to BinToCredJSON");
+        OCPayloadDestroy((OCPayload *)secPayload);
+        OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
          return OC_STACK_NO_MEMORY;
      }
  
-    OIC_LOG_V(INFO, TAG, "Credential for provisioning : %s",secPayload->securityData);
      char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
      if(!PMGenerateQuery(true,
                          deviceInfo->endpoint.addr,
@@ -498,7 +498,7 @@ OCStackResult SRPProvisionCRL(void *ctx, const OCProvisionDev_t *selectedDeviceI
      crlData->resArr = (OCProvisionResult_t*)OICCalloc(1, sizeof(OCProvisionResult_t));
      if (crlData->resArr == NULL)
      {
-        OICFree(secPayload->securityData);
+        OICFree(secPayload->securityData1);
          OICFree(secPayload);
          OIC_LOG(ERROR, TAG, "Unable to allocate memory");
          return OC_STACK_NO_MEMORY;
@@ -542,16 +542,16 @@ static OCStackResult provisionCertCred(const OicSecCred_t *cred,
          return OC_STACK_NO_MEMORY;
      }
      secPayload->base.type = PAYLOAD_TYPE_SECURITY;
-    secPayload->securityData = BinToCredJSON(cred);
+    size_t size = 0;
+    OCStackResult res = CredToCBORPayload(cred, &secPayload->securityData1, &size);
  
-    if (NULL == secPayload->securityData)
+    if ((OC_STACK_OK != res) || (NULL == secPayload->securityData1))
      {
          OICFree(secPayload);
-        OIC_LOG(ERROR, TAG, "Failed to BinToCredJSON");
+        OIC_LOG(ERROR, TAG, "Failed to CredToCBORPayload");
          return OC_STACK_NO_MEMORY;
      }
  
-    OIC_LOG_V(INFO, TAG, "Credential for provisioning : %s",secPayload->securityData);
      char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
      if(!PMGenerateQuery(true,
                          deviceInfo->endpoint.addr,
@@ -560,8 +560,7 @@ static OCStackResult provisionCertCred(const OicSecCred_t *cred,
                          query, sizeof(query), OIC_RSRC_CRED_URI))
      {
          OIC_LOG(ERROR, TAG, "DeviceDiscoveryHandler : Failed to generate query");
-        OICFree(secPayload->securityData);
-        OICFree(secPayload);
+        OCPayloadDestroy((OCPayload *)secPayload);
          return OC_STACK_ERROR;
      }
      OIC_LOG_V(DEBUG, TAG, "Query=%s", query);
diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c

index 54f17b4..b30eeae 100644 (file)
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -19,38 +19,49 @@
  //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  #define __STDC_LIMIT_MACROS
+
+#include <stdlib.h>
+#ifdef WITH_ARDUINO
+#include <string.h>
+#else
+#include <strings.h>
+#endif
+#include <stdint.h>
+
+#include "cainterface.h"
+#include "payload_logging.h"
  #include "ocstack.h"
-#include "logger.h"
+#include "ocrandom.h"
+#include "ocserverrequest.h"
  #include "oic_malloc.h"
-#include "cJSON.h"
-#include "resourcemanager.h"
-#include "psinterface.h"
+#include "ocpayload.h"
  #include "utlist.h"
-#include "srmresourcestrings.h"
  #include "credresource.h"
-#include "ocrandom.h"
  #include "doxmresource.h"
-#include "base64.h"
-#include "srmutility.h"
-#include "cainterface.h"
-#include "pbkdf2.h"
-#include <stdlib.h>
+#include "pstatresource.h"
  #include "iotvticalendar.h"
-#include "ocserverrequest.h"
+#include "pbkdf2.h"
+#include "resourcemanager.h"
+#include "srmresourcestrings.h"
+#include "srmutility.h"
+#include "psinterface.h"
+#include "pinoxmcommon.h"
  
  #ifdef __WITH_DTLS__
  #include "global.h"
-#endif //__WITH_DTLS__
-
-#ifdef WITH_ARDUINO
-#include <string.h>
-#else
-#include <strings.h>
  #endif
-#include <stdint.h>
  
  #define TAG  "SRM-CREDL"
  
+/** Default cbor payload size. This value is increased in case of CborErrorOutOfMemory.
+ * The value of payload size is increased until reaching belox max cbor size. */
+static const uint8_t CBOR_SIZE = 255;
+
+/** Max cbor size payload. */
+static const uint16_t CBOR_MAX_SIZE = 4400;
+
+/** CRED Map size - Number of mandatory items. */
+static const uint8_t CRED_MAP_SIZE = 4;
  
  static OicSecCred_t        *gCred = NULL;
  static OCResourceHandle    gCredHandle = NULL;
@@ -62,7 +73,7 @@ static void FreeCred(OicSecCred_t *cred)
  {
      if(NULL == cred)
      {
-        OIC_LOG (ERROR, TAG, "Invalid Parameter");
+        OIC_LOG(ERROR, TAG, "Invalid Parameter");
          return;
      }
      //Note: Need further clarification on roleID data type
@@ -100,244 +111,292 @@ void DeleteCredList(OicSecCred_t* cred)
      }
  }
  
-/**
- * This function converts credential data into JSON format.
- * Caller needs to invoke 'free' when done using
- * returned string.
- * @param cred  pointer to instance of OicSecCred_t structure.
- *
- * @retval
- *      pointer to JSON credential representation - if credential for subjectId found
- *      NULL                                      - if credential for subjectId not found
- */
-char * BinToCredJSON(const OicSecCred_t * cred)
+static size_t OicSecCredCount(const OicSecCred_t *secCred)
  {
-    cJSON *jsonRoot = NULL;
-    char *jsonStr = NULL;
+    size_t size = 0;
+    for (const OicSecCred_t *cred = secCred; cred; cred = cred->next)
+    {
+        size++;
+    }
+    return size;
+}
  
-    if (cred)
+OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload,
+                                size_t *cborSize)
+{
+    if (NULL == credS || NULL == cborPayload || NULL != *cborPayload || NULL == cborSize)
      {
-        char base64Buff[B64ENCODE_OUT_SAFESIZE(sizeof(((OicUuid_t*)0)->id)) + 1] = {};
-        uint32_t outLen = 0;
-        B64Result b64Ret = B64_OK;
+        return OC_STACK_INVALID_PARAM;
+    }
  
-        jsonRoot = cJSON_CreateObject();
-        VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
+    OCStackResult ret = OC_STACK_ERROR;
+    size_t cborLen = *cborSize;
+    if (0 == cborLen)
+    {
+        cborLen = CBOR_SIZE;
+    }
  
-        cJSON *jsonCredArray = NULL;
-        cJSON_AddItemToObject(jsonRoot, OIC_JSON_CRED_NAME,
-                jsonCredArray = cJSON_CreateArray());
-        VERIFY_NON_NULL(TAG, jsonCredArray, ERROR);
+    *cborSize = 0;
+    *cborPayload = NULL;
  
-        while(cred)
-        {
-            cJSON *jsonCred = cJSON_CreateObject();
-            VERIFY_NON_NULL(TAG, jsonCred, ERROR);
+    CborEncoder encoder = { {.ptr = NULL }, .end = 0 };
+    CborEncoder credArray = { {.ptr = NULL }, .end = 0 };
+    CborError cborEncoderResult = CborNoError;
  
-            //CredID -- Mandatory
-            cJSON_AddNumberToObject(jsonCred, OIC_JSON_CREDID_NAME, (int)cred->credId);
+    const OicSecCred_t *cred = credS;
+    size_t mapSize = CRED_MAP_SIZE;
+    if (cred->period)
+    {
+        mapSize++;
+    }
+    if (cred->publicData.data)
+    {
+        mapSize++;
+    }
+    if (cred->privateData.data)
+    {
+        mapSize++;
+    }
+    if (cred->period)
+    {
+        mapSize++;
+    }
+    uint8_t *outPayload = (uint8_t *)OICCalloc(1, cborLen);
+    VERIFY_NON_NULL(TAG, outPayload, ERROR);
+    cbor_encoder_init(&encoder, outPayload, cborLen, 0);
  
-            //Subject -- Mandatory
-            outLen = 0;
-            memset(base64Buff, 0, sizeof(base64Buff));
-            b64Ret = b64Encode(cred->subject.id, sizeof(cred->subject.id), base64Buff,
-                   sizeof(base64Buff), &outLen);
-            VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
-            cJSON_AddStringToObject(jsonCred, OIC_JSON_SUBJECT_NAME, base64Buff);
+    // Create CRED Array
+    cborEncoderResult = cbor_encoder_create_array(&encoder, &credArray, OicSecCredCount(cred));
+    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding0 Cred Array.");
  
-            //Note: Need further clarification on roleID data type
-#if 0
-            //RoleId -- Not Mandatory
-            if(cred->roleIdsLen > 0)
-            {
-                cJSON *jsonRoleIdsArray = NULL;
-                cJSON_AddItemToObject (jsonCred, OIC_JSON_ROLEIDS_NAME,
-                                         jsonRoleIdsArray = cJSON_CreateArray());
-                VERIFY_NON_NULL(TAG, jsonRoleIdsArray, ERROR);
-                for (size_t i = 0; i < cred->roleIdsLen; i++)
-                {
-                    cJSON_AddItemToArray (jsonRoleIdsArray,
-                            cJSON_CreateString((char *)cred->roleIds[i].id));
-                }
-            }
-#endif
-
-            //CredType -- Mandatory
-            cJSON_AddNumberToObject(jsonCred, OIC_JSON_CREDTYPE_NAME,(int)cred->credType);
+    while (cred)
+    {
+        CborEncoder credMap = { {.ptr = NULL }, .end = 0 };
+        cborEncoderResult = cbor_encoder_create_map(&credArray, &credMap, mapSize);
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Map");
+
+        //CredID -- Mandatory
+        cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDID_NAME,
+            strlen(OIC_JSON_CREDID_NAME));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Tag. ");
+        cborEncoderResult = cbor_encode_int(&credMap, cred->credId);
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Id Value.");
+
+        //Subject -- Mandatory
+        cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_SUBJECT_NAME,
+            strlen(OIC_JSON_SUBJECT_NAME));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Tag.");
+        cborEncoderResult = cbor_encode_byte_string(&credMap, cred->subject.id,
+            sizeof(cred->subject.id));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Value.");
+
+        //CredType -- Mandatory
+        cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_CREDTYPE_NAME,
+            strlen(OIC_JSON_CREDTYPE_NAME));
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Tag.");
+        cborEncoderResult = cbor_encode_int(&credMap, cred->credType);
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Cred Type Value.");
  
  #ifdef __WITH_X509__
-            //PublicData -- Not Mandatory
-            if(cred->publicData.data)
-            {
-                if (SIGNED_ASYMMETRIC_KEY == cred->credType)
-                {
-                    cJSON_AddItemToObject(jsonCred, OIC_JSON_PUBLICDATA_NAME,
-                                          cJSON_Parse(cred->publicData.data));
-                }
-                else
-                {
-                cJSON_AddStringToObject(jsonCred, OIC_JSON_PUBLICDATA_NAME, cred->publicData.data);
-                }
-            }
+        //PublicData -- Not Mandatory
+        if (cred->publicData.data)
+        {
+            cborEncoderResult = cbor_encode_text_string(&credMap,
+                OIC_JSON_PUBLICDATA_NAME, strlen(OIC_JSON_PUBLICDATA_NAME));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Data Tag.");
+            cborEncoderResult = cbor_encode_byte_string(&credMap, cred->publicData.data,
+                    sizeof(cred->publicData.data));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Public Tag Value.");
+        }
  #endif /*__WITH_X509__*/
-            //PrivateData -- Not Mandatory
-            if(cred->privateData.data)
-            {
-#ifdef __WITH_X509__
-                if (SIGNED_ASYMMETRIC_KEY == cred->credType)
-                {
-                    cJSON_AddItemToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME,
-                                          cJSON_Parse(cred->privateData.data));
-                }
-                else
-                {
-                    cJSON_AddStringToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME, cred->privateData.data);
-                }
-#else
-                cJSON_AddStringToObject(jsonCred, OIC_JSON_PRIVATEDATA_NAME, cred->privateData.data);
-#endif
-            }
+        //PrivateData -- Not Mandatory
+        if(cred->privateData.data)
+        {
+            cborEncoderResult = cbor_encode_text_string(&credMap,
+                OIC_JSON_PRIVATEDATA_NAME, strlen(OIC_JSON_PRIVATEDATA_NAME));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Data Tag");
+            cborEncoderResult = cbor_encode_byte_string(&credMap, cred->privateData.data,
+                sizeof(cred->privateData.data));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Private Data Value.");
+        }
  
-            //Period -- Not Mandatory
-            if(cred->period)
-            {
-                cJSON_AddStringToObject(jsonCred, OIC_JSON_PERIOD_NAME,
-                                        cred->period);
-            }
+        //Period -- Not Mandatory
+        if(cred->period)
+        {
+            cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_PERIOD_NAME,
+                strlen(OIC_JSON_PERIOD_NAME));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Tag.");
+            cborEncoderResult = cbor_encode_text_string(&credMap, cred->period,
+                strlen(cred->period));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Name Value.");
+        }
  
-            //Owners -- Mandatory
-            cJSON *jsonOwnrArray = NULL;
-            cJSON_AddItemToObject (jsonCred, OIC_JSON_OWNERS_NAME,
-                                             jsonOwnrArray = cJSON_CreateArray());
-            VERIFY_NON_NULL(TAG, jsonOwnrArray, ERROR);
+        //Owners -- Mandatory
+        {
+            cborEncoderResult = cbor_encode_text_string(&credMap, OIC_JSON_OWNERS_NAME,
+                strlen(OIC_JSON_OWNERS_NAME));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Name Tag.");
+            CborEncoder owners = { {.ptr = NULL }, .end = 0 };
+            cborEncoderResult = cbor_encoder_create_array(&credMap, &owners, cred->ownersLen);
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Name Array.");
              for (size_t i = 0; i < cred->ownersLen; i++)
              {
-                outLen = 0;
-                memset(base64Buff, 0, sizeof(base64Buff));
-                b64Ret = b64Encode(cred->owners[i].id, sizeof(cred->owners[i].id),
-                        base64Buff, sizeof(base64Buff), &outLen);
-                VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
-                cJSON_AddItemToArray (jsonOwnrArray,
-                                       cJSON_CreateString((char *)(base64Buff)));
+                cborEncoderResult = cbor_encode_byte_string(&owners,
+                    (uint8_t *)cred->owners[i].id,
+                    sizeof(cred->owners[i].id));
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Owners Array Value.");
              }
-
-            /* Attach current cred node to cred Array */
-            cJSON_AddItemToArray(jsonCredArray, jsonCred);
-            cred = cred->next;
+            cborEncoderResult = cbor_encoder_close_container(&credMap, &owners);
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Owners Name Array.");
          }
+        cborEncoderResult = cbor_encoder_close_container(&credArray, &credMap);
+        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Map.");
  
-        jsonStr = cJSON_PrintUnformatted(jsonRoot);
+        cred = cred->next;
+   }
+   cborEncoderResult = cbor_encoder_close_container(&encoder, &credArray);
+   VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Cred Array.");
+
+   if (CborNoError == cborEncoderResult)
+   {
+       *cborPayload = outPayload;
+       *cborSize = encoder.ptr - outPayload;
+        ret = OC_STACK_OK;
      }
  
  exit:
-    if (jsonRoot)
+    if ((CborErrorOutOfMemory == cborEncoderResult) && (cborLen < CBOR_MAX_SIZE))
      {
-        cJSON_Delete(jsonRoot);
+       // reallocate and try again!
+       OICFree(outPayload);
+       outPayload = NULL;
+       // Since the allocated initial memory failed, double the memory.
+       cborLen += encoder.ptr - encoder.end;
+       cborEncoderResult = CborNoError;
+       ret = CredToCBORPayload(credS, cborPayload, &cborLen);
+       if (CborNoError == cborEncoderResult)
+       {
+           *cborSize = cborLen;
+            ret = OC_STACK_OK;
+        }
      }
-    return jsonStr;
+
+    if (CborNoError != cborEncoderResult)
+    {
+       OICFree(outPayload);
+       outPayload = NULL;
+       *cborSize = 0;
+       *cborPayload = NULL;
+       ret = OC_STACK_ERROR;
+    }
+
+    return ret;
  }
  
-/*
- * This internal method converts JSON cred into binary cred.
- */
-OicSecCred_t * JSONToCredBin(const char * jsonStr)
+OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
+                                OicSecCred_t **secCred)
  {
+    if (NULL == cborPayload || NULL == secCred || NULL != *secCred)
+    {
+        return OC_STACK_INVALID_PARAM;
+    }
+
+    *secCred = NULL;
+
      OCStackResult ret = OC_STACK_ERROR;
-    OicSecCred_t * headCred = NULL;
-    OicSecCred_t * prevCred = NULL;
-    cJSON *jsonCredArray = NULL;
  
-    cJSON *jsonRoot = cJSON_Parse(jsonStr);
-    VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
+    CborValue credCbor = { .parser = NULL };
+    CborParser parser = { .end = NULL };
+    CborError cborFindResult = CborNoError;
+    OicSecCred_t *cred = NULL;
+    char *name = NULL;
  
-    jsonCredArray = cJSON_GetObjectItem(jsonRoot, OIC_JSON_CRED_NAME);
-    VERIFY_NON_NULL(TAG, jsonCredArray, ERROR);
-    if (cJSON_Array == jsonCredArray->type)
+    int cborLen = size;
+    if (0 == size)
      {
-        int numCred = cJSON_GetArraySize(jsonCredArray);
-        int idx = 0;
+        cborLen = CBOR_SIZE;
+    }
+    cbor_parser_init(cborPayload, cborLen, 0, &parser, &credCbor);
  
-        unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
-        uint32_t outLen = 0;
-        B64Result b64Ret = B64_OK;
+    OicSecCred_t *headCred = NULL;
  
-        VERIFY_SUCCESS(TAG, numCred > 0, ERROR);
-        do
-        {
-            cJSON *jsonCred = cJSON_GetArrayItem(jsonCredArray, idx);
-            VERIFY_NON_NULL(TAG, jsonCred, ERROR);
+    CborValue credArray = { .parser = NULL };
+    cborFindResult = cbor_value_enter_container(&credCbor, &credArray);
+    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Array.");
  
-            OicSecCred_t *cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
-            VERIFY_NON_NULL(TAG, cred, ERROR);
+    while (cbor_value_is_valid(&credArray))
+    {
+        CborValue credMap = { .parser = NULL };
+        cborFindResult = cbor_value_enter_container(&credArray, &credMap);
+        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
  
-            headCred = (headCred) ? headCred : cred;
-            if (prevCred)
-            {
-                prevCred->next = cred;
-            }
-            size_t jsonObjLen = 0;
-            cJSON *jsonObj = NULL;
+        cred = (OicSecCred_t *) OICCalloc(1, sizeof(*cred));
+        VERIFY_NON_NULL(TAG, cred, ERROR);
+
+        while (cbor_value_is_valid(&credMap))
+        {
+            size_t len = 0;
+            cborFindResult = cbor_value_dup_text_string(&credMap, &name, &len, NULL);
+            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Name.");
+            cborFindResult = cbor_value_advance(&credMap);
+            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Name. ");
+
+            CborType type = cbor_value_get_type(&credMap);
  
              //CredId -- Mandatory
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_CREDID_NAME);
-            if(jsonObj)
+            if (0 == strcmp(OIC_JSON_CREDID_NAME, name))
              {
-                VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
-                cred->credId = jsonObj->valueint;
+                cborFindResult = cbor_value_get_int(&credMap, (int *) &cred->credId);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Id Value.");
              }
-
              //subject -- Mandatory
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_SUBJECT_NAME);
-            VERIFY_NON_NULL(TAG, jsonObj, ERROR);
-            VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
-            outLen = 0;
-            memset(base64Buff, 0, sizeof(base64Buff));
-            b64Ret = b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring),
-                    base64Buff, sizeof(base64Buff), &outLen);
-            VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(cred->subject.id)),
-                           ERROR);
-            memcpy(cred->subject.id, base64Buff, outLen);
-
-            //CredType -- Mandatory
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_CREDTYPE_NAME);
-            VERIFY_NON_NULL(TAG, jsonObj, ERROR);
-            VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
-            cred->credType = (OicSecCredType_t)jsonObj->valueint;
-
-            //PrivateData is mandatory for some of the credential types listed below.
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PRIVATEDATA_NAME);
-            if ((cred->credType & SYMMETRIC_PAIR_WISE_KEY) ||
-                (cred->credType & SYMMETRIC_GROUP_KEY) ||
-                (cred->credType & PIN_PASSWORD))
+            if (0 == strcmp(OIC_JSON_SUBJECT_NAME, name))
              {
-                if(jsonObj)
-                {
-                    VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
-                }
+                uint8_t *id = NULL;
+                cborFindResult = cbor_value_dup_byte_string(&credMap, &id, &len, NULL);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Subject Name Value.");
+                memcpy(cred->subject.id, id, len);
+                OICFree(id);
              }
-#ifdef __WITH_X509__
-            else if (cred->credType & SIGNED_ASYMMETRIC_KEY)
+            //CredType -- Mandatory
+            if (0 == strcmp(OIC_JSON_CREDTYPE_NAME, name))
              {
-                VERIFY_NON_NULL(TAG, jsonObj, ERROR);
-                VERIFY_SUCCESS(TAG, cJSON_Object == jsonObj->type, ERROR);
+                cborFindResult = cbor_value_get_int(&credMap, (int *) &cred->credType);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Type Value.");
              }
-#endif //  __WITH_X509__
-            if (NULL != jsonObj)
+            //Owners -- Mandatory
+            if (0 == strcmp(OIC_JSON_OWNERS_NAME, name))
              {
-                if (cJSON_String == jsonObj->type)
+                CborValue owners = { .parser = NULL };
+                cborFindResult = cbor_value_get_array_length(&credMap, &cred->ownersLen);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owners Name Array Len.");
+                cborFindResult = cbor_value_enter_container(&credMap, &owners);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owners Name.");
+                int i = 0;
+                cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners));
+                VERIFY_NON_NULL(TAG, cred->owners, ERROR);
+                while (cbor_value_is_valid(&owners))
                  {
-                    jsonObjLen = strlen(jsonObj->valuestring) + 1;
-                    cred->privateData.data = (char *)OICMalloc(jsonObjLen);
-                    VERIFY_NON_NULL(TAG, (cred->privateData.data), ERROR);
-                    strncpy((char *)cred->privateData.data, (char *)jsonObj->valuestring, jsonObjLen);
+                    uint8_t *owner = NULL;
+                    cborFindResult = cbor_value_dup_byte_string(&owners, &owner, &len, NULL);
+                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Owner Value.");
+                    memcpy(cred->owners[i].id, owner, len);
+                    OICFree(owner);
+                    cborFindResult = cbor_value_advance(&owners);
+                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Owner Value.");
                  }
-#ifdef __WITH_X509__
-                else if (SIGNED_ASYMMETRIC_KEY == cred->credType && cJSON_Object == jsonObj->type)
+            }
+            //PrivateData is mandatory for some of the credential types listed below.
+            if (0 == strcmp(OIC_JSON_PRIVATEDATA_NAME, name))
+            {
+                if ((cred->credType & SYMMETRIC_PAIR_WISE_KEY) ||
+                    (cred->credType & SYMMETRIC_GROUP_KEY) ||
+                    (cred->credType & PIN_PASSWORD))
                  {
-                    cred->privateData.data = cJSON_PrintUnformatted(jsonObj);
-                    VERIFY_NON_NULL(TAG, (cred->privateData.data), ERROR);
+                    cborFindResult = cbor_value_dup_byte_string(&credMap,
+                        &cred->privateData.data, &len, NULL);
+                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Private Data Value.");
                  }
-#endif // __WITH_X509__
              }
              else
              {
@@ -345,77 +404,69 @@ OicSecCred_t * JSONToCredBin(const char * jsonStr)
              }
  
              //PublicData is mandatory only for SIGNED_ASYMMETRIC_KEY credentials type.
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PUBLICDATA_NAME);
-#ifdef __WITH_X509__
-            if (cred->credType & SIGNED_ASYMMETRIC_KEY)
-            {
-                VERIFY_NON_NULL(TAG, jsonObj, ERROR);
-                VERIFY_SUCCESS(TAG, cJSON_Object == jsonObj->type, ERROR);
-            }
-#endif //  __WITH_X509__
-            if (NULL != jsonObj)
+            if (0 == strcmp(OIC_JSON_PUBLICDATA_NAME, name))
              {
-                if (cJSON_String == jsonObj->type)
+                if (cred->credType & SIGNED_ASYMMETRIC_KEY)
                  {
-                    jsonObjLen = strlen(jsonObj->valuestring) + 1;
-                    cred->publicData.data = (char *)OICMalloc(jsonObjLen);
-                    VERIFY_NON_NULL(TAG, (cred->publicData.data), ERROR);
-                    strncpy((char *)cred->publicData.data, (char *)jsonObj->valuestring, jsonObjLen);
+                    cborFindResult = cbor_value_dup_byte_string(&credMap,
+                        &cred->publicData.data, &len, NULL);
+                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding ");
                  }
-#ifdef __WITH_X509__
-                else if (SIGNED_ASYMMETRIC_KEY == cred->credType && cJSON_Object == jsonObj->type)
-                {
-                    cred->publicData.data = cJSON_PrintUnformatted(jsonObj);
-                    VERIFY_NON_NULL(TAG, (cred->publicData.data), ERROR);
-                }
-#endif //  __WITH_X509__
              }
-
              //Period -- Not Mandatory
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_PERIOD_NAME);
-            if(jsonObj && cJSON_String == jsonObj->type)
+            if (0 == strcmp(OIC_JSON_PERIOD_NAME, name))
              {
-                jsonObjLen = strlen(jsonObj->valuestring) + 1;
-                cred->period = (char *)OICMalloc(jsonObjLen);
-                VERIFY_NON_NULL(TAG, cred->period, ERROR);
-                strncpy(cred->period, jsonObj->valuestring, jsonObjLen);
+                cborFindResult = cbor_value_dup_text_string(&credMap,
+                    &cred->period, &len, NULL);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Period Name Value.");
              }
+            if (CborMapType != type && cbor_value_is_valid(&credMap))
+            {
+                cborFindResult = cbor_value_advance(&credMap);
+                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Map.");
+            }
+            OICFree(name);
+            name = NULL;
+        }
  
-            //Owners -- Mandatory
-            jsonObj = cJSON_GetObjectItem(jsonCred, OIC_JSON_OWNERS_NAME);
-            VERIFY_NON_NULL(TAG, jsonObj, ERROR);
-            VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
-            cred->ownersLen = (size_t)cJSON_GetArraySize(jsonObj);
-            VERIFY_SUCCESS(TAG, cred->ownersLen > 0, ERROR);
-            cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t));
-            VERIFY_NON_NULL(TAG, (cred->owners), ERROR);
-            for(size_t i = 0; i < cred->ownersLen; i++)
+        cred->next = NULL;
+        if (NULL == headCred)
+        {
+            headCred = cred;
+        }
+        else
+        {
+            OicSecCred_t *temp = headCred;
+            while (temp->next)
              {
-                cJSON *jsonOwnr = cJSON_GetArrayItem(jsonObj, i);
-                VERIFY_NON_NULL(TAG, jsonOwnr, ERROR);
-                VERIFY_SUCCESS(TAG, cJSON_String == jsonOwnr->type, ERROR);
-                outLen = 0;
-                memset(base64Buff, 0, sizeof(base64Buff));
-                b64Ret = b64Decode(jsonOwnr->valuestring, strlen(jsonOwnr->valuestring),
-                         base64Buff, sizeof(base64Buff), &outLen);
-                VERIFY_SUCCESS(TAG, (b64Ret == B64_OK &&
-                               outLen <= sizeof(cred->owners[i].id)), ERROR);
-                memcpy(cred->owners[i].id, base64Buff, outLen);
+                temp = temp->next;
              }
-            prevCred = cred;
-        } while( ++idx < numCred);
+            temp->next = cred;
+        }
+        if (cbor_value_is_valid(&credArray))
+        {
+            cborFindResult = cbor_value_advance(&credArray);
+            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Cred Array. ");
+        }
      }
-
+    *secCred = headCred;
      ret = OC_STACK_OK;
-
  exit:
-    cJSON_Delete(jsonRoot);
-    if (OC_STACK_OK != ret)
+    if (CborNoError != cborFindResult)
      {
          DeleteCredList(headCred);
          headCred = NULL;
+        ret = OC_STACK_ERROR;
      }
-    return headCred;
+    if (cred)
+    {
+        DeleteCredList(cred);
+    }
+    if (name)
+    {
+        OICFree(name);
+    }
+    return ret;
  }
  
  /**
@@ -434,13 +485,13 @@ exit:
   *      NULL                                 - error
   */
  OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t credType,
-                                 const char * publicData, const char * privateData,
-                                 size_t ownersLen, const OicUuid_t * owners)
+                                  const uint8_t * publicData, const uint8_t* privateData,
+                                  size_t ownersLen, const OicUuid_t * owners)
  {
      (void)publicData;
      OCStackResult ret = OC_STACK_ERROR;
  
-    OicSecCred_t *cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
+    OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
      VERIFY_NON_NULL(TAG, cred, ERROR);
  
      //CredId is assigned before appending new cred to the existing
@@ -457,23 +508,25 @@ OicSecCred_t * GenerateCredential(const OicUuid_t * subject, OicSecCredType_t cr
  #ifdef __WITH_X509__
      if(publicData)
      {
-        cred->publicData.data = (char *)OICMalloc(strlen(publicData)+1);
+        cred->publicData.data = (uint8_t *)OICCalloc(1, PUBLIC_KEY_SIZE);
          VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
-        strncpy((char *)cred->publicData.data, publicData, strlen(publicData)+1);
+        memcpy(cred->publicData.data, publicData, PUBLIC_KEY_SIZE);
      }
  #endif // __WITH_X509__
  
      if(privateData)
      {
-        cred->privateData.data = (char *)OICMalloc(strlen(privateData)+1);
+#ifdef __WITH_X509__
+        cred->privateData.data = (uint8_t *)OICCalloc(1, PRIVATE_KEY_SIZE);
          VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
-        strncpy((char *)cred->privateData.data, privateData, strlen(privateData)+1);
+        memcpy(cred->privateData.data, privateData, PRIVATE_KEY_SIZE);
+#endif // __WITH_X509__
      }
  
      VERIFY_SUCCESS(TAG, ownersLen > 0, ERROR);
      cred->ownersLen = ownersLen;
  
-    cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t));
+    cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners));
      VERIFY_NON_NULL(TAG, cred->owners, ERROR);
      for(size_t i = 0; i < cred->ownersLen; i++)
      {
@@ -495,22 +548,20 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred)
      bool ret = false;
  
      // Convert Cred data into JSON for update to persistent storage
-    char *jsonStr = BinToCredJSON(cred);
-    if (jsonStr)
+    uint8_t *payload = NULL;
+    size_t size = 0;
+    OCStackResult res = CredToCBORPayload(cred, &payload, &size);
+    if ((OC_STACK_OK == res) && payload)
      {
-        cJSON *jsonCred = cJSON_Parse(jsonStr);
-        OICFree(jsonStr);
-
-        if ((jsonCred) &&
-          (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_CRED_NAME, jsonCred)))
+        if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, payload, size))
          {
              ret = true;
          }
-        cJSON_Delete(jsonCred );
+        OICFree(payload);
      }
      else //Empty cred list
      {
-        if (OC_STACK_OK == UpdateSVRDatabase(OIC_JSON_CRED_NAME, NULL))
+        if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_JSON_CRED_NAME, NULL, size))
          {
              ret = true;
          }
@@ -531,11 +582,11 @@ static bool UpdatePersistentStorage(const OicSecCred_t *cred)
   */
  static int CmpCredId(const OicSecCred_t * first, const OicSecCred_t *second)
  {
-    if(first->credId < second->credId)
+    if (first->credId < second->credId)
      {
          return -1;
      }
-    else if(first->credId > second->credId)
+    else if (first->credId > second->credId)
      {
          return 1;
      }
@@ -603,18 +654,15 @@ static OicSecCred_t* GetCredDefault()
  OCStackResult AddCredential(OicSecCred_t * newCred)
  {
      OCStackResult ret = OC_STACK_ERROR;
-
      VERIFY_SUCCESS(TAG, NULL != newCred, ERROR);
  
      //Assigning credId to the newCred
      newCred->credId = GetCredId();
-
      VERIFY_SUCCESS(TAG, newCred->credId != 0, ERROR);
  
      //Append the new Cred to existing list
      LL_APPEND(gCred, newCred);
-
-    if(UpdatePersistentStorage(gCred))
+    if (UpdatePersistentStorage(gCred))
      {
          ret = OC_STACK_OK;
      }
@@ -701,34 +749,16 @@ static bool FillPrivateDataOfOwnerPSK(OicSecCred_t* receviedCred, const CAEndpoi
      OIC_LOG_BUFFER(DEBUG, TAG, ownerPSK, OWNER_PSK_LENGTH_128);
  
      //Generate owner credential based on recevied credential information
-    size_t b64BufSize = B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128 * sizeof(char));
-    uint8_t* encodeBuff = OICMalloc((b64BufSize + 1) * sizeof(char));
-    VERIFY_NON_NULL(TAG, encodeBuff, ERROR);
-    uint32_t encodedSize = 0;
-    B64Result b64Ret = b64Encode(ownerPSK, OWNER_PSK_LENGTH_128,
-                                 (char*)encodeBuff, b64BufSize + 1, &encodedSize);
-    VERIFY_SUCCESS(TAG, b64Ret == B64_OK, ERROR);
-    encodeBuff[encodedSize] = '\0';
-
-    //memory re-allocation for private data
-    OICFree(receviedCred->privateData.data);
-    receviedCred->privateData.data = (char*)OICMalloc((encodedSize + 1) * sizeof(char));
+    receviedCred->privateData.data = (uint8_t *)OICCalloc(1, OWNER_PSK_LENGTH_128);
      VERIFY_NON_NULL(TAG, receviedCred->privateData.data, ERROR);
-
-    //fill the base64 encoded private data
-    strncpy(receviedCred->privateData.data, (char*)encodeBuff, b64BufSize + 1);
-
+    memcpy(receviedCred->privateData.data, ownerPSK, OWNER_PSK_LENGTH_128);
      OIC_LOG(INFO, TAG, "PrivateData of OwnerPSK was calculated successfully");
  
-    //deallocate local memory
-    OICFree(encodeBuff);
-
      //Verify OwnerPSK information
      return (memcmp(&(receviedCred->subject), &(doxm->owner), sizeof(OicUuid_t)) == 0 &&
              receviedCred->credType == SYMMETRIC_PAIR_WISE_KEY);
  exit:
      //receviedCred->privateData.data will be deallocated when deleting credential.
-    OICFree(encodeBuff);
      return false;
  }
  
@@ -739,9 +769,11 @@ static OCEntityHandlerResult HandlePutRequest(const OCEntityHandlerRequest * ehR
      OCEntityHandlerResult ret = OC_EH_ERROR;
  
      //Get binary representation of json
-    OicSecCred_t * cred  = JSONToCredBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
-
-    if(cred)
+    OicSecCred_t * cred  = NULL;
+    uint8_t *payload = (((OCSecurityPayload*)ehRequest->payload)->securityData1);
+    //size_t size = (((OCSecurityPayload*)ehRequest->payload)->payloadSize);
+    OCStackResult res = CBORPayloadToCred(payload, 0, &cred);
+    if (res == OC_STACK_OK)
      {
  #ifdef __WITH_DTLS__
          OicUuid_t emptyUuid = {.id={0}};
@@ -883,10 +915,11 @@ static OCEntityHandlerResult HandlePostRequest(const OCEntityHandlerRequest * eh
  {
      OCEntityHandlerResult ret = OC_EH_ERROR;
  
-    //Get binary representation of json
-    OicSecCred_t * cred  = JSONToCredBin(((OCSecurityPayload*)ehRequest->payload)->securityData);
-
-    if(cred)
+    //Get binary representation of CBOR
+    OicSecCred_t *cred  = NULL;
+    uint8_t *payload = ((OCSecurityPayload*)ehRequest->payload)->securityData1;
+    OCStackResult res = CBORPayloadToCred(payload, 0, &cred);
+    if ((OC_STACK_OK == res) && cred)
      {
          //If the Post request credential has credId, it will be
          //discarded and the next available credId will be assigned
@@ -909,7 +942,7 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e
         return ehRet;
     }
  
-   OicParseQueryIter_t parseIter = {.attrPos=NULL};
+   OicParseQueryIter_t parseIter = { .attrPos=NULL };
     OicUuid_t subject = {.id={0}};
  
     //Parsing REST query to get the subject
@@ -919,15 +952,7 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e
         if(strncasecmp((char *)parseIter.attrPos, OIC_JSON_SUBJECT_NAME,
                 parseIter.attrLen) == 0)
         {
-           unsigned char base64Buff[sizeof(((OicUuid_t*)0)->id)] = {};
-           uint32_t outLen = 0;
-           B64Result b64Ret = B64_OK;
-
-           b64Ret = b64Decode((char *)parseIter.valPos, parseIter.valLen,
-                   base64Buff, sizeof(base64Buff), &outLen);
-
-           VERIFY_SUCCESS(TAG, (b64Ret == B64_OK && outLen <= sizeof(subject.id)), ERROR);
-           memcpy(subject.id, base64Buff, outLen);
+           memcpy(subject.id, parseIter.valPos, parseIter.valLen);
         }
     }
  
@@ -936,15 +961,10 @@ static OCEntityHandlerResult HandleDeleteRequest(const OCEntityHandlerRequest *e
         ehRet = OC_EH_RESOURCE_DELETED;
     }
  
-exit:
      return ehRet;
  }
  
-/*
- * This internal method is the entity handler for Cred resources
- * to handle REST request (PUT/POST/DEL)
- */
-OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag,
+OCEntityHandlerResult CredEntityHandler(OCEntityHandlerFlag flag,
                                          OCEntityHandlerRequest * ehRequest,
                                          void* callbackParameter)
  {
@@ -980,15 +1000,12 @@ OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag,
      }
  
      //Send payload to request originator
-    ret = (SendSRMResponse(ehRequest, ret, NULL) == OC_STACK_OK ?
-                       ret : OC_EH_ERROR);
+    ret = (SendSRMCBORResponse(ehRequest, ret, NULL) == OC_STACK_OK) ?
+                       ret : OC_EH_ERROR;
  
      return ret;
  }
  
-/*
- * This internal method is used to create '/oic/sec/Cred' resource.
- */
  OCStackResult CreateCredResource()
  {
      OCStackResult ret;
@@ -1009,49 +1026,40 @@ OCStackResult CreateCredResource()
      return ret;
  }
  
-/**
- * Initialize Cred resource by loading data from persistent storage.
- *
- * @retval
- *     OC_STACK_OK    - no errors
- *     OC_STACK_ERROR - stack process error
- */
  OCStackResult InitCredResource()
  {
      OCStackResult ret = OC_STACK_ERROR;
  
      //Read Cred resource from PS
-    char* jsonSVRDatabase = GetSVRDatabase();
-
-    if (jsonSVRDatabase)
+    uint8_t *data = NULL;
+    size_t size = 0;
+    ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_CRED_NAME, &data, &size);
+    // If database read failed
+    if (ret != OC_STACK_OK)
+    {
+        OIC_LOG (DEBUG, TAG, "ReadSVDataFromPS failed");
+    }
+    if (data)
      {
-        //Convert JSON Cred into binary format
-        gCred = JSONToCredBin(jsonSVRDatabase);
+        // Read ACL resource from PS
+        ret = CBORPayloadToCred(data, size, &gCred);
      }
+
      /*
       * If SVR database in persistent storage got corrupted or
       * is not available for some reason, a default Cred is created
       * which allows user to initiate Cred provisioning again.
       */
-    if (!jsonSVRDatabase || !gCred)
+    if (ret != OC_STACK_OK || !data || !gCred)
      {
          gCred = GetCredDefault();
      }
      //Instantiate 'oic.sec.cred'
      ret = CreateCredResource();
-    OICFree(jsonSVRDatabase);
+    OICFree(data);
      return ret;
  }
  
-/**
- * Perform cleanup for Cred resources.
- *
- * @return
- *     OC_STACK_OK              - no errors
- *     OC_STACK_ERROR           - stack process error
- *     OC_STACK_NO_RESOURCE     - resource not found
- *     OC_STACK_INVALID_PARAM   - invalid param
- */
  OCStackResult DeInitCredResource()
  {
      OCStackResult result = OCDeleteResource(gCredHandle);
@@ -1060,15 +1068,6 @@ OCStackResult DeInitCredResource()
      return result;
  }
  
-/**
- * This method is used by tinydtls/SRM to retrieve credential for given Subject.
- *
- * @param subject - subject for which credential is required.
- *
- * @retval
- *     reference to OicSecCred_t - if credential is found
- *     NULL                      - if credential not found
- */
  const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
  {
      OicSecCred_t *cred = NULL;
@@ -1090,22 +1089,9 @@ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
  
  
  #if defined(__WITH_DTLS__)
-/**
- * This internal callback is used by lower stack (i.e. CA layer) to
- * retrieve PSK credentials from RI security layer.
- *
- * @param[in]  type type of PSK data required by tinyDTLS layer during DTLS handshake.
- * @param[in]  desc Additional request information.
- * @param[in]  desc_len The actual length of desc.
- * @param[out] result  Must be filled with the requested information.
- * @param[in]  result_length  Maximum size of @p result.
- *
- * @return The number of bytes written to @p result or a value
- *         less than zero on error.
- */
-int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
-              const unsigned char *desc, size_t desc_len,
-              unsigned char *result, size_t result_length)
+int32_t GetDtlsPskCredentials(CADtlsPskCredType_t type,
+              const uint8_t *desc, size_t desc_len,
+              uint8_t *result, size_t result_length)
  {
      int32_t ret = -1;
  
@@ -1164,18 +1150,10 @@ int32_t GetDtlsPskCredentials( CADtlsPskCredType_t type,
                              }
                          }
  
-                        // Convert PSK from Base64 encoding to binary before copying
-                        uint32_t outLen = 0;
-                        B64Result b64Ret = b64Decode(cred->privateData.data,
-                                strlen(cred->privateData.data), result,
-                                result_length, &outLen);
-                        if (B64_OK != b64Ret)
-                        {
-                            OIC_LOG (ERROR, TAG, "Base64 decoding failed.");
-                            ret = -1;
-                            return ret;
-                        }
-                        return outLen;
+                        // Copy PSK.
+                        result_length = sizeof(cred->privateData.data);
+                        memcpy(result, cred->privateData.data, result_length);
+                        return result_length;
                      }
                  }
              }
@@ -1217,19 +1195,14 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre
      }
  
      uint8_t privData[OWNER_PSK_LENGTH_128] = {0,};
+    OicSecCred_t* cred = NULL;
      int dtlsRes = DeriveCryptoKeyFromPassword((const unsigned char *)pin, pinSize, owners->id,
                                                UUID_LENGTH, PBKDF_ITERATIONS,
                                                OWNER_PSK_LENGTH_128, privData);
      VERIFY_SUCCESS(TAG, (0 == dtlsRes) , ERROR);
  
-    uint32_t outLen = 0;
-    char base64Buff[B64ENCODE_OUT_SAFESIZE(OWNER_PSK_LENGTH_128) + 1] = {};
-    B64Result b64Ret = b64Encode(privData, OWNER_PSK_LENGTH_128, base64Buff,
-                                sizeof(base64Buff), &outLen);
-    VERIFY_SUCCESS(TAG, (B64_OK == b64Ret), ERROR);
-
-    OicSecCred_t* cred = GenerateCredential(tmpSubject, credType, NULL,
-                                            base64Buff, ownersLen, owners);
+    cred = GenerateCredential(tmpSubject, credType, NULL,
+                              privData, ownersLen, owners);
      if(NULL == cred)
      {
          OIC_LOG(ERROR, TAG, "GeneratePskWithPIN() : Failed to generate credential");
@@ -1272,7 +1245,7 @@ static uint32_t ParseCertPrefix(uint8_t *prefix)
      uint32_t res = 0;
      if(NULL != prefix)
      {
-        for(int i=0; i < CERT_LEN_PREFIX; ++i)
+        for (int i = 0; i < CERT_LEN_PREFIX; ++i)
          {
              res |= (((uint32_t) prefix[i]) << ((CERT_LEN_PREFIX - 1 -i) * BYTE_SIZE));
          }
@@ -1280,34 +1253,30 @@ static uint32_t ParseCertPrefix(uint8_t *prefix)
      return res;
  }
  
-static uint32_t appendCert2Chain(uint8_t *appendPoint, char *cert, uint32_t max_len)
+static uint32_t appendCert2Chain(uint8_t *appendPoint, uint8_t *cert, size_t len, uint32_t max_len)
  {
      uint32_t ret = 0;
      VERIFY_NON_NULL(TAG, appendPoint, ERROR);
      VERIFY_NON_NULL(TAG, cert, ERROR);
  
-    uint32_t certLen;
-    VERIFY_SUCCESS(TAG, B64_OK == b64Decode(cert, strlen(cert), appendPoint + CERT_LEN_PREFIX,
-                                            max_len - CERT_LEN_PREFIX, &certLen), ERROR);
-    WriteCertPrefix(appendPoint, certLen);
+    memcpy(appendPoint + CERT_LEN_PREFIX, cert, max_len - CERT_LEN_PREFIX);
+    WriteCertPrefix(appendPoint, len);
  
-    ret = certLen + CERT_LEN_PREFIX;
+    ret = len + CERT_LEN_PREFIX;
  exit:
      return ret;
  }
  
-static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){
+static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo)
+{
      OCStackResult ret = OC_STACK_ERROR;
      uint8_t *ccPtr = credInfo->certificateChain;
-    for(uint32_t i =0; i < credInfo->chainLen - 1; ++i)
+    for(uint8_t i = 0; i < credInfo->chainLen - 1; ++i)
      {
          ccPtr += CERT_LEN_PREFIX + ParseCertPrefix(ccPtr);
      }
  
-    ByteArray cert = {
-        .data = ccPtr + CERT_LEN_PREFIX,
-        .len = ParseCertPrefix(ccPtr)
-         };
+    ByteArray cert = { .data = ccPtr + CERT_LEN_PREFIX, .len = ParseCertPrefix(ccPtr) };
      CertificateX509 certStruct;
  
      VERIFY_SUCCESS(TAG, PKI_SUCCESS == DecodeCertificate(cert, &certStruct), ERROR);
@@ -1322,70 +1291,6 @@ static OCStackResult GetCAPublicKeyData(CADtlsX509Creds_t *credInfo){
      return ret;
  }
  
-static OCStackResult GetCertCredPublicData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
-{
-    OCStackResult ret = OC_STACK_ERROR;
-    cJSON *jsonRoot = NULL;
-
-    VERIFY_NON_NULL(TAG, credInfo, ERROR);
-    VERIFY_NON_NULL(TAG, cred, ERROR);
-    VERIFY_NON_NULL(TAG, cred->publicData.data, ERROR);
-    //VERIFY_SUCCESS(TAG, NULL == credInfo->certificateChain.data, ERROR);
-    jsonRoot = cJSON_Parse(cred->publicData.data);
-    VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
-
-    //Get certificate chain
-    cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, CERTIFICATE);//TODO define field names constants
-    VERIFY_SUCCESS(TAG, NULL != jsonObj && cJSON_Array == jsonObj->type, ERROR);
-
-    size_t certChainLen = (size_t)cJSON_GetArraySize(jsonObj);
-    credInfo->chainLen = certChainLen;
-    VERIFY_SUCCESS(TAG, MAX_CHAIN_LEN >= certChainLen, ERROR);
-
-    uint32_t len = 0;
-    for (size_t i = 0; i < certChainLen; ++i)
-    {
-        cJSON *item = cJSON_GetArrayItem(jsonObj, i);
-        VERIFY_NON_NULL(TAG, item, ERROR);
-        VERIFY_SUCCESS(TAG, cJSON_String == item->type, ERROR);
-        uint32_t appendedLen = appendCert2Chain(credInfo->certificateChain + len, item->valuestring,
-                                              MAX_CERT_MESSAGE_LEN - len);
-        VERIFY_SUCCESS(TAG, 0 != appendedLen, ERROR);
-        len += appendedLen;
-    }
-    credInfo->certificateChainLen = len;
-    VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCAPublicKeyData(credInfo), ERROR);
-    ret = OC_STACK_OK;
-exit:
-    cJSON_Delete(jsonRoot);
-    return ret;
-}
-
-static OCStackResult GetCertCredPrivateData(CADtlsX509Creds_t *credInfo, OicSecCred_t *cred)
-{
-    OCStackResult ret = OC_STACK_ERROR;
-    cJSON *jsonRoot = NULL;
-    VERIFY_NON_NULL(TAG, credInfo, ERROR);
-    VERIFY_NON_NULL(TAG, cred, ERROR);
-    VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
-    jsonRoot = cJSON_Parse(cred->privateData.data);
-    VERIFY_NON_NULL(TAG, jsonRoot, ERROR);
-
-    cJSON *jsonObj = cJSON_GetObjectItem(jsonRoot, PRIVATE_KEY);//TODO define field names constants
-    VERIFY_SUCCESS(TAG, NULL != jsonObj && cJSON_String == jsonObj->type, ERROR);
-
-    uint32_t read = 0u;
-    VERIFY_SUCCESS(TAG, B64_OK == b64Decode(jsonObj->valuestring, strlen(jsonObj->valuestring),
-                                            credInfo->devicePrivateKey, PRIVATE_KEY_SIZE, &read)
-                   && PRIVATE_KEY_SIZE == read, ERROR);
-
-    ret = OC_STACK_OK;
-
-exit:
-    cJSON_Delete(jsonRoot);
-    return ret;
-}
-
  int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
  {
      int ret = 1;
@@ -1399,8 +1304,41 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
      LL_SEARCH_SCALAR(gCred, cred, credType, SIGNED_ASYMMETRIC_KEY);
      VERIFY_NON_NULL(TAG, cred, ERROR);
  
-    VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPrivateData(credInfo, cred), ERROR);
-    VERIFY_SUCCESS(TAG, OC_STACK_OK == GetCertCredPublicData(credInfo, cred), ERROR);
+    CborValue credCbor = { .parser = NULL };
+    CborParser parser = { .end = NULL };
+    CborError cborFindResult = CborNoError;
+    uint8_t *cborPayload = cred->publicData.data;
+    int cborLen = cred->publicData.len;
+    cbor_parser_init(cborPayload, cborLen, 0, &parser, &credCbor);
+    CborValue certMap;
+    cborFindResult = cbor_value_enter_container(&credCbor, &certMap);
+    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Cred Map.");
+
+    CborValue certs;
+    cborFindResult = cbor_value_map_find_value(&certs, CERTIFICATE, &certs);
+    if (cbor_value_is_array(&certs))
+    {
+        cborFindResult = cbor_value_get_array_length(&certs, (size_t *)&credInfo->chainLen);
+        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Chain Len.");
+        CborValue cert;
+        cborFindResult = cbor_value_enter_container(&certs, &cert);
+        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Container.");
+        size_t len = 0;
+        size_t certLen = 0;
+        uint8_t *val = NULL;
+        while (cbor_value_is_byte_string(&cert))
+        {
+            cborFindResult = cbor_value_dup_byte_string(&cert, &val, &certLen, NULL);
+            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
+            cborFindResult = cbor_value_advance(&cert);
+            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
+            uint32_t appendedLen = appendCert2Chain(credInfo->certificateChain + len, val, certLen, MAX_CERT_MESSAGE_LEN - len);
+            len += appendedLen;
+        }
+        credInfo->certificateChainLen = len;
+        GetCAPublicKeyData(credInfo);
+    }
+    memcpy(credInfo->devicePrivateKey, cred->privateData.data, PRIVATE_KEY_SIZE);
  
      ret = 0;
  exit:
diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c

index 269591b..809be93 100644 (file)
--- a/resource/csdk/security/src/psinterface.c
+++ b/resource/csdk/security/src/psinterface.c
@@ -280,7 +280,7 @@ OCStackResult UpdateSecureResourceInPS(const char* rsrcName, const uint8_t* psPa
      /*
       * This function stores cbor payload of each resource by appending resource name.
       */
-    if (!rsrcName || !*psPayload)
+    if (!rsrcName || !psPayload)
      {
          return OC_STACK_INVALID_PARAM;
      }
diff --git a/resource/csdk/security/unittest/credentialresource.cpp b/resource/csdk/security/unittest/credentialresource.cpp

index dd62f15..4c4e0c9 100644 (file)
--- a/resource/csdk/security/unittest/credentialresource.cpp
+++ b/resource/csdk/security/unittest/credentialresource.cpp
@@ -1,3 +1,5 @@
+//******************************************************************
+//
  // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
  //
  //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
@@ -17,45 +19,25 @@
  //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  
  #include "gtest/gtest.h"
-#include "ocstack.h"
+#include "logger.h"
  #include "ocpayload.h"
-#include "resourcemanager.h"
-#include "securevirtualresourcetypes.h"
-#include "credresource.h"
+#include "ocstack.h"
  #include "oic_malloc.h"
  #include "oic_string.h"
+#include "resourcemanager.h"
+#include "credresource.h"
+#include "securevirtualresourcetypes.h"
  #include "srmtestcommon.h"
  #include "srmutility.h"
-#include "logger.h"
+#include "psinterface.h"
+#include "security_internals.h"
  
  #define TAG "SRM-CRED-UT"
  
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-//Declare Cred resource methods for testing
-OCStackResult CreateCredResource();
-OCEntityHandlerResult CredEntityHandler (OCEntityHandlerFlag flag,
-                OCEntityHandlerRequest * ehRequest);
-char * BinToCredJSON(const OicSecCred_t * pstat);
-OicSecCred_t * JSONToCredBin(const char * jsonStr);
-void InitSecCredInstance(OicSecCred_t * cred);
-void DeleteCredList(OicSecCred_t* cred);
-const OicSecCred_t* GetCredResourceData(const OicUuid_t* subject);
-
-#ifdef __cplusplus
-}
-#endif
-
-
  OicSecCred_t * getCredList()
  {
-
-    OicSecCred_t * cred = NULL;
      size_t sz = 0;
-
-    cred = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
+    OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
      VERIFY_NON_NULL(TAG, cred, ERROR);
      cred->credId = 1234;
      OICStrcpy((char *)cred->subject.id, sizeof(cred->subject.id), "subject1");
@@ -70,15 +52,14 @@ OicSecCred_t * getCredList()
  #endif
  
      cred->credType = SYMMETRIC_PAIR_WISE_KEY;
-    cred->privateData.data = (char *)OICCalloc(1, strlen("My private Key11") + 1);
+    cred->privateData.data = (uint8_t *)OICCalloc(1, strlen("My private Key11") + 1);
      VERIFY_NON_NULL(TAG, cred->privateData.data, ERROR);
-    OICStrcpy(cred->privateData.data, strlen("My private Key11")+1,"My private Key11");
+    OICStrcpy((char *)cred->privateData.data, strlen("My private Key11")+1,"My private Key11");
      cred->ownersLen = 1;
-    cred->owners = (OicUuid_t*)OICCalloc(cred->ownersLen, sizeof(OicUuid_t));
+    cred->owners = (OicUuid_t *)OICCalloc(cred->ownersLen, sizeof(*cred->owners));
      VERIFY_NON_NULL(TAG, cred->owners, ERROR);
      OICStrcpy((char *)cred->owners[0].id, sizeof(cred->owners[0].id), "ownersId11");
-
-    cred->next = (OicSecCred_t*)OICCalloc(1, sizeof(OicSecCred_t));
+    cred->next = (OicSecCred_t*)OICCalloc(1, sizeof(*cred->next));
      VERIFY_NON_NULL(TAG, cred->next, ERROR);
      cred->next->credId = 5678;
      OICStrcpy((char *)cred->next->subject.id, sizeof(cred->next->subject.id), "subject2");
@@ -87,9 +68,9 @@ OicSecCred_t * getCredList()
  #endif
      cred->next->credType = SYMMETRIC_PAIR_WISE_KEY;
      sz = strlen("My private Key21") + 1;
-    cred->next->privateData.data = (char *)OICCalloc(1, sz);
+    cred->next->privateData.data = (uint8_t *)OICCalloc(1, sz);
      VERIFY_NON_NULL(TAG, cred->next->privateData.data, ERROR);
-    OICStrcpy(cred->next->privateData.data, sz,"My private Key21");
+    OICStrcpy((char *)cred->next->privateData.data, sz, "My private Key21");
  #if 0
      sz = strlen("My Public Key123") + 1
      cred->next->publicData.data = (char *)OICCalloc(1, sz);
@@ -97,7 +78,7 @@ OicSecCred_t * getCredList()
      OICStrcpy(cred->next->publicData.data, sz,"My Public Key123");
  #endif
      cred->next->ownersLen = 2;
-    cred->next->owners = (OicUuid_t*)OICCalloc(cred->next->ownersLen, sizeof(OicUuid_t));
+    cred->next->owners = (OicUuid_t *)OICCalloc(cred->next->ownersLen, sizeof(*cred->next->owners));
      VERIFY_NON_NULL(TAG, cred->next->owners, ERROR);
      OICStrcpy((char *)cred->next->owners[0].id, sizeof(cred->next->owners[0].id), "ownersId21");
      OICStrcpy((char *)cred->next->owners[1].id, sizeof(cred->next->owners[1].id), "ownersId22");
@@ -118,7 +99,7 @@ static void printCred(const OicSecCred_t * cred)
      EXPECT_TRUE(NULL != cred);
  
      const OicSecCred_t *credTmp1 = NULL;
-    for(credTmp1 = cred; credTmp1; credTmp1 = credTmp1->next)
+    for (credTmp1 = cred; credTmp1; credTmp1 = credTmp1->next)
      {
          OIC_LOG_V(INFO, TAG, "\ncred->credId = %d", credTmp1->credId);
          OIC_LOG_V(INFO, TAG, "cred->subject.id = %s", credTmp1->subject.id);
@@ -140,68 +121,78 @@ static void printCred(const OicSecCred_t * cred)
  }
  
   //InitCredResource Tests
-TEST(InitCredResourceTest, InitCredResource)
+TEST(CredResourceTest, InitCredResource)
  {
      EXPECT_EQ(OC_STACK_INVALID_PARAM, InitCredResource());
  }
  
  //DeInitCredResource Tests
-TEST(DeInitCredResourceTest, DeInitCredResource)
+TEST(CredResourceTest, DeInitCredResource)
  {
      EXPECT_EQ(OC_STACK_INVALID_PARAM, DeInitCredResource());
  }
  
  //CreateCredResource Tests
-TEST(CreateCredResourceTest, CreateCredResource)
+TEST(CredResourceTest, CreateCredResource)
  {
      EXPECT_EQ(OC_STACK_INVALID_PARAM, CreateCredResource());
  }
  
   //CredEntityHandler Tests
-TEST(CredEntityHandlerTest, CredEntityHandlerWithDummyRequest)
+TEST(CredResourceTest, CredEntityHandlerWithDummyRequest)
  {
      OCEntityHandlerRequest req;
      EXPECT_EQ(OC_EH_ERROR,
-            CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, &req));
+            CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, &req, NULL));
  }
  
-TEST(CredEntityHandlerTest, CredEntityHandlerWithNULLRequest)
+TEST(CredResourceTest, CredEntityHandlerWithNULLRequest)
  {
      EXPECT_EQ(OC_EH_ERROR,
-            CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, NULL));
+            CredEntityHandler(OCEntityHandlerFlag::OC_REQUEST_FLAG, NULL, NULL));
  }
  
-TEST(CredEntityHandlerTest, CredEntityHandlerInvalidFlag)
+TEST(CredResourceTest, CredEntityHandlerInvalidFlag)
  {
      OCEntityHandlerRequest req;
      EXPECT_EQ(OC_EH_ERROR,
-            CredEntityHandler(OCEntityHandlerFlag::OC_OBSERVE_FLAG, &req));
+            CredEntityHandler(OCEntityHandlerFlag::OC_OBSERVE_FLAG, &req, NULL));
  }
  
  //Cred DELETE request
-TEST(CredEntityHandlerTest, CredEntityHandlerDeleteTest)
+TEST(CredResourceTest, CredEntityHandlerDeleteTest)
  {
      OCEntityHandlerRequest ehReq =  OCEntityHandlerRequest();
      static OCPersistentStorage ps =  OCPersistentStorage();
      const OicSecCred_t* subjectCred1 = NULL;
      const OicSecCred_t* subjectCred2 = NULL;
-    char *jsonStr = NULL;
      OCEntityHandlerResult ehRet = OC_EH_ERROR;
-    char query[] = "sub=c3ViamVjdDE=";
+    char query[] = "sub=subject1";
  
      SetPersistentHandler(&ps, true);
  
      OicSecCred_t *cred = getCredList();
-    VERIFY_NON_NULL(TAG, cred, ERROR);
+    ASSERT_TRUE(NULL != cred);
  
-    jsonStr = BinToCredJSON(cred);
-    VERIFY_NON_NULL(TAG, jsonStr, ERROR);
+    uint8_t *payload = NULL;
+    size_t size = 0;
+    EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred, &payload, &size));
+    if (!payload)
+    {
+        DeleteCredList(cred);
+    }
+    ASSERT_TRUE(NULL != payload);
  
      // Create Entity Handler POST request payload
      ehReq.method = OC_REST_POST;
-    ehReq.payload = (OCPayload*)OCSecurityPayloadCreate(jsonStr);
-    ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq);
-    EXPECT_TRUE(OC_EH_ERROR == ehRet);
+    ehReq.payload = (OCPayload *)OCSecurityPayloadCBORCreate(payload);
+    if (!ehReq.payload)
+    {
+        OICFree(payload);
+        DeleteCredList(cred);
+    }
+    ASSERT_TRUE( NULL != ehReq.payload);
+    EXPECT_EQ(OC_EH_ERROR, CredEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL));
  
      // Verify if SRM contains Credential for the subject
      subjectCred1 = GetCredResourceData(&cred->subject);
@@ -209,96 +200,129 @@ TEST(CredEntityHandlerTest, CredEntityHandlerDeleteTest)
  
     // Create Entity Handler DELETE request
     ehReq.method = OC_REST_DELETE;
-   ehReq.query = (char*)OICMalloc(strlen(query)+1);
-   VERIFY_NON_NULL(TAG, ehReq.query, ERROR);
+   ehReq.query = (char *)OICCalloc(1, strlen(query)+1);
+   if (!ehReq.query)
+   {
+       OICFree(payload);
+       DeleteCredList(cred);
+   }
+   ASSERT_TRUE(NULL != ehReq.query);
     OICStrcpy(ehReq.query, strlen(query)+1, query);
  
-   ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq);
-   EXPECT_TRUE(OC_EH_ERROR == ehRet);
+   ehRet = CredEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL);
+   EXPECT_EQ(OC_EH_ERROR, ehRet);
  
     // Verify if SRM has deleted ACE for the subject
     subjectCred2 = GetCredResourceData(&cred->subject);
     EXPECT_TRUE(NULL == subjectCred2);
  
-exit:
     // Perform cleanup
     OICFree(ehReq.query);
-   OICFree(jsonStr);
-   OCPayloadDestroy(ehReq.payload);
-   if(NULL != cred)
+   OICFree(payload);
+   if (NULL != cred)
     {
         DeInitCredResource();
         DeleteCredList(cred);
     }
  }
  
-//BinToCredJSON Tests
-TEST(BinToCredJSONTest, BinToCredJSONNullCred)
+TEST(CredResourceTest, CredToCBORPayloadNULL)
  {
-    char* value = BinToCredJSON(NULL);
-    EXPECT_TRUE(value == NULL);
+    OicSecCred_t *cred = getCredList();
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(NULL, NULL, 0));
+    size_t size = 0;
+    uint8_t *cborPayload = (uint8_t *) OICCalloc(1, 10);
+    if (!cborPayload)
+    {
+        DeleteCredList(cred);
+    }
+    ASSERT_TRUE(NULL != cborPayload);
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, &cborPayload, &size));
+    OICFree(cborPayload);
+    cborPayload = NULL;
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(NULL, &cborPayload, &size));
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, &cborPayload, 0));
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CredToCBORPayload(cred, NULL, &size));
+    DeleteCredList(cred);
  }
  
-TEST(BinToCredJSONTest, BinToCredJSONValidCred)
+TEST(CredResourceTest, CredToCBORPayloadVALID)
  {
-    char* json = NULL;
-    OicSecCred_t * cred = getCredList();
+    uint8_t* payload = NULL;
+    size_t size = 0;
+    OicSecCred_t *cred = getCredList();
  
-    json = BinToCredJSON(cred);
+    EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred, &payload, &size));
+    if (!payload)
+    {
+        DeleteCredList(cred);
+    }
+    ASSERT_TRUE(NULL != payload);
  
-    OIC_LOG_V(INFO, TAG, "BinToCredJSON:%s\n", json);
-    EXPECT_TRUE(json != NULL);
      DeleteCredList(cred);
-    OICFree(json);
+    OICFree(payload);
  }
  
-//JSONToCredBin Tests
-TEST(JSONToCredBinTest, JSONToCredBinValidJSON)
+TEST(CredResourceTest, CBORPayloadToCredVALID)
  {
-    OicSecCred_t* cred1 = getCredList();
-    char* json = BinToCredJSON(cred1);
+    OicSecCred_t *cred1 = getCredList();
  
-    EXPECT_TRUE(json != NULL);
-    OicSecCred_t *cred2 = JSONToCredBin(json);
-    EXPECT_TRUE(cred2 != NULL);
+    uint8_t *payload = NULL;
+    size_t size = 0;
+    EXPECT_EQ(OC_STACK_OK, CredToCBORPayload(cred1, &payload, &size));
      DeleteCredList(cred1);
-    DeleteCredList(cred2);
-    OICFree(json);
+    ASSERT_TRUE(NULL != payload);
+
+    OicSecCred_t *cred2 = NULL;
+    EXPECT_EQ(OC_STACK_OK, CBORPayloadToCred(payload, size, &cred2));
+    OICFree(payload);
+    ASSERT_TRUE(cred2 != NULL);
  }
  
-TEST(JSONToCredBinTest, JSONToCredBinNullJSON)
+TEST(CredResourceTest, CBORPayloadToCredNULL)
  {
-    OicSecCred_t *cred = JSONToCredBin(NULL);
-    EXPECT_TRUE(cred == NULL);
+    OicSecCred_t *cred = NULL;
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(NULL, 0, NULL));
+    uint8_t *cborPayload = (uint8_t *) OICCalloc(1, 10);
+    ASSERT_TRUE(NULL != cborPayload);
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(NULL, 0, &cred));
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(cborPayload, 0, NULL));
+    cred = getCredList();
+    EXPECT_EQ(OC_STACK_INVALID_PARAM, CBORPayloadToCred(cborPayload, 0, &cred));
+    DeleteCredList(cred);
+    OICFree(cborPayload);
  }
  
  //GetCredResourceData Test
-TEST(CredGetResourceDataTest, GetCredResourceDataNULLSubject)
+TEST(CredResourceTest, GetCredResourceDataNULLSubject)
  {
-    EXPECT_TRUE(NULL == GetCredResourceData(NULL));
+    EXPECT_EQ(NULL, GetCredResourceData(NULL));
  }
  
-TEST(CredGenerateCredentialTest, GenerateCredentialValidInput)
+TEST(CredResourceTest, GenerateCredentialValidInput)
  {
      OicUuid_t owners[1];
-    OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId21");
+    OICStrcpy((char *)owners[0].id, strlen("ownersId21"), "ownersId21");
  
      OicUuid_t subject = {{0}};
-    OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
+    OICStrcpy((char *)subject.id, strlen("subject11"), "subject11");
  
      char privateKey[] = "My private Key11";
+    uint8_t *pk = (uint8_t *)OICCalloc(1, strlen(privateKey));
+    OICStrcpy((char *)pk, sizeof(pk), privateKey);
  
      OicSecCred_t * cred  = NULL;
  
      cred = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
-                             privateKey, 1, owners);
+                              pk, 1, owners);
      printCred(cred);
  
-    EXPECT_TRUE(NULL != cred);
+    ASSERT_TRUE(NULL != cred);
      DeleteCredList(cred);
+    OICFree(pk);
  }
  
-TEST(GenerateAndAddCredentialTest, GenerateAndAddCredentialValidInput)
+TEST(CredResourceTest, GenerateAndAddCredentialValidInput)
  {
      OicUuid_t owners[1];
      OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId11");
@@ -307,34 +331,36 @@ TEST(GenerateAndAddCredentialTest, GenerateAndAddCredentialValidInput)
      OICStrcpy((char *)subject.id, sizeof(subject.id), "subject11");
  
      char privateKey[] = "My private Key11";
+    uint8_t *pk = (uint8_t *)OICCalloc(1, strlen(privateKey));
+    OICStrcpy((char *)pk, sizeof(pk), privateKey);
  
-    OicSecCred_t * cred1  = NULL;
-    OicSecCred_t * headCred = NULL;
+    OicSecCred_t *cred1  = NULL;
+    OicSecCred_t *headCred = NULL;
  
      cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
-                                 privateKey, 1, owners);
+                               pk, 1, owners);
  
-    EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
+    EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
      headCred = cred1;
  
      OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId22");
      OICStrcpy((char *)subject.id, sizeof(subject.id), "subject22");
      cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
-                                     privateKey, 1, owners);
-    EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
+                               pk, 1, owners);
+    EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
  
      OICStrcpy((char *)owners[0].id, sizeof(owners[0].id), "ownersId33");
      OICStrcpy((char *)subject.id, sizeof(subject.id), "subject33");
      cred1 = GenerateCredential(&subject, SYMMETRIC_PAIR_WISE_KEY, NULL,
-                                     privateKey, 1, owners);
-    EXPECT_EQ(OC_STACK_ERROR, AddCredential(cred1));
+                                pk, 1, owners);
+    EXPECT_EQ(OC_STACK_OK, AddCredential(cred1));
  
      const OicSecCred_t* credList = GetCredResourceData(&headCred->subject);
  
      printCred(credList);
  
      DeleteCredList(headCred);
-
+    OICFree(pk);
  }
  
  #if 0
@@ -344,5 +370,3 @@ TEST(CredGetResourceDataTest, GetCredResourceDataValidSubject)
      EXPECT_TRUE(NULL != GetCredResourceData(cred->subject));
  }
  #endif
-
-
author	Habib Virji <habib.virji@samsung.com>
	Mon, 22 Feb 2016 16:04:11 +0000 (16:04 +0000)
committer	Habib Virji <habib.virji@samsung.com>
	Sun, 13 Mar 2016 12:47:09 +0000 (12:47 +0000)
resource/csdk/connectivity/api/casecurityinterface.h		patch \| blob \| history
resource/csdk/security/include/internal/credresource.h		patch \| blob \| history
resource/csdk/security/include/internal/security_internals.h		patch \| blob \| history
resource/csdk/security/include/securevirtualresourcetypes.h		patch \| blob \| history
resource/csdk/security/provisioning/src/credentialgenerator.c		patch \| blob \| history
resource/csdk/security/provisioning/src/ownershiptransfermanager.c		patch \| blob \| history
resource/csdk/security/provisioning/src/secureresourceprovider.c		patch \| blob \| history
resource/csdk/security/src/credresource.c		patch \| blob \| history
resource/csdk/security/src/psinterface.c		patch \| blob \| history
resource/csdk/security/unittest/credentialresource.cpp		patch \| blob \| history