OicSecCred_t *cred = (OicSecCred_t *)OICCalloc(1, sizeof(*cred));
VERIFY_NOT_NULL_RETURN(TAG, cred, ERROR, OC_STACK_NO_MEMORY);
- memcpy(cred->subject.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
+ res = GetDoxmDeviceID(&cred->subject);
+ if (OC_STACK_OK != res)
+ {
+ OIC_LOG(ERROR, TAG, "Cann't get the device id(GetDoxmDeviceID)");
+ DeleteCredList(cred);
+ return res;
+ }
cred->credUsage= (char *)OICCalloc(1, strlen(TRUST_CA)+1 );
VERIFY_NOT_NULL_RETURN(TAG, cred->credUsage, ERROR, OC_STACK_NO_MEMORY);
OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
- if (OC_STACK_OK != GetDoxmDeviceID(&cred->subject))
+ res = GetDoxmDeviceID(&cred->subject);
+ if (OC_STACK_OK != res)
{
OIC_LOG(ERROR, TAG, "Cann't get the device id(GetDoxmDeviceID)");
+ DeleteCredList(cred);
+ return res;
}
cred->credUsage= (char *)OICCalloc(1, strlen(PRIMARY_CERT)+1 );
}
/**
+ * Internal function to check a subject of SIGNED_ASYMMETRIC_KEY(Certificate).
+ * If that subject is NULL or wildcard, set it to own deviceID.
+ * @param cred credential on SVR DB file
+ * @param deviceID own deviceuuid of doxm resource
+ *
+ * @return
+ * true successfully done
+ * false Invalid cred
+ */
+
+static bool CheckSubjectOfCertificate(OicSecCred_t* cred, OicUuid_t deviceID)
+{
+ OicUuid_t emptyUuid = {.id={0}};
+ OIC_LOG(DEBUG, TAG, "IN CheckSubjectOfCertificate");
+ VERIFY_NOT_NULL(TAG, cred, ERROR);
+
+#if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
+ if ( SIGNED_ASYMMETRIC_KEY == cred->credType)
+ {
+ if((0 == memcmp(cred->subject.id, emptyUuid.id, sizeof(cred->subject.id))) ||
+ (0 == memcmp(cred->subject.id, &WILDCARD_SUBJECT_ID, sizeof(cred->subject.id))))
+ {
+ memcpy(cred->subject.id, deviceID.id, sizeof(deviceID.id));
+ }
+ }
+#endif
+
+ OIC_LOG(DEBUG, TAG, "OUT CheckSubjectOfCertificate");
+ return true;
+exit:
+ OIC_LOG(ERROR, TAG, "OUT CheckSubjectOfCertificate");
+ return false;
+}
+
+/**
* Internal function to check credential
*/
static bool IsValidCredential(const OicSecCred_t* cred)
if ((ret == OC_STACK_OK) && data)
{
- // Read ACL resource from PS
+ // Read Cred resource from PS
ret = CBORPayloadToCred(data, size, &gCred);
#ifdef HAVE_WINDOWS_H
gCred = GetCredDefault();
}
- //Add a log to track the invalid credential.
- LL_FOREACH(gCred, cred)
+ if (gCred)
{
- if (false == IsValidCredential(cred))
+ OicUuid_t deviceID;
+ OicUuid_t emptyUuid = {.id={0}};
+
+ ret = GetDoxmDeviceID(&deviceID);
+ VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
+
+ //Add a log to track the invalid credential.
+ LL_FOREACH(gCred, cred)
+ {
+ if (false == CheckSubjectOfCertificate(cred, deviceID))
+ {
+ OIC_LOG(WARNING, TAG, "Check subject of Certificate was failed while InitCredResource");
+ }
+ if (false == IsValidCredential(cred))
+ {
+ OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
+ OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
+ }
+ }
+
+ if (0 == memcmp(&gCred->rownerID, &emptyUuid, sizeof(OicUuid_t)))
{
- OIC_LOG(WARNING, TAG, "Invalid credential data was dectected while InitCredResource");
- OIC_LOG_V(WARNING, TAG, "Invalid credential ID = %d", cred->credId);
+ memcpy(&gCred->rownerID, &deviceID, sizeof(OicUuid_t));
}
- }
+ if (!UpdatePersistentStorage(gCred))
+ {
+ OIC_LOG(FATAL, TAG, "UpdatePersistentStorage failed!");
+ }
+ }
//Instantiate 'oic.sec.cred'
ret = CreateCredResource();
+
+exit:
+ OIC_LOG(DEBUG, TAG, "OUT InitCredResource.");
OICClearMemory(data, size);
OICFree(data);
return ret;