*/
OCStackResult SetAclRownerId(const OicUuid_t* newROwner);
+
+/**
+ * Gets the OicUuid_t value for the rownerid of the acl resource.
+ *
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.
+ */
+OCStackResult GetAclRownerId(OicUuid_t *rowneruuid);
+
#ifdef __cplusplus
}
#endif
OCStackResult AmaclToCBORPayload(const OicSecAmacl_t *amacl, uint8_t **cborPayload,
size_t *cborSize);
-
/**
* Internal function to update resource owner
*
*/
OCStackResult SetAmaclRownerId(const OicUuid_t* newROwner);
+/**
+ * Gets the OicUuid_t value for the rownerid of the amacl resource.
+ *
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.
+ */
+OCStackResult GetAmaclRownerId(OicUuid_t *rowneruuid);
+
#ifdef __cplusplus
}
#endif
*/
OCStackResult SetCredRownerId(const OicUuid_t* newROwner);
+/**
+ * Gets the OicUuid_t value for the rownerid of the cred resource.
+ *
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.
+ */
+OCStackResult GetCredRownerId(OicUuid_t *rowneruuid);
+
#ifdef __cplusplus
}
#endif
/**
* Gets the OicUuid_t value for the owner of this device.
*
- * @return ::OC_STACK_OK if devOwner is a valid UUID, otherwise ::OC_STACK_ERROR.
+ * @param devownerid a pointer to be assigned to the devownerid property
+ * @return ::OC_STACK_OK if devownerid is assigned correctly, else ::OC_STACK_ERROR.
*/
-OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner);
+OCStackResult GetDoxmDevOwnerId(OicUuid_t *devownerid);
+
+/**
+ * Gets the OicUuid_t value for the rowneruuid of the doxm resource.
+ *
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.
+ */
+OCStackResult GetDoxmRownerId(OicUuid_t *rowneruuid);
/** This function deallocates the memory for OicSecDoxm_t .
*
OicUuid_t *peerDevID, OicUuid_t *owner, bool isPairingServer);\r
#endif // __WITH_DTLS__\r
\r
+/**\r
+ * Gets the OicUuid_t value for the rownerid of the Dpairing resource.\r
+ *\r
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property\r
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.\r
+ */\r
+OCStackResult GetDpairingRownerId(OicUuid_t *rowneruuid);\r
\r
/**\r
* Internal function to update resource owner\r
*/\r
OCStackResult SetPconfRownerId(const OicUuid_t* newROwner);\r
\r
+/**\r
+ * Gets the OicUuid_t value for the rownerid of the pconf resource.\r
+ *\r
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property\r
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.\r
+ */\r
+OCStackResult GetPconfRownerId(OicUuid_t *rowneruuid);\r
+\r
#ifdef __cplusplus\r
}\r
#endif\r
*/
void SetPolicyEngineState(PEContext_t *context, const PEState_t state);
+typedef OCStackResult (*GetSvrRownerId_t)(OicUuid_t *rowner);
+
#endif //IOTVT_SRM_PE_H
*/
OCStackResult SetPstatRownerId(const OicUuid_t* newROwner);
+/**
+ * Gets the OicUuid_t value for the rownerid of the pstat resource.
+ *
+ * @param rowneruuid a pointer to be assigned to the rowneruuid property
+ * @return ::OC_STACK_OK if rowneruuid is assigned correctly, else ::OC_STACK_ERROR.
+ */
+OCStackResult GetPstatRownerId(OicUuid_t *rowneruuid);
+
+/**
+ * This function returns the "isop" status of the device.
+ *
+ * @return true iff pstat.isop == 1, else false
+ */
+bool GetPstatIsop();
+
#ifdef __cplusplus
}
#endif
typedef enum
{
- NOT_A_SVR_RESOURCE = 0,
- OIC_R_ACL_TYPE,
+ OIC_R_ACL_TYPE = 0,
OIC_R_AMACL_TYPE,
OIC_R_CRED_TYPE,
OIC_R_CRL_TYPE,
OIC_R_PCONF_TYPE,
OIC_R_PSTAT_TYPE,
OIC_R_SACL_TYPE,
- OIC_R_SVC_TYPE
+ OIC_R_SVC_TYPE,
+ OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
+ NOT_A_SVR_RESOURCE = 99
}OicSecSvrType_t;
typedef enum
char **periods; // 3:R:M*:N:String (<--M*; see Spec)
char **recurrences; // 5:R:M:N:String
OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //TODO change Owners type to oic.sec.svc
- //OicSecSvc_t *Owners; // 6:R:M:Y:oic.sec.svc
OicSecAcl_t *next;
};
size_t amssLen; // the number of elts in Amss
OicUuid_t *amss; // 1:R:M:Y:acl
OicUuid_t rownerID; // 2:R:S:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //TODO change Owners type to oic.sec.svc
- //OicSecSvc_t *Owners; // 2:R:M:Y:oic.sec.svc
OicSecAmacl_t *next;
};
OicSecKey_t privateData; // 6:R:S:N:oic.sec.key
char *period; // 7:R:S:N:String
OicUuid_t rownerID; // 8:R:S:Y:oic.uuid
- // NOTE: we are using UUID for Owners instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //OicSecSvc_t *Owners; // 8:R:M:Y:oic.sec.svc
- //TODO change Owners type to oic.sec.svc
OicSecCred_t *next;
};
bool dpc; // 7:R:S:Y:Boolean
OicUuid_t owner; // 8:R:S:Y:oic.uuid
OicUuid_t rownerID; // 9:R:S:Y:oic.uuid
- // NOTE: we are using UUID for Owner instead of Svc type for mid-April
- // SRM version only; this will change to Svc type for full implementation.
- //OicSecSvc_t devOwner; // 10:R:S:Y:oic.sec.svc
- //OicSecSvc_t rOwner; // 11:R:S:Y:oic.sec.svc
- //TODO change Owner type to oic.sec.svc
};
/**
OicSecDpom_t *sm; // 5:R:M:Y:oic.sec.dpom
uint16_t commitHash; // 6:R:S:Y:oic.sec.sha256
OicUuid_t rownerID; // 7:R:S:Y:oic.uuid
- //TODO: this is supposed to be a 256-bit uint; temporarily use uint16_t
- //TODO: need to decide which 256 bit and 128 bit types to use... boost?
};
/**
memcpy(gAcl->rownerID.id, prevId.id, sizeof(prevId.id));
return ret;
}
+
+OCStackResult GetAclRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gAcl)
+ {
+ *rowneruuid = gAcl->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
return OC_STACK_ERROR;
}
-
OCStackResult SetAmaclRownerId(const OicUuid_t* newROwner)
{
OCStackResult ret = OC_STACK_ERROR;
return ret;
}
+OCStackResult GetAmaclRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gAmacl)
+ {
+ *rowneruuid = gAmacl->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
return ret;
}
+OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gCred)
+ {
+ *rowneruuid = gCred->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
return OC_STACK_ERROR;
}
-OCStackResult GetDoxmDevOwnerId(OicUuid_t *devOwner)
+OCStackResult GetDoxmDevOwnerId(OicUuid_t *devownerid)
{
OCStackResult retVal = OC_STACK_ERROR;
if (gDoxm)
{
- OIC_LOG_V(DEBUG, TAG, "gDoxm owned = %d.", gDoxm->owned);
+ OIC_LOG_V(DEBUG, TAG, "GetDoxmDevOwnerId(): gDoxm owned = %d.", \
+ gDoxm->owned);
if (gDoxm->owned)
{
- *devOwner = gDoxm->owner; // TODO change to devOwner when available
+ *devownerid = gDoxm->owner;
retVal = OC_STACK_OK;
}
}
return retVal;
}
+OCStackResult GetDoxmRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gDoxm)
+ {
+ if( gDoxm->owned )
+ {
+ *rowneruuid = gDoxm->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ }
+ return retVal;
+}
+
/**
* Function to restore doxm resurce to initial status.
* This function will use in case of error while ownership transfer
memcpy(gDpair->rownerID.id, prevId.id, sizeof(prevId.id));
return ret;
}
+
+OCStackResult GetDpairingRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gDpair)
+ {
+ *rowneruuid = gDpair->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
return ret;
}
+OCStackResult GetPconfRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gPconf)
+ {
+ *rowneruuid = gPconf->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
#include "srmutility.h"
#include "doxmresource.h"
#include "iotvticalendar.h"
+#include "pstatresource.h"
+#include "dpairingresource.h"
+#include "pconfresource.h"
+#include "amaclresource.h"
+#include "credresource.h"
#define TAG "SRM-PE"
static bool IsRequestFromDevOwner(PEContext_t *context)
{
bool retVal = false;
- OicUuid_t owner;
+ OicUuid_t ownerid;
if(NULL == context)
{
return retVal;
}
- if(OC_STACK_OK == GetDoxmDevOwnerId(&owner))
+ if(OC_STACK_OK == GetDoxmDevOwnerId(&ownerid))
{
- retVal = UuidCmp(&context->subject, &owner);
+ retVal = UuidCmp(&context->subject, &ownerid);
+ }
+
+ return retVal;
+}
+
+// TODO - remove these function placeholders as they are implemented
+// in the resource entity handler code.
+// Note that because many SVRs do not have a rowner, in those cases we
+// just return "OC_STACK_ERROR" which results in a "false" return by
+// IsRequestFromResourceOwner().
+// As these SVRs are revised to have a rowner, these functions should be
+// replaced (see pstatresource.c for example of GetPstatRownerId).
+
+OCStackResult GetCrlRownerId(OicUuid_t *rowner)
+{
+ rowner = NULL;
+ return OC_STACK_ERROR;
+}
+
+OCStackResult GetSaclRownerId(OicUuid_t *rowner)
+{
+ rowner = NULL;
+ return OC_STACK_ERROR;
+}
+
+OCStackResult GetSvcRownerId(OicUuid_t *rowner)
+{
+ rowner = NULL;
+ return OC_STACK_ERROR;
+}
+
+static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
+ GetAclRownerId,
+ GetAmaclRownerId,
+ GetCredRownerId,
+ GetCrlRownerId,
+ GetDoxmRownerId,
+ GetDpairingRownerId,
+ GetPconfRownerId,
+ GetPstatRownerId,
+ GetSaclRownerId,
+ GetSvcRownerId
+};
+
+/**
+ * Compare the request's subject to resource.ROwner.
+ *
+ * @return true if context->subjectId equals SVR rowner id, else return false
+ */
+bool IsRequestFromResourceOwner(PEContext_t *context)
+{
+ bool retVal = false;
+ OicUuid_t resourceOwner;
+
+ if(NULL == context)
+ {
+ return false;
+ }
+
+ if((OIC_R_ACL_TYPE <= context->resourceType) && \
+ (OIC_SEC_SVR_TYPE_COUNT > context->resourceType))
+ {
+ if(OC_STACK_OK == GetSvrRownerId[(int)context->resourceType](&resourceOwner))
+ {
+ retVal = UuidCmp(&context->subject, &resourceOwner);
+ }
+ }
+
+ if(true == retVal)
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning true");
+ }
+ else
+ {
+ OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning false");
}
return retVal;
{
context->retVal = ACCESS_GRANTED;
}
+ // Then check if request is for a SVR and coming from rowner
+ else if (IsRequestFromResourceOwner(context))
+ {
+ context->retVal = ACCESS_GRANTED;
+ }
+ // Else request is a "normal" request that must be tested against ACL
else
{
OicUuid_t saveSubject = {.id={}};
static OicSecDpom_t gSm = SINGLE_SERVICE_CLIENT_DRIVEN;
static OicSecPstat_t gDefaultPstat =
{
- false, // bool isOwned
+ false, // bool isop
(OicSecDpm_t)(BOOTSTRAP_SERVICE | SECURITY_MANAGEMENT_SERVICES |
PROVISION_CREDENTIALS | PROVISION_ACLS), // OicSecDpm_t cm
(OicSecDpm_t)(TAKE_OWNER | BOOTSTRAP_SERVICE | SECURITY_MANAGEMENT_SERVICES |
return ret;
}
+/**
+ * This function returns the "isop" status of the device.
+ *
+ * @return true iff pstat.isop == 1, else false
+ */
+bool GetPstatIsop()
+{
+ return gPstat->isOp;
+}
+
+OCStackResult GetPstatRownerId(OicUuid_t *rowneruuid)
+{
+ OCStackResult retVal = OC_STACK_ERROR;
+ if (gPstat)
+ {
+ *rowneruuid = gPstat->rownerID;
+ retVal = OC_STACK_OK;
+ }
+ return retVal;
+}
#include "ocstack.h"
#include "cainterface.h"
#include "srmresourcestrings.h"
+#include "securevirtualresourcetypes.h"
using namespace std;
char g_resource1[] = "Resource1";
char g_resource2[] = "Resource2";
+extern OicSecDoxm_t *gDoxm;
+
//Policy Engine Core Tests
TEST(PolicyEngineCore, InitPolicyEngine)
{
EXPECT_EQ(OC_STACK_OK, InitPolicyEngine(&g_peContext));
}
+// TODO - in order to unittest this we need InitDoxmResource() to put doxm
+// into Owned state with a known owner. This will have to be done post v1.1.
TEST(PolicyEngineCore, CheckPermissionNoAcls)
{
- EXPECT_EQ(ACCESS_DENIED_SUBJECT_NOT_FOUND,
- CheckPermission(&g_peContext,
- &g_subjectIdA,
- g_resource1,
- PERMISSION_READ));
+ if(OC_STACK_OK == InitDoxmResource())
+ {
+ EXPECT_EQ(ACCESS_DENIED_SUBJECT_NOT_FOUND,
+ CheckPermission(&g_peContext,
+ &g_subjectIdA,
+ g_resource1,
+ PERMISSION_READ));
+ }
+ else
+ {
+ printf("%s WARNING: InitDoxmResource() returned ERROR!\n", \
+ PE_UT_TAG);
+ }
}
-//TODO This won't work until we figure out how to OcInit() or equivalent.
+// TODO - in order to unittest this we need InitDoxmResource() to put doxm
+// into Owned state with a known owner. This will have to be done post v1.1.
TEST(PolicyEngineCore, CheckDevOwnerRequest)
{
if(OC_STACK_OK == InitDoxmResource())
}
else
{
- printf("%s WARNING: InitDoxmResource() returned ERROR!\n", \
+ printf("%s WARNING: GetDoxmDevOwnerId() returned ERROR!\n", \
PE_UT_TAG);
}
}
else
{
- printf("%s WARNING: GetDoxmDevOwnerId() returned ERROR!\n", PE_UT_TAG);
+ printf("%s WARNING: InitDoxmResource() returned ERROR!\n", \
+ PE_UT_TAG);
}
-
-
}
TEST(PolicyEngineCore, DeInitPolicyEngine)