From: Veeraj Khokale Date: Thu, 23 Mar 2017 06:52:09 +0000 (+0530) Subject: Proxy samples: Add support for running with security X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1def64b4884ee9734515d9909af40b41e58bcdca;p=contrib%2Fiotivity.git Proxy samples: Add support for running with security 1. Add Persistent Storage Handlers in proxy_main.c and proxy_client.c. 2. Add svr db files in coap proxy samples directory and use them in proxy_client and proxy_main for security credentials and ACLs. 3. Include OC_SECURE flag while initiating proxy request from client. Change-Id: Iec7ea2f3a30c2777b86064e3726db25587176c21 Signed-off-by: Veeraj Khokale Reviewed-on: https://gerrit.iotivity.org/gerrit/18129 Tested-by: jenkins-iotivity Reviewed-by: Uze Choi --- diff --git a/service/coap-http-proxy/samples/SConscript b/service/coap-http-proxy/samples/SConscript index ec0a71c..e062d9b 100644 --- a/service/coap-http-proxy/samples/SConscript +++ b/service/coap-http-proxy/samples/SConscript @@ -56,3 +56,11 @@ proxy_client = proxy_sample_app_env.Program('proxy_client', 'proxy_client.c') Alias("coap_http_proxy", [proxy_server]) env.AppendTarget('coap_http_proxy') + +if env.get('SECURED') == '1': + proxy_sample_src_dir = proxy_sample_app_env.get('SRC_DIR') + '/service/coap-http-proxy/samples/' + proxy_sample_build_dir = proxy_sample_app_env.get('BUILD_DIR') +'/service/coap-http-proxy/samples' + proxy_sample_app_env.Alias("install", proxy_sample_app_env.Install( proxy_sample_build_dir, + proxy_sample_src_dir + 'oic_svr_db_server.dat')) + proxy_sample_app_env.Alias("install", proxy_sample_app_env.Install( proxy_sample_build_dir, + proxy_sample_src_dir + 'oic_svr_db_client_devowner.dat')) \ No newline at end of file diff --git a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat new file mode 100644 index 0000000..184e10f Binary files /dev/null and b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat differ diff --git a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json new file mode 100644 index 0000000..a5e4772 --- /dev/null +++ b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json @@ -0,0 +1,90 @@ +{ + "acl": { + "aclist": { + "aces": [ + { + "subjectuuid": "*", + "resources": [ + { + "href": "/oic/res", + "rel": "", + "rt": ["oic.wk.res"], + "if": ["oic.if.ll"] + }, + { + "href": "/oic/d", + "rel": "", + "rt": ["oic.wk.d"], + "if": ["oic.if.baseline", "oic.if.r"] + }, + { + "href": "/oic/p", + "rel": "", + "rt": ["oic.wk.p"], + "if": ["oic.if.baseline", "oic.if.r"] + }, + { + "href": "/oic/sec/acl", + "rel": "", + "rt": ["oic.r.acl"], + "if": ["oic.if.baseline"] + } + ], + "permission": 2 + }, + { + "subjectuuid": "*", + "resources": [ + { + "href": "/oic/sec/doxm", + "rel": "", + "rt": ["oic.r.doxm"], + "if": ["oic.if.baseline"] + }, + { + "href": "/oic/sec/pstat", + "rel": "", + "rt": ["oic.r.pstat"], + "if": ["oic.if.baseline"] + } + ], + "permission": 2 + } + ] + }, + "rowneruuid" : "32323232-3232-3232-3232-323232323232" + }, + "pstat": { + "dos": {"s": 3, "p": false}, + "isop": true, + "deviceuuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "32323232-3232-3232-3232-323232323232", + "cm": 0, + "tm": 0, + "om": 4, + "sm": 4 + }, + "doxm": { + "oxms": [0], + "oxmsel": 0, + "sct": 1, + "owned": true, + "deviceuuid": "32323232-3232-3232-3232-323232323232", + "devowneruuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "32323232-3232-3232-3232-323232323232" + }, + "cred": { + "creds": [ + { + "credid": 1, + "subjectuuid": "31313131-3131-3131-3131-313131313131", + "credtype": 1, + "privatedata": { + "data": "AAAAAAAAAAAAAAAA", + "encoding": "oic.sec.encoding.raw" + } + } + ], + "rowneruuid": "32323232-3232-3232-3232-323232323232" + } +} diff --git a/service/coap-http-proxy/samples/oic_svr_db_server.dat b/service/coap-http-proxy/samples/oic_svr_db_server.dat new file mode 100644 index 0000000..ad154f7 Binary files /dev/null and b/service/coap-http-proxy/samples/oic_svr_db_server.dat differ diff --git a/service/coap-http-proxy/samples/oic_svr_db_server.json b/service/coap-http-proxy/samples/oic_svr_db_server.json new file mode 100644 index 0000000..c985873 --- /dev/null +++ b/service/coap-http-proxy/samples/oic_svr_db_server.json @@ -0,0 +1,137 @@ +{ + "acl": { + "aclist": { + "aces": [ + { + "subjectuuid": "*", + "resources": [ + { + "href": "/oic/res", + "rel": "", + "rt": ["oic.wk.res"], + "if": ["oic.if.ll"] + }, + { + "href": "/oic/d", + "rel": "", + "rt": ["oic.wk.d"], + "if": ["oic.if.baseline", "oic.if.r"] + }, + { + "href": "/oic/p", + "rel": "", + "rt": ["oic.wk.p"], + "if": ["oic.if.baseline", "oic.if.r"] + }, + { + "href": "/oic/sec/acl", + "rel": "", + "rt": ["oic.r.acl"], + "if": ["oic.if.baseline"] + } + ], + "permission": 2 + }, + { + "subjectuuid": "*", + "resources": [ + { + "href": "/oic/sec/doxm", + "rel": "", + "rt": ["oic.r.doxm"], + "if": ["oic.if.baseline"] + }, + { + "href": "/oic/sec/pstat", + "rel": "", + "rt": ["oic.r.pstat"], + "if": ["oic.if.baseline"] + } + ], + "permission": 2 + }, + { + "subjectuuid": "32323232-3232-3232-3232-323232323232", + "resources": [ + { + "href": "*", + "rel": "", + "rt": ["*"], + "if": ["*"] + } + ], + "permission": 7 + }, + { + "subjectuuid": "31393139-3139-3139-3139-313931393139", + "resources": [ + { + "href": "/a/led", + "rel": "", + "rt": ["oic.core"], + "if": ["oic.if.baseline"] + } + ], + "permission": 7 + }, + { + "subjectuuid": "37373737-3737-3737-3737-373737373737", + "resources": [ + { + "href": "/a/led", + "rel": "", + "rt": ["oic.core"], + "if": ["oic.if.baseline"] + } + ], + "permission": 6 + } + ] + }, + "rowneruuid" : "31313131-3131-3131-3131-313131313131" + }, + "pstat": { + "dos": {"s": 3, "p": false}, + "isop": true, + "deviceuuid": "31313131-3131-3131-3131-313131313131", + "rowneruuid": "31313131-3131-3131-3131-313131313131", + "cm": 0, + "tm": 0, + "om": 4, + "sm": 4 + }, + "doxm": { + "oxms": [0], + "oxmsel": 0, + "sct": 1, + "owned": true, + "deviceuuid": "31313131-3131-3131-3131-313131313131", + "devowneruuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "31313131-3131-3131-3131-313131313131" + }, + "cred": { + "creds": [ + { + "credid": 1, + "subjectuuid": "32323232-3232-3232-3232-323232323232", + "credtype": 1, + "period": "20150630T060000/20990920T220000", + "privatedata": { + "data": "AAAAAAAAAAAAAAAA", + "encoding": "oic.sec.encoding.raw" + } + }, + { + "credid": 2, + "subjectuuid": "31393139-3139-3139-3139-313931393139", + "credtype": 1, + "period": "20150630T060000/20990920T220000", + "privatedata": { + "data": "BBBBBBBBBBBBBBBB", + "encoding": "oic.sec.encoding.raw" + } + } + ], + "rowneruuid": "32323232-3232-3232-3232-323232323232" + } +} diff --git a/service/coap-http-proxy/samples/proxy_client.c b/service/coap-http-proxy/samples/proxy_client.c index 520d092..e876ced 100644 --- a/service/coap-http-proxy/samples/proxy_client.c +++ b/service/coap-http-proxy/samples/proxy_client.c @@ -57,6 +57,8 @@ OCConnectivityType connType; // Will be taken as user input static char httpResource[MAX_HTTP_URI_LENGTH]; +static char CRED_FILE_DEVOWNER[] = "oic_svr_db_client_devowner.dat"; + int gQuitFlag = 0; /* SIGINT handler: set gQuitFlag to 1 for graceful termination */ void handleSigInt(int signum) @@ -282,6 +284,12 @@ OCStackApplicationResult discoveryReqCB(void* ctx, OCDoHandle handle, return OC_STACK_KEEP_TRANSACTION; } + if (resource->secure) + { + serverAddr.flags |= OC_SECURE; + serverAddr.port = resource->port; + } + switch (testCase) { case TEST_DISCOVER_REQ: @@ -321,8 +329,23 @@ int InitDiscovery() return ret; } +FILE *client_fopen_devowner(const char *path, const char *mode) +{ + if (0 == strcmp(path, OC_SECURITY_DB_DAT_FILE_NAME)) + { + return fopen(CRED_FILE_DEVOWNER, mode); + } + else + { + return fopen(path, mode); + } +} + int main(int argc, char* argv[]) { + OCPersistentStorage ps = { client_fopen_devowner, fread, fwrite, fclose, unlink }; + OCRegisterPersistentStorageHandler(&ps); + int opt; while ((opt = getopt(argc, argv, "t:p:")) != -1) { @@ -352,7 +375,7 @@ int main(int argc, char* argv[]) return -1; } - if (OCInit1(OC_CLIENT, OC_DEFAULT_FLAGS, OC_DEFAULT_FLAGS) != OC_STACK_OK) + if (OCInit1(OC_CLIENT_SERVER, OC_DEFAULT_FLAGS, OC_DEFAULT_FLAGS) != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCStack initialization error"); return -1; diff --git a/service/coap-http-proxy/samples/proxy_main.c b/service/coap-http-proxy/samples/proxy_main.c index 3f32f4b..a377196 100644 --- a/service/coap-http-proxy/samples/proxy_main.c +++ b/service/coap-http-proxy/samples/proxy_main.c @@ -24,10 +24,13 @@ #include #endif #include +#include static int g_quitFlag = 0; static int g_secureFlag = 0; +static char CRED_FILE[] = "oic_svr_db_server.dat"; + void handleSigInt(int signum); static void PrintUsage() @@ -37,11 +40,25 @@ static void PrintUsage() printf("-s 1 : Launch proxy in secure mode.\n"); } +FILE* server_fopen(const char *path, const char *mode) +{ + if (0 == strcmp(path, OC_SECURITY_DB_DAT_FILE_NAME)) + { + return fopen(CRED_FILE, mode); + } + + return fopen(path, mode); +} + /* * This method is an entry point of CoAP-HTTP Proxy. */ int main(int argc, char* argv[]) { + // Initialize Persistent Storage for SVR database + OCPersistentStorage ps = { server_fopen, fread, fwrite, fclose, unlink }; + OCRegisterPersistentStorageHandler(&ps); + int opt = 0; while ((opt = getopt(argc, argv, "s:")) != -1) {