From: Chul Lee <chuls.lee@samsung.com>
Date: Wed, 5 Oct 2016 11:50:32 +0000 (+0900)
Subject: Update the OTM module to guarantee uniqueness of OwnerPSK on the PT side.
X-Git-Tag: 1.3.0~1055^2~122
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3c35d2d2afb55ee5b894b90f581b3ad048e44ace;p=platform%2Fupstream%2Fiotivity.git

Update the OTM module to guarantee uniqueness of OwnerPSK on the PT side.

Change-Id: I22c9e7c2e81b49bb14c90d5c89744ee478ab108d
Signed-off-by: Chul Lee <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/12813
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit 03adc4fa8aaf36f5de585be00efc6198b38ded14)
Reviewed-on: https://gerrit.iotivity.org/gerrit/12945
---

diff --git a/resource/csdk/security/include/internal/credresource.h b/resource/csdk/security/include/internal/credresource.h
index beab0c459..00708b1a1 100644
--- a/resource/csdk/security/include/internal/credresource.h
+++ b/resource/csdk/security/include/internal/credresource.h
@@ -106,6 +106,15 @@ OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t cre
  */
 OCStackResult AddCredential(OicSecCred_t * cred);
 
+/**
+ * Function to remove the credential from SVR DB.
+ *
+ * @param subject is the Credential Subject to be deleted.
+ *
+ * @return ::OC_STACK_OK for success, or errorcode otherwise.
+ */
+OCStackResult RemoveCredential(const OicUuid_t *subject);
+
 /**
  * Function to remove the credential from SVR DB.
  *
@@ -113,7 +122,7 @@ OCStackResult AddCredential(OicSecCred_t * cred);
  *
  * @return ::OC_STACK_OK for success, or errorcode otherwise.
  */
-OCStackResult RemoveCredential(const OicUuid_t *credId);
+OCStackResult RemoveCredentialByCredId(uint16_t credId);
 
 #if defined(__WITH_DTLS__)
 /**
@@ -163,6 +172,13 @@ OCStackResult AddTmpPskWithPIN(const OicUuid_t* tmpSubject, OicSecCredType_t cre
 int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo);
 #endif /*__WITH_X509__*/
 
+/**
+ * Function to getting credential list
+ *
+ * @return ::credential list
+ */
+const OicSecCred_t* GetCredList();
+
 /**
  * Function to deallocate allocated memory to OicSecCred_t.
  *
diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
index e3306b198..dec46278c 100644
--- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
+++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c
@@ -51,6 +51,7 @@
 #include "base64.h"
 #include "cJSON.h"
 #include "global.h"
+#include "utlist.h"
 
 #include "srmresourcestrings.h"
 #include "doxmresource.h"
@@ -461,6 +462,41 @@ static OCStackResult SaveOwnerPSK(OCProvisionDev_t *selectedDeviceInfo)
         OICFree(b64Buf);
 #endif //End of Test codes
 
+        //Finding previous ownerPSK.
+        const OicSecCred_t* credList = GetCredList();
+        OicSecCred_t* prevCred = NULL;
+        uint16_t credId = 0;
+        LL_FOREACH(credList, prevCred)
+        {
+            //OwnerPSK's type is SYMMETRIC_PAIR_WISE_KEY
+            if (SYMMETRIC_PAIR_WISE_KEY == prevCred->credType &&
+                0 == memcmp(prevCred->subject.id, cred->subject.id, sizeof(cred->subject.id)))
+            {
+                credId = prevCred->credId;
+                break;
+            }
+        }
+
+        //If duplicate owner PSK is exists, remove it.
+        if(0 < credId)
+        {
+            OIC_LOG(WARNING, TAG, "Duplicate OwnerPSK was detected.");
+            OIC_LOG(WARNING, TAG, "[Subject] : ");
+            OIC_LOG_BUFFER(WARNING, TAG, prevCred->subject.id, sizeof(prevCred->subject.id));
+            OIC_LOG_V(WARNING, TAG, "[Encoding Type] : %d", prevCred->privateData.encoding);
+            OIC_LOG(WARNING, TAG, "[Private Data] : ");
+            OIC_LOG_BUFFER(WARNING, TAG, prevCred->privateData.data, prevCred->privateData.len);
+            OIC_LOG(WARNING, TAG, "Previous OwnerPSK will be removed.");
+
+            res = RemoveCredentialByCredId(credId);
+            if(OC_STACK_RESOURCE_DELETED != res)
+            {
+                OIC_LOG(ERROR, TAG, "Failed to remove the previous OwnerPSK");
+                DeleteCredList(cred);
+                goto exit;
+            }
+        }
+
         res = AddCredential(cred);
         if(res != OC_STACK_OK)
         {
diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c
index 1b27b8498..e4da1ebe6 100644
--- a/resource/csdk/security/src/credresource.c
+++ b/resource/csdk/security/src/credresource.c
@@ -1350,6 +1350,46 @@ OCStackResult RemoveCredential(const OicUuid_t *subject)
 
 }
 
+OCStackResult RemoveCredentialByCredId(uint16_t credId)
+{
+    OCStackResult ret = OC_STACK_ERROR;
+    OicSecCred_t *cred = NULL;
+    OicSecCred_t *tempCred = NULL;
+    bool deleteFlag = false;
+
+    OIC_LOG(INFO, TAG, "IN RemoveCredentialByCredId");
+
+    if ( 0 == credId)
+    {
+        return OC_STACK_INVALID_PARAM;
+    }
+
+
+    LL_FOREACH_SAFE(gCred, cred, tempCred)
+    {
+        if (cred->credId == credId)
+        {
+            OIC_LOG_V(DEBUG, TAG, "Credential(ID=%d) will be removed.", credId);
+
+            LL_DELETE(gCred, cred);
+            FreeCred(cred);
+            deleteFlag = true;
+        }
+    }
+
+    if (deleteFlag)
+    {
+        if (UpdatePersistentStorage(gCred))
+        {
+            ret = OC_STACK_RESOURCE_DELETED;
+        }
+    }
+    OIC_LOG(INFO, TAG, "OUT RemoveCredentialByCredId");
+
+    return ret;
+
+}
+
 /**
  * Remove all credential data on credential resource and persistent storage
  *
@@ -1805,6 +1845,11 @@ OicSecCred_t* GetCredResourceData(const OicUuid_t* subject)
     return NULL;
 }
 
+const OicSecCred_t* GetCredList()
+{
+    return gCred;
+}
+
 OicSecCred_t* GetCredResourceDataByCredId(const uint16_t credId)
 {
     OicSecCred_t *cred = NULL;