From: George Nash Date: Tue, 12 Sep 2017 22:37:54 +0000 (-0700) Subject: [IOT-2419] Update the samples to run with security X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d5c90a29af8159ce19793e27ab452b7cfe7b2e8e;p=platform%2Fupstream%2Fiotivity.git [IOT-2419] Update the samples to run with security This uses the same acl files that were introduced in https://gerrit.iotivity.org/gerrit/#/c/21489/ The simple server was updated to default to a secure interface. Tested by running against each other and the C++ simpleserver simpleclient samples. Bug: https://jira.iotivity.org/browse/IOT-2419 Change-Id: I623fc40759a6382568de572cedf9aa8f52fbfbe9 Signed-off-by: George Nash --- diff --git a/java/examples-java/simpleclient/SConscript b/java/examples-java/simpleclient/SConscript index 40f348f..ef2b5a9 100644 --- a/java/examples-java/simpleclient/SConscript +++ b/java/examples-java/simpleclient/SConscript @@ -23,4 +23,6 @@ Import('jdk_env') # Build simpleclient sample simpleclient_classes = jdk_env.Java(target='classes', source=['src/main/java']) example_jar = jdk_env.Jar(target='simpleclient.jar', source=[simpleclient_classes, 'MANIFEST.MF']) -jdk_env.Install("../..", example_jar) \ No newline at end of file +jdk_env.Install("../..", example_jar) +if jdk_env.get('SECURED') == '1': + jdk_env.Install(target="../..", source=['src/main/assets/oic_svr_db_client.dat']) diff --git a/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.dat b/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.dat new file mode 100644 index 0000000..dc9fd24 Binary files /dev/null and b/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.dat differ diff --git a/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.json b/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.json index fb36b76..f853b45 100644 --- a/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.json +++ b/java/examples-java/simpleclient/src/main/assets/oic_svr_db_client.json @@ -1,51 +1,61 @@ { - "acl": [ - { - "sub": "Kg==", - "rsrc": [ - "/oic/res", - "/oic/d", - "/oic/p", - "/oic/res/types/d", - "/oic/ad", - "/oic/sec/acl" - ], - "perms": 2, - "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] - }, - { - "sub": "Kg==", - "rsrc": [ - "/oic/sec/doxm", - "/oic/sec/pstat" - ], - "perms": 2, - "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] - } - ], - "pstat": { - "dos": {"s": 3, "p": false}, - "isop": true, - "deviceid": "ZGV2aWNlaWQAAAAAABhanw==", - "ch": 0, - "cm": 0, - "tm": 0, - "om": 3, - "sm": [3] - }, - "doxm": { - "oxm": [0], - "oxmsel": 0, - "sct": 9, - "owned": true, - "deviceid": "MjIyMjIyMjIyMjIyMjIyMg==", - "ownr": "MjIyMjIyMjIyMjIyMjIyMg==" - }, - "cred": [{ - "credid": 1, - "sub": "MTExMTExMTExMTExMTExMQ==", - "credtyp": 1, - "pvdata": "QUFBQUFBQUFBQUFBQUFBQQ==", - "ownrs" : ["MjIyMjIyMjIyMjIyMjIyMg=="] - }] + "acl": { + "aclist2": [ + { + "aceid": 1, + "subject": { "conntype": "anon-clear" }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + }, + { + "aceid": 2, + "subject": { "conntype": "auth-crypt" }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + } + ], + "rowneruuid" : "32323232-3232-3232-3232-323232323232" + }, + "pstat": { + "dos": {"s": 3, "p": false}, + "isop": true, + "rowneruuid": "32323232-3232-3232-3232-323232323232", + "cm": 0, + "tm": 0, + "om": 4, + "sm": 4 + }, + "doxm": { + "oxms": [0], + "oxmsel": 0, + "sct": 9, + "owned": true, + "deviceuuid": "32323232-3232-3232-3232-323232323232", + "devowneruuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "32323232-3232-3232-3232-323232323232" + }, + "cred": { + "creds": [ + { + "credid": 1, + "subjectuuid": "31313131-3131-3131-3131-313131313131", + "credtype": 1, + "privatedata": { + "data": "AAAAAAAAAAAAAAAA", + "encoding": "oic.sec.encoding.raw" + } + } + ], + "rowneruuid": "32323232-3232-3232-3232-323232323232" + } } diff --git a/java/examples-java/simpleclient/src/main/java/org/iotivity/base/examples/SimpleClient.java b/java/examples-java/simpleclient/src/main/java/org/iotivity/base/examples/SimpleClient.java index ece2984..12cea48 100644 --- a/java/examples-java/simpleclient/src/main/java/org/iotivity/base/examples/SimpleClient.java +++ b/java/examples-java/simpleclient/src/main/java/org/iotivity/base/examples/SimpleClient.java @@ -35,6 +35,7 @@ import org.iotivity.base.PlatformConfig; import org.iotivity.base.QualityOfService; import org.iotivity.base.ServiceType; +import java.net.URISyntaxException; import java.util.EnumSet; import java.util.HashMap; import java.util.List; @@ -63,13 +64,22 @@ public class SimpleClient implements * A local method to configure and initialize platform, and then search for the light resources. */ private static void startSimpleClient() { + String path = ""; + // This assumes the oic_svr_db_server.dat file is in the same location as the SimpleServer.jar file + try { + path = SimpleClient.class.getProtectionDomain().getCodeSource().getLocation().toURI().getPath(); + path = path.substring(0, path.lastIndexOf('/')); + } catch (URISyntaxException e) { + msg(e.getMessage() + " unable to find local file path."); + } PlatformConfig platformConfig = new PlatformConfig( ServiceType.IN_PROC, ModeType.CLIENT_SERVER, "0.0.0.0", // By setting to "0.0.0.0", it binds to all available interfaces 0, // Uses randomly available port - QualityOfService.LOW + QualityOfService.LOW, + path + "/oic_svr_db_client.dat" ); msg("Configuring platform."); OcPlatform.Configure(platformConfig); @@ -142,6 +152,45 @@ public class SimpleClient implements for (String resourceInterface : ocResource.getResourceInterfaces()) { msg("\t\t" + resourceInterface); } + // Get Resource current host + msg("\tHost of resource: "); + msg("\t\t" + hostAddress); + // Get Resource Endpoint Infomation + msg("\tList of resource endpoints: "); + for(String resourceEndpoint : ocResource.getAllHosts()) + { + msg("\t\t" + resourceEndpoint); + } + + OcConnectivityType TRANSPORT_TYPE_TO_USE = OcConnectivityType.CT_ADAPTER_IP; + + // If resource is found from ip based adapter. + if (hostAddress.contains("coap://") || + hostAddress.contains("coaps://") || + hostAddress.contains("coap+tcp://") || + hostAddress.contains("coaps+tcp://")) + { + for(String resourceEndpoint : ocResource.getAllHosts()) + { + if (!resourceEndpoint.equals(hostAddress) && + !resourceEndpoint.contains("coap+rfcomm")) + { + String newHost = resourceEndpoint; + if (newHost.contains("tcp")) + { + TRANSPORT_TYPE_TO_USE = OcConnectivityType.CT_ADAPTER_TCP; + } + else + { + TRANSPORT_TYPE_TO_USE = OcConnectivityType.CT_ADAPTER_IP; + } + // Change Resource host if another host exists + msg("\tChange host of resource endpoints"); + msg("\t\t" + "Current host is " + ocResource.setHost(newHost)); + break; + } + } + } msg("\tList of resource connectivity types:"); for (OcConnectivityType connectivityType : ocResource.getConnectivityTypeSet()) { msg("\t\t" + connectivityType); @@ -175,6 +224,7 @@ public class SimpleClient implements try { // Invoke resource's "get" API with a OcResource.OnGetListener event // listener implementation + msg("calling get on server with ID: " + mFoundLightResource.getServerId()); sleep(1); mFoundLightResource.get(queryParams, this); } catch (OcException e) { diff --git a/java/examples-java/simpleserver/SConscript b/java/examples-java/simpleserver/SConscript index 05a307f..60fd0f8 100644 --- a/java/examples-java/simpleserver/SConscript +++ b/java/examples-java/simpleserver/SConscript @@ -31,4 +31,6 @@ simpleserver_classes = jdk_env.Java(target='classes', example_jar = jdk_env.Jar(target='simpleserver.jar', source=['classes', 'MANIFEST.MF'], JARCHDIR='$SOURCE') -jdk_env.Install("../..", example_jar) \ No newline at end of file +jdk_env.Install("../..", example_jar) +if jdk_env.get('SECURED') == '1': + jdk_env.Install(target="../..", source=['src/main/assets/oic_svr_db_server.dat']) diff --git a/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.dat b/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.dat index ccae7d3..ca853b3 100644 Binary files a/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.dat and b/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.dat differ diff --git a/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.json b/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.json index e4ce270..440023c 100644 --- a/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.json +++ b/java/examples-java/simpleserver/src/main/assets/oic_svr_db_server.json @@ -1,102 +1,84 @@ -{ - "acl": { - "aclist": { - "aces": [ - { - "subjectuuid": "*", - "resources": [ - { - "href": "/oic/res", - "rel": "", - "rt": ["oic.wk.res"], - "if": ["oic.if.ll"] - }, - { - "href": "/oic/d", - "rel": "", - "rt": ["oic.wk.d"], - "if": ["oic.if.baseline", "oic.if.r"] - }, - { - "href": "/oic/p", - "rel": "", - "rt": ["oic.wk.p"], - "if": ["oic.if.baseline", "oic.if.r"] - }, - { - "href": "/oic/sec/acl", - "rel": "", - "rt": ["oic.r.acl"], - "if": ["oic.if.baseline"] - } - ], - "permission": 2 - }, - { - "subjectuuid": "*", - "resources": [ - { - "href": "/oic/sec/doxm", - "rel": "", - "rt": ["oic.r.doxm"], - "if": ["oic.if.baseline"] - }, - { - "href": "/oic/sec/pstat", - "rel": "", - "rt": ["oic.r.pstat"], - "if": ["oic.if.baseline"] - } - ], - "permission": 2 - }, - { - "subjectuuid": "*", - "resources": [ - { - "href": "/a/light", - "rel": "", - "rt": ["oic.core"], - "if": ["oic.if.baseline"] - } - ], - "permission": 7 - } - ] - }, - "rowneruuid" : "31313131-3131-3131-3131-313131313131" - }, - "pstat": { - "dos": {"s": 3, "p": false}, - "isop": true, - "deviceuuid": "31313131-3131-3131-3131-313131313131", - "rowneruuid": "31313131-3131-3131-3131-313131313131", - "cm": 0, - "tm": 0, - "om": 4, - "sm": 4 - }, - "doxm": { - "oxms": [0], - "oxmsel": 0, - "sct": 9, - "owned": true, - "deviceuuid": "31313131-3131-3131-3131-313131313131", - "devowneruuid": "32323232-3232-3232-3232-323232323232", - "rowneruuid": "31313131-3131-3131-3131-313131313131" - }, - "cred": { - "creds": [ - { - "credid": 1, - "subjectuuid": "32323232-3232-3232-3232-323232323232", - "credtype": 1, - "privatedata": { - "data": "AAAAAAAAAAAAAAAA", - "encoding": "oic.sec.encoding.raw" - } - } - ], - "rowneruuid": "31313131-3131-3131-3131-313131313131" - } -} \ No newline at end of file +{ + "acl": { + "aclist2": [ + { + "aceid": 1, + "subject": { "conntype": "anon-clear" }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + }, + { + "aceid": 2, + "subject": { "conntype": "auth-crypt" }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + }, + { + "aceid": 3, + "subject": { "uuid": "32323232-3232-3232-3232-323232323232" }, + "resources": [{ "wc": "*" }], + "permission": 7 + }, + { + "aceid": 4, + "subject": { "uuid": "31393139-3139-3139-3139-313931393139" }, + "resources": [{ "href": "/a/light" }], + "permission": 7 + } + ], + "rowneruuid" : "31313131-3131-3131-3131-313131313131" + }, + "pstat": { + "dos": {"s": 3, "p": false}, + "isop": true, + "rowneruuid": "31313131-3131-3131-3131-313131313131", + "cm": 0, + "tm": 0, + "om": 4, + "sm": 4 + }, + "doxm": { + "oxms": [0], + "oxmsel": 0, + "sct": 9, + "owned": true, + "deviceuuid": "31313131-3131-3131-3131-313131313131", + "devowneruuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "31313131-3131-3131-3131-313131313131" + }, + "cred": { + "creds": [ + { + "credid": 1, + "subjectuuid": "32323232-3232-3232-3232-323232323232", + "credtype": 1, + "period": "20150630T060000/20990920T220000", + "privatedata": { + "data": "AAAAAAAAAAAAAAAA", + "encoding": "oic.sec.encoding.raw" + } + }, + { + "credid": 2, + "subjectuuid": "31393139-3139-3139-3139-313931393139", + "credtype": 1, + "period": "20150630T060000/20990920T220000", + "privatedata": { + "data": "BBBBBBBBBBBBBBBB", + "encoding": "oic.sec.encoding.raw" + } + } + ], + "rowneruuid": "32323232-3232-3232-3232-323232323232" + } +} diff --git a/java/examples-java/simpleserver/src/main/java/org/iotivity/base/examples/Light.java b/java/examples-java/simpleserver/src/main/java/org/iotivity/base/examples/Light.java index 3f00f3d..77ae133 100644 --- a/java/examples-java/simpleserver/src/main/java/org/iotivity/base/examples/Light.java +++ b/java/examples-java/simpleserver/src/main/java/org/iotivity/base/examples/Light.java @@ -77,7 +77,7 @@ public class Light implements OcPlatform.EntityHandler { mResourceTypeName, mResourceInterface, this, - EnumSet.of(ResourceProperty.DISCOVERABLE, ResourceProperty.OBSERVABLE) + EnumSet.of(ResourceProperty.DISCOVERABLE, ResourceProperty.OBSERVABLE, ResourceProperty.SECURE) ); } }