From 2ed70e40439da5fba9937fdadd059639d4ed29e4 Mon Sep 17 00:00:00 2001 From: Uze Choi Date: Fri, 7 Oct 2016 06:36:01 +0000 Subject: [PATCH] Revert "Update easysetup's security-provisioning logic." This reverts commit d4ba3134a1178396c0bcc049645081c4a7dc814e. Change-Id: I4214de42969dfee194a1278a1a68c77446909e9f Reviewed-on: https://gerrit.iotivity.org/gerrit/12933 Reviewed-by: Uze Choi Tested-by: Uze Choi --- .../mediator/richsdk/src/EnrolleeSecurity.cpp | 117 ++++++++++++++------- .../mediator/richsdk/src/EnrolleeSecurity.h | 4 +- 2 files changed, 81 insertions(+), 40 deletions(-) diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp index a7a30d0..f209efb 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp @@ -68,6 +68,24 @@ namespace OIC m_secProvisioningDbPathCb = secProvisioningDbPathCb; } + std::shared_ptr< OC::OCSecureResource > EnrolleeSecurity::findEnrolleeSecurityResource( + DeviceList_t &list) + { + for (unsigned int i = 0; i < list.size(); i++) + { + if(m_ocResource->sid() == list[i]->getDeviceID().c_str()) + { + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Device %d ID %s ", i + 1, + list[i]->getDeviceID().c_str()); + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "From IP :%s", + list[i]->getDevAddr().c_str()); + return list[i]; + } + } + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG,"Error!!! DeviceList_t is NULL"); + return NULL; + } + void EnrolleeSecurity::convertUUIDToString(const uint8_t uuid[UUID_SIZE], std::string& uuidString) { @@ -112,34 +130,58 @@ namespace OIC { ESResult res = ESResult::ES_ERROR; + OC::DeviceList_t pUnownedDevList, pOwnedDevList; + + pOwnedDevList.clear(); + pUnownedDevList.clear(); + OCStackResult result = OC_STACK_ERROR; - OicUuid_t uuid; - ConvertStrToUuid(m_ocResource->sid().c_str(), &uuid); - result = OCSecure::discoverSingleDevice(ES_SEC_DISCOVERY_TIMEOUT, - &uuid, - m_securedResource); + result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT, + pOwnedDevList); if (result != OC_STACK_OK) { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Secure Resource Discovery failed."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed."); res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } - else if (m_securedResource) + else if (pOwnedDevList.size()) { - if (m_securedResource->getOwnedStatus()) // owned check logic + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d", + (int)pOwnedDevList.size()); + std::shared_ptr< OC::OCSecureResource > ownedDevice = + findEnrolleeSecurityResource(pOwnedDevList); + + if (ownedDevice) { - if(isOwnedDeviceRegisteredInSVRDB()) + if (isOwnedDeviceRegisteredInSVRDB()) { res = ESResult::ES_OK; } else { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, + "The found owned device is not in Mediator's PDM."); res = ESResult::ES_ERROR; } return res; } - else // unowned check logic + } + + result = OCSecure::discoverUnownedDevices(ES_SEC_DISCOVERY_TIMEOUT, pUnownedDevList); + if (result != OC_STACK_OK) + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "UnOwned Discovery failed."); + res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; + return res; + } + else if (pUnownedDevList.size()) + { + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found Unowned devices. Count =%d", + (int)pUnownedDevList.size()); + + m_unownedDevice = findEnrolleeSecurityResource(pUnownedDevList); + if (m_unownedDevice) { if(isOwnedDeviceRegisteredInSVRDB()) { @@ -150,22 +192,22 @@ namespace OIC &EnrolleeSecurity::removeDeviceWithUuidCB, this, std::placeholders::_1, std::placeholders::_2); - result = OCSecure::removeDeviceWithUuid(ES_SEC_DISCOVERY_TIMEOUT, + result = OCSecure::removeDeviceWithUuid(DISCOVERY_TIMEOUT, m_ocResource->sid(), removeDeviceWithUuidCB); if(result != OC_STACK_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "removeDeviceWithUuid failed."); - res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; return res; } std::unique_lock lck(m_mtx); - m_cond.wait_for(lck, std::chrono::seconds(ES_SEC_DISCOVERY_TIMEOUT)); + m_cond.wait(lck); if(!removeDeviceResult) { - res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; return res; } } @@ -175,7 +217,7 @@ namespace OIC if(res != ESResult::ES_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Ownership-Transfer failed."); - res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; return res; } @@ -187,10 +229,15 @@ namespace OIC res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; } } + else + { + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No matched unowned devices found."); + res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; + } } else { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No secure resource found."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No unowned devices found."); res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; } return res; @@ -209,13 +256,13 @@ namespace OIC OCSecure::setOwnerTransferCallbackData(OIC_JUST_WORKS, &justWorksCBData, NULL); OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Transfering ownership for : %s ", - m_securedResource->getDeviceID().c_str()); + m_unownedDevice->getDeviceID().c_str()); OC::ResultCallBack ownershipTransferCb = std::bind( &EnrolleeSecurity::ownershipTransferCb, this, std::placeholders::_1, std::placeholders::_2); - result = m_securedResource->doOwnershipTransfer(ownershipTransferCb); + result = m_unownedDevice->doOwnershipTransfer(ownershipTransferCb); if (result != OC_STACK_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "doOwnershipTransfer is failed"); @@ -294,45 +341,37 @@ namespace OIC ESResult res = ESResult::ES_ERROR; // Need to discover Owned device in a given network, again + OC::DeviceList_t pOwnedDevList; std::shared_ptr< OC::OCSecureResource > ownedDevice = NULL; + pOwnedDevList.clear(); + OCStackResult result; - OicUuid_t uuid; - ConvertStrToUuid(m_ocResource->sid().c_str(), &uuid); - result = OCSecure::discoverSingleDevice(ES_SEC_DISCOVERY_TIMEOUT, - &uuid, - ownedDevice); + result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT, + pOwnedDevList); if (result != OC_STACK_OK) { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "secureResource Discovery failed."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } - else if (ownedDevice) + else if (pOwnedDevList.size()) { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found secureResource."); + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d", + (int)pOwnedDevList.size()); + ownedDevice = findEnrolleeSecurityResource(pOwnedDevList); - if (ownedDevice->getOwnedStatus()) - { - if(!isOwnedDeviceRegisteredInSVRDB()) - { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, - "Not found matched owned deivce in SVR DB."); - res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; - return res; - } - } - else + if (!ownedDevice) { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Target Enrollee is unowned."); + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found matched owned device."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } } else { - OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found secureResource."); + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h index 4a4e4c1..a713ff3 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h @@ -64,6 +64,7 @@ namespace OIC SecurityProvStatusCb m_securityProvStatusCb; SecurityPinCb m_securityPinCb; SecProvisioningDbPathCb m_secProvisioningDbPathCb; + std::shared_ptr< OC::OCSecureResource > m_unownedDevice; std::mutex m_mtx; std::condition_variable m_cond; @@ -73,7 +74,8 @@ namespace OIC std::atomic certResult; std::shared_ptr< OC::OCSecureResource > m_securedResource; - + std::shared_ptr< OC::OCSecureResource > findEnrolleeSecurityResource( + OC::DeviceList_t &list); ESResult performOwnershipTransfer(); bool isOwnedDeviceRegisteredInSVRDB(); void removeDeviceWithUuidCB(OC::PMResultList_t *result, int hasError); -- 2.7.4