From 618d5643591b37246fb06526a30041a31a6ba943 Mon Sep 17 00:00:00 2001 From: Greg Zaverucha Date: Thu, 6 Apr 2017 17:52:16 -0700 Subject: [PATCH] [IOT-1949] De-duplicate roles posted to /oic/sec/roles If a role certificate is added a second time to the roles resource, do not add it again. Change-Id: Ifce27b93404216fb2bbac5b02aeb414a75f0398c Signed-off-by: Greg Zaverucha Reviewed-on: https://gerrit.iotivity.org/gerrit/18831 Reviewed-by: Kevin Kane Tested-by: jenkins-iotivity --- .../csdk/security/include/internal/credresource.h | 2 ++ resource/csdk/security/src/credresource.c | 4 +-- resource/csdk/security/src/rolesresource.c | 40 +++++++++++++++++----- 3 files changed, 35 insertions(+), 11 deletions(-) diff --git a/resource/csdk/security/include/internal/credresource.h b/resource/csdk/security/include/internal/credresource.h index 19138fc..4064d98 100644 --- a/resource/csdk/security/include/internal/credresource.h +++ b/resource/csdk/security/include/internal/credresource.h @@ -263,6 +263,8 @@ CborError SerializeEncodingToCbor(CborEncoder *rootMap, const char *tag, const O CborError SerializeSecOptToCbor(CborEncoder *rootMap, const char *tag, const OicSecOpt_t *value); CborError DeserializeEncodingFromCbor(CborValue *rootMap, OicSecKey_t *value); CborError DeserializeSecOptFromCbor(CborValue *rootMap, OicSecOpt_t *value); +bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2); +bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2); #ifdef __cplusplus } diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index 8022140..f315057 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -1598,7 +1598,7 @@ static OicSecCred_t* GetCredDefault() return NULL; } -static bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2) +bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2) { VERIFY_NOT_NULL(TAG, sk1, WARNING); VERIFY_NOT_NULL(TAG, sk2, WARNING); @@ -1611,7 +1611,7 @@ exit: return false; } -static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2) +bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2) { VERIFY_NOT_NULL(TAG, sk1, WARNING); VERIFY_NOT_NULL(TAG, sk2, WARNING); diff --git a/resource/csdk/security/src/rolesresource.c b/resource/csdk/security/src/rolesresource.c index aa14e82..fbbe1fc 100644 --- a/resource/csdk/security/src/rolesresource.c +++ b/resource/csdk/security/src/rolesresource.c @@ -320,6 +320,22 @@ exit: return res; } +static bool RoleCertChainContains(RoleCertChain_t *chain, const RoleCertChain_t* roleCert) +{ + RoleCertChain_t *temp = NULL; + + LL_FOREACH(chain, temp) + { + if (IsSameSecKey(&temp->certificate, &roleCert->certificate) && + IsSameSecOpt(&temp->optData, &roleCert->optData)) + { + return true; + } + } + + return false; +} + static OCStackResult AddRoleCertificate(const RoleCertChain_t *roleCert, const uint8_t *pubKey, size_t pubKeyLength) { OCStackResult res = OC_STACK_ERROR; @@ -372,17 +388,23 @@ static OCStackResult AddRoleCertificate(const RoleCertChain_t *roleCert, const u LL_PREPEND(gRoles, targetEntry); } - // @todo: (IOT-1949) Detect duplicates and don't add them again - res = DuplicateRoleCertChain(roleCert, ©); - if (OC_STACK_OK != res) + if (!RoleCertChainContains(targetEntry->chains, roleCert)) { - OIC_LOG_V(ERROR, TAG, "Could not duplicate role cert chain: %d", res); - goto exit; - } + res = DuplicateRoleCertChain(roleCert, ©); + if (OC_STACK_OK != res) + { + OIC_LOG_V(ERROR, TAG, "%s: Could not duplicate role cert chain: %d", __func__, res); + goto exit; + } - // Assign our own credId. - copy->credId = gIdCounter++; - LL_APPEND(targetEntry->chains, copy); + // Assign our own credId. + copy->credId = gIdCounter++; + LL_APPEND(targetEntry->chains, copy); + } + else + { + OIC_LOG_V(DEBUG, TAG, "%s: Role cert chain already present, not going to add it again", __func__); + } res = OC_STACK_OK; -- 2.7.4