From ee7c7b1f7a64c8fa4a67bccd9dcf3fd01c896a24 Mon Sep 17 00:00:00 2001 From: Parkhi Date: Fri, 7 Oct 2016 17:23:14 +0900 Subject: [PATCH] Update easysetup's security-provisioning logic. - This patch indicates the method to reduce security-provisioning time by improving the secured-resource search process. Change-Id: I7cb1a9be272dc92451cf5099afb55c15adeb27ec Signed-off-by: Parkhi Reviewed-on: https://gerrit.iotivity.org/gerrit/12995 Tested-by: jenkins-iotivity Reviewed-by: Uze Choi --- .../mediator/richsdk/src/EnrolleeSecurity.cpp | 117 +++++++-------------- .../mediator/richsdk/src/EnrolleeSecurity.h | 4 +- 2 files changed, 40 insertions(+), 81 deletions(-) diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp index f209efb..a7a30d0 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.cpp @@ -68,24 +68,6 @@ namespace OIC m_secProvisioningDbPathCb = secProvisioningDbPathCb; } - std::shared_ptr< OC::OCSecureResource > EnrolleeSecurity::findEnrolleeSecurityResource( - DeviceList_t &list) - { - for (unsigned int i = 0; i < list.size(); i++) - { - if(m_ocResource->sid() == list[i]->getDeviceID().c_str()) - { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Device %d ID %s ", i + 1, - list[i]->getDeviceID().c_str()); - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "From IP :%s", - list[i]->getDevAddr().c_str()); - return list[i]; - } - } - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG,"Error!!! DeviceList_t is NULL"); - return NULL; - } - void EnrolleeSecurity::convertUUIDToString(const uint8_t uuid[UUID_SIZE], std::string& uuidString) { @@ -130,58 +112,34 @@ namespace OIC { ESResult res = ESResult::ES_ERROR; - OC::DeviceList_t pUnownedDevList, pOwnedDevList; - - pOwnedDevList.clear(); - pUnownedDevList.clear(); - OCStackResult result = OC_STACK_ERROR; + OicUuid_t uuid; + ConvertStrToUuid(m_ocResource->sid().c_str(), &uuid); - result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT, - pOwnedDevList); + result = OCSecure::discoverSingleDevice(ES_SEC_DISCOVERY_TIMEOUT, + &uuid, + m_securedResource); if (result != OC_STACK_OK) { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Secure Resource Discovery failed."); res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } - else if (pOwnedDevList.size()) + else if (m_securedResource) { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d", - (int)pOwnedDevList.size()); - std::shared_ptr< OC::OCSecureResource > ownedDevice = - findEnrolleeSecurityResource(pOwnedDevList); - - if (ownedDevice) + if (m_securedResource->getOwnedStatus()) // owned check logic { - if (isOwnedDeviceRegisteredInSVRDB()) + if(isOwnedDeviceRegisteredInSVRDB()) { res = ESResult::ES_OK; } else { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, - "The found owned device is not in Mediator's PDM."); res = ESResult::ES_ERROR; } return res; } - } - - result = OCSecure::discoverUnownedDevices(ES_SEC_DISCOVERY_TIMEOUT, pUnownedDevList); - if (result != OC_STACK_OK) - { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "UnOwned Discovery failed."); - res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; - return res; - } - else if (pUnownedDevList.size()) - { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found Unowned devices. Count =%d", - (int)pUnownedDevList.size()); - - m_unownedDevice = findEnrolleeSecurityResource(pUnownedDevList); - if (m_unownedDevice) + else // unowned check logic { if(isOwnedDeviceRegisteredInSVRDB()) { @@ -192,22 +150,22 @@ namespace OIC &EnrolleeSecurity::removeDeviceWithUuidCB, this, std::placeholders::_1, std::placeholders::_2); - result = OCSecure::removeDeviceWithUuid(DISCOVERY_TIMEOUT, + result = OCSecure::removeDeviceWithUuid(ES_SEC_DISCOVERY_TIMEOUT, m_ocResource->sid(), removeDeviceWithUuidCB); if(result != OC_STACK_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "removeDeviceWithUuid failed."); - res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; return res; } std::unique_lock lck(m_mtx); - m_cond.wait(lck); + m_cond.wait_for(lck, std::chrono::seconds(ES_SEC_DISCOVERY_TIMEOUT)); if(!removeDeviceResult) { - res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; return res; } } @@ -217,7 +175,7 @@ namespace OIC if(res != ESResult::ES_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Ownership-Transfer failed."); - res = ESResult:: ES_OWNERSHIP_TRANSFER_FAILURE; + res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; return res; } @@ -229,15 +187,10 @@ namespace OIC res = ESResult::ES_OWNERSHIP_TRANSFER_FAILURE; } } - else - { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No matched unowned devices found."); - res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; - } } else { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No unowned devices found."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "No secure resource found."); res = ESResult:: ES_SECURE_RESOURCE_DISCOVERY_FAILURE; } return res; @@ -256,13 +209,13 @@ namespace OIC OCSecure::setOwnerTransferCallbackData(OIC_JUST_WORKS, &justWorksCBData, NULL); OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Transfering ownership for : %s ", - m_unownedDevice->getDeviceID().c_str()); + m_securedResource->getDeviceID().c_str()); OC::ResultCallBack ownershipTransferCb = std::bind( &EnrolleeSecurity::ownershipTransferCb, this, std::placeholders::_1, std::placeholders::_2); - result = m_unownedDevice->doOwnershipTransfer(ownershipTransferCb); + result = m_securedResource->doOwnershipTransfer(ownershipTransferCb); if (result != OC_STACK_OK) { OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "doOwnershipTransfer is failed"); @@ -341,37 +294,45 @@ namespace OIC ESResult res = ESResult::ES_ERROR; // Need to discover Owned device in a given network, again - OC::DeviceList_t pOwnedDevList; std::shared_ptr< OC::OCSecureResource > ownedDevice = NULL; - pOwnedDevList.clear(); - OCStackResult result; + OicUuid_t uuid; + ConvertStrToUuid(m_ocResource->sid().c_str(), &uuid); - result = OCSecure::discoverOwnedDevices(ES_SEC_DISCOVERY_TIMEOUT, - pOwnedDevList); + result = OCSecure::discoverSingleDevice(ES_SEC_DISCOVERY_TIMEOUT, + &uuid, + ownedDevice); if (result != OC_STACK_OK) { - OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "Owned Discovery failed."); + OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "secureResource Discovery failed."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } - else if (pOwnedDevList.size()) + else if (ownedDevice) { - OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found owned devices. Count =%d", - (int)pOwnedDevList.size()); - ownedDevice = findEnrolleeSecurityResource(pOwnedDevList); + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Found secureResource."); - if (!ownedDevice) + if (ownedDevice->getOwnedStatus()) + { + if(!isOwnedDeviceRegisteredInSVRDB()) + { + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, + "Not found matched owned deivce in SVR DB."); + res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; + return res; + } + } + else { - OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found matched owned device."); + OIC_LOG_V(DEBUG, ENROLEE_SECURITY_TAG, "Target Enrollee is unowned."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } } else { - OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found owned devices."); + OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "Not found secureResource."); res = ESResult::ES_SECURE_RESOURCE_DISCOVERY_FAILURE; return res; } diff --git a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h index a713ff3..4a4e4c1 100755 --- a/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h +++ b/service/easy-setup/mediator/richsdk/src/EnrolleeSecurity.h @@ -64,7 +64,6 @@ namespace OIC SecurityProvStatusCb m_securityProvStatusCb; SecurityPinCb m_securityPinCb; SecProvisioningDbPathCb m_secProvisioningDbPathCb; - std::shared_ptr< OC::OCSecureResource > m_unownedDevice; std::mutex m_mtx; std::condition_variable m_cond; @@ -74,8 +73,7 @@ namespace OIC std::atomic certResult; std::shared_ptr< OC::OCSecureResource > m_securedResource; - std::shared_ptr< OC::OCSecureResource > findEnrolleeSecurityResource( - OC::DeviceList_t &list); + ESResult performOwnershipTransfer(); bool isOwnedDeviceRegisteredInSVRDB(); void removeDeviceWithUuidCB(OC::PMResultList_t *result, int hasError); -- 2.7.4