From fbfd73dfe3c0a2cba900bc4b4c29cabec7be3975 Mon Sep 17 00:00:00 2001 From: Jaehong Jo Date: Tue, 11 Jun 2019 18:03:59 +0900 Subject: [PATCH] Add CASetSecureEndpointUuid APIs In the tls connection, the subject name in the certificate is set to uuid. So need this api to set the identity with doxm or device uuid. Give the endpoint and uuid, it finds the peer and sets identity to uuid. https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/522/commits/cb5bfdca63fd5919005e69988363f0d951aa75d9 (cherry picked from cb5bfdca63fd5919005e69988363f0d951aa75d9) Change-Id: I61b701e2fb95b2af61894431ece9c164e68f9c9e Signed-off-by: Jaehong Jo Signed-off-by: Sudipto Bal --- .../csdk/connectivity/api/casecurityinterface.h | 10 ++++++++ .../csdk/connectivity/inc/ca_adapter_net_ssl.h | 10 ++++++++ .../src/adapter_util/ca_adapter_net_ssl.c | 29 ++++++++++++++++++++++ .../csdk/connectivity/src/caconnectivitymanager.c | 14 +++++++++++ .../csdk/connectivity/test/ca_api_unittest.cpp | 7 ++++++ 5 files changed, 70 insertions(+) diff --git a/resource/csdk/connectivity/api/casecurityinterface.h b/resource/csdk/connectivity/api/casecurityinterface.h index 5e628d4..264bac8 100644 --- a/resource/csdk/connectivity/api/casecurityinterface.h +++ b/resource/csdk/connectivity/api/casecurityinterface.h @@ -119,6 +119,16 @@ typedef int (*CAgetPskCredentialsHandler)(CADtlsPskCredType_t type, */ const CASecureEndpoint_t *CAGetSecureEndpointData(const CAEndpoint_t *peer); #endif //MULTIPLE_OWNER + +/** + * API to set a secure endpoint identity with uuid + * + * @param[in] peer peer information includs IP address and port + * @param[in] uuid UUID of target device + * + * @return ::CA_STATUS_OK or appropriate error code + */ +CAResult_t CASetSecureEndpointUuid(const CAEndpoint_t *peer, const char *uuid); #endif /** diff --git a/resource/csdk/connectivity/inc/ca_adapter_net_ssl.h b/resource/csdk/connectivity/inc/ca_adapter_net_ssl.h index 1bfdecc..a7e31bd 100644 --- a/resource/csdk/connectivity/inc/ca_adapter_net_ssl.h +++ b/resource/csdk/connectivity/inc/ca_adapter_net_ssl.h @@ -203,6 +203,16 @@ CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint, const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer); #endif +/** + * Sets CA secure endpoint identity with uuid. + * + * @param[in] peer remote address + * @param[in] uuid UUID data to set + * + * @retval ::CA_STATUS_OK for success, otherwise some error value + */ +CAResult_t SetCASecureEndpointUuid(const CAEndpoint_t *peer, const char *uuid); + bool CAIsExistSslPeer(const CAEndpoint_t *peer); #ifdef __cplusplus diff --git a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c index 47e2199..355b0aa 100644 --- a/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c +++ b/resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c @@ -1360,6 +1360,35 @@ const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer) } #endif +CAResult_t SetCASecureEndpointUuid(const CAEndpoint_t *peer, const char *uuid) +{ + OIC_LOG_V(DEBUG, NET_SSL_TAG, "In %s", __func__); + VERIFY_NON_NULL(peer, NET_SSL_TAG, "peer"); + VERIFY_NON_NULL(peer, NET_SSL_TAG, "uuid"); + + oc_mutex_lock(g_sslContextMutex); + SslEndPoint_t *sslPeer = GetSslPeer(peer); + if (NULL == sslPeer) + { + OIC_LOG(ERROR, NET_SSL_TAG, "Peer not found"); + oc_mutex_unlock(g_sslContextMutex); + return CA_STATUS_FAILED; + } + + OCRandomUuidResult ret = OCConvertStringToUuid(uuid, sslPeer->sep.identity.id); + oc_mutex_unlock(g_sslContextMutex); + + if (RAND_UUID_OK != ret) + { + OIC_LOG(ERROR, NET_SSL_TAG, "Failed to convert uuid"); + return CA_STATUS_FAILED; + } + + OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__); + + return CA_STATUS_OK; +} + /** * Deletes cached message. * diff --git a/resource/csdk/connectivity/src/caconnectivitymanager.c b/resource/csdk/connectivity/src/caconnectivitymanager.c index bd5df0e..a3e8f41 100755 --- a/resource/csdk/connectivity/src/caconnectivitymanager.c +++ b/resource/csdk/connectivity/src/caconnectivitymanager.c @@ -161,6 +161,20 @@ const CASecureEndpoint_t *CAGetSecureEndpointData(const CAEndpoint_t *peer) } #endif //MULTIPLE_OWNER +CAResult_t CASetSecureEndpointUuid(const CAEndpoint_t *peer, const char *uuid) +{ + OIC_LOG(DEBUG, TAG, "IN CASetSecureEndpointUuid"); + + if (!g_isInitialized) + { + OIC_LOG(DEBUG, TAG, "CA is not initialized"); + return CA_STATUS_NOT_INITIALIZED; + } + + OIC_LOG(DEBUG, TAG, "OUT CASetSecureEndpointUuid"); + return SetCASecureEndpointUuid(peer, uuid); +} + CAResult_t CAregisterSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback) { OIC_LOG(DEBUG, TAG, "CAregisterSslHandshakeCallback"); diff --git a/resource/csdk/connectivity/test/ca_api_unittest.cpp b/resource/csdk/connectivity/test/ca_api_unittest.cpp index 100beac..b2657fb 100644 --- a/resource/csdk/connectivity/test/ca_api_unittest.cpp +++ b/resource/csdk/connectivity/test/ca_api_unittest.cpp @@ -530,6 +530,13 @@ TEST_F(CATests, RegisterDTLSCredentialsHandlerTest) #endif } +TEST_F(CATests, SetSecureEndpointUuidTestWithNullPeer) +{ +#ifdef __WITH_DTLS__ + EXPECT_EQ(CA_STATUS_INVALID_PARAM, CASetSecureEndpointUuid(NULL, NULL)); +#endif +} + // CARegisterNetworkMonitorHandler TC TEST_F(CATests, RegisterNetworkMonitorHandler) { -- 2.7.4