From 4f964073c7ab4d8d4727692122a630dc5c8a7b23 Mon Sep 17 00:00:00 2001 From: "Hongkuk, Son" Date: Thu, 18 Jan 2018 12:15:03 +0900 Subject: [PATCH] Update snapshot(2018-01-17) Signed-off-by: Hongkuk, Son Change-Id: Ifcbe9a53b46849c046ffc8d0276dc69f8a154465 --- extlibs/mbedtls/CVE-2017-14032.patch | 161 --- extlibs/mbedtls/SConscript | 2 +- extlibs/mbedtls/mbedtls/include/mbedtls/error.h | 2 +- extlibs/mbedtls/mbedtls/include/mbedtls/ssl.h | 2 +- extlibs/mbedtls/mbedtls/include/mbedtls/x509.h | 1 + extlibs/mbedtls/mbedtls/include/mbedtls/x509_crt.h | 8 +- extlibs/mbedtls/mbedtls/library/error.c | 2 + extlibs/mbedtls/mbedtls/library/x509_crt.c | 30 +- packaging/snapshot_history.txt | 6 + .../include/internal/ownershiptransfermanager.h | 4 + .../provisioning/include/ocprovisioningmanager.h | 1170 ++++++++++---------- .../provisioning/src/ocprovisioningmanager.c | 17 + .../provisioning/src/ownershiptransfermanager.c | 106 ++ resource/csdk/security/src/credresource.c | 15 +- resource/include/OCProvisioningManager.hpp | 2 + .../provisioning/src/OCProvisioningManager.cpp | 45 +- service/easy-setup/enrollee/src/easysetup.c | 10 +- service/easy-setup/enrollee/src/resourcehandler.c | 9 +- .../resourceCache/include/ResourceCacheManager.h | 1 - .../src/resourceCache/src/ResourceCacheManager.cpp | 9 +- 20 files changed, 837 insertions(+), 765 deletions(-) delete mode 100644 extlibs/mbedtls/CVE-2017-14032.patch diff --git a/extlibs/mbedtls/CVE-2017-14032.patch b/extlibs/mbedtls/CVE-2017-14032.patch deleted file mode 100644 index 4384469..0000000 --- a/extlibs/mbedtls/CVE-2017-14032.patch +++ /dev/null @@ -1,161 +0,0 @@ -From e8bd647d8271174d3737dcf68086126b73a73df6 Mon Sep 17 00:00:00 2001 -From: Oleksii Beketov -Date: Mon, 18 Dec 2017 15:23:28 +0200 -Subject: [PATCH] CVE-2017-14032 - -Signed-off-by: Oleksii Beketov ---- - include/mbedtls/error.h | 2 +- - include/mbedtls/ssl.h | 2 +- - include/mbedtls/x509.h | 1 + - include/mbedtls/x509_crt.h | 8 +++++++- - library/error.c | 2 ++ - library/x509_crt.c | 30 ++++++++++++++++++++++-------- - 6 files changed, 34 insertions(+), 11 deletions(-) - -diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h -index 5e549f6..31591e2 100644 ---- a/include/mbedtls/error.h -+++ b/include/mbedtls/error.h -@@ -71,7 +71,7 @@ - * Name ID Nr of Errors - * PEM 1 9 - * PKCS#12 1 4 (Started from top) -- * X509 2 19 -+ * X509 2 20 - * PKCS5 2 4 (Started from top) - * DHM 3 9 - * PK 3 14 (Started from top) -diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h -index 495e02c..4f171e0 100644 ---- a/include/mbedtls/ssl.h -+++ b/include/mbedtls/ssl.h -@@ -1042,7 +1042,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); - * - * If set, the verify callback is called for each - * certificate in the chain. For implementation -- * information, please see \c x509parse_verify() -+ * information, please see \c mbedtls_x509_crt_verify() - * - * \param conf SSL configuration - * \param f_vrfy verification function -diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h -index f219bf1..128eade 100644 ---- a/include/mbedtls/x509.h -+++ b/include/mbedtls/x509.h -@@ -76,6 +76,7 @@ - #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ - #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ - #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ -+#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ - /* \} name */ - - /** -diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h -index 383e484..fd20336 100644 ---- a/include/mbedtls/x509_crt.h -+++ b/include/mbedtls/x509_crt.h -@@ -267,7 +267,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, - * - * All flags left after returning from the callback - * are also returned to the application. The function should -- * return 0 for anything but a fatal error. -+ * return 0 for anything (including invalid certificates) -+ * other than fatal error, as a non-zero return code -+ * immediately aborts the verification process. For fatal -+ * errors, a specific error code should be used (different -+ * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not -+ * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR -+ * can be used if no better code is available. - * - * \note In case verification failed, the results can be displayed - * using \c mbedtls_x509_crt_verify_info() -diff --git a/library/error.c b/library/error.c -index dd2db0c..db42381 100644 ---- a/library/error.c -+++ b/library/error.c -@@ -480,6 +480,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) - mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" ); - if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) - mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); -+ if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) -+ mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); - #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ - // END generated code - -diff --git a/library/x509_crt.c b/library/x509_crt.c -index 234f145..1f31a6b 100644 ---- a/library/x509_crt.c -+++ b/library/x509_crt.c -@@ -2055,8 +2055,8 @@ static int x509_crt_verify_child( - /* path_cnt is 0 for the first intermediate CA */ - if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) - { -- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; -- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); -+ /* return immediately as the goal is to avoid unbounded recursion */ -+ return( MBEDTLS_ERR_X509_FATAL_ERROR ); - } - - if( mbedtls_x509_time_is_past( &child->valid_to ) ) -@@ -2200,11 +2200,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - mbedtls_x509_sequence *cur = NULL; - mbedtls_pk_type_t pk_type; - -- if( profile == NULL ) -- return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); -- - *flags = 0; - -+ if( profile == NULL ) -+ { -+ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; -+ goto exit; -+ } -+ - if( cn != NULL ) - { - name = &crt->subject; -@@ -2278,7 +2281,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - ret = x509_crt_verify_top( crt, parent, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) -- return( ret ); -+ goto exit; - } - else - { -@@ -2293,17 +2296,28 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, - ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) -- return( ret ); -+ goto exit; - } - else - { - ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, - pathlen, selfsigned, flags, f_vrfy, p_vrfy ); - if( ret != 0 ) -- return( ret ); -+ goto exit; - } - } - -+exit: -+ /* prevent misuse of the vrfy callback */ -+ if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) -+ ret = MBEDTLS_ERR_X509_FATAL_ERROR; -+ -+ if( ret != 0 ) -+ { -+ *flags = (uint32_t) -1; -+ return( ret ); -+ } -+ - if( *flags != 0 ) - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); - --- -1.9.1 - diff --git a/extlibs/mbedtls/SConscript b/extlibs/mbedtls/SConscript index c385f30..cfcec9d 100644 --- a/extlibs/mbedtls/SConscript +++ b/extlibs/mbedtls/SConscript @@ -65,7 +65,7 @@ os.chdir(mbedtls_dir) # Apply ocf patch on git revision if os.path.exists('.git/HEAD'): - cmd = 'git checkout development && git reset --hard ' + mbedtls_revision + ' && git apply --whitespace=fix ../ocf.patch' + ' && git apply --whitespace=fix ../CVE-2017-14032.patch' + cmd = 'git checkout development && git reset --hard ' + mbedtls_revision + ' && git apply --whitespace=fix ../ocf.patch' os.system(cmd) else: print 'mbedtls: Assume ocf.patch (TLS_ECDH_ANON_WITH_AES_128_CBC_SHA256) was applied in %s' % mbedtls_dir diff --git a/extlibs/mbedtls/mbedtls/include/mbedtls/error.h b/extlibs/mbedtls/mbedtls/include/mbedtls/error.h index 5e549f6..31591e2 100644 --- a/extlibs/mbedtls/mbedtls/include/mbedtls/error.h +++ b/extlibs/mbedtls/mbedtls/include/mbedtls/error.h @@ -71,7 +71,7 @@ * Name ID Nr of Errors * PEM 1 9 * PKCS#12 1 4 (Started from top) - * X509 2 19 + * X509 2 20 * PKCS5 2 4 (Started from top) * DHM 3 9 * PK 3 14 (Started from top) diff --git a/extlibs/mbedtls/mbedtls/include/mbedtls/ssl.h b/extlibs/mbedtls/mbedtls/include/mbedtls/ssl.h index 8046e6e..89cda65 100644 --- a/extlibs/mbedtls/mbedtls/include/mbedtls/ssl.h +++ b/extlibs/mbedtls/mbedtls/include/mbedtls/ssl.h @@ -1043,7 +1043,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); * * If set, the verify callback is called for each * certificate in the chain. For implementation - * information, please see \c x509parse_verify() + * information, please see \c mbedtls_x509_crt_verify() * * \param conf SSL configuration * \param f_vrfy verification function diff --git a/extlibs/mbedtls/mbedtls/include/mbedtls/x509.h b/extlibs/mbedtls/mbedtls/include/mbedtls/x509.h index 54dac16..665892b 100644 --- a/extlibs/mbedtls/mbedtls/include/mbedtls/x509.h +++ b/extlibs/mbedtls/mbedtls/include/mbedtls/x509.h @@ -76,6 +76,7 @@ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ +#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** diff --git a/extlibs/mbedtls/mbedtls/include/mbedtls/x509_crt.h b/extlibs/mbedtls/mbedtls/include/mbedtls/x509_crt.h index 383e484..fd20336 100644 --- a/extlibs/mbedtls/mbedtls/include/mbedtls/x509_crt.h +++ b/extlibs/mbedtls/mbedtls/include/mbedtls/x509_crt.h @@ -267,7 +267,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * * All flags left after returning from the callback * are also returned to the application. The function should - * return 0 for anything but a fatal error. + * return 0 for anything (including invalid certificates) + * other than fatal error, as a non-zero return code + * immediately aborts the verification process. For fatal + * errors, a specific error code should be used (different + * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not + * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR + * can be used if no better code is available. * * \note In case verification failed, the results can be displayed * using \c mbedtls_x509_crt_verify_info() diff --git a/extlibs/mbedtls/mbedtls/library/error.c b/extlibs/mbedtls/mbedtls/library/error.c index dd2db0c..db42381 100644 --- a/extlibs/mbedtls/mbedtls/library/error.c +++ b/extlibs/mbedtls/mbedtls/library/error.c @@ -480,6 +480,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" ); if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); + if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) + mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ // END generated code diff --git a/extlibs/mbedtls/mbedtls/library/x509_crt.c b/extlibs/mbedtls/mbedtls/library/x509_crt.c index 67cedde..7965a20 100644 --- a/extlibs/mbedtls/mbedtls/library/x509_crt.c +++ b/extlibs/mbedtls/mbedtls/library/x509_crt.c @@ -2054,8 +2054,8 @@ static int x509_crt_verify_child( /* path_cnt is 0 for the first intermediate CA */ if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); + /* return immediately as the goal is to avoid unbounded recursion */ + return( MBEDTLS_ERR_X509_FATAL_ERROR ); } if( mbedtls_x509_time_is_past( &child->valid_to ) ) @@ -2199,11 +2199,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_sequence *cur = NULL; mbedtls_pk_type_t pk_type; - if( profile == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); - *flags = 0; + if( profile == NULL ) + { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto exit; + } + if( cn != NULL ) { name = &crt->subject; @@ -2277,7 +2280,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, ret = x509_crt_verify_top( crt, parent, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } else { @@ -2292,17 +2295,28 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } else { ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } } +exit: + /* prevent misuse of the vrfy callback */ + if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) + ret = MBEDTLS_ERR_X509_FATAL_ERROR; + + if( ret != 0 ) + { + *flags = (uint32_t) -1; + return( ret ); + } + if( *flags != 0 ) return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); diff --git a/packaging/snapshot_history.txt b/packaging/snapshot_history.txt index 9ccb69a..11da922 100755 --- a/packaging/snapshot_history.txt +++ b/packaging/snapshot_history.txt @@ -1,3 +1,9 @@ +http://suprem.sec.samsung.net/jira/browse/CONPRO-1198 + +commit_info_2018-01-17.txt + +commit_id: 08092ea0b2413230c591a1256bef8b580c58dab5 +---------------------------------------------------------------------------------------------------------------------------------- http://suprem.sec.samsung.net/jira/browse/CONPRO-1188 commit_info_2018-01-10.txt diff --git a/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h b/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h index 1d0aa24..b8f34c9 100644 --- a/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h +++ b/resource/csdk/security/provisioning/include/internal/ownershiptransfermanager.h @@ -47,6 +47,10 @@ typedef struct OTMContext OTMContext_t; OCStackResult OTMDoOwnershipTransfer(void* ctx, OCProvisionDev_t* selectedDeviceList, OCProvisionResultCB resultCB); +OCStackResult OTMDoCustomOwnershipTransfer(void* ctx, + OCProvisionDev_t* selectedDeviceList, OCProvisionResultCB resultCB, + const OicSecOxm_t method); + /** * API to set a allow status of OxM * diff --git a/resource/csdk/security/provisioning/include/ocprovisioningmanager.h b/resource/csdk/security/provisioning/include/ocprovisioningmanager.h index 088d2a1..50c00fb 100644 --- a/resource/csdk/security/provisioning/include/ocprovisioningmanager.h +++ b/resource/csdk/security/provisioning/include/ocprovisioningmanager.h @@ -1,578 +1,592 @@ -/* ***************************************************************** - * - * Copyright 2015 Samsung Electronics All Rights Reserved. - * - * - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * *****************************************************************/ - -#ifndef OCPROVISIONINGMANAGER_H_ -#define OCPROVISIONINGMANAGER_H_ - -#include "octypes.h" -#include "pmtypes.h" -#include "casecurityinterface.h" -#include "ownershiptransfermanager.h" -#ifdef MULTIPLE_OWNER -#include "securevirtualresourcetypes.h" -#endif //MULTIPLE_OWNER - -#ifdef __cplusplus -extern "C" { -#endif // __cplusplus - -/** - * The function is responsible for initializaton of the provisioning manager. It will load - * provisioning database which have owned device's list and their linked status. - * TODO: In addition, if there is a device(s) which has not up-to-date credentials, this function will - * automatically try to update the deivce(s). - * - * @param[in] dbPath file path of the sqlite3 db - * - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCInitPM(const char *dbPath); - -/** - * API to termiante the provisioning manager - */ -void OCTerminatePM(); - -/** - * API to cleanup PDM in case of timeout. - * It will remove the PDM_DEVICE_INIT state devices from PDM. - * - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCPDMCleanupForTimeout(); - -/** - * The function is responsible for discovery of owned/unowned device is specified endpoint/deviceID. - * It will return the found device even though timeout is not exceeded. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the device. - * @param[in] deviceID deviceID of target device. - * @param[out] ppFoundDevice OCProvisionDev_t of found device - * @return OTM_SUCCESS in case of success and other value otherwise. - */ -OCStackResult OCDiscoverSingleDevice(unsigned short timeout, const OicUuid_t *deviceID, - OCProvisionDev_t **ppFoundDevice); - -/** - * The function is responsible for discovery of owned/unowned device is specified endpoint/MAC - * address. - * It will return the found device even though timeout is not exceeded. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the device. - * @param[in] deviceID deviceID of target device. - * @param[in] hostAddress MAC address of target device. - * @param[in] connType ConnectivityType for discovery. - * @param[out] ppFoundDevice OCProvisionDev_t of found device. - * @return OTM_SUCCESS in case of success and other value otherwise. - */ -OCStackResult OCDiscoverSingleDeviceInUnicast(unsigned short timeout, const OicUuid_t *deviceID, - const char *hostAddress, OCConnectivityType connType, - OCProvisionDev_t **ppFoundDevice); - -/** - * The function is responsible for discovery of device is current subnet. It will list - * all the device in subnet which are not yet owned. Please call OCInit with OC_CLIENT_SERVER as - * OCMode. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the list of devices. - * @param[out] ppList List of candidate devices to be provisioned - * @return OTM_SUCCESS in case of success and other value otherwise. - */ -OCStackResult OCDiscoverUnownedDevices(unsigned short waittime, OCProvisionDev_t **ppList); - -/** - * Do ownership transfer for un-owned device. - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] targetDevices List of devices to perform ownership transfer. - * @param[in] resultCallback Result callback function to be invoked when ownership transfer finished. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCDoOwnershipTransfer(void *ctx, - OCProvisionDev_t *targetDevices, - OCProvisionResultCB resultCallback); - -/** - * API to set a allow status of OxM - * - * @param[in] oxm Owership transfer method (ref. OicSecOxm_t) - * @param[in] allowStatus allow status (true = allow, false = not allow) - * - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCSetOxmAllowStatus(const OicSecOxm_t oxm, const bool allowStatus); - - -#ifdef MULTIPLE_OWNER -/** - * API to perfrom multiple ownership transfer for MOT enabled device. - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] targetDevices List of devices to perform ownership transfer. - * @param[in] resultCallback Result callback function to be invoked when ownership transfer finished. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCDoMultipleOwnershipTransfer(void *ctx, - OCProvisionDev_t *targetDevices, - OCProvisionResultCB resultCallback); - -/** - * API to remove sub-owner from resource server - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] targetDeviceInfo Selected target device. - * @param[in] subOwner sub-owner UUID to be removed - * @param[in] resultCallback callback provided by API user, callback will be invoked when - * DELETE 'subowneruuid' request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCRemoveSubOwner(void *ctx, - const OCProvisionDev_t *targetDeviceInfo, - const OicUuid_t *subOwner, - OCProvisionResultCB resultCallback); - -/** - * API to remove all sub-owner from resource server - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] targetDeviceInfo Selected target device. - * @param[in] resultCallback callback provided by API user, callback will be invoked when - * DELETE 'subowneruuid' request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCRemoveAllSubOwner(void *ctx, - const OCProvisionDev_t *targetDeviceInfo, - OCProvisionResultCB resultCallback); - -#endif //MULTIPLE_OWNER - -/** - * API to register for particular OxM. - * - * @param[in] Ownership transfer method. - * @param[in] Implementation of callback functions for owership transfer. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCSetOwnerTransferCallbackData(OicSecOxm_t oxm, OTMCallbackData_t *callbackData); - -/** - * The function is responsible for discovery of owned device is current subnet. It will list - * all the device in subnet which are owned by calling provisioning client. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the list of devices. - * @param[out] ppList List of device owned by provisioning tool. - * @return OTM_SUCCESS in case of success and other value otherwise. - */ -OCStackResult OCDiscoverOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList); - -#ifdef MULTIPLE_OWNER -/** - * The function is responsible for discovery of MOT enabled device is current subnet. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the list of devices. - * @param[out] ppList List of MOT enabled devices. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCDiscoverMultipleOwnerEnabledDevices(unsigned short timeout, - OCProvisionDev_t **ppList); - -/** - * The function is responsible for discovery of Multiple Owned device is current subnet. - * - * @param[in] timeout Timeout in seconds, value till which function will listen to responses from - * server before returning the list of devices. - * @param[out] ppList List of Multiple Owned devices. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCDiscoverMultipleOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList); -#endif //MULTIPLE_OWNER - -/** - * API to provision credentials between two devices and ACLs for the devices who act as a server. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] type Type of credentials to be provisioned to the device. - * @param[in] pDev1 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned. - * @param[in] acl ACL for device 1. If this is not required set NULL. - * @param[in] pDev2 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned. - * @param[in] acl ACL for device 2. If this is not required set NULL. - * @param[in] resultCallback callback provided by API user, callback will be called when - * provisioning request recieves a response from first resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionPairwiseDevices(void *ctx, OicSecCredType_t type, size_t keySize, - const OCProvisionDev_t *pDev1, OicSecAcl_t *pDev1Acl, - const OCProvisionDev_t *pDev2, OicSecAcl_t *pDev2Acl, - OCProvisionResultCB resultCallback); - -/** - * API to send ACL information to device. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] selectedDeviceInfo Selected target device. - * @param[in] acl ACL to provision. - * @param[in] resultCallback callback provided by API user, callback will be called when provisioning - request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, - OicSecAcl_t *acl, - OCProvisionResultCB resultCallback); - -/** - * function to save ACL which has several ACE into Acl of SVR. - * - * @param acl ACL to be saved in Acl of SVR. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCSaveACL(const OicSecAcl_t *acl); - -/** - * this function requests CRED information to resource. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] selectedDeviceInfo Selected target device. - * @param[in] resultCallback callback provided by API user, callback will be called when provisioning - request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCGetCredResource(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, - OCProvisionResultCB resultCallback); - -/** - * this function requests ACL information to resource. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] selectedDeviceInfo Selected target device. - * @param[in] resultCallback callback provided by API user, callback will be called when provisioning - request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCGetACLResource(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, - OCProvisionResultCB resultCallback); - -/** - * this function sends Direct-Pairing Configuration to a device. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] selectedDeviceInfo Selected target device. - * @param[in] pconf PCONF pointer. - * @param[in] resultCallback callback provided by API user, callback will be called when provisioning - request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionDirectPairing(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, - OicSecPconf_t *pconf, - OCProvisionResultCB resultCallback); - -/** - * API to provision credential to devices. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] type Type of credentials to be provisioned to the device. - * @param[in] pDev1 Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. - @param[in] pDev2 Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. - * @param[in] resultCallback callback provided by API user, callback will be called when - * provisioning request recieves a response from first resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionCredentials(void *ctx, OicSecCredType_t type, size_t keySize, - const OCProvisionDev_t *pDev1, - const OCProvisionDev_t *pDev2, - OCProvisionResultCB resultCallback); - -#ifdef MULTIPLE_OWNER -/** - * API to provision preconfigured PIN to device(NOT LIST). - * If device does not support the Preconfigured PIN OxM, - * OCProvisionPreconfigPin API will update the device's Doxm - * and then try preconfigured PIN provisioning once again. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] targetDeviceInfo Selected target device. - * @param[in] preconfigPin string of preconfigured PIN. - * @param[in] preconfigPinLen string length of 'preconfigPin'. - * @param[in] resultCallback callback provided by API user, callback will be called when - * provisioning request recieves a response from first resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionPreconfigPin(void *ctx, - OCProvisionDev_t *targetDeviceInfo, - const char *preconfigPin, - size_t preconfigPinLen, - OCProvisionResultCB resultCallback); - -/** - * API to add preconfigured PIN to local SVR DB. - * - * @param[in] targetDeviceInfo Selected target device. - * @param[in] preconfigPin Preconfig PIN which is used while multiple owner authentication - * @param[in] preconfigPinLen Byte length of preconfigPin - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCAddPreconfigPin(const OCProvisionDev_t *targetDeviceInfo, - const char *preconfigPin, - size_t preconfigPinLen); - -/** - * API to update 'doxm.mom' to resource server. - * - * @param[in] targetDeviceInfo Selected target device. - * @param[in] momType Mode of multiple ownership transfer (ref. oic.sec.mom) - * @param[in] resultCallback callback provided by API user, callback will be called when - * POST 'mom' request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCChangeMOTMode(void *ctx, const OCProvisionDev_t *targetDeviceInfo, - const OicSecMomType_t momType, OCProvisionResultCB resultCallback); - -/** - * API to update 'doxm.oxmsel' to resource server. - * - * @param[in] targetDeviceInfo Selected target device. - * @param[in] oxmSelValue Method of multiple ownership transfer (ref. oic.sec.oxm) - * @param[in] resultCallback callback provided by API user, callback will be called when - * POST 'oxmsel' request recieves a response from resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCSelectMOTMethod(void *ctx, const OCProvisionDev_t *targetDeviceInfo, - const OicSecOxm_t oxmSelValue, OCProvisionResultCB resultCallback); -#endif //MULTIPLE_OWNER - -/** - * Function to unlink devices. - * This function will remove the credential & relasionship between the two devices. - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] pTargetDev1 fitst device information to be unlinked. - * @param[in] pTargetDev2 second device information to be unlinked. - * @param[in] resultCallback callback provided by API user, callback will be called when - * device unlink is finished. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCUnlinkDevices(void *ctx, - const OCProvisionDev_t *pTargetDev1, - const OCProvisionDev_t *pTargetDev2, - OCProvisionResultCB resultCallback); - -/** - * Function for device revocation - * This function will remove credential of target device from all devices in subnet. - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) - * @param[in] pTargetDev Device information to be revoked. - * @param[in] resultCallback callback provided by API user, callback will be called when - * credential revocation is finished. - * @return OC_STACK_OK in case of success and other value otherwise. - * if OC_STACK_OK is returned, the caller of this API should wait for callback. - * OC_STACK_CONTINUE means operation is success but no need to wait for callback. - */ -OCStackResult OCRemoveDevice(void *ctx, - unsigned short waitTimeForOwnedDeviceDiscovery, - const OCProvisionDev_t *pTargetDev, - OCProvisionResultCB resultCallback); - -/* -* Function to device revocation -* This function will remove credential of target device from all devices in subnet. -* -* @param[in] ctx Application context would be returned in result callback -* @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) -* @param[in] pTargetDev Device information to be revoked. -* @param[in] resultCallback callback provided by API user, callback will be called when -* credential revocation is finished. - * @return OC_STACK_OK in case of success and other value otherwise. -*/ -OCStackResult OCRemoveDeviceWithUuid(void *ctx, - unsigned short waitTimeForOwnedDeviceDiscovery, - const OicUuid_t *pTargetUuid, - OCProvisionResultCB resultCallback); - -/* - * Function to reset the target device. - * This function will remove credential and ACL of target device from all devices in subnet. - * - * @param[in] ctx Application context would be returned in result callback - * @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) - * @param[in] pTargetDev Device information to be revoked. - * @param[in] resultCallback callback provided by API user, callback will be called when - * credential revocation is finished. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCResetDevice(void *ctx, unsigned short waitTimeForOwnedDeviceDiscovery, - const OCProvisionDev_t *pTargetDev, - OCProvisionResultCB resultCallback, - OCClientContextDeleter deleteCallback); - -/** - * This function resets SVR DB to its factory setting. - * - *@return OC_STACK_OK in case of successful reset and other value otherwise. - */ -OCStackResult OCResetSVRDB(void); - -/** - * This function configures SVR DB as self-ownership. - * - *@return OC_STACK_OK in case of successful configue and other value otherwise. - */ -OCStackResult OCConfigSelfOwnership(void); - -/** - * API to get status of all the devices in current subnet. The status include endpoint information - * and doxm information which can be extracted duing owned and unowned discovery. Along with this - * information. The API will provide information about devices' status - * Device can have following states - * - ON/OFF: Device is switched on or off. - * - * NOTE: Caller need to call OCDeleteDiscoveredDevices to delete memory allocated by this API for out - * variables pOwnedDevList and pUnownedDevList. - * - * @param[in] waitime Wait time for the API. The wait time will be divided by 2, and half of wait time - * will be used for unowned discovery and remaining half for owned discovery. So the wait time should be - * equal to or more than 2. - * @param[out] pOwnedDevList list of owned devices. - * @param[out] pUnownedDevList list of unowned devices. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCGetDevInfoFromNetwork(unsigned short waittime, - OCProvisionDev_t **pOwnedDevList, - OCProvisionDev_t **pUnownedDevList); -/** - * This method is used to get linked devices' IDs. - * - * @param[in] uuidOfDevice a target device's uuid. - * @param[out] uuidList information about the list of linked devices' uuids. - * @param[out] numOfDevices total number of linked devices. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCGetLinkedStatus(const OicUuid_t *uuidOfDevice, - OCUuidList_t **uuidList, - size_t *numOfDevices); - -/** - * API to delete memory allocated to linked list created by OCDiscover_XXX_Devices API. - * - * @param[in] pList Pointer to OCProvisionDev_t which should be deleted. - */ -void OCDeleteDiscoveredDevices(OCProvisionDev_t *pList); - -/** - * API to delete memory allocated to OicUuid_t list. - * - * @param[in] pList Pointer to OicUuid_t list which should be deleted. - */ -void OCDeleteUuidList(OCUuidList_t *pList); - -/** - * This function deletes ACL data. - * - * @param pAcl Pointer to OicSecAcl_t structure. - */ -void OCDeleteACLList(OicSecAcl_t *pAcl); - -/** - * This function deletes PDACL data. - * - * @param pPdAcl Pointer to OicSecPdAcl_t structure. - */ -void OCDeletePdAclList(OicSecPdAcl_t *pPdAcl); - -#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) -/** - * function to provision Trust certificate chain to devices. - * - * @param[in] ctx Application context would be returned in result callback. - * @param[in] type Type of credentials to be provisioned to the device. - * @param[in] credId CredId of trust certificate chain to be provisioned to the device. - * @param[in] selectedDeviceInfo Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. - * @param[in] resultCallback callback provided by API user, callback will be called when - * provisioning request recieves a response from first resource server. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint16_t credId, - const OCProvisionDev_t *selectedDeviceInfo, - OCProvisionResultCB resultCallback); -/** - * function to save Trust certificate chain into Cred of SVR. - * - * @param[in] trustCertChain Trust certificate chain to be saved in Cred of SVR. - * @param[in] chainSize Size of trust certificate chain to be saved in Cred of SVR - * @param[in] encodingType Encoding type of trust certificate chain to be saved in Cred of SVR - * @param[out] credId CredId of saved trust certificate chain in Cred of SVR. - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize, - OicEncodingType_t encodingType, uint16_t *credId); -/** - * function to register callback, for getting notification for TrustCertChain change. - * - * @param[in] TrustCertChainChangeCB notifier callback function - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCRegisterTrustCertChainNotifier(void *cb, TrustCertChainChangeCB CB); - -/** - * function to de-register TrustCertChain notification callback. - */ -void OCRemoveTrustCertChainNotifier(void); - -/* - * Function to read Trust certificate chain from SVR. - * Caller must free when done using the returned trust certificate - * @param[in] credId CredId of trust certificate chain in SVR. - * @param[out] trustCertChain Trust certificate chain. - * @param[out] chainSize Size of trust certificate chain - * @return OC_STACK_OK in case of success and other value otherwise. - */ -OCStackResult OCReadTrustCertChain(uint16_t credId, uint8_t **trustCertChain, - size_t *chainSize); - -/** - * Function to select appropriate security provisioning method. - * - * @param[in] supportedMethods Array of supported methods - * @param[in] numberOfMethods number of supported methods - * @param[out] selectedMethod Selected methods - * @param[in] ownerType type of owner device (SUPER_OWNER or SUB_OWNER) - * @return OC_STACK_OK on success - */ -OCStackResult OCSelectOwnershipTransferMethod(const OicSecOxm_t *supportedMethods, - size_t numberOfMethods, OicSecOxm_t *selectedMethod, OwnerType_t ownerType); - -/** - * This function sets the callback to utilize peer certificate information - */ -OCStackResult OCSetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback); - -#endif // __WITH_DTLS__ || __WITH_TLS__ - - -#ifdef __cplusplus -} -#endif // __cplusplus - -#endif /* OCPROVISIONINGMANAGER_H_ */ +/* ***************************************************************** + * + * Copyright 2015 Samsung Electronics All Rights Reserved. + * + * + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * *****************************************************************/ + +#ifndef OCPROVISIONINGMANAGER_H_ +#define OCPROVISIONINGMANAGER_H_ + +#include "octypes.h" +#include "pmtypes.h" +#include "casecurityinterface.h" +#include "ownershiptransfermanager.h" +#ifdef MULTIPLE_OWNER +#include "securevirtualresourcetypes.h" +#endif //MULTIPLE_OWNER + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +/** + * The function is responsible for initializaton of the provisioning manager. It will load + * provisioning database which have owned device's list and their linked status. + * TODO: In addition, if there is a device(s) which has not up-to-date credentials, this function will + * automatically try to update the deivce(s). + * + * @param[in] dbPath file path of the sqlite3 db + * + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCInitPM(const char *dbPath); + +/** + * API to termiante the provisioning manager + */ +void OCTerminatePM(); + +/** + * API to cleanup PDM in case of timeout. + * It will remove the PDM_DEVICE_INIT state devices from PDM. + * + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCPDMCleanupForTimeout(); + +/** + * The function is responsible for discovery of owned/unowned device is specified endpoint/deviceID. + * It will return the found device even though timeout is not exceeded. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the device. + * @param[in] deviceID deviceID of target device. + * @param[out] ppFoundDevice OCProvisionDev_t of found device + * @return OTM_SUCCESS in case of success and other value otherwise. + */ +OCStackResult OCDiscoverSingleDevice(unsigned short timeout, const OicUuid_t *deviceID, + OCProvisionDev_t **ppFoundDevice); + +/** + * The function is responsible for discovery of owned/unowned device is specified endpoint/MAC + * address. + * It will return the found device even though timeout is not exceeded. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the device. + * @param[in] deviceID deviceID of target device. + * @param[in] hostAddress MAC address of target device. + * @param[in] connType ConnectivityType for discovery. + * @param[out] ppFoundDevice OCProvisionDev_t of found device. + * @return OTM_SUCCESS in case of success and other value otherwise. + */ +OCStackResult OCDiscoverSingleDeviceInUnicast(unsigned short timeout, const OicUuid_t *deviceID, + const char *hostAddress, OCConnectivityType connType, + OCProvisionDev_t **ppFoundDevice); + +/** + * The function is responsible for discovery of device is current subnet. It will list + * all the device in subnet which are not yet owned. Please call OCInit with OC_CLIENT_SERVER as + * OCMode. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the list of devices. + * @param[out] ppList List of candidate devices to be provisioned + * @return OTM_SUCCESS in case of success and other value otherwise. + */ +OCStackResult OCDiscoverUnownedDevices(unsigned short waittime, OCProvisionDev_t **ppList); + +/** + * Do ownership transfer for un-owned device. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] targetDevices List of devices to perform ownership transfer. + * @param[in] resultCallback Result callback function to be invoked when ownership transfer finished. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCDoOwnershipTransfer(void *ctx, + OCProvisionDev_t *targetDevices, + OCProvisionResultCB resultCallback); + +/** + * Do ownership transfer for un-owned device. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] targetDevices List of devices to perform ownership transfer. + * @param[in] resultCallback Result callback function to be invoked when ownership transfer finished. + * @param[in] method OTM + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCDoCustomOwnershipTransfer(void *ctx, + OCProvisionDev_t *selectedDevice, + OCProvisionResultCB resultCallback, + const OicSecOxm_t method); + +/** + * API to set a allow status of OxM + * + * @param[in] oxm Owership transfer method (ref. OicSecOxm_t) + * @param[in] allowStatus allow status (true = allow, false = not allow) + * + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCSetOxmAllowStatus(const OicSecOxm_t oxm, const bool allowStatus); + + +#ifdef MULTIPLE_OWNER +/** + * API to perfrom multiple ownership transfer for MOT enabled device. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] targetDevices List of devices to perform ownership transfer. + * @param[in] resultCallback Result callback function to be invoked when ownership transfer finished. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCDoMultipleOwnershipTransfer(void *ctx, + OCProvisionDev_t *targetDevices, + OCProvisionResultCB resultCallback); + +/** + * API to remove sub-owner from resource server + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] targetDeviceInfo Selected target device. + * @param[in] subOwner sub-owner UUID to be removed + * @param[in] resultCallback callback provided by API user, callback will be invoked when + * DELETE 'subowneruuid' request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCRemoveSubOwner(void *ctx, + const OCProvisionDev_t *targetDeviceInfo, + const OicUuid_t *subOwner, + OCProvisionResultCB resultCallback); + +/** + * API to remove all sub-owner from resource server + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] targetDeviceInfo Selected target device. + * @param[in] resultCallback callback provided by API user, callback will be invoked when + * DELETE 'subowneruuid' request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCRemoveAllSubOwner(void *ctx, + const OCProvisionDev_t *targetDeviceInfo, + OCProvisionResultCB resultCallback); + +#endif //MULTIPLE_OWNER + +/** + * API to register for particular OxM. + * + * @param[in] Ownership transfer method. + * @param[in] Implementation of callback functions for owership transfer. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCSetOwnerTransferCallbackData(OicSecOxm_t oxm, OTMCallbackData_t *callbackData); + +/** + * The function is responsible for discovery of owned device is current subnet. It will list + * all the device in subnet which are owned by calling provisioning client. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the list of devices. + * @param[out] ppList List of device owned by provisioning tool. + * @return OTM_SUCCESS in case of success and other value otherwise. + */ +OCStackResult OCDiscoverOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList); + +#ifdef MULTIPLE_OWNER +/** + * The function is responsible for discovery of MOT enabled device is current subnet. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the list of devices. + * @param[out] ppList List of MOT enabled devices. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCDiscoverMultipleOwnerEnabledDevices(unsigned short timeout, + OCProvisionDev_t **ppList); + +/** + * The function is responsible for discovery of Multiple Owned device is current subnet. + * + * @param[in] timeout Timeout in seconds, value till which function will listen to responses from + * server before returning the list of devices. + * @param[out] ppList List of Multiple Owned devices. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCDiscoverMultipleOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList); +#endif //MULTIPLE_OWNER + +/** + * API to provision credentials between two devices and ACLs for the devices who act as a server. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] type Type of credentials to be provisioned to the device. + * @param[in] pDev1 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned. + * @param[in] acl ACL for device 1. If this is not required set NULL. + * @param[in] pDev2 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned. + * @param[in] acl ACL for device 2. If this is not required set NULL. + * @param[in] resultCallback callback provided by API user, callback will be called when + * provisioning request recieves a response from first resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionPairwiseDevices(void *ctx, OicSecCredType_t type, size_t keySize, + const OCProvisionDev_t *pDev1, OicSecAcl_t *pDev1Acl, + const OCProvisionDev_t *pDev2, OicSecAcl_t *pDev2Acl, + OCProvisionResultCB resultCallback); + +/** + * API to send ACL information to device. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] selectedDeviceInfo Selected target device. + * @param[in] acl ACL to provision. + * @param[in] resultCallback callback provided by API user, callback will be called when provisioning + request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, + OicSecAcl_t *acl, + OCProvisionResultCB resultCallback); + +/** + * function to save ACL which has several ACE into Acl of SVR. + * + * @param acl ACL to be saved in Acl of SVR. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCSaveACL(const OicSecAcl_t *acl); + +/** + * this function requests CRED information to resource. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] selectedDeviceInfo Selected target device. + * @param[in] resultCallback callback provided by API user, callback will be called when provisioning + request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCGetCredResource(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, + OCProvisionResultCB resultCallback); + +/** + * this function requests ACL information to resource. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] selectedDeviceInfo Selected target device. + * @param[in] resultCallback callback provided by API user, callback will be called when provisioning + request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCGetACLResource(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, + OCProvisionResultCB resultCallback); + +/** + * this function sends Direct-Pairing Configuration to a device. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] selectedDeviceInfo Selected target device. + * @param[in] pconf PCONF pointer. + * @param[in] resultCallback callback provided by API user, callback will be called when provisioning + request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionDirectPairing(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, + OicSecPconf_t *pconf, + OCProvisionResultCB resultCallback); + +/** + * API to provision credential to devices. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] type Type of credentials to be provisioned to the device. + * @param[in] pDev1 Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. + @param[in] pDev2 Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. + * @param[in] resultCallback callback provided by API user, callback will be called when + * provisioning request recieves a response from first resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionCredentials(void *ctx, OicSecCredType_t type, size_t keySize, + const OCProvisionDev_t *pDev1, + const OCProvisionDev_t *pDev2, + OCProvisionResultCB resultCallback); + +#ifdef MULTIPLE_OWNER +/** + * API to provision preconfigured PIN to device(NOT LIST). + * If device does not support the Preconfigured PIN OxM, + * OCProvisionPreconfigPin API will update the device's Doxm + * and then try preconfigured PIN provisioning once again. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] targetDeviceInfo Selected target device. + * @param[in] preconfigPin string of preconfigured PIN. + * @param[in] preconfigPinLen string length of 'preconfigPin'. + * @param[in] resultCallback callback provided by API user, callback will be called when + * provisioning request recieves a response from first resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionPreconfigPin(void *ctx, + OCProvisionDev_t *targetDeviceInfo, + const char *preconfigPin, + size_t preconfigPinLen, + OCProvisionResultCB resultCallback); + +/** + * API to add preconfigured PIN to local SVR DB. + * + * @param[in] targetDeviceInfo Selected target device. + * @param[in] preconfigPin Preconfig PIN which is used while multiple owner authentication + * @param[in] preconfigPinLen Byte length of preconfigPin + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCAddPreconfigPin(const OCProvisionDev_t *targetDeviceInfo, + const char *preconfigPin, + size_t preconfigPinLen); + +/** + * API to update 'doxm.mom' to resource server. + * + * @param[in] targetDeviceInfo Selected target device. + * @param[in] momType Mode of multiple ownership transfer (ref. oic.sec.mom) + * @param[in] resultCallback callback provided by API user, callback will be called when + * POST 'mom' request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCChangeMOTMode(void *ctx, const OCProvisionDev_t *targetDeviceInfo, + const OicSecMomType_t momType, OCProvisionResultCB resultCallback); + +/** + * API to update 'doxm.oxmsel' to resource server. + * + * @param[in] targetDeviceInfo Selected target device. + * @param[in] oxmSelValue Method of multiple ownership transfer (ref. oic.sec.oxm) + * @param[in] resultCallback callback provided by API user, callback will be called when + * POST 'oxmsel' request recieves a response from resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCSelectMOTMethod(void *ctx, const OCProvisionDev_t *targetDeviceInfo, + const OicSecOxm_t oxmSelValue, OCProvisionResultCB resultCallback); +#endif //MULTIPLE_OWNER + +/** + * Function to unlink devices. + * This function will remove the credential & relasionship between the two devices. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] pTargetDev1 fitst device information to be unlinked. + * @param[in] pTargetDev2 second device information to be unlinked. + * @param[in] resultCallback callback provided by API user, callback will be called when + * device unlink is finished. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCUnlinkDevices(void *ctx, + const OCProvisionDev_t *pTargetDev1, + const OCProvisionDev_t *pTargetDev2, + OCProvisionResultCB resultCallback); + +/** + * Function for device revocation + * This function will remove credential of target device from all devices in subnet. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) + * @param[in] pTargetDev Device information to be revoked. + * @param[in] resultCallback callback provided by API user, callback will be called when + * credential revocation is finished. + * @return OC_STACK_OK in case of success and other value otherwise. + * if OC_STACK_OK is returned, the caller of this API should wait for callback. + * OC_STACK_CONTINUE means operation is success but no need to wait for callback. + */ +OCStackResult OCRemoveDevice(void *ctx, + unsigned short waitTimeForOwnedDeviceDiscovery, + const OCProvisionDev_t *pTargetDev, + OCProvisionResultCB resultCallback); + +/* +* Function to device revocation +* This function will remove credential of target device from all devices in subnet. +* +* @param[in] ctx Application context would be returned in result callback +* @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) +* @param[in] pTargetDev Device information to be revoked. +* @param[in] resultCallback callback provided by API user, callback will be called when +* credential revocation is finished. + * @return OC_STACK_OK in case of success and other value otherwise. +*/ +OCStackResult OCRemoveDeviceWithUuid(void *ctx, + unsigned short waitTimeForOwnedDeviceDiscovery, + const OicUuid_t *pTargetUuid, + OCProvisionResultCB resultCallback); + +/* + * Function to reset the target device. + * This function will remove credential and ACL of target device from all devices in subnet. + * + * @param[in] ctx Application context would be returned in result callback + * @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) + * @param[in] pTargetDev Device information to be revoked. + * @param[in] resultCallback callback provided by API user, callback will be called when + * credential revocation is finished. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCResetDevice(void *ctx, unsigned short waitTimeForOwnedDeviceDiscovery, + const OCProvisionDev_t *pTargetDev, + OCProvisionResultCB resultCallback, + OCClientContextDeleter deleteCallback); + +/** + * This function resets SVR DB to its factory setting. + * + *@return OC_STACK_OK in case of successful reset and other value otherwise. + */ +OCStackResult OCResetSVRDB(void); + +/** + * This function configures SVR DB as self-ownership. + * + *@return OC_STACK_OK in case of successful configue and other value otherwise. + */ +OCStackResult OCConfigSelfOwnership(void); + +/** + * API to get status of all the devices in current subnet. The status include endpoint information + * and doxm information which can be extracted duing owned and unowned discovery. Along with this + * information. The API will provide information about devices' status + * Device can have following states + * - ON/OFF: Device is switched on or off. + * + * NOTE: Caller need to call OCDeleteDiscoveredDevices to delete memory allocated by this API for out + * variables pOwnedDevList and pUnownedDevList. + * + * @param[in] waitime Wait time for the API. The wait time will be divided by 2, and half of wait time + * will be used for unowned discovery and remaining half for owned discovery. So the wait time should be + * equal to or more than 2. + * @param[out] pOwnedDevList list of owned devices. + * @param[out] pUnownedDevList list of unowned devices. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCGetDevInfoFromNetwork(unsigned short waittime, + OCProvisionDev_t **pOwnedDevList, + OCProvisionDev_t **pUnownedDevList); +/** + * This method is used to get linked devices' IDs. + * + * @param[in] uuidOfDevice a target device's uuid. + * @param[out] uuidList information about the list of linked devices' uuids. + * @param[out] numOfDevices total number of linked devices. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCGetLinkedStatus(const OicUuid_t *uuidOfDevice, + OCUuidList_t **uuidList, + size_t *numOfDevices); + +/** + * API to delete memory allocated to linked list created by OCDiscover_XXX_Devices API. + * + * @param[in] pList Pointer to OCProvisionDev_t which should be deleted. + */ +void OCDeleteDiscoveredDevices(OCProvisionDev_t *pList); + +/** + * API to delete memory allocated to OicUuid_t list. + * + * @param[in] pList Pointer to OicUuid_t list which should be deleted. + */ +void OCDeleteUuidList(OCUuidList_t *pList); + +/** + * This function deletes ACL data. + * + * @param pAcl Pointer to OicSecAcl_t structure. + */ +void OCDeleteACLList(OicSecAcl_t *pAcl); + +/** + * This function deletes PDACL data. + * + * @param pPdAcl Pointer to OicSecPdAcl_t structure. + */ +void OCDeletePdAclList(OicSecPdAcl_t *pPdAcl); + +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) +/** + * function to provision Trust certificate chain to devices. + * + * @param[in] ctx Application context would be returned in result callback. + * @param[in] type Type of credentials to be provisioned to the device. + * @param[in] credId CredId of trust certificate chain to be provisioned to the device. + * @param[in] selectedDeviceInfo Pointer to OCProvisionDev_t instance,respresenting resource to be provsioned. + * @param[in] resultCallback callback provided by API user, callback will be called when + * provisioning request recieves a response from first resource server. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint16_t credId, + const OCProvisionDev_t *selectedDeviceInfo, + OCProvisionResultCB resultCallback); +/** + * function to save Trust certificate chain into Cred of SVR. + * + * @param[in] trustCertChain Trust certificate chain to be saved in Cred of SVR. + * @param[in] chainSize Size of trust certificate chain to be saved in Cred of SVR + * @param[in] encodingType Encoding type of trust certificate chain to be saved in Cred of SVR + * @param[out] credId CredId of saved trust certificate chain in Cred of SVR. + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize, + OicEncodingType_t encodingType, uint16_t *credId); +/** + * function to register callback, for getting notification for TrustCertChain change. + * + * @param[in] TrustCertChainChangeCB notifier callback function + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCRegisterTrustCertChainNotifier(void *cb, TrustCertChainChangeCB CB); + +/** + * function to de-register TrustCertChain notification callback. + */ +void OCRemoveTrustCertChainNotifier(void); + +/* + * Function to read Trust certificate chain from SVR. + * Caller must free when done using the returned trust certificate + * @param[in] credId CredId of trust certificate chain in SVR. + * @param[out] trustCertChain Trust certificate chain. + * @param[out] chainSize Size of trust certificate chain + * @return OC_STACK_OK in case of success and other value otherwise. + */ +OCStackResult OCReadTrustCertChain(uint16_t credId, uint8_t **trustCertChain, + size_t *chainSize); + +/** + * Function to select appropriate security provisioning method. + * + * @param[in] supportedMethods Array of supported methods + * @param[in] numberOfMethods number of supported methods + * @param[out] selectedMethod Selected methods + * @param[in] ownerType type of owner device (SUPER_OWNER or SUB_OWNER) + * @return OC_STACK_OK on success + */ +OCStackResult OCSelectOwnershipTransferMethod(const OicSecOxm_t *supportedMethods, + size_t numberOfMethods, OicSecOxm_t *selectedMethod, OwnerType_t ownerType); + +/** + * This function sets the callback to utilize peer certificate information + */ +OCStackResult OCSetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback); + +#endif // __WITH_DTLS__ || __WITH_TLS__ + + +#ifdef __cplusplus +} +#endif // __cplusplus + +#endif /* OCPROVISIONINGMANAGER_H_ */ diff --git a/resource/csdk/security/provisioning/src/ocprovisioningmanager.c b/resource/csdk/security/provisioning/src/ocprovisioningmanager.c index afdc839..1a3f56c 100644 --- a/resource/csdk/security/provisioning/src/ocprovisioningmanager.c +++ b/resource/csdk/security/provisioning/src/ocprovisioningmanager.c @@ -336,6 +336,23 @@ OCStackResult OCDoOwnershipTransfer(void* ctx, return OTMDoOwnershipTransfer(ctx, targetDevices, resultCallback); } +OCStackResult OCDoCustomOwnershipTransfer(void* ctx, + OCProvisionDev_t *selectedDevice, + OCProvisionResultCB resultCallback, + const OicSecOxm_t method) +{ + if( NULL == selectedDevice ) + { + return OC_STACK_INVALID_PARAM; + } + if (!resultCallback) + { + OIC_LOG(INFO, TAG, "OCDoCustomOwnershipTransfer : NULL Callback"); + return OC_STACK_INVALID_CALLBACK; + } + return OTMDoCustomOwnershipTransfer(ctx, selectedDevice, resultCallback, method); +} + /** * This function deletes memory allocated to linked list created by OCDiscover_XXX_Devices API. * diff --git a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c index 9ce4414..92836d5 100644 --- a/resource/csdk/security/provisioning/src/ownershiptransfermanager.c +++ b/resource/csdk/security/provisioning/src/ownershiptransfermanager.c @@ -2165,6 +2165,60 @@ exit: return res; } +static OCStackResult StartCustomOwnershipTransfer(void* ctx, OCProvisionDev_t* selectedDevice,const OicSecOxm_t method) +{ + OIC_LOG(INFO, TAG, "IN StartOwnershipTransfer"); + OCStackResult res = OC_STACK_INVALID_PARAM; + + VERIFY_NON_NULL(TAG, selectedDevice, ERROR); + VERIFY_NON_NULL(TAG, selectedDevice->doxm, ERROR); + + OTMContext_t* otmCtx = (OTMContext_t*)ctx; + otmCtx->selectedDeviceInfo = selectedDevice; + + //Setup PDM to perform the OTM, PDM will be cleanup if necessary. + res = SetupPDM(selectedDevice); + if(OC_STACK_OK != res) + { + OIC_LOG_V(ERROR, TAG, "SetupPDM error : %d", res); + SetResult(otmCtx, res); + return res; + } + + //Select the OxM to performing ownership transfer + selectedDevice->doxm->oxmSel = method; + OIC_LOG_V(DEBUG, TAG, "Selected provisoning method = %d", selectedDevice->doxm->oxmSel); + + res = OTMSetOTCallback(selectedDevice->doxm->oxmSel, &otmCtx->otmCallback); + if(OC_STACK_OK != res) + { + OIC_LOG_V(ERROR, TAG, "Error in OTMSetOTCallback : %d", res); + return res; + } + +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) + //Register TLS event handler, to catch the TLS handshake event + if(CA_STATUS_OK != CAregisterSslHandshakeCallback(DTLSHandshakeCB)) + { + OIC_LOG(WARNING, TAG, "StartOwnershipTransfer : Failed to register TLS handshake callback."); + } +#endif // __WITH_DTLS__ or __WITH_TLS__ + + //Send Req: POST /oic/sec/doxm [{..."OxmSel" :g_OTMCbDatas[Index of Selected OxM].OXMString,...}] + res = PostOwnerTransferModeToResource(otmCtx); + if(OC_STACK_OK != res) + { + OIC_LOG_V(WARNING, TAG, "Failed to select the provisioning method : %d", res); + SetResult(otmCtx, res); + return res; + } + + OIC_LOG(INFO, TAG, "OUT StartOwnershipTransfer"); + +exit: + return res; +} + OCStackResult OTMSetOwnershipTransferCallbackData(OicSecOxm_t oxmType, OTMCallbackData_t* data) { OIC_LOG(DEBUG, TAG, "IN OTMSetOwnerTransferCallbackData"); @@ -2187,6 +2241,58 @@ OCStackResult OTMSetOwnershipTransferCallbackData(OicSecOxm_t oxmType, OTMCallba return OC_STACK_OK; } +OCStackResult OTMDoCustomOwnershipTransfer(void* ctx, + OCProvisionDev_t *selectedDevice, + OCProvisionResultCB resultCallback, + const OicSecOxm_t method) +{ + OIC_LOG(DEBUG, TAG, "IN OTMDoCustomOwnershipTransfer"); + + if (NULL == selectedDevice) + { + return OC_STACK_INVALID_PARAM; + } + if (NULL == resultCallback) + { + return OC_STACK_INVALID_CALLBACK; + } + + OTMContext_t* otmCtx = (OTMContext_t*)OICCalloc(1,sizeof(OTMContext_t)); + if(!otmCtx) + { + OIC_LOG(ERROR, TAG, "Failed to create OTM Context"); + return OC_STACK_NO_MEMORY; + } + + otmCtx->ctxResultCallback = resultCallback; + otmCtx->ctxHasError = false; + otmCtx->userCtx = ctx; + + //Setting number of selected device. + otmCtx->ctxResultArraySize = 1; + + otmCtx->ctxResultArray = + (OCProvisionResult_t*)OICCalloc(otmCtx->ctxResultArraySize, sizeof(OCProvisionResult_t)); + if(NULL == otmCtx->ctxResultArray) + { + OIC_LOG(ERROR, TAG, "OTMDoOwnershipTransfer : Failed to memory allocation"); + OICFree(otmCtx); + return OC_STACK_NO_MEMORY; + } + + //Fill the device UUID for result array. + memcpy(otmCtx->ctxResultArray[0].deviceId.id, + selectedDevice->doxm->deviceID.id, + UUID_LENGTH); + otmCtx->ctxResultArray[0].res = OC_STACK_CONTINUE; + + OCStackResult res = StartCustomOwnershipTransfer(otmCtx, selectedDevice, method); + + OIC_LOG(DEBUG, TAG, "OUT OTMDoCustomOwnershipTransfer"); + + return res; +} + /** * NOTE : Unowned discovery should be done before performing OTMDoOwnershipTransfer */ diff --git a/resource/csdk/security/src/credresource.c b/resource/csdk/security/src/credresource.c index 585d48b..a93acb7 100644 --- a/resource/csdk/security/src/credresource.c +++ b/resource/csdk/security/src/credresource.c @@ -1942,7 +1942,20 @@ static OCEntityHandlerResult HandlePostRequest(OCEntityHandlerRequest * ehReques } #endif // __WITH_DTLS__ or __WITH_TLS__ } - + else + { + if(OIC_MANUFACTURER_CERTIFICATE == doxm->oxmSel) + { +#if defined(__WITH_DTLS__) || defined(__WITH_TLS__) + if(CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials)) + { + OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler."); + ret = OC_EH_ERROR; + break; + } +#endif // __WITH_DTLS__ or __WITH_TLS__ + } + } //Select cipher suite to use owner PSK if(CA_STATUS_OK != CAEnableAnonECDHCipherSuite(false)) { diff --git a/resource/include/OCProvisioningManager.hpp b/resource/include/OCProvisioningManager.hpp index 8db912b..080db13 100644 --- a/resource/include/OCProvisioningManager.hpp +++ b/resource/include/OCProvisioningManager.hpp @@ -481,6 +481,7 @@ namespace OC private: std::weak_ptr m_csdkLock; OCProvisionDev_t *devPtr; // pointer to device. + ProvisionContext* context; public: OCSecureResource(); @@ -512,6 +513,7 @@ namespace OC * @return ::OC_STACK_OK in case of success and other value otherwise. */ OCStackResult doOwnershipTransfer(ResultCallBack resultCallback); + OCStackResult doOwnershipTransfer(ResultCallBack resultCallback, const OicSecOxm_t method); /** * API to send ACL information to resource. diff --git a/resource/provisioning/src/OCProvisioningManager.cpp b/resource/provisioning/src/OCProvisioningManager.cpp index c34b505..e83b332 100644 --- a/resource/provisioning/src/OCProvisioningManager.cpp +++ b/resource/provisioning/src/OCProvisioningManager.cpp @@ -890,13 +890,14 @@ namespace OC } OCSecureResource::OCSecureResource(): m_csdkLock(std::weak_ptr()), - devPtr(nullptr) + devPtr(nullptr), + context(nullptr) { } OCSecureResource::OCSecureResource(std::weak_ptr csdkLock, OCProvisionDev_t *dPtr) - :m_csdkLock(csdkLock), devPtr(dPtr) + :m_csdkLock(csdkLock), devPtr(dPtr), context(nullptr) { } @@ -906,6 +907,10 @@ namespace OC { OCDeleteDiscoveredDevices(devPtr); } + if(context) + { + delete context; + } } OCStackResult OCSecureResource::doOwnershipTransfer(ResultCallBack resultCallback) @@ -922,6 +927,11 @@ namespace OC if (cLock) { ProvisionContext* context = new ProvisionContext(resultCallback); + if(context) + { + delete context; + } + context = new ProvisionContext(resultCallback); std::lock_guard lock(*cLock); result = OCDoOwnershipTransfer(static_cast(context), @@ -935,6 +945,37 @@ namespace OC return result; } + OCStackResult OCSecureResource::doOwnershipTransfer(ResultCallBack resultCallback, const OicSecOxm_t method) + { + if (!resultCallback) + { + oclog() <<"Result callback can't be null"; + return OC_STACK_INVALID_CALLBACK; + } + + OCStackResult result; + auto cLock = m_csdkLock.lock(); + + if (cLock) + { + if(context) + { + delete context; + } + context = new ProvisionContext(resultCallback); + + std::lock_guard lock(*cLock); + result = OCDoCustomOwnershipTransfer(static_cast(context), + devPtr, &OCSecureResource::callbackWrapper, method); + } + else + { + oclog() <<"Mutex not found"; + result = OC_STACK_ERROR; + } + return result; + } + #ifdef MULTIPLE_OWNER OCStackResult OCSecureResource::doMultipleOwnershipTransfer(ResultCallBack resultCallback) { diff --git a/service/easy-setup/enrollee/src/easysetup.c b/service/easy-setup/enrollee/src/easysetup.c index d4546a2..d77f096 100755 --- a/service/easy-setup/enrollee/src/easysetup.c +++ b/service/easy-setup/enrollee/src/easysetup.c @@ -46,7 +46,7 @@ static ESDeviceProperty gESDeviceProperty; void ESConnectRequestCallback(ESResult esResult, ESConnectRequest *eventData) { - OIC_LOG_V(DEBUG, ES_ENROLLEE_TAG, "ESConnectRequestCallback IN"); + OIC_LOG_V(INFO, ES_ENROLLEE_TAG, "ESConnectRequestCallback IN"); if(esResult != ES_OK) { @@ -63,6 +63,8 @@ void ESConnectRequestCallback(ESResult esResult, ESConnectRequest *eventData) OIC_LOG_V(ERROR, ES_ENROLLEE_TAG, "ConnectRequestCb is NULL"); return; } + + OIC_LOG_V(INFO, ES_ENROLLEE_TAG, "ESConnectRequestCallback OUT"); } void ESWiFiConfRsrcCallback(ESResult esResult, ESWiFiConfData *eventData) @@ -85,6 +87,7 @@ void ESWiFiConfRsrcCallback(ESResult esResult, ESWiFiConfData *eventData) OIC_LOG(ERROR, ES_ENROLLEE_TAG, "WiFiConfProvCb is NULL"); return; } + OIC_LOG(INFO, ES_ENROLLEE_TAG, "ESWiFiConfRsrcCallback OUT"); } void ESCoapCloudConfRsrcCallback(ESResult esResult, ESCoapCloudConfData *eventData) @@ -106,6 +109,7 @@ void ESCoapCloudConfRsrcCallback(ESResult esResult, ESCoapCloudConfData *eventDa OIC_LOG(ERROR, ES_ENROLLEE_TAG, "CoapCloudConfProvCb is NULL"); return; } + OIC_LOG(INFO, ES_ENROLLEE_TAG, "ESCoapCloudConfRsrcCallback OUT"); } void ESDevConfRsrcallback(ESResult esResult, ESDevConfData *eventData) @@ -127,6 +131,7 @@ void ESDevConfRsrcallback(ESResult esResult, ESDevConfData *eventData) OIC_LOG(ERROR, ES_ENROLLEE_TAG, "DevConfProvCb is NULL"); return; } + OIC_LOG(INFO, ES_ENROLLEE_TAG, "ESDevConfRsrcallback OUT"); } ESResult ESInitEnrollee(bool isSecured, ESResourceMask resourceMask, ESProvisioningCallbacks callbacks) @@ -280,7 +285,7 @@ ESResult ESTerminateEnrollee() return ES_ERROR; } - OIC_LOG(ERROR, ES_ENROLLEE_TAG, "ESTerminateEnrollee success"); + OIC_LOG(INFO, ES_ENROLLEE_TAG, "ESTerminateEnrollee success"); return ES_OK; } @@ -295,5 +300,6 @@ ESResult ESSetCallbackForUserdata(ESReadUserdataCb readCb, ESWriteUserdataCb wri } SetCallbackForUserData(readCb, writeCb); + OIC_LOG(INFO, ES_ENROLLEE_TAG, "ESSetCallbackForUserdata OUT"); return ES_OK; } diff --git a/service/easy-setup/enrollee/src/resourcehandler.c b/service/easy-setup/enrollee/src/resourcehandler.c index d3dc37b..bebd813 100755 --- a/service/easy-setup/enrollee/src/resourcehandler.c +++ b/service/easy-setup/enrollee/src/resourcehandler.c @@ -1516,12 +1516,12 @@ OCEntityHandlerResult OCEntityHandlerCb(OCEntityHandlerFlag flag, { if (OC_REST_GET == entityHandlerRequest->method) { - OIC_LOG(DEBUG, ES_RH_TAG, "Received GET request"); + OIC_LOG(INFO, ES_RH_TAG, "Received GET request"); ehRet = ProcessGetRequest(entityHandlerRequest, &payload); } else if (OC_REST_PUT == entityHandlerRequest->method) { - OIC_LOG(DEBUG, ES_RH_TAG, "Received PUT request"); + OIC_LOG(INFO, ES_RH_TAG, "Received PUT request"); //PUT request will be handled in the internal implementation if (g_ESEasySetupResource.handle != NULL) @@ -1536,7 +1536,7 @@ OCEntityHandlerResult OCEntityHandlerCb(OCEntityHandlerFlag flag, } else if (OC_REST_POST == entityHandlerRequest->method) { - OIC_LOG(DEBUG, ES_RH_TAG, "Received OC_REST_POST from client"); + OIC_LOG(INFO, ES_RH_TAG, "Received OC_REST_POST from client"); if (g_ESEasySetupResource.handle != NULL) { ehRet = ProcessPostRequest(entityHandlerRequest, &payload); @@ -1562,6 +1562,7 @@ OCEntityHandlerResult OCEntityHandlerCb(OCEntityHandlerFlag flag, response.persistentBufferFlag = 0; // Send the response + OIC_LOG(INFO, ES_RH_TAG, "Invoking OCDoResponse"); if (OCDoResponse(&response) != OC_STACK_OK) { OIC_LOG(ERROR, ES_RH_TAG, "Error sending response"); @@ -1581,6 +1582,8 @@ OCEntityHandlerResult OCEntityHandlerCb(OCEntityHandlerFlag flag, OIC_LOG(DEBUG, ES_RH_TAG, "Received OC_OBSERVE_DEREGISTER from Mediator"); } } + + OIC_LOG(INFO, ES_RH_TAG, "ES OCEntityHandlerCb OUT"); return ehRet; } diff --git a/service/resource-encapsulation/src/resourceCache/include/ResourceCacheManager.h b/service/resource-encapsulation/src/resourceCache/include/ResourceCacheManager.h index ae02cac..01b9921 100644 --- a/service/resource-encapsulation/src/resourceCache/include/ResourceCacheManager.h +++ b/service/resource-encapsulation/src/resourceCache/include/ResourceCacheManager.h @@ -75,7 +75,6 @@ namespace OIC static std::unique_ptr> s_cacheDataList; std::map cacheIDmap; - std::list m_observeCacheList; std::map observeCacheIDmap; ResourceCacheManager() = default; diff --git a/service/resource-encapsulation/src/resourceCache/src/ResourceCacheManager.cpp b/service/resource-encapsulation/src/resourceCache/src/ResourceCacheManager.cpp index e572575..8272570 100644 --- a/service/resource-encapsulation/src/resourceCache/src/ResourceCacheManager.cpp +++ b/service/resource-encapsulation/src/resourceCache/src/ResourceCacheManager.cpp @@ -88,7 +88,6 @@ namespace OIC auto newHandler = std::make_shared(pResource); newHandler->startCache(std::move(func)); - m_observeCacheList.push_back(newHandler); observeCacheIDmap.insert(std::make_pair(retID, newHandler)); return retID; @@ -147,12 +146,12 @@ namespace OIC catch (...) { (observeIns->second).reset(); - observeCacheIDmap.erase(observeIns); + observeCacheIDmap.erase(id); lock.~lock_guard(); throw; } (observeIns->second).reset(); - observeCacheIDmap.erase(observeIns); + observeCacheIDmap.erase(id); return; } @@ -177,13 +176,13 @@ namespace OIC if (updateId == 0) { - throw RCSInvalidParameterException {"[getCachedData] CacheID is NULL"}; + throw RCSInvalidParameterException {"[updateResourceCache] CacheID is NULL"}; } DataCachePtr foundCache = findDataCache(updateId); if (foundCache == nullptr) { - throw RCSInvalidParameterException {"[getCachedData] CacheID is invaild"}; + throw RCSInvalidParameterException {"[updateResourceCache] CacheID is invaild"}; } foundCache->requestGet(); } -- 2.7.4