Commit 14af5d46 authored by Dmitriy Zhuravlev's avatar Dmitriy Zhuravlev

Revert "Fix PKIX provision"

This reverts commit 2e7005a0.

Change-Id: I3e94a2c70a9c8de5e700ad9c1314b1e42ae17408
Signed-off-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/6285
parent 2e7005a0
...@@ -29,6 +29,7 @@ extern "C" { ...@@ -29,6 +29,7 @@ extern "C" {
#endif //__cplusplus #endif //__cplusplus
#ifdef X509_DEBUG #ifdef X509_DEBUG
#warning "DEBUG is enabled"
#include <stdio.h> // <printf> #include <stdio.h> // <printf>
#endif #endif
......
...@@ -41,20 +41,7 @@ extern "C" ...@@ -41,20 +41,7 @@ extern "C"
*/ */
OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo, OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo,
OicSecAcl_t *acl, OCProvisionResultCB resultCallback); OicSecAcl_t *acl, OCProvisionResultCB resultCallback);
#ifdef __WITH_X509__
/**
* API to send CRL information to resource.
*
* @param[in] selectedDeviceInfo Selected target device.
* @param[in] crl CRL to provision.
* @param[in] resultCallback callback provided by API user, callback will be called when
* provisioning request recieves a response from resource server.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult SRPProvisionCRL(void *ctx, const OCProvisionDev_t *selectedDeviceInfo,
OicSecCrl_t *crl, OCProvisionResultCB resultCallback);
#endif // __WITH_X509__
/** /**
* API to send Direct-Pairing Configuration to a device. * API to send Direct-Pairing Configuration to a device.
* *
......
...@@ -177,18 +177,18 @@ static OCStackResult GenerateCertificateAndKeys(const OicUuid_t * subject, OicSe ...@@ -177,18 +177,18 @@ static OCStackResult GenerateCertificateAndKeys(const OicUuid_t * subject, OicSe
numCert ++; numCert ++;
uint32_t len = 0; uint32_t len = 0;
for (size_t i = 0; i < numCert; i++) for (size_t i = 0; i < numCert; ++i)
{ {
certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data, certificateChain->data = (uint8_t *) OICRealloc(certificateChain->data, len + cert[i].len + CERT_LEN_PREFIX);
len + cert[i].len + CERT_LEN_PREFIX);
if (NULL == certificateChain->data) if (NULL == certificateChain->data)
{ {
OIC_LOG(ERROR, TAG, "Error while memory allocation"); OIC_LOG(ERROR, TAG, "Error while memory allocation");
return OC_STACK_ERROR; return OC_STACK_ERROR;
} }
uint32_t appendedLen = appendCert2Chain(certificateChain->data + len, uint32_t appendedLen = appendCert2Chain(certificateChain->data + len, cert[i].data,
cert[i].data, cert[i].len); cert[i].len);
//TODO function check len
if (0 == appendedLen) if (0 == appendedLen)
{ {
OIC_LOG(ERROR, TAG, "Error while certifiacate chain creation."); OIC_LOG(ERROR, TAG, "Error while certifiacate chain creation.");
......
...@@ -629,19 +629,17 @@ OCStackResult SRPProvisionCredentials(void *ctx, OicSecCredType_t type, size_t k ...@@ -629,19 +629,17 @@ OCStackResult SRPProvisionCredentials(void *ctx, OicSecCredType_t type, size_t k
const OCProvisionDev_t *pDev2, const OCProvisionDev_t *pDev2,
OCProvisionResultCB resultCallback) OCProvisionResultCB resultCallback)
{ {
VERIFY_NON_NULL(TAG, pDev1, ERROR, OC_STACK_INVALID_PARAM); if (!pDev1 || !pDev2 || !pDev1->doxm || !pDev2->doxm)
if (SYMMETRIC_PAIR_WISE_KEY == type)
{ {
VERIFY_NON_NULL(TAG, pDev2, ERROR, OC_STACK_INVALID_PARAM); OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL parameters");
return OC_STACK_INVALID_PARAM;
} }
VERIFY_NON_NULL(TAG, resultCallback, ERROR, OC_STACK_INVALID_CALLBACK);
if (!resultCallback) if (!resultCallback)
{ {
OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL Callback"); OIC_LOG(INFO, TAG, "SRPUnlinkDevices : NULL Callback");
return OC_STACK_INVALID_CALLBACK; return OC_STACK_INVALID_CALLBACK;
} }
if (SYMMETRIC_PAIR_WISE_KEY == type && if (0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t)))
0 == memcmp(&pDev1->doxm->deviceID, &pDev2->doxm->deviceID, sizeof(OicUuid_t)))
{ {
OIC_LOG(INFO, TAG, "SRPUnlinkDevices : Same device ID"); OIC_LOG(INFO, TAG, "SRPUnlinkDevices : Same device ID");
return OC_STACK_INVALID_PARAM; return OC_STACK_INVALID_PARAM;
......
...@@ -133,7 +133,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload ...@@ -133,7 +133,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
{ {
return OC_STACK_INVALID_PARAM; return OC_STACK_INVALID_PARAM;
} }
OIC_LOG(DEBUG, TAG, "CredToCBORPayload IN");
OCStackResult ret = OC_STACK_ERROR; OCStackResult ret = OC_STACK_ERROR;
CborError cborEncoderResult = CborNoError; CborError cborEncoderResult = CborNoError;
...@@ -178,7 +178,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload ...@@ -178,7 +178,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
mapSize++; mapSize++;
} }
#ifdef __WITH_X509__ #ifdef __WITH_X509__
if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) if (cred->publicData.data)
{ {
mapSize++; mapSize++;
} }
...@@ -216,7 +216,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload ...@@ -216,7 +216,7 @@ OCStackResult CredToCBORPayload(const OicSecCred_t *credS, uint8_t **cborPayload
#ifdef __WITH_X509__ #ifdef __WITH_X509__
//PublicData -- Not Mandatory //PublicData -- Not Mandatory
if (SIGNED_ASYMMETRIC_KEY == cred->credType && cred->publicData.data) if (cred->publicData.data)
{ {
CborEncoder publicMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 }; CborEncoder publicMap = { {.ptr = NULL }, .end = 0, .added = 0, .flags = 0 };
const size_t publicMapSize = 2; const size_t publicMapSize = 2;
...@@ -360,9 +360,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, ...@@ -360,9 +360,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
{ {
return OC_STACK_INVALID_PARAM; return OC_STACK_INVALID_PARAM;
} }
OIC_LOG(DEBUG, TAG, "CBORPayloadToCred IN");
*secCred = NULL;
OCStackResult ret = OC_STACK_ERROR; OCStackResult ret = OC_STACK_ERROR;
CborValue credCbor = { .parser = NULL }; CborValue credCbor = { .parser = NULL };
...@@ -594,8 +591,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size, ...@@ -594,8 +591,6 @@ OCStackResult CBORPayloadToCred(const uint8_t *cborPayload, size_t size,
*secCred = headCred; *secCred = headCred;
ret = OC_STACK_OK; ret = OC_STACK_OK;
OIC_LOG(DEBUG, TAG, "CBORPayloadToCred OUT");
exit: exit:
if (CborNoError != cborFindResult) if (CborNoError != cborFindResult)
{ {
...@@ -1408,10 +1403,9 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo) ...@@ -1408,10 +1403,9 @@ int GetDtlsX509Credentials(CADtlsX509Creds_t *credInfo)
{ {
goto exit; goto exit;
} }
credInfo->chainLen = 2;
memcpy(credInfo->certificateChain, cred->publicData.data, cred->publicData.len); memcpy(credInfo->certificateChain, cred->publicData.data, cred->publicData.len);
memcpy(credInfo->devicePrivateKey, cred->privateData.data, cred->privateData.len); memcpy(credInfo->devicePrivateKey, cred->privateData.data, cred->privateData.len);
credInfo->certificateChainLen = cred->publicData.len; credInfo->certificateChainLen = parseCertPrefix(cred->publicData.data);
GetCAPublicKeyData(credInfo); GetCAPublicKeyData(credInfo);
ret = 0; ret = 0;
exit: exit:
......
...@@ -26,7 +26,6 @@ ...@@ -26,7 +26,6 @@
#include "srmutility.h" #include "srmutility.h"
#include "doxmresource.h" #include "doxmresource.h"
#include "ocpayload.h" #include "ocpayload.h"
#include "oic_malloc.h"
#ifdef __WITH_X509__ #ifdef __WITH_X509__
#include "crlresource.h" #include "crlresource.h"
#include "crl.h" #include "crl.h"
...@@ -42,7 +41,7 @@ ...@@ -42,7 +41,7 @@
#define OIC_CBOR_CRL_ID "CRLId" #define OIC_CBOR_CRL_ID "CRLId"
#define OIC_CBOR_CRL_THIS_UPDATE "ThisUpdate" #define OIC_CBOR_CRL_THIS_UPDATE "ThisUpdate"
#define OIC_CBOR_CRL_DATA "CRLData" #define OIC_CBOR_CRL_DATA "CRLData"
#define CRL_DEFAULT_CRL_ID (1) #define CRL_DEFAULT_CRL_ID 1
#define CRL_DEFAULT_THIS_UPDATE "150101000000Z" #define CRL_DEFAULT_THIS_UPDATE "150101000000Z"
#define CRL_DEFAULT_CRL_DATA "-" #define CRL_DEFAULT_CRL_DATA "-"
...@@ -168,13 +167,18 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, ...@@ -168,13 +167,18 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
OCStackResult ret = OC_STACK_ERROR; OCStackResult ret = OC_STACK_ERROR;
*secCrl = NULL; *secCrl = NULL;
CborValue crlCbor = {.parser = NULL}; CborValue crlCbor = { .parser = NULL };
CborParser parser = {.end = NULL}; CborParser parser = { .end = NULL };
CborError cborFindResult = CborNoError; CborError cborFindResult = CborNoError;
int cborLen = (size == 0) ? CBOR_SIZE : size; int cborLen = size;
if (0 == size)
{
cborLen = CBOR_SIZE;
}
cbor_parser_init(cborPayload, cborLen, 0, &parser, &crlCbor); cbor_parser_init(cborPayload, cborLen, 0, &parser, &crlCbor);
CborValue crlMap = { .parser = NULL}; CborValue crlMap = { .parser = NULL } ;
OicSecCrl_t *crl = NULL; OicSecCrl_t *crl = NULL;
char *name = NULL;
size_t outLen = 0; size_t outLen = 0;
cborFindResult = cbor_value_enter_container(&crlCbor, &crlMap); cborFindResult = cbor_value_enter_container(&crlCbor, &crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR); VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
...@@ -182,26 +186,74 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, ...@@ -182,26 +186,74 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
crl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t)); crl = (OicSecCrl_t *)OICCalloc(1, sizeof(OicSecCrl_t));
VERIFY_NON_NULL(TAG, crl, ERROR); VERIFY_NON_NULL(TAG, crl, ERROR);
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_ID, &crlMap); while (cbor_value_is_valid(&crlMap))
if (CborNoError == cborFindResult && cbor_value_is_integer(&crlMap))
{ {
cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId); size_t len = 0;
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding CrlId."); cborFindResult = cbor_value_dup_text_string(&crlMap, &name, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
cborFindResult = cbor_value_advance(&crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
CborType type = cbor_value_get_type(&crlMap);
if (0 == strcmp(OIC_CBOR_CRL_ID, name))
{
cborFindResult = cbor_value_get_int(&crlMap, (int *) &crl->CrlId);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
}
if (0 == strcmp(OIC_CBOR_CRL_THIS_UPDATE, name))
{
uint8_t *crlByte = NULL;
cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
crl->ThisUpdate.data = (uint8_t*) OICMalloc(len);
VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR);
memcpy(crl->ThisUpdate.data, crlByte, len);
crl->ThisUpdate.len = len;
OICFree(crlByte);
}
if (0 == strcmp(OIC_CBOR_CRL_DATA, name))
{
uint8_t *crlByte = NULL;
cborFindResult = cbor_value_dup_byte_string(&crlMap, &crlByte, &len, NULL);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
crl->CrlData.data = (uint8_t*) OICMalloc(len);
VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR);
memcpy(crl->CrlData.data, crlByte, len);
crl->CrlData.len = len;
OICFree(crlByte);
}
if (CborMapType != type && cbor_value_is_valid(&crlMap))
{
cborFindResult = cbor_value_advance(&crlMap);
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, ERROR);
}
OICFree(name);
name = NULL;
}
// PUT/POST CBOR may not have mandatory values set default values.
if (!crl->CrlId)
{
VERIFY_NON_NULL(TAG, gCrl, ERROR);
crl->CrlId = gCrl->CrlId;
} }
if (!crl->ThisUpdate.data)
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_THIS_UPDATE, &crlMap);
if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap))
{ {
cborFindResult = cbor_value_dup_byte_string(&crlMap, VERIFY_NON_NULL(TAG, gCrl, ERROR);
&crl->ThisUpdate.data, &crl->ThisUpdate.len, NULL); outLen = gCrl->ThisUpdate.len;
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array."); crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen);
VERIFY_NON_NULL(TAG, crl->ThisUpdate.data, ERROR);
memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen);
crl->ThisUpdate.len = outLen;
} }
cborFindResult = cbor_value_map_find_value(&crlCbor, OIC_CBOR_CRL_DATA, &crlMap); if (!crl->CrlData.data)
if (CborNoError == cborFindResult && cbor_value_is_byte_string(&crlMap))
{ {
cborFindResult = cbor_value_dup_byte_string(&crlMap, VERIFY_NON_NULL(TAG, gCrl, ERROR);
&crl->CrlData.data, &crl->CrlData.len, NULL); outLen = gCrl->CrlData.len;
VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Byte Array."); crl->CrlData.data = (uint8_t*) OICMalloc(outLen);
VERIFY_NON_NULL(TAG, crl->CrlData.data, ERROR);
memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen);
crl->CrlData.len = outLen;
} }
*secCrl = crl; *secCrl = crl;
...@@ -209,54 +261,15 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size, ...@@ -209,54 +261,15 @@ OCStackResult CBORPayloadToCrl(const uint8_t *cborPayload, const size_t size,
exit: exit:
if (CborNoError != cborFindResult) if (CborNoError != cborFindResult)
{ {
// PUT/POST CBOR may not have mandatory values set default values. OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed");
if (gCrl) DeleteCrlBinData(crl);
{ crl = NULL;
OIC_LOG (DEBUG, TAG, "Set default values"); *secCrl = NULL;
crl->CrlId = gCrl->CrlId; ret = OC_STACK_ERROR;
if (crl->ThisUpdate.data) }
{ if (name)
OICFree(crl->ThisUpdate.data); {
} OICFree(name);
outLen = gCrl->ThisUpdate.len;
crl->ThisUpdate.data = (uint8_t*) OICMalloc(outLen);
if (crl->ThisUpdate.data)
{
memcpy(crl->ThisUpdate.data, gCrl->ThisUpdate.data, outLen);
crl->ThisUpdate.len = outLen;
}
else
{
crl->ThisUpdate.len = 0;
OIC_LOG(ERROR, TAG, "Set default failed");
}
if (crl->CrlData.data)
{
OICFree(crl->CrlData.data);
}
outLen = gCrl->CrlData.len;
crl->CrlData.data = (uint8_t*) OICMalloc(outLen);
if (crl->CrlData.data && gCrl->CrlData.data)
{
memcpy(crl->CrlData.data, gCrl->CrlData.data, outLen);
crl->CrlData.len = outLen;
}
else
{
crl->CrlData.len = 0;
OIC_LOG (ERROR, TAG, "Set default failed");
}
*secCrl = crl;
ret = OC_STACK_OK;
}
else
{
OIC_LOG (ERROR, TAG, "CBORPayloadToCrl failed");
DeleteCrlBinData(crl);
crl = NULL;
ret = OC_STACK_ERROR;
}
} }
return ret; return ret;
} }
...@@ -280,12 +293,11 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * ...@@ -280,12 +293,11 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
OCEntityHandlerResult ehRet = OC_EH_ERROR; OCEntityHandlerResult ehRet = OC_EH_ERROR;
OicSecCrl_t *crl = NULL; OicSecCrl_t *crl = NULL;
uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1; uint8_t *payload = ((OCSecurityPayload *)ehRequest->payload)->securityData1;
size_t size = ((OCSecurityPayload *) ehRequest->payload)->payloadSize;
if (payload) if (payload)
{ {
OIC_LOG(INFO, TAG, "UpdateSVRDB..."); OIC_LOG(INFO, TAG, "UpdateSVRDB...");
CBORPayloadToCrl(payload, size, &crl); CBORPayloadToCrl(payload, CBOR_SIZE, &crl);
VERIFY_NON_NULL(TAG, crl, ERROR); VERIFY_NON_NULL(TAG, crl, ERROR);
gCrl->CrlId = crl->CrlId; gCrl->CrlId = crl->CrlId;
...@@ -303,9 +315,10 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * ...@@ -303,9 +315,10 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
memcpy(gCrl->CrlData.data, crl->CrlData.data, crl->CrlData.len); memcpy(gCrl->CrlData.data, crl->CrlData.data, crl->CrlData.len);
gCrl->CrlData.len = crl->CrlData.len; gCrl->CrlData.len = crl->CrlData.len;
size_t size = 0;
if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_CBOR_CRL_NAME, payload, size)) if (OC_STACK_OK == UpdateSecureResourceInPS(OIC_CBOR_CRL_NAME, payload, size))
{ {
ehRet = OC_EH_RESOURCE_CREATED; ehRet = OC_EH_OK;
} }
DeleteCrlBinData(crl); DeleteCrlBinData(crl);
...@@ -314,7 +327,7 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest * ...@@ -314,7 +327,7 @@ static OCEntityHandlerResult HandleCRLPostRequest(const OCEntityHandlerRequest *
exit: exit:
// Send payload to request originator // Send payload to request originator
SendSRMCBORResponse(ehRequest, ehRet, NULL, 0); SendSRMResponse(ehRequest, ehRet, NULL);
OIC_LOG_V(INFO, TAG, "%s RetVal %d", __func__, ehRet); OIC_LOG_V(INFO, TAG, "%s RetVal %d", __func__, ehRet);
return ehRet; return ehRet;
...@@ -356,7 +369,7 @@ static OCEntityHandlerResult CRLEntityHandler(OCEntityHandlerFlag flag, ...@@ -356,7 +369,7 @@ static OCEntityHandlerResult CRLEntityHandler(OCEntityHandlerFlag flag,
default: default:
ehRet = OC_EH_ERROR; ehRet = OC_EH_ERROR;
SendSRMCBORResponse(ehRequest, ehRet, NULL, 0); SendSRMResponse(ehRequest, ehRet, NULL);
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment