[IOT-2262][IOT-2232][IOT-2305] Fix manufacturer certificate OTM

Fix for manufacturer certificate ownership transfer

Patch 4: remove workaround and fixed original issue for certOTM

Change-Id: I44bcc2c09f75c3170644e48fc297c8ac323b7405
Signed-off-by: ol.beketov <ol.beketov@samsung.com>
Signed-off-by: Jongsung Lee <js126.lee@samsung.com>
Signed-off-by: ol.beketov <ol.beketov@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/19899Tested-by: jenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: dongik Lee <dongik.lee@samsung.com>
Reviewed-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>

resource/csdk/security/provisioning/sample/oic_svr_db_client.json

 {
+    "cred": {
+        "creds": [
+            {
+                "credid": 1,
+                "subjectuuid": "61646d69-6e44-6576-6963-655575696430",
+                "credtype": 8,
+                "publicdata": {
+                    "encoding": "oic.sec.encoding.der",
+                    "data": "308201FA3082019FA003020102020105300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343134353535335A170D3336313130343134353535335A3068310B3009060355040613024B523110300E060355040A130753616D73756E6731133011060355040B130A4F4346204465766963653132303006035504031329757569643A36313634366436392D366534342D363537362D363936332D3635353537353639363433303059301306072A8648CE3D020106082A8648CE3D030107034200044310BC484A3B33F03B9BC66021B93A2BEA388D49398791C8E10E70437A40548DDA5F389FC16DA44E1A4DDC739D30C1CFD6AC82D141897129D8C162601D804323A33A303830360603551D11042F302D822B7573657269643A38646561366332642D653064392D346536342D383035632D333230316638376336633934300A06082A8648CE3D0403020349003046022100C34554A93FCF4EA1A9CC9783A7F29B6CC2B86FEBCB15495DEECD8548EAB3414B02210090CDD6731FE3BE7E2BE5F13F178B9A59E8DAC8EFBEFBFE4D9F456F629E73AA55"
+                },
+                "credusage": "oic.sec.cred.mfgcert",
+                "privatedata": {
+                    "encoding": "oic.sec.encoding.raw",
+                    "data": "3077020101042074A0348F8CB40E58FABAFAC494C4472CA04BECFEA6340276DFB4BA2F609F1A6FA00A06082A8648CE3D030107A144034200044310BC484A3B33F03B9BC66021B93A2BEA388D49398791C8E10E70437A40548DDA5F389FC16DA44E1A4DDC739D30C1CFD6AC82D141897129D8C162601D804323"
+                }
+            },
+            {
+                "credid": 2,
+                "subjectuuid": "*",
+                "credtype": 8,
+                "optionaldata": {
+                    "encoding": "oic.sec.encoding.der",
+                    "data": "308201CF30820175A003020102020101300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343132343933325A170D3336313130343132343933325A30683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F4346205375622043413059301306072A8648CE3D020106082A8648CE3D03010703420004A334EF1F497964DF840DF2F5BA2BFD6A0241FAD9C0D8E88A71821A46FD5CF800F5099627BD5473AE495678EB2D6F62474CFAC6C1C8B9DB47FA86373AB8330EBCA310300E300C0603551D13040530030101FF300A06082A8648CE3D0403020348003045022100AF5E06A44002579F13F47B19F299078A7B35FB6B2C707F7CC926319F744F2BB40220533AC74FA77F42AAFEAA2EED7E1BA2A440DEA6A99C7C3377D86AC4231B1D6D3B",
+                    "revstat": false
+                },
+                "credusage": "oic.sec.cred.mfgtrustca"
+            }
+        ],
+        "rowneruuid": "00000000-0000-0000-0000-000000000000",
+        "rt": ["oic.r.cred"],
+        "if": ["oic.if.baseline"]
+    },
     "acl": {
         "aclist2": [
             {
@@ -39,17 +71,23 @@
                 "permission": 14
             }
         ],
-        "rowneruuid" : "61646D69-6E44-6576-6963-655575696430"
+        "rowneruuid": "61646d69-6e44-6576-6963-655575696430",
+        "rt": ["oic.r.acl"],
+        "if": ["oic.if.baseline"]
     },
     "pstat": {
-        "dos": {"s": 3, "p": false},
+        "dos": {
+            "s": 3,
+            "p": false
+        },
         "isop": true,
         "cm": 0,
         "tm": 0,
         "om": 4,
         "sm": 4,
-        "deviceuuid": "61646D69-6E44-6576-6963-655575696430",
-        "rowneruuid": "61646D69-6E44-6576-6963-655575696430"
+        "rowneruuid": "61646d69-6e44-6576-6963-655575696430",
+        "rt": ["oic.r.pstat"],
+        "if": ["oic.if.baseline"]
     },
     "doxm": {
         "oxms": [0],
@@ -58,6 +96,8 @@
         "owned": true,
         "deviceuuid": "61646D69-6E44-6576-6963-655575696430",
         "devowneruuid": "61646D69-6E44-6576-6963-655575696430",
-        "rowneruuid": "61646D69-6E44-6576-6963-655575696430"
+        "rowneruuid": "61646D69-6E44-6576-6963-655575696430",
+        "rt": ["oic.r.doxm"],
+        "if": ["oic.if.baseline"]
     }
 }

resource/csdk/security/provisioning/sample/oic_svr_db_server_mfg.json

+{
+   "cred": {
+      "creds": [
+         {
+            "credid": 1,
+            "subjectuuid": "4d617566-6163-7475-7265-724365727430",
+            "credtype": 8,
+            "publicdata": {
+               "encoding": "oic.sec.encoding.der",
+               "data": "308201F93082019FA003020102020107300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343135303830395A170D3336313130343135303830395A3068310B3009060355040613024B523110300E060355040A130753616D73756E6731133011060355040B130A4F4346204465766963653132303006035504031329757569643A36613735373337342D373736662D373236622D343436352D3736353537353639363433303059301306072A8648CE3D020106082A8648CE3D03010703420004A86446F9A4B5A424922F4FB16730C80B21BEF558F792517D7737FDC49FD8CF982910F617805698DD4EE4DDA6C3B30918246B4D3540C74B836B1ECAC1A122B1BAA33A303830360603551D11042F302D822B7573657269643A36373434363731642D323936332D346339322D613862622D333831313762343836353865300A06082A8648CE3D0403020348003045022100D75F26C5D486782C9C8CDAAF3CB60562298E873EDD1C297C64A4112989CF8C65022060625A591EEA2E1B58E1A52B1AD9F086C5F1F265BE8FB8C024CB6C9FC69C9FCC"
+            },
+            "credusage": "oic.sec.cred.mfgcert",
+            "privatedata": {
+               "encoding": "oic.sec.encoding.raw",
+               "data": "3078020101042100E00D6E162B33F56D50B40E57288DF284F76D5CE7F1F800F7559882AB126B5813A00A06082A8648CE3D030107A14403420004A86446F9A4B5A424922F4FB16730C80B21BEF558F792517D7737FDC49FD8CF982910F617805698DD4EE4DDA6C3B30918246B4D3540C74B836B1ECAC1A122B1BA"
+            }
+         },
+         {
+            "credid": 2,
+            "subjectuuid": "*",
+            "credtype": 8,
+            "optionaldata": {
+               "encoding": "oic.sec.encoding.der",
+               "data": "308201CF30820175A003020102020101300A06082A8648CE3D04030230683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F434620537562204341301E170D3136313130343132343933325A170D3336313130343132343933325A30683132303006035504030C29757569643A33313331333133312D333133312D333133312D333133312D333133313331333133313331310B3009060355040613024B523110300E060355040A0C0753616D73756E6731133011060355040B0C0A4F4346205375622043413059301306072A8648CE3D020106082A8648CE3D03010703420004A334EF1F497964DF840DF2F5BA2BFD6A0241FAD9C0D8E88A71821A46FD5CF800F5099627BD5473AE495678EB2D6F62474CFAC6C1C8B9DB47FA86373AB8330EBCA310300E300C0603551D13040530030101FF300A06082A8648CE3D0403020348003045022100AF5E06A44002579F13F47B19F299078A7B35FB6B2C707F7CC926319F744F2BB40220533AC74FA77F42AAFEAA2EED7E1BA2A440DEA6A99C7C3377D86AC4231B1D6D3B",
+               "revstat": false
+            },
+            "credusage": "oic.sec.cred.mfgtrustca"
+         }
+      ],
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",
+      "rt": ["oic.r.cred"],
+      "if": ["oic.if.baseline"]
+   },
+   "acl": {
+      "aclist2": [
+            {
+                "aceid": 1,
+                "subject": { "conntype": "anon-clear" },
+                "resources": [
+                    { "href": "/oic/res" },
+                    { "href": "/oic/d" },
+                    { "href": "/oic/p"}
+                ],
+                "permission": 2
+            },
+            {
+                "aceid": 2,
+                "subject": { "conntype": "auth-crypt" },
+                "resources": [
+                    { "href": "/oic/res" },
+                    { "href": "/oic/d" },
+                    { "href": "/oic/p"}
+                ],
+                "permission": 2
+            },
+            {
+                "aceid": 3,
+                "subject": { "conntype": "anon-clear" },
+                "resources": [
+                    { "href": "/oic/sec/doxm" }
+                ],
+                "permission": 14
+            },
+            {
+                "aceid": 4,
+                "subject": { "conntype": "auth-crypt" },
+                "resources": [
+                    { "href": "/oic/sec/doxm" },
+                    { "href": "/oic/sec/roles" }
+                ],
+                "permission": 14
+            }
+        ],
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",
+      "rt": ["oic.r.acl"],
+      "if": ["oic.if.baseline"]
+   },
+   "pstat": {
+      "dos": {
+         "s": 1,
+         "p": false
+      },
+      "isop": false,
+      "cm": 2,
+      "tm": 0,
+      "om": 4,
+      "sm": 4,
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",
+      "rt": ["oic.r.pstat"],
+      "if": ["oic.if.baseline"]
+   },
+   "doxm": {
+      "oxms": [0, 1, 2],
+      "oxmsel": 2,
+      "sct": 1,
+      "owned": false,
+      "deviceuuid": "4d617566-6163-7475-7265-724365727430",
+      "devowneruuid": "4d617566-6163-7475-7265-724365727430",
+      "rowneruuid": "4d617566-6163-7475-7265-724365727430",
+      "x.org.iotivity.dpc": true,
+      "rt": ["oic.r.doxm"],
+      "if": ["oic.if.baseline"]
+   }
+}
\ No newline at end of file

resource/csdk/security/src/credresource.c

@@ -3236,15 +3236,15 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
                 }
 
                 uint8_t *oldData = crt->data;
-                crt->data = OICRealloc(crt->data, crt->len + temp->optionalData.len);
+                crt->data = OICRealloc(crt->data, crt->len + pemLen);
                 if (NULL == crt->data)
                 {
                     OIC_LOG(ERROR, TAG, "No memory reallocating crt->data");
                     OICFree(oldData);
                     return OC_STACK_NO_MEMORY;
                 }
-                memcpy(crt->data + crt->len, temp->optionalData.data, temp->optionalData.len);
-                crt->len += temp->optionalData.len;
+                memcpy(crt->data + crt->len, pem, pemLen);
+                crt->len += pemLen;
             }
         }
     }
@@ -3543,7 +3543,7 @@ void GetDerKey(ByteArray_t * key, const char * usage)
                 mbedtls_pem_free(&ctx);
                 break;
             }
-            else if(temp->privateData.encoding == OIC_ENCODING_DER)
+            else if(temp->privateData.encoding == OIC_ENCODING_DER || temp->privateData.encoding == OIC_ENCODING_RAW)
             {
                 uint8_t *tmp = OICRealloc(key->data, key->len + temp->privateData.len);
                 if (NULL == tmp)

resource/csdk/security/src/doxmresource.c

@@ -1598,7 +1598,7 @@ static OCEntityHandlerResult HandleDoxmPostRequest(OCEntityHandlerRequest * ehRe
                         ehRet = OC_EH_ERROR;
                     }
 
-                    RegisterOTMSslHandshakeCallback(NULL);
+                    RegisterOTMSslHandshakeCallback(DoxmDTLSHandshakeCB);
                     CAResult_t caRes = CAEnableAnonECDHCipherSuite(false);
                     VERIFY_SUCCESS(TAG, caRes == CA_STATUS_OK, ERROR);
                     OIC_LOG(INFO, TAG, "ECDH_ANON CipherSuite is DISABLED");

resource/csdk/security/src/policyengine.c

@@ -100,9 +100,9 @@ static bool IsRequestFromDevOwner(SRMRequestContext_t *context)
         if (!retVal)
         {
             OIC_LOG(DEBUG, TAG, "Owner UUID  :");
-            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&doxm->owner.id, sizeof(&doxm->owner.id));
+            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&doxm->owner.id, sizeof(OicUuid_t));
             OIC_LOG(DEBUG, TAG, "Request UUID:");
-            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&context->subjectUuid.id, sizeof(&context->subjectUuid.id));
+            OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&context->subjectUuid.id, sizeof(OicUuid_t));
         }
     }
 exit: