Commit 4541e501 authored by Greg Zaverucha's avatar Greg Zaverucha Committed by Nathan Heldt-Sheller

[IOT-1785] Finish role certs feature

Add end-to-end testing of role certificate scenario:
- provision role certs
- test role-based ACLs provisioning and enforcement
- test assertion of role certificates

Fix bugs and add new functions as necessary. Added the ROLE_CERT
usage to distinguish role certs (which can't be used for TLS)
from identity certs. Previously they were both saved as PRIMARY_CERT.
Some small changes to save and retrieve role certificates locally. Add
functionality to assert roles (POST the certs to /oic/sec/roles).

Change-Id: I9080e0ca6b0809608621eb8b23dd4bbbfbbb176c
Signed-off-by: default avatarGreg Zaverucha <gregz@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/18219Reviewed-by: default avatarAlex Kelley <alexke@microsoft.com>
Reviewed-by: default avatarDave Thaler <dthaler@microsoft.com>
Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
parent 9ca54cba
......@@ -24,6 +24,7 @@
#include "cainterface.h"
#include "securevirtualresourcetypes.h"
#include "octypes.h"
#include "rolesresource.h"
#include <cbor.h>
#ifdef __cplusplus
......@@ -125,13 +126,13 @@ OCStackResult AddCredential(OicSecCred_t * cred);
/**
* Function to remove credentials from the SVR DB for the given subject UUID.
* If multiple credentials exist for the UUID, they will all be removed.
* If multiple credentials exist for the UUID, they will all be removed.
*
* @param subject is the Credential Subject to be deleted.
*
* @return ::OC_STACK_RESOURCE_DELETED if credentials were removed, or
* @return ::OC_STACK_RESOURCE_DELETED if credentials were removed, or
* if there are no credentials with the given UUID. An error is returned if
* removing credentials failed.
* removing credentials failed.
*/
OCStackResult RemoveCredential(const OicUuid_t *subject);
......@@ -221,6 +222,18 @@ OCStackResult GetCredRownerId(OicUuid_t *rowneruuid);
* @param[in] usage credential usage string.
*/
OCStackResult GetPemCaCert(ByteArray_t * crt, const char * usage);
/**
* Get a list of all role certificates. Used when asserting roles.
*
* @param[out] roleCerts list of role certificates
* @return When ::OC_STACK_OK is returned, a list of certificates (roleCerts)
* that must be freed with FreeRoleCertChainList. roleCerts can still
* be NULL in this case, if no role certs are installed. On error, an
* error value is returned and roleCerts is NULL.
*/
OCStackResult GetAllRoleCerts(RoleCertChain_t** roleCerts);
/**
* Used by mbedTLS to retrieve own certificate chain
*
......
......@@ -61,7 +61,7 @@ OCStackResult DeInitRolesResource();
* On success, caller must free the received array with OICFree when finished
* @param[out] roleCount Variable to receive length of roles array.
*
* @note If the endpoint is found but has not asserted any roles with certificates,
* @note If the endpoint is found but has not asserted any roles with certificates,
* OC_STACK_OK will be returned, but NULL will be returned in roles and 0 in roleCount.
*
* @return OC_STACK_OK if list of roles is successfully populated; error otherwise.
......@@ -76,10 +76,24 @@ OCStackResult GetEndpointRoles(const CAEndpoint_t *endpoint, OicSecRole_t **role
* @param[in] size Size of cborPayload
* @param[out] roleCertList Pointer to receive linked list of RoleCertChain_t objects
* On success, caller must call FreeRoleCertChainList on *roleCertList when finished
*
* @return OC_STACK_OK if payload is successfully converted; error code otherwise
*/
OCStackResult CBORPayloadToRoles(const uint8_t *cborPayload, size_t size, RoleCertChain_t **roleCertList);
/**
* This function converts a list of role certificates into a CBOR payload.
* Caller needs to call 'OICFree' on *cborPayload after use.
*
* @param[in] roles Linked list of RoleCertChain_t objects
* @param[out] cborPayload Pointer to receive the CBOR payload
* On success, caller must call OICFree on *cborPayload when finished
* @param[out] size Pointer to receive size of cborPayload
*
* @return OC_STACK_OK if payload is successfully converted; error code otherwise
*/
OCStackResult RolesToCBORPayload(const RoleCertChain_t *roles, uint8_t **cborPayload, size_t *cborSize);
/**
* Free the memory used by a list of RoleCertChain_t objects created by CBORPayloadToRoles.
*
......
......@@ -181,6 +181,7 @@ extern const char * OIC_JSON_EMPTY_STRING;
extern const char * TRUST_CA;
extern const char * PRIMARY_CERT;
extern const char * PRIMARY_KEY;
extern const char * ROLE_CERT;
// Certificates provided by manufacturer
extern const char * MF_TRUST_CA;
......
......@@ -132,7 +132,7 @@ OCStackResult OCGenerateIdentityCertificate(
size_t *certificateLen);
/**
* Generate a certificate for a device's role.
* Generate a role certificate for a device.
*
* @param subjectUuid UUID for the device to use the certificate.
* @param subjectPublicKey Subject's public key in PEM format
......@@ -176,7 +176,7 @@ OCStackResult OCGenerateRoleCertificate(
* @param[in] csr The CSR containing the UUID as null-terminated PEM.
* @param[out] uuid The UUID in the CSR
*
* @return 0 on success, nonzero otherwise
* @return OC_STACK_OK if successful, error code otherwise
*/
OCStackResult OCGetUuidFromCSR(const char* csr, OicUuid_t* uuid);
......@@ -187,7 +187,7 @@ OCStackResult OCGetUuidFromCSR(const char* csr, OicUuid_t* uuid);
* @param[out] publicKey The public key is output here as null-terminated PEM.
* Callers must call OICFree when finished.
*
* @return 0 on success, nonzero otherwise
* @return OC_STACK_OK if successful, error code otherwise
*/
OCStackResult OCGetPublicKeyFromCSR(const char* csr, char** publicKey);
......@@ -196,7 +196,7 @@ OCStackResult OCGetPublicKeyFromCSR(const char* csr, char** publicKey);
*
* @param[in] csr The CSR to check, as null-terminated PEM.
*
* @returns 0 on success, nonzero otherwise
* @return OC_STACK_OK if successful, error code otherwise
*
* @remark Requires that ECDSA with SHA-256 be used for the signature.
*/
......@@ -207,11 +207,11 @@ OCStackResult OCVerifyCSRSignature(const char* csr);
*
* @param[in] derCSR The CSR to convert, encoded as DER
* @param[in] derCSRLen Then number of bytes in derCSR
* @param[out] pemCSR The output, PEM encoded, null-terminated CSR. Callers
* call OICFree when finished.
* @param[out] pemCSR The output, PEM encoded, null-terminated CSR. Callers
* call OICFree when finished.
*
* @returns 0 on success, nonzero otherwise
*/
* @return OC_STACK_OK if successful, error code otherwise
*/
OCStackResult OCConvertDerCSRToPem(const char* derCSR, size_t derCSRLen, char** pemCSR);
#ifdef __cplusplus
......
......@@ -293,14 +293,15 @@ enum
OIC_R_AMACL_TYPE,
OIC_R_CRED_TYPE,
OIC_R_CRL_TYPE,
OIC_R_CSR_TYPE,
OIC_R_DOXM_TYPE,
OIC_R_DPAIRING_TYPE,
OIC_R_PCONF_TYPE,
OIC_R_PSTAT_TYPE,
OIC_R_ROLES_TYPE,
OIC_R_SACL_TYPE,
OIC_R_SVC_TYPE,
OIC_R_CSR_TYPE,
OIC_R_ACL2_TYPE,
OIC_R_ROLES_TYPE,
OIC_SEC_SVR_TYPE_COUNT, //define the value to number of SVR
NOT_A_SVR_RESOURCE = 99
};
......
......@@ -156,6 +156,31 @@ OCStackResult SRPSaveTrustCertChain(const uint8_t *trustCertChain, size_t chainS
*/
OCStackResult SRPSaveOwnCertChain(OicSecKey_t * cert, OicSecKey_t * key, uint16_t *credId);
/**
* function to save own role certificate into Cred of SVR.
*
* @param[in] cert Certificate chain to be saved in Cred of SVR
* @param[out] credId CredId of saved trust certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*
* @note The certificate public key must be the same as public key in the identity
* certificate (installed by SRPSaveOwnCertChain).
*/
OCStackResult SRPSaveOwnRoleCert(OicSecKey_t * cert, uint16_t *credId);
/**
* Assert all roles to a device. This POSTs all role certificates from the
* local cred resource to /oic/sec/roles.
*
* @param[in] ctx User context to be passed.
* @param[in] device The device to assert the roles to
* @param[in] resultCallback Callback that is called with the response from the device
* @return OC_STACK_OK in case of success and other value otherwise.
*
* @note If no role certificates are installed, this will fail. See GetAllRoleCerts in credresource.h
*/
OCStackResult SRPAssertRoles(void *ctx, const OCProvisionDev_t *device, OCProvisionResultCB resultCallback);
/**
* function to register callback, for getting notification for TrustCertChain change.
*
......@@ -204,8 +229,8 @@ OCStackResult SRPProvisionDirectPairing(void *ctx, const OCProvisionDev_t *selec
* @param[in] keySize size of key
* @param[in] pDev1 Pointer to PMOwnedDeviceInfo_t instance, respresenting resource to be provsioned.
* @param[in] pDev2 Pointer to PMOwnedDeviceInfo_t instance, respresenting resource to be provsioned.
* @param[in] pemCert When provisioning a certificate (type is SIGNED_ASYMMETRIC_KEY), this is the
* certificate, encoded as PEM.
* @param[in] pemCert When provisioning a certificate (type is SIGNED_ASYMMETRIC_KEY), this is the
* certificate, encoded as PEM.
* @param[in] resultCallback callback provided by API user, callback will be called when
* provisioning request recieves a response from first resource server.
* @return OC_STACK_OK in case of success and other value otherwise.
......
/* *****************************************************************
*
* Copyright 2015 Samsung Electronics All Rights Reserved.
*
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* *****************************************************************/
#ifndef OCPROVISIONINGMANAGER_H_
#define OCPROVISIONINGMANAGER_H_
#include "octypes.h"
#include "pmtypes.h"
#include "ownershiptransfermanager.h"
#ifdef MULTIPLE_OWNER
#include "securevirtualresourcetypes.h"
#endif //MULTIPLE_OWNER
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/**
* The function is responsible for initializaton of the provisioning manager. It will load
* provisioning database which have owned device's list and their linked status.
* TODO: In addition, if there is a device(s) which has not up-to-date credentials, this function will
* automatically try to update the deivce(s).
*
* @param[in] dbPath file path of the sqlite3 db
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCInitPM(const char* dbPath);
/**
* API to cleanup PDM in case of timeout.
* It will remove the PDM_DEVICE_INIT state devices from PDM.
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCPDMCleanupForTimeout();
/**
* The function is responsible for discovery of owned/unowned device is specified endpoint/deviceID.
* It will return the found device even though timeout is not exceeded.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the device.
* @param[in] deviceID deviceID of target device.
* @param[out] ppFoundDevice OCProvisionDev_t of found device
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverSingleDevice(unsigned short timeout, const OicUuid_t* deviceID,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of owned/unowned device is specified endpoint/MAC
* address.
* It will return the found device even though timeout is not exceeded.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the device.
* @param[in] deviceID deviceID of target device.
* @param[in] hostAddress MAC address of target device.
* @param[in] connType ConnectivityType for discovery.
* @param[out] ppFoundDevice OCProvisionDev_t of found device.
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverSingleDeviceInUnicast(unsigned short timeout, const OicUuid_t* deviceID,
const char* hostAddress, OCConnectivityType connType,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of device is current subnet. It will list
* all the device in subnet which are not yet owned. Please call OCInit with OC_CLIENT_SERVER as
* OCMode.
*
* @param[in] waittime Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of candidate devices to be provisioned
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverUnownedDevices(unsigned short waittime, OCProvisionDev_t **ppList);
/**
* Do ownership transfer for un-owned device.
*
* @param[in] ctx Application context would be returned in result callback
* @param[in] targetDevices List of devices to perform ownership transfer.
* @param[in] resultCallback Result callback function to be invoked when ownership transfer finished.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDoOwnershipTransfer(void* ctx,
OCProvisionDev_t *targetDevices,
OCProvisionResultCB resultCallback);
/**
* API to set a allow status of OxM
*
* @param[in] oxm Owership transfer method (ref. OicSecOxm_t)
* @param[in] allowStatus allow status (true = allow, false = not allow)
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSetOxmAllowStatus(const OicSecOxm_t oxm, const bool allowStatus);
#ifdef MULTIPLE_OWNER
/**
* API to perfrom multiple ownership transfer for MOT enabled device.
*
* @param[in] ctx Application context would be returned in result callback
* @param[in] targetDevices List of devices to perform ownership transfer.
* @param[in] resultCallback Result callback function to be invoked when ownership transfer finished.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDoMultipleOwnershipTransfer(void* ctx,
OCProvisionDev_t *targetDevices,
OCProvisionResultCB resultCallback);
#endif //MULTIPLE_OWNER
/**
* API to register for particular OxM.
*
* @param[in] oxm transfer method.
* @param[in] callbackData of callback functions for owership transfer.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSetOwnerTransferCallbackData(OicSecOxm_t oxm, OTMCallbackData_t* callbackData);
/**
* The function is responsible for discovery of owned device is current subnet. It will list
* all the device in subnet which are owned by calling provisioning client.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of device owned by provisioning tool.
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList);
#ifdef MULTIPLE_OWNER
/**
* The function is responsible for the discovery of an MOT-enabled device with the specified deviceID.
* The function will return when security information for device with deviceID has been obtained or the
* timeout has been exceeded.
*
* @param[in] timeoutSeconds Maximum time, in seconds, this function will listen for responses from
* servers before returning.
* @param[in] deviceID deviceID of target device.
* @param[out] ppFoundDevice OCProvisionDev_t of discovered device. Caller should use
* OCDeleteDiscoveredDevices to delete the device.
* @return OC_STACK_OK in case of success and other values otherwise.
*/
OCStackResult OCDiscoverMultipleOwnerEnabledSingleDevice(unsigned short timeoutSeconds,
const OicUuid_t *deviceID,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of MOT enabled device is current subnet.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of MOT enabled devices.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDiscoverMultipleOwnerEnabledDevices(unsigned short timeout, OCProvisionDev_t **ppList);
/**
* The function is responsible for discovery of Multiple Owned device is current subnet.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of Multiple Owned devices.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDiscoverMultipleOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList);
/**
* The function is responsible for determining if the caller is a subowner of the specified device.
*
* @param[in] device MOT enabled device that contains a list of subowners.
* @param[out] isSubowner Bool indicating whether the caller is a subowner of device.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCIsSubownerOfDevice(OCProvisionDev_t *device, bool *isSubowner);
#endif //MULTIPLE_OWNER
/**
* API to provision credentials between two devices and ACLs for the devices who act as a server.
*
* @param[in] ctx Application context returned in the result callback.
* @param[in] type Type of credentials to be provisioned to the device.
/* *****************************************************************
*
* Copyright 2015 Samsung Electronics All Rights Reserved.
*
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* *****************************************************************/
#ifndef OCPROVISIONINGMANAGER_H_
#define OCPROVISIONINGMANAGER_H_
#include "octypes.h"
#include "pmtypes.h"
#include "ownershiptransfermanager.h"
#ifdef MULTIPLE_OWNER
#include "securevirtualresourcetypes.h"
#endif //MULTIPLE_OWNER
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
/**
* The function is responsible for initializaton of the provisioning manager. It will load
* provisioning database which have owned device's list and their linked status.
* TODO: In addition, if there is a device(s) which has not up-to-date credentials, this function will
* automatically try to update the deivce(s).
*
* @param[in] dbPath file path of the sqlite3 db
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCInitPM(const char* dbPath);
/**
* API to cleanup PDM in case of timeout.
* It will remove the PDM_DEVICE_INIT state devices from PDM.
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCPDMCleanupForTimeout();
/**
* The function is responsible for discovery of owned/unowned device is specified endpoint/deviceID.
* It will return the found device even though timeout is not exceeded.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the device.
* @param[in] deviceID deviceID of target device.
* @param[out] ppFoundDevice OCProvisionDev_t of found device
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverSingleDevice(unsigned short timeout, const OicUuid_t* deviceID,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of owned/unowned device is specified endpoint/MAC
* address.
* It will return the found device even though timeout is not exceeded.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the device.
* @param[in] deviceID deviceID of target device.
* @param[in] hostAddress MAC address of target device.
* @param[in] connType ConnectivityType for discovery.
* @param[out] ppFoundDevice OCProvisionDev_t of found device.
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverSingleDeviceInUnicast(unsigned short timeout, const OicUuid_t* deviceID,
const char* hostAddress, OCConnectivityType connType,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of device is current subnet. It will list
* all the device in subnet which are not yet owned. Please call OCInit with OC_CLIENT_SERVER as
* OCMode.
*
* @param[in] waittime Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of candidate devices to be provisioned
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverUnownedDevices(unsigned short waittime, OCProvisionDev_t **ppList);
/**
* Do ownership transfer for un-owned device.
*
* @param[in] ctx Application context would be returned in result callback
* @param[in] targetDevices List of devices to perform ownership transfer.
* @param[in] resultCallback Result callback function to be invoked when ownership transfer finished.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDoOwnershipTransfer(void* ctx,
OCProvisionDev_t *targetDevices,
OCProvisionResultCB resultCallback);
/**
* API to set a allow status of OxM
*
* @param[in] oxm Owership transfer method (ref. OicSecOxm_t)
* @param[in] allowStatus allow status (true = allow, false = not allow)
*
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSetOxmAllowStatus(const OicSecOxm_t oxm, const bool allowStatus);
#ifdef MULTIPLE_OWNER
/**
* API to perfrom multiple ownership transfer for MOT enabled device.
*
* @param[in] ctx Application context would be returned in result callback
* @param[in] targetDevices List of devices to perform ownership transfer.
* @param[in] resultCallback Result callback function to be invoked when ownership transfer finished.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDoMultipleOwnershipTransfer(void* ctx,
OCProvisionDev_t *targetDevices,
OCProvisionResultCB resultCallback);
#endif //MULTIPLE_OWNER
/**
* API to register for particular OxM.
*
* @param[in] oxm transfer method.
* @param[in] callbackData of callback functions for owership transfer.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSetOwnerTransferCallbackData(OicSecOxm_t oxm, OTMCallbackData_t* callbackData);
/**
* The function is responsible for discovery of owned device is current subnet. It will list
* all the device in subnet which are owned by calling provisioning client.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of device owned by provisioning tool.
* @return OTM_SUCCESS in case of success and other value otherwise.
*/
OCStackResult OCDiscoverOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList);
#ifdef MULTIPLE_OWNER
/**
* The function is responsible for the discovery of an MOT-enabled device with the specified deviceID.
* The function will return when security information for device with deviceID has been obtained or the
* timeout has been exceeded.
*
* @param[in] timeoutSeconds Maximum time, in seconds, this function will listen for responses from
* servers before returning.
* @param[in] deviceID deviceID of target device.
* @param[out] ppFoundDevice OCProvisionDev_t of discovered device. Caller should use
* OCDeleteDiscoveredDevices to delete the device.
* @return OC_STACK_OK in case of success and other values otherwise.
*/
OCStackResult OCDiscoverMultipleOwnerEnabledSingleDevice(unsigned short timeoutSeconds,
const OicUuid_t *deviceID,
OCProvisionDev_t **ppFoundDevice);
/**
* The function is responsible for discovery of MOT enabled device is current subnet.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of MOT enabled devices.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDiscoverMultipleOwnerEnabledDevices(unsigned short timeout, OCProvisionDev_t **ppList);
/**
* The function is responsible for discovery of Multiple Owned device is current subnet.
*
* @param[in] timeout Timeout in seconds, value till which function will listen to responses from
* server before returning the list of devices.
* @param[out] ppList List of Multiple Owned devices.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCDiscoverMultipleOwnedDevices(unsigned short timeout, OCProvisionDev_t **ppList);
/**
* The function is responsible for determining if the caller is a subowner of the specified device.
*
* @param[in] device MOT enabled device that contains a list of subowners.
* @param[out] isSubowner Bool indicating whether the caller is a subowner of device.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCIsSubownerOfDevice(OCProvisionDev_t *device, bool *isSubowner);
#endif //MULTIPLE_OWNER
/**
* API to provision credentials between two devices and ACLs for the devices who act as a server.
*
* @param[in] ctx Application context returned in the result callback.
* @param[in] type Type of credentials to be provisioned to the device.
* @param[in] keySize size of key
* @param[in] pDev1 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned.
* @param[in] pDev1Acl ACL for device 1. If this is not required set NULL.
* @param[in] pDev2 Pointer to OCProvisionDev_t instance,respresenting device to be provisioned.
* @param[in] pDev2Acl ACL for device 2. If this is not required set NULL.
* @param[in] resultCallback callback provided by API user, callback will be called when
* provisioning request recieves a response from first resource server.
* @return OC_STACK_OK in case of success and other value otherwise.
*/