Cloud Client

Implemented:
1. Cloud Client itself with menu and folders structure
2. CRL/ACL requests according latest spec

[Patch #2] Remove OCPayload to ACL/CRL convertion.
           Convert OCpayload back to char * and
           Use ACL/CRL resource functions to parse and update DB
[Patch #3] Add sync to menu and start userRequests as thread
[Patch #4] Save minor changes before merge both clients
[Patch #5] Merge CSR to this cloud client
[Patch #6] Clean-up changes. Merged cloud client works
[Patch #7] Save minor changes before move to cloud-interface branch
[Patch #8] Store private data
[Patch #9] Implement CRL on device according latest spec
[Patch #10] Minor Crl on device fixes
[Patch #11] Handle review comments
[Patch #12] Implement ACL get info on device according spec
            Remove OC_EXPORT from headers
[Patch #13] Fix CBOR encoding
[Patch #14] Crl last update, crl db changes, fix build error
[Patch #15] Crl Get/Post are fully implemented
[Patch #16] Acl fix uri path'es
[Patch #17] PKIX interface to SRM
[Patch #18] CRL rcsn fix (use String Array instead of String)
[Patch #19] ACL callbacks implemetation (parse and print recv data)
[Patch #20] Complete ACL callbacks
[Patch #21] Update Menu UI
[Patch #22] ACL uid's length fixes
[Patch #23] ACL ace request + CRL encoding fix
[Patch #24] Fix crash when receive empty aclist
[Patch #25] Set public data default encoding to DER
            Fix CRL initialization
[Patch #26, 27] Restore #24
[Patch #28] Fix build error related to PKIX
[Patch #29] ACL few fixes, clean-up code, add comments
[Patch #32] Clean-up csr + handle all review comments
[Patch #34] Revert ocpayload.c changes
[Patch #35] Fix build without WITH_TCP, CRL/ACL clean-up, error on exit
[Patch #37] Fix private data encoding
[Patch #38] Test build on Windows
[Patch #40] Remove accidental changes
[Patch #41] TLS sample fix
[Patch #42] CRL changes to use CBORPayload() functions
[Patch #43] ACL changes to use CBORpayload() + printAcl() + minor fixes
[Patch #44] Added extern C for external linkage to C++
[Patch #45] Revert #44 + acl fix
[Patch #47] Implement OC_LOG_PAYLOAD to show nested objects and arrays
[Patch #48] Fix review comments
            Add dynamic cipher based on SVR
            Change close notify to alert
[Patch #49] Add rootcer.crt and SaveTrustCert in cloudClient sample
[Patch #50] Change cipher priority and add choose cipher option in sample
[Patch #51] Remove accidental changes
[Patch #52] Add RSA cipher selection
[Patch #53] Huge changes in API and handlers to provide it to external team
[Patch #54] Minor fix, clean-up, add comments
[Patch #55] Resoved issue for save TrustCert with PEM in cloudClient sample
[Patch #56] UpdateACE fix, add CoAPs selection to Menu
[Patch #57] Few ACL requests fix, now all of them are working
[Patch #58] Add db file to command-line args + few fixes
[Patch #60] Add alert messages
[Patch #61] Fix cipher selection
[Patch #62] Fix Svace warnings
[Patch #63] Fix acl db issue. Create CBORpayloadToAcl2() for cloud response
            Because in latest spec its wrong we need this workaround
[Patch #64] Fix service folder build error when secured enabled
[Patch #65] Implement responses to cloud cpp wrapper API
[Patch #66] Minor fix to cloud cpp wrapper responses
[Patch #67] Fix Cbor allocation when credresource increase
[Patch #68] Revert wrong changes made in Patch #64
[Patch #69] Remove wrong changes in other SConscript files
[Patch #70] Fix minor build error
[Patch #71] Remove wrong changes from 2 source files + clean-up Sconscripts
[Patch #72] Return back credresource.c + fix crlresource.c for tizen
[Patch #73] Return back richdk scons
[Patch #74] Disable build stack samples without SECURED=1
[Patch #75] Fix OTM PIN
[Patch #76] Fix conflict
[Patch #77,78] Fix tizen build error
[Patch #80] Remove changes in secure stack samples
[Patch #81] Add ours headers to doxygen, update comments, add static
[Patch #83] Fix conflicts with master
[Patch #84] Add Discovery + Get/Put/Post device-to-device requests
            Separate most sample source code to cloud folder
[Patch #86] Arduino build fix
[Patch #87] Resolve merge conflict

Change-Id: Ib83b14a40d49df3b62dd5a1863777c8a5504a4e5
Signed-off-by: Jonsgung Lee<js126.lee@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Joonghwan Lee<jh05.lee@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Joonghwan Lee<jh05.lee@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Dmitriy Zhuravlev <d.zhuravlev@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Signed-off-by: Oleksandr Dmytrenko <o.dmytrenko@samsung.com>
Signed-off-by: Andrii Shtompel <a.shtompel@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/10785Reviewed-by: Randeep Singh <randeep.s@samsung.com>
Tested-by: Randeep Singh <randeep.s@samsung.com>

resource/SConscript

@@ -69,8 +69,9 @@ if target_os in ['linux', 'windows']:
 	SConscript('csdk/stack/test/linux/SConscript')
 	SConscript('csdk/stack/samples/linux/SimpleClientServer/SConscript')
 
-	# Build secure samples
-	SConscript('csdk/stack/samples/linux/secure/SConscript')
+        if env.get('SECURED') == '1':
+		# Build secure samples
+		SConscript('csdk/stack/samples/linux/secure/SConscript')
 
 	# Build C/C++ unit tests
 	SConscript('unit_tests.scons')

resource/csdk/connectivity/api/casecurityinterface.h

@@ -94,6 +94,14 @@ CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDT
 
 
 #ifdef __WITH_TLS__
+/**
+ * This internal callback is used by CA layer to
+ * retrieve all credential types from SRM
+ *
+ * @param[out]  list of enabled credential types for CA handshake
+ *
+ */
+typedef void (*CAgetCredentialTypesHandler)(bool * list);
 /**
  * Binary structure containing PKIX related info
  * own certificate chain, public key, CA's and CRL's
@@ -110,6 +118,12 @@ typedef struct
     ByteArray crl;
 } PkiInfo_t;
 
+/**
+ * Register callback to receive credential types.
+ * @param[in] credTypesCallback callback to get cerdential types
+ * @return ::CA_STATUS_OK
+ */
+CAResult_t CAregisterGetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback);
 /**
  * Register callback to receive the result of TLS handshake.
  * @param[in] tlsHandshakeCallback callback for get tls handshake result

resource/csdk/connectivity/inc/ca_adapter_net_tls.h

@@ -59,8 +59,13 @@ void CAsetTlsAdapterCallbacks(CAPacketReceivedCallback recvCallback,
                               CATransportAdapter_t type);
 
 /**
- * Register callback to get TLS PSK credentials.
- * @param[in]  credCallback    callback to get TLS PSK credentials.
+ * Register callback to get credentials types.
+ * @param[in]   credTypesCallback    callback to get credential types.
+ */
+void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback);
+/**
+ * Register callback to get credential types.
+ * @param[in]  typesCallback    callback to get credential types.
  */
 void CAsetTlsCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
 

resource/csdk/connectivity/src/SConscript

@@ -74,6 +74,7 @@ if env.get('DTLS_WITH_X509') == '1':
 	env.AppendUnique(CA_SRC = pkix_src)
 
 if ((secured == '1') and (with_tcp == True)):
+	env.AppendUnique(CPPPATH = [os.path.join(src_dir, 'resource', 'csdk', 'security', 'include')])
 	env.AppendUnique(CPPDEFINES = ['__WITH_TLS__'])
 	tls_path = 'extlibs/mbedtls';
 	tls_headers_path = 'mbedtls/include';

resource/csdk/connectivity/src/caconnectivitymanager.c

@@ -65,6 +65,7 @@ extern void CADTLSSetCrlCallback(CAGetDTLSCrlHandler crlCallback);
 #ifdef __WITH_TLS__
 extern void CAsetPkixInfoCallback(CAgetPkixInfoHandler infCallback);
 extern void CAsetTlsCredentialsCallback(CAGetDTLSPskCredentialsHandler credCallback);
+extern void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credCallback);
 #endif
 
 
@@ -222,6 +223,19 @@ CAResult_t CAregisterPkixInfoHandler(CAgetPkixInfoHandler getPkixInfoHandler)
     OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
     return CA_STATUS_OK;
 }
+
+CAResult_t CAregisterGetCredentialTypesHandler(CAgetCredentialTypesHandler getCredTypesHandler)
+{
+    OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
+
+    if (!g_isInitialized)
+    {
+        return CA_STATUS_NOT_INITIALIZED;
+    }
+    CAsetCredentialTypesCallback(getCredTypesHandler);
+    OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
+    return CA_STATUS_OK;
+}
 #endif
 
 #ifdef __WITH_X509__

resource/csdk/security/SConscript

@@ -120,8 +120,7 @@ if target_os in ['windows', 'msys_nt']:
 	libocsrm_src  = libocsrm_src + [OCSRM_SRC + 'strptime.c']
 
 if (env.get('DTLS_WITH_X509') == '1' or env.get('WITH_TCP') == True) and env.get('SECURED') == '1':
-	crl_src = [OCSRM_SRC + 'crlresource.c']
-	libocsrm_src  = libocsrm_src + crl_src
+	libocsrm_src  = libocsrm_src + [OCSRM_SRC + 'crlresource.c', OCSRM_SRC + 'pkix_interface.c']
 
 libocsrm_conf = Configure(libocsrm_env)
 if libocsrm_conf.CheckFunc('strptime'):

resource/csdk/security/include/internal/aclresource.h

@@ -100,6 +100,14 @@ OicSecAce_t* DuplicateACE(const OicSecAce_t* ace);
  */
 OCStackResult InstallNewACL(const uint8_t* payload, const size_t size);
 
+/**
+ * This function installs a new ACL.
+ *
+ * @param acl  new acl to install.
+ *
+ * @return ::OC_STACK_OK for Success, otherwise some error value
+ */
+OCStackResult InstallNewACL2(const OicSecAcl_t* acl);
 /**
  * This function updates default ACE which is required for ownership transfer.
  * This function should be invoked after OTM is complete to prevent anonymous user access.
@@ -126,6 +134,16 @@ OCStackResult SetAclRownerId(const OicUuid_t* newROwner);
  */
 OCStackResult GetAclRownerId(OicUuid_t *rowneruuid);
 
+/**
+ * This function converts CBOR data into ACL.
+ *
+ * @param cborPayload is the pointer to cbor payload to parse.
+ * @param size of the cbor payload.
+ *
+ * @return ::acl instance of @ref OicSecAcl_t structure or NULL if error occurs
+ */
+OicSecAcl_t* CBORPayloadToAcl2(const uint8_t *cborPayload, const size_t size);
+
 #ifdef __cplusplus
 }
 #endif

resource/csdk/security/include/internal/credresource.h

@@ -190,12 +190,30 @@ OCStackResult GetCredRownerId(OicUuid_t *rowneruuid);
 
 #ifdef __WITH_TLS__
 /**
- * @def CA_SUBJECT_ID
- * @brief subject uuid for credential with CA certificates
+ * Used by mbedTLS to retrieve trusted CA certificates
+ *
+ * @param[out] crt certificates to be filled.
  */
-#define CA_SUBJECT_ID ("00000000-0000-0000-0000-000000000000")
-void GetPkixInfo(PkiInfo_t * inf);
-#endif
+void GetDerCaCert(ByteArray * crt);
+/**
+ * Used by mbedTLS to retrieve own certificate chain
+ *
+ * @param[out] crt certificate chain to be filled.
+ */
+void GetDerOwnCert(ByteArray * crt);
+/**
+ * Used by mbedTLS to retrieve owm private key
+ *
+ * @param[out] key key to be filled.
+ */
+void GetDerKey(ByteArray * key);
+/**
+ * Used by CA to retrieve credential types
+ *
+ * @param[out] key key to be filled.
+ */
+void InitCipherSuiteList(bool *list);
+#endif // __WITH_TLS__
 #ifdef __cplusplus
 }
 #endif

resource/csdk/security/include/internal/crlresource.h

@@ -21,8 +21,7 @@
 #ifndef IOTVT_SRM_CRLR_H
 #define IOTVT_SRM_CRLR_H
 
-#include "octypes.h"
-#include "securevirtualresourcetypes.h"
+#include "ocpayload.h"
 
 #ifdef __cplusplus
 extern "C" {
@@ -35,7 +34,7 @@ extern "C" {
  *
  * @return ::OC_STACK_OK for Success, otherwise some error value.
  */
-OCStackResult UpdateCRLResource(const OicSecCrl_t *crl);
+OCStackResult UpdateCRLResource(OicSecCrl_t *crl);
 
 /**
  * This function get encoded with base64 CRL from SRM.
@@ -60,12 +59,14 @@ void  GetDerCrl(ByteArray* crlArray);
  * will be allocated by the function and content of *crl will be ignored.
  * @param payload is the converted cbor value.
  * @param size is a pointer to length of the CRL buffer. Should be not NULL.
+ * @param lastUpdate optional field contains CRL last update time
  *
  * @note Caller responsible for crl buffer memory (use OICFree to free it).
  *
  * @return ::OC_STACK_OK if success, otherwise some error value.
  */
-OCStackResult CrlToCBORPayload(const OicSecCrl_t *crl, uint8_t **payload, size_t *size);
+OCStackResult CrlToCBORPayload(const OicSecCrl_t *crl, uint8_t **payload, size_t *size,
+                               char *lastUpdate);
 
 /**
  * This function converts CBOR to CRL
@@ -102,6 +103,23 @@ OCStackResult DeInitCRLResource();
  */
 OicSecCrl_t *GetCRLResource();
 
+/**
+ * This function frees resources inside given OicSecCrl_t object
+ *
+ * @param crl  crl object
+ */
+void DeleteCrl(OicSecCrl_t *crl);
+
+/**
+ * This function gets time when CRL was last updated in database
+ * Function allocates memory for lastUpdate and
+ * Caller is responsible to free that memory
+ *
+ * @param lastUpdate    pointer to last update string.
+ * @return ::OC_STACK_OK for Success, otherwise some error value.
+ */
+OCStackResult getLastUpdateFromDB(char **lastUpdate);
+
 #ifdef __cplusplus
 }
 #endif

resource/csdk/security/include/internal/srmresourcestrings.h

@@ -153,6 +153,7 @@ extern const char * OIC_JSON_SEC_V_NAME;
 extern const char * OIC_JSON_EMPTY_STRING;
 
 extern const char * TRUST_CA;
+extern const char * PRIMARY_CERT;
 
 extern OicUuid_t WILDCARD_SUBJECT_ID;
 extern OicUuid_t WILDCARD_SUBJECT_B64_ID;

resource/csdk/security/include/pkix_interface.h

+/******************************************************************
+ *
+ * Copyright 2016 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ ******************************************************************/
+
+#ifndef PKIX_INTERFACE_H
+#define PKIX_INTERFACE_H
+
+#include "cainterface.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+/**
+ * This method is used by mbedTLS/SRM to retrieve PKIX related info
+ *
+ * @param[out] inf structure with certificate, private key and crl to be filled.
+ *
+ */
+void GetPkixInfo(PkiInfo_t * inf);
+#ifdef __cplusplus
+}
+#endif
+
+#endif //PKIX_INTERFACE_H

resource/csdk/security/include/securevirtualresourcetypes.h

@@ -495,7 +495,7 @@ struct OicSecCrl
 {
     uint16_t CrlId;
     ByteArray ThisUpdate;
-    ByteArray CrlData;
+    OicSecKey_t CrlData;
 };
 #endif /* __WITH_X509__ or __WITH_TLS__ */
 

resource/csdk/security/provisioning/SConscript

@@ -36,6 +36,7 @@ provisioning_env.AppendUnique(CPPPATH = [
 		'../../../c_common/oic_malloc/include',
 		'include',
 		'include/internal',
+		'include/cloud',
 		'include/oxm',
 		'../../resource/csdk/security/include',
 		'../../../../extlibs/cjson/',
@@ -67,6 +68,9 @@ provisioning_env.PrependUnique(LIBS = ['oc', 'octbstack', 'oc_logger', 'connecti
 
 provisioning_env.AppendUnique(LIBS = ['tinydtls'])
 
+if provisioning_env.get('WITH_TCP') == True:
+	provisioning_env.AppendUnique(LIBS = ['mbedtls', 'mbedx509','mbedcrypto'])
+
 if provisioning_env.get('DTLS_WITH_X509') == '1':
 	provisioning_env.AppendUnique(LIBS = ['CKManager', 'asn1'])
 if provisioning_env.get('WITH_TCP') == True:
@@ -104,6 +108,15 @@ provisioning_src = [
 	'src/oxmrandompin.c',
 	'src/provisioningdatabasemanager.c' ]
 
+if provisioning_env.get('WITH_TCP') == True:
+	provisioning_src = provisioning_src + [
+	'src/cloud/utils.c',
+	'src/cloud/crl.c',
+	'src/cloud/aclgroup.c',
+	'src/cloud/aclinvite.c',
+	'src/cloud/aclid.c',
+	'src/cloud/csr.c']
+
 if target_os not in ['tizen', 'windows', 'msys_nt']:
 	provisioning_src = provisioning_src + [root_dir+'/extlibs/sqlite3/sqlite3.c' ]
 

resource/csdk/security/provisioning/include/cloud/occloudprovisioning.h

+/* *****************************************************************
+ *
+ * Copyright 2016 Samsung Electronics All Rights Reserved.
+ *
+ *
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * *****************************************************************/
+#ifndef OC_CLOUD_PROVISIONING_H
+#define OC_CLOUD_PROVISIONING_H
+
+#include "octypes.h"
+#include "securevirtualresourcetypes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+typedef void (*OCCloudResponseCB )(void* ctx, OCStackResult result, void* data);
+
+typedef struct cloudAce cloudAce_t;
+
+struct cloudAce {
+    char *aceId;
+    OicUuid_t subjectuuid;
+    uint16_t stype;
+    uint16_t permission;
+    OicSecRsrc_t *resources;
+    OicSecValidity_t *validities;
+    cloudAce_t *next;
+};
+
+typedef struct {
+    char **array;
+    size_t length;
+}stringArray_t;
+
+typedef struct {
+    stringArray_t gidlist;
+    stringArray_t midlist;
+}stringArrayPair_t;
+
+typedef struct {
+    stringArrayPair_t invite;
+    stringArrayPair_t invited;
+}inviteResponse_t;
+
+/**
+ * Certificate-Issue request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudCertificateIssueRequest(void* ctx,
+                                             const OCDevAddr *endPoint,
+                                             OCCloudResponseCB callback);
+
+/**
+ * CRL GET request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudGetCRL(void* ctx,
+                            const OCDevAddr *endPoint,
+                            OCCloudResponseCB callback);
+
+/**
+ * CRL POST request function (with Serial Numbers list to revoke)
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] thisUpdate        mandatory parameter thisUpdate
+ * @param[in] nextUpdate        mandatory parameter nextUpdate
+ * @param[in] crl               optional parameter crl
+ * @param[in] serialNumbers     optional parameter serial numbers
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudPostCRL(void* ctx,
+                             const char *thisUpdate,
+                             const char *nextUpdate,
+                             const OCByteString *crl,
+                             const stringArray_t *serialNumbers,
+                             const OCDevAddr *endPoint,
+                             OCCloudResponseCB callback);
+
+/**
+ * ACL id retrieve by device id
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] deviceId          mandatory parameter device id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIdGetByDevice(void* ctx,
+                                      const char *deviceId,
+                                      const OCDevAddr *endPoint,
+                                      OCCloudResponseCB callback);
+
+/**
+ * ACL id create
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] ownerId           mandatory parameter owner id
+ * @param[in] deviceId          mandatory parameter device id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIdCreate(void* ctx,
+                                 const char *ownerId,
+                                 const char *deviceId,
+                                 const OCDevAddr *endPoint,
+                                 OCCloudResponseCB callback);
+
+/**
+ * ACL id delete
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] aclId             mandatory parameter acl id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIdDelete(void* ctx,
+                                 const char *aclId,
+                                 const OCDevAddr *endPoint,
+                                 OCCloudResponseCB callback);
+
+/**
+ * ACL individual get info
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] aclId             mandatory parameter acl id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIndividualGetInfo(void* ctx,
+                                          const char *aclId,
+                                          const OCDevAddr *endPoint,
+                                          OCCloudResponseCB callback);
+
+/**
+ * ACL individual update ACE
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] aclId             mandatory parameter acl id
+ * @param[in] aces              mandatory parameter aces
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIndividualUpdateAce(void* ctx,
+                                            const char *aclId,
+                                            const cloudAce_t *aces,
+                                            const OCDevAddr *endPoint,
+                                            OCCloudResponseCB callback);
+
+/**
+ * ACL individual delete
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] aclId             mandatory parameter acl id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclIndividualDelete(void* ctx,
+                                         const char *aclId,
+                                         const OCDevAddr *endPoint,
+                                         OCCloudResponseCB callback);
+
+/**
+ * ACL post group request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] groupType         mandatory parameter group type
+ * @param[in] groupMasterId     optional parameter group master id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclCreateGroup(void* ctx,
+                                    const char *groupType,
+                                    const char *groupMasterId,
+                                    const OCDevAddr *endPoint,
+                                    OCCloudResponseCB callback);
+
+/**
+ * ACL get group request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] memberId          mandatory parameter member id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclFindMyGroup(void* ctx,
+                                    const char *memberId,
+                                    const OCDevAddr *endPoint,
+                                    OCCloudResponseCB callback);
+
+/**
+ * ACL delete group request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] groupId           mandatory parameter group id
+ * @param[in] groupMasterId     optional parameter group master id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclDeleteGroup(void* ctx,
+                                    const char *groupId,
+                                    const char *groupMasterId,
+                                    const OCDevAddr *endPoint,
+                                    OCCloudResponseCB callback);
+
+/**
+ * ACL join to invited group request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] groupId           mandatory parameter group id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclJoinToInvitedGroup(void* ctx,
+                                           const char *groupId,
+                                           const OCDevAddr *endPoint,
+                                           OCCloudResponseCB callback);
+
+/**
+ * ACL observe group request function
+ *
+ * @param[in] ctx               user-defined context
+ * @param[in] groupId           mandatory parameter group id
+ * @param[in] endPoint          cloud host and port
+ * @param[in] callback          result callback
+ * @return  OCStackResult application result
+ */
+OCStackResult OCCloudAclObserveGroup(void* ctx,
+                                     const char *groupId,