Commit 600e4fba authored by Nathan Heldt-Sheller's avatar Nathan Heldt-Sheller Committed by Randeep

[IOT-1582] Change "PUT" to count as "Create" and never as "Update"

Per Core Spec conventions, even though PUT is technically legal
for Create or Update, PUT is only ever used for Create.  Therefore
we need to change the CRUDN permission bit check in security layer.

Updated Readme.scons.txt and README-building-and-running-secure-IoTivity-
stack.txt to clarify build and use of secure IoTivity stack.

Change-Id: Id362c9c0225e53240b2d1f844c5f05d55cfa2938
Signed-off-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14579Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: default avatarPhil Coval <philippe.coval@osg.samsung.com>
Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Reviewed-by: default avatarCraig Pratt <craig@ecaspia.com>
Reviewed-by: default avatarGreg Zaverucha <gregz@microsoft.com>
Reviewed-by: default avatarUze Choi <uzchoi@samsung.com>
(cherry picked from commit da4ccd54)
Reviewed-on: https://gerrit.iotivity.org/gerrit/14719Reviewed-by: Randeep's avatarRandeep Singh <randeep.s@samsung.com>
parent 6678ceb5
...@@ -31,6 +31,10 @@ message to install tinycbor) ...@@ -31,6 +31,10 @@ message to install tinycbor)
('<iotivity>' is the path to 'iotivity' project. If your device is x86, arm, ('<iotivity>' is the path to 'iotivity' project. If your device is x86, arm,
or arm64, please change 'x86_64' to the proper arch) or arm64, please change 'x86_64' to the proper arch)
3. To build and test IoTivity with Security enabled (required for certification)
follow the instructions found in:
<iotivity>/resource/csdk/security/README-building-and-running-secure-IoTivity-stack.txt
== How to build IoTivity projects == == How to build IoTivity projects ==
IoTivity includes a series of projects. You can find all these projects here: IoTivity includes a series of projects. You can find all these projects here:
......
LAST UPDATED 9/29/2016 LAST UPDATED 11/20/2016
To build the IoTivity stack with the security features enabled: To prepare the environment for building IoTivity:
1) Install the tools and libraries for building IoTivity by following the
instructions in the <iotivity-base>/Readme.scons.txt file.
2) In addition, install the sqlite3 developer library:
$ sudo apt-get install libsqlite3-dev
3) Finally, download the mbedtls library:
$ git clone https://github.com/ARMmbed/mbedtls.git extlibs/mbedtls/mbedtls
To build the IoTivity stack with the security features enabled (required for
certification):
1) Build IoTivity with security enabled: 1) Build IoTivity with security enabled:
$ cd <iotivity-base> $ cd <iotivity-base>
...@@ -11,10 +23,39 @@ To build the IoTivity stack with the security features enabled: ...@@ -11,10 +23,39 @@ To build the IoTivity stack with the security features enabled:
$ export LD_LIBRARY_PATH=<iotivity-base>/out/<...>/release $ export LD_LIBRARY_PATH=<iotivity-base>/out/<...>/release
$ ./ocserverbasicops & $ ./ocserverbasicops &
$ ./occlientbasicops -t 1 $ ./occlientbasicops -t 1
NOTE: Console messages below indicate success: NOTE: Console messages below indicate success (may not be at bottom of
response printout... search up a page or so on the console):
"INFO: occlientbasicops: Uri -- /a/led "INFO: occlientbasicops: Uri -- /a/led
INFO: occlientbasicops: SECUREPORT udp: 51516 INFO: occlientbasicops: SECUREPORT udp: 51516 <-- actual port may differ
INFO: occlientbasicops: Secure -- YES" INFO: occlientbasicops: Secure -- YES"
Press <ctrl-c> to quit occlientbasicops, then run:
$ ./occlientbasicops -t 2 $ ./occlientbasicops -t 2
NOTE: Completion of 'GET' and 'PUT' query to /a/led indicates success! NOTE: receipt of of 'Get Response', 'Put Response' and 'Post Response'
from /a/led indicates success.
Example Response:
"33:43.222 INFO: occlientbasicops: Callback Context for PUT recvd successfully
33:43.222 INFO: occlientbasicops: StackResult: OC_STACK_UNAUTHORIZED_REQ
33:43.222 INFO: PayloadLog: NULL Payload
33:43.222 INFO: occlientbasicops: =============> Put Response
33:43.326 INFO: occlientbasicops: Callback Context for POST recvd successfully
33:43.326 INFO: occlientbasicops: StackResult: UNKNOWN
33:43.326 INFO: PayloadLog: Payload Type: Representation
33:43.326 INFO: PayloadLog: Resource #1
33:43.326 INFO: PayloadLog: Values:
33:43.326 INFO: PayloadLog: createduri(string):/a/led/0
33:43.326 INFO: occlientbasicops: =============> Post Response
33:43.426 INFO: occlientbasicops: Callback Context for POST recvd successfully
33:43.426 INFO: occlientbasicops: StackResult: UNKNOWN
33:43.426 INFO: PayloadLog: Payload Type: Representation
33:43.426 INFO: PayloadLog: Resource #1
33:43.426 INFO: PayloadLog: Values:
33:43.426 INFO: PayloadLog: createduri(string):/a/led/1
33:43.426 INFO: occlientbasicops: =============> Post Response
33:43.526 INFO: occlientbasicops: Callback Context for POST recvd successfully
33:43.526 INFO: occlientbasicops: StackResult: UNKNOWN
33:43.526 INFO: PayloadLog: Payload Type: Representation
33:43.526 INFO: PayloadLog: Resource #1
33:43.526 INFO: PayloadLog: Values:
33:43.526 INFO: PayloadLog: state(bool):true
33:43.526 INFO: PayloadLog: power(int):15
33:43.526 INFO: occlientbasicops: =============> Post Response"
...@@ -47,10 +47,15 @@ uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method) ...@@ -47,10 +47,15 @@ uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method)
case CA_GET: case CA_GET:
perm = (uint16_t)PERMISSION_READ; perm = (uint16_t)PERMISSION_READ;
break; break;
case CA_POST: // For now we treat all PUT & POST as Write case CA_POST: // Treat all POST as Write (Update) because
case CA_PUT: // because we don't know if resource exists yet. // we don't know if resource exists yet.
// This will be addressed in IoTivity impl of OCF 1.0
perm = (uint16_t)PERMISSION_WRITE; perm = (uint16_t)PERMISSION_WRITE;
break; break;
case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
// never for Update.
perm = (uint16_t)PERMISSION_CREATE;
break;
case CA_DELETE: case CA_DELETE:
perm = (uint16_t)PERMISSION_DELETE; perm = (uint16_t)PERMISSION_DELETE;
break; break;
......
...@@ -204,12 +204,12 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle, ...@@ -204,12 +204,12 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle,
case TEST_NON_CON_OP: case TEST_NON_CON_OP:
InitGetRequest(OC_LOW_QOS); InitGetRequest(OC_LOW_QOS);
InitPutRequest(OC_LOW_QOS); InitPutRequest(OC_LOW_QOS);
//InitPostRequest(OC_LOW_QOS); InitPostRequest(OC_LOW_QOS);
break; break;
case TEST_CON_OP: case TEST_CON_OP:
InitGetRequest(OC_HIGH_QOS); InitGetRequest(OC_HIGH_QOS);
InitPutRequest(OC_HIGH_QOS); InitPutRequest(OC_HIGH_QOS);
//InitPostRequest(OC_HIGH_QOS); InitPostRequest(OC_HIGH_QOS);
break; break;
} }
} }
...@@ -219,7 +219,6 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle, ...@@ -219,7 +219,6 @@ OCStackApplicationResult discoveryReqCB(void*, OCDoHandle,
return (UnicastDiscovery) ? OC_STACK_DELETE_TRANSACTION : OC_STACK_KEEP_TRANSACTION ; return (UnicastDiscovery) ? OC_STACK_DELETE_TRANSACTION : OC_STACK_KEEP_TRANSACTION ;
} }
int InitPutRequest(OCQualityOfService qos) int InitPutRequest(OCQualityOfService qos)
{ {
OIC_LOG_V(INFO, TAG, "Executing %s", __func__); OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
...@@ -241,6 +240,10 @@ int InitPostRequest(OCQualityOfService qos) ...@@ -241,6 +240,10 @@ int InitPostRequest(OCQualityOfService qos)
OIC_LOG_V(INFO, TAG, "Executing %s", __func__); OIC_LOG_V(INFO, TAG, "Executing %s", __func__);
std::ostringstream query; std::ostringstream query;
query << coapServerResource; query << coapServerResource;
if(WithTcp)
{
endpoint.adapter = OC_ADAPTER_TCP;
}
endpoint.flags = (OCTransportFlags)(endpoint.flags|OC_SECURE); endpoint.flags = (OCTransportFlags)(endpoint.flags|OC_SECURE);
// First POST operation (to create an LED instance) // First POST operation (to create an LED instance)
...@@ -262,10 +265,16 @@ int InitPostRequest(OCQualityOfService qos) ...@@ -262,10 +265,16 @@ int InitPostRequest(OCQualityOfService qos)
OIC_LOG(INFO, TAG, "Second POST call did not succeed"); OIC_LOG(INFO, TAG, "Second POST call did not succeed");
} }
// This POST operation will update the original resourced /a/led // This POST operation will update the original resourced /a/led (as long as
return (InvokeOCDoResource(query, OC_REST_POST, &endpoint, // the server is set to max 2 /lcd resources)
((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS), result = InvokeOCDoResource(query, OC_REST_POST, &endpoint,
postReqCB, NULL, 0)); ((qos == OC_HIGH_QOS) ? OC_HIGH_QOS: OC_LOW_QOS),
postReqCB, NULL, 0);
if (OC_STACK_OK != result)
{
OIC_LOG(INFO, TAG, "Third POST call did not succeed");
}
return result;
} }
int InitGetRequest(OCQualityOfService qos) int InitGetRequest(OCQualityOfService qos)
......
...@@ -95,7 +95,8 @@ OCRepPayload* constructResponse (OCEntityHandlerRequest *ehRequest) ...@@ -95,7 +95,8 @@ OCRepPayload* constructResponse (OCEntityHandlerRequest *ehRequest)
gResourceUri = (char *) "/a/led/1"; gResourceUri = (char *) "/a/led/1";
} }
if(OC_REST_PUT == ehRequest->method) if(OC_REST_PUT == ehRequest->method
|| OC_REST_POST == ehRequest->method)
{ {
// Get pointer to query // Get pointer to query
int64_t pow; int64_t pow;
...@@ -168,7 +169,7 @@ OCEntityHandlerResult ProcessPostRequest (OCEntityHandlerRequest *ehRequest, ...@@ -168,7 +169,7 @@ OCEntityHandlerResult ProcessPostRequest (OCEntityHandlerRequest *ehRequest,
* resource is created with default representation (if representation is included in * resource is created with default representation (if representation is included in
* POST payload it can be used as initial values) as long as the instance is * POST payload it can be used as initial values) as long as the instance is
* lesser than max new instance count. Once max instance count is reached, POST on * lesser than max new instance count. Once max instance count is reached, POST on
* /a/led updated the representation of /a/led (just like PUT) * /a/led updated the representation of /a/led.
*/ */
if (ehRequest->resource == LED.handle) if (ehRequest->resource == LED.handle)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment