Commit 618d5643 authored by Greg Zaverucha's avatar Greg Zaverucha Committed by Kevin Kane

[IOT-1949] De-duplicate roles posted to /oic/sec/roles

If a role certificate is added a second time to the roles
resource, do not add it again.

Change-Id: Ifce27b93404216fb2bbac5b02aeb414a75f0398c
Signed-off-by: default avatarGreg Zaverucha <gregz@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/18831Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
parent 57672039
......@@ -263,6 +263,8 @@ CborError SerializeEncodingToCbor(CborEncoder *rootMap, const char *tag, const O
CborError SerializeSecOptToCbor(CborEncoder *rootMap, const char *tag, const OicSecOpt_t *value);
CborError DeserializeEncodingFromCbor(CborValue *rootMap, OicSecKey_t *value);
CborError DeserializeSecOptFromCbor(CborValue *rootMap, OicSecOpt_t *value);
bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2);
bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2);
#ifdef __cplusplus
}
......
......@@ -1598,7 +1598,7 @@ static OicSecCred_t* GetCredDefault()
return NULL;
}
static bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2)
bool IsSameSecOpt(const OicSecOpt_t* sk1, const OicSecOpt_t* sk2)
{
VERIFY_NOT_NULL(TAG, sk1, WARNING);
VERIFY_NOT_NULL(TAG, sk2, WARNING);
......@@ -1611,7 +1611,7 @@ exit:
return false;
}
static bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
bool IsSameSecKey(const OicSecKey_t* sk1, const OicSecKey_t* sk2)
{
VERIFY_NOT_NULL(TAG, sk1, WARNING);
VERIFY_NOT_NULL(TAG, sk2, WARNING);
......
......@@ -320,6 +320,22 @@ exit:
return res;
}
static bool RoleCertChainContains(RoleCertChain_t *chain, const RoleCertChain_t* roleCert)
{
RoleCertChain_t *temp = NULL;
LL_FOREACH(chain, temp)
{
if (IsSameSecKey(&temp->certificate, &roleCert->certificate) &&
IsSameSecOpt(&temp->optData, &roleCert->optData))
{
return true;
}
}
return false;
}
static OCStackResult AddRoleCertificate(const RoleCertChain_t *roleCert, const uint8_t *pubKey, size_t pubKeyLength)
{
OCStackResult res = OC_STACK_ERROR;
......@@ -372,17 +388,23 @@ static OCStackResult AddRoleCertificate(const RoleCertChain_t *roleCert, const u
LL_PREPEND(gRoles, targetEntry);
}
// @todo: (IOT-1949) Detect duplicates and don't add them again
res = DuplicateRoleCertChain(roleCert, &copy);
if (OC_STACK_OK != res)
if (!RoleCertChainContains(targetEntry->chains, roleCert))
{
OIC_LOG_V(ERROR, TAG, "Could not duplicate role cert chain: %d", res);
goto exit;
}
res = DuplicateRoleCertChain(roleCert, &copy);
if (OC_STACK_OK != res)
{
OIC_LOG_V(ERROR, TAG, "%s: Could not duplicate role cert chain: %d", __func__, res);
goto exit;
}
// Assign our own credId.
copy->credId = gIdCounter++;
LL_APPEND(targetEntry->chains, copy);
// Assign our own credId.
copy->credId = gIdCounter++;
LL_APPEND(targetEntry->chains, copy);
}
else
{
OIC_LOG_V(DEBUG, TAG, "%s: Role cert chain already present, not going to add it again", __func__);
}
res = OC_STACK_OK;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment