Commit 9ca54cba authored by Greg Zaverucha's avatar Greg Zaverucha Committed by Nathan Heldt-Sheller

[IOT-1785] Finish OCF 1.0 identity certificate support

Add unit test to exercise certificate provisioning and use
(previously only provisioning was tested).  Fixed bugs in
credresource and ca_adapter_net_ssl. Configure mbedtls to use
 OCF certificate EKUs. Added more logging in many places. Exposed
 API to remove credentials locally for use by test code.

Change-Id: Ia55c7f3a7518f12c99f60280062f156954bdf4ac
Signed-off-by: default avatarGreg Zaverucha <gregz@microsoft.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/17983Reviewed-by: default avatarKevin Kane <kkane@microsoft.com>
Reviewed-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
Reviewed-by: default avatarAlex Kelley <alexke@microsoft.com>
Tested-by: default avatarjenkins-iotivity <jenkins@iotivity.org>
Reviewed-by: default avatarDave Thaler <dthaler@microsoft.com>
Reviewed-by: Nathan Heldt-Sheller's avatarNathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
parent e5cfc014
......@@ -97,6 +97,7 @@
/**
* @def MMBED_TLS_DEBUG_LEVEL
* @brief Logging level for mbedTLS library
* Level 1 logs errors only, level 4 is verbose logging.
*/
#define MBED_TLS_DEBUG_LEVEL (4)
......@@ -200,6 +201,12 @@ if (g_sslCallback)
g_sslCallback(&(peer)->sep.endpoint, &errorInfo); \
}
/* OCF-defined EKU value indicating an identity certificate, that can be used for
* TLS client and server authentication. This is the DER encoding of the OID
* 1.3.6.1.4.1.44924.1.6.
*/
static const unsigned char EKU_IDENTITY[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0xDE, 0x7C, 0x01, 0x06 };
/**@def CONF_SSL(clientConf, serverConf, fn, ...)
*
* Calls \a fn for \a clientConf and \a serverConf.
......@@ -673,6 +680,22 @@ static int InitPKIX(CATransportAdapter_t adapter)
goto required;
}
/* If we get here, certificates could be used, so configure OCF EKUs. */
ret = mbedtls_ssl_conf_ekus(serverConf, (const char*)EKU_IDENTITY, sizeof(EKU_IDENTITY),
(const char*)EKU_IDENTITY, sizeof(EKU_IDENTITY));
if (0 == ret)
{
ret = mbedtls_ssl_conf_ekus(clientConf, (const char*)EKU_IDENTITY, sizeof(EKU_IDENTITY),
(const char*)EKU_IDENTITY, sizeof(EKU_IDENTITY));
}
if (0 != ret)
{
/* Cert-based ciphersuites will fail, but if PSK ciphersuites are in
* the list they might work, so don't return error.
*/
OIC_LOG(WARNING, NET_SSL_TAG, "EKU configuration error");
}
required:
count = ParseChain(&g_caSslContext->ca, g_pkiInfo.ca.data, g_pkiInfo.ca.len, &errNum);
if(0 >= count)
......@@ -734,6 +757,9 @@ static int GetPskCredentialsCallback(void * notUsed, mbedtls_ssl_context * ssl,
OIC_LOG(DEBUG, NET_SSL_TAG, "PSK:");
OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, keyBuf, ret);
OIC_LOG(DEBUG, NET_SSL_TAG, "Identity:");
OIC_LOG_BUFFER(DEBUG, NET_SSL_TAG, desc, descLen);
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return(mbedtls_ssl_set_hs_psk(ssl, keyBuf, ret));
}
......@@ -2026,15 +2052,11 @@ CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, size_t dat
/* Find the CN component of the subject name. */
for (name = &peerCert->subject; NULL != name; name = name->next)
{
if (!name->oid.p)
{
continue;
}
if ((name->oid.len < MBEDTLS_OID_SIZE(MBEDTLS_OID_AT_CN) ||
(0 != memcmp(MBEDTLS_OID_AT_CN, name->oid.p, name->oid.len))))
if (name->oid.p &&
(name->oid.len <= MBEDTLS_OID_SIZE(MBEDTLS_OID_AT_CN)) &&
(0 == memcmp(MBEDTLS_OID_AT_CN, name->oid.p, name->oid.len)))
{
continue;
break;
}
}
......
......@@ -178,6 +178,10 @@ static CAData_t* CAGenerateHandlerData(const CAEndpoint_t *endpoint,
{
info->identity = *identity;
}
else
{
OIC_LOG_V(INFO, TAG, "%s: No identity information provided", __func__);
}
OIC_LOG(DEBUG, TAG, "Response Info :");
CALogPayloadInfo(info);
}
......
......@@ -85,7 +85,6 @@
#include "platform_features.h"
#include "logger.h"
#define MBED_TLS_DEBUG_LEVEL (4) // Verbose
#define SEED "PREDICTED_SEED"
#define dummyHandler 0xF123
......
......@@ -124,11 +124,14 @@ OicSecCred_t * GenerateCredential(const OicUuid_t* subject, OicSecCredType_t cre
OCStackResult AddCredential(OicSecCred_t * cred);
/**
* Function to remove the credential from SVR DB.
* Function to remove credentials from the SVR DB for the given subject UUID.
* If multiple credentials exist for the UUID, they will all be removed.
*
* @param subject is the Credential Subject to be deleted.
*
* @return ::OC_STACK_OK for success, or errorcode otherwise.
* @return ::OC_STACK_RESOURCE_DELETED if credentials were removed, or
* if there are no credentials with the given UUID. An error is returned if
* removing credentials failed.
*/
OCStackResult RemoveCredential(const OicUuid_t *subject);
......
......@@ -143,7 +143,7 @@ OCStackResult SRPProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint1
* @param[out] credId CredId of saved trust certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult SRPSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
OCStackResult SRPSaveTrustCertChain(const uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType,uint16_t *credId);
/**
......
......@@ -539,6 +539,16 @@ OCStackResult OCGetLinkedStatus(const OicUuid_t* uuidOfDevice,
OCUuidList_t** uuidList,
size_t* numOfDevices);
/**
* Remove locally stored credentials with the specified subject UUID.
*
* @param[in] subjectUuid The subject UUID of the credentials to remove
*
* @return OC_STACK_RESOURCE_DELETED if credentials were removed, or
* OC_STACK_ERROR if no credentials were removed.
*/
OCStackResult OCRemoveCredential(const OicUuid_t* subjectUuid);
/**
* API to delete memory allocated to linked list created by OCDiscover_XXX_Devices API.
*
......@@ -604,8 +614,8 @@ OCStackResult OCProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint16
* @param[out] credId CredId of saved trust certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType, uint16_t *credId);
OCStackResult OCSaveTrustCertChain(const uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType, uint16_t *credId);
/**
* Function to save an identity certificate chain into Cred of SVR.
......@@ -615,7 +625,7 @@ OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
* @param[out] credId CredId of saved certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSaveOwnCertChain(char* cert, char* key, uint16_t *credId);
OCStackResult OCSaveOwnCertChain(const char* cert, const char* key, uint16_t *credId);
/**
* function to register callback, for getting notification for TrustCertChain change.
......
......@@ -64,7 +64,7 @@ parser.add_argument('--build', nargs='?', choices = ['debug', 'release'], help=
args = parser.parse_args()
# Number of unit tests in autoprovisioningclient
NUM_TESTS = 2
NUM_TESTS = 3
iotivity_base_path = os.getcwd()
os_name = platform.system()
......
......@@ -875,8 +875,8 @@ static int provisionCred(void)
* 3. Saves this root as a trust anchor locally.
* 4. Generate and store an IoTivity key and cert (issued from the CA root cert).
* This is an EE cert the CA/OBT will use in DTLS.
*
* @param[out] credid parameter for the ID of the CA credential
*
* The CA's key and cert are written to g_caKeyPem and g_caCertPem (resp.).
*/
static int setupCA()
{
......
......@@ -1367,6 +1367,11 @@ OCStackResult OCGetLinkedStatus(const OicUuid_t* uuidOfDevice, OCUuidList_t** uu
return PDMGetLinkedDevices(uuidOfDevice, uuidList, numOfDevices);
}
OCStackResult OCRemoveCredential(const OicUuid_t* subjectUuid)
{
return RemoveCredential(subjectUuid);
}
void OCDeleteUuidList(OCUuidList_t* pList)
{
PDMDestoryOicUuidLinkList(pList);
......@@ -1469,7 +1474,7 @@ OCStackResult OCProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint16
* @param[out] credId CredId of saved trust certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
OCStackResult OCSaveTrustCertChain(const uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType, uint16_t *credId)
{
return SRPSaveTrustCertChain(trustCertChain, chainSize, encodingType, credId);
......@@ -1483,7 +1488,7 @@ OCStackResult OCSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
* @param[out] credId CredId of saved certificate chain in Cred of SVR.
* @return OC_STACK_OK in case of success and other value otherwise.
*/
OCStackResult OCSaveOwnCertChain(char* cert, char* key, uint16_t *credId)
OCStackResult OCSaveOwnCertChain(const char* cert, const char* key, uint16_t *credId)
{
OicSecKey_t ownCert = { 0 };
ownCert.data = (uint8_t*) cert;
......
......@@ -588,7 +588,7 @@ OCStackResult SRPProvisionTrustCertChain(void *ctx, OicSecCredType_t type, uint1
return OC_STACK_OK;
}
OCStackResult SRPSaveTrustCertChain(uint8_t *trustCertChain, size_t chainSize,
OCStackResult SRPSaveTrustCertChain(const uint8_t *trustCertChain, size_t chainSize,
OicEncodingType_t encodingType, uint16_t *credId)
{
OIC_LOG(DEBUG, TAG, "IN SRPSaveTrustCertChain");
......
......@@ -444,7 +444,7 @@ OCStackResult OCInternalIsValidCertChain(const uint8_t *buf, size_t bufLen)
static const mbedtls_x509_crt_profile s_certProfile = {
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256), /* MD algorithms */
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA), /* Signature algorithms */
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY), /* Allowed key type */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1), /* EC curves */
0 /* RSA minimum key length - not used because we only use EC key pairs */
};
......
......@@ -381,7 +381,7 @@ static CborError SerializeEncodingToCborInternal(CborEncoder *map, const OicSecK
}
else
{
OIC_LOG_V(ERROR, TAG, "Unknown encoding type: %u.", value->encoding);
OIC_LOG_V(ERROR, TAG, "%s: Unknown encoding type: %u.", __func__, value->encoding);
return CborErrorUnknownType;
}
exit:
......@@ -496,7 +496,7 @@ static CborError DeserializeEncodingFromCborInternal(CborValue *map, char *name,
{
//For unit test
value->encoding = OIC_ENCODING_RAW;
OIC_LOG(WARNING, TAG, "Unknown encoding type detected.");
OIC_LOG_V(WARNING, TAG, "%s: Unknown encoding type detected.", __func__);
}
//Because cbor using malloc directly, it is required to use free() instead of OICFree
free(strEncoding);
......@@ -1674,7 +1674,7 @@ exit:
OCStackResult RemoveCredential(const OicUuid_t *subject)
{
OCStackResult ret = OC_STACK_ERROR;
OCStackResult ret = OC_STACK_RESOURCE_DELETED;
OicSecCred_t *cred = NULL;
OicSecCred_t *tempCred = NULL;
bool deleteFlag = false;
......@@ -1691,9 +1691,9 @@ OCStackResult RemoveCredential(const OicUuid_t *subject)
if (deleteFlag)
{
if (UpdatePersistentStorage(gCred))
if (!UpdatePersistentStorage(gCred))
{
ret = OC_STACK_RESOURCE_DELETED;
ret = OC_STACK_ERROR;
}
}
return ret;
......@@ -2853,36 +2853,51 @@ OCStackResult GetCredRownerId(OicUuid_t *rowneruuid)
/* Caller must call OICFree on *der when finished. */
static int ConvertPemCertToDer(const char *pem, size_t pemLen, uint8_t** der, size_t* derLen)
{
size_t bufSize = B64DECODE_OUT_SAFESIZE(pemLen + 1);
uint8_t *buf = OICCalloc(1, bufSize);
if (NULL == buf)
const char* pemHeader = "-----BEGIN CERTIFICATE-----"; /* no newlines allowed here */
const char* pemFooter = "-----END CERTIFICATE-----";
mbedtls_pem_context ctx;
int ret;
OC_UNUSED(pemLen);
mbedtls_pem_init(&ctx);
size_t usedLen;
ret = mbedtls_pem_read_buffer(&ctx, pemHeader, pemFooter, (const uint8_t*) pem, NULL, 0, &usedLen);
if (ret != 0)
{
OIC_LOG(ERROR, TAG, "Failed to allocate memory");
return -1;
OIC_LOG_V(ERROR, TAG, "%s: failed reading PEM cert", __func__);
goto exit;
}
size_t outSize = 0;
if (B64_OK != b64Decode(pem, pemLen, buf, bufSize, &outSize))
uint8_t *buf = OICCalloc(1, ctx.buflen);
if (NULL == buf)
{
OICFree(buf);
OIC_LOG(ERROR, TAG, "Failed to decode base64 data");
return -1;
OIC_LOG(ERROR, TAG, "Failed to allocate memory");
ret = -1;
goto exit;
}
memcpy(buf, ctx.buf, ctx.buflen);
*der = buf;
*derLen = outSize;
*derLen = ctx.buflen;
return 0;
exit:
mbedtls_pem_free(&ctx);
return ret;
}
/* Caller must call OICFree on *pem when finished. */
static int ConvertDerCertToPem(const uint8_t* der, size_t derLen, uint8_t** pem)
{
const char* pemHeader = "-----BEGIN CERTIFICATE-----\n";
const char* pemHeader = "-----BEGIN CERTIFICATE-----\n";
const char* pemFooter = "-----END CERTIFICATE-----\n";
/* Get the length required for output */
size_t pemLen;
int ret = mbedtls_pem_write_buffer(pemHeader,
int ret = mbedtls_pem_write_buffer(pemHeader,
pemFooter,
der,
derLen,
......@@ -2903,7 +2918,8 @@ static int ConvertDerCertToPem(const uint8_t* der, size_t derLen, uint8_t** pem)
}
/* Try the conversion */
ret = mbedtls_pem_write_buffer(pemHeader, pemFooter,
ret = mbedtls_pem_write_buffer(pemHeader,
pemFooter,
der,
derLen,
*pem,
......@@ -2938,7 +2954,7 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
OIC_LOG_V(ERROR, TAG, "%s: Unsupported encoding %d", __func__, desiredEncoding);
return OC_STACK_INVALID_PARAM;
}
crt->len = 0;
OicSecCred_t* temp = NULL;
......@@ -2948,14 +2964,23 @@ static OCStackResult GetCaCert(ByteArray_t * crt, const char * usage, OicEncodin
(temp->credUsage != NULL) &&
(0 == strcmp(temp->credUsage, usage)) && (false == temp->optionalData.revstat))
{
if ((OIC_ENCODING_BASE64 != temp->optionalData.encoding) &&
(OIC_ENCODING_PEM != temp->optionalData.encoding) &&
(OIC_ENCODING_DER != temp->optionalData.encoding))
{
OIC_LOG_V(WARNING, TAG, "%s: Unknown encoding type", __func__);
continue;
}
if (OIC_ENCODING_DER == desiredEncoding)
{
if ((OIC_ENCODING_BASE64 == temp->optionalData.encoding) ||
(OIC_ENCODING_PEM == temp->optionalData.encoding))
{
uint8_t *buf = NULL;
uint8_t* buf = NULL;
size_t outSize = 0;
int ret = ConvertPemCertToDer((const char *)temp->optionalData.data, temp->optionalData.len, &buf, &outSize);
int ret = ConvertPemCertToDer((const char*)temp->optionalData.data, temp->optionalData.len, &buf, &outSize);
if (0 > ret)
{
OIC_LOG(ERROR, TAG, "Could not convert PEM cert to DER");
......@@ -3164,45 +3189,48 @@ void GetDerKey(ByteArray_t * key, const char * usage)
LL_FOREACH(gCred, temp)
{
if ((SIGNED_ASYMMETRIC_KEY == temp->credType || ASYMMETRIC_KEY == temp->credType) &&
temp->privateData.len > 0 &&
NULL != temp->credUsage &&
0 == strcmp(temp->credUsage, usage))
{
if (temp->privateData.encoding == OIC_ENCODING_PEM)
{
/* Convert PEM to DER */
mbedtls_pk_context ctx;
mbedtls_pk_init(&ctx);
const char* pemHeader = "-----BEGIN EC PRIVATE KEY-----"; /* no newlines allowed here */
const char* pemFooter = "-----END EC PRIVATE KEY-----";
int ret = mbedtls_pk_parse_key(&ctx, temp->privateData.data, temp->privateData.len, NULL, 0);
if (ret != 0)
if (temp->privateData.data[temp->privateData.len - 1] != 0)
{
mbedtls_pk_free(&ctx);
OIC_LOG_V(ERROR, TAG, "Key for %s found, but failed to convert from PEM to DER (while reading PEM)", usage);
OIC_LOG(ERROR, TAG, "Bad PEM private key data (not null terminated)");
return;
}
key->data = OICRealloc(key->data, key->len + temp->privateData.len);
if (key->data == NULL)
mbedtls_pem_context ctx;
int ret;
size_t usedLen;
mbedtls_pem_init(&ctx);
ret = mbedtls_pem_read_buffer(&ctx, pemHeader, pemFooter, (const uint8_t*)temp->privateData.data, NULL, 0, &usedLen);
if (ret != 0)
{
mbedtls_pk_free(&ctx);
OIC_LOG(ERROR, TAG, "Realloc failed to increase key->data length");
OIC_LOG_V(ERROR, TAG, "%s: failed reading PEM key", __func__);
mbedtls_pem_free(&ctx);
return;
}
key->len += temp->privateData.len;
ret = mbedtls_pk_write_key_der(&ctx, key->data, key->len);
if (ret < 1) /* return value is the number of bytes written, or error */
key->data = OICRealloc(key->data, ctx.buflen);
if (NULL == key->data)
{
mbedtls_pk_free(&ctx);
key->len = 0;
OIC_LOG_V(ERROR, TAG, "Key for %s found, but failed to convert from PEM to DER (while writing DER)", usage);
OIC_LOG(ERROR, TAG, "Failed to allocate memory");
mbedtls_pem_free(&ctx);
return;
}
key->data = OICRealloc(key->data, ret);
key->len = ret;
memcpy(key->data, ctx.buf, ctx.buflen);
key->len = ctx.buflen;
mbedtls_pem_free(&ctx);
break;
}
else if(temp->privateData.encoding == OIC_ENCODING_DER)
{
......@@ -3214,7 +3242,7 @@ void GetDerKey(ByteArray_t * key, const char * usage)
}
else
{
OIC_LOG_V(WARNING, TAG, "Key for %s found, but it has an unknown encoding", usage);
OIC_LOG_V(WARNING, TAG, "Key for %s found, but it has an unknown encoding (%d)", usage, temp->privateData.encoding);
}
}
}
......
......@@ -94,7 +94,7 @@ static OCStackResult StoreKeyPair(mbedtls_pk_context *keyPair, const OicUuid_t *
cred = GenerateCredential(myUuid, ASYMMETRIC_KEY, &publicData, &privateData, myUuid, NULL);
VERIFY_NOT_NULL(TAG, cred, ERROR);
cred->credUsage = OICStrdup(PRIMARY_KEY); // @todo: we may be able to use PRIMARY_CERT here too; need to investigate
cred->credUsage = OICStrdup(PRIMARY_CERT);
VERIFY_NOT_NULL(TAG, cred->credUsage, ERROR);
VERIFY_SUCCESS(TAG, OC_STACK_OK == AddCredential(cred), ERROR);
......@@ -394,22 +394,14 @@ static OCEntityHandlerResult HandleCsrGetRequest(OCEntityHandlerRequest * ehRequ
OIC_LOG(INFO, TAG, "HandleCsrGetRequest processing GET request");
mbedtls_pk_init(&keyPair);
// Retrieve our current certificate, if we have one, and use that key
GetDerKey(&keyData, PRIMARY_CERT);
if (0 == keyData.len)
{
// No cert? Get our primary key pair, or generate it if absent.
GetDerKey(&keyData, PRIMARY_KEY);
}
res = GetDoxmDeviceID(&myUuid);
VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
res = ConvertUuidToStr(&myUuid, &myUuidStr);
VERIFY_SUCCESS(TAG, OC_STACK_OK == res, ERROR);
// Retrieve the key from our current certificate if present, otherwise create a new key
GetDerKey(&keyData, PRIMARY_CERT);
mbedtls_pk_init(&keyPair);
if (0 < keyData.len)
{
ret = mbedtls_pk_parse_key(&keyPair, keyData.data, keyData.len, NULL, 0);
......
......@@ -35,9 +35,25 @@ void GetPkixInfo(PkiInfo_t * inf)
OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
return;
}
GetPemOwnCert(&inf->crt, PRIMARY_CERT);
if (inf->crt.len == 0)
{
OIC_LOG_V(WARNING, TAG, "%s: empty certificate", __func__);
}
GetDerKey(&inf->key, PRIMARY_CERT);
if (inf->key.len == 0)
{
OIC_LOG_V(WARNING, TAG, "%s: empty key", __func__);
}
(void)GetPemCaCert(&inf->ca, TRUST_CA);
if (inf->ca.len == 0)
{
OIC_LOG_V(WARNING, TAG, "%s: empty CA cert", __func__);
}
GetDerCrl(&inf->crl);
OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
}
......
......@@ -115,8 +115,16 @@ static bool IsRequestFromDevOwner(SRMRequestContext_t *context)
if (doxm)
{
retVal = UuidCmp(&doxm->owner, &context->subjectUuid);
OIC_LOG_V(DEBUG, TAG, "%s: request was %sreceived from device owner",
OIC_LOG_V(DEBUG, TAG, "%s: request was %s received from device owner",
__func__, retVal ? "" : "NOT ");
if (!retVal)
{
OIC_LOG(DEBUG, TAG, "Owner UUID :");
OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&doxm->owner.id, sizeof(&doxm->owner.id));
OIC_LOG(DEBUG, TAG, "Request UUID:");
OIC_LOG_BUFFER(DEBUG, TAG, (const uint8_t *)&context->subjectUuid.id, sizeof(&context->subjectUuid.id));
}
}
return retVal;
......
......@@ -175,7 +175,6 @@ const char * OIC_JSON_EMPTY_STRING = "";
// Certificates provided by Cloud
const char * TRUST_CA = "oic.sec.cred.trustca";
const char * PRIMARY_CERT = "oic.sec.cred.cert";
const char * PRIMARY_KEY = "primary_key";
// Certificates provided by manufacturer
const char * MF_TRUST_CA = "oic.sec.cred.mfgtrustca";
......
......@@ -50,6 +50,7 @@ OCProvisionPairwiseDevices
OCProvisionTrustCertChain
OCReadTrustCertChain
OCRegisterTrustCertChainNotifier
OCRemoveCredential
OCRemoveDevice
OCRemoveDeviceWithUuid
OCRemoveTrustCertChainNotifier
......@@ -59,9 +60,9 @@ OCSaveTrustCertChain
OCSaveOwnCertChain
OCSelectOwnershipTransferMethod
OCSetOwnerTransferCallbackData
OCUnlinkDevices
OCSetOxmAllowStatus
OCVerifyCSRSignature
OCUnlinkDevices
OCVerifyCSRSignature
SetClosePinDisplayCB
SetDisplayPinWithContextCB
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment