Commit b578b610 authored by leechul's avatar leechul Committed by Dmitriy Zhuravlev

Update secure resource related modules(SRM,OTM,SRP,CKM,unit tests,samples)

according to spec B.

* NOTE : https://gerrit.iotivity.org/gerrit/#/c/4733/ required,
         in order to provisioning tool works in debug mode.

1. Change the security resource name according to spec B.

2. Remove unnecessary security resource according to spec B.

3. Remove the entity of resource name from coap/coaps payload as follows :
  [Before]
  {
    "doxm":
    {
      "oxm":[0],
      "oxmsel":0,
      "sct":1,
      "owned":true,
      "deviceid":"anVzdHdvcmtzRGV2VVVJRA==",
      "devowner":"YWRtaW5EZXZpY2VVVUlEMA==",
      "rowner":"YWRtaW5EZXZpY2VVVUlEMA=="
    }
  }

  [After]
  {
    "oxm":[0],
    "oxmsel":0,
    "sct":1,
    "owned":true,
    "deviceid":"anVzdHdvcmtzRGV2VVVJRA==",
    "devowner":"YWRtaW5EZXZpY2VVVUlEMA==",
    "rowner":"YWRtaW5EZXZpY2VVVUlEMA=="
  }

4. Modify the sample SVR DB(.json) according to above modifications.

5. Modify the unittest according to above modifications.

[Patch #1] Initial upload
[Patch #2] Update commit message
[Patch #3] Retrigger
[Patch #4] Upload missing file.
[Patch #5,#6] Modify according to comments.
[Patch #7,#8] Update commit message.

Change-Id: Ic6842af77c7098f30e7823597f807bb8a55d4541
Signed-off-by: default avatarleechul <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/4725Tested-by: default avatarjenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: default avatarsangsu choi <sangsu.choi@samsung.com>
Reviewed-by: default avatarDmitriy Zhuravlev <d.zhuravlev@samsung.com>
parent 858b68c7
......@@ -57,10 +57,11 @@ const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **
* Caller needs to invoke 'free' when done using
* returned string.
* @param acl instance of OicSecAcl_t structure.
* @param isIncResName decide whether or not to include the resource name in output.
*
* @retval pointer to ACL in json format.
*/
char* BinToAclJSON(const OicSecAcl_t * acl);
char* BinToAclJSON(const OicSecAcl_t * acl, const bool isIncResName);
/**
......@@ -74,10 +75,11 @@ void DeleteACLList(OicSecAcl_t* acl);
/**
* This function installs a new ACL.
* @param newJsonStr JSON string representing a new ACL.
* @param isIncResName if resource name is included into payload, it is true.
*
* @retval OC_STACK_OK for Success, otherwise some error value
*/
OCStackResult InstallNewACL(const char* newJsonStr);
OCStackResult InstallNewACL(const char* newJsonStr, const bool isIncResName);
#ifdef __cplusplus
......
......@@ -67,10 +67,11 @@ OCStackResult AmaclGetAmsDeviceId(const char *resource, OicUuid_t *amsId);
* Caller needs to invoke 'free' when done using
* returned string.
* @param Amacl instance of OicSecAmacl_t structure.
* @param isIncResName Decide whether or not to include the name of the resource in output.
*
* @retval pointer to Amacl in json format.
*/
char* BinToAmaclJSON(const OicSecAmacl_t * amacl);
char* BinToAmaclJSON(const OicSecAmacl_t * amacl, const bool isIncResName);
#ifdef __cplusplus
}
......
......@@ -65,12 +65,13 @@ const OicSecCred_t* GetCredResourceData(const OicUuid_t* subjectId);
* Caller needs to invoke 'free' when done using
* returned string.
* @param cred pointer to instance of OicSecCred_t structure.
* @param isIncResName Decide whether or not to include the resource name in output.
*
* @retval
* pointer to JSON credential representation - if credential for subjectId found
* NULL - if credential for subjectId not found
*/
char* BinToCredJSON(const OicSecCred_t* cred);
char* BinToCredJSON(const OicSecCred_t* cred, const bool isIncResName);
/**
* This function generates the bin credential data.
......
......@@ -51,16 +51,16 @@ char* GetBase64CRL();
void GetDerCrl(ByteArray crlArray);
/**
* This function get CRL from SRM
* This method converts JSON CRL into binary CRL.
* The JSON CRL can be from persistent database or received as PUT/POST request.
*
* @param crl [out] - pointer to buffer that contains crl. Shoul be not NULL. Buffer
* will be allocated by the function and content of *crl will be ignored.
* @param outlen [out] - pointer to length of the CRL buffer. Shoul be not NULL.
* @param[in] jsonStr CRL data in json string.
* @param[in] isIncResName if resource name is included into payload, it is true.
* @return pointer to OicSecCrl_t.
*
* @returns OC_STACK_OK if success and errorcode otherwise.
* @note Caller responsible for crl buffer memory (use OICFree to free it)
* @note Caller needs to invoke OCFree after done using the return pointer
*/
OicSecCrl_t * JSONToCrlBin(const char * jsonStr);
OicSecCrl_t * JSONToCrlBin(const char * jsonStr, const bool isIncResName);
/**
* Initialize CLR resource by loading data from persistent storage.
......
......@@ -54,12 +54,13 @@ const OicSecDoxm_t* GetDoxmResourceData();
* or received as PUT/POST request.
*
* @param[in] jsonStr doxm data in json string.
* @param[in] isIncResName if resource name is included into payload, it is true.
* @return pointer to OicSecDoxm_t.
*
* @note Caller needs to invoke OCFree after done
* using the return pointer
*/
OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr);
OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr, const bool isIncResName);
/**
* This method converts DOXM data into JSON format.
......@@ -67,12 +68,13 @@ OicSecDoxm_t * JSONToDoxmBin(const char * jsonStr);
* return string
*
* @param[in] doxm Pointer to OicSecDoxm_t.
* @param[in] isIncResName Decide whether or not to include the resource name in output.
* @return pointer to json string.
*
* @note Caller needs to invoke OCFree after done
* using the return pointer
*/
char * BinToDoxmJSON(const OicSecDoxm_t * doxm);
char * BinToDoxmJSON(const OicSecDoxm_t * doxm, const bool isIncResName);
/**
* This method returns the SRM device ID for this device.
......
......@@ -43,17 +43,19 @@ OCStackResult DeInitPstatResource();
* This method converts JSON PSTAT into binary PSTAT.
*
* @param[in] jsonStr pstat data in json string.
* @param[in] isIncResName if resource name is included into payload, it is true.
* @return pointer to OicSecPstat_t.
*/
OicSecPstat_t * JSONToPstatBin(const char * jsonStr);
OicSecPstat_t * JSONToPstatBin(const char * jsonStr, const bool isIncResName);
/**
* This method converts pstat data into JSON format.
*
* @param[in] pstat pstat data in binary format.
* @param[in] isIncResName Decide whether or not to include the resource name in output.
* @return pointer to pstat json string.
*/
char * BinToPstatJSON(const OicSecPstat_t * pstat);
char * BinToPstatJSON(const OicSecPstat_t * pstat, const bool isIncResName);
/** This function deallocates the memory for OicSecPstat_t.
*
......
......@@ -68,12 +68,14 @@ extern const char * OIC_JSON_AMSS_NAME;
extern const char * OIC_JSON_PERMISSION_NAME;
extern const char * OIC_JSON_OWNERS_NAME;
extern const char * OIC_JSON_OWNER_NAME;
extern const char * OIC_JSON_DEV_OWNER_NAME;
extern const char * OIC_JSON_OWNED_NAME;
extern const char * OIC_JSON_OXM_NAME;
extern const char * OIC_JSON_OXM_TYPE_NAME;
extern const char * OIC_JSON_OXM_SEL_NAME;
extern const char * OIC_JSON_DEVICE_ID_FORMAT_NAME;
extern const char * OIC_JSON_CREDID_NAME;
extern const char * OIC_JSON_SUBJECTID_NAME;
extern const char * OIC_JSON_ROLEIDS_NAME;
extern const char * OIC_JSON_CREDTYPE_NAME;
extern const char * OIC_JSON_PUBLICDATA_NAME;
......
......@@ -44,10 +44,11 @@ void DeInitSVCResource();
* Caller needs to invoke 'free' when done using
* returned string.
* @param svc instance of OicSecSvc_t structure.
* @param isIncResName Decide whether or not to include the resource name in output.
*
* @retval pointer to SVC in json format.
*/
char* BinToSvcJSON(const OicSecSvc_t * svc);
char* BinToSvcJSON(const OicSecSvc_t * svc, const bool isIncResName);
#ifdef __cplusplus
}
......
......@@ -369,8 +369,6 @@ struct OicSecCred
struct OicSecDoxm
{
// <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
OicUrn_t *oxmType; // 0:R:M:N:URN
size_t oxmTypeLen; // the number of elts in OxmType
OicSecOxm_t *oxm; // 1:R:M:N:UINT16
size_t oxmLen; // the number of elts in Oxm
OicSecOxm_t oxmSel; // 2:R/W:S:Y:UINT16
......
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/res/d",
"/oic/res/types/d",
"/oic/presence"
],
"perms": 2,
"ownrs" : [
"permission": 2,
"rowners" : [
"ZG9vckRldmljZVVVSUQwMA=="
]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/crl",
"/oic/sec/cred"
],
"perms": 6,
"ownrs" : [
"permission": 6,
"rowners" : [
"ZG9vckRldmljZVVVSUQwMA=="
]
}
......@@ -31,7 +31,7 @@
"pstat": {
"isop": false,
"deviceid": "ZG9vckRldmljZVVVSUQwMA==",
"commithash": 0,
"ch": 0,
"cm": 0,
"tm": 0,
"om": 3,
......
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/res/d",
"/oic/res/types/d",
"/oic/presence"
],
"perms": 2,
"ownrs" : [
"permission": 2,
"rowners" : [
"bGlnaHREZXZpY2VVVUlEMA=="
]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/crl",
"/oic/sec/cred"
],
"perms": 6,
"ownrs" : [
"permission": 6,
"rowners" : [
"bGlnaHREZXZpY2VVVUlEMA=="
]
}
......@@ -31,7 +31,7 @@
"pstat": {
"isop": false,
"deviceid": "bGlnaHREZXZpY2VVVUlEMA==",
"commithash": 0,
"ch": 0,
"cm": 0,
"tm": 0,
"om": 3,
......
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/d",
"/oic/p",
"/oic/res/types/d",
"/oic/ad"
],
"perms": 2,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
"permission": 2,
"rowners" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/cred"
],
"perms": 7,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
"permission": 7,
"rowners" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
}
],
"pstat": {
......@@ -39,6 +39,6 @@
"sct": 1,
"owned": true,
"deviceid": "YWRtaW5EZXZpY2VVVUlEMA==",
"ownr": "YWRtaW5EZXZpY2VVVUlEMA=="
"devowner": "YWRtaW5EZXZpY2VVVUlEMA=="
}
}
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/d",
"/oic/p",
"/oic/res/types/d",
"/oic/ad"
],
"perms": 2,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlE"]
"permission": 2,
"rowners" : ["YWRtaW5EZXZpY2VVVUlE"]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/cred"
],
"perms": 7,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlE"]
"permission": 7,
"rowners" : ["YWRtaW5EZXZpY2VVVUlE"]
}
],
"crl": {
......@@ -43,6 +43,6 @@
"oxmsel": 0,
"owned": true,
"deviceid": "YWRtaW5EZXZpY2VVVUlE",
"ownr": "YWRtaW5EZXZpY2VVVUlE"
"devowner": "YWRtaW5EZXZpY2VVVUlE"
}
}
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/d",
"/oic/p",
......@@ -10,17 +10,17 @@
"/oic/ad",
"/oic/sec/amacl"
],
"perms": 2,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
"permission": 2,
"rowners" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat"
],
"perms": 2,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
"permission": 2,
"rowners" : ["YWRtaW5EZXZpY2VVVUlEMA=="]
}
],
"pstat": {
......@@ -38,6 +38,6 @@
"sct": 1,
"owned": true,
"deviceid": "YWRtaW5EZXZpY2VVVUlEMA==",
"ownr": "YWRtaW5EZXZpY2VVVUlEMA=="
"devowner": "YWRtaW5EZXZpY2VVVUlEMA=="
}
}
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/d",
"/oic/p",
"/oic/res/types/d",
"/oic/ad"
],
"perms": 2,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlE"]
"permission": 2,
"rowners" : ["YWRtaW5EZXZpY2VVVUlE"]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/cred"
],
"perms": 7,
"ownrs" : ["YWRtaW5EZXZpY2VVVUlE"]
"permission": 7,
"rowners" : ["YWRtaW5EZXZpY2VVVUlE"]
}
],
"pstat": {
......@@ -39,6 +39,6 @@
"sct": 1,
"owned": true,
"deviceid": "YWRtaW5EZXZpY2VVVUlE",
"ownr": "YWRtaW5EZXZpY2VVVUlE"
"devowner": "YWRtaW5EZXZpY2VVVUlE"
}
}
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/res/d",
"/oic/res/types/d",
"/oic/presence"
],
"perms": 2,
"ownrs" : [
"permission": 2,
"rowners" : [
"anVzdHdvcmtzRGV2VVVJRA=="
]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/cred"
],
"perms": 6,
"ownrs" : [
"permission": 6,
"rowners" : [
"anVzdHdvcmtzRGV2VVVJRA=="
]
}
......@@ -30,7 +30,7 @@
"pstat": {
"isop": false,
"deviceid": "anVzdHdvcmtzRGV2VVVJRA==",
"commithash": 0,
"ch": 0,
"cm": 0,
"tm": 0,
"om": 3,
......
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/res/d",
"/oic/res/types/d",
"/oic/presence"
],
"perms": 2,
"ownrs" : [
"permission": 2,
"rowners" : [
"cmFuZG9tUGluRGV2VVVJRA=="
]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat",
"/oic/sec/acl",
"/oic/sec/cred"
],
"perms": 6,
"ownrs" : [
"permission": 6,
"rowners" : [
"cmFuZG9tUGluRGV2VVVJRA=="
]
}
......@@ -30,7 +30,7 @@
"pstat": {
"isop": false,
"deviceid": "cmFuZG9tUGluRGV2VVVJRA==",
"commithash": 0,
"ch": 0,
"cm": 0,
"tm": 0,
"om": 3,
......
{
"acl": [
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/res",
"/oic/d",
"/oic/p",
......@@ -12,17 +12,17 @@
"/oic/sec/svc",
"/oic/sec/amacl"
],
"perms": 2,
"ownrs" : ["MTExMTExMTExMTExMTExMQ=="]
"permission": 2,
"rowners" : ["MTExMTExMTExMTExMTExMQ=="]
},
{
"sub": "Kg==",
"rsrc": [
"subject": "Kg==",
"resources": [
"/oic/sec/doxm",
"/oic/sec/pstat"
],
"perms": 6,
"ownrs" : ["MTExMTExMTExMTExMTExMQ=="]
"permission": 6,
"rowners" : ["MTExMTExMTExMTExMTExMQ=="]
}
],
"pstat": {
......
......@@ -515,7 +515,7 @@ static OCStackApplicationResult ListMethodsHandler(void *ctx, OCDoHandle UNUSED,
}
OicSecPstat_t* pstat = JSONToPstatBin(
((OCSecurityPayload*)clientResponse->payload)->securityData);
((OCSecurityPayload*)clientResponse->payload)->securityData, false);
if(NULL == pstat)
{
OC_LOG(ERROR, TAG, "Error while converting json to pstat bin");
......@@ -881,7 +881,7 @@ static OCStackResult PutUpdateOperationMode(OTMContext_t* otmCtx,
return OC_STACK_NO_MEMORY;
}
secPayload->base.type = PAYLOAD_TYPE_SECURITY;
secPayload->securityData = BinToPstatJSON(deviceInfo->pstat);
secPayload->securityData = BinToPstatJSON(deviceInfo->pstat, false);
if (NULL == secPayload->securityData)
{
OICFree(secPayload);
......@@ -1120,7 +1120,7 @@ static OCStackApplicationResult ProvisionDefaultACLCB(void *ctx, OCDoHandle UNUS
return OC_STACK_NO_MEMORY;
}
secPayload->base.type = PAYLOAD_TYPE_SECURITY;
secPayload->securityData = BinToPstatJSON(otmCtx->selectedDeviceInfo->pstat);
secPayload->securityData = BinToPstatJSON(otmCtx->selectedDeviceInfo->pstat, false);
if (NULL == secPayload->securityData)
{
OICFree(secPayload);
......@@ -1223,7 +1223,7 @@ OCStackResult FinalizeProvisioning(OTMContext_t* otmCtx)
return OC_STACK_NO_MEMORY;
}