Sample application maintenance for OCFSecure

The DOXM resource in the RFOTM state needs to provide write permissions to the onboarding tool. Fixed code indentation formats and improved README Change-Id: I8909f4b5182488bc01e69b2889cdf3ddeb8f42ab Signed-off-by: Rami Alshafi <ralshafi@vprime.com>

Sample application maintenance for OCFSecure
The DOXM resource in the RFOTM state needs to provide write permissions to the onboarding tool. Fixed code indentation formats and improved README Change-Id: I8909f4b5182488bc01e69b2889cdf3ddeb8f42ab Signed-off-by: Rami Alshafi <ralshafi@vprime.com>
d23d1287 · Rami Alshafi · 85ad6a79 · d23d1287 · d23d1287 · d23d1287
Commit d23d1287 authored Aug 07, 2018 by Rami Alshafi
4 changed files
--- a/examples/OCFSecure/README.md
+++ b/examples/OCFSecure/README.md
@@ -4,14 +4,19 @@ There are 2 applications; server and client, which need to be running from 2
 different terminals regardless whether those 2 terminals are running within
 the same machine or not as long as they can discover each other.
 These 2 applications are verified on
-* a regular Ubuntu machine
+* Regular Ubuntu machine
 * Ubuntu running on Intel Joule
 * Raspbian running on Raspberry Pi 3 and Raspberry Pi Zero W

 These applications can be used to verify the build environment is setup
 properly. They can serve as a baseline and a reference for new developers to
 learn how to write simple server and client applications and implement OCF
-security and pass the OCF certification test tool.
+security and pass the OCF Conformance Test Tool (CTT).
+
+The client application does not know how to onboard, so the server is
+provisioned already onboarded and owned by the client (Ready for Normal
+Operation or RFNOP state). If the server application is to be used with a
+different client, it will need to be reset first.

 # Building the applications

@@ -32,7 +37,7 @@ to the scons command RELEASE=0
 # Running the applications

 To run the applications on a regular machine with Ubuntu, change the directory
-to out/linux/x86_64/release/examples/OCFSecure with the following command
+to `out/linux/x86_64/release/examples/OCFSecure` with the following command
 ```
 $ cd out/linux/x86_64/release/examples/OCFSecure/
 ```
@@ -241,6 +246,23 @@ think you connected the led on the wrong pin which may not be the case.
 You can also connect the Enviro pHat sensor board if you have it. Its LED is
 already connected to gpio 7.

+# Resetting the server app
+Sometimes it is necessary to reset the server application. For example, the
+server app needs to be reset during OCF conformance testing or to be
+onboarded by an OnBoarding tool.
+
+In order to reset the server app, make sure it is not running. If it is running,
+then kill it with Ctrl+C.
+Copy the `ocf_svr_db_server_RFOTM.dat` from the project directory to the project
+output directory and name it as `ocf_svr_db_server.dat` as shown
+in the following command
+From the output directory from which the server application can be exexuted,
+type
+ 
+```
+cp ~/iot/iotivity/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat ocf_svr_db_server.dat
+```
+
 # Testing the server app against CTT
 You need to install the OCF Certification Test Tool 2.0 on a Windows machine
 and start it and if the windows machine on the same network as the server and
@@ -251,37 +273,33 @@ show the discovered devices and you should be able to see the server device
 as 12345678-1234-1234-1234-123456789012 and in the details section, you
 should be able to see the /switch uri. click on Next. Now, browse to select
 the PICS file which should be included in this example named
-PICS_server_OCF10_vprime.json then click on Next. From the Testing Profiles
+`PICS_server_OCF10_vprime.json` then click on Next. From the Testing Profiles
 uncheck everything and check OCF 1.0 Server. Next, click on
 Run All Test Cases button. Most likely, you will get a prompt saying
 "Please initiate device to revert to "ready for OTM" state" and there are
 2 options to click on; OK and Cancel because this sample is shipped in the
-"Ready for Normal Operation" state. In this case, kill the server with
-Ctrl+C and from the output directory where the server is running, copy the
-ocf_svr_db_server_RFOTM.dat from the project directory to the project output
-directory and name it as ocf_svr_db_server.dat as shown in the following
-command then re-run the server app then press OK on the prompt once the
-server is running again.
-```
-cp ~/iot/iotivity/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat ocf_svr_db_server.dat
-```
-You might get this prompt again since the CTT does not un-onboard the device
-but now you know what to do!
-Also, you will be prompt to power cycle the device. In this case, you can
+"Ready for Normal Operation" state. In this case, reset the server as explained
+in the "Resetting the server app" section of this document. Then run the server
+application. You might get this prompt again since the CTT does not un-onboard
+the device but now you know what to do!
+Also, you will be prompted to power cycle the device. In this case, you can
 either kill the server app and restart it again or literally power cycle
 your device and re-run the server app once your device is back up and
 connected to the same network.
 Please note, you might see tests passing with warnings and CT1.7.8.11 test
-Case failing but that is OK.
+Case failing but that is OK. In order to know which tests are required for
+certification, refer to the Certification Requirements Status List (CRST) that
+is associated with the CTT version.
+This device is tested using CTT version 2.1, which is associated with CRSL 4.3.

 # Known issues

 1. Sometimes, the applications will not run because of not finding some library.
-In this case, you would need to export the LD_LIBRARY_PATH to the environment.
+In this case, you would need to export the `LD_LIBRARY_PATH` to the environment.
    ```
    export LD_LIBRARY_PATH=<output dir orwherever the library is>
    ```
-    Also, since you would need to run the server application in sudo mode, you
+    Also, since you need to run the server application in privileged mode, you
 would need to type this command
    ```
    $sudo ldconfig
@@ -298,66 +316,67 @@ and file a bug in JIRA and assign it to me (username: alshafi).
 eventually. In the meantime, there will be multiple /switch links and only one
 of them works and the user will need to issues GET requests to all of them
 until the good one is found. The wrong /switch links will result in
-Result: (255) - OC_STACK_ERROR.
-The correct /a/led link will result in Result: (0) - OC_STACK_OK
+Result: (255) - `OC_STACK_ERROR`.
+The correct /a/led link will result in Result: (0) - `OC_STACK_OK`

 # Example Directory

 There are 16 files in the example directory.
-* client.c
+* `client.c`
    * This is the client program
-* device_properties.dat
+* `device_properties.dat`
    * This is a file storing the device properties in cbor format which is
 generated automatically by the server application
-* ocf_svr_db_client.dat
+* `ocf_svr_db_client.dat`
    * This is the cbor format of the secure virtual resource database, defined
-by the human-readable version ocf_svr_db_client.json file, and it is used by
+by the human-readable version `ocf_svr_db_client.json` file, and it is used by
 the client application
-* ocf_svr_db_client.json
-    * This is the human-readable version of ocf_svr_db_client.dat
-* ocf_svr_db_server.dat
+* `ocf_svr_db_client.json`
+    * This is the human-readable version of `ocf_svr_db_client.dat`.
+* `ocf_svr_db_server.dat`
    * This is the cbor format of the secure virtual resource database and it is
-an exact copy from the ocf_svr_db_server_RFNOP.dat which is the cbor version of
-the human-readable version ocf_svr_db_server_RFNOP.json file. This is the case
-because the client application does not support the onboarding and provisioning
-process currently and we need to set the state in the "Ready For Normal
-Operation" manually.
+an exact copy from the `ocf_svr_db_server_RFNOP.dat` which is the cbor version
+of the human-readable version `ocf_svr_db_server_RFNOP.json` file. This is the
+case because the client application does not support the onboarding and
+provisioning process currently and we need to set the state in the "Ready For
+Normal Operation" manually.
+
 We also need to set the state in the "Ready For Ownership Method Transfer"
 when testing the application with the OCF Certification Test Tool (CTT).
-In this case, you would need to copy ocf_svr_db_server_RFOTM.dat into
-ocf_svr_db_server.dat since that is the file that will be read by the server.
-* ocf_svr_db_server_RFNOP.dat
+In this case, you would need to copy `ocf_svr_db_server_RFOTM.dat` into
+`ocf_svr_db_server.dat` since that is the file that will be read by the server.
+* `ocf_svr_db_server_RFNOP.dat`
    * This is the cbor format of the secure virtual resource database, defined
-by the human-readable version ocf_svr_db_server_RFNOP.json file and it is *NOT*
-used by the server application. Rename it without the _RFNOP suffix to be read
-by the server
-* ocf_svr_db_server_RFNOP.json
-    * This is the human-readable version of ocf_svr_db_server_RFNOP.dat
-* ocf_svr_db_server_RFOTM.dat
+by the human-readable version `ocf_svr_db_server_RFNOP.json` file and it is
+*NOT* used by the server application. Rename it without the _RFNOP suffix to be
+read by the server
+* `ocf_svr_db_server_RFNOP.json`
+    * This is the human-readable version of `ocf_svr_db_server_RFNOP.dat`
+* `ocf_svr_db_server_RFOTM.dat`
    * This is the cbor format of the secure virtual resource database, defined
-by the human-readable version ocf_svr_db_server_RFOTM.json file and it is *NOT*
-used by the server application. Rename it without the _RFOTM suffix to be read
-by the server
-* ocf_svr_db_server_RFOTM.json
-    * This is the human-readable version of ocf_svr_db_server_RFOTM.dat
-* PICS_server_OCF10_vprime.json
+by the human-readable version `ocf_svr_db_server_RFOTM.json` file and it is
+*NOT* used by the server application. Rename it without the `_RFOTM` suffix to
+be read by the server
+* `ocf_svr_db_server_RFOTM.json`
+    * This is the human-readable version of `ocf_svr_db_server_RFOTM.dat`
+* `PICS_server_OCF10_vprime.json`
    * This is the file that was used as the input to the OCF Certification
 Test Tool.
-* README.md
+* `README.md`
    * This is this file :)
-* SConscript
+* `SConscript`
    * This is the script that is being used by the scons tool to know how
 to build the sample applications and what needs to be copied to the output
 directory.
-* server.cpp
+* `server.cpp`
    * This is the server program.
-* switch_introspection.dat
+* `switch_introspection.dat`
    * This is the cbor format of the introspection file (also known as
 Introspection Device Data IDD) the server needs to read to implement
 the introspection feature.
-* switch_introspection.json
-    * This is the human-readable version of switch_introspection.dat file
+* `switch_introspection.json`
+    * This is the human-readable version of `switch_introspection.dat` file
 which is also know as the "swagger" file.
-* utilities.c
+* `utilities.c`
    * this is a supplementary program containing custom utility c functions
 that help with reporting log messages mainly as of current.
--- a/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat
+++ b/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat
--- a/examples/OCFSecure/ocf_svr_db_server_RFOTM.json
+++ b/examples/OCFSecure/ocf_svr_db_server_RFOTM.json
@@ -7,8 +7,7 @@
                "resources": [
                    { "href": "/oic/res" },
                    { "href": "/oic/d" },
-                    { "href": "/oic/p" },
-                    { "href": "/oic/sec/doxm" }
+                    { "href": "/oic/p" }
                ],
                "permission": 2
            },
@@ -18,11 +17,26 @@
                "resources": [
                    { "href": "/oic/res" },
                    { "href": "/oic/d" },
-                    { "href": "/oic/p" },
-                    { "href": "/oic/sec/doxm" }
+                    { "href": "/oic/p" }
                ],
                "permission": 2
            },
+            {
+                "aceid": 3,
+                "subject": { "conntype": "anon-clear" },
+                "resources": [
+                    { "href": "/oic/sec/doxm" }
+                ],
+                "permission": 14
+            },
+            {
+                "aceid": 4,
+                "subject": { "conntype": "auth-crypt" },
+                "resources": [
+                    { "href": "/oic/sec/doxm" }
+                ],
+                "permission": 14
+            },
            {
                "aceid": 5,
                "subject": {"conntype": "auth-crypt" },
@@ -35,7 +49,7 @@
            }
        ],
        "rowneruuid": "00000000-0000-0000-0000-000000000000",
-        "rt": ["oic.r.acl"],
+        "rt": ["oic.r.acl2"],
        "if": ["oic.if.baseline"]
    },
    "pstat": {

--- a/examples/OCFSecure/server.cpp
+++ b/examples/OCFSecure/server.cpp
@@ -121,9 +121,9 @@ OCStackResult SetPlatformInfo()
        OCGetPropertyValue(PAYLOAD_TYPE_PLATFORM,
                           OC_RSRVD_MFG_NAME,
                           (void **) &mn);
-        OIC_LOG_V(INFO, TAG, "[%s] Set manufacture name successfully to %s",
-            __func__,
-            mn);
+        OIC_LOG_V(INFO, TAG, "[%s] Set manufacturer name successfully to %s",
+                  __func__,
+                  mn);
    }

    return OC_STACK_OK;
@@ -324,10 +324,8 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag,
                  __func__);
        return OC_EH_ERROR;
    }
-    OIC_LOG_V(INFO, TAG, "[%s] Flags: 0x%x: %s",
-               __func__,
-               flag,
-               decode_oc_eh_flag(flag));
+    OIC_LOG_V(INFO, TAG, "[%s] Flags: 0x%x: %s", __func__, flag,
+              decode_oc_eh_flag(flag));


    OCEntityHandlerResult eh_res = OC_EH_ERROR;
@@ -352,17 +350,16 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag,
            }
            else if (OC_REST_POST == requestMethod)
            {
-                OIC_LOG_V(INFO, TAG, "[%s] Processing POST request",
-                           __func__);
+                OIC_LOG_V(INFO, TAG, "[%s] Processing POST request", __func__);
                eh_res = ProcessPostRequest(ehRequest, &payload);
            }
            else
            {
                OIC_LOG_V(INFO, TAG, "[%s] Received unsupported method (%d):"
-                           " %s",
-                           __func__,
-                           ehRequest->method,
-                           decode_oc_method(ehRequest->method));
+                          " %s",
+                          __func__,
+                          ehRequest->method,
+                          decode_oc_method(ehRequest->method));
                eh_res = OC_EH_ERROR;
            }

@@ -449,7 +446,7 @@ ServerFOpen(const char *path,
                  __func__,
                  INTROSPECTION_FILE,
                  mode);
-      return fopen(INTROSPECTION_FILE, mode);
+        return fopen(INTROSPECTION_FILE, mode);
    }
    else
    {
@@ -474,7 +471,7 @@ main(void)
    GPIO = new mraa::Gpio(LED_PIN);
    if (!GPIO)
    {
-      OIC_LOG_V(ERROR, TAG, "Error instantiating gpio %d", LED_PIN);
+        OIC_LOG_V(ERROR, TAG, "Error instantiating gpio %d", LED_PIN);
    }
    GPIO->dir(mraa::DIR_OUT);
    #endif
@@ -511,8 +508,8 @@ main(void)
    stack_res = SetDeviceInfo();
    if (stack_res != OC_STACK_OK)
    {
-      OIC_LOG_V(ERROR, TAG, "[%s] Device Registration failed\n", __func__);
-      return stack_res;
+        OIC_LOG_V(ERROR, TAG, "[%s] Device Registration failed\n", __func__);
+        return stack_res;
    }
    else
    {
@@ -528,8 +525,8 @@ main(void)
                                 SWITCH.properties);
    if (stack_res != OC_STACK_OK)
    {
-      OIC_LOG_V(ERROR, TAG, "[%s] Failed to create resource\n", __func__);
-      return stack_res;
+        OIC_LOG_V(ERROR, TAG, "[%s] Failed to create resource\n", __func__);
+        return stack_res;
    }
    else
    {