Commit d23d1287 authored by Rami Alshafi's avatar Rami Alshafi

Sample application maintenance for OCFSecure

The DOXM resource in the RFOTM state needs to provide
write permissions to the onboarding tool.
Fixed code indentation formats and improved README

Change-Id: I8909f4b5182488bc01e69b2889cdf3ddeb8f42ab
Signed-off-by: default avatarRami Alshafi <ralshafi@vprime.com>
parent 85ad6a79
...@@ -4,14 +4,19 @@ There are 2 applications; server and client, which need to be running from 2 ...@@ -4,14 +4,19 @@ There are 2 applications; server and client, which need to be running from 2
different terminals regardless whether those 2 terminals are running within different terminals regardless whether those 2 terminals are running within
the same machine or not as long as they can discover each other. the same machine or not as long as they can discover each other.
These 2 applications are verified on These 2 applications are verified on
* a regular Ubuntu machine * Regular Ubuntu machine
* Ubuntu running on Intel Joule * Ubuntu running on Intel Joule
* Raspbian running on Raspberry Pi 3 and Raspberry Pi Zero W * Raspbian running on Raspberry Pi 3 and Raspberry Pi Zero W
These applications can be used to verify the build environment is setup These applications can be used to verify the build environment is setup
properly. They can serve as a baseline and a reference for new developers to properly. They can serve as a baseline and a reference for new developers to
learn how to write simple server and client applications and implement OCF learn how to write simple server and client applications and implement OCF
security and pass the OCF certification test tool. security and pass the OCF Conformance Test Tool (CTT).
The client application does not know how to onboard, so the server is
provisioned already onboarded and owned by the client (Ready for Normal
Operation or RFNOP state). If the server application is to be used with a
different client, it will need to be reset first.
# Building the applications # Building the applications
...@@ -32,7 +37,7 @@ to the scons command RELEASE=0 ...@@ -32,7 +37,7 @@ to the scons command RELEASE=0
# Running the applications # Running the applications
To run the applications on a regular machine with Ubuntu, change the directory To run the applications on a regular machine with Ubuntu, change the directory
to out/linux/x86_64/release/examples/OCFSecure with the following command to `out/linux/x86_64/release/examples/OCFSecure` with the following command
``` ```
$ cd out/linux/x86_64/release/examples/OCFSecure/ $ cd out/linux/x86_64/release/examples/OCFSecure/
``` ```
...@@ -241,6 +246,23 @@ think you connected the led on the wrong pin which may not be the case. ...@@ -241,6 +246,23 @@ think you connected the led on the wrong pin which may not be the case.
You can also connect the Enviro pHat sensor board if you have it. Its LED is You can also connect the Enviro pHat sensor board if you have it. Its LED is
already connected to gpio 7. already connected to gpio 7.
# Resetting the server app
Sometimes it is necessary to reset the server application. For example, the
server app needs to be reset during OCF conformance testing or to be
onboarded by an OnBoarding tool.
In order to reset the server app, make sure it is not running. If it is running,
then kill it with Ctrl+C.
Copy the `ocf_svr_db_server_RFOTM.dat` from the project directory to the project
output directory and name it as `ocf_svr_db_server.dat` as shown
in the following command
From the output directory from which the server application can be exexuted,
type
```
cp ~/iot/iotivity/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat ocf_svr_db_server.dat
```
# Testing the server app against CTT # Testing the server app against CTT
You need to install the OCF Certification Test Tool 2.0 on a Windows machine You need to install the OCF Certification Test Tool 2.0 on a Windows machine
and start it and if the windows machine on the same network as the server and and start it and if the windows machine on the same network as the server and
...@@ -251,37 +273,33 @@ show the discovered devices and you should be able to see the server device ...@@ -251,37 +273,33 @@ show the discovered devices and you should be able to see the server device
as 12345678-1234-1234-1234-123456789012 and in the details section, you as 12345678-1234-1234-1234-123456789012 and in the details section, you
should be able to see the /switch uri. click on Next. Now, browse to select should be able to see the /switch uri. click on Next. Now, browse to select
the PICS file which should be included in this example named the PICS file which should be included in this example named
PICS_server_OCF10_vprime.json then click on Next. From the Testing Profiles `PICS_server_OCF10_vprime.json` then click on Next. From the Testing Profiles
uncheck everything and check OCF 1.0 Server. Next, click on uncheck everything and check OCF 1.0 Server. Next, click on
Run All Test Cases button. Most likely, you will get a prompt saying Run All Test Cases button. Most likely, you will get a prompt saying
"Please initiate device to revert to "ready for OTM" state" and there are "Please initiate device to revert to "ready for OTM" state" and there are
2 options to click on; OK and Cancel because this sample is shipped in the 2 options to click on; OK and Cancel because this sample is shipped in the
"Ready for Normal Operation" state. In this case, kill the server with "Ready for Normal Operation" state. In this case, reset the server as explained
Ctrl+C and from the output directory where the server is running, copy the in the "Resetting the server app" section of this document. Then run the server
ocf_svr_db_server_RFOTM.dat from the project directory to the project output application. You might get this prompt again since the CTT does not un-onboard
directory and name it as ocf_svr_db_server.dat as shown in the following the device but now you know what to do!
command then re-run the server app then press OK on the prompt once the Also, you will be prompted to power cycle the device. In this case, you can
server is running again.
```
cp ~/iot/iotivity/examples/OCFSecure/ocf_svr_db_server_RFOTM.dat ocf_svr_db_server.dat
```
You might get this prompt again since the CTT does not un-onboard the device
but now you know what to do!
Also, you will be prompt to power cycle the device. In this case, you can
either kill the server app and restart it again or literally power cycle either kill the server app and restart it again or literally power cycle
your device and re-run the server app once your device is back up and your device and re-run the server app once your device is back up and
connected to the same network. connected to the same network.
Please note, you might see tests passing with warnings and CT1.7.8.11 test Please note, you might see tests passing with warnings and CT1.7.8.11 test
Case failing but that is OK. Case failing but that is OK. In order to know which tests are required for
certification, refer to the Certification Requirements Status List (CRST) that
is associated with the CTT version.
This device is tested using CTT version 2.1, which is associated with CRSL 4.3.
# Known issues # Known issues
1. Sometimes, the applications will not run because of not finding some library. 1. Sometimes, the applications will not run because of not finding some library.
In this case, you would need to export the LD_LIBRARY_PATH to the environment. In this case, you would need to export the `LD_LIBRARY_PATH` to the environment.
``` ```
export LD_LIBRARY_PATH=<output dir orwherever the library is> export LD_LIBRARY_PATH=<output dir orwherever the library is>
``` ```
Also, since you would need to run the server application in sudo mode, you Also, since you need to run the server application in privileged mode, you
would need to type this command would need to type this command
``` ```
$sudo ldconfig $sudo ldconfig
...@@ -298,66 +316,67 @@ and file a bug in JIRA and assign it to me (username: alshafi). ...@@ -298,66 +316,67 @@ and file a bug in JIRA and assign it to me (username: alshafi).
eventually. In the meantime, there will be multiple /switch links and only one eventually. In the meantime, there will be multiple /switch links and only one
of them works and the user will need to issues GET requests to all of them of them works and the user will need to issues GET requests to all of them
until the good one is found. The wrong /switch links will result in until the good one is found. The wrong /switch links will result in
Result: (255) - OC_STACK_ERROR. Result: (255) - `OC_STACK_ERROR`.
The correct /a/led link will result in Result: (0) - OC_STACK_OK The correct /a/led link will result in Result: (0) - `OC_STACK_OK`
# Example Directory # Example Directory
There are 16 files in the example directory. There are 16 files in the example directory.
* client.c * `client.c`
* This is the client program * This is the client program
* device_properties.dat * `device_properties.dat`
* This is a file storing the device properties in cbor format which is * This is a file storing the device properties in cbor format which is
generated automatically by the server application generated automatically by the server application
* ocf_svr_db_client.dat * `ocf_svr_db_client.dat`
* This is the cbor format of the secure virtual resource database, defined * This is the cbor format of the secure virtual resource database, defined
by the human-readable version ocf_svr_db_client.json file, and it is used by by the human-readable version `ocf_svr_db_client.json` file, and it is used by
the client application the client application
* ocf_svr_db_client.json * `ocf_svr_db_client.json`
* This is the human-readable version of ocf_svr_db_client.dat * This is the human-readable version of `ocf_svr_db_client.dat`.
* ocf_svr_db_server.dat * `ocf_svr_db_server.dat`
* This is the cbor format of the secure virtual resource database and it is * This is the cbor format of the secure virtual resource database and it is
an exact copy from the ocf_svr_db_server_RFNOP.dat which is the cbor version of an exact copy from the `ocf_svr_db_server_RFNOP.dat` which is the cbor version
the human-readable version ocf_svr_db_server_RFNOP.json file. This is the case of the human-readable version `ocf_svr_db_server_RFNOP.json` file. This is the
because the client application does not support the onboarding and provisioning case because the client application does not support the onboarding and
process currently and we need to set the state in the "Ready For Normal provisioning process currently and we need to set the state in the "Ready For
Operation" manually. Normal Operation" manually.
We also need to set the state in the "Ready For Ownership Method Transfer" We also need to set the state in the "Ready For Ownership Method Transfer"
when testing the application with the OCF Certification Test Tool (CTT). when testing the application with the OCF Certification Test Tool (CTT).
In this case, you would need to copy ocf_svr_db_server_RFOTM.dat into In this case, you would need to copy `ocf_svr_db_server_RFOTM.dat` into
ocf_svr_db_server.dat since that is the file that will be read by the server. `ocf_svr_db_server.dat` since that is the file that will be read by the server.
* ocf_svr_db_server_RFNOP.dat * `ocf_svr_db_server_RFNOP.dat`
* This is the cbor format of the secure virtual resource database, defined * This is the cbor format of the secure virtual resource database, defined
by the human-readable version ocf_svr_db_server_RFNOP.json file and it is *NOT* by the human-readable version `ocf_svr_db_server_RFNOP.json` file and it is
used by the server application. Rename it without the _RFNOP suffix to be read *NOT* used by the server application. Rename it without the _RFNOP suffix to be
by the server read by the server
* ocf_svr_db_server_RFNOP.json * `ocf_svr_db_server_RFNOP.json`
* This is the human-readable version of ocf_svr_db_server_RFNOP.dat * This is the human-readable version of `ocf_svr_db_server_RFNOP.dat`
* ocf_svr_db_server_RFOTM.dat * `ocf_svr_db_server_RFOTM.dat`
* This is the cbor format of the secure virtual resource database, defined * This is the cbor format of the secure virtual resource database, defined
by the human-readable version ocf_svr_db_server_RFOTM.json file and it is *NOT* by the human-readable version `ocf_svr_db_server_RFOTM.json` file and it is
used by the server application. Rename it without the _RFOTM suffix to be read *NOT* used by the server application. Rename it without the `_RFOTM` suffix to
by the server be read by the server
* ocf_svr_db_server_RFOTM.json * `ocf_svr_db_server_RFOTM.json`
* This is the human-readable version of ocf_svr_db_server_RFOTM.dat * This is the human-readable version of `ocf_svr_db_server_RFOTM.dat`
* PICS_server_OCF10_vprime.json * `PICS_server_OCF10_vprime.json`
* This is the file that was used as the input to the OCF Certification * This is the file that was used as the input to the OCF Certification
Test Tool. Test Tool.
* README.md * `README.md`
* This is this file :) * This is this file :)
* SConscript * `SConscript`
* This is the script that is being used by the scons tool to know how * This is the script that is being used by the scons tool to know how
to build the sample applications and what needs to be copied to the output to build the sample applications and what needs to be copied to the output
directory. directory.
* server.cpp * `server.cpp`
* This is the server program. * This is the server program.
* switch_introspection.dat * `switch_introspection.dat`
* This is the cbor format of the introspection file (also known as * This is the cbor format of the introspection file (also known as
Introspection Device Data IDD) the server needs to read to implement Introspection Device Data IDD) the server needs to read to implement
the introspection feature. the introspection feature.
* switch_introspection.json * `switch_introspection.json`
* This is the human-readable version of switch_introspection.dat file * This is the human-readable version of `switch_introspection.dat` file
which is also know as the "swagger" file. which is also know as the "swagger" file.
* utilities.c * `utilities.c`
* this is a supplementary program containing custom utility c functions * this is a supplementary program containing custom utility c functions
that help with reporting log messages mainly as of current. that help with reporting log messages mainly as of current.
This diff was suppressed by a .gitattributes entry.
...@@ -7,8 +7,7 @@ ...@@ -7,8 +7,7 @@
"resources": [ "resources": [
{ "href": "/oic/res" }, { "href": "/oic/res" },
{ "href": "/oic/d" }, { "href": "/oic/d" },
{ "href": "/oic/p" }, { "href": "/oic/p" }
{ "href": "/oic/sec/doxm" }
], ],
"permission": 2 "permission": 2
}, },
...@@ -18,11 +17,26 @@ ...@@ -18,11 +17,26 @@
"resources": [ "resources": [
{ "href": "/oic/res" }, { "href": "/oic/res" },
{ "href": "/oic/d" }, { "href": "/oic/d" },
{ "href": "/oic/p" }, { "href": "/oic/p" }
{ "href": "/oic/sec/doxm" }
], ],
"permission": 2 "permission": 2
}, },
{
"aceid": 3,
"subject": { "conntype": "anon-clear" },
"resources": [
{ "href": "/oic/sec/doxm" }
],
"permission": 14
},
{
"aceid": 4,
"subject": { "conntype": "auth-crypt" },
"resources": [
{ "href": "/oic/sec/doxm" }
],
"permission": 14
},
{ {
"aceid": 5, "aceid": 5,
"subject": {"conntype": "auth-crypt" }, "subject": {"conntype": "auth-crypt" },
...@@ -35,7 +49,7 @@ ...@@ -35,7 +49,7 @@
} }
], ],
"rowneruuid": "00000000-0000-0000-0000-000000000000", "rowneruuid": "00000000-0000-0000-0000-000000000000",
"rt": ["oic.r.acl"], "rt": ["oic.r.acl2"],
"if": ["oic.if.baseline"] "if": ["oic.if.baseline"]
}, },
"pstat": { "pstat": {
......
...@@ -121,9 +121,9 @@ OCStackResult SetPlatformInfo() ...@@ -121,9 +121,9 @@ OCStackResult SetPlatformInfo()
OCGetPropertyValue(PAYLOAD_TYPE_PLATFORM, OCGetPropertyValue(PAYLOAD_TYPE_PLATFORM,
OC_RSRVD_MFG_NAME, OC_RSRVD_MFG_NAME,
(void **) &mn); (void **) &mn);
OIC_LOG_V(INFO, TAG, "[%s] Set manufacture name successfully to %s", OIC_LOG_V(INFO, TAG, "[%s] Set manufacturer name successfully to %s",
__func__, __func__,
mn); mn);
} }
return OC_STACK_OK; return OC_STACK_OK;
...@@ -324,10 +324,8 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag, ...@@ -324,10 +324,8 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag,
__func__); __func__);
return OC_EH_ERROR; return OC_EH_ERROR;
} }
OIC_LOG_V(INFO, TAG, "[%s] Flags: 0x%x: %s", OIC_LOG_V(INFO, TAG, "[%s] Flags: 0x%x: %s", __func__, flag,
__func__, decode_oc_eh_flag(flag));
flag,
decode_oc_eh_flag(flag));
OCEntityHandlerResult eh_res = OC_EH_ERROR; OCEntityHandlerResult eh_res = OC_EH_ERROR;
...@@ -352,17 +350,16 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag, ...@@ -352,17 +350,16 @@ OCEntityHandlerCallBack(OCEntityHandlerFlag flag,
} }
else if (OC_REST_POST == requestMethod) else if (OC_REST_POST == requestMethod)
{ {
OIC_LOG_V(INFO, TAG, "[%s] Processing POST request", OIC_LOG_V(INFO, TAG, "[%s] Processing POST request", __func__);
__func__);
eh_res = ProcessPostRequest(ehRequest, &payload); eh_res = ProcessPostRequest(ehRequest, &payload);
} }
else else
{ {
OIC_LOG_V(INFO, TAG, "[%s] Received unsupported method (%d):" OIC_LOG_V(INFO, TAG, "[%s] Received unsupported method (%d):"
" %s", " %s",
__func__, __func__,
ehRequest->method, ehRequest->method,
decode_oc_method(ehRequest->method)); decode_oc_method(ehRequest->method));
eh_res = OC_EH_ERROR; eh_res = OC_EH_ERROR;
} }
...@@ -449,7 +446,7 @@ ServerFOpen(const char *path, ...@@ -449,7 +446,7 @@ ServerFOpen(const char *path,
__func__, __func__,
INTROSPECTION_FILE, INTROSPECTION_FILE,
mode); mode);
return fopen(INTROSPECTION_FILE, mode); return fopen(INTROSPECTION_FILE, mode);
} }
else else
{ {
...@@ -474,7 +471,7 @@ main(void) ...@@ -474,7 +471,7 @@ main(void)
GPIO = new mraa::Gpio(LED_PIN); GPIO = new mraa::Gpio(LED_PIN);
if (!GPIO) if (!GPIO)
{ {
OIC_LOG_V(ERROR, TAG, "Error instantiating gpio %d", LED_PIN); OIC_LOG_V(ERROR, TAG, "Error instantiating gpio %d", LED_PIN);
} }
GPIO->dir(mraa::DIR_OUT); GPIO->dir(mraa::DIR_OUT);
#endif #endif
...@@ -511,8 +508,8 @@ main(void) ...@@ -511,8 +508,8 @@ main(void)
stack_res = SetDeviceInfo(); stack_res = SetDeviceInfo();
if (stack_res != OC_STACK_OK) if (stack_res != OC_STACK_OK)
{ {
OIC_LOG_V(ERROR, TAG, "[%s] Device Registration failed\n", __func__); OIC_LOG_V(ERROR, TAG, "[%s] Device Registration failed\n", __func__);
return stack_res; return stack_res;
} }
else else
{ {
...@@ -528,8 +525,8 @@ main(void) ...@@ -528,8 +525,8 @@ main(void)
SWITCH.properties); SWITCH.properties);
if (stack_res != OC_STACK_OK) if (stack_res != OC_STACK_OK)
{ {
OIC_LOG_V(ERROR, TAG, "[%s] Failed to create resource\n", __func__); OIC_LOG_V(ERROR, TAG, "[%s] Failed to create resource\n", __func__);
return stack_res; return stack_res;
} }
else else
{ {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment