Commit ffc61f46 authored by Parkhi's avatar Parkhi Committed by Uze Choi

Update MOT Enable API and added some ESResult.

 - Security-layer support MOT enabled API. So updated MOT enabled API.
   Please check following changes.

   1. When the mediator finds an owned-secured resource that is MOT disabled,
      it can enable it according to whether it is the owner or the sub-owner.
   2. MOT related functions are separated.
   3. Changes in DB synchronized check logic have occurred as the above changes occur.

 - Added some ESResult(e.g. ES_MOT_NOT_SUPPORTED, ES_MOT_ENABLING_FAILURE)

Change-Id: I5af3bdfcfbdf6b62b50a07e2d6d699c96a7a2667
Signed-off-by: default avatarParkhi <h_w.park@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/17087Reviewed-by: default avatarJihun Ha <jihun.ha@samsung.com>
Reviewed-by: default avatarUze Choi <uzchoi@samsung.com>
Tested-by: default avatarUze Choi <uzchoi@samsung.com>
parent 05807641
......@@ -166,7 +166,7 @@ typedef enum
/**
* Security opertion is not supported because Mediator is built as unsecured mode.
*/
ES_SEC_OPERATION_IS_NOT_SUPPORTED = 20,
ES_SEC_OPERATION_IS_NOT_SUPPORTED,
/**
* Security resource discovery fails due to loss of discovery packet or absence of the resource in a network
......@@ -179,31 +179,22 @@ typedef enum
* E.g. Mediator's owned status is 'unowned'
* E.g. A user confirmation for random pin-based or certificate-based OT fails
*/
ES_OWNERSHIP_TRANSFER_FAILURE,
ES_OWNERSHIP_TRANSFER_FAILURE = 20,
/**
* ACL provisioning fails in cloud provisioning.
* It could be that UUID format of cloud server is wrong.
* Or any response for the provisioning request is not arrived at Mediator
*/
ES_ACL_PROVISIONING_FAILURE,
/**
* Cert. provisioning fails in cloud provisioning.
* It could be that you put a wrong cred ID of which the corresponding certificate does not exist in SVR DB.
* Or any response for the provisioning request is not arrived at Mediator
* Ownership transfer which is cert-based method fails due to user confirmation is denied.
*/
ES_CERT_PROVISIONING_FAILURE,
ES_USER_DENIED_CONFIRMATION_REQ,
/**
* MOT method selection is failed
* Ownership transfer which is cert-based method fails due to wrong certificate.
*/
ES_MOT_METHOD_SELECTION_FAILURE,
ES_AUTHENTICATION_FAILURE_WITH_WRONG_CERT,
/**
* A provisioning of Pre-configured pin number for MOT is failed
* Ownership transfer which is random-pin method fails due to wrong pin.
*/
ES_PRE_CONFIG_PIN_PROVISIONING_FAILURE,
ES_AUTHENTICATION_FAILURE_WITH_WRONG_PIN,
/**
* Ownership information is not synchronized between Mediator and Enrollee.
......@@ -217,23 +208,59 @@ typedef enum
ES_OWNERSHIP_IS_NOT_SYNCHRONIZED,
/**
* Ownership transfer which is cert-based method fails due to user confirmation is denied.
* MOT is not supported at the target Enrollee device.
*
* @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee.
* @note If the mediator gets this values, it means OT has been successfully done
* (or already took an ownership, before), but failed MOT configuration.
*/
ES_USER_DENIED_CONFIRMATION_REQ,
ES_MOT_NOT_SUPPORTED = 30,
/**
* Ownership transfer which is cert-based method fails due to wrong certificate.
* MOT enabling is failed.
*
* @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee.
* @note If the mediator gets this values, it means OT has been successfully done
* (or already took an ownership, before), but failed MOT configuration.
*/
ES_AUTHENTICATION_FAILURE_WITH_WRONG_CERT,
ES_MOT_ENABLING_FAILURE,
/**
* Ownership transfer which is random-pin method fails due to wrong pin.
* MOT method selection is failed
*
* @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee.
* @note If the mediator gets this values, it means OT has been successfully done
* (or already took an ownership, before), but failed MOT configuration.
*/
ES_AUTHENTICATION_FAILURE_WITH_WRONG_PIN,
ES_MOT_METHOD_SELECTION_FAILURE,
/**
* A provisioning of Pre-configured pin number for MOT is failed
*
* @note This ESResult values will be returned ONLY IF a mediator is a first owner to an Enrollee.
* @note If the mediator gets this values, it means OT has been successfully done
* (or already took an ownership, before), but failed MOT configuration.
*/
ES_PRE_CONFIG_PIN_PROVISIONING_FAILURE,
/**
* ACL provisioning fails in cloud provisioning.
* It could be that UUID format of cloud server is wrong.
* Or any response for the provisioning request is not arrived at Mediator
*/
ES_ACL_PROVISIONING_FAILURE = 40,
/**
* Cert. provisioning fails in cloud provisioning.
* It could be that you put a wrong cred ID of which the corresponding certificate does not exist in SVR DB.
* Or any response for the provisioning request is not arrived at Mediator
*/
ES_CERT_PROVISIONING_FAILURE,
/**
* Provisioning fails for some reason.
*/
ES_ERROR = 255
} ESResult;
......
......@@ -255,6 +255,26 @@ namespace OIC
return ret;
}
void EnrolleeSecurity::changeMOTMethodCB(PMResultList_t *result, int hasError)
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "changeMOTMethodCB IN");
if (hasError)
{
OIC_LOG_V(ERROR, ENROLEE_SECURITY_TAG,
"requestEnableMOTMode API is failed with error %d", hasError);
enableMOTModeResult = false;
}
else
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "requestEnableMOTMode API is succeeded");
enableMOTModeResult = true;
}
delete result;
m_cond.notify_all();
}
void EnrolleeSecurity::SelectMOTMethodCB(PMResultList_t *result, int hasError)
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "SelectMOTMethodCB IN");
......@@ -332,7 +352,7 @@ namespace OIC
}
}
ESResult EnrolleeSecurity::RequestSetPreconfPinData(const ESOwnershipTransferData ownershipTransferData)
ESResult EnrolleeSecurity::RequestSetPreconfPinData(const ESOwnershipTransferData& MOTData)
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData IN");
......@@ -345,7 +365,7 @@ namespace OIC
this, std::placeholders::_1, std::placeholders::_2)),
shared_from_this());
std::string pin = ownershipTransferData.getPreConfiguredPin();
std::string pin = MOTData.getPreConfiguredPin();
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "provisionPreconfPin is called.");
if(OC_STACK_OK != m_securedResource->provisionPreconfPin(
......@@ -369,13 +389,12 @@ namespace OIC
return ESResult::ES_OK;
}
ESResult EnrolleeSecurity::RequestSetMOTMethod(const ESOwnershipTransferData ownershipTransferData)
ESResult EnrolleeSecurity::RequestSetMOTMethod(const ESOwnershipTransferData& MOTData)
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod IN");
ESResult res = ESResult::ES_ERROR;
OC::ResultCallBack selectMOTMethodCB = std::bind(
&EnrolleeSecurity::onEnrolleeSecuritySafetyCB,
std::placeholders::_1, std::placeholders::_2,
......@@ -385,7 +404,7 @@ namespace OIC
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG, "selectMOTMethod is called.");
if(OC_STACK_OK != m_securedResource->selectMOTMethod(
ownershipTransferData.getMOTMethod(),
MOTData.getMOTMethod(),
selectMOTMethodCB))
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "selectMOTMethod API error");
......@@ -405,6 +424,76 @@ namespace OIC
return ESResult::ES_OK;
}
ESResult EnrolleeSecurity::requestEnableMOTMode()
{
ESResult res = ESResult:: ES_ERROR;
OC::ResultCallBack changeMOTMethodCB = std::bind(
&EnrolleeSecurity::onEnrolleeSecuritySafetyCB,
std::placeholders::_1, std::placeholders::_2,
static_cast<ESSecurityCb>(std::bind(&EnrolleeSecurity::changeMOTMethodCB,
this, std::placeholders::_1, std::placeholders::_2)),
shared_from_this());
if(OC_STACK_OK !=
m_securedResource->changeMOTMode(OIC_MULTIPLE_OWNER_ENABLE, changeMOTMethodCB))
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "changeMOTMode is failed.");
return ESResult:: ES_MOT_ENABLING_FAILURE;
}
std::unique_lock<std::mutex> lck(m_mtx);
m_cond.wait(lck);
if(!enableMOTModeResult)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "requestEnableMOTMode is failed.");
res = ESResult:: ES_MOT_ENABLING_FAILURE;
return res;
}
return ESResult::ES_OK;
}
ESResult EnrolleeSecurity::provisionMOTConfig(const ESOwnershipTransferData& MOTData)
{
ESResult res = ESResult:: ES_ERROR;
if(!m_securedResource->isMOTEnabled())
{
res = requestEnableMOTMode();
if(res != ESResult::ES_OK)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "requestEnableMOTMode is failed.");
return res;
}
}
if( OIC_PRECONFIG_PIN == MOTData.getMOTMethod() &&
!MOTData.getPreConfiguredPin().empty())
{
res = RequestSetPreconfPinData(MOTData);
if(res != ESResult::ES_OK)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData is failed.");
return res;
}
}
if(OIC_PRECONFIG_PIN == MOTData.getMOTMethod() ||
OIC_RANDOM_DEVICE_PIN == MOTData.getMOTMethod())
{
res = RequestSetMOTMethod(MOTData);
if(res != ESResult::ES_OK)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod is failed.");
return res;
}
}
return res;
}
#endif
void EnrolleeSecurity::ownershipTransferCb(OC::PMResultList_t *result, int hasError
......@@ -690,29 +779,81 @@ namespace OIC
if(m_securedResource->getOwnedStatus())
{
if(isOwnedDeviceRegisteredInDB())
{
#ifdef MULTIPLE_OWNER
if(isOwnedDeviceRegisteredInDB() &&
(isOwnerIDMatched(m_securedResource) ||
isSubOwnerIDMatched(m_securedResource)))
#else
if(isOwnedDeviceRegisteredInDB() &&
isOwnerIDMatched(m_securedResource))
#endif
if(isSubOwnerIDMatched(m_securedResource))
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is already owned by Mediator.(SUCCESS)");
res = ESResult::ES_OK;
return res;
}
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is already owned by Mediator.(SUCCESS)");
res = ESResult::ES_OK;
if(isOwnerIDMatched(m_securedResource))
{
if((OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() ||
OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod()))
{
if(m_securedResource->isMOTSupported())
{
res = provisionMOTConfig(ownershipTransferData);
if(res != ES_OK)
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"provisionMOTConfig is failed.");
return res;
}
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is already owned by Mediator and enabled MOT mode.");
return res;
}
else
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is not supported MOT");
return ESResult:: ES_MOT_NOT_SUPPORTED;
}
}
else
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is already owned by Mediator.(SUCCESS)");
res = ESResult::ES_OK;
return res;
}
}
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG,
"An ownership transfer knowledge is not synchronized"
"between mediator and found enrollee.(FAILED)");
res = ESResult::ES_OWNERSHIP_IS_NOT_SYNCHRONIZED;
return res;
#else
if(isOwnerIDMatched(m_securedResource))
{
OIC_LOG(DEBUG, ENROLEE_SECURITY_TAG,
"The found device is already owned by Mediator.(SUCCESS)");
res = ESResult::ES_OK;
return res;
}
else
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG,
"An ownership transfer knowledge is not synchronized"
"between mediator and found enrollee.(FAILED)");
res = ESResult::ES_OWNERSHIP_IS_NOT_SYNCHRONIZED;
return res;
}
#endif
}
#ifdef MULTIPLE_OWNER
else if( !isOwnedDeviceRegisteredInDB() &&
!isOwnerIDMatched(m_securedResource) &&
!isSubOwnerIDMatched(m_securedResource) &&
m_securedResource->isMOTSupported() &&
m_securedResource->isMOTEnabled() &&
OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() &&
!ownershipTransferData.getPreConfiguredPin().empty())
(OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() ||
OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod()))
{
// MOT case;
res = performMultipleOwnershipTransfer(ownershipTransferData);
......@@ -766,32 +907,11 @@ namespace OIC
return res;
}
#ifdef MULTIPLE_OWNER
if( m_securedResource->isMOTSupported() &&
m_securedResource->isMOTEnabled() &&
OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() &&
!ownershipTransferData.getPreConfiguredPin().empty())
if( m_securedResource->isMOTSupported())
{
res = RequestSetPreconfPinData(ownershipTransferData);
if(res != ESResult::ES_OK)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetPreconfPinData is failed.");
return res;
}
}
if( m_securedResource->isMOTSupported() &&
m_securedResource->isMOTEnabled() &&
(OIC_PRECONFIG_PIN == ownershipTransferData.getMOTMethod() ||
OIC_RANDOM_DEVICE_PIN == ownershipTransferData.getMOTMethod()))
{
res = RequestSetMOTMethod(ownershipTransferData);
if(res != ESResult::ES_OK)
{
OIC_LOG(ERROR, ENROLEE_SECURITY_TAG, "RequestSetMOTMethod is failed.");
return res;
}
res = provisionMOTConfig(ownershipTransferData);
}
return res;
#endif
}
}
......
......@@ -65,6 +65,7 @@ namespace OIC
std::mutex m_mtx;
std::condition_variable m_cond;
std::atomic<bool> OTMResult;
std::atomic<bool> enableMOTModeResult;
std::atomic<bool> MOTMethodProvResult;
std::atomic<bool> PreConfigPinProvResult;
std::atomic<bool> removeDeviceResult;
......@@ -88,12 +89,16 @@ namespace OIC
ESResult syncUpWithMediatorDB();
#ifdef MULTIPLE_OWNER
ESResult performMultipleOwnershipTransfer(const ESOwnershipTransferData& MOTdata);
void changeMOTMethodCB(PMResultList_t *result, int hasError);
void SelectMOTMethodCB(PMResultList_t *result, int hasError);
void PreconfigPinProvCB(PMResultList_t *result, int hasError);
void MultipleOwnershipTransferCb(OC::PMResultList_t *result, int hasError);
bool isSubOwnerIDMatched(std::shared_ptr< OC::OCSecureResource > foundDevice);
ESResult RequestSetPreconfPinData(const ESOwnershipTransferData ownershipTransferData);
ESResult RequestSetMOTMethod(const ESOwnershipTransferData ownershipTransferData);
ESResult RequestSetPreconfPinData(const ESOwnershipTransferData& MOTData);
ESResult RequestSetMOTMethod(const ESOwnershipTransferData& MOTData);
ESResult requestEnableMOTMode();
ESResult provisionMOTConfig(const ESOwnershipTransferData& MOTData);
#endif
void ownershipTransferCb(OC::PMResultList_t *result, int hasError, ESResult& res);
void convertUUIDToString(const uint8_t uuid[UUID_SIZE],
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment