diff options
author | Veeraj Khokale <veeraj.sk@samsung.com> | 2017-05-23 13:31:01 +0900 |
---|---|---|
committer | Uze Choi <uzchoi@samsung.com> | 2017-05-23 08:21:20 +0000 |
commit | ee04f3578456bd3a871da64e4989eb7ce082ab5e (patch) | |
tree | 4501e76a31e9bb1daebfbaed57ad717ef8042430 | |
parent | 5c330be91e6dba3c014d7ea327eaa2a996d3b8fa (diff) | |
download | iotivity-ee04f3578456bd3a871da64e4989eb7ce082ab5e.tar.gz iotivity-ee04f3578456bd3a871da64e4989eb7ce082ab5e.tar.bz2 iotivity-ee04f3578456bd3a871da64e4989eb7ce082ab5e.zip |
[IOT-2322][CHP][SampleApp] Coap http proxy is not working in secured mode
1. Update dat files for proxy samples to be same as linux
secure samples.
2. Modify logic to form server address according to linux
secure samples while initiating proxy request.
3. Since request URI is NULL for proxy request check this
condition before asserting role certificates in OCDoRequest().
This also removes the need for NULL check of request info
resource uri.
Change-Id: I20003ac7c7781666bbd4aa8955c4cc18b5a3262f
Signed-off-by: Veeraj Khokale <veeraj.sk@samsung.com>
Signed-off-by: uzchoi <uzchoi@samsung.com>
Signed-off-by: Jihun Ha <jihun.ha@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/20257
Reviewed-by: Phil Coval <philippe.coval@osg.samsung.com>
-rwxr-xr-x[-rw-r--r--] | resource/csdk/stack/src/ocstack.c | 27 | ||||
-rw-r--r-- | service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat | bin | 1112 -> 925 bytes | |||
-rw-r--r-- | service/coap-http-proxy/samples/oic_svr_db_client_devowner.json | 155 | ||||
-rw-r--r-- | service/coap-http-proxy/samples/oic_svr_db_server.dat | bin | 1676 -> 1732 bytes | |||
-rw-r--r-- | service/coap-http-proxy/samples/oic_svr_db_server.json | 178 | ||||
-rw-r--r-- | service/coap-http-proxy/samples/proxy_client.c | 16 |
6 files changed, 189 insertions, 187 deletions
diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c index fcc2c0423..6ec0c37e8 100644..100755 --- a/resource/csdk/stack/src/ocstack.c +++ b/resource/csdk/stack/src/ocstack.c @@ -3288,6 +3288,7 @@ OCStackResult OCDoRequest(OCDoHandle *handle, OCDevAddr *devAddr = NULL; char *resourceUri = NULL; char *resourceType = NULL; + bool isProxyRequest = false; /* * Support original behavior with address on resourceUri argument. @@ -3305,10 +3306,14 @@ OCStackResult OCDoRequest(OCDoHandle *handle, goto exit; } } - else if (!checkProxyUri(options, numOptions)) + else { - OIC_LOG(ERROR, TAG, "Request doesn't contain RequestURI/Proxy URI"); - goto exit; + isProxyRequest = checkProxyUri(options, numOptions); + if (!isProxyRequest) + { + OIC_LOG(ERROR, TAG, "Request doesn't contain RequestURI/Proxy URI"); + goto exit; + } } switch (method) @@ -3612,11 +3617,11 @@ OCStackResult OCDoRequest(OCDoHandle *handle, #if defined(__WITH_DTLS__) || defined(__WITH_TLS__) /* Check whether we should assert role certificates before making this request. */ - if ((endpoint.flags & CA_SECURE) && (NULL != requestInfo.info.resourceUri) && - (strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0) && - (strcmp(requestInfo.info.resourceUri, OIC_RSRC_DOXM_URI) != 0) && + if ((endpoint.flags & CA_SECURE) && (isProxyRequest || + ((strcmp(requestInfo.info.resourceUri, OIC_RSRC_ROLES_URI) != 0) && + (strcmp(requestInfo.info.resourceUri, OIC_RSRC_DOXM_URI) != 0)) && ((CT_ADAPTER_TCP == connectivityType) && - strcmp(requestInfo.info.resourceUri, OC_RSRVD_KEEPALIVE_URI) != 0)) + strcmp(requestInfo.info.resourceUri, OC_RSRVD_KEEPALIVE_URI) != 0))) { CASecureEndpoint_t sep; CAResult_t caRes = CAGetSecureEndpointData(&endpoint, &sep); @@ -3629,8 +3634,12 @@ OCStackResult OCDoRequest(OCDoHandle *handle, * it fails, that's OK, roles will get asserted "automatically" when PSK * credentials are used. */ - OIC_LOG_V(DEBUG, TAG, "%s: going to try to assert roles before doing request to %s ", - __func__, requestInfo.info.resourceUri); + if (!isProxyRequest) + { + OIC_LOG_V(DEBUG, TAG, "%s: going to try to assert roles before doing request to %s ", + __func__, requestInfo.info.resourceUri); + } + OCDevAddr da; CopyEndpointToDevAddr(&endpoint, &da); OCStackResult assertResult = OCAssertRoles((void*)ASSERT_ROLES_CTX, &da, diff --git a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat Binary files differindex 184e10f95..dbe0f6f59 100644 --- a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat +++ b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.dat diff --git a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json index a5e4772d4..3f6c2be6e 100644 --- a/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json +++ b/service/coap-http-proxy/samples/oic_svr_db_client_devowner.json @@ -1,90 +1,65 @@ -{
- "acl": {
- "aclist": {
- "aces": [
- {
- "subjectuuid": "*",
- "resources": [
- {
- "href": "/oic/res",
- "rel": "",
- "rt": ["oic.wk.res"],
- "if": ["oic.if.ll"]
- },
- {
- "href": "/oic/d",
- "rel": "",
- "rt": ["oic.wk.d"],
- "if": ["oic.if.baseline", "oic.if.r"]
- },
- {
- "href": "/oic/p",
- "rel": "",
- "rt": ["oic.wk.p"],
- "if": ["oic.if.baseline", "oic.if.r"]
- },
- {
- "href": "/oic/sec/acl",
- "rel": "",
- "rt": ["oic.r.acl"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 2
- },
- {
- "subjectuuid": "*",
- "resources": [
- {
- "href": "/oic/sec/doxm",
- "rel": "",
- "rt": ["oic.r.doxm"],
- "if": ["oic.if.baseline"]
- },
- {
- "href": "/oic/sec/pstat",
- "rel": "",
- "rt": ["oic.r.pstat"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 2
- }
- ]
- },
- "rowneruuid" : "32323232-3232-3232-3232-323232323232"
- },
- "pstat": {
- "dos": {"s": 3, "p": false},
- "isop": true,
- "deviceuuid": "32323232-3232-3232-3232-323232323232",
- "rowneruuid": "32323232-3232-3232-3232-323232323232",
- "cm": 0,
- "tm": 0,
- "om": 4,
- "sm": 4
- },
- "doxm": {
- "oxms": [0],
- "oxmsel": 0,
- "sct": 1,
- "owned": true,
- "deviceuuid": "32323232-3232-3232-3232-323232323232",
- "devowneruuid": "32323232-3232-3232-3232-323232323232",
- "rowneruuid": "32323232-3232-3232-3232-323232323232"
- },
- "cred": {
- "creds": [
- {
- "credid": 1,
- "subjectuuid": "31313131-3131-3131-3131-313131313131",
- "credtype": 1,
- "privatedata": {
- "data": "AAAAAAAAAAAAAAAA",
- "encoding": "oic.sec.encoding.raw"
- }
- }
- ],
- "rowneruuid": "32323232-3232-3232-3232-323232323232"
- }
-}
+{ + "acl": { + "aclist2": [ + { + "aceid": 1, + "subject": { + "conntype": "anon-clear" + }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + }, + { + "aceid": 2, + "subject": { + "conntype": "auth-crypt" + }, + "resources": [ + { "href": "/oic/res" }, + { "href": "/oic/d" }, + { "href": "/oic/p" }, + { "href": "/oic/sec/doxm" } + ], + "permission": 2 + } + ], + "rowneruuid" : "32323232-3232-3232-3232-323232323232" + }, + "pstat": { + "dos": {"s": 3, "p": false}, + "isop": true, + "rowneruuid": "32323232-3232-3232-3232-323232323232", + "cm": 0, + "tm": 0, + "om": 4, + "sm": 4 + }, + "doxm": { + "oxms": [0], + "oxmsel": 0, + "sct": 1, + "owned": true, + "deviceuuid": "32323232-3232-3232-3232-323232323232", + "devowneruuid": "32323232-3232-3232-3232-323232323232", + "rowneruuid": "32323232-3232-3232-3232-323232323232" + }, + "cred": { + "creds": [ + { + "credid": 1, + "subjectuuid": "31313131-3131-3131-3131-313131313131", + "credtype": 1, + "privatedata": { + "data": "AAAAAAAAAAAAAAAA", + "encoding": "oic.sec.encoding.raw" + } + } + ], + "rowneruuid": "32323232-3232-3232-3232-323232323232" + } +} diff --git a/service/coap-http-proxy/samples/oic_svr_db_server.dat b/service/coap-http-proxy/samples/oic_svr_db_server.dat Binary files differindex ad154f7db..7b8e67607 100644 --- a/service/coap-http-proxy/samples/oic_svr_db_server.dat +++ b/service/coap-http-proxy/samples/oic_svr_db_server.dat diff --git a/service/coap-http-proxy/samples/oic_svr_db_server.json b/service/coap-http-proxy/samples/oic_svr_db_server.json index c985873c1..bef7858e9 100644 --- a/service/coap-http-proxy/samples/oic_svr_db_server.json +++ b/service/coap-http-proxy/samples/oic_svr_db_server.json @@ -1,99 +1,107 @@ {
"acl": {
- "aclist": {
- "aces": [
- {
- "subjectuuid": "*",
- "resources": [
- {
- "href": "/oic/res",
- "rel": "",
- "rt": ["oic.wk.res"],
- "if": ["oic.if.ll"]
- },
- {
- "href": "/oic/d",
- "rel": "",
- "rt": ["oic.wk.d"],
- "if": ["oic.if.baseline", "oic.if.r"]
- },
- {
- "href": "/oic/p",
- "rel": "",
- "rt": ["oic.wk.p"],
- "if": ["oic.if.baseline", "oic.if.r"]
- },
- {
- "href": "/oic/sec/acl",
- "rel": "",
- "rt": ["oic.r.acl"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 2
+ "aclist2": [
+ {
+ "aceid": 1,
+ "subject": {
+ "conntype": "anon-clear"
},
- {
- "subjectuuid": "*",
- "resources": [
- {
- "href": "/oic/sec/doxm",
- "rel": "",
- "rt": ["oic.r.doxm"],
- "if": ["oic.if.baseline"]
- },
- {
- "href": "/oic/sec/pstat",
- "rel": "",
- "rt": ["oic.r.pstat"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 2
+ "resources": [
+ {
+ "href": "/oic/res",
+ "rel": "",
+ "rt": ["oic.wk.res"],
+ "if": ["oic.if.ll"]
+ },{
+ "href": "/oic/d",
+ "rel": "",
+ "rt": ["oic.wk.d"],
+ "if": ["oic.if.baseline", "oic.if.r"]
+ },{
+ "href": "/oic/p",
+ "rel": "",
+ "rt": ["oic.wk.p"],
+ "if": ["oic.if.baseline", "oic.if.r"]
+ }
+ ],
+ "permission": 2
+ },
+ {
+ "aceid": 2,
+ "subject": {
+ "conntype": "auth-crypt"
},
- {
- "subjectuuid": "32323232-3232-3232-3232-323232323232",
- "resources": [
- {
- "href": "*",
- "rel": "",
- "rt": ["*"],
- "if": ["*"]
- }
- ],
- "permission": 7
+ "resources": [
+ {
+ "href": "/oic/res",
+ "rel": "",
+ "rt": ["oic.wk.res"],
+ "if": ["oic.if.ll"]
+ },{
+ "href": "/oic/d",
+ "rel": "",
+ "rt": ["oic.wk.d"],
+ "if": ["oic.if.baseline", "oic.if.r"]
+ },{
+ "href": "/oic/p",
+ "rel": "",
+ "rt": ["oic.wk.p"],
+ "if": ["oic.if.baseline", "oic.if.r"]
+ }
+ ],
+ "permission": 2
+ },
+ {
+ "aceid": 3,
+ "subject": {
+ "uuid": "32323232-3232-3232-3232-323232323232"
},
- {
- "subjectuuid": "31393139-3139-3139-3139-313931393139",
- "resources": [
- {
- "href": "/a/led",
- "rel": "",
- "rt": ["oic.core"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 7
+ "resources": [
+ {
+ "href": "*",
+ "rel": "",
+ "rt": ["*"],
+ "if": ["*"]
+ }
+ ],
+ "permission": 7
+ },
+ {
+ "aceid": 4,
+ "subject": {
+ "uuid": "31393139-3139-3139-3139-313931393139"
},
- {
- "subjectuuid": "37373737-3737-3737-3737-373737373737",
- "resources": [
- {
- "href": "/a/led",
- "rel": "",
- "rt": ["oic.core"],
- "if": ["oic.if.baseline"]
- }
- ],
- "permission": 6
- }
- ]
- },
+ "resources": [
+ {
+ "href": "/a/led",
+ "rel": "",
+ "rt": ["oic.core"],
+ "if": ["oic.if.baseline"]
+ }
+ ],
+ "permission": 7
+ },
+ {
+ "aceid": 5,
+ "subject": {
+ "uuid": "37373737-3737-3737-3737-373737373737"
+ },
+ "resources": [
+ {
+ "href": "/a/led",
+ "rel": "",
+ "rt": ["oic.core"],
+ "if": ["oic.if.baseline"]
+ }
+ ],
+ "permission": 6
+ }
+ ],
"rowneruuid" : "31313131-3131-3131-3131-313131313131"
},
"pstat": {
"dos": {"s": 3, "p": false},
"isop": true,
- "deviceuuid": "31313131-3131-3131-3131-313131313131",
"rowneruuid": "31313131-3131-3131-3131-313131313131",
"cm": 0,
"tm": 0,
diff --git a/service/coap-http-proxy/samples/proxy_client.c b/service/coap-http-proxy/samples/proxy_client.c index e876ced70..ad3156bab 100644 --- a/service/coap-http-proxy/samples/proxy_client.c +++ b/service/coap-http-proxy/samples/proxy_client.c @@ -284,10 +284,20 @@ OCStackApplicationResult discoveryReqCB(void* ctx, OCDoHandle handle, return OC_STACK_KEEP_TRANSACTION; } - if (resource->secure) + OCEndpointPayload* eps = resource->eps; + while (NULL != eps) { - serverAddr.flags |= OC_SECURE; - serverAddr.port = resource->port; + if (eps->family & OC_FLAG_SECURE) + { + if (0 == strcmp(eps->tps, "coaps")) + { + strncpy(serverAddr.addr, eps->addr, sizeof(serverAddr.addr)); + serverAddr.port = eps->port; + serverAddr.flags = (OCTransportFlags)(eps->family | OC_SECURE); + serverAddr.adapter = OC_ADAPTER_IP; + } + } + eps = eps->next; } switch (testCase) |