Merge pull request #9 from openconnectivity/develop

Merge develop into master

build/debian/control

@@ -1,5 +1,5 @@
 Package: OTGC
-Version: 2.0.7
+Version: 2.0.8
 Section: custom
 Priority: optional
 Architecture: amd64

build/debian/otgc_native.sh

@@ -11,7 +11,7 @@
 
 # Constants
 PROJECT_NAME="otgc"
-VERSION="2.0.7"
+VERSION="2.0.8"
 
 program=$0
 

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>otgc</groupId>
     <artifactId>otgc</artifactId>
-    <version>2.0.7</version>
+    <version>2.0.8</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

src/main/java/org/openconnectivity/otgc/data/repository/IORepository.java

@@ -91,6 +91,18 @@ public Single<X509Certificate> getFileAsX509Certificate(String path) {
         });
     }
 
+    public Single<byte[]> getBytesFromFile(String path) {
+        return Single.fromCallable(() -> {
+            byte[] fileBytes;
+            try (InputStream inputStream = new FileInputStream(OtgcConstant.DATA_PATH + path)) {
+                fileBytes = new byte[inputStream.available()];
+                inputStream.read(fileBytes);
+            }
+
+            return fileBytes;
+        });
+    }
+
     public Single<CBORObject> getAssetSvrAsCbor(String resource, long device) {
         return Single.create(emitter -> {
             try (FileInputStream stream = new FileInputStream(OtgcConstant.OTGC_CREDS_DIR + File.separator + resource + "_" + device)) {

src/main/java/org/openconnectivity/otgc/data/repository/IotivityRepository.java

@@ -101,6 +101,7 @@ public Completable initOICStack() {
             byte[] introspectionData = Files.readAllBytes(introspectionFile.toPath());
             OCIntrospection.setIntrospectionData(0 /* First device */, introspectionData);
             OCBufferSettings.setMaxAppDataSize(16384); // 16 KB
+            OCMain.setConResAnnounced(false);   // Disable /oc/con resource
 
             int ret = OCMain.mainInit(new OCMainInitHandler() {
                 @Override

src/main/java/org/openconnectivity/otgc/domain/usecase/InitOicStackUseCase.java

@@ -20,10 +20,6 @@
 package org.openconnectivity.otgc.domain.usecase;
 
 import io.reactivex.Completable;
-import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.sec.ECPrivateKey;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.iotivity.OCFactoryPresetsHandler;
 import org.iotivity.OCObt;
 import org.iotivity.OCPki;
@@ -32,24 +28,18 @@
 import org.openconnectivity.otgc.utils.constant.OtgcMode;
 
 import javax.inject.Inject;
-import java.security.*;
-import java.security.cert.X509Certificate;
-import java.security.spec.ECGenParameterSpec;
 
 public class InitOicStackUseCase {
 
     private final IotivityRepository iotivityRepository;
-    private final CertRepository certRepository;
     private final IORepository ioRepository;
     private final SettingRepository settingRepository;
 
     @Inject
     public InitOicStackUseCase(IotivityRepository iotivityRepository,
-                               CertRepository certRepository,
                                IORepository ioRepository,
                                SettingRepository settingRepository) {
         this.iotivityRepository = iotivityRepository;
-        this.certRepository = certRepository;
         this.ioRepository = ioRepository;
         this.settingRepository = settingRepository;
     }
@@ -79,38 +69,29 @@ public Completable execute() {
         }
     });
     private void factoryResetHandler(long device) throws Exception {
-        String uuid = iotivityRepository.getDeviceId().blockingGet();
+        /* my cert */
+        byte[] eeCertificate = ioRepository.getBytesFromFile(OtgcConstant.KYRIO_EE_CERTIFICATE).blockingGet();
 
-        // Store root CA as trusted anchor
-        X509Certificate caCertificate = ioRepository.getAssetAsX509Certificate(OtgcConstant.ROOT_CERTIFICATE).blockingGet();
-        PrivateKey caPrivateKey = ioRepository.getAssetAsPrivateKey(OtgcConstant.ROOT_PRIVATE_KEY).blockingGet();
+        /* private key of my cert */
+        byte[] eeKey = ioRepository.getBytesFromFile(OtgcConstant.KYRIO_EE_KEY).blockingGet();
 
-        String strCACertificate = certRepository.x509CertificateToPemString(caCertificate).blockingGet();
-        if (OCPki.addTrustAnchor(device, strCACertificate.getBytes()) == -1) {
-            throw new Exception("Add trust anchor error");
+        /* intermediate cert */
+        byte[] subcaCertificate = ioRepository.getBytesFromFile(OtgcConstant.KYRIO_SUBCA_CERTIFICATE).blockingGet();
+
+        /* root cert */
+        byte[] rootcaCertificate = ioRepository.getBytesFromFile(OtgcConstant.KYRIO_ROOT_CERTIFICATE).blockingGet();
+
+        int credid = OCPki.addMfgCert(device, eeCertificate, eeKey);
+        if (credid == -1) {
+            throw new Exception("Add identity certificate error");
         }
-        if (OCPki.addMfgTrustAnchor(device, strCACertificate.getBytes()) == -1) {
-            throw new Exception("Add manufacturer trust anchor error");
+
+        if (OCPki.addMfgIntermediateCert(device, credid, subcaCertificate) == -1) {
+            throw new Exception("Add intermediate certificate error");
         }
 
-        // public/private key pair that we are creating certificate for
-        ECGenParameterSpec ecParamSpec = new ECGenParameterSpec("secp256r1");
-        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
-        keyPairGenerator.initialize(ecParamSpec);
-        KeyPair keyPair = keyPairGenerator.generateKeyPair();
-
-        // Public key
-        PublicKey publicKey = keyPair.getPublic();
-        // PrivateKey
-        ASN1Sequence pkSeq = (ASN1Sequence)ASN1Sequence.fromByteArray(keyPair.getPrivate().getEncoded());
-        PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(pkSeq);
-        ECPrivateKey privateKey = ECPrivateKey.getInstance(pkInfo.parsePrivateKey());
-        String strPrivateKey = certRepository.privateKeyToPemString(privateKey).blockingGet();
-
-        X509Certificate identityCertificate = certRepository.generateIdentityCertificate(uuid, publicKey, caPrivateKey).blockingGet();
-        String strIdentityCertificate = certRepository.x509CertificateToPemString(identityCertificate).blockingGet();
-        if (OCPki.addMfgCert(device, strIdentityCertificate.getBytes(), strPrivateKey.getBytes()) == -1) {
-            throw  new Exception("Add identity certificate error");
+        if (OCPki.addMfgTrustAnchor(device, rootcaCertificate) == -1) {
+            throw new Exception("Add root certificate error");
         }
 
         OCObt.shutdown();

src/main/java/org/openconnectivity/otgc/utils/constant/OtgcConstant.java

@@ -30,19 +30,17 @@ private OtgcConstant() {
     }
 
     // Data resource path
-    private static final String DATA_PATH = "." + File.separator + "data" + File.separator;
+    public static final String DATA_PATH = "." + File.separator + "data" + File.separator;
 
     // Credential directory
     public static final String OTGC_CREDS_DIR = DATA_PATH + "otgc_creds";
 
      // File databases for IoTivity
-    public static final String OIC_CLIENT_JSON_DB_FILE = DATA_PATH + "oic_svr_db_client.json";
-    public static final String OIC_CLIENT_CBOR_DB_FILE = DATA_PATH + "oic_svr_db_client.dat";
     public static final String INTROSPECTION_CBOR_FILE = DATA_PATH + "introspection.dat";
-    public static final String OIC_SQL_DB_FILE = "Pdm.db";
 
-    // Root certificate and keypair
-    public static String ROOT_CERTIFICATE = "root.crt";
-    public static String ROOT_PRIVATE_KEY = "root.prv";
-    public static String ROOT_PUBLIC_KEY = "root.pub";
+    /* Kyrio certificate chain */
+    public static String KYRIO_ROOT_CERTIFICATE = "kyrio-root-cert.pem";
+    public static String KYRIO_SUBCA_CERTIFICATE = "kyrio-subca-cert.pem";
+    public static String KYRIO_EE_CERTIFICATE = "kyrio-ee-cert.pem";
+    public static String KYRIO_EE_KEY = "kyrio-ee-key.pem";
 }

src/main/resources/data/kyrio-ee-cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEzCCA7mgAwIBAgIJAI0K+3tTskzXMAoGCCqGSM49BAMCMFsxDDAKBgNVBAoM
+A09DRjEiMCAGA1UECwwZS3lyaW8gVGVzdCBJbmZyYXN0cnVjdHVyZTEnMCUGA1UE
+AwweS3lyaW8gVEVTVCBJbnRlcm1lZGlhdGUgQ0EwMDAyMB4XDTE5MDkyMzA5MjUx
+OFoXDTE5MTAyMzA5MjUxOFowYTEMMAoGA1UECgwDT0NGMSIwIAYDVQQLDBlLeXJp
+byBUZXN0IEluZnJhc3RydWN0dXJlMS0wKwYDVQQDDCQxZTFiZWJmYi04ZjAzLTQ3
+ODUtNWZhNy0xYjcwNGU2NTQzNjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQj
+V7MJwkO4J4PWR4KgbVHrFHSQipHMRNu704OPmnAQQ3tnEhjnYxn0TODDvN8YekE5
+voDDOX98mYpxhPa5hz52o4ICXjCCAlowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
+A4gwKQYDVR0lBCIwIAYIKwYBBQUHAwIGCCsGAQUFBwMBBgorBgEEAYLefAEGMB0G
+A1UdDgQWBBRjlMq7Dkw3IN1X1CTuDLEITgjQGTAfBgNVHSMEGDAWgBQZc2oEGgsH
+cE9TeVM2h/wMunyuCzCBlgYIKwYBBQUHAQEEgYkwgYYwXQYIKwYBBQUHMAKGUWh0
+dHA6Ly90ZXN0cGtpLmt5cmlvLmNvbS9vY2YvY2FjZXJ0cy9CQkU2NEY5QTdFRTM3
+RDI5QTA1RTRCQjc3NTk1RjMwOEJFNDFFQjA3LmNydDAlBggrBgEFBQcwAYYZaHR0
+cDovL3Rlc3RvY3NwLmt5cmlvLmNvbTBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8v
+dGVzdHBraS5reXJpby5jb20vb2NmL2NybHMvQkJFNjRGOUE3RUUzN0QyOUEwNUU0
+QkI3NzU5NUYzMDhCRTQxRUIwNy5jcmwwGAYDVR0gBBEwDzANBgsrBgEEAYORVgAB
+AjBgBgorBgEEAYORVgEABFIwUDAJAgECAgEAAgEAMDYMGTEuMy42LjEuNC4xLjUx
+NDE0LjAuMC4xLjAMGTEuMy42LjEuNC4xLjUxNDE0LjAuMC4yLjAMBE9UR0MMBURF
+S1JBMCoGCisGAQQBg5FWAQEEHDAaBgsrBgEEAYORVgEBAAYLKwYBBAGDkVYBAQEw
+MAYKKwYBBAGDkVYBAgQiMCAMDjEuMy42LjEuNC4xLjcxDAlEaXNjb3ZlcnkMAzEu
+MDAKBggqhkjOPQQDAgNIADBFAiBLKD1R5LUOUJdMq2VWlzbzpZjvLeN1CFQIPS4y
+cjbm9wIhANmGPf7y8/s/fKWy/dEaIGjo79lButKOe0JWZaburW3P
+-----END CERTIFICATE-----

src/main/resources/data/kyrio-ee-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIChO1xeRf0WA/npKbjLKPzlnTDhE7v95O5ZG2fhZbBjLoAoGCCqGSM49
+AwEHoUQDQgAEI1ezCcJDuCeD1keCoG1R6xR0kIqRzETbu9ODj5pwEEN7ZxIY52MZ
+9Ezgw7zfGHpBOb6Awzl/fJmKcYT2uYc+dg==
+-----END EC PRIVATE KEY-----

src/main/resources/data/kyrio-root-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3zCCAYWgAwIBAgIJAPObjMBXKhGyMAoGCCqGSM49BAMCMFMxDDAKBgNVBAoM
+A09DRjEiMCAGA1UECwwZS3lyaW8gVGVzdCBJbmZyYXN0cnVjdHVyZTEfMB0GA1UE
+AwwWS3lyaW8gVEVTVCBST09UIENBMDAwMjAeFw0xODExMzAxNzMxMDVaFw0yODEx
+MjcxNzMxMDVaMFMxDDAKBgNVBAoMA09DRjEiMCAGA1UECwwZS3lyaW8gVGVzdCBJ
+bmZyYXN0cnVjdHVyZTEfMB0GA1UEAwwWS3lyaW8gVEVTVCBST09UIENBMDAwMjBZ
+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABGt1sU2QhQcK/kflKSF9TCrvKaDckLWd
+ZoyvP6z0OrqNdtBscZgVYsSHMQZ1R19wWxsflvNr8bMVW1K3HWMkpsijQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBQoSOTlJ1jZ
+CO4JNOSxuz1ZZh/I9TAKBggqhkjOPQQDAgNIADBFAiAlMUwgVeL8d5W4jZdFJ5Zg
+clk7XT66LNMfGkExSjU1ngIhANOvTmd32A0kEtIpHbiKA8+RFDCPJWjN4loxrBC7
+v0JE
+-----END CERTIFICATE-----

src/main/resources/data/kyrio-subca-cert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAqGgAwIBAgIJAPObjMBXKhG1MAoGCCqGSM49BAMCMFMxDDAKBgNVBAoM
+A09DRjEiMCAGA1UECwwZS3lyaW8gVGVzdCBJbmZyYXN0cnVjdHVyZTEfMB0GA1UE
+AwwWS3lyaW8gVEVTVCBST09UIENBMDAwMjAeFw0xODExMzAxODEyMTVaFw0yODEx
+MjYxODEyMTVaMFsxDDAKBgNVBAoMA09DRjEiMCAGA1UECwwZS3lyaW8gVGVzdCBJ
+bmZyYXN0cnVjdHVyZTEnMCUGA1UEAwweS3lyaW8gVEVTVCBJbnRlcm1lZGlhdGUg
+Q0EwMDAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvA+Gn3ofRpH40XuVppBR
+f78mDtfclOkBd7/32yQcmK2LQ0wm/uyl2cyeABPuN6NFcR9+LYkXZ5P4Ovy9R43Q
+vqOCAVQwggFQMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMB0G
+A1UdDgQWBBQZc2oEGgsHcE9TeVM2h/wMunyuCzAfBgNVHSMEGDAWgBQoSOTlJ1jZ
+CO4JNOSxuz1ZZh/I9TCBjQYIKwYBBQUHAQEEgYAwfjBVBggrBgEFBQcwAoZJaHR0
+cDovL3Rlc3Rwa2kua3lyaW8uY29tL29jZi80RTY4RTNGQ0YwRjJFNEY4MEE4RDE0
+MzhGNkExQkE1Njk1NzEzRDYzLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL3Rlc3Rv
+Y3NwLmt5cmlvLmNvbTBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vdGVzdHBraS5r
+eXJpby5jb20vb2NmLzRFNjhFM0ZDRjBGMkU0RjgwQThEMTQzOEY2QTFCQTU2OTU3
+MTNENjMuY3JsMAoGCCqGSM49BAMCA0cAMEQCHwXkRYd+u5pOPH544wBmBRJz/b0j
+ppvUIHx8IUH0CioCIQDC8CnMVTOC5aIoo5Yg4k7BDDNxbRQoPujYes0OTVGgPA==
+-----END CERTIFICATE-----