Merge pull request #3 from openconnectivity/develop

Merge develop into master

README.md

@@ -55,7 +55,8 @@ To import the IoTivity Base API Binary into the OTGC Linux App project:
 The OTGC application requires the following packages:
 
 - openjdk-8-jdk
-- openjfx
+- openjfx for Ubuntu 16
+- openjfx=8u161-b12-1ubuntu2 libopenjfx-java=8u161-b12-1ubuntu2 libopenjfx-jni=8u161-b12-1ubuntu2 for Ubuntu 18
 
 This packages can install through the next command:
 

build/debian/control

@@ -1,5 +1,5 @@
 Package: OTGC
-Version: 1.4.0
+Version: 2.0.2
 Section: custom
 Priority: optional
 Architecture: amd64

build/debian/otgc_native.sh

@@ -11,7 +11,7 @@
 
 # Constants
 PROJECT_NAME="otgc"
-VERSION="1.4.0"
+VERSION="2.0.2"
 
 program=$0
 

extlibs/patchs/remove_cred_by_credid.patch

@@ -0,0 +1,49 @@
+diff --git a/include/oc_pki.h b/include/oc_pki.h
+index acbab8c..c16b512 100644
+--- a/include/oc_pki.h
++++ b/include/oc_pki.h
+@@ -45,6 +45,9 @@ int oc_pki_add_trust_anchor(size_t device, const unsigned char *cert,
+ void oc_pki_set_security_profile(size_t device,
+                                  oc_sp_types_t supported_profiles,
+                                  oc_sp_types_t current_profile, int mfg_credid);
++
++void oc_pki_remove_credential_by_credid(size_t device, long credid);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/security/oc_pki.c b/security/oc_pki.c
+index a3ecc4f..97e8fb3 100644
+--- a/security/oc_pki.c
++++ b/security/oc_pki.c
+@@ -334,6 +334,16 @@ oc_pki_add_trust_anchor(size_t device, const unsigned char *cert,
+   return pki_add_trust_anchor(device, cert, cert_size, OC_CREDUSAGE_TRUSTCA);
+ }
+
++void
++oc_pki_remove_credential_by_credid(size_t device, long credid)
++{
++  oc_sec_cred_t *cred = oc_sec_get_cred_by_credid(credid, device);
++  if (cred)
++  {
++    oc_sec_remove_cred(cred, device);
++  }
++}
++
+ #else  /* OC_PKI */
+ typedef int dummy_declaration;
+ #endif /* !OC_PKI */
+diff --git a/swig/swig_interfaces/oc_pki.i b/swig/swig_interfaces/oc_pki.i
+index ae654bb..c4bae02 100644
+--- a/swig/swig_interfaces/oc_pki.i
++++ b/swig/swig_interfaces/oc_pki.i
+@@ -32,6 +32,6 @@
+ %rename (addMfgTrustAnchor) oc_pki_add_mfg_trust_anchor;
+ %rename (addTrustAnchor) oc_pki_add_trust_anchor;
+ %rename (setSecurityProfile) oc_pki_set_security_profile;
++%rename (removeCredentialByCredid) oc_pki_remove_credential_by_credid;
+
+-
+-%include "oc_pki.h"
+\ No newline at end of file
++%include "oc_pki.h"

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>otgc</groupId>
     <artifactId>otgc</artifactId>
-    <version>1.4.0</version>
+    <version>2.0.2</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

src/main/java/org/openconnectivity/otgc/data/repository/AmsRepository.java

@@ -25,6 +25,7 @@
 import org.iotivity.*;
 import org.openconnectivity.otgc.domain.model.resource.secure.acl.*;
 import org.openconnectivity.otgc.utils.constant.OcfResourceUri;
+import org.openconnectivity.otgc.utils.constant.OcfWildcard;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -183,7 +184,11 @@ private List<OcAceResource> getResources(List<String> verticalResources) {
         List<OcAceResource> resources = new ArrayList<>();
         for (String verticalResource : verticalResources) {
             OcAceResource res = new OcAceResource();
-            res.setHref(verticalResource);
+            if (OcfWildcard.isWildcard(verticalResource)) {
+                res.setWildCard(verticalResource);
+            } else {
+                res.setHref(verticalResource);
+            }
             /*List<String> types = new ArrayList<>();
             types.add("*");
             res.setResourceTypes(types);

src/main/java/org/openconnectivity/otgc/data/repository/CmsRepository.java

@@ -20,6 +20,7 @@
 package org.openconnectivity.otgc.data.repository;
 
 import io.reactivex.Completable;
+import io.reactivex.CompletableSource;
 import io.reactivex.Single;
 import org.apache.log4j.Logger;
 import org.iotivity.*;
@@ -97,7 +98,7 @@ public Single<OcCsr> retrieveCsr(String endpoint, String deviceId) {
         });
     }
 
-    public Completable provisionIdentityCertificate(String endpoint, String deviceId, String identityCert) {
+    public Completable provisionTrustAnchor(String endpoint, String deviceId, String rootCert) {
         return Completable.create(emitter -> {
             OCEndpoint ep = OCEndpointUtil.newEndpoint();
             OCEndpointUtil.stringToEndpoint(endpoint, ep, new String[1]);
@@ -116,13 +117,13 @@ public Completable provisionIdentityCertificate(String endpoint, String deviceId
 
             if (OCMain.initPost(OcfResourceUri.CRED_URI, ep, null, handler, OCQos.HIGH_QOS)) {
                 OcCredPublicData publicData = new OcCredPublicData();
-                publicData.setPemData(identityCert);
+                publicData.setPemData(rootCert);
                 publicData.setEncoding(OcfEncoding.OC_ENCODING_PEM);
 
                 OcCredential cred = new OcCredential();
-                cred.setSubjectuuid(deviceId);
+                cred.setSubjectuuid("*");
                 cred.setCredtype(OcfCredType.OC_CREDTYPE_CERT);
-                cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_CERT);
+                cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_TRUSTCA);
                 cred.setPublicData(publicData);
                 List<OcCredential> credList = new ArrayList<>();
                 credList.add(cred);
@@ -148,6 +149,59 @@ public Completable provisionIdentityCertificate(String endpoint, String deviceId
         });
     }
 
+    public Completable provisionIdentityCertificate(String endpoint, String deviceId, String rootCert, String identityCert) {
+        return provisionTrustAnchor(endpoint, deviceId, rootCert)
+            .andThen(
+                Completable.create(emitter -> {
+                    OCEndpoint ep = OCEndpointUtil.newEndpoint();
+                    OCEndpointUtil.stringToEndpoint(endpoint, ep, new String[1]);
+                    OCUuid di = OCUuidUtil.stringToUuid(deviceId);
+                    OCEndpointUtil.setDi(ep, di);
+
+                    OCResponseHandler handler = (OCClientResponse response) -> {
+                        OCStatus code = response.getCode();
+                        if (code.equals(OCStatus.OC_STATUS_OK) || code.equals(OCStatus.OC_STATUS_CHANGED)) {
+                            LOG.debug("Provision identity certificate succeeded");
+                            emitter.onComplete();
+                        } else {
+                            emitter.onError(new IOException("Provision identity certificate error"));
+                        }
+                    };
+
+                    if (OCMain.initPost(OcfResourceUri.CRED_URI, ep, null, handler, OCQos.HIGH_QOS)) {
+                        OcCredPublicData publicData = new OcCredPublicData();
+                        publicData.setPemData(identityCert);
+                        publicData.setEncoding(OcfEncoding.OC_ENCODING_PEM);
+
+                        OcCredential cred = new OcCredential();
+                        cred.setSubjectuuid(deviceId);
+                        cred.setCredtype(OcfCredType.OC_CREDTYPE_CERT);
+                        cred.setCredusage(OcfCredUsage.OC_CREDUSAGE_CERT);
+                        cred.setPublicData(publicData);
+                        List<OcCredential> credList = new ArrayList<>();
+                        credList.add(cred);
+
+                        OcCredentials creds = new OcCredentials();
+                        creds.setCredList(credList);
+
+                        CborEncoder root = creds.parseToCbor();
+                        if (OCMain.doPost()) {
+                            LOG.debug("Sent POST request to /oic/sec/cred");
+                        } else {
+                            String error = "Could not send POST request to /oic/sec/cred";
+                            LOG.error(error);
+                            emitter.onError(new Exception(error));
+                        }
+                    } else {
+                        String error = "Could not init POST request to /oic/sec/cred";
+                        LOG.error(error);
+                        emitter.onError(new Exception(error));
+                    }
+
+                    OCEndpointUtil.freeEndpoint(ep);
+                }));
+    }
+
     public Completable provisionRoleCertificate(String endpoint, String deviceId, String roleCert, String roleId, String roleAuthority) {
         return Completable.create(emitter -> {
             OCEndpoint ep = OCEndpointUtil.newEndpoint();
@@ -283,4 +337,25 @@ public Completable deleteCredential(String endpoint, String deviceId, long credI
             OCEndpointUtil.freeEndpoint(ep);
         });
     }
+
+    public Completable addTrustAnchor(String pemCert) {
+        return Completable.create(emitter -> {
+            if (OCPki.addTrustAnchor(0 /* First device */, pemCert.getBytes()) == -1) {
+                emitter.onError(new Exception("Add trust anchor error"));
+            }
+
+            if (OCPki.addMfgTrustAnchor(0 /* First device */, pemCert.getBytes()) == -1) {
+                emitter.onError(new Exception("Add manufacturer trust anchor error"));
+            }
+
+            emitter.onComplete();
+        });
+    }
+
+    public Completable removeTrustAnchor(long device, long credid) {
+        return Completable.create(emitter -> {
+            OCPki.removeCredentialByCredid(device, (int)credid);
+            emitter.onComplete();
+        });
+    }
 }

src/main/java/org/openconnectivity/otgc/data/repository/IORepository.java

@@ -19,13 +19,15 @@
 
 package org.openconnectivity.otgc.data.repository;
 
+import com.upokecenter.cbor.CBORObject;
 import io.reactivex.Single;
 import org.apache.log4j.Logger;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.openconnectivity.otgc.utils.constant.OtgcConstant;
 
 import javax.inject.Inject;
 import javax.inject.Singleton;
@@ -68,9 +70,13 @@ public Single<PrivateKey> getAssetAsPrivateKey(String fileName) {
     }
 
     public Single<X509Certificate> getAssetAsX509Certificate(String fileName) {
+        return getFileAsX509Certificate(assetsPath + fileName);
+    }
+
+    public Single<X509Certificate> getFileAsX509Certificate(String path) {
         return Single.create(emitter -> {
             try (InputStream inputStream =
-                         new FileInputStream(assetsPath + fileName)) {
+                         new FileInputStream(path)) {
                 Security.addProvider(new BouncyCastleProvider());
                 CertificateFactory factory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
                 X509Certificate caCert = (X509Certificate) factory.generateCertificate(inputStream);
@@ -79,9 +85,18 @@ public Single<X509Certificate> getAssetAsX509Certificate(String fileName) {
                 LOG.error("File not found: " + e.getMessage());
                 emitter.onError(e);
             } catch (IOException e) {
-                LOG.error(fileName + " file storage failed");
+                LOG.error(path + " file storage failed");
                 emitter.onError(e);
             }
         });
     }
-}
+
+    public Single<CBORObject> getAssetSvrAsCbor(String resource, long device) {
+        return Single.create(emitter -> {
+            try (FileInputStream stream = new FileInputStream(OtgcConstant.OTGC_CREDS_DIR + File.separator + resource + "_" + device)) {
+                CBORObject cbor = CBORObject.Read(stream);
+                emitter.onSuccess(cbor);
+            }
+        });
+    }
+}

src/main/java/org/openconnectivity/otgc/data/repository/IotivityRepository.java

@@ -42,6 +42,7 @@
 import javax.inject.Inject;
 import javax.inject.Singleton;
 import java.io.File;
+import java.nio.file.Files;
 import java.util.*;
 import java.util.concurrent.TimeUnit;
 
@@ -95,7 +96,9 @@ public Completable initOICStack() {
                 LOG.error("Failed to setup Storage Config.");
             }
 
-            OCIntrospection.setIntrospectionFile(0 /* First device */, OtgcConstant.INTROSPECTION_CBOR_FILE);
+            File introspectionFile = new File(OtgcConstant.INTROSPECTION_CBOR_FILE);
+            byte[] introspectionData = Files.readAllBytes(introspectionFile.toPath());
+            OCIntrospection.setIntrospectionData(0 /* First device */, introspectionData);
 
             int ret = OCMain.mainInit(new OCMainInitHandler() {
                 @Override

src/main/java/org/openconnectivity/otgc/domain/model/resource/secure/cred/OcCredPublicData.java

@@ -19,6 +19,7 @@
 
 package org.openconnectivity.otgc.domain.model.resource.secure.cred;
 
+import com.upokecenter.cbor.CBORObject;
 import org.iotivity.CborEncoder;
 import org.iotivity.OCRep;
 import org.iotivity.OCRepresentation;
@@ -59,6 +60,28 @@ public void setDerData(byte[] derData) {
         this.derData = derData;
     }
 
+    public void parseCbor(CBORObject cbor) {
+        /* encoding */
+        CBORObject encodingObj = cbor.get(OcfResourceAttributeKey.ENCODING_KEY);
+        if (encodingObj != null) {
+            String encoding = encodingObj.AsString();
+            this.setEncoding(OcfEncoding.valueToEnum(encoding));
+        }
+        /* data */
+        CBORObject dataObj = cbor.get(OcfResourceAttributeKey.DATA_KEY);
+        if (dataObj != null) {
+            if (encodingObj.AsString().equals(OcfEncoding.OC_ENCODING_DER.getValue())) {
+                /* data DER format */
+                byte[] dataDer = dataObj.GetByteString();
+                this.setDerData(dataDer);
+            } else if (encodingObj.AsString().equals(OcfEncoding.OC_ENCODING_PEM.getValue())) {
+                /* data PEM format */
+                String dataPem = dataObj.AsString();
+                this.setPemData(dataPem);
+            }
+        }
+    }
+
     public void parseOCRepresentation(OCRepresentation rep) {
         /* data DER format */
         byte[] dataDer = OCRep.getByteString(rep, OcfResourceAttributeKey.DATA_KEY);

src/main/java/org/openconnectivity/otgc/domain/model/resource/secure/cred/OcCredRole.java

@@ -19,6 +19,7 @@
 
 package org.openconnectivity.otgc.domain.model.resource.secure.cred;
 
+import com.upokecenter.cbor.CBORObject;
 import org.iotivity.CborEncoder;
 import org.iotivity.OCRep;
 import org.iotivity.OCRepresentation;
@@ -48,6 +49,21 @@ public void setRole(String role) {
         this.role = role;
     }
 
+    public void parseCbor(CBORObject cbor) {
+        /* role */
+        CBORObject roleObj = cbor.get(OcfResourceAttributeKey.ROLE_KEY);
+        if (roleObj != null) {
+            String role = roleObj.AsString();
+            this.setRole(role);
+        }
+        /* authority */
+        CBORObject authorityObj = cbor.get(OcfResourceAttributeKey.ROLE_AUTHORITY_KEY);
+        if (authorityObj != null) {
+            String authority = authorityObj.AsString();
+            this.setAuthority(authority);
+        }
+    }
+
     public void parseOCRepresentation(OCRepresentation rep) {
         /* role */
         String role = OCRep.getString(rep, OcfResourceAttributeKey.ROLE_KEY);