Refactor oc_cred.c and oc_roles.c

iotivity · Jul 13, 2023 · 68ad9a1 · 68ad9a1
1 parent 6a12a6e
commit 68ad9a1
Show file tree

Hide file tree

Showing 18 changed files with 988 additions and 502 deletions.
diff --git a/api/oc_client_role.c b/api/oc_client_role.c
@@ -27,7 +27,7 @@
 oc_role_t *
 oc_get_all_roles(void)
 {
-  return oc_sec_get_role_creds();
+  return oc_sec_role_creds_get();
 }
 
 static void
@@ -74,7 +74,7 @@ oc_assert_role(const char *role, const char *authority,
     return false;
   }
   oc_tls_select_cert_ciphersuite();
-  if (!oc_init_post("/oic/sec/roles", endpoint, NULL, handler, HIGH_QOS,
+  if (!oc_init_post(OCF_SEC_ROLES_URI, endpoint, NULL, handler, HIGH_QOS,
                     user_data)) {
     OC_ERR("cannot init POST");
   }
@@ -103,7 +103,7 @@ oc_assert_all_roles(const oc_endpoint_t *endpoint,
   if (roles == NULL) {
     return;
   }
-  if (!oc_init_post("/oic/sec/roles", endpoint, NULL, handler, HIGH_QOS,
+  if (!oc_init_post(OCF_SEC_ROLES_URI, endpoint, NULL, handler, HIGH_QOS,
                     user_data)) {
     OC_ERR("cannot init POST");
   }

diff --git a/api/oc_core_res.c b/api/oc_core_res.c
@@ -16,10 +16,11 @@
  *
  ****************************************************************************/
 
-#include "oc_core_res.h"
 #include "messaging/coap/oc_coap.h"
 #include "oc_api.h"
+#include "oc_core_res.h"
 #include "oc_core_res_internal.h"
+#include "oc_csr.h"
 #include "oc_discovery.h"
 #include "oc_endpoint.h"
 #include "oc_introspection_internal.h"
@@ -28,6 +29,7 @@
 #include "oc_ri_internal.h"
 #include "oc_main.h"
 #include "oc_server_api_internal.h"
+#include "oc_swupdate_internal.h"
 #include "port/oc_assert.h"
 #include "util/oc_atomic.h"
 #include "util/oc_compiler.h"
@@ -45,6 +47,7 @@
 #ifdef OC_SECURITY
 #include "security/oc_doxm_internal.h"
 #include "security/oc_pstat.h"
+#include "security/oc_roles_internal.h"
 #include "security/oc_sdi_internal.h"
 #include "security/oc_sp_internal.h"
 #include "security/oc_tls_internal.h"
@@ -873,12 +876,12 @@ oc_core_get_resource_type_by_uri(const char *uri)
     return OCF_SEC_SP;
   }
 #ifdef OC_PKI
-  if (core_is_resource_uri(uri, uri_len, "/oic/sec/csr",
-                           OC_CHAR_ARRAY_LEN("/oic/sec/csr"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SEC_CSR_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SEC_CSR_URI))) {
     return OCF_SEC_CSR;
   }
-  if (core_is_resource_uri(uri, uri_len, "/oic/sec/roles",
-                           OC_CHAR_ARRAY_LEN("/oic/sec/roles"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SEC_ROLES_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SEC_ROLES_URI))) {
     return OCF_SEC_ROLES;
   }
 #endif /* OC_PKI */
@@ -888,8 +891,8 @@ oc_core_get_resource_type_by_uri(const char *uri)
   }
 #endif /* OC_SECURITY */
 #ifdef OC_SOFTWARE_UPDATE
-  if (core_is_resource_uri(uri, uri_len, "/oc/swu",
-                           OC_CHAR_ARRAY_LEN("/oc/swu"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SW_UPDATE_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SW_UPDATE_URI))) {
     return OCF_SW_UPDATE;
   }
 #endif /* OC_SOFTWARE_UPDATE */

diff --git a/api/oc_main.c b/api/oc_main.c
@@ -48,6 +48,7 @@
 #include "security/oc_tls_internal.h"
 #ifdef OC_PKI
 #include "security/oc_keypair_internal.h"
+#include "security/oc_roles_internal.h"
 #endif /* OC_PKI */
 #include "security/oc_sdi_internal.h"
 #endif /* OC_SECURITY */
@@ -445,6 +446,9 @@ oc_main_shutdown(void)
 
   oc_sec_svr_free();
 #ifdef OC_PKI
+#ifdef OC_CLIENT
+  oc_sec_role_creds_free();
+#endif /* OC_CLIENT */
   oc_sec_ecdsa_free_keypairs();
 #endif /* OC_PKI */
 #endif /* OC_SECURITY */

diff --git a/api/oc_ri.c b/api/oc_ri.c
@@ -848,9 +848,9 @@ oc_ri_audit_log(oc_method_t method, const oc_resource_t *resource,
   snprintf(aux[idx++], LINE_WIDTH, "device is in %s", state_str_val[state]);
   snprintf(aux[idx++], LINE_WIDTH, "No roles asserted");
 #ifdef OC_PKI
-  if (peer) {
+  if (peer != NULL) {
     size_t pos = 0;
-    for (oc_sec_cred_t *rc = oc_sec_get_roles(peer); rc && pos < LINE_WIDTH;
+    for (oc_sec_cred_t *rc = oc_sec_roles_get(peer); rc && pos < LINE_WIDTH;
          rc = rc->next) {
       pos += snprintf(aux[idx - 1] + pos, LINE_WIDTH - pos - 1, "%s ",
                       oc_string(rc->role.role));

diff --git a/security/oc_acl.c b/security/oc_acl.c
@@ -231,10 +231,9 @@ oc_ace_get_permission(const oc_sec_ace_t *ace, const oc_resource_t *resource,
   oc_ace_wildcard_t wc = 0;
   if (!is_DCR) {
     if (resource->properties & OC_DISCOVERABLE) {
+      wc = OC_ACE_WC_ALL_SECURED;
       if (is_public) {
-        wc = OC_ACE_WC_ALL_PUBLIC | OC_ACE_WC_ALL_SECURED;
-      } else {
-        wc = OC_ACE_WC_ALL_SECURED;
+        wc |= OC_ACE_WC_ALL_PUBLIC;
       }
     } else {
       wc = OC_ACE_WC_ALL;
@@ -556,8 +555,8 @@ oc_sec_check_acl(oc_method_t method, const oc_resource_t *resource,
     }
     if ((pstat->s == OC_DOS_RFPRO || pstat->s == OC_DOS_RFNOP ||
          pstat->s == OC_DOS_SRESET) &&
-        oc_string_len(resource->uri) == 14 &&
-        memcmp(oc_string(resource->uri), "/oic/sec/roles", 14) == 0) {
+        oc_string_is_cstr_equal(&resource->uri, OCF_SEC_ROLES_URI,
+                                OC_CHAR_ARRAY_LEN(OCF_SEC_ROLES_URI))) {
       OC_DBG("oc_acl: peer has implicit access to /oic/sec/roles in RFPRO, "
              "RFNOP, SRESET");
       return true;
@@ -600,7 +599,8 @@ oc_sec_check_acl(oc_method_t method, const oc_resource_t *resource,
     }
 #ifdef OC_PKI
     else {
-      const oc_sec_cred_t *role_cred = peer ? oc_sec_get_roles(peer) : NULL;
+      const oc_sec_cred_t *role_cred =
+        peer != NULL ? oc_sec_roles_get(peer) : NULL;
       while (role_cred) {
         const oc_sec_cred_t *next = role_cred->next;
         uint32_t flags = 0;