Refactor oc_cred.c and oc_roles.c

api/oc_client_role.c

@@ -27,7 +27,7 @@
 oc_role_t *
 oc_get_all_roles(void)
 {
-  return oc_sec_get_role_creds();
+  return oc_sec_role_creds_get();
 }
 
 static void
@@ -74,7 +74,7 @@ oc_assert_role(const char *role, const char *authority,
     return false;
   }
   oc_tls_select_cert_ciphersuite();
-  if (!oc_init_post("/oic/sec/roles", endpoint, NULL, handler, HIGH_QOS,
+  if (!oc_init_post(OCF_SEC_ROLES_URI, endpoint, NULL, handler, HIGH_QOS,
                     user_data)) {
     OC_ERR("cannot init POST");
   }
@@ -103,7 +103,7 @@ oc_assert_all_roles(const oc_endpoint_t *endpoint,
   if (roles == NULL) {
     return;
   }
-  if (!oc_init_post("/oic/sec/roles", endpoint, NULL, handler, HIGH_QOS,
+  if (!oc_init_post(OCF_SEC_ROLES_URI, endpoint, NULL, handler, HIGH_QOS,
                     user_data)) {
     OC_ERR("cannot init POST");
   }

api/oc_core_res.c

@@ -16,10 +16,11 @@
  *
  ****************************************************************************/
 
-#include "oc_core_res.h"
 #include "messaging/coap/oc_coap.h"
 #include "oc_api.h"
+#include "oc_core_res.h"
 #include "oc_core_res_internal.h"
+#include "oc_csr.h"
 #include "oc_discovery.h"
 #include "oc_endpoint.h"
 #include "oc_introspection_internal.h"
@@ -28,6 +29,7 @@
 #include "oc_ri_internal.h"
 #include "oc_main.h"
 #include "oc_server_api_internal.h"
+#include "oc_swupdate_internal.h"
 #include "port/oc_assert.h"
 #include "util/oc_atomic.h"
 #include "util/oc_compiler.h"
@@ -45,6 +47,7 @@
 #ifdef OC_SECURITY
 #include "security/oc_doxm_internal.h"
 #include "security/oc_pstat.h"
+#include "security/oc_roles_internal.h"
 #include "security/oc_sdi_internal.h"
 #include "security/oc_sp_internal.h"
 #include "security/oc_tls_internal.h"
@@ -873,12 +876,12 @@ oc_core_get_resource_type_by_uri(const char *uri)
     return OCF_SEC_SP;
   }
 #ifdef OC_PKI
-  if (core_is_resource_uri(uri, uri_len, "/oic/sec/csr",
-                           OC_CHAR_ARRAY_LEN("/oic/sec/csr"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SEC_CSR_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SEC_CSR_URI))) {
     return OCF_SEC_CSR;
   }
-  if (core_is_resource_uri(uri, uri_len, "/oic/sec/roles",
-                           OC_CHAR_ARRAY_LEN("/oic/sec/roles"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SEC_ROLES_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SEC_ROLES_URI))) {
     return OCF_SEC_ROLES;
   }
 #endif /* OC_PKI */
@@ -888,8 +891,8 @@ oc_core_get_resource_type_by_uri(const char *uri)
   }
 #endif /* OC_SECURITY */
 #ifdef OC_SOFTWARE_UPDATE
-  if (core_is_resource_uri(uri, uri_len, "/oc/swu",
-                           OC_CHAR_ARRAY_LEN("/oc/swu"))) {
+  if (core_is_resource_uri(uri, uri_len, OCF_SW_UPDATE_URI,
+                           OC_CHAR_ARRAY_LEN(OCF_SW_UPDATE_URI))) {
     return OCF_SW_UPDATE;
   }
 #endif /* OC_SOFTWARE_UPDATE */

api/oc_helpers.c

@@ -137,18 +137,44 @@ oc_set_string(oc_string_t *dst, const char *str, size_t str_len)
 #endif /* OC_DYNAMIC_ALLOCATION */
 }
 
+oc_string_view_t
+oc_string_view(const char *data, size_t length)
+{
+  oc_string_view_t view = {
+    .data = data,
+    .length = length,
+  };
+  return view;
+}
+
+oc_string_view_t
+oc_string_view2(const oc_string_t *str)
+{
+  if (str == NULL) {
+    return oc_string_view(NULL, 0);
+  }
+  return oc_string_view(oc_string(*str), oc_string_len(*str));
+}
+
+bool
+oc_string_view_is_equal(oc_string_view_t str1, oc_string_view_t str2)
+{
+  return str1.length == str2.length &&
+         (str1.length == 0 || memcmp(str1.data, str2.data, str1.length) == 0);
+}
+
 bool
 oc_string_is_equal(const oc_string_t *str1, const oc_string_t *str2)
 {
-  return oc_string_is_cstr_equal(str1, oc_string(*str2), oc_string_len(*str2));
+  return oc_string_view_is_equal(oc_string_view2(str1), oc_string_view2(str2));
 }
 
 bool
 oc_string_is_cstr_equal(const oc_string_t *str1, const char *str2,
                         size_t str2_len)
 {
-  return oc_string_len(*str1) == str2_len &&
-         memcmp(oc_string(*str1), str2, str2_len) == 0;
+  return oc_string_view_is_equal(oc_string_view2(str1),
+                                 oc_string_view(str2, str2_len));
 }
 
 void

api/oc_helpers_internal.h

@@ -29,6 +29,40 @@
 extern "C" {
 #endif
 
+/**
+ * @brief Non-mutable view into a C-string or an oc_string_t.
+ *
+ * @note It is the programmer's responsibility to ensure that oc_string_view_t
+ * does not outlive the pointed-to string.
+ * This is especially important with dynamic allocation disabled. Because then
+ * oc_string_t values are taken from a preallocated pool and when an oc_string_t
+ * is "deallocated" then data is returned to the pool and oc_string_t values
+ * allocated after this value are reallocated so that the pool is always
+ * contiguous. This means that the data pointer might become invalid after a
+ * call to oc_free_string.
+ */
+typedef struct oc_string_view_t
+{
+  const char *data;
+  size_t length;
+} oc_string_view_t;
+
+/** Create an oc_string_view_t from a C-string. */
+oc_string_view_t oc_string_view(const char *data, size_t length);
+
+/** Create an oc_string_view_t from an oc_string_t. */
+oc_string_view_t oc_string_view2(const oc_string_t *str);
+
+/**
+ * @brief Compare two oc_string_view_t values.
+ *
+ * @param str1 first oc_string_view_t
+ * @param str2 second oc_string_view_t
+ * @return true strings are equal
+ * @return false strings are not equal
+ */
+bool oc_string_view_is_equal(oc_string_view_t str1, oc_string_view_t str2);
+
 /**
  * @brief Compare two oc_strings.
  *

api/oc_main.c

@@ -48,6 +48,7 @@
 #include "security/oc_tls_internal.h"
 #ifdef OC_PKI
 #include "security/oc_keypair_internal.h"
+#include "security/oc_roles_internal.h"
 #endif /* OC_PKI */
 #include "security/oc_sdi_internal.h"
 #endif /* OC_SECURITY */
@@ -445,6 +446,9 @@ oc_main_shutdown(void)
 
   oc_sec_svr_free();
 #ifdef OC_PKI
+#ifdef OC_CLIENT
+  oc_sec_role_creds_free();
+#endif /* OC_CLIENT */
   oc_sec_ecdsa_free_keypairs();
 #endif /* OC_PKI */
 #endif /* OC_SECURITY */

api/oc_ri.c

@@ -848,9 +848,9 @@ oc_ri_audit_log(oc_method_t method, const oc_resource_t *resource,
   snprintf(aux[idx++], LINE_WIDTH, "device is in %s", state_str_val[state]);
   snprintf(aux[idx++], LINE_WIDTH, "No roles asserted");
 #ifdef OC_PKI
-  if (peer) {
+  if (peer != NULL) {
     size_t pos = 0;
-    for (oc_sec_cred_t *rc = oc_sec_get_roles(peer); rc && pos < LINE_WIDTH;
+    for (oc_sec_cred_t *rc = oc_sec_roles_get(peer); rc && pos < LINE_WIDTH;
          rc = rc->next) {
       pos += snprintf(aux[idx - 1] + pos, LINE_WIDTH - pos - 1, "%s ",
                       oc_string(rc->role.role));

security/oc_acl.c

@@ -231,10 +231,9 @@ oc_ace_get_permission(const oc_sec_ace_t *ace, const oc_resource_t *resource,
   oc_ace_wildcard_t wc = 0;
   if (!is_DCR) {
     if (resource->properties & OC_DISCOVERABLE) {
+      wc = OC_ACE_WC_ALL_SECURED;
       if (is_public) {
-        wc = OC_ACE_WC_ALL_PUBLIC | OC_ACE_WC_ALL_SECURED;
-      } else {
-        wc = OC_ACE_WC_ALL_SECURED;
+        wc |= OC_ACE_WC_ALL_PUBLIC;
       }
     } else {
       wc = OC_ACE_WC_ALL;
@@ -556,8 +555,8 @@ oc_sec_check_acl(oc_method_t method, const oc_resource_t *resource,
     }
     if ((pstat->s == OC_DOS_RFPRO || pstat->s == OC_DOS_RFNOP ||
          pstat->s == OC_DOS_SRESET) &&
-        oc_string_len(resource->uri) == 14 &&
-        memcmp(oc_string(resource->uri), "/oic/sec/roles", 14) == 0) {
+        oc_string_is_cstr_equal(&resource->uri, OCF_SEC_ROLES_URI,
+                                OC_CHAR_ARRAY_LEN(OCF_SEC_ROLES_URI))) {
       OC_DBG("oc_acl: peer has implicit access to /oic/sec/roles in RFPRO, "
              "RFNOP, SRESET");
       return true;
@@ -600,7 +599,8 @@ oc_sec_check_acl(oc_method_t method, const oc_resource_t *resource,
     }
 #ifdef OC_PKI
     else {
-      const oc_sec_cred_t *role_cred = peer ? oc_sec_get_roles(peer) : NULL;
+      const oc_sec_cred_t *role_cred =
+        peer != NULL ? oc_sec_roles_get(peer) : NULL;
       while (role_cred) {
         const oc_sec_cred_t *next = role_cred->next;
         uint32_t flags = 0;