Hi Tonny, I didn't think of setting both flags, that might be the solution. In any case I still need to figure out why scons can't build Android for me. If I manage to do that and fix the problem I'll post here. Thank you for the help!
Best regards, A. Lapprand Em ter, 19 de dez de 2017 às 11:21, Tonny Tzeng <tonny.tz...@gmail.com> escreveu: > Hi Arthur, > > You are right, unless you set both the ResourceProperty.NONSECURE and > ResourceProperty.SECURE flags to enable both coap:// and coaps:// > endpoints, so that anonymous requests can match the "anon_clear" ACE... > > Regards, > Tonny > > On 19 December 2017 at 21:59, Arthur Barros Lapprand <a...@cin.ufpe.br> > wrote: > >> Hi Tonny, >> >> So that means I can't access a resource registered with >> ResourceProperty.SECURE flag by using coap:// while setting an ACE for >> it with "anon_clear", right? >> >> Best regards, >> A. Lapprand >> >> Em ter, 19 de dez de 2017 às 10:38, Tonny Tzeng <tonny.tz...@gmail.com> >> escreveu: >> >>> Hi Arthur, >>> >>> Set the ResourceProperty.SECURE flag will instruct the stack to use >>> the secured coaps:// endpoint, so you must use "auth_crypt" connection type >>> ACE for that resource, and the credentials must be installed for mutual >>> authentication. As you only wanted to run the existing code, you might >>> leave the ResourceProperty.SECURE flag unset to use unsecured coap:// >>> endpoint, so that the SRM can match the "anon_clear" connection type >>> ACE and grant the access. FYR. >>> >>> Regards, >>> Tonny >>> >>> On 19 December 2017 at 21:10, Arthur Barros Lapprand <a...@cin.ufpe.br> >>> wrote: >>> >>>> Hi Tonny, >>>> >>>> Yes, initially I want to run existing code and that ACE will hopefully >>>> be helpful even though I've once tried to use that wildcard ACE without >>>> success. I do use the ResourceProperty.SECURE flag when registering >>>> resources but I'm not sure if I really need to set credentials in the SVR >>>> database if I want a wildcard ACE to work. Right now I'm fighting some >>>> build issues when building SECURED=1 for Android that came with the 1.3.1 >>>> release. I'll certainly give feedback once I manage to do that. >>>> >>>> Thank you, >>>> A. Lapprand >>>> >>>> Em ter, 19 de dez de 2017 às 09:58, Tonny Tzeng <tonny.tz...@gmail.com> >>>> escreveu: >>>> >>>>> Hi Arthur, >>>>> >>>>> The concept to get secure access to a resource is the same for C++ and >>>>> JavaScript -- use secure endpoint in C++/JavaScript, and have proper ACL >>>>> and credential setup in the SVR database. If what you want is to run >>>>> existing code intact but with SECURED=1, then add an anonymous connection >>>>> type ACE as Max described above will work. Let us know it's not the >>>>> case... >>>>> >>>>> Regards, >>>>> Tonny >>>>> >>>>> On 18 December 2017 at 21:15, Arthur Barros Lapprand <a...@cin.ufpe.br >>>>> > wrote: >>>>> >>>>>> Sorry I meant I want to state this, not a few things, hehe. Basically >>>>>> I want to focus on local ACL permissions without dealing with the whole >>>>>> device ownership and pairing process. Thank you again! >>>>>> >>>>>> 2017-12-18 10:12 GMT-03:00 Arthur Barros Lapprand <a...@cin.ufpe.br>: >>>>>> >>>>>>> Hi, thank you for the quick replies! >>>>>>> >>>>>>> @Max >>>>>>> >>>>>>>> I never succeeded with setting the "di" using API >>>>>>>> >>>>>>> >>>>>>> I also never succeeded. However, since there was a recent release I >>>>>>> should first give it a try. >>>>>>> >>>>>>> @Tonny >>>>>>> I had an overview of the article. Very interesting indeed! But it >>>>>>> uses javascript which isn't what I'm looking for this particular >>>>>>> problem. >>>>>>> Nonetheless, it is related to security 😁. Since I didn't have the time >>>>>>> to >>>>>>> read it in detail yet I may be saying things that are answered there, so >>>>>>> pardon me in advance if you may. I need to state a few things: >>>>>>> >>>>>>> (3) use an Onboarding Tool to establish ownership with both the >>>>>>>> Client and the Server; >>>>>>> >>>>>>> (4) mutual install the credentials of each other by pairing the >>>>>>>> devices with the OBT >>>>>>>> >>>>>>> I'm trying to simulate these by setting the device owner through the >>>>>>> ACL for development purposes. >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <tonny.tz...@gmail.com>: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> We just posted an article at 01.org >>>>>>>> <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> >>>>>>>> talking >>>>>>>> few security concept in IoTivity. Though we were using iotivity-node >>>>>>>> as an >>>>>>>> example, I think the following steps would get your Client accesses to >>>>>>>> the >>>>>>>> Server securely: >>>>>>>> (1) your Server need to register the resource with >>>>>>>> ResourceProperty.SECURE flag in order to use the secured endpoint; >>>>>>>> (2) allow the "auth-crypt" connection requests in the SVD dB; >>>>>>>> (3) use an Onboarding Tool to establish ownership with both the >>>>>>>> Client and the Server; >>>>>>>> (4) mutual install the credentials of each other by pairing the >>>>>>>> devices with the OBT >>>>>>>> >>>>>>>> Regards, >>>>>>>> Tonny >>>>>>>> >>>>>>>> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Arthur, >>>>>>>>> >>>>>>>>> You should be able to communicate between the client and the >>>>>>>>> server on Android, using SECURED=1 library. >>>>>>>>> >>>>>>>>> First, to set your "di" (client or server) - you need to specify >>>>>>>>> the "di" value inside the DAT file (containing security information) >>>>>>>>> - you >>>>>>>>> can look at the samples. I never succeeded with setting the "di" >>>>>>>>> using API, >>>>>>>>> and I don't know if it's supported. >>>>>>>>> >>>>>>>>> Second, even using SECURED=1, in the server, you can allow any >>>>>>>>> client (even not authenticated) to access any resource. >>>>>>>>> The relevant ACL entry looks like: (you may need to change the >>>>>>>>> "aceid"): >>>>>>>>> { >>>>>>>>> >>>>>>>>> "aceid": 5, >>>>>>>>> "subject": { "conntype": "anon-clear" }, >>>>>>>>> "resources": [ >>>>>>>>> { "href": "*" } >>>>>>>>> ], >>>>>>>>> "permission": 14 >>>>>>>>> } >>>>>>>>> >>>>>>>>> This is definitely not the way to configure it in production, but it >>>>>>>>> should allow you to keep developing, without caring about access >>>>>>>>> permissions for a while. >>>>>>>>> >>>>>>>>> >>>>>>>>> Max >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand < >>>>>>>>> a...@cin.ufpe.br> wrote: >>>>>>>>> >>>>>>>>>> Hi all, >>>>>>>>>> >>>>>>>>>> I have a few beginner-leveled questions about secure mode in >>>>>>>>>> Android. Let me explain the situation: >>>>>>>>>> >>>>>>>>>> I have created two apps (one for Server/Controlee and the other >>>>>>>>>> for the Client/Controller) and I'm able to FIND and GET/POST/OBSERVE >>>>>>>>>> them >>>>>>>>>> without problems. As this is a simple example, I now want to do the >>>>>>>>>> same >>>>>>>>>> things but with SECURED=1. I should note that I am usually running >>>>>>>>>> both >>>>>>>>>> apps in the same device (not the emulator, but my cellphone). >>>>>>>>>> >>>>>>>>>> So I started looking everywhere and discovered I could do this >>>>>>>>>> with a local ACL and supposedly everything would be ok. Turns out it >>>>>>>>>> didn't, which is why I am here. So my questions are: >>>>>>>>>> >>>>>>>>>> - Do I need anything else to use the SECURED flag in Android >>>>>>>>>> apart from registering resource as secure and passing the ACL to the >>>>>>>>>> PlatformConfig and configure it? >>>>>>>>>> >>>>>>>>>> - I read that when configuring the Platform with an ACL the >>>>>>>>>> DeviceID should be set with the ID inside it. So as it failed I tried >>>>>>>>>> debugging the ID, which led me to confusion about PlatformID and >>>>>>>>>> DeviceID. >>>>>>>>>> When loading the ACL the DeviceID comes as a random byte[]. However, >>>>>>>>>> I can >>>>>>>>>> set the DeviceID in the code and retrieve it just fine. The thing >>>>>>>>>> is, the >>>>>>>>>> ID recieved by the Client (ServerID) isn't the same I set in the >>>>>>>>>> code. I'm >>>>>>>>>> not sure if it's something about the encoding tricking me or if it's >>>>>>>>>> something else. Can someone please shed me some light? >>>>>>>>>> >>>>>>>>>> In short, the Client can find the resources (they are registered >>>>>>>>>> with SECURE type) but can't make a correct GET/POST/OBSERVE request, >>>>>>>>>> returning UNAUTHORIZED_REQ. Any tips about this flag and Android are >>>>>>>>>> welcome. >>>>>>>>>> >>>>>>>>>> Sorry for the long post, thank you in advance! >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> iotivity-dev mailing list >>>>>>>>>> iotivity-dev@lists.iotivity.org >>>>>>>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> iotivity-dev mailing list >>>>>>>>> iotivity-dev@lists.iotivity.org >>>>>>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>> >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
