Hi Joseph,
I have done as you described and it indeed changed the situation. The error
which before had the UNAUTHORIZED_REQ flag now has the ERROR flag. I don't
really know what this flag means but I'm searching it.
Regards,
A. Lapprand
Em seg, 25 de dez de 2017 às 14:38, Morrow, Joseph L <
joseph.l.mor...@intel.com> escreveu:
> Hi Arthur,
>
> My coworker Michael and I just found the following solution. We placed
> this in our Client’s Discovery Callback for the timebeing. As you may
> notice, you can call setHost() at any time after discovery has occurred.
>
> The reason you need to perform the setHost() function, is because the C++
> SDK doesn’t automatically assume you want to use the "coaps://“ (ie. Secure
> communications) version of the Resource’s URI. It assumes you want to use
> the “coap://“ version and the Server will reject this if your resource(s)
> were created with the OC_SECURE flag. (Note: I’ve just recently heard you
> no longer need to specify the “OC_SECURE” flag as all resources are created
> as Secure Resources now by default.)
>
> foo( std::shared_ptr<OC::OCResource> resource )
>
> {
>
> //
>
> // Find the first secure coaps endpoint in the list of hosts. If it's
> there
>
> // then use it; otherwise use the unsecure coap endpoint.
>
> //
>
> auto resourceHostList = resource->getAllHosts();
>
>
>
> for (auto &host : resourceHostList)
>
> {
>
> if (std::string::npos != host.find("coaps://"))
>
> {
>
> resource->setHost(host);
>
>
>
> break;
>
> }
>
> }
>
>
> // If you keep a single copy of your discovered resource, take the copy of
> it here for you to use later in your application.
>
> MyDiscoveredResources.push_back(resource); // For a quick test, just call
> "resource.get()" and see if the server side is honoring your request now.
>
>
> }
>
> Thanks,
>
> Joey Morrow
>
> From: <iotivity-dev-boun...@lists.iotivity.org> on behalf of Arthur
> Barros Lapprand <a...@cin.ufpe.br>
> Date: Sunday, December 24, 2017 at 6:51 PM
> To: Tonny Tzeng <tonny.tz...@gmail.com>
> Cc: iotivity <iotivity-dev@lists.iotivity.org>, Rami Alshafi <
> ralsh...@vtmgroup.com>
> Subject: Re: [dev] FW: Android SECURED mode
>
> I am using both OC_NONSECURE and OC_SECURE flags when registering the
> resources and attempting a GET request with the OcResource I get from the
> OnResourceFound callback. Odd, isn't it?
>
> Thank you,
> A. Lapprand
>
> Em dom, 24 de dez de 2017 às 23:46, Tonny Tzeng <tonny.tz...@gmail.com>
> escreveu:
>
>> What flags did you pass to the registerResource() function? note that if
>> you want to communicate over non-secure endpoint, you need to pass
>> OC_NONSECURE flag explicitly while registering the resource. The
>> simpleserver server doesn't work in non-secure mode for the same reason, no
>> passing OC_SECURE flag doesn't imply the use of non-secured endpoint. Hope
>> this helps.
>>
>> Regards,
>> Tonny
>>
>> On 25 December 2017 at 10:09, Arthur Barros Lapprand <a...@cin.ufpe.br>
>> wrote:
>>
>>> Hi all,
>>>
>>> I got to test the ACLs Rami provided while changing the server json by
>>> adding these ACEs:
>>>
>>> {
>>> "aceid": 6,
>>> "subject": {"conntype": "anon-clear"},
>>> "resources":[
>>> { "href":"*"}
>>> ],
>>> "permission": 14
>>> },
>>> {
>>> "aceid": 7,
>>> "subject": {"conntype": "auth-crypt"},
>>> "resources":[
>>> { "href":"*"}
>>> ],
>>> "permission": 14
>>> }
>>>
>>> So in theory I guess my server should respond to any request. Sadly that
>>> didn't
>>> work so now I'm somewhat confused. I noticed the UNAUTHORIZED_REQ message
>>> is sent to the client by a COAP host (not COAPS). Maybe I'm compiling
>>> IoTivity
>>> with the wrong scons settings? Also, how do I know my client is using
>>> COAPS? I've
>>> seen someone asking this recently but I don't remember where. Is it also
>>> obligatory
>>> for me to do the pairing/onboarding/credentials stuff aside setting them
>>> through the json?
>>>
>>> Thank you,
>>>
>>> A. Lapprand
>>>
>>>
>>> Em qui, 21 de dez de 2017 às 15:11, Rami Alshafi <ralsh...@vtmgroup.com>
>>> escreveu:
>>>
>>>> That’s a mistake! Thanks for pointing that out! I will fix it. The “1”
>>>> at the beginning should not be there J
>>>>
>>>> Thanks,
>>>>
>>>> -Rami
>>>>
>>>>
>>>>
>>>> *From:* Arthur Barros Lapprand [mailto:a...@cin.ufpe.br]
>>>> *Sent:* Thursday, December 21, 2017 8:02 AM
>>>> *To:* Rami Alshafi <ralsh...@vtmgroup.com>
>>>> *Subject:* Re: FW: [dev] Android SECURED mode
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I just noticed the sample you linked has "rowneruuid":
>>>> "132323232-3232-3232-3232-323232323232" in the pstat section. Is there an
>>>> explanation to that "1" at the beginning of the id? shouldn't it be the
>>>> same as the client's id?
>>>>
>>>> Thanks again,
>>>>
>>>> A. Lapprand
>>>>
>>>>
>>>>
>>>> Em qui, 21 de dez de 2017 às 10:18, Arthur Barros Lapprand <
>>>> a...@cin.ufpe.br> escreveu:
>>>>
>>>> Hi Rami,
>>>>
>>>> Sorry for the delayed answer. I'm pretty overcrumbed these days so I
>>>> can't test it right now, but the email was very useful! Like I said to the
>>>> others I'll give feedback once I manage to test those suggestions.
>>>>
>>>> Thank you,
>>>>
>>>> A. Lapprand
>>>>
>>>>
>>>>
>>>> Em ter, 19 de dez de 2017 às 15:42, Rami Alshafi <ralsh...@vtmgroup.com>
>>>> escreveu:
>>>>
>>>> Arthur,
>>>>
>>>> I meant to send this e-mail to you but I just learned it did not make
>>>> to you. Hopefully, this one will.
>>>>
>>>> Thanks,
>>>>
>>>> -Rami
>>>>
>>>>
>>>>
>>>> *From:* Wouter van der Beek (wovander) [mailto:wovan...@cisco.com]
>>>> *Sent:* Tuesday, December 19, 2017 5:22 AM
>>>> *To:* Rami Alshafi <ralsh...@vtmgroup.com>
>>>> *Subject:* RE: [dev] Android SECURED mode
>>>>
>>>>
>>>>
>>>> This is email is now on the dmtools reflector and not on the iotivity
>>>> reflector..
>>>>
>>>> Hence Arthur can’t see this email
>>>>
>>>>
>>>>
>>>> *From:* Rami Alshafi [mailto:ralsh...@vtmgroup.com
>>>> <ralsh...@vtmgroup.com>]
>>>> *Sent:* 18 December 2017 18:43
>>>> *To:* Wouter van der Beek (wovander) <wovan...@cisco.com>;
>>>> dmtools...@members.openconnectivity.org
>>>> *Subject:* RE: [dev] Android SECURED mode
>>>>
>>>>
>>>>
>>>> Arthur,
>>>>
>>>> Please reference my sample applications at
>>>> https://gerrit.iotivity.org/gerrit/#/c/22513/
>>>> <https://urlf.duocircle.io/?url=https%3A%2F%2Fgerrit.iotivity.org%2Fgerrit%2F%23%2Fc%2F22513%2F&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513689724&msgid=99c3285a-e4bf-11e7-8fcd-5f906d21262c&html=1&h=b068c5c2>
>>>>
>>>> For convenience, I will explain the server’s SVR database.
>>>>
>>>> There are 4 main sections which are ACL, Pstat, Doxm and Cred.
>>>>
>>>> Assuming your client cannot onboard devices, the server\device needs to
>>>> be in RFNOP state which is reflected in the following settings.
>>>>
>>>> The ACL must have an ACE giving the client the right permissions
>>>>
>>>> Aceid: whatever number
>>>>
>>>> Subject: set it to {“uuid”: The uuid of the client}
>>>>
>>>> Resources: information of the resource like its href
>>>> and interface and resource type.
>>>>
>>>> Permission: this is bitmask
>>>>
>>>> Set the rowneruuid of the ACL to the uuid of the client
>>>>
>>>> In the pstat section, set the dos.s to 3 and isop to true and cm to 0
>>>> and the rowneruuid to the uuid of the client
>>>>
>>>> In the doxm section, set the owned flag to true and the devowneruuid
>>>> and rowneruuid to the uuid of the client.
>>>>
>>>> Assuming you want to use the “justworks” security model, set the cred
>>>> section like in the sample applications.
>>>>
>>>> Thanks,
>>>>
>>>> -Rami
>>>>
>>>>
>>>>
>>>> *From:*dmtools...@members.openconnectivity.org [
>>>> mailto:dmtools...@members.openconnectivity.org
>>>> <dmtools...@members.openconnectivity.org>] *On Behalf Of *Wouter van
>>>> der Beek (wovander)
>>>> *Sent:* Monday, December 18, 2017 2:38 AM
>>>> *To:* dmtools...@members.openconnectivity.org
>>>> *Subject:* [OCF dmtools_tg] FW: [dev] Android SECURED mode
>>>>
>>>>
>>>>
>>>> FYI
>>>>
>>>>
>>>>
>>>> *From:*iotivity-dev-boun...@lists.iotivity.org [
>>>> mailto:iotivity-dev-boun...@lists.iotivity.org
>>>> <iotivity-dev-boun...@lists.iotivity.org>] *On Behalf Of *Tonny Tzeng
>>>> *Sent:* 17 December 2017 08:16
>>>> *To:* Max Kholmyansky <max...@gmail.com>
>>>> *Cc:* iotivity <iotivity-dev@lists.iotivity.org>
>>>>
>>>>
>>>> *Subject:* Re: [dev] Android SECURED mode
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> We just posted an article at 01.org
>>>> <https://urlf.duocircle.io/?url=https%3A%2F%2F01.org%2Fblogs%2Fttzeng%2F2017%2Fsecurely-accessing-iot-devices-based-javascript&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=7e525f59>
>>>> talking
>>>> few security concept in IoTivity. Though we were using iotivity-node as an
>>>> example, I think the following steps would get your Client accesses to the
>>>> Server securely:
>>>>
>>>> (1) your Server need to register the resource with
>>>> ResourceProperty.SECURE flag in order to use the secured endpoint;
>>>>
>>>> (2) allow the "auth-crypt" connection requests in the SVD dB;
>>>>
>>>> (3) use an Onboarding Tool to establish ownership with both the Client
>>>> and the Server;
>>>>
>>>> (4) mutual install the credentials of each other by pairing the devices
>>>> with the OBT
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Tonny
>>>>
>>>>
>>>>
>>>> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote:
>>>>
>>>> Hi Arthur,
>>>>
>>>>
>>>>
>>>> You should be able to communicate between the client and the server on
>>>> Android, using SECURED=1 library.
>>>>
>>>>
>>>>
>>>> First, to set your "di" (client or server) - you need to specify the
>>>> "di" value inside the DAT file (containing security information) - you can
>>>> look at the samples. I never succeeded with setting the "di" using API, and
>>>> I don't know if it's supported.
>>>>
>>>>
>>>>
>>>> Second, even using SECURED=1, in the server, you can allow any client
>>>> (even not authenticated) to access any resource.
>>>>
>>>> The relevant ACL entry looks like: (you may need to change the "aceid"):
>>>>
>>>> {
>>>>
>>>> *"aceid"*: 5,
>>>> *"subject"*: { *"conntype"*: *"anon-clear" *},
>>>> *"resources"*: [
>>>> { *"href"*: *"*" *}
>>>> ],
>>>> *"permission"*: 14
>>>> }
>>>>
>>>> This is definitely not the way to configure it in production, but it
>>>> should allow you to keep developing, without caring about access
>>>> permissions for a while.
>>>>
>>>>
>>>>
>>>> Max
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <
>>>> a...@cin.ufpe.br> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I have a few beginner-leveled questions about secure mode in Android.
>>>> Let me explain the situation:
>>>>
>>>> I have created two apps (one for Server/Controlee and the other for the
>>>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without
>>>> problems. As this is a simple example, I now want to do the same things but
>>>> with SECURED=1. I should note that I am usually running both apps in the
>>>> same device (not the emulator, but my cellphone).
>>>>
>>>> So I started looking everywhere and discovered I could do this with a
>>>> local ACL and supposedly everything would be ok. Turns out it didn't, which
>>>> is why I am here. So my questions are:
>>>>
>>>> - Do I need anything else to use the SECURED flag in Android apart from
>>>> registering resource as secure and passing the ACL to the PlatformConfig
>>>> and configure it?
>>>>
>>>> - I read that when configuring the Platform with an ACL the DeviceID
>>>> should be set with the ID inside it. So as it failed I tried debugging the
>>>> ID, which led me to confusion about PlatformID and DeviceID. When loading
>>>> the ACL the DeviceID comes as a random byte[]. However, I can set the
>>>> DeviceID in the code and retrieve it just fine. The thing is, the ID
>>>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not
>>>> sure if it's something about the encoding tricking me or if it's something
>>>> else. Can someone please shed me some light?
>>>>
>>>>
>>>>
>>>> In short, the Client can find the resources (they are registered with
>>>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning
>>>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome.
>>>>
>>>> Sorry for the long post, thank you in advance!
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> iotivity-dev mailing list
>>>> iotivity-dev@lists.iotivity.org
>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>>>> <https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> iotivity-dev mailing list
>>>> iotivity-dev@lists.iotivity.org
>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>>>> <https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f>
>>>>
>>>>
>>>>
>>>>
>>
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev
