HI Chiayu, Did you specify the use of secure endpoint while registering the Server? If yes, when the Client received the discovered server resource info, the Client should designate the use of the secure endpoint using setHost() method. Then, if the Server has proper "auth-crypt" connection type ACE setup, and both the Sever and Client have been paired by a Provisioning Client (or a On-boarding Tool), the Client should be able to access the Server over a secure channel.
We have a blog <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> describes the process. Though it uses JavaScript, the concept is the same, I did modify the IoTivity Android Client to talk to a Server over secure channel in my personal project. You might give it a try. Regards, Tonny On 18 January 2018 at 13:49, <chiayu...@ite.com.tw> wrote: > Dear all, > > > > I have questions about Android SECURED mode, too. > > I’m using IoTivity-1.3.1 SECURED=1 to create Android client/server apps > with the sample SVRs databases from iotivity-1.3.1\resource\csdk\ > stack\samples\linux\secure\ > > > > Scenario1: > > Android client, sample oic_svr_db_client_devowner > > Android server, sample oic_svr_db_server plus customized ACE2 of conntype: > anon-clear for new resources > > ð Discovery OK, Get new resources OK. > > > > Scenerio2: > > Android client, sample oic_svr_db_client_devowner > > Android server, sample oic_svr_db_server > > ð Discovery OK, Get new resources Failed(UNAUTHORIZED_REQ) > > client: E/…: org.iotivity.base.OcException: stack error in onGetCallback > UNAUTHORIZED_REQ > > server: D/OIC_SRM: ctx->subjectUuid for request: > 00000000-0000-0000-0000-000000000000. > > D/OIC_SRM: CA_SECURE flag is not set, and Subject ID of requester is NULL; > indicates unsecure channel. > > > > According to https://wiki.iotivity.org/faq_s > > |Client selects appropriate channel based on the information it received > about the resource via resource discovery. > > |Marking a resource as 'OC_SECURE' at hosting Server, allows Iotivity > stack to include 'secure port' information in discovery responses. > > > > I followed https://wiki.iotivity.org/steps_for_enabling_security_ > in_iotivity_applications to do this: > > - Client/server SVRs databases are ready. > > - Client OcPlatform.getDeviceId() is not nil uuid. > > - Server OcPlatform.registerResource with > EnumSet.of(ResourceProperty.DISCOVERABLE, ResourceProperty.OBSERVABLE, > ResourceProperty.SECURE) > > ð After the client discovery finished, the client could just use > ocResource.getConnectivityTypeSet() which tells the OcConnectivityType. > CT_FLAG_SECURE > is not set. > > Also the client ocResource.get() method are not allowed to set CA_SECURE > manually. > > (BTW, I alse used platformConfig.setAvailableTransportType()); to both > client and server side. It won’t impact the result.) > > > > The only way I could let Android client set the CA_SECURE flag is by > > OcPlatform.findResource with EnumSet.of(OcConnectivityType.CT_FLAG_SECURE) > > However it doesn’t make sence, because the caipadapter.c shows that > Multicast discovery won’t trigger CaencryptSsl() > > Hence the server received an unencrypted message and secure flag set, when > the server trys to decrypt it, it leads to bad handshake. > > > > Could anyone help me to figure out why the Android client can’t choose a > 'secure' channel to get resources from Android server? > > Thanks. > > > > Best Regards, > > ChiaYu > > > > _______________________________________________ > iotivity-dev mailing list > iotivity-dev@lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > >
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
