Hello,
Thanks. Are we sure this isn't a bug in the CTT? I ask because the CTT
provisions ACEs, and if thats the ACE
it provisioned during the test case, at least on the surface it appears that
the code is doing the right thing.
At a minimum, it might help to look at your test results as recorded by the
CTT. That will help people identify the issue
in the code and/or the CTT.
Regarding the code block you highlighted, oc_resource_make_public(r) just
instructs the upper layer to (additionally) include the
coap:// (unsecure) endpoint in any future discovery responses. An anon-clear
ACE enables you to access resources through an unsecure connection.
So, calling this API ensures consistency between the ACE and the resource
object on the application layer irrespective of how the application
initialized that resource object. The default behavior is to expose only secure
endpoints.
By commenting out that line, you're having it go against what the ACE allows
you to do.
I assume you're testing for OCF 1.3 and with code from the master branch.
Thanks,
-Kishen.
--
Kishen Maloor
Intel Open Source Technology Center
From: <iotivity-dev@lists.iotivity.org> on behalf of "t...@vinetech.co.kr"
<t...@vinetech.co.kr>
Date: Monday, October 29, 2018 at 2:25 AM
To: "iotivity-dev@lists.iotivity.org" <iotivity-dev@lists.iotivity.org>
Subject: [dev] [IoTivity-Lite] Question about oc_sec_decode_acl function's
behavior calling oc_resource_make_public
Hello, iotivity-dev!
I'm preparing OCF Certification and I'm doing it using IoTivity-Lite.
When I'm testing CT1.1.6 OCF Endpoint the problem occurs.
In CT1.1.6, before starting the test, an ACE which grants "anon-clear" access to
any Resource that has a CoAP Endpoint is added.
(It looks like following.
{"subject" : {"conntype": "anon-clear"},
"resources": [
wc: "*"
],
"permission":2
})
When this request is posted, post_acl function is called and post_acl function
calls
oc_sec_decode_acl function.
And inside of this function,
Following part changes all the app resource to be public(unsecure).
And this makes the test fail by following reason.
(For Smart Home Devices, Vertical Resources with OCF-defined "rt" values shall
not expose any unsecured Endpoints (e.g. CoAPs)(10.2.4 Endpoint information in
"eps" Parameter [CORE], 8 Security [DEV]).)
#ifdef OC_SERVER
if (subject_type == OC_SUBJECT_CONN &&
subject.conn == OC_CONN_ANON_CLEAR) {
if (href) {
oc_resource_t *r =
oc_ri_get_app_resource_by_uri(href, strlen(href), device);
if (r) {
oc_resource_make_public(r);
}
} else {
oc_resource_t *r = oc_ri_get_app_resources();
while (r != NULL) {
if ((r->properties & wc_r) == r->properties) {
oc_resource_make_public(r);
}
r = r->next;
}
}
}
#endif /* OC_SERVER */
So, making the test pass, I commented out the line 'oc_resource_make_public(r);'
and I could pass the test. But I wonder I did right thing to modify the api in
person.
Please check out this and let me know the right way me to pass the CT1.1.6.
Thanks in advance.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#9965):
https://lists.iotivity.org/g/iotivity-dev/message/9965
Mute This Topic: https://lists.iotivity.org/mt/27779813/21656
Group Owner: iotivity-dev+ow...@lists.iotivity.org
Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
