static OCStackResult RemoveDeviceInfoFromLocal(const OCProvisionDev_t* pTargetDev) { // Remove credential of revoked device from SVR database OCStackResult res = OC_STACK_ERROR; const OicSecCred_t *cred = NULL; cred = GetCredResourceData(&pTargetDev->doxm->deviceID); if (cred == NULL) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to get credential of remove device."); goto error; } res = RemoveCredential(&cred->subject); if (res != OC_STACK_RESOURCE_DELETED) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to remove credential."); goto error; } /** * Change the device status as stale status. * If all request are successed, this device information will be deleted. */ res = PDMSetDeviceStale(&pTargetDev->doxm->deviceID); if (res != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to set device status as stale"); goto error; } // TODO: We need to add new mechanism to clean up the stale state of the device. //Close the DTLS session of the removed device. CAEndpoint_t* endpoint = (CAEndpoint_t *)&pTargetDev->endpoint; endpoint->port = pTargetDev->securePort; CAResult_t caResult = CACloseDtlsSession(endpoint); if(CA_STATUS_OK != caResult) { OIC_LOG_V(WARNING, TAG, "OCRemoveDevice : Failed to close DTLS session : %d", caResult); } error: return res; }
/** * Callback handler for OwnershipInformationHandler API. * * @param[in] ctx ctx value passed to callback from calling function. * @param[in] UNUSED handle to an invocation * @param[in] clientResponse Response from queries to remote servers. * @return OC_STACK_DELETE_TRANSACTION to delete the transaction * and OC_STACK_KEEP_TRANSACTION to keep it. */ static OCStackApplicationResult OwnershipInformationHandler(void *ctx, OCDoHandle UNUSED, OCClientResponse *clientResponse) { VERIFY_NON_NULL(TAG, clientResponse, WARNING); VERIFY_NON_NULL(TAG, ctx, WARNING); OC_LOG(DEBUG, TAG, "IN OwnershipInformationHandler"); (void)UNUSED; OCStackResult res = OC_STACK_OK; OTMContext_t* otmCtx = (OTMContext_t*)ctx; if (OC_STACK_OK == clientResponse->result) { if(OIC_RANDOM_DEVICE_PIN == otmCtx->selectedDeviceInfo->doxm->oxmSel) { res = RemoveCredential(&otmCtx->subIdForPinOxm); if(OC_STACK_RESOURCE_DELETED != res) { OC_LOG_V(ERROR, TAG, "Failed to remove temporal PSK : %d", res); return OC_STACK_DELETE_TRANSACTION; } } res = SaveOwnerPSK(otmCtx->selectedDeviceInfo); if(OC_STACK_OK != res) { OC_LOG(ERROR, TAG, "OperationModeUpdate : Failed to owner PSK generation"); SetResult(otmCtx, res); return OC_STACK_DELETE_TRANSACTION; } CAEndpoint_t* endpoint = (CAEndpoint_t *)&otmCtx->selectedDeviceInfo->endpoint; endpoint->port = otmCtx->selectedDeviceInfo->securePort; CAResult_t caResult = CACloseDtlsSession(endpoint); if(CA_STATUS_OK != caResult) { OC_LOG(ERROR, TAG, "Failed to close DTLS session"); SetResult(otmCtx, caResult); return OC_STACK_DELETE_TRANSACTION; } /** * If we select NULL cipher, * client will select appropriate cipher suite according to server's cipher-suite list. */ caResult = CASelectCipherSuite(TLS_NULL_WITH_NULL_NULL); if(CA_STATUS_OK != caResult) { OC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL"); SetResult(otmCtx, caResult); return OC_STACK_DELETE_TRANSACTION; } OC_LOG(INFO, TAG, "Ownership transfer was successfully completed."); OC_LOG(INFO, TAG, "Start defualt ACL & commit-hash provisioning."); res = FinalizeProvisioning(otmCtx); if(OC_STACK_OK != res) { SetResult(otmCtx, res); } } else { res = clientResponse->result; } OC_LOG(DEBUG, TAG, "OUT OwnershipInformationHandler"); exit: return OC_STACK_DELETE_TRANSACTION; }
/* * Function to device revocation * This function will remove credential of target device from all devices in subnet. * * @param[in] ctx Application context would be returned in result callback * @param[in] waitTimeForOwnedDeviceDiscovery Maximum wait time for owned device discovery.(seconds) * @param[in] pTargetDev Device information to be revoked. * @param[in] resultCallback callback provided by API user, callback will be called when * credential revocation is finished. * @return OC_STACK_OK in case of success and other value otherwise. */ OCStackResult OCRemoveDevice(void* ctx, unsigned short waitTimeForOwnedDeviceDiscovery, const OCProvisionDev_t* pTargetDev, OCProvisionResultCB resultCallback) { OIC_LOG(INFO, TAG, "IN OCRemoveDevice"); OCStackResult res = OC_STACK_ERROR; if (!pTargetDev || 0 == waitTimeForOwnedDeviceDiscovery) { OIC_LOG(INFO, TAG, "OCRemoveDevice : Invalied parameters"); return OC_STACK_INVALID_PARAM; } if (!resultCallback) { OIC_LOG(INFO, TAG, "OCRemoveDevice : NULL Callback"); return OC_STACK_INVALID_CALLBACK; } // Send DELETE requests to linked devices OCStackResult resReq = OC_STACK_ERROR; // Check that we have to wait callback or not. resReq = SRPRemoveDevice(ctx, waitTimeForOwnedDeviceDiscovery, pTargetDev, resultCallback); if (OC_STACK_OK != resReq) { if (OC_STACK_CONTINUE == resReq) { OIC_LOG(DEBUG, TAG, "OCRemoveDevice : Revoked device has no linked device except PT."); } else { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to invoke SRPRemoveDevice"); res = resReq; goto error; } } // Remove credential of revoked device from SVR database const OicSecCred_t *cred = NULL; cred = GetCredResourceData(&pTargetDev->doxm->deviceID); if (cred == NULL) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to get credential of remove device."); goto error; } res = RemoveCredential(&cred->subject); if (res != OC_STACK_RESOURCE_DELETED) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to remove credential."); goto error; } /** * Change the device status as stale status. * If all request are successed, this device information will be deleted. */ res = PDMSetDeviceStale(&pTargetDev->doxm->deviceID); if (res != OC_STACK_OK) { OIC_LOG(ERROR, TAG, "OCRemoveDevice : Failed to set device status as stale"); goto error; } // TODO: We need to add new mechanism to clean up the stale state of the device. res = resReq; //Close the DTLS session of the removed device. CAEndpoint_t* endpoint = (CAEndpoint_t *)&pTargetDev->endpoint; endpoint->port = pTargetDev->securePort; CAResult_t caResult = CACloseDtlsSession(endpoint); if(CA_STATUS_OK != caResult) { OIC_LOG_V(WARNING, TAG, "OCRemoveDevice : Failed to close DTLS session : %d", caResult); } /** * If there is no linked device, PM does not send any request. * So we should directly invoke the result callback to inform the result of OCRemoveDevice. */ if(OC_STACK_CONTINUE == res) { if(resultCallback) { resultCallback(ctx, 0, NULL, false); } res = OC_STACK_OK; } error: OIC_LOG(INFO, TAG, "OUT OCRemoveDevice"); return res; }