Hello All, I've recently been working on upgrading our smart home products from AJTCL version 14.12 to 16.04a and I've ran into issues accessing the onboarding and configuration services of the device.
I can access our custom device control panel and control our device through our Alljoyn app after the upgrade to 16.04. Our control panel uses an unsecured interface, while I believe the configuration and onboarding interfaces are secured. This leads me to believe that there is some issue with the security settings for our products, as there appear to be significant changes between the security of 14.12 and 16.04. If I bypass calls for authorisation, policy and ACL functions I am able to load the config and onboarding services, however this only works with 15.09 or above versions of Alljoyn, as the dashboard app running 14.12 asks repeatedly for a passcode. In the logs I've collected from the device I noticed that the function AJ_PolicyLoad(); in AJ_PeerHandleExchangeGUIDs returns with error no policy found. Could this be causing issues as I'd assume not having a policy would prevent access to interface methods for the secured interface. It appears the interface methods for the onboarding and config services are being registered in the access control list as I see this being done as the device starts up. In the device logs I notice that on first attempt to access the onboarding or config services, the device and app seem to fail at AJ_PeerHandleKeyExchange(); with failed authentication, however restarting the app on the phone and reconnecting to the device results in authentication being successful and ultimately resulting a successful handshake. The app however will repeatedly ask for a passcode when it tries to call an interface method. I also see an error on the thin client for FindAccessControlMember: Access table not initialized. Some information on our platform: OS: MQX 4.1 RTOS Alljoyn core version: 16.04a Base service version: 16.04 IOS App versions: 15.09 Android App: Dashboard 14.12 Cipher used is ALLJOYN_ECDHE_PSK If the issue is with not having a policy for the device please direct me to where I can generate one. If it is not related to the policy is it some other security issue and is it something that needs to be changed on the thin client or mobile app. Any insight or information would be most appreciated. Thanks in advance, Peter Peter Nisbet, MASc, C.E.T Electronics Engineer Heaven Fresh Canada Inc. 1600 Aimco Blvd., Unit 5 Mississauga ON L4W 1V1 Cell: +1.647.377.2489 http://www.heavenfresh.ca Linkedin <http://ca.linkedin.com/in/peternisbet265>
_______________________________________________ Allseen-core mailing list [email protected] https://lists.allseenalliance.org/mailman/listinfo/allseen-core
