What flags did you pass to the registerResource() function? note that if
you want to communicate over non-secure endpoint, you need to pass
OC_NONSECURE flag explicitly while registering the resource. The
simpleserver server doesn't work in non-secure mode for the same reason, no
passing OC_SECURE flag doesn't imply the use of non-secured endpoint. Hope
this helps.
Regards,
Tonny
On 25 December 2017 at 10:09, Arthur Barros Lapprand <a...@cin.ufpe.br>
wrote:
> Hi all,
>
> I got to test the ACLs Rami provided while changing the server json by
> adding these ACEs:
>
> {
> "aceid": 6,
> "subject": {"conntype": "anon-clear"},
> "resources":[
> { "href":"*"}
> ],
> "permission": 14
> },
> {
> "aceid": 7,
> "subject": {"conntype": "auth-crypt"},
> "resources":[
> { "href":"*"}
> ],
> "permission": 14
> }
>
> So in theory I guess my server should respond to any request. Sadly that
> didn't
> work so now I'm somewhat confused. I noticed the UNAUTHORIZED_REQ message
> is sent to the client by a COAP host (not COAPS). Maybe I'm compiling
> IoTivity
> with the wrong scons settings? Also, how do I know my client is using COAPS?
> I've
> seen someone asking this recently but I don't remember where. Is it also
> obligatory
> for me to do the pairing/onboarding/credentials stuff aside setting them
> through the json?
>
> Thank you,
>
> A. Lapprand
>
>
> Em qui, 21 de dez de 2017 às 15:11, Rami Alshafi <ralsh...@vtmgroup.com>
> escreveu:
>
>> That’s a mistake! Thanks for pointing that out! I will fix it. The “1” at
>> the beginning should not be there J
>>
>> Thanks,
>>
>> -Rami
>>
>>
>>
>> *From:* Arthur Barros Lapprand [mailto:a...@cin.ufpe.br]
>> *Sent:* Thursday, December 21, 2017 8:02 AM
>> *To:* Rami Alshafi <ralsh...@vtmgroup.com>
>> *Subject:* Re: FW: [dev] Android SECURED mode
>>
>>
>>
>> Hi,
>>
>> I just noticed the sample you linked has "rowneruuid":
>> "132323232-3232-3232-3232-323232323232" in the pstat section. Is there
>> an explanation to that "1" at the beginning of the id? shouldn't it be the
>> same as the client's id?
>>
>> Thanks again,
>>
>> A. Lapprand
>>
>>
>>
>> Em qui, 21 de dez de 2017 às 10:18, Arthur Barros Lapprand <
>> a...@cin.ufpe.br> escreveu:
>>
>> Hi Rami,
>>
>> Sorry for the delayed answer. I'm pretty overcrumbed these days so I
>> can't test it right now, but the email was very useful! Like I said to the
>> others I'll give feedback once I manage to test those suggestions.
>>
>> Thank you,
>>
>> A. Lapprand
>>
>>
>>
>> Em ter, 19 de dez de 2017 às 15:42, Rami Alshafi <ralsh...@vtmgroup.com>
>> escreveu:
>>
>> Arthur,
>>
>> I meant to send this e-mail to you but I just learned it did not make to
>> you. Hopefully, this one will.
>>
>> Thanks,
>>
>> -Rami
>>
>>
>>
>> *From:* Wouter van der Beek (wovander) [mailto:wovan...@cisco.com]
>> *Sent:* Tuesday, December 19, 2017 5:22 AM
>> *To:* Rami Alshafi <ralsh...@vtmgroup.com>
>> *Subject:* RE: [dev] Android SECURED mode
>>
>>
>>
>> This is email is now on the dmtools reflector and not on the iotivity
>> reflector..
>>
>> Hence Arthur can’t see this email
>>
>>
>>
>> *From:* Rami Alshafi [mailto:ralsh...@vtmgroup.com
>> <ralsh...@vtmgroup.com>]
>> *Sent:* 18 December 2017 18:43
>> *To:* Wouter van der Beek (wovander) <wovan...@cisco.com>;
>> dmtools...@members.openconnectivity.org
>> *Subject:* RE: [dev] Android SECURED mode
>>
>>
>>
>> Arthur,
>>
>> Please reference my sample applications at https://gerrit.iotivity.org/
>> gerrit/#/c/22513/
>> <https://urlf.duocircle.io/?url=https%3A%2F%2Fgerrit.iotivity.org%2Fgerrit%2F%23%2Fc%2F22513%2F&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513689724&msgid=99c3285a-e4bf-11e7-8fcd-5f906d21262c&html=1&h=b068c5c2>
>>
>> For convenience, I will explain the server’s SVR database.
>>
>> There are 4 main sections which are ACL, Pstat, Doxm and Cred.
>>
>> Assuming your client cannot onboard devices, the server\device needs to
>> be in RFNOP state which is reflected in the following settings.
>>
>> The ACL must have an ACE giving the client the right permissions
>>
>> Aceid: whatever number
>>
>> Subject: set it to {“uuid”: The uuid of the client}
>>
>> Resources: information of the resource like its href and
>> interface and resource type.
>>
>> Permission: this is bitmask
>>
>> Set the rowneruuid of the ACL to the uuid of the client
>>
>> In the pstat section, set the dos.s to 3 and isop to true and cm to 0 and
>> the rowneruuid to the uuid of the client
>>
>> In the doxm section, set the owned flag to true and the devowneruuid and
>> rowneruuid to the uuid of the client.
>>
>> Assuming you want to use the “justworks” security model, set the cred
>> section like in the sample applications.
>>
>> Thanks,
>>
>> -Rami
>>
>>
>>
>> *From:* dmtools...@members.openconnectivity.org [
>> mailto:dmtools...@members.openconnectivity.org
>> <dmtools...@members.openconnectivity.org>] *On Behalf Of *Wouter van der
>> Beek (wovander)
>> *Sent:* Monday, December 18, 2017 2:38 AM
>> *To:* dmtools...@members.openconnectivity.org
>> *Subject:* [OCF dmtools_tg] FW: [dev] Android SECURED mode
>>
>>
>>
>> FYI
>>
>>
>>
>> *From:* iotivity-dev-boun...@lists.iotivity.org [
>> mailto:iotivity-dev-boun...@lists.iotivity.org
>> <iotivity-dev-boun...@lists.iotivity.org>] *On Behalf Of *Tonny Tzeng
>> *Sent:* 17 December 2017 08:16
>> *To:* Max Kholmyansky <max...@gmail.com>
>> *Cc:* iotivity <iotivity-dev@lists.iotivity.org>
>>
>>
>> *Subject:* Re: [dev] Android SECURED mode
>>
>>
>>
>> Hi,
>>
>>
>>
>> We just posted an article at 01.org
>> <https://urlf.duocircle.io/?url=https%3A%2F%2F01.org%2Fblogs%2Fttzeng%2F2017%2Fsecurely-accessing-iot-devices-based-javascript&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=7e525f59>
>> talking
>> few security concept in IoTivity. Though we were using iotivity-node as an
>> example, I think the following steps would get your Client accesses to the
>> Server securely:
>>
>> (1) your Server need to register the resource with
>> ResourceProperty.SECURE flag in order to use the secured endpoint;
>>
>> (2) allow the "auth-crypt" connection requests in the SVD dB;
>>
>> (3) use an Onboarding Tool to establish ownership with both the Client
>> and the Server;
>>
>> (4) mutual install the credentials of each other by pairing the devices
>> with the OBT
>>
>>
>>
>> Regards,
>>
>> Tonny
>>
>>
>>
>> On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com> wrote:
>>
>> Hi Arthur,
>>
>>
>>
>> You should be able to communicate between the client and the server on
>> Android, using SECURED=1 library.
>>
>>
>>
>> First, to set your "di" (client or server) - you need to specify the "di"
>> value inside the DAT file (containing security information) - you can look
>> at the samples. I never succeeded with setting the "di" using API, and I
>> don't know if it's supported.
>>
>>
>>
>> Second, even using SECURED=1, in the server, you can allow any client
>> (even not authenticated) to access any resource.
>>
>> The relevant ACL entry looks like: (you may need to change the "aceid"):
>>
>> {
>>
>> *"aceid"*: 5,
>> *"subject"*: { *"conntype"*: *"anon-clear" *},
>> *"resources"*: [
>> { *"href"*: *"*" *}
>> ],
>> *"permission"*: 14
>> }
>>
>> This is definitely not the way to configure it in production, but it should
>> allow you to keep developing, without caring about access permissions for a
>> while.
>>
>>
>>
>> Max
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <a...@cin.ufpe.br>
>> wrote:
>>
>> Hi all,
>>
>> I have a few beginner-leveled questions about secure mode in Android. Let
>> me explain the situation:
>>
>> I have created two apps (one for Server/Controlee and the other for the
>> Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without
>> problems. As this is a simple example, I now want to do the same things but
>> with SECURED=1. I should note that I am usually running both apps in the
>> same device (not the emulator, but my cellphone).
>>
>> So I started looking everywhere and discovered I could do this with a
>> local ACL and supposedly everything would be ok. Turns out it didn't, which
>> is why I am here. So my questions are:
>>
>> - Do I need anything else to use the SECURED flag in Android apart from
>> registering resource as secure and passing the ACL to the PlatformConfig
>> and configure it?
>>
>> - I read that when configuring the Platform with an ACL the DeviceID
>> should be set with the ID inside it. So as it failed I tried debugging the
>> ID, which led me to confusion about PlatformID and DeviceID. When loading
>> the ACL the DeviceID comes as a random byte[]. However, I can set the
>> DeviceID in the code and retrieve it just fine. The thing is, the ID
>> recieved by the Client (ServerID) isn't the same I set in the code. I'm not
>> sure if it's something about the encoding tricking me or if it's something
>> else. Can someone please shed me some light?
>>
>>
>>
>> In short, the Client can find the resources (they are registered with
>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning
>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome.
>>
>> Sorry for the long post, thank you in advance!
>>
>>
>>
>> _______________________________________________
>> iotivity-dev mailing list
>> iotivity-dev@lists.iotivity.org
>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>> <https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f>
>>
>>
>>
>>
>> _______________________________________________
>> iotivity-dev mailing list
>> iotivity-dev@lists.iotivity.org
>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev
>> <https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f>
>>
>>
>>
>>
_______________________________________________
iotivity-dev mailing list
iotivity-dev@lists.iotivity.org
https://lists.iotivity.org/mailman/listinfo/iotivity-dev
