Hi Arthur, I don’t know if you’re running on Linux or on Windows. But in any case, from a Linux Terminal or Cygwin Terminal (eg. Git Bash on Windows), you can pass the following command to retrieve the contents of your .dat file.
xxd -p [arthur].dat Then copy the hex contents to your clipboard. Paste it in the right dialog at www.cbor.me. Then click on the Left Arrow to the left of the word “Bytes” at the top of the page. The left dialog will get populated. Copy everything in the quotes (where ‘…’) is the hex contents of CBOR content within CBOR key ‘doxm': "h’…’” Empty the right dialog (ctrl+a + backspace), Paste the doxm contents and you should see the Device ID you mentioned below in this body of DOXM. Likewise, you should be able to see the configurations you set for ACL before you converted with json2cbor. Just be sure to notice that there is CBOR hex within the CBOR payload, so you will have to convert those sub-components with “cbor.me” as well. Thanks, Joey Morrow From: Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> Date: Tuesday, December 26, 2017 at 10:48 AM To: Joseph L Morrow <joseph.l.mor...@intel.com<mailto:joseph.l.mor...@intel.com>> Cc: Tonny Tzeng <tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>>, iotivity <iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org>>, Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>>, "Matthews, Michael L" <michael.l.matth...@intel.com<mailto:michael.l.matth...@intel.com>> Subject: Re: [dev] FW: Android SECURED mode Hi Joseph, I couldn't find the error code but I did look into the error=ERROR flag which is described as a "generic error". Precisely, this one: "org.iotivity.base.OcException: stack error in onGetCallback ERROR". I don't know about the [introspection].dat file but I did look at that server_fopen() code before. I'm did convert the UUID to a string but it's not really human readable, probably because the OcPlatform.getDeviceId() is returning a random generated ID. On my client app, when the OnResourceFound() callback is triggered and I print the ocResource.getServerId() it comes out as "5fd82524-0f91-050b-bc3c-2707d57ac132", which is nothing like the ID in the ACL. I may be confused about that since I don't know if the ServerId should be the same. Nevertheless, I'm sending the .dat files and .json ACL just in case someone want to have a look and possibly find something wrong. Oh, and about the introspection file, do I need to set it up if I want the ACL to work? Thank you, A. Lapprand Em ter, 26 de dez de 2017 às 15:11, Morrow, Joseph L <joseph.l.mor...@intel.com<mailto:joseph.l.mor...@intel.com>> escreveu: Hi Arthur, Quick Tip: Most of the errors are OCStackErrors. If you have a non HTTP-looking error (eg. 404, 501, …4.04, 5.01, …), then it is likely defined in octypes.h. Please compare to the enumeration found in <iotivity>/resource/csdk/include/octypes.h. A common error is ’46’ which means “Unauthorized.” This has occurred to me in many cases: * IoTivity has overwritten your SVR *.dat file and therefore corrupted all of your configurations * This can happen if you’re providing your own “[arthurs_cbor].dat" file but forget about the [introspection].dat file. Please verify you use a similar if-check as found in <iotivity>/resource/examples/lightserver.cpp:server_fopen(). * This can also happen if for some reason your *.dat file doesn’t follow correct CBOR format or if something in there isn’t the right format. Perhaps your device ID is wrong, for instance. To verify the SVR was loaded correctly, please see that your Device ID is as you’ve defined it by calling (C++ SDK). You can either debug or convert the UUID to a string and print it out. “ OCUUIdentity id; OC::OCPlatform::getDeviceId(&id); “ * The ACLs in your config are set up correctly. I will defer to someone else for that info. * If any symmetric keys (ie. Raw) or pins are being used in your SVR file, make sure they match on both sides (server & client). Thanks, Joey Morrow From: Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> Date: Tuesday, December 26, 2017 at 5:04 AM To: Joseph L Morrow <joseph.l.mor...@intel.com<mailto:joseph.l.mor...@intel.com>> Cc: Tonny Tzeng <tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>>, iotivity <iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org>>, Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>>, "Matthews, Michael L" <michael.l.matth...@intel.com<mailto:michael.l.matth...@intel.com>> Subject: Re: [dev] FW: Android SECURED mode Hi Joseph, I have done as you described and it indeed changed the situation. The error which before had the UNAUTHORIZED_REQ flag now has the ERROR flag. I don't really know what this flag means but I'm searching it. Regards, A. Lapprand Em seg, 25 de dez de 2017 às 14:38, Morrow, Joseph L <joseph.l.mor...@intel.com<mailto:joseph.l.mor...@intel.com>> escreveu: Hi Arthur, My coworker Michael and I just found the following solution. We placed this in our Client’s Discovery Callback for the timebeing. As you may notice, you can call setHost() at any time after discovery has occurred. The reason you need to perform the setHost() function, is because the C++ SDK doesn’t automatically assume you want to use the "coaps://“ (ie. Secure communications) version of the Resource’s URI. It assumes you want to use the “coap://“ version and the Server will reject this if your resource(s) were created with the OC_SECURE flag. (Note: I’ve just recently heard you no longer need to specify the “OC_SECURE” flag as all resources are created as Secure Resources now by default.) foo( std::shared_ptr<OC::OCResource> resource ) { // // Find the first secure coaps endpoint in the list of hosts. If it's there // then use it; otherwise use the unsecure coap endpoint. // auto resourceHostList = resource->getAllHosts(); for (auto &host : resourceHostList) { if (std::string::npos != host.find("coaps://")) { resource->setHost(host); break; } } // If you keep a single copy of your discovered resource, take the copy of it here for you to use later in your application. MyDiscoveredResources.push_back(resource); // For a quick test, just call "resource.get()" and see if the server side is honoring your request now. } Thanks, Joey Morrow From: <iotivity-dev-boun...@lists.iotivity.org<mailto:iotivity-dev-boun...@lists.iotivity.org>> on behalf of Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> Date: Sunday, December 24, 2017 at 6:51 PM To: Tonny Tzeng <tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>> Cc: iotivity <iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org>>, Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>> Subject: Re: [dev] FW: Android SECURED mode I am using both OC_NONSECURE and OC_SECURE flags when registering the resources and attempting a GET request with the OcResource I get from the OnResourceFound callback. Odd, isn't it? Thank you, A. Lapprand Em dom, 24 de dez de 2017 às 23:46, Tonny Tzeng <tonny.tz...@gmail.com<mailto:tonny.tz...@gmail.com>> escreveu: What flags did you pass to the registerResource() function? note that if you want to communicate over non-secure endpoint, you need to pass OC_NONSECURE flag explicitly while registering the resource. The simpleserver server doesn't work in non-secure mode for the same reason, no passing OC_SECURE flag doesn't imply the use of non-secured endpoint. Hope this helps. Regards, Tonny On 25 December 2017 at 10:09, Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> wrote: Hi all, I got to test the ACLs Rami provided while changing the server json by adding these ACEs: { "aceid": 6, "subject": {"conntype": "anon-clear"}, "resources":[ { "href":"*"} ], "permission": 14 }, { "aceid": 7, "subject": {"conntype": "auth-crypt"}, "resources":[ { "href":"*"} ], "permission": 14 } So in theory I guess my server should respond to any request. Sadly that didn't work so now I'm somewhat confused. I noticed the UNAUTHORIZED_REQ message is sent to the client by a COAP host (not COAPS). Maybe I'm compiling IoTivity with the wrong scons settings? Also, how do I know my client is using COAPS? I've seen someone asking this recently but I don't remember where. Is it also obligatory for me to do the pairing/onboarding/credentials stuff aside setting them through the json? Thank you, A. Lapprand Em qui, 21 de dez de 2017 às 15:11, Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>> escreveu: That’s a mistake! Thanks for pointing that out! I will fix it. The “1” at the beginning should not be there ☺ Thanks, -Rami From: Arthur Barros Lapprand [mailto:a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>] Sent: Thursday, December 21, 2017 8:02 AM To: Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>> Subject: Re: FW: [dev] Android SECURED mode Hi, I just noticed the sample you linked has "rowneruuid": "132323232-3232-3232-3232-323232323232" in the pstat section. Is there an explanation to that "1" at the beginning of the id? shouldn't it be the same as the client's id? Thanks again, A. Lapprand Em qui, 21 de dez de 2017 às 10:18, Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> escreveu: Hi Rami, Sorry for the delayed answer. I'm pretty overcrumbed these days so I can't test it right now, but the email was very useful! Like I said to the others I'll give feedback once I manage to test those suggestions. Thank you, A. Lapprand Em ter, 19 de dez de 2017 às 15:42, Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>> escreveu: Arthur, I meant to send this e-mail to you but I just learned it did not make to you. Hopefully, this one will. Thanks, -Rami From: Wouter van der Beek (wovander) [mailto:wovan...@cisco.com<mailto:wovan...@cisco.com>] Sent: Tuesday, December 19, 2017 5:22 AM To: Rami Alshafi <ralsh...@vtmgroup.com<mailto:ralsh...@vtmgroup.com>> Subject: RE: [dev] Android SECURED mode This is email is now on the dmtools reflector and not on the iotivity reflector.. Hence Arthur can’t see this email From: Rami Alshafi [mailto:ralsh...@vtmgroup.com] Sent: 18 December 2017 18:43 To: Wouter van der Beek (wovander) <wovan...@cisco.com<mailto:wovan...@cisco.com>>; dmtools...@members.openconnectivity.org<mailto:dmtools...@members.openconnectivity.org> Subject: RE: [dev] Android SECURED mode Arthur, Please reference my sample applications at https://gerrit.iotivity.org/gerrit/#/c/22513/<https://urlf.duocircle.io/?url=https%3A%2F%2Fgerrit.iotivity.org%2Fgerrit%2F%23%2Fc%2F22513%2F&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513689724&msgid=99c3285a-e4bf-11e7-8fcd-5f906d21262c&html=1&h=b068c5c2> For convenience, I will explain the server’s SVR database. There are 4 main sections which are ACL, Pstat, Doxm and Cred. Assuming your client cannot onboard devices, the server\device needs to be in RFNOP state which is reflected in the following settings. The ACL must have an ACE giving the client the right permissions Aceid: whatever number Subject: set it to {“uuid”: The uuid of the client} Resources: information of the resource like its href and interface and resource type. Permission: this is bitmask Set the rowneruuid of the ACL to the uuid of the client In the pstat section, set the dos.s to 3 and isop to true and cm to 0 and the rowneruuid to the uuid of the client In the doxm section, set the owned flag to true and the devowneruuid and rowneruuid to the uuid of the client. Assuming you want to use the “justworks” security model, set the cred section like in the sample applications. Thanks, -Rami From:dmtools...@members.openconnectivity.org<mailto:dmtools...@members.openconnectivity.org> [mailto:dmtools...@members.openconnectivity.org] On Behalf Of Wouter van der Beek (wovander) Sent: Monday, December 18, 2017 2:38 AM To: dmtools...@members.openconnectivity.org<mailto:dmtools...@members.openconnectivity.org> Subject: [OCF dmtools_tg] FW: [dev] Android SECURED mode FYI From:iotivity-dev-boun...@lists.iotivity.org<mailto:iotivity-dev-boun...@lists.iotivity.org> [mailto:iotivity-dev-boun...@lists.iotivity.org] On Behalf Of Tonny Tzeng Sent: 17 December 2017 08:16 To: Max Kholmyansky <max...@gmail.com<mailto:max...@gmail.com>> Cc: iotivity <iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org>> Subject: Re: [dev] Android SECURED mode Hi, We just posted an article at 01.org<https://urlf.duocircle.io/?url=https%3A%2F%2F01.org%2Fblogs%2Fttzeng%2F2017%2Fsecurely-accessing-iot-devices-based-javascript&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=7e525f59> talking few security concept in IoTivity. Though we were using iotivity-node as an example, I think the following steps would get your Client accesses to the Server securely: (1) your Server need to register the resource with ResourceProperty.SECURE flag in order to use the secured endpoint; (2) allow the "auth-crypt" connection requests in the SVD dB; (3) use an Onboarding Tool to establish ownership with both the Client and the Server; (4) mutual install the credentials of each other by pairing the devices with the OBT Regards, Tonny On 17 December 2017 at 14:38, Max Kholmyansky <max...@gmail.com<mailto:max...@gmail.com>> wrote: Hi Arthur, You should be able to communicate between the client and the server on Android, using SECURED=1 library. First, to set your "di" (client or server) - you need to specify the "di" value inside the DAT file (containing security information) - you can look at the samples. I never succeeded with setting the "di" using API, and I don't know if it's supported. Second, even using SECURED=1, in the server, you can allow any client (even not authenticated) to access any resource. The relevant ACL entry looks like: (you may need to change the "aceid"): { "aceid": 5, "subject": { "conntype": "anon-clear" }, "resources": [ { "href": "*" } ], "permission": 14 } This is definitely not the way to configure it in production, but it should allow you to keep developing, without caring about access permissions for a while. Max On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand <a...@cin.ufpe.br<mailto:a...@cin.ufpe.br>> wrote: Hi all, I have a few beginner-leveled questions about secure mode in Android. Let me explain the situation: I have created two apps (one for Server/Controlee and the other for the Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them without problems. As this is a simple example, I now want to do the same things but with SECURED=1. I should note that I am usually running both apps in the same device (not the emulator, but my cellphone). So I started looking everywhere and discovered I could do this with a local ACL and supposedly everything would be ok. Turns out it didn't, which is why I am here. So my questions are: - Do I need anything else to use the SECURED flag in Android apart from registering resource as secure and passing the ACL to the PlatformConfig and configure it? - I read that when configuring the Platform with an ACL the DeviceID should be set with the ID inside it. So as it failed I tried debugging the ID, which led me to confusion about PlatformID and DeviceID. When loading the ACL the DeviceID comes as a random byte[]. However, I can set the DeviceID in the code and retrieve it just fine. The thing is, the ID recieved by the Client (ServerID) isn't the same I set in the code. I'm not sure if it's something about the encoding tricking me or if it's something else. Can someone please shed me some light? In short, the Client can find the resources (they are registered with SECURE type) but can't make a correct GET/POST/OBSERVE request, returning UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome. Sorry for the long post, thank you in advance! _______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org> https://lists.iotivity.org/mailman/listinfo/iotivity-dev<https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f> _______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org<mailto:iotivity-dev@lists.iotivity.org> https://lists.iotivity.org/mailman/listinfo/iotivity-dev<https://urlf.duocircle.io/?url=https%3A%2F%2Flists.iotivity.org%2Fmailman%2Flistinfo%2Fiotivity-dev&id=31d5&rcpt=ralsh...@vtmgroup.com&tss=1513593475&msgid=8131ebd8-e3df-11e7-8fcd-5f906d21262c&html=1&h=0ab5454f>
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
