Hi Arthur, The concept to get secure access to a resource is the same for C++ and JavaScript -- use secure endpoint in C++/JavaScript, and have proper ACL and credential setup in the SVR database. If what you want is to run existing code intact but with SECURED=1, then add an anonymous connection type ACE as Max described above will work. Let us know it's not the case...
Regards, Tonny On 18 December 2017 at 21:15, Arthur Barros Lapprand <[email protected]> wrote: > Sorry I meant I want to state this, not a few things, hehe. Basically I > want to focus on local ACL permissions without dealing with the whole > device ownership and pairing process. Thank you again! > > 2017-12-18 10:12 GMT-03:00 Arthur Barros Lapprand <[email protected]>: > >> Hi, thank you for the quick replies! >> >> @Max >> >>> I never succeeded with setting the "di" using API >>> >> >> I also never succeeded. However, since there was a recent release I >> should first give it a try. >> >> @Tonny >> I had an overview of the article. Very interesting indeed! But it uses >> javascript which isn't what I'm looking for this particular problem. >> Nonetheless, it is related to security 😁. Since I didn't have the time to >> read it in detail yet I may be saying things that are answered there, so >> pardon me in advance if you may. I need to state a few things: >> >> (3) use an Onboarding Tool to establish ownership with both the Client >>> and the Server; >> >> (4) mutual install the credentials of each other by pairing the devices >>> with the OBT >>> >> I'm trying to simulate these by setting the device owner through the ACL >> for development purposes. >> >> >> >> 2017-12-17 5:16 GMT-03:00 Tonny Tzeng <[email protected]>: >> >>> Hi, >>> >>> We just posted an article at 01.org >>> <https://01.org/blogs/ttzeng/2017/securely-accessing-iot-devices-based-javascript> >>> talking >>> few security concept in IoTivity. Though we were using iotivity-node as an >>> example, I think the following steps would get your Client accesses to the >>> Server securely: >>> (1) your Server need to register the resource with >>> ResourceProperty.SECURE flag in order to use the secured endpoint; >>> (2) allow the "auth-crypt" connection requests in the SVD dB; >>> (3) use an Onboarding Tool to establish ownership with both the Client >>> and the Server; >>> (4) mutual install the credentials of each other by pairing the devices >>> with the OBT >>> >>> Regards, >>> Tonny >>> >>> On 17 December 2017 at 14:38, Max Kholmyansky <[email protected]> wrote: >>> >>>> Hi Arthur, >>>> >>>> You should be able to communicate between the client and the server on >>>> Android, using SECURED=1 library. >>>> >>>> First, to set your "di" (client or server) - you need to specify the >>>> "di" value inside the DAT file (containing security information) - you can >>>> look at the samples. I never succeeded with setting the "di" using API, and >>>> I don't know if it's supported. >>>> >>>> Second, even using SECURED=1, in the server, you can allow any client >>>> (even not authenticated) to access any resource. >>>> The relevant ACL entry looks like: (you may need to change the "aceid"): >>>> { >>>> >>>> "aceid": 5, >>>> "subject": { "conntype": "anon-clear" }, >>>> "resources": [ >>>> { "href": "*" } >>>> ], >>>> "permission": 14 >>>> } >>>> >>>> This is definitely not the way to configure it in production, but it >>>> should allow you to keep developing, without caring about access >>>> permissions for a while. >>>> >>>> >>>> Max >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Dec 14, 2017 at 8:54 PM, Arthur Barros Lapprand < >>>> [email protected]> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I have a few beginner-leveled questions about secure mode in Android. >>>>> Let me explain the situation: >>>>> >>>>> I have created two apps (one for Server/Controlee and the other for >>>>> the Client/Controller) and I'm able to FIND and GET/POST/OBSERVE them >>>>> without problems. As this is a simple example, I now want to do the same >>>>> things but with SECURED=1. I should note that I am usually running both >>>>> apps in the same device (not the emulator, but my cellphone). >>>>> >>>>> So I started looking everywhere and discovered I could do this with a >>>>> local ACL and supposedly everything would be ok. Turns out it didn't, >>>>> which >>>>> is why I am here. So my questions are: >>>>> >>>>> - Do I need anything else to use the SECURED flag in Android apart >>>>> from registering resource as secure and passing the ACL to the >>>>> PlatformConfig and configure it? >>>>> >>>>> - I read that when configuring the Platform with an ACL the DeviceID >>>>> should be set with the ID inside it. So as it failed I tried debugging the >>>>> ID, which led me to confusion about PlatformID and DeviceID. When loading >>>>> the ACL the DeviceID comes as a random byte[]. However, I can set the >>>>> DeviceID in the code and retrieve it just fine. The thing is, the ID >>>>> recieved by the Client (ServerID) isn't the same I set in the code. I'm >>>>> not >>>>> sure if it's something about the encoding tricking me or if it's something >>>>> else. Can someone please shed me some light? >>>>> >>>>> In short, the Client can find the resources (they are registered with >>>>> SECURE type) but can't make a correct GET/POST/OBSERVE request, returning >>>>> UNAUTHORIZED_REQ. Any tips about this flag and Android are welcome. >>>>> >>>>> Sorry for the long post, thank you in advance! >>>>> >>>>> _______________________________________________ >>>>> iotivity-dev mailing list >>>>> [email protected] >>>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> iotivity-dev mailing list >>>> [email protected] >>>> https://lists.iotivity.org/mailman/listinfo/iotivity-dev >>>> >>>> >>> >> >
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
