On Jan 18, 2018 12:00 AM, <[email protected]> wrote: Dear all,
I have questions about Android SECURED mode, too. Dunno anything about it, but since nobody else has responded here goes: Unauthorized is not the same as DTLS handshake failure. The former comes from ACL checking, the latter from cred checking. >From your description I'm not sure which problem you have. If you're seeing handshake failure, check your creds. Also check that your GET is using the secured endpoint. I don't use the c++ or java API so I can't help you there. If you're seeing authorization failure, that means you have a good connection but the ACL stuff is bonked. At least that's my understanding. HTH, Gregg I’m using IoTivity-1.3.1 SECURED=1 to create Android client/server apps with the sample SVRs databases from iotivity-1.3.1\resource\csdk\ stack\samples\linux\secure\ Scenario1: Android client, sample oic_svr_db_client_devowner Android server, sample oic_svr_db_server plus customized ACE2 of conntype: anon-clear for new resources ð Discovery OK, Get new resources OK. Scenerio2: Android client, sample oic_svr_db_client_devowner Android server, sample oic_svr_db_server ð Discovery OK, Get new resources Failed(UNAUTHORIZED_REQ) client: E/…: org.iotivity.base.OcException: stack error in onGetCallback UNAUTHORIZED_REQ server: D/OIC_SRM: ctx->subjectUuid for request: 00000000-0000-0000-0000- 000000000000. D/OIC_SRM: CA_SECURE flag is not set, and Subject ID of requester is NULL; indicates unsecure channel. According to https://wiki.iotivity.org/faq_s |Client selects appropriate channel based on the information it received about the resource via resource discovery. |Marking a resource as 'OC_SECURE' at hosting Server, allows Iotivity stack to include 'secure port' information in discovery responses. I followed https://wiki.iotivity.org/steps_for_enabling_security_ in_iotivity_applications to do this: - Client/server SVRs databases are ready. - Client OcPlatform.getDeviceId() is not nil uuid. - Server OcPlatform.registerResource with EnumSet.of(ResourceProperty.DISCOVERABLE, ResourceProperty.OBSERVABLE, ResourceProperty.SECURE) ð After the client discovery finished, the client could just use ocResource.getConnectivityTypeSet() which tells the OcConnectivityType. CT_FLAG_SECURE is not set. Also the client ocResource.get() method are not allowed to set CA_SECURE manually. (BTW, I alse used platformConfig.setAvailableTransportType()); to both client and server side. It won’t impact the result.) The only way I could let Android client set the CA_SECURE flag is by OcPlatform.findResource with EnumSet.of(OcConnectivityType.CT_FLAG_SECURE) However it doesn’t make sence, because the caipadapter.c shows that Multicast discovery won’t trigger CaencryptSsl() Hence the server received an unencrypted message and secure flag set, when the server trys to decrypt it, it leads to bad handshake. Could anyone help me to figure out why the Android client can’t choose a 'secure' channel to get resources from Android server? Thanks. Best Regards, ChiaYu _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
_______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
