Update ACL data-structure based on RAML spec. 41/8241/20
authorleechul <chuls.lee@samsung.com>
Fri, 20 May 2016 00:41:00 +0000 (09:41 +0900)
committerRandeep Singh <randeep.s@samsung.com>
Thu, 7 Jul 2016 11:33:14 +0000 (11:33 +0000)
   1. Change the OicSecAcl_t according to RAML spec
   2. Add OicSecAce_t according to RAML spec
   3. Update ACL realted modules(PolicyEngine, DirectPairing, json2cbor)
   4. Update unit-test and samples

[Patch 13] Retrigger
[Patch 14] Update 'if' and 'rt' property as array according to core spec.
            * Security RAML spec should be updated.
[Patch 15-16] Remove the compile error for arduino.
[Patch 17-18] Remove the cimpile error for arduino and windows.
[Patch 19] Update missed SVR DB.

Change-Id: I7a213ff0843020324a408dd1ceded31b01affa54
Signed-off-by: leechul <chuls.lee@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/8241
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
69 files changed:
android/examples/provisioningclient/src/main/assets/oic_svr_db_client.dat
android/examples/provisioningclient/src/main/assets/oic_svr_db_client.json
android/examples/simpleclient/src/main/assets/oic_svr_db_client.dat
android/examples/simpleclient/src/main/assets/oic_svr_db_client.json
android/examples/simpleserver/src/main/assets/oic_svr_db_server.dat
android/examples/simpleserver/src/main/assets/oic_svr_db_server.json
resource/csdk/security/include/internal/aclresource.h
resource/csdk/security/include/internal/srmresourcestrings.h
resource/csdk/security/include/securevirtualresourcetypes.h
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_door.dat [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_door.json [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_light.dat [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_light.json [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_pt.dat [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_pt.json [changed mode: 0755->0644]
resource/csdk/security/provisioning/ck_manager/unittest/test_data/CKMInfo.dat
resource/csdk/security/provisioning/ck_manager/unittest/test_data/CKMInfo.json
resource/csdk/security/provisioning/sample/oic_svr_db_client.dat
resource/csdk/security/provisioning/sample/oic_svr_db_client.json
resource/csdk/security/provisioning/sample/oic_svr_db_randompin_with_empty_deviceid.dat
resource/csdk/security/provisioning/sample/oic_svr_db_randompin_with_empty_deviceid.json
resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat
resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.json [changed mode: 0755->0644]
resource/csdk/security/provisioning/sample/oic_svr_db_server_randompin.dat
resource/csdk/security/provisioning/sample/oic_svr_db_server_randompin.json
resource/csdk/security/provisioning/sample/provisioningclient.c
resource/csdk/security/provisioning/src/secureresourceprovider.c
resource/csdk/security/src/aclresource.c
resource/csdk/security/src/doxmresource.c
resource/csdk/security/src/dpairingresource.c
resource/csdk/security/src/policyengine.c
resource/csdk/security/src/srmresourcestrings.c
resource/csdk/security/tool/json2cbor.c
resource/csdk/security/unittest/aclresourcetest.cpp
resource/csdk/security/unittest/oic_svr_db.dat
resource/csdk/security/unittest/oic_svr_db.json
resource/csdk/security/unittest/oic_unittest.dat
resource/csdk/security/unittest/oic_unittest.json
resource/csdk/security/unittest/oic_unittest_acl1.dat
resource/csdk/security/unittest/oic_unittest_acl1.json
resource/csdk/security/unittest/oic_unittest_default_acl.dat
resource/csdk/security/unittest/oic_unittest_default_acl.json
resource/csdk/stack/samples/linux/secure/oic_amss_db.dat
resource/csdk/stack/samples/linux/secure/oic_amss_db.json
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_devowner.dat
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_devowner.json
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_directpairing.dat
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_directpairing.json
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_nondevowner.dat
resource/csdk/stack/samples/linux/secure/oic_svr_db_client_nondevowner.json
resource/csdk/stack/samples/linux/secure/oic_svr_db_server.dat
resource/csdk/stack/samples/linux/secure/oic_svr_db_server.json
resource/csdk/stack/samples/linux/secure/oic_svr_db_server_justworks.dat
resource/examples/oic_svr_db_client.dat
resource/examples/oic_svr_db_client.json
resource/examples/oic_svr_db_client_directpairing.dat
resource/examples/oic_svr_db_client_directpairing.json
resource/examples/oic_svr_db_server.dat
resource/examples/oic_svr_db_server.json
resource/provisioning/examples/SConscript
resource/provisioning/examples/oic_svr_db_client.dat
resource/provisioning/examples/oic_svr_db_client.json
resource/provisioning/examples/provisioningclient.cpp
service/easy-setup/sampleapp/mediator/android/EasySetup/app/src/main/assets/oic_svr_db_client.dat
service/easy-setup/sampleapp/mediator/android/EasySetup/app/src/main/assets/oic_svr_db_client.json
service/resource-encapsulation/examples/linux/secureResourceExample/oic_svr_db_client.dat
service/resource-encapsulation/examples/linux/secureResourceExample/oic_svr_db_client.json
service/resource-encapsulation/examples/linux/secureResourceExample/oic_svr_db_server.dat
service/resource-encapsulation/examples/linux/secureResourceExample/oic_svr_db_server.json

index b8d249c..50eda91 100644 (file)
Binary files a/android/examples/provisioningclient/src/main/assets/oic_svr_db_client.dat and b/android/examples/provisioningclient/src/main/assets/oic_svr_db_client.dat differ
index 22dfeba..004221a 100644 (file)
@@ -8,38 +8,32 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },\r
                         {\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/ad",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.ad"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/amacl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.amacl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        }                  \r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
+                        }\r
                     ],\r
                     "permission": 2\r
                 }\r
             ]\r
         },\r
         "rowneruuid" : "61646D69-6E44-6576-6963-655575696430"\r
-    },    \r
+    },\r
     "pstat": {\r
         "isop": true,\r
         "cm": 2,\r
index 9de47b8..7cf2a68 100644 (file)
Binary files a/android/examples/simpleclient/src/main/assets/oic_svr_db_client.dat and b/android/examples/simpleclient/src/main/assets/oic_svr_db_client.dat differ
index 5052bd1..5a92ec9 100644 (file)
@@ -8,38 +8,32 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },\r
                         {\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/ad",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.ad"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/acl",\r
+                            "href": "/oic/sec/amacl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.amacl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
index 31e1814..638c971 100644 (file)
Binary files a/android/examples/simpleserver/src/main/assets/oic_svr_db_server.dat and b/android/examples/simpleserver/src/main/assets/oic_svr_db_server.dat differ
index 0e1bf23..f38870c 100644 (file)
@@ -8,38 +8,32 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },\r
                         {\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/ad",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.ad"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/a/light",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.core"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/a/light0",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.core"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/a/light1",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.core"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
index 5f1ac9d..2b83f81 100644 (file)
@@ -47,9 +47,9 @@ OCStackResult DeInitACLResource();
  *
  * @note On the first call to @ref GetACLResourceData, savePtr should point to NULL.
  *
- * @return reference to @ref OicSecAcl_t if ACL is found, else NULL.
+ * @return reference to @ref OicSecAce_t if ACE is found, else NULL.
  */
-const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr);
+const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr);
 
 /**
  * This function converts ACL data into CBOR format.
@@ -69,6 +69,14 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t * acl, uint8_t **outPayload, si
  */
 void DeleteACLList(OicSecAcl_t* acl);
 
+/**
+ * Internal function to duplicate the ACE instance.
+ *
+ * @param ace instance of @ref OicSecAce_t structure to be duplicated.
+ * @return reference to @ref OicSecAce_t if ACE was successfully duplicated.
+ */
+OicSecAce_t* DuplicateACE(const OicSecAce_t* ace);
+
 /**
  * This function installs a new ACL.
  *
@@ -80,12 +88,12 @@ void DeleteACLList(OicSecAcl_t* acl);
 OCStackResult InstallNewACL(const uint8_t* payload, const size_t size);
 
 /**
- * This function updates default ACL which is required for ownership transfer.
+ * This function updates default ACE which is required for ownership transfer.
  * This function should be invoked after OTM is complete to prevent anonymous user access.
  *
  * @retval OC_STACK_OK for Success, otherwise some error value
  */
-OCStackResult UpdateDefaultSecProvACL();
+OCStackResult UpdateDefaultSecProvACE();
 
 /**
  * Internal function to update resource owner
index 7f63d92..7e84a76 100644 (file)
@@ -113,6 +113,7 @@ extern const char * OIC_JSON_PUBDATA_NAME;
 extern const char * OIC_JSON_PRIVDATA_NAME;
 extern const char * OIC_JSON_OPTDATA_NAME;
 extern const char * OIC_JSON_CRMS_NAME;
+extern const char * OIC_JSON_VALIDITY_NAME;
 extern const char * OIC_JSON_PERIOD_NAME;
 extern const char * OIC_JSON_PERIODS_NAME;
 extern const char * OIC_JSON_RECURRENCES_NAME;
index 10c9e50..5cefddd 100644 (file)
@@ -164,6 +164,12 @@ INLINE_API bool IsAccessGranted(SRMAccessResponse_t response)
     }
 }
 
+typedef struct OicSecRsrc OicSecRsrc_t;
+
+typedef struct OicSecValidity OicSecValidity_t;
+
+typedef struct OicSecAce OicSecAce_t;
+
 typedef struct OicSecAcl OicSecAcl_t;
 
 typedef struct OicSecAmacl OicSecAmacl_t;
@@ -323,6 +329,35 @@ struct OicSecKey
 
 };
 
+struct OicSecRsrc
+{
+    char *href; // 0:R:S:Y:String
+    char *rel; // 1:R:S:N:String
+    char** types; // 2:R:S:N:String Array
+    size_t typeLen; // the number of elts in types
+    char** interfaces; // 3:R:S:N:String Array
+    size_t interfaceLen; // the number of elts in interfaces
+    OicSecRsrc_t *next;
+};
+
+struct OicSecValidity
+{
+    char* period; // 0:R:S:Y:String
+    char** recurrences; // 1:R:M:Y:Array of String
+    size_t recurrenceLen; // the number of elts in recurrence
+    OicSecValidity_t *next;
+};
+
+struct OicSecAce
+{
+    // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
+    OicUuid_t subjectuuid; // 0:R:S:Y:uuid
+    OicSecRsrc_t *resources; // 1:R:M:Y:Resource
+    uint16_t permission; // 2:R:S:Y:UINT16
+    OicSecValidity_t *validities; // 3:R:M:N:Time-interval
+    OicSecAce_t *next;
+};
+
 /**
  * /oic/sec/acl (Access Control List) data type.
  * Derived from OIC Security Spec; see Spec for details.
@@ -330,17 +365,8 @@ struct OicSecKey
 struct OicSecAcl
 {
     // <Attribute ID>:<Read/Write>:<Multiple/Single>:<Mandatory?>:<Type>
-    OicUuid_t           subject;        // 0:R:S:Y:uuid TODO: this deviates
-                                        // from spec and needs to be updated
-                                        // in spec (where it's a String).
-    size_t              resourcesLen;   // the number of elts in Resources
-    char                **resources;    // 1:R:M:Y:String
-    uint16_t            permission;     // 2:R:S:Y:UINT16
-    size_t              prdRecrLen;     // the number of elts in Periods
-    char                **periods;       // 3:R:M*:N:String (<--M*; see Spec)
-    char                **recurrences;   // 5:R:M:N:String
-    OicUuid_t           rownerID;        // 8:R:S:Y:oic.uuid
-    OicSecAcl_t         *next;
+    OicUuid_t           rownerID;        // 0:R:S:Y:oic.uuid
+    OicSecAce_t         *aces; // 1:R:M:N:ACE
 };
 
 /**
old mode 100755 (executable)
new mode 100644 (file)
index bf440f2..14b258b
Binary files a/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_door.dat and b/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_door.dat differ
old mode 100755 (executable)
new mode 100644 (file)
index 20062b4..b65c99c
@@ -8,38 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/presence",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/crl",\r
+                            "href": "/oic/sec/cred",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.cred"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/cred",\r
+                            "href": "/oic/sec/crl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.crl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
old mode 100755 (executable)
new mode 100644 (file)
index 59f65e5..7f9f27f
Binary files a/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_light.dat and b/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_light.dat differ
old mode 100755 (executable)
new mode 100644 (file)
index a7598d4..88d2069
@@ -8,38 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/presence",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/crl",\r
+                            "href": "/oic/sec/cred",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.cred"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/cred",\r
+                            "href": "/oic/sec/crl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.crl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
old mode 100755 (executable)
new mode 100644 (file)
index 6143d32..a735af7
Binary files a/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_pt.dat and b/resource/csdk/security/provisioning/ck_manager/sample/oic_svr_db_pt.dat differ
old mode 100755 (executable)
new mode 100644 (file)
index 2e33796..36269f1
@@ -8,32 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/ad",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
index 06454be..ac8348a 100644 (file)
Binary files a/resource/csdk/security/provisioning/ck_manager/unittest/test_data/CKMInfo.dat and b/resource/csdk/security/provisioning/ck_manager/unittest/test_data/CKMInfo.dat differ
index dbdee77..e251611 100644 (file)
@@ -8,32 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/ad",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/cred",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.cred"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 7\r
index 781f654..3caa104 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_client.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_client.dat differ
index fb3c609..3d17ddd 100644 (file)
@@ -8,38 +8,36 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        }\r
+                    ],\r
+                    "permission": 2\r
+                },\r
+                {\r
+                    "subjectuuid": "*",\r
+                    "resources": [\r
                         {\r
-                            "href": "/oic/ad",\r
+                            "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/amacl",\r
+                            "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                     "subjectuuid": "*",\r
                     "resources": [\r
                         {\r
-                            "href": "/oic/sec/doxm",\r
+                            "href": "/oic/sec/pconf",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pconf"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
-                            "href": "/oic/sec/pstat",\r
+                            "href": "/oic/sec/dpairing",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        }                  \r
+                            "rt": ["oic.r.dpairing"],\r
+                            "if": ["oic.if.baseline"]\r
+                        }\r
                     ],\r
                     "permission": 2\r
                 }\r
             ]\r
         },\r
         "rowneruuid" : "61646D69-6E44-6576-6963-655575696430"\r
-    },    \r
+    },\r
     "pstat": {\r
         "isop": true,\r
         "cm": 0,\r
index 3796ce7..33c6b54 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_randompin_with_empty_deviceid.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_randompin_with_empty_deviceid.dat differ
index 20f2c36..d2ef7c0 100644 (file)
@@ -8,38 +8,18 @@
                         {
                             "href": "/oic/res",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
+                            "rt": ["oic.wk.res"],
+                            "if": ["oic.if.ll"]
+                        },{
                             "href": "/oic/d",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
+                            "rt": ["oic.wk.d"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
+                        },{
                             "href": "/oic/p",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/res/d",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/res/types/d",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/presence",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.p"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         }
                     ],
                     "permission": 2
                         {
                             "href": "/oic/sec/doxm",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.doxm"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/pstat",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pstat"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/acl",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.acl"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/cred",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.cred"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 6
                         {
                             "href": "/oic/sec/pconf",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pconf"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/dpairing",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.dpairing"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 6
@@ -98,8 +78,8 @@
                         {
                             "href": "/oic/sec/ver",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.ver"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 2
index 4adbf4d..f17f27d 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_server_justworks.dat differ
old mode 100755 (executable)
new mode 100644 (file)
index 59b56a7..f175679
@@ -8,36 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/presence",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/cred",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.cred"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
                         {\r
                             "href": "/oic/sec/pconf",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pconf"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/dpairing",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.dpairing"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
@@ -96,8 +78,8 @@
                         {\r
                             "href": "/oic/sec/ver",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.ver"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
         "rowneruuid": "6A757374-776F-726B-4465-765575696430",\r
         "dpc": true\r
     }\r
-}
\ No newline at end of file
+}\r
index cfce7f8..025592c 100644 (file)
Binary files a/resource/csdk/security/provisioning/sample/oic_svr_db_server_randompin.dat and b/resource/csdk/security/provisioning/sample/oic_svr_db_server_randompin.dat differ
index dc595bd..97c36ff 100644 (file)
@@ -8,38 +8,18 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
+                        },{\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
+                        },{\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/presence",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/cred",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.cred"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
                         {\r
                             "href": "/oic/sec/pconf",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pconf"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/dpairing",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.dpairing"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 6\r
@@ -98,8 +78,8 @@
                         {\r
                             "href": "/oic/sec/ver",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.ver"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
index 19fd535..a22e393 100644 (file)
@@ -25,6 +25,7 @@
 #endif
 
 #include "platform_features.h"
+#include "utlist.h"
 #include "logger.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
@@ -58,6 +59,7 @@ extern "C"
 #define _99_EXIT_PRVN_CLT_      99
 
 #define ACL_RESRC_MAX_NUM   16
+#define ACL_RESRC_ARRAY_SIZE   3 //This value is used only for sample (not OCF spec)
 #define ACL_RESRC_MAX_LEN   128
 #define ACL_PEMISN_CNT      5
 #define DISCOVERY_TIMEOUT   10  // 10 sec
@@ -1045,6 +1047,13 @@ static OicSecAcl_t* createAcl(const int dev_num)
         OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
         return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
     }
+    OicSecAce_t* ace = (OicSecAce_t*) OICCalloc(1, sizeof(OicSecAce_t));
+    if(!ace)
+    {
+        OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
+        return NULL;  // not need to 'goto' |ERROR| before allocating |acl|
+    }
+    LL_APPEND(acl->aces, ace);
 
     // enter |subject| device number
     int num = 0;
@@ -1070,7 +1079,7 @@ static OicSecAcl_t* createAcl(const int dev_num)
         OIC_LOG(ERROR, TAG, "createAcl: device instance empty");
         goto CRACL_ERROR;
     }
-    memcpy(&acl->subject, &dev->doxm->deviceID, UUID_LENGTH);
+    memcpy(&ace->subjectuuid, &dev->doxm->deviceID, UUID_LENGTH);
 
     // enter number of |resources| in 'accessed' device
     for( ; ; )
@@ -1094,16 +1103,17 @@ static OicSecAcl_t* createAcl(const int dev_num)
     // enter actually each 'accessed' |resources| name
     printf("         Enter Each Accessed Resource Name (each under 128 char)\n");
             // '128' is ACL_RESRC_MAX_LEN
-    acl->resourcesLen = (unsigned) num;
-    acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
-    if(!acl->resources)
-    {
-        OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
-        goto CRACL_ERROR;
-    }
+
     char rsrc_in[ACL_RESRC_MAX_LEN+1] = {0};  // '1' for null termination
-    for(int i=0; acl->resourcesLen>(unsigned)i; ++i)
+    for(int i = 0; num > i; ++i)
     {
+        OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+        if(!rsrc)
+        {
+            OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
+            goto CRACL_ERROR;
+        }
+
         printf("         Enter Accessed Resource[%d] Name: ", i+1);
         for(int ret=0; 1!=ret; )
         {
@@ -1112,14 +1122,98 @@ static OicSecAcl_t* createAcl(const int dev_num)
                                         // '0x20<=code' is character region
         }
         size_t len = strlen(rsrc_in)+1;  // '1' for null termination
-        char* rsrc = (char*) OICCalloc(len, sizeof(char));
+        rsrc->href = (char*) OICCalloc(len, sizeof(char));
         if(!rsrc)
         {
             OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
             goto CRACL_ERROR;
         }
-        OICStrcpy(rsrc, len, rsrc_in);
-        acl->resources[i] = rsrc;  // after here, |rsrc| points nothing
+        OICStrcpy(rsrc->href, len, rsrc_in);
+
+        int arrLen = 0;
+        while(1)
+        {
+            printf("         Enter Number of resource type for [%s]: ", rsrc_in);
+            for(int ret=0; 1!=ret; )
+            {
+                ret = scanf("%d", &arrLen);
+                for( ; 0x20<=getchar(); );  // for removing overflow garbages
+                                            // '0x20<=code' is character region
+            }
+            if(0 < arrLen && ACL_RESRC_ARRAY_SIZE >= arrLen)
+            {
+                break;
+            }
+            printf("     Entered Wrong Number. Please Enter under %d Again\n", ACL_RESRC_ARRAY_SIZE);
+        }
+
+        rsrc->typeLen = arrLen;
+        rsrc->types = (char**)OICCalloc(arrLen, sizeof(char*));
+        if(!rsrc->types)
+        {
+            OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
+            goto CRACL_ERROR;
+        }
+
+        for(int i = 0; i < arrLen; i++)
+        {
+            printf("         Enter ResourceType[%d] Name: ", i+1);
+            for(int ret=0; 1!=ret; )
+            {
+                ret = scanf("%128s", rsrc_in);  // '128' is ACL_RESRC_MAX_LEN
+                for( ; 0x20<=getchar(); );  // for removing overflow garbages
+                                            // '0x20<=code' is character region
+            }
+            rsrc->types[i] = OICStrdup(rsrc_in);
+            if(!rsrc->types[i])
+            {
+                OIC_LOG(ERROR, TAG, "createAcl: OICStrdup error return");
+                goto CRACL_ERROR;
+            }
+        }
+
+        while(1)
+        {
+            printf("         Enter Number of interface name for [%s]: ", rsrc_in);
+            for(int ret=0; 1!=ret; )
+            {
+                ret = scanf("%d", &arrLen);
+                for( ; 0x20<=getchar(); );  // for removing overflow garbages
+                                            // '0x20<=code' is character region
+            }
+            if(0 < arrLen && ACL_RESRC_ARRAY_SIZE >= arrLen)
+            {
+                break;
+            }
+            printf("     Entered Wrong Number. Please Enter under %d Again\n", ACL_RESRC_ARRAY_SIZE);
+        }
+
+        rsrc->interfaceLen = arrLen;
+        rsrc->interfaces = (char**)OICCalloc(arrLen, sizeof(char*));
+        if(!rsrc->interfaces)
+        {
+            OIC_LOG(ERROR, TAG, "createAcl: OICCalloc error return");
+            goto CRACL_ERROR;
+        }
+
+        for(int i = 0; i < arrLen; i++)
+        {
+            printf("         Enter ResourceType[%d] Name: ", i+1);
+            for(int ret=0; 1!=ret; )
+            {
+                ret = scanf("%128s", rsrc_in);  // '128' is ACL_RESRC_MAX_LEN
+                for( ; 0x20<=getchar(); );  // for removing overflow garbages
+                                            // '0x20<=code' is character region
+            }
+            rsrc->interfaces[i] = OICStrdup(rsrc_in);
+            if(!rsrc->interfaces[i])
+            {
+                OIC_LOG(ERROR, TAG, "createAcl: OICStrdup error return");
+                goto CRACL_ERROR;
+            }
+        }
+
+        LL_APPEND(ace->resources, rsrc);
     }
 
     // enter |permission| for this access
@@ -1151,34 +1245,7 @@ static OicSecAcl_t* createAcl(const int dev_num)
         }
         pmsn_msk <<= 1;
     }
-    acl->permission = pmsn;
-
-    // enter |owner| device number
-    int own_num = 0;
-    for( ; ; )
-    {
-        printf("   > [D] Enter Owner Device Number: ");
-        for(int ret=0; 1!=ret; )
-        {
-            ret = scanf("%d", &own_num);
-            for( ; 0x20<=getchar(); );  // for removing overflow garbages
-                                        // '0x20<=code' is character region
-        }
-        if(0<own_num && g_own_cnt>=own_num)
-        {
-            break;
-        }
-        printf("         Entered Wrong Number. Please Enter Again\n");
-    }
-
-    dev = getDevInst((const OCProvisionDev_t*)g_own_list, own_num);
-    if(!dev || !dev->doxm)
-    {
-        OIC_LOG(ERROR, TAG, "createAcl: device instance empty");
-        goto CRACL_ERROR;
-    }
-    memcpy(&acl->rownerID, &dev->doxm->deviceID, sizeof(OicUuid_t));
-    printf("\n");
+    ace->permission = pmsn;
 
     return acl;
 
index e3f5bba..35aebec 100644 (file)
@@ -880,6 +880,9 @@ OCStackResult SRPProvisionACL(void *ctx, const OCProvisionDev_t *selectedDeviceI
         OIC_LOG(ERROR, TAG, "Failed to AclToCBORPayload");
         return OC_STACK_NO_MEMORY;
     }
+    OIC_LOG(DEBUG, TAG, "Created payload for ACL:");
+    OIC_LOG_BUFFER(DEBUG, TAG, secPayload->securityData, secPayload->payloadSize);
+
     char query[MAX_URI_LENGTH + MAX_QUERY_LENGTH] = {0};
     if(!PMGenerateQuery(true,
                         selectedDeviceInfo->endpoint.addr,
index aaa96fb..9537efc 100644 (file)
@@ -25,7 +25,9 @@
 #endif
 #include <stdlib.h>
 
+#include "utlist.h"
 #include "ocstack.h"
+#include "octypes.h"
 #include "ocserverrequest.h"
 #include "oic_malloc.h"
 #include "oic_string.h"
@@ -59,75 +61,220 @@ static const uint16_t CBOR_SIZE = 2048;
 static OicSecAcl_t *gAcl = NULL;
 static OCResourceHandle gAclHandle = NULL;
 
+/**
+ * This function frees OicSecRsrc_t object's fields and object itself.
+ */
+static void FreeRsrc(OicSecRsrc_t *rsrc)
+{
+    //Clean each member of resource
+    OICFree(rsrc->href);
+    OICFree(rsrc->rel);
+    //Clean "rt"
+    if(0 < rsrc->typeLen && rsrc->types)
+    {
+        for(size_t i = 0; i < rsrc->typeLen; i++)
+        {
+            OICFree(rsrc->types[i]);
+        }
+        OICFree(rsrc->types);
+        rsrc->types = NULL;
+    }
+    //Clean "if"
+    if(0 < rsrc->interfaceLen && rsrc->interfaces)
+    {
+        for(size_t i = 0; i < rsrc->interfaceLen; i++)
+        {
+            OICFree(rsrc->interfaces[i]);
+        }
+        OICFree(rsrc->interfaces);
+        rsrc->interfaces = NULL;
+    }
+    OICFree(rsrc);
+    rsrc = NULL;
+}
+
 /**
  * This function frees OicSecAcl_t object's fields and object itself.
  */
-static void FreeACE(OicSecAcl_t *ace)
+static void FreeACE(OicSecAce_t *ace)
 {
-    size_t i;
     if (NULL == ace)
     {
         OIC_LOG(ERROR, TAG, "Invalid Parameter");
         return;
     }
 
-    // Clean Resources
-    for (i = 0; i < ace->resourcesLen; i++)
+    //Clean Resources
+    OicSecRsrc_t* rsrc = NULL;
+    OicSecRsrc_t* tmpRsrc = NULL;
+    LL_FOREACH_SAFE(ace->resources, rsrc, tmpRsrc)
     {
-        OICFree(ace->resources[i]);
+        LL_DELETE(ace->resources, rsrc);
+        FreeRsrc(rsrc);
     }
-    OICFree(ace->resources);
 
-    //Clean Period
-    if (ace->periods)
+    //Clean Validities
+    OicSecValidity_t *validity = NULL;
+    OicSecValidity_t *tmpValidity = NULL;
+    LL_FOREACH_SAFE(ace->validities, validity, tmpValidity)
     {
-        for (i = 0; i < ace->prdRecrLen; i++)
-        {
-            OICFree(ace->periods[i]);
-        }
-        OICFree(ace->periods);
-    }
+        LL_DELETE(ace->validities, validity);
 
-    //Clean Recurrence
-    if (ace->recurrences)
-    {
-        for (i = 0; i < ace->prdRecrLen; i++)
+        //Clean period
+        OICFree(validity->period);
+
+        //Clean recurrence
+        for(size_t i = 0; i < validity->recurrenceLen; i++)
         {
-            OICFree(ace->recurrences[i]);
+            OICFree(validity->recurrences[i]);
         }
-        OICFree(ace->recurrences);
+        OICFree(validity->recurrences);
+        OICFree(validity);
+        validity = NULL;
     }
 
-    // Clean ACL node itself
+    //Clean ACE
     OICFree(ace);
+    ace = NULL;
 }
 
 void DeleteACLList(OicSecAcl_t* acl)
 {
     if (acl)
     {
-        OicSecAcl_t *aclTmp1 = NULL;
-        OicSecAcl_t *aclTmp2 = NULL;
-        LL_FOREACH_SAFE(acl, aclTmp1, aclTmp2)
+        OicSecAce_t *ace = NULL;
+        OicSecAce_t *tmpAce = NULL;
+        LL_FOREACH_SAFE(acl->aces, ace, tmpAce)
         {
-            LL_DELETE(acl, aclTmp1);
-            FreeACE(aclTmp1);
+            LL_DELETE(acl->aces, ace);
+            FreeACE(ace);
         }
+        acl->aces = NULL;
+        OICFree(acl);
     }
 }
 
+OicSecAce_t* DuplicateACE(const OicSecAce_t* ace)
+{
+    OicSecAce_t* newAce = NULL;
+    size_t allocateSize = 0;
+
+    if(ace)
+    {
+        newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+        VERIFY_NON_NULL(TAG, newAce, ERROR);
+
+        //Subject uuid
+        memcpy(&newAce->subjectuuid, &ace->subjectuuid, sizeof(OicUuid_t));
+
+        OicSecRsrc_t* rsrc = NULL;
+        LL_FOREACH(ace->resources, rsrc)
+        {
+            OicSecRsrc_t* newRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+            VERIFY_NON_NULL(TAG, newRsrc, ERROR);
+            LL_APPEND(newAce->resources, newRsrc);
+
+            //href is mandatory
+            VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
+            allocateSize = strlen(rsrc->href) + 1;
+            newRsrc->href = (char*)OICMalloc(sizeof(char) * allocateSize);
+            VERIFY_NON_NULL(TAG, newRsrc->href, ERROR);
+            OICStrcpy(newRsrc->href, allocateSize, rsrc->href);
+
+            if(rsrc->rel)
+            {
+                allocateSize = strlen(rsrc->rel) + 1;
+                newRsrc->rel = (char*)OICMalloc(sizeof(char) * allocateSize);
+                VERIFY_NON_NULL(TAG, newRsrc->rel, ERROR);
+                OICStrcpy(newRsrc->rel, allocateSize, rsrc->rel);
+            }
+
+            if(rsrc->types && 0 < rsrc->typeLen)
+            {
+                newRsrc->typeLen = rsrc->typeLen;
+                newRsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
+                VERIFY_NON_NULL(TAG, (newRsrc->types), ERROR);
+                for(size_t i = 0; i < rsrc->typeLen; i++)
+                {
+                    newRsrc->types[i] = OICStrdup(rsrc->types[i]);
+                    VERIFY_NON_NULL(TAG, (newRsrc->types[i]), ERROR);
+                }
+            }
+
+            if(rsrc->interfaces && 0 < rsrc->interfaceLen)
+            {
+                newRsrc->interfaceLen = rsrc->interfaceLen;
+                newRsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
+                VERIFY_NON_NULL(TAG, (newRsrc->interfaces), ERROR);
+                for(size_t i = 0; i < rsrc->interfaceLen; i++)
+                {
+                    newRsrc->interfaces[i] = OICStrdup(rsrc->interfaces[i]);
+                    VERIFY_NON_NULL(TAG, (newRsrc->interfaces[i]), ERROR);
+                }
+            }
+        }
+
+        //Permission
+        newAce->permission = ace->permission;
+
+        //Validity
+        if(ace->validities)
+        {
+            OicSecValidity_t* validity = NULL;
+            LL_FOREACH(ace->validities, validity)
+            {
+                OicSecValidity_t* newValidity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
+                VERIFY_NON_NULL(TAG, newValidity, ERROR);
+                LL_APPEND(newAce->validities, newValidity);
+
+                if(validity->period)
+                {
+                    allocateSize = strlen(validity->period) + 1;
+                    newValidity->period = (char*)OICMalloc(sizeof(char) * allocateSize);
+                    VERIFY_NON_NULL(TAG, newValidity->period, ERROR);
+                    OICStrcpy(newValidity->period, allocateSize, validity->period);
+                }
+
+                if(validity->recurrences && 0 < validity->recurrenceLen)
+                {
+                    newValidity->recurrenceLen = validity->recurrenceLen;
+
+                    newValidity->recurrences = (char**)OICMalloc(sizeof(char*) * validity->recurrenceLen);
+                    VERIFY_NON_NULL(TAG, newValidity->recurrences, ERROR);
+
+                    for(size_t i = 0; i < validity->recurrenceLen; i++)
+                    {
+                        allocateSize = strlen(validity->recurrences[i]) + 1;
+                        newValidity->recurrences[i] = (char*)OICMalloc(sizeof(char) * allocateSize);
+                        VERIFY_NON_NULL(TAG, (newValidity->recurrences[i]), ERROR);
+                        OICStrcpy(newValidity->recurrences[i], allocateSize, validity->recurrences[i]);
+                    }
+                }
+            }
+        }
+
+        newAce->next = NULL;
+    }
+
+    return newAce;
+
+exit:
+    FreeACE(newAce);
+    return NULL;
+}
+
 static size_t OicSecAclSize(const OicSecAcl_t *secAcl)
 {
     if (!secAcl)
     {
         return 0;
     }
-    OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
+    OicSecAce_t *ace= (OicSecAce_t *)secAcl->aces;
     size_t size = 0;
-    while (acl)
+    while (ace)
     {
        size++;
-       acl = acl->next;
+       ace = ace->next;
     }
     return size;
 }
@@ -142,6 +289,7 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, siz
     OCStackResult ret = OC_STACK_ERROR;
     CborError cborEncoderResult = CborNoError;
     OicSecAcl_t *acl = (OicSecAcl_t *)secAcl;
+    OicSecAce_t* ace = NULL;
     CborEncoder encoder;
     CborEncoder aclMap;
     CborEncoder aclListMap;
@@ -180,21 +328,25 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, siz
     cborEncoderResult = cbor_encoder_create_array(&aclListMap, &acesArray, OicSecAclSize(secAcl));
     VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Creating ACES Array.");
 
-    while (acl)
+    ace = NULL;
+    LL_FOREACH (acl->aces, ace)
     {
         CborEncoder oicSecAclMap;
         // ACL Map size - Number of mandatory items
         uint8_t aclMapSize = ACL_ACES_MAP_SIZE;
         size_t inLen = 0;
 
-        // Create ACL Map
-        if (acl->periods)
+        OicSecValidity_t* validityElts = ace->validities;
+        while(validityElts)
         {
-            ++aclMapSize;
-        }
-        if (acl->recurrences)
-        {
-            ++aclMapSize;
+            if(validityElts->period)
+            {
+                aclMapSize++;
+            }
+            if(validityElts->recurrences)
+            {
+                aclMapSize++;
+            }
         }
 
         cborEncoderResult = cbor_encoder_create_map(&acesArray, &oicSecAclMap, aclMapSize);
@@ -204,7 +356,7 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, siz
         cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_SUBJECTID_NAME,
             strlen(OIC_JSON_SUBJECTID_NAME));
         VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Subject Name Tag.");
-        inLen = (memcmp(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
+        inLen = (memcmp(&(ace->subjectuuid), &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0) ?
             WILDCARD_SUBJECT_ID_LEN : sizeof(OicUuid_t);
         if(inLen == WILDCARD_SUBJECT_ID_LEN)
         {
@@ -215,10 +367,10 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, siz
         else
         {
             char *subject = NULL;
-            ret = ConvertUuidToStr(&acl->subject, &subject);
+            ret = ConvertUuidToStr(&ace->subjectuuid, &subject);
             VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
             cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, subject, strlen(subject));
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject Id Value.");
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Subject UUID Value.");
             OICFree(subject);
         }
 
@@ -229,112 +381,168 @@ OCStackResult AclToCBORPayload(const OicSecAcl_t *secAcl, uint8_t **payload, siz
                 strlen(OIC_JSON_RESOURCES_NAME));
             VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Tag.");
 
-            cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, acl->resourcesLen);
+            size_t rsrcLen = 0;
+            OicSecRsrc_t* rsrcElts = NULL;
+            LL_FOREACH(ace->resources, rsrcElts)
+            {
+                rsrcLen++;
+            }
+
+            cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &resources, rsrcLen);
             VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Resource Name Array.");
 
-            for (size_t i = 0; i < acl->resourcesLen; i++)
+            OicSecRsrc_t* rsrc = NULL;
+            LL_FOREACH(ace->resources, rsrc)
             {
 
                 CborEncoder rMap;
                 cborEncoderResult = cbor_encoder_create_map(&resources, &rMap, ACL_RESOURCE_MAP_SIZE);
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding Resource Map.");
 
+                //href -- Mandatory
+                VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
                 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_HREF_NAME,
                         strlen(OIC_JSON_HREF_NAME));
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Name Tag.");
-                cborEncoderResult = cbor_encode_text_string(&rMap, acl->resources[i],
-                        strlen(acl->resources[i]));
+                cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->href, strlen(rsrc->href));
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding HREF Value in Map.");
 
-                cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
-                        strlen(OIC_JSON_REL_NAME));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
-
-                // TODO : Need to assign real value of REL
-                cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
-                        strlen(OIC_JSON_EMPTY_STRING));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
-
+                //resource type -- Mandatory
                 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_RT_NAME,
                         strlen(OIC_JSON_RT_NAME));
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Name Tag.");
 
-                // TODO : Need to assign real value of RT
-                cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
-                        strlen(OIC_JSON_EMPTY_STRING));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
+                CborEncoder resourceTypes;
+                cborEncoderResult = cbor_encoder_create_array(&rMap, &resourceTypes, rsrc->typeLen);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding RT Array.");
+                for(size_t i = 0; i < rsrc->typeLen; i++)
+                {
+                    cborEncoderResult = cbor_encode_text_string(&resourceTypes, rsrc->types[i], strlen(rsrc->types[i]));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding RT Value.");
+                }
+                cborEncoderResult = cbor_encoder_close_container(&rMap, &resourceTypes);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing resourceTypes.");
 
+                //interface -- Mandatory
                 cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_IF_NAME,
                         strlen(OIC_JSON_IF_NAME));
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Name Tag.");
 
-                // TODO : Need to assign real value of IF
-                cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_EMPTY_STRING,
-                        strlen(OIC_JSON_EMPTY_STRING));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
+                CborEncoder interfaces;
+                cborEncoderResult = cbor_encoder_create_array(&rMap, &interfaces, rsrc->interfaceLen);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding IF Array.");
+                for(size_t i = 0; i < rsrc->interfaceLen; i++)
+                {
+                    cborEncoderResult = cbor_encode_text_string(&interfaces, rsrc->interfaces[i], strlen(rsrc->interfaces[i]));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding IF Value.");
+                }
+                cborEncoderResult = cbor_encoder_close_container(&rMap, &interfaces);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing interfaces.");
 
+                //rel
+                if(rsrc->rel)
+                {
+                    cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
+                            strlen(OIC_JSON_REL_NAME));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
+                    cborEncoderResult = cbor_encode_text_string(&rMap, rsrc->rel, strlen(rsrc->rel));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
+                }
+                else
+                {
+                    cborEncoderResult = cbor_encode_text_string(&rMap, OIC_JSON_REL_NAME,
+                            strlen(OIC_JSON_REL_NAME));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Name Tag.");
+                    cborEncoderResult = cbor_encode_text_string(&rMap, "", 0);
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Addding REL Value.");
+                }
 
                 cborEncoderResult = cbor_encoder_close_container(&resources, &rMap);
                 VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Map.");
-
             }
             cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &resources);
             VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Resource Name Array.");
         }
 
-
         // Permissions -- Mandatory
         cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERMISSION_NAME,
             strlen(OIC_JSON_PERMISSION_NAME));
         VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Tag.");
-        cborEncoderResult = cbor_encode_int(&oicSecAclMap, acl->permission);
+        cborEncoderResult = cbor_encode_int(&oicSecAclMap, ace->permission);
         VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Permission Name Value.");
 
-        // Period -- Not Mandatory
-        if (acl->periods)
+        // TODO: Need to verfication for validity
+        // Validity(Time-interval) -- Not Mandatory
+        if(ace->validities)
         {
-
-            CborEncoder period;
-            cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_PERIOD_NAME,
-                strlen(OIC_JSON_PERIOD_NAME));
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Tag.");
-            cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &period, acl->prdRecrLen);
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Array.");
-            for (size_t i = 0; i < acl->prdRecrLen; i++)
+            size_t validityLen = 0;
+            validityElts = NULL;
+            LL_FOREACH(ace->validities, validityElts)
             {
-                cborEncoderResult = cbor_encode_text_string(&period, acl->periods[i],
-                    strlen(acl->periods[i]));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value in Array.");
+                validityLen++;
             }
-            cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &period);
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Period Array.");
-        }
 
-        // Recurrence -- Not Mandatory
-        if (acl->recurrences)
-        {
-            CborEncoder recurrences;
-            cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_RECURRENCES_NAME,
-                strlen(OIC_JSON_RECURRENCES_NAME));
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Tag.");
-            cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &recurrences, acl->prdRecrLen);
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
-
-            for (size_t i = 0; i < acl->prdRecrLen; i++)
+            CborEncoder validities;
+            cborEncoderResult = cbor_encode_text_string(&oicSecAclMap, OIC_JSON_VALIDITY_NAME,
+                strlen(OIC_JSON_VALIDITY_NAME));
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Tag.");
+            cborEncoderResult = cbor_encoder_create_array(&oicSecAclMap, &validities, validityLen);
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validities Array.");
+
+            //How to add the value w/o "title" using tinycobr...? :(
+
+            validityElts = NULL;
+            LL_FOREACH(ace->validities, validityElts)
             {
-                cborEncoderResult = cbor_encode_text_string(&recurrences, acl->recurrences[i],
-                    strlen(acl->recurrences[i]));
-                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
+                 CborEncoder validity;
+                 size_t validitySize = 0;
+                 if(validityElts->period)
+                {
+                    validitySize++;
+                }
+                if(validityElts->recurrences)
+                {
+                    validitySize++;
+                }
+
+                cborEncoderResult = cbor_encoder_create_array(&validities, &validity, validitySize);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Validity Array.");
+
+                // Period
+                if (validityElts->period)
+                {
+                    cborEncoderResult = cbor_encode_text_string(&validity, validityElts->period,
+                        strlen(validityElts->period));
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Period Value.");
+                }
+
+                // Recurrence
+                if (validityElts->recurrences)
+                {
+                    CborEncoder recurrences;
+                    cborEncoderResult = cbor_encoder_create_array(&validity, &recurrences, validityElts->recurrenceLen);
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array.");
+
+                    for (size_t i = 0; i < validityElts->recurrenceLen; i++)
+                    {
+                        cborEncoderResult = cbor_encode_text_string(&recurrences, validityElts->recurrences[i],
+                            strlen(validityElts->recurrences[i]));
+                        VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Adding Recurrence Array Value.");
+                    }
+                    cborEncoderResult = cbor_encoder_close_container(&validity, &recurrences);
+                    VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
+                }
+
+                cborEncoderResult = cbor_encoder_close_container(&validities, &validity);
+                VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validity Array.");
             }
-            cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &recurrences);
-            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Recurrence Array");
 
+            cborEncoderResult = cbor_encoder_close_container(&oicSecAclMap, &validities);
+            VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing Validities Array.");
         }
 
-
         cborEncoderResult = cbor_encoder_close_container(&acesArray, &oicSecAclMap);
         VERIFY_CBOR_SUCCESS(TAG, cborEncoderResult, "Failed Closing ACES Map.");
-        acl = acl->next;
     }
 
     // Close ACES Array
@@ -410,7 +618,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
     CborError cborFindResult = CborNoError;
     cbor_parser_init(cborPayload, size, 0, &parser, &aclCbor);
 
-    OicSecAcl_t *headAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+    OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
 
     // Enter ACL Map
     CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
@@ -422,7 +630,7 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
         char* tagName = NULL;
         size_t len = 0;
         CborType type = cbor_value_get_type(&aclMap);
-        if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
+        if (type == CborTextStringType)
         {
             cborFindResult = cbor_value_dup_text_string(&aclMap, &tagName, &len, NULL);
             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
@@ -442,78 +650,67 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                 while (cbor_value_is_valid(&aclistMap))
                 {
                     char* acName = NULL;
-                    size_t acLen = 0;
+                    size_t readLen = 0;
                     CborType acType = cbor_value_get_type(&aclistMap);
-                    if (acType == CborTextStringType && cbor_value_is_text_string(&aclistMap))
+                    if (acType == CborTextStringType)
                     {
-                        cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &acLen, NULL);
+                        cborFindResult = cbor_value_dup_text_string(&aclistMap, &acName, &readLen, NULL);
                         VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACLIST Map.");
                         cborFindResult = cbor_value_advance(&aclistMap);
                         VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACLIST Map.");
                     }
+
                     if(acName)
                     {
                         if (strcmp(acName, OIC_JSON_ACES_NAME)  == 0)
                         {
-
                             // Enter ACES Array
-                            CborValue aclArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
-                            cborFindResult = cbor_value_enter_container(&aclistMap, &aclArray);
-                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Array.");
+                            CborValue acesArray = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+                            cborFindResult = cbor_value_enter_container(&aclistMap, &acesArray);
+                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACES Array.");
 
                             int acesCount = 0;
-                            while (cbor_value_is_valid(&aclArray))
+                            while (cbor_value_is_valid(&acesArray))
                             {
                                 acesCount++;
+                                CborValue aceMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
+                                cborFindResult = cbor_value_enter_container(&acesArray, &aceMap);
+                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACE Map.");
 
-                                CborValue aclMap = { .parser = NULL, .ptr = NULL, .remaining = 0, .extra = 0, .type = 0, .flags = 0 };
-                                cborFindResult = cbor_value_enter_container(&aclArray, &aclMap);
-                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering ACL Map.");
-                                OicSecAcl_t *acl = NULL;
+                                OicSecAce_t *ace = NULL;
+                                ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
+                                VERIFY_NON_NULL(TAG, ace, ERROR);
+                                LL_APPEND(acl->aces, ace);
 
-                                if(acesCount == 1)
-                                {
-                                    acl = headAcl;
-                                }
-                                else
-                                {
-                                    acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
-                                    OicSecAcl_t *temp = headAcl;
-                                    while (temp->next)
-                                    {
-                                        temp = temp->next;
-                                    }
-                                    temp->next = acl;
-                                }
                                 VERIFY_NON_NULL(TAG, acl, ERROR);
 
-                                while (cbor_value_is_valid(&aclMap))
+                                while (cbor_value_is_valid(&aceMap))
                                 {
                                     char* name = NULL;
                                     size_t len = 0;
-                                    CborType type = cbor_value_get_type(&aclMap);
-                                    if (type == CborTextStringType && cbor_value_is_text_string(&aclMap))
+                                    CborType type = cbor_value_get_type(&aceMap);
+                                    if (type == CborTextStringType)
                                     {
-                                        cborFindResult = cbor_value_dup_text_string(&aclMap, &name, &len, NULL);
-                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACL Map.");
-                                        cborFindResult = cbor_value_advance(&aclMap);
-                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACL Map.");
+                                        cborFindResult = cbor_value_dup_text_string(&aceMap, &name, &len, NULL);
+                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Name in ACE Map.");
+                                        cborFindResult = cbor_value_advance(&aceMap);
+                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing Value in ACE Map.");
                                     }
                                     if (name)
                                     {
                                         // Subject -- Mandatory
-                                        if (strcmp(name, OIC_JSON_SUBJECTID_NAME)  == 0 && cbor_value_is_text_string(&aclMap))
+                                        if (strcmp(name, OIC_JSON_SUBJECTID_NAME)  == 0)
                                         {
                                             char *subject = NULL;
-                                            cborFindResult = cbor_value_dup_text_string(&aclMap, &subject, &len, NULL);
+                                            cborFindResult = cbor_value_dup_text_string(&aceMap, &subject, &len, NULL);
                                             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding subject Value.");
                                             if(strcmp(subject, WILDCARD_RESOURCE_URI) == 0)
                                             {
-                                                acl->subject.id[0] = '*';
+                                                ace->subjectuuid.id[0] = '*';
                                             }
                                             else
                                             {
-                                                ret = ConvertStrToUuid(subject, &acl->subject);
+                                                ret = ConvertStrToUuid(subject, &ace->subjectuuid);
                                                 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
                                             }
                                             OICFree(subject);
@@ -523,14 +720,9 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                         if (strcmp(name, OIC_JSON_RESOURCES_NAME) == 0)
                                         {
                                             CborValue resources = { .parser = NULL };
-                                            cborFindResult = cbor_value_get_array_length(&aclMap, &acl->resourcesLen);
-                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Resource Array Len Value.");
-                                            cborFindResult = cbor_value_enter_container(&aclMap, &resources);
+                                            cborFindResult = cbor_value_enter_container(&aceMap, &resources);
                                             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering a Resource Array.");
 
-                                            acl->resources = (char **) OICMalloc(acl->resourcesLen * sizeof(char*));
-                                            VERIFY_NON_NULL(TAG, acl->resources, ERROR);
-                                            int i = 0;
                                             while (cbor_value_is_valid(&resources))
                                             {
                                                 // rMap
@@ -538,8 +730,11 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                                 cborFindResult = cbor_value_enter_container(&resources, &rMap);
                                                 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering Resource Map");
 
+                                                OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+                                                VERIFY_NON_NULL(TAG, rsrc, ERROR);
+                                                LL_APPEND(ace->resources, rsrc);
 
-                                                while(cbor_value_is_valid(&rMap) && cbor_value_is_text_string(&rMap))
+                                                while(cbor_value_is_valid(&rMap))
                                                 {
                                                     char *rMapName = NULL;
                                                     size_t rMapNameLen = 0;
@@ -551,37 +746,61 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                                     // "href"
                                                     if (0 == strcmp(OIC_JSON_HREF_NAME, rMapName))
                                                     {
-                                                        // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
-                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &acl->resources[i++], &len, NULL);
+                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->href, &len, NULL);
                                                         VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Href Value.");
                                                     }
-                                                    // "rel"
-                                                    if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
-                                                    {
-                                                        // TODO : Need to check data structure of OicSecAcl_t based on RAML spec.
-                                                        char *relData = NULL;
-                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &relData, &len, NULL);
-                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
-                                                        OICFree(relData);
-                                                    }
+
                                                     // "rt"
-                                                    if (0 == strcmp(OIC_JSON_RT_NAME, rMapName))
+                                                    if (0 == strcmp(OIC_JSON_RT_NAME, rMapName) && cbor_value_is_array(&rMap))
                                                     {
-                                                        // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
-                                                        char *rtData = NULL;
-                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &rtData, &len, NULL);
-                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT Value.");
-                                                        OICFree(rtData);
+                                                        cbor_value_get_array_length(&rMap, &rsrc->typeLen);
+                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding RT array length.");
+                                                        VERIFY_SUCCESS(TAG, (0 != rsrc->typeLen), ERROR);
+
+                                                        rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
+                                                        VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
+
+                                                        CborValue resourceTypes;
+                                                        cborFindResult = cbor_value_enter_container(&rMap, &resourceTypes);
+                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering RT Array.");
+
+                                                        for(size_t i = 0; cbor_value_is_valid(&resourceTypes) && cbor_value_is_text_string(&resourceTypes); i++)
+                                                        {
+                                                            cborFindResult = cbor_value_dup_text_string(&resourceTypes, &(rsrc->types[i]), &readLen, NULL);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding resource type.");
+                                                            cborFindResult = cbor_value_advance(&resourceTypes);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing resource type.");
+                                                        }
                                                     }
 
                                                     // "if"
-                                                    if (0 == strcmp(OIC_JSON_IF_NAME, rMapName))
+                                                    if (0 == strcmp(OIC_JSON_IF_NAME, rMapName) && cbor_value_is_array(&rMap))
                                                     {
-                                                        // TODO : Need to check data structure of OicSecAcl_t and assign based on RAML spec.
-                                                        char *ifData = NULL;
-                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &ifData, &len, NULL);
-                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF Value.");
-                                                        OICFree(ifData);
+                                                        cbor_value_get_array_length(&rMap, &rsrc->interfaceLen);
+                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF array length.");
+                                                        VERIFY_SUCCESS(TAG, (0 != rsrc->interfaceLen), ERROR);
+
+                                                        rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
+                                                        VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
+
+                                                        CborValue interfaces;
+                                                        cborFindResult = cbor_value_enter_container(&rMap, &interfaces);
+                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Entering IF Array.");
+
+                                                        for(size_t i = 0; cbor_value_is_valid(&interfaces) && cbor_value_is_text_string(&interfaces); i++)
+                                                        {
+                                                            cborFindResult = cbor_value_dup_text_string(&interfaces, &(rsrc->interfaces[i]), &readLen, NULL);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding IF type.");
+                                                            cborFindResult = cbor_value_advance(&interfaces);
+                                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing IF type.");
+                                                        }
+                                                    }
+
+                                                    // "rel"
+                                                    if (0 == strcmp(OIC_JSON_REL_NAME, rMapName))
+                                                    {
+                                                        cborFindResult = cbor_value_dup_text_string(&rMap, &rsrc->rel, &len, NULL);
+                                                        VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding REL Value.");
                                                     }
 
                                                     if (cbor_value_is_valid(&rMap))
@@ -604,67 +823,76 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                                         if (strcmp(name, OIC_JSON_PERMISSION_NAME) == 0)
                                         {
                                             uint64_t tmp64;
-
-                                            cborFindResult = cbor_value_get_uint64(&aclMap, &tmp64);
+                                            cborFindResult = cbor_value_get_uint64(&aceMap, &tmp64);
                                             VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a PERM Value.");
-                                            acl->permission = tmp64;
+                                            ace->permission = (uint16_t)tmp64;
                                         }
 
-                                        // Period -- Not mandatory
-                                        if (strcmp(name, OIC_JSON_PERIOD_NAME) == 0 && cbor_value_is_array(&aclMap))
+                                        // TODO: Need to verfication for validity
+                                        // Validity -- Not mandatory
+                                        if(strcmp(name, OIC_JSON_VALIDITY_NAME) == 0)
                                         {
-                                            CborValue period = { .parser = NULL };
-                                            cborFindResult = cbor_value_get_array_length(&aclMap, &acl->prdRecrLen);
-                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Len.");
-                                            cborFindResult = cbor_value_enter_container(&aclMap, &period);
-                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Map.");
-                                            acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
-                                            VERIFY_NON_NULL(TAG, acl->periods, ERROR);
-                                            int i = 0;
-                                            while (cbor_value_is_text_string(&period) && cbor_value_is_text_string(&period))
-                                            {
-                                                cborFindResult = cbor_value_dup_text_string(&period, &acl->periods[i++],
-                                                    &len, NULL);
-                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period Array Value.");
-                                                cborFindResult = cbor_value_advance(&period);
-                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a Period Array.");
-                                            }
-                                        }
+                                            CborValue validitiesMap = {.parser = NULL};
+                                            size_t validitySize = 0;
 
-                                        // Recurrence -- Not mandatory
-                                        if (strcmp(name, OIC_JSON_RECURRENCES_NAME) == 0)
-                                        {
-                                            CborValue recurrences = { .parser = NULL };
-                                            cborFindResult = cbor_value_enter_container(&aclMap, &recurrences);
-                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
-                                            acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
-                                            VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
-                                            int i = 0;
-                                            while (cbor_value_is_text_string(&recurrences) && cbor_value_is_text_string(&recurrences))
+                                            cborFindResult = cbor_value_get_array_length(&aceMap, &validitySize);
+                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Validity Array Length.");
+
+                                            cborFindResult = cbor_value_enter_container(&aceMap, &validitiesMap);
+                                            VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Array Map.");
+
+                                            while(cbor_value_is_valid(&validitiesMap))
                                             {
-                                                cborFindResult = cbor_value_dup_text_string(&recurrences,
-                                                    &acl->recurrences[i++], &len, NULL);
-                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array Value.");
-                                                cborFindResult = cbor_value_advance(&recurrences);
-                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Closing Recurrence Array.");
+                                                OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
+                                                VERIFY_NON_NULL(TAG, validity, ERROR);
+                                                LL_APPEND(ace->validities, validity);
+
+                                                CborValue validityMap  = {.parser = NULL};
+                                                //period (string)
+                                                cborFindResult = cbor_value_enter_container(&validitiesMap, &validityMap);
+                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a validity Map.");
+
+                                                size_t len = 0;
+                                                cborFindResult =cbor_value_dup_text_string(&validityMap, &validity->period, &len, NULL);
+                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a Period value.");
+
+                                                //recurrence (string array)
+                                                CborValue recurrenceMap  = {.parser = NULL};
+                                                cborFindResult = cbor_value_enter_container(&validityMap, &recurrenceMap);
+                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence array.");
+
+                                                cborFindResult = cbor_value_get_array_length(&recurrenceMap, &validity->recurrenceLen);
+                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Adding Recurrence Array.");
+
+                                                validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
+                                                VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
+
+                                                for(size_t i = 0; cbor_value_is_text_string(&recurrenceMap) && i < validity->recurrenceLen; i++)
+                                                {
+                                                    cborFindResult = cbor_value_dup_text_string(&recurrenceMap, &validity->recurrences[i], &len, NULL);
+                                                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding a recurrence Value.");
+
+                                                    cborFindResult = cbor_value_advance(&recurrenceMap);
+                                                    VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a recurrences Array.");
+                                                }
+
+                                                cborFindResult = cbor_value_advance(&validitiesMap);
+                                                VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing a validities Array.");
                                             }
                                         }
-
                                         OICFree(name);
                                     }
 
-                                    if (type != CborMapType && cbor_value_is_valid(&aclMap))
+                                    if (type != CborMapType && cbor_value_is_valid(&aceMap))
                                     {
-                                        cborFindResult = cbor_value_advance(&aclMap);
+                                        cborFindResult = cbor_value_advance(&aceMap);
                                         VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing the Array.");
                                     }
                                 }
 
-                                acl->next = NULL;
-
-                                if (cbor_value_is_valid(&aclArray))
+                                if (cbor_value_is_valid(&acesArray))
                                 {
-                                    cborFindResult = cbor_value_advance(&aclArray);
+                                    cborFindResult = cbor_value_advance(&acesArray);
                                     VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Advancing ACL Array.");
                                 }
                             }
@@ -680,13 +908,13 @@ OicSecAcl_t* CBORPayloadToAcl(const uint8_t *cborPayload, const size_t size)
                 }
             }
 
-            // TODO : Need to modify headAcl->owners[0].id to headAcl->rowner based on RAML spec.
-            if (strcmp(tagName, OIC_JSON_ROWNERID_NAME)  == 0 && cbor_value_is_text_string(&aclMap))
+            //rownerID -- Mandatory
+            if (strcmp(tagName, OIC_JSON_ROWNERID_NAME)  == 0)
             {
                 char *stRowner = NULL;
                 cborFindResult = cbor_value_dup_text_string(&aclMap, &stRowner, &len, NULL);
                 VERIFY_CBOR_SUCCESS(TAG, cborFindResult, "Failed Finding Rownerid Value.");
-                ret = ConvertStrToUuid(stRowner, &headAcl->rownerID);
+                ret = ConvertStrToUuid(stRowner, &acl->rownerID);
                 VERIFY_SUCCESS(TAG, ret == OC_STACK_OK, ERROR);
                 OICFree(stRowner);
             }
@@ -703,10 +931,11 @@ exit:
     if (cborFindResult != CborNoError)
     {
         OIC_LOG(ERROR, TAG, "Failed to CBORPayloadToAcl");
-        DeleteACLList(headAcl);
-        headAcl = NULL;
+        DeleteACLList(acl);
+        acl = NULL;
     }
-    return headAcl;
+
+    return acl;
 }
 
 /**
@@ -724,8 +953,8 @@ static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
 {
     OIC_LOG(DEBUG, TAG, "IN RemoveACE");
 
-    OicSecAcl_t *acl = NULL;
-    OicSecAcl_t *tempAcl = NULL;
+    OicSecAce_t *ace = NULL;
+    OicSecAce_t *tempAce = NULL;
     bool deleteFlag = false;
     OCStackResult ret = OC_STACK_NO_RESOURCE;
 
@@ -738,12 +967,12 @@ static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
     //If resource is NULL then delete all the ACE for the subject.
     if (NULL == resource || resource[0] == '\0')
     {
-        LL_FOREACH_SAFE(gAcl, acl, tempAcl)
+        LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
         {
-            if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
+            if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
             {
-                LL_DELETE(gAcl, acl);
-                FreeACE(acl);
+                LL_DELETE(gAcl->aces, ace);
+                FreeACE(ace);
                 deleteFlag = true;
             }
         }
@@ -754,42 +983,29 @@ static OCStackResult RemoveACE(const OicUuid_t * subject, const char * resource)
         //resource in the ACE for the subject then delete the whole ACE. If there are more resources
         //than the required resource in the ACE, for the subject then just delete the resource from
         //the resource array
-        LL_FOREACH_SAFE(gAcl, acl, tempAcl)
+        LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
         {
-            if (memcmp(acl->subject.id, subject->id, sizeof(subject->id)) == 0)
+            if (memcmp(ace->subjectuuid.id, subject->id, sizeof(subject->id)) == 0)
             {
-                if (1 == acl->resourcesLen && strcmp(acl->resources[0], resource) == 0)
+                OicSecRsrc_t* rsrc = NULL;
+                OicSecRsrc_t* tempRsrc = NULL;
+                LL_FOREACH_SAFE(ace->resources, rsrc, tempRsrc)
                 {
-                    LL_DELETE(gAcl, acl);
-                    FreeACE(acl);
-                    deleteFlag = true;
-                    break;
-                }
-                else
-                {
-                    size_t resPos = -1;
-                    size_t i;
-                    for (i = 0; i < acl->resourcesLen; i++)
-                    {
-                        if (strcmp(acl->resources[i], resource) == 0)
-                        {
-                            resPos = i;
-                            break;
-                        }
-                    }
-                    if (0 <= (int) resPos)
+                    if(strcmp(rsrc->href, resource) == 0)
                     {
-                        OICFree(acl->resources[resPos]);
-                        acl->resources[resPos] = NULL;
-                        acl->resourcesLen -= 1;
-                        for (i = resPos; i < acl->resourcesLen; i++)
-                        {
-                            acl->resources[i] = acl->resources[i + 1];
-                        }
+                        LL_DELETE(ace->resources, rsrc);
+                        FreeRsrc(rsrc);
                         deleteFlag = true;
-                        break;
                     }
                 }
+
+                //If resource list is empty
+                if(NULL == ace->resources && true == deleteFlag)
+                {
+                    //Remove the ACE from ACL
+                    LL_DELETE(gAcl->aces, ace);
+                    FreeACE(ace);
+                }
             }
         }
     }
@@ -899,8 +1115,12 @@ static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *e
 
         char resource[MAX_URI_LENGTH] = { 0 };
 
-        OicSecAcl_t *savePtr = NULL;
-        const OicSecAcl_t *currentAce = NULL;
+        OicSecAce_t *savePtr = NULL;
+        const OicSecAce_t *currentAce = NULL;
+        OicSecAcl_t targetAcl;
+
+        memcpy(&targetAcl.rownerID, &gAcl->rownerID, sizeof(OicUuid_t));
+        targetAcl.aces = NULL;
 
         // 'Subject' field is MUST for processing a querystring in REST request.
         GetResourceFromQueryString(ehRequest->query, resource, sizeof(resource));
@@ -912,20 +1132,22 @@ static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *e
          */
         while ((currentAce = GetACLResourceData(&subject, &savePtr)))
         {
+            targetAcl.aces = (OicSecAce_t*)currentAce;
+
             /*
              * If REST querystring contains a specific resource, we need
              * to search for that resource in ACE.
              */
             if (resource[0] != '\0')
             {
-                for (size_t n = 0; n < currentAce->resourcesLen; n++)
+                OicSecRsrc_t *rsrc = NULL;
+                LL_FOREACH(currentAce->resources, rsrc)
                 {
-                    if ((currentAce->resources[n])
-                            && (0 == strcmp(resource, currentAce->resources[n])
-                                    || 0 == strcmp(WILDCARD_RESOURCE_URI, currentAce->resources[n])))
+                    if(0 == strcmp(rsrc->href, resource) ||
+                        0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
                     {
                         // Convert ACL data into CBOR format for transmission
-                        if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
+                        if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
                         {
                             ehRet = OC_EH_ERROR;
                         }
@@ -936,7 +1158,7 @@ static OCEntityHandlerResult HandleACLGetRequest(const OCEntityHandlerRequest *e
             else
             {
                 // Convert ACL data into CBOR format for transmission
-                if (OC_STACK_OK != AclToCBORPayload(currentAce, &payload, &size))
+                if (OC_STACK_OK != AclToCBORPayload(&targetAcl, &payload, &size))
                 {
                     ehRet = OC_EH_ERROR;
                 }
@@ -984,27 +1206,27 @@ static OCEntityHandlerResult HandleACLPostRequest(const OCEntityHandlerRequest *
         if (newAcl)
         {
             // Append the new ACL to existing ACL
-            LL_APPEND(gAcl, newAcl);
-            size_t size = 0;
-            // In case of unit test do not update persistant storage.
-            if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
-                || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
+            OicSecAce_t* newAce = NULL;
+            OicSecAce_t* tempAce = NULL;
+            LL_FOREACH_SAFE(newAcl->aces, newAce, tempAce)
             {
-                ehRet = OC_EH_RESOURCE_CREATED;
+                LL_APPEND(gAcl->aces, newAce);
             }
-            else
+            newAcl->aces = NULL;
+
+            size_t size = 0;
+            uint8_t *cborPayload = NULL;
+            if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
             {
-                uint8_t *cborPayload = NULL;
-                if (OC_STACK_OK == AclToCBORPayload(gAcl, &cborPayload, &size))
+                if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
                 {
-                    if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, cborPayload, size) == OC_STACK_OK)
-                    {
-                        ehRet = OC_EH_RESOURCE_CREATED;
-                    }
-                    OICFree(cborPayload);
+                    ehRet = OC_EH_RESOURCE_CREATED;
                 }
+                OICFree(cborPayload);
             }
         }
+
+        DeleteACLList(newAcl);
     }
 
     // Send payload to request originator
@@ -1120,8 +1342,15 @@ OCStackResult SetDefaultACL(OicSecAcl_t *acl)
 OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
 {
     OCStackResult ret = OC_STACK_ERROR;
-
     OicUuid_t ownerId = { .id = { 0 } };
+    OicSecAcl_t *acl = NULL;
+    OicSecAce_t *ace = NULL;
+    OicSecRsrc_t* resRsrc = NULL;
+    OicSecRsrc_t* deviceRsrc = NULL;
+    OicSecRsrc_t* platformRsrc = NULL;
+    OicSecRsrc_t* aclRsrc = NULL;
+    OicSecRsrc_t* doxmRsrc = NULL;
+    OicSecRsrc_t* pstatRsrc = NULL;
 
     /*
      * TODO In future, when new virtual resources will be added in OIC
@@ -1130,48 +1359,133 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
      * mechanism in SVR database.
      */
 
-    const char *rsrcs[] = {
-        OC_RSRVD_WELL_KNOWN_URI,
-        OC_RSRVD_DEVICE_URI,
-        OC_RSRVD_PLATFORM_URI,
-        OC_RSRVD_RESOURCE_TYPES_URI,
-#ifdef WITH_PRESENCE
-        OC_RSRVD_PRESENCE_URI,
-#endif //WITH_PRESENCE
-        OIC_RSRC_ACL_URI,
-        OIC_RSRC_DOXM_URI,
-        OIC_RSRC_PSTAT_URI,
-    };
-
     if (!defaultAcl)
     {
         return OC_STACK_INVALID_PARAM;
     }
 
-    OicSecAcl_t *acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+    acl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
     VERIFY_NON_NULL(TAG, acl, ERROR);
 
-    // Subject -- Mandatory
-    memcpy(&(acl->subject), &WILDCARD_SUBJECT_ID, sizeof(acl->subject));
-
-    // Resources -- Mandatory
-    acl->resourcesLen = sizeof(rsrcs) / sizeof(rsrcs[0]);
+    ace = (OicSecAce_t *) OICCalloc(1, sizeof(OicSecAce_t));
+    VERIFY_NON_NULL(TAG, ace, ERROR);
 
-    acl->resources = (char**) OICCalloc(acl->resourcesLen, sizeof(char*));
-    VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
+    LL_APPEND(acl->aces, ace);
 
-    for (size_t i = 0; i < acl->resourcesLen; i++)
-    {
-        size_t len = strlen(rsrcs[i]) + 1;
-        acl->resources[i] = (char*) OICMalloc(len * sizeof(char));
-        VERIFY_NON_NULL(TAG, (acl->resources[i]), ERROR);
-        OICStrcpy(acl->resources[i], len, rsrcs[i]);
-    }
+    // Subject -- Mandatory
+    memcpy(ace->subjectuuid.id, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t));
 
-    acl->permission = PERMISSION_READ;
-    acl->prdRecrLen = 0;
-    acl->periods = NULL;
-    acl->recurrences = NULL;
+    // Resources -- Mandatory
+    // /oic/res
+    resRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, resRsrc, ERROR);
+    LL_APPEND(ace->resources, resRsrc);
+    resRsrc->href = OICStrdup(OC_RSRVD_WELL_KNOWN_URI);
+    VERIFY_NON_NULL(TAG, (resRsrc->href), ERROR);
+    resRsrc->typeLen = 1;
+    resRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, resRsrc->types, ERROR);
+    resRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_RES);
+    VERIFY_NON_NULL(TAG, resRsrc->types[0], ERROR);
+    resRsrc->interfaceLen = 2;
+    resRsrc->interfaces = (char**)OICCalloc(resRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, resRsrc->interfaces, ERROR);
+    resRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, resRsrc->interfaces[0], ERROR);
+    resRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
+    VERIFY_NON_NULL(TAG, resRsrc->interfaces[1], ERROR);
+
+    // /oic/d
+    deviceRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, deviceRsrc, ERROR);
+    LL_APPEND(ace->resources, deviceRsrc);
+    deviceRsrc->href = OICStrdup(OC_RSRVD_DEVICE_URI);
+    VERIFY_NON_NULL(TAG, (deviceRsrc->href), ERROR);
+    deviceRsrc->typeLen = 1;
+    deviceRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, deviceRsrc->types, ERROR);
+    deviceRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_DEVICE);
+    VERIFY_NON_NULL(TAG, deviceRsrc->types[0], ERROR);
+    deviceRsrc->interfaceLen = 2;
+    deviceRsrc->interfaces = (char**)OICCalloc(deviceRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, deviceRsrc->interfaces, ERROR);
+    deviceRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[0], ERROR);
+    deviceRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
+    VERIFY_NON_NULL(TAG, deviceRsrc->interfaces[1], ERROR);
+
+    // /oic/p
+    platformRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, platformRsrc, ERROR);
+    LL_APPEND(ace->resources, platformRsrc);
+    platformRsrc->href = OICStrdup(OC_RSRVD_PLATFORM_URI);
+    VERIFY_NON_NULL(TAG, (platformRsrc->href), ERROR);
+    platformRsrc->typeLen = 1;
+    platformRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, platformRsrc->types, ERROR);
+    platformRsrc->types[0] = OICStrdup(OC_RSRVD_RESOURCE_TYPE_PLATFORM);
+    VERIFY_NON_NULL(TAG, platformRsrc->types[0], ERROR);
+    platformRsrc->interfaceLen = 2;
+    platformRsrc->interfaces = (char**)OICCalloc(platformRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, platformRsrc->interfaces, ERROR);
+    platformRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, platformRsrc->interfaces[0], ERROR);
+    platformRsrc->interfaces[1] = OICStrdup(OC_RSRVD_INTERFACE_READ);
+    VERIFY_NON_NULL(TAG, platformRsrc->interfaces[1], ERROR);
+
+    // /oic/sec/acl
+    aclRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, aclRsrc, ERROR);
+    LL_APPEND(ace->resources, aclRsrc);
+    aclRsrc->href = OICStrdup(OIC_RSRC_ACL_URI);
+    VERIFY_NON_NULL(TAG, (aclRsrc->href), ERROR);
+    aclRsrc->typeLen = 1;
+    aclRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, aclRsrc->types, ERROR);
+    aclRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_ACL);
+    VERIFY_NON_NULL(TAG, aclRsrc->types[0], ERROR);
+    aclRsrc->interfaceLen = 1;
+    aclRsrc->interfaces = (char**)OICCalloc(aclRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, aclRsrc->interfaces, ERROR);
+    aclRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, aclRsrc->interfaces[0], ERROR);
+
+    // /oic/sec/doxm
+    doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
+    LL_APPEND(ace->resources, doxmRsrc);
+    doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
+    VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
+    doxmRsrc->typeLen = 1;
+    doxmRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, doxmRsrc->types, ERROR);
+    doxmRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_DOXM);
+    VERIFY_NON_NULL(TAG, doxmRsrc->types[0], ERROR);
+    doxmRsrc->interfaceLen = 1;
+    doxmRsrc->interfaces = (char**)OICCalloc(doxmRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, doxmRsrc->interfaces, ERROR);
+    doxmRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, doxmRsrc->interfaces[0], ERROR);
+
+    // /oic/sec/pstat
+    pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
+    LL_APPEND(ace->resources, pstatRsrc);
+    pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
+    VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
+    pstatRsrc->typeLen = 1;
+    pstatRsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, pstatRsrc->types, ERROR);
+    pstatRsrc->types[0] = OICStrdup(OIC_RSRC_TYPE_SEC_PSTAT);
+    VERIFY_NON_NULL(TAG, pstatRsrc->types[0], ERROR);
+    pstatRsrc->interfaceLen = 1;
+    pstatRsrc->interfaces = (char**)OICCalloc(pstatRsrc->interfaceLen, sizeof(char*));
+    VERIFY_NON_NULL(TAG, pstatRsrc->interfaces, ERROR);
+    pstatRsrc->interfaces[0] = OICStrdup(OC_RSRVD_INTERFACE_DEFAULT);
+    VERIFY_NON_NULL(TAG, pstatRsrc->interfaces[0], ERROR);
+
+    ace->permission = PERMISSION_READ;
+    ace->validities = NULL;
 
     // Device ID is the owner of this default ACL
     if (GetDoxmResourceData() != NULL)
@@ -1187,8 +1501,6 @@ OCStackResult GetDefaultACL(OicSecAcl_t** defaultAcl)
 
     memcpy(&acl->rownerID, &ownerId, sizeof(OicUuid_t));
 
-    acl->next = NULL;
-
     *defaultAcl = acl;
     ret = OC_STACK_OK;
 
@@ -1211,7 +1523,7 @@ OCStackResult InitACLResource()
     size_t size = 0;
     ret = GetSecureVirtualDatabaseFromPS(OIC_JSON_ACL_NAME, &data, &size);
     // If database read failed
-    if (ret != OC_STACK_OK)
+    if (OC_STACK_OK != ret)
     {
         OIC_LOG(DEBUG, TAG, "ReadSVDataFromPS failed");
     }
@@ -1227,7 +1539,11 @@ OCStackResult InitACLResource()
      */
     if (!gAcl)
     {
-        GetDefaultACL(&gAcl);
+        ret = GetDefaultACL(&gAcl);
+        if (OC_STACK_OK != ret)
+        {
+            OIC_LOG(ERROR, TAG, "Failed to create default ACL");
+        }
         // TODO Needs to update persistent storage
     }
     VERIFY_NON_NULL(TAG, gAcl, FATAL);
@@ -1256,10 +1572,10 @@ OCStackResult DeInitACLResource()
     return ret;
 }
 
-const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **savePtr)
+const OicSecAce_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAce_t **savePtr)
 {
-    OicSecAcl_t *acl = NULL;
-    OicSecAcl_t *begin = NULL;
+    OicSecAce_t *ace = NULL;
+    OicSecAce_t *begin = NULL;
 
     if (NULL == subjectId)
     {
@@ -1272,7 +1588,7 @@ const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **
      */
     if (NULL == *savePtr)
     {
-        begin = gAcl;
+        begin = gAcl->aces;
     }
     else
     {
@@ -1281,22 +1597,22 @@ const OicSecAcl_t* GetACLResourceData(const OicUuid_t* subjectId, OicSecAcl_t **
          * savePtr and assign 'begin' to the next ACL after it in the linked
          * list and start searching from there.
          */
-        LL_FOREACH(gAcl, acl)
+        LL_FOREACH(gAcl->aces, ace)
         {
-            if (acl == *savePtr)
+            if (ace == *savePtr)
             {
-                begin = acl->next;
+                begin = ace->next;
             }
         }
     }
 
     // Find the next ACL corresponding to the 'subjectID' and return it.
-    LL_FOREACH(begin, acl)
+    LL_FOREACH(begin, ace)
     {
-        if (memcmp(&(acl->subject), subjectId, sizeof(OicUuid_t)) == 0)
+        if (memcmp(&(ace->subjectuuid), subjectId, sizeof(OicUuid_t)) == 0)
         {
-            *savePtr = acl;
-            return acl;
+            *savePtr = ace;
+            return ace;
         }
     }
 
@@ -1315,26 +1631,21 @@ OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
     if (newAcl)
     {
         // Append the new ACL to existing ACL
-        LL_APPEND(gAcl, newAcl);
-
-        // Update persistent storage only if it is not WILDCARD_SUBJECT_ID
-        if (memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_ID, sizeof(newAcl->subject.id)) == 0
-            || memcmp(newAcl->subject.id, &WILDCARD_SUBJECT_B64_ID, sizeof(newAcl->subject.id)) == 0)
+        OicSecAce_t* newAce = NULL;
+        LL_FOREACH(newAcl->aces, newAce)
         {
-            ret = OC_STACK_OK;
+            LL_APPEND(gAcl->aces, newAce);
         }
-        else
+
+        size_t size = 0;
+        uint8_t *payload = NULL;
+        if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
         {
-            size_t size = 0;
-            uint8_t *payload = NULL;
-            if (OC_STACK_OK == AclToCBORPayload(gAcl, &payload, &size))
+            if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
             {
-                if (UpdateSecureResourceInPS(OIC_JSON_ACL_NAME, payload, size) == OC_STACK_OK)
-                {
-                    ret = OC_STACK_OK;
-                }
-                OICFree(payload);
+                ret = OC_STACK_OK;
             }
+            OICFree(payload);
         }
     }
 
@@ -1342,89 +1653,125 @@ OCStackResult InstallNewACL(const uint8_t *cborPayload, const size_t size)
 }
 
 /**
- * This function generates default ACL for security resource in case of owned status.
+ * This function generates default ACE for security resource in case of owned status.
  *
- * @return Default ACL for security resource.
+ * @return Default ACE for security resource.
  */
-static OicSecAcl_t* GetSecDefaultACL()
+static OicSecAce_t* GetSecDefaultACE()
 {
-    const char *sec_rsrcs[] = {
-        OIC_RSRC_DOXM_URI,
-        OIC_RSRC_PSTAT_URI
-    };
-    OicUuid_t ownerId = {.id = {0}};
-    OCStackResult res = OC_STACK_ERROR;
-    OicSecAcl_t* newDefaultAcl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
-    VERIFY_NON_NULL(TAG, newDefaultAcl, ERROR);
+    const int NUM_OF_DOXM_RT = 1;
+    const int NUM_OF_DOXM_IF  = 1;
+    const int NUM_OF_PSTAT_RT = 1;
+    const int NUM_OF_PSTAT_IF = 1;
+    const char *doxmRt[] = { OIC_RSRC_TYPE_SEC_DOXM };
+    const char *pstatRt[] = { OIC_RSRC_TYPE_SEC_PSTAT };
+    const char *doxmIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
+    const char *pstatIf[] = { OC_RSRVD_INTERFACE_DEFAULT };
+    OicSecRsrc_t* doxmRsrc = NULL;
+    OicSecRsrc_t* pstatRsrc = NULL;
+
+    //Generate default ACE
+    OicSecAce_t* newAce = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    VERIFY_NON_NULL(TAG, newAce, ERROR);
 
     // Subject -- Mandatory
-    memcpy(&(newDefaultAcl->subject), &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
-
-    // Resources -- Mandatory
-    newDefaultAcl->resourcesLen = NUMBER_OF_DEFAULT_SEC_RSCS;
-    newDefaultAcl->resources = (char**)OICCalloc(NUMBER_OF_DEFAULT_SEC_RSCS, sizeof(char*));
-    VERIFY_NON_NULL(TAG, (newDefaultAcl->resources), ERROR);
+    memcpy(newAce->subjectuuid.id, &WILDCARD_SUBJECT_ID, WILDCARD_SUBJECT_ID_LEN);
+
+    //Resources -- Mandatory
+    //Add doxm
+    doxmRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, doxmRsrc, ERROR);
+    LL_APPEND(newAce->resources, doxmRsrc);
+    // pstat-href
+    doxmRsrc->href = OICStrdup(OIC_RSRC_DOXM_URI);
+    VERIFY_NON_NULL(TAG, (doxmRsrc->href), ERROR);
+    // pstat-rt
+    doxmRsrc->typeLen = NUM_OF_DOXM_RT;
+    doxmRsrc->types = (char**)OICCalloc(NUM_OF_DOXM_RT, sizeof(char*));
+    VERIFY_NON_NULL(TAG, (doxmRsrc->types), ERROR);
+    for(int i = 0; i < NUM_OF_DOXM_RT; i++)
+    {
+        doxmRsrc->types[i] = OICStrdup(doxmRt[i]);
+        VERIFY_NON_NULL(TAG, (doxmRsrc->types[i]), ERROR);
+    }
+    // pstat-if
+    doxmRsrc->interfaceLen = NUM_OF_DOXM_IF;
+    doxmRsrc->interfaces = (char**)OICCalloc(NUM_OF_DOXM_IF, sizeof(char*));
+    VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces), ERROR);
+    for(int i = 0; i < NUM_OF_DOXM_IF; i++)
+    {
+        doxmRsrc->interfaces[i] = OICStrdup(doxmIf[i]);
+        VERIFY_NON_NULL(TAG, (doxmRsrc->interfaces[i]), ERROR);
+    }
 
-    for (size_t i = 0; i <  NUMBER_OF_DEFAULT_SEC_RSCS; i++)
+    //Add pstat
+    pstatRsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, pstatRsrc, ERROR);
+    LL_APPEND(newAce->resources, pstatRsrc);
+    //pstat-href
+    pstatRsrc->href = OICStrdup(OIC_RSRC_PSTAT_URI);
+    VERIFY_NON_NULL(TAG, (pstatRsrc->href), ERROR);
+    //pstat-rt
+    pstatRsrc->typeLen = NUM_OF_PSTAT_RT;
+    pstatRsrc->types = (char**)OICCalloc(NUM_OF_PSTAT_RT, sizeof(char*));
+    VERIFY_NON_NULL(TAG, (pstatRsrc->types), ERROR);
+    for(int i = 0; i < NUM_OF_PSTAT_RT; i++)
     {
-        size_t len = strlen(sec_rsrcs[i]) + 1;
-        newDefaultAcl->resources[i] = (char*)OICMalloc(len * sizeof(char));
-        VERIFY_NON_NULL(TAG, (newDefaultAcl->resources[i]), ERROR);
-        OICStrcpy(newDefaultAcl->resources[i], len, sec_rsrcs[i]);
+        pstatRsrc->types[i] = OICStrdup(pstatRt[i]);
+        VERIFY_NON_NULL(TAG, (pstatRsrc->types[i]), ERROR);
+    }
+    // pstat-if
+    pstatRsrc->interfaceLen = NUM_OF_PSTAT_IF;
+    pstatRsrc->interfaces = (char**)OICCalloc(NUM_OF_PSTAT_IF, sizeof(char*));
+    VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces), ERROR);
+    for(int i = 0; i < NUM_OF_PSTAT_IF; i++)
+    {
+        pstatRsrc->interfaces[i] = OICStrdup(pstatIf[i]);
+        VERIFY_NON_NULL(TAG, (pstatRsrc->interfaces[i]), ERROR);
     }
 
     // Permissions -- Mandatory
-    newDefaultAcl->permission = PERMISSION_READ;
+    newAce->permission = PERMISSION_READ;
 
     //Period -- Not Mandatory
-    newDefaultAcl->prdRecrLen = 0;
-    newDefaultAcl->periods = NULL;
-
-    //Recurrence -- Not Mandatory
-    newDefaultAcl->recurrences = NULL;
-
-    // Device ID is the owner of this default ACL
-    res = GetDoxmDeviceID(&ownerId);
-    VERIFY_SUCCESS(TAG, OC_STACK_OK == res, FATAL);
-
-    // Owners -- Mandatory
-    memcpy(&newDefaultAcl->rownerID, &ownerId, sizeof(OicUuid_t));
+    newAce->validities = NULL;
 
-    return newDefaultAcl;
+    return newAce;
 exit:
-    DeleteACLList(newDefaultAcl);
+    FreeACE(newAce);
     return NULL;
 
 }
 
-OCStackResult UpdateDefaultSecProvACL()
+OCStackResult UpdateDefaultSecProvACE()
 {
     OCStackResult ret = OC_STACK_OK;
-    OicSecAcl_t *acl = NULL;
-    OicSecAcl_t *tmp = NULL;
+    OicSecAce_t *ace = NULL;
+    OicSecAce_t *tempAce = NULL;
 
     if(gAcl)
     {
         int matchedRsrc = 0;
         bool isRemoved = false;
 
-        LL_FOREACH_SAFE(gAcl, acl, tmp)
+        LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
         {
             //Find default security resource ACL
-            if(memcmp(&acl->subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
-                ((PERMISSION_READ | PERMISSION_WRITE) == acl->permission))
+            if(memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)) == 0 &&
+                ((PERMISSION_READ | PERMISSION_WRITE) == ace->permission))
             {
                 matchedRsrc = 0;
 
-                for(size_t i = 0; i < acl->resourcesLen; i++)
+                OicSecRsrc_t* rsrc = NULL;
+                LL_FOREACH(ace->resources, rsrc)
                 {
-                    if(strncmp(acl->resources[i], OIC_RSRC_DOXM_URI,
+                    if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI,
                                strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
-                       strncmp(acl->resources[i], OIC_RSRC_CRED_URI,
+                       strncmp(rsrc->href, OIC_RSRC_CRED_URI,
                                strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
-                       strncmp(acl->resources[i], OIC_RSRC_ACL_URI,
+                       strncmp(rsrc->href, OIC_RSRC_ACL_URI,
                                strlen(OIC_RSRC_ACL_URI) + 1) == 0 ||
-                       strncmp(acl->resources[i], OIC_RSRC_PSTAT_URI,
+                       strncmp(rsrc->href, OIC_RSRC_PSTAT_URI,
                                strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
                     {
                         matchedRsrc++;
@@ -1434,8 +1781,8 @@ OCStackResult UpdateDefaultSecProvACL()
                 //If default security resource ACL is detected, delete it.
                 if(NUMBER_OF_SEC_PROV_RSCS == matchedRsrc)
                 {
-                    LL_DELETE(gAcl, acl);
-                    FreeACE(acl);
+                    LL_DELETE(gAcl->aces, ace);
+                    FreeACE(ace);
                     isRemoved = true;
                 }
             }
@@ -1444,15 +1791,15 @@ OCStackResult UpdateDefaultSecProvACL()
         if(isRemoved)
         {
             /*
-             * Generate new security resource ACL as follows :
+             * Generate new security resource ACE as follows :
              *      subject : "*"
              *      resources :  '/oic/sec/doxm', '/oic/sec/pstat'
              *      permission : READ
              */
-            OicSecAcl_t *newDefaultAcl = GetSecDefaultACL();
-            if (newDefaultAcl)
+            OicSecAce_t *secDefaultAce = GetSecDefaultACE();
+            if (secDefaultAce)
             {
-                LL_APPEND(gAcl, newDefaultAcl);
+                LL_APPEND(gAcl->aces, secDefaultAce);
 
                 size_t size = 0;
                 uint8_t *payload = NULL;
index a3c3243..b0372fe 100644 (file)
@@ -828,8 +828,8 @@ static OCEntityHandlerResult HandleDoxmPostRequest(const OCEntityHandlerRequest
                 // Update new state in persistent storage
                 if (UpdatePersistentStorage(gDoxm))
                 {
-                    //Update default ACL of security resource to prevent anonymous user access.
-                    if(OC_STACK_OK == UpdateDefaultSecProvACL())
+                    //Update default ACE of security resource to prevent anonymous user access.
+                    if(OC_STACK_OK == UpdateDefaultSecProvACE())
                     {
                         ehRet = OC_EH_OK;
                     }
index 01eccd0..4d0c88b 100644 (file)
@@ -134,7 +134,7 @@ OCStackResult SavePairingPSK(OCDevAddr *endpoint,
     }
 
     uint8_t pairingPSK[OWNER_PSK_LENGTH_128] = {0};
-    OicSecKey_t pairingKey = {pairingPSK, OWNER_PSK_LENGTH_128};
+    OicSecKey_t pairingKey = {pairingPSK, OWNER_PSK_LENGTH_128, OIC_ENCODING_RAW};
 
     //Generating PairingPSK using OwnerPSK scheme
     CAResult_t pskRet = CAGenerateOwnerPSK((const CAEndpoint_t *)endpoint,
@@ -557,24 +557,72 @@ static OCEntityHandlerResult HandleDpairingPutRequest (const OCEntityHandlerRequ
         OicSecPdAcl_t *pdAcl;
         LL_FOREACH(pconf->pdacls, pdAcl)
         {
-            OicSecAcl_t acl;
-            memset(&acl, 0, sizeof(OicSecAcl_t));
-            memcpy(&acl.subject, &gDpair->pdeviceID, sizeof(OicUuid_t));
-            acl.resources = pdAcl->resources;
-            acl.resourcesLen = pdAcl->resourcesLen;
-            memcpy(&acl.rownerID, &pconf->rownerID, sizeof(OicUuid_t));
-            acl.permission = pdAcl->permission;
-            acl.periods = pdAcl->periods;
-            acl.recurrences = pdAcl->recurrences;
-            acl.prdRecrLen = pdAcl->prdRecrLen;
+            OicSecAcl_t* acl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
+            VERIFY_NON_NULL(TAG, acl, ERROR);
+
+            OicSecAce_t* ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+            VERIFY_NON_NULL(TAG, ace, ERROR);
+
+            LL_APPEND(acl->aces, ace);
+
+            memcpy(&ace->subjectuuid, &gDpair->pdeviceID, sizeof(OicUuid_t));
+
+            for(size_t i = 0; i < pdAcl->resourcesLen; i++)
+            {
+                OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+                VERIFY_NON_NULL(TAG, rsrc, ERROR);
+
+                size_t rsrcLen = strlen(pdAcl->resources[i]) + 1;
+                rsrc->href = (char*)OICMalloc(rsrcLen * sizeof(char));
+                VERIFY_NON_NULL(TAG, (rsrc->href), ERROR);
+
+                OICStrcpy(rsrc->href, rsrcLen, pdAcl->resources[i]);
+                LL_APPEND(ace->resources, rsrc);
+            }
+
+            ace->permission = pdAcl->permission;
+
+            //Copy the validity
+            if(pdAcl->periods || pdAcl->recurrences)
+            {
+                OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
+                VERIFY_NON_NULL(TAG, validity, ERROR);
+
+                if(pdAcl->periods && pdAcl->periods[0])
+                {
+                    size_t periodLen = strlen(pdAcl->periods[0]) + 1;
+                    validity->period = (char*)OICMalloc(periodLen * sizeof(char));
+                    VERIFY_NON_NULL(TAG, (validity->period), ERROR);
+                    OICStrcpy(validity->period, periodLen, pdAcl->periods[0]);
+                }
+
+                if(pdAcl->recurrences && 0 < pdAcl->prdRecrLen)
+                {
+                    validity->recurrenceLen = pdAcl->prdRecrLen;
+                    validity->recurrences = (char**)OICMalloc(sizeof(char*) * pdAcl->prdRecrLen);
+                    VERIFY_NON_NULL(TAG, (validity->recurrences), ERROR);
+
+                    for(size_t i = 0; i < pdAcl->prdRecrLen; i++)
+                    {
+                        size_t recurrenceLen = strlen(pdAcl->recurrences[i]) + 1;
+                        validity->recurrences[i] = (char*)OICMalloc(recurrenceLen  * sizeof(char));
+                        VERIFY_NON_NULL(TAG, (validity->recurrences[i]), ERROR);
+
+                        OICStrcpy(validity->recurrences[i], recurrenceLen, pdAcl->recurrences[i]);
+                    }
+                }
+
+                LL_APPEND(ace->validities, validity);
+            }
 
             size_t size = 0;
             uint8_t *payload = NULL;
-            if (OC_STACK_OK == AclToCBORPayload(&acl, &payload, &size))
+            if (OC_STACK_OK == AclToCBORPayload(acl, &payload, &size))
             {
                 InstallNewACL(payload, size);
                 OICFree(payload);
             }
+            DeleteACLList(acl);
         }
 
         //update pconf device list
index ee991fe..04451b0 100644 (file)
@@ -19,6 +19,7 @@
 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 #include <string.h>
 
+#include "utlist.h"
 #include "oic_malloc.h"
 #include "policyengine.h"
 #include "amsmgr.h"
@@ -308,28 +309,32 @@ static void CopyParamsToContext(PEContext_t     *context,
  * @return true if access is within valid time period or if the period or recurrence is not present.
  * false if period and recurrence present and the access is not within valid time period.
  */
-static bool IsAccessWithinValidTime(const OicSecAcl_t *acl)
+static bool IsAccessWithinValidTime(const OicSecAce_t *ace)
 {
 #ifndef WITH_ARDUINO //Period & Recurrence not supported on Arduino due
-                     //lack of absolute time
-    if (NULL== acl || NULL == acl->periods || 0 == acl->prdRecrLen)
+    //lack of absolute time
+    if (NULL== ace || NULL == ace->validities)
     {
         return true;
     }
 
     //periods & recurrences rules are paired.
-    if (NULL == acl->recurrences)
+    if (NULL == ace->validities->recurrences)
     {
         return false;
     }
 
-    for (size_t i = 0; i < acl->prdRecrLen; i++)
+    OicSecValidity_t* validity =  NULL;
+    LL_FOREACH(ace->validities, validity)
     {
-        if (IOTVTICAL_VALID_ACCESS ==  IsRequestWithinValidTime(acl->periods[i],
-            acl->recurrences[i]))
+        for(size_t i = 0; i < validity->recurrenceLen; i++)
         {
-            OIC_LOG(INFO, TAG, "Access request is in allowed time period");
-            return true;
+            if (IOTVTICAL_VALID_ACCESS ==  IsRequestWithinValidTime(validity->period,
+                validity->recurrences[i]))
+            {
+                OIC_LOG(INFO, TAG, "Access request is in allowed time period");
+                return true;
+            }
         }
     }
     OIC_LOG(ERROR, TAG, "Access request is in invalid time period");
@@ -341,24 +346,25 @@ static bool IsAccessWithinValidTime(const OicSecAcl_t *acl)
 }
 
 /**
- * Check whether 'resource' is in the passed ACL.
+ * Check whether 'resource' is in the passed ACE.
  *
  * @param resource is the resource being searched.
- * @param acl is the ACL to check.
+ * @param ace is the ACE to check.
  *
  * @return true if 'resource' found, otherwise false.
  */
- static bool IsResourceInAcl(const char *resource, const OicSecAcl_t *acl)
+ static bool IsResourceInAce(const char *resource, const OicSecAce_t *ace)
 {
-    if (NULL== acl || NULL == resource)
+    if (NULL== ace || NULL == resource)
     {
         return false;
     }
 
-     for (size_t n = 0; n < acl->resourcesLen; n++)
-     {
-         if (0 == strcmp(resource, acl->resources[n]) || // TODO null terms?
-             0 == strcmp(WILDCARD_RESOURCE_URI, acl->resources[n]))
+    OicSecRsrc_t* rsrc = NULL;
+    LL_FOREACH(ace->resources, rsrc)
+    {
+         if (0 == strcmp(resource, rsrc->href) || // TODO null terms?
+             0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
          {
              return true;
          }
@@ -381,8 +387,8 @@ static void ProcessAccessRequest(PEContext_t *context)
     OIC_LOG(DEBUG, TAG, "Entering ProcessAccessRequest()");
     if (NULL != context)
     {
-        const OicSecAcl_t *currentAcl = NULL;
-        OicSecAcl_t *savePtr = NULL;
+        const OicSecAce_t *currentAce = NULL;
+        OicSecAce_t *savePtr = NULL;
 
         // Start out assuming subject not found.
         context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
@@ -391,28 +397,28 @@ static void ProcessAccessRequest(PEContext_t *context)
         // ACL for this request.
         do
         {
-            OIC_LOG_V(DEBUG, TAG, "%s: getting ACL..." ,__func__);
-            currentAcl = GetACLResourceData(&context->subject, &savePtr);
+            OIC_LOG_V(DEBUG, TAG, "%s: getting ACE..." ,__func__);
+            currentAce = GetACLResourceData(&context->subject, &savePtr);
 
-            if (NULL != currentAcl)
+            if (NULL != currentAce)
             {
                 // Found the subject, so how about resource?
-                OIC_LOG_V(DEBUG, TAG, "%s:found ACL matching subject" ,__func__);
+                OIC_LOG_V(DEBUG, TAG, "%s:found ACE matching subject" ,__func__);
 
                 // Subject was found, so err changes to Rsrc not found for now.
                 context->retVal = ACCESS_DENIED_RESOURCE_NOT_FOUND;
                 OIC_LOG_V(DEBUG, TAG, "%s:Searching for resource..." ,__func__);
-                if (IsResourceInAcl(context->resource, currentAcl))
+                if (IsResourceInAce(context->resource, currentAce))
                 {
-                    OIC_LOG_V(INFO, TAG, "%s:found matching resource in ACL" ,__func__);
+                    OIC_LOG_V(INFO, TAG, "%s:found matching resource in ACE" ,__func__);
                     context->matchingAclFound = true;
 
                     // Found the resource, so it's down to valid period & permission.
                     context->retVal = ACCESS_DENIED_INVALID_PERIOD;
-                    if (IsAccessWithinValidTime(currentAcl))
+                    if (IsAccessWithinValidTime(currentAce))
                     {
                         context->retVal = ACCESS_DENIED_INSUFFICIENT_PERMISSION;
-                        if (IsPermissionAllowingRequest(currentAcl->permission, context->permission))
+                        if (IsPermissionAllowingRequest(currentAce->permission, context->permission))
                         {
                             context->retVal = ACCESS_GRANTED;
                         }
@@ -423,7 +429,7 @@ static void ProcessAccessRequest(PEContext_t *context)
             {
                 OIC_LOG_V(INFO, TAG, "%s:no ACL found matching subject for resource %s",__func__, context->resource);
             }
-        } while ((NULL != currentAcl) && (false == context->matchingAclFound));
+        } while ((NULL != currentAce) && (false == context->matchingAclFound));
 
         if (IsAccessGranted(context->retVal))
         {
index 2b435c8..3d334d2 100644 (file)
@@ -20,6 +20,7 @@
 
 #include <stdlib.h>
 #include "securevirtualresourcetypes.h"
+#include "octypes.h"
 
 const char * SVR_DB_FILE_NAME = "oic_svr_db.json";
 const char * SVR_DB_DAT_FILE_NAME = "oic_svr_db.dat";
@@ -114,6 +115,7 @@ const char * OIC_JSON_PRIVDATA_NAME = "privdata";
 const char * OIC_JSON_OPTDATA_NAME = "optdata";
 const char * OIC_JSON_SERVICE_DEVICE_ID = "svcdid";
 const char * OIC_JSON_SERVICE_TYPE = "svct";
+const char* OIC_JSON_VALIDITY_NAME = "validity";
 const char * OIC_JSON_PERIOD_NAME = "period";
 const char * OIC_JSON_PERIODS_NAME = "prds";
 const char * OIC_JSON_CRMS_NAME = "crms";
@@ -129,10 +131,10 @@ const char * OIC_JSON_PRM_NAME = "prm";
 const char * OIC_JSON_SPM_NAME = "spm";
 const char * OIC_JSON_PDEVICE_ID_NAME = "pdeviceuuid";
 const char * OIC_JSON_RLIST_NAME = "rlist";
-const char * OIC_JSON_HREF_NAME = "href";
-const char * OIC_JSON_REL_NAME = "rel";
-const char * OIC_JSON_RT_NAME = "rt";
-const char * OIC_JSON_IF_NAME = "if";
+const char * OIC_JSON_HREF_NAME = OC_RSRVD_HREF;
+const char * OIC_JSON_REL_NAME = OC_RSRVD_REL;
+const char * OIC_JSON_RT_NAME = OC_RSRVD_RESOURCE_TYPE;
+const char * OIC_JSON_IF_NAME = OC_RSRVD_INTERFACE;
 const char * OIC_JSON_ROWNERID_NAME = "rowneruuid";
 const char * OIC_JSON_ENCODING_NAME = "encoding";
 const char * OIC_JSON_DATA_NAME = "data";
index f0c4a96..0f41aab 100644 (file)
@@ -20,6 +20,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include "utlist.h"
 #include "cJSON.h"
 #include "base64.h"
 #include "cainterface.h"
@@ -343,23 +344,9 @@ OicSecAcl_t* JSONToAclBin(const char * jsonStr)
             cJSON *jsonAcl = cJSON_GetArrayItem(jsonAclArray, idx);
             VERIFY_NON_NULL(TAG, jsonAcl, ERROR);
 
-            OicSecAcl_t *acl = NULL;
-            if(idx == 0)
-            {
-                acl = headAcl;
-            }
-            else
-            {
-                acl = (OicSecAcl_t*)OICCalloc(1, sizeof(OicSecAcl_t));
-                OicSecAcl_t *temp = headAcl;
-                while (temp->next)
-                {
-                    temp = temp->next;
-                }
-                temp->next = acl;
-            }
-
-            VERIFY_NON_NULL(TAG, acl, ERROR);
+            OicSecAce_t *ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+            VERIFY_NON_NULL(TAG, ace, ERROR);
+            LL_APPEND(headAcl->aces, ace);
 
             size_t jsonObjLen = 0;
             cJSON *jsonObj = NULL;
@@ -368,11 +355,11 @@ OicSecAcl_t* JSONToAclBin(const char * jsonStr)
             VERIFY_SUCCESS(TAG, cJSON_String == jsonObj->type, ERROR);
             if(strcmp(jsonObj->valuestring, WILDCARD_RESOURCE_URI) == 0)
             {
-                acl->subject.id[0] = '*';
+                ace->subjectuuid.id[0] = '*';
             }
             else
             {
-                ret = ConvertStrToUuid(jsonObj->valuestring, &acl->subject);
+                ret = ConvertStrToUuid(jsonObj->valuestring, &ace->subjectuuid);
                 VERIFY_SUCCESS(TAG, OC_STACK_OK == ret, ERROR);
             }
             // Resources -- Mandatory
@@ -380,87 +367,134 @@ OicSecAcl_t* JSONToAclBin(const char * jsonStr)
             VERIFY_NON_NULL(TAG, jsonObj, ERROR);
             VERIFY_SUCCESS(TAG, cJSON_Array == jsonObj->type, ERROR);
 
-            acl->resourcesLen = (size_t)cJSON_GetArraySize(jsonObj);
-
-            VERIFY_SUCCESS(TAG, acl->resourcesLen > 0, ERROR);
-            acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
-            VERIFY_NON_NULL(TAG, (acl->resources), ERROR);
+            size_t resourcesLen = (size_t)cJSON_GetArraySize(jsonObj);
+            VERIFY_SUCCESS(TAG, resourcesLen > 0, ERROR);
 
-            size_t idxx = 0;
-            do
+            for(size_t idxx = 0; idxx < resourcesLen; idxx++)
             {
+                OicSecRsrc_t* rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+                VERIFY_NON_NULL(TAG, rsrc, ERROR);
+
                 cJSON *jsonRsrc = cJSON_GetArrayItem(jsonObj, idxx);
                 VERIFY_NON_NULL(TAG, jsonRsrc, ERROR);
 
+                //href
                 size_t jsonRsrcObjLen = 0;
                 cJSON *jsonRsrcObj = cJSON_GetObjectItem(jsonRsrc, OIC_JSON_HREF_NAME);
                 VERIFY_NON_NULL(TAG, jsonRsrcObj, ERROR);
                 VERIFY_SUCCESS(TAG, cJSON_String == jsonRsrcObj->type, ERROR);
 
                 jsonRsrcObjLen = strlen(jsonRsrcObj->valuestring) + 1;
-                acl->resources[idxx] = (char*)OICMalloc(jsonRsrcObjLen);
+                rsrc->href = (char*)OICMalloc(jsonRsrcObjLen);
+                VERIFY_NON_NULL(TAG, (rsrc->href), ERROR);
+                OICStrcpy(rsrc->href, jsonRsrcObjLen, jsonRsrcObj->valuestring);
+
+                //rel
+                jsonRsrcObj = cJSON_GetObjectItem(jsonRsrc, OIC_JSON_REL_NAME);
+                if(jsonRsrcObj)
+                {
+                    jsonRsrcObjLen = strlen(jsonRsrcObj->valuestring) + 1;
+                    rsrc->rel = (char*)OICMalloc(jsonRsrcObjLen);
+                    VERIFY_NON_NULL(TAG, (rsrc->rel), ERROR);
+                    OICStrcpy(rsrc->rel, jsonRsrcObjLen, jsonRsrcObj->valuestring);
+                }
 
-                VERIFY_NON_NULL(TAG, (acl->resources[idxx]), ERROR);
-                OICStrcpy(acl->resources[idxx], jsonRsrcObjLen, jsonRsrcObj->valuestring);
+                //rt
+                jsonRsrcObj = cJSON_GetObjectItem(jsonRsrc, OIC_JSON_RT_NAME);
+                if(jsonRsrcObj && cJSON_Array == jsonRsrcObj->type)
+                {
+                    rsrc->typeLen = (size_t)cJSON_GetArraySize(jsonRsrcObj);
+                    VERIFY_SUCCESS(TAG, (0 < rsrc->typeLen), ERROR);
+                    rsrc->types = (char**)OICCalloc(rsrc->typeLen, sizeof(char*));
+                    VERIFY_NON_NULL(TAG, (rsrc->types), ERROR);
+                    for(size_t i = 0; i < rsrc->typeLen; i++)
+                    {
+                        cJSON *jsonRsrcType = cJSON_GetArrayItem(jsonRsrcObj, i);
+                        rsrc->types[i] = OICStrdup(jsonRsrcType->valuestring);
+                        VERIFY_NON_NULL(TAG, (rsrc->types[i]), ERROR);
+                    }
+                }
+
+                //if
+                jsonRsrcObj = cJSON_GetObjectItem(jsonRsrc, OIC_JSON_IF_NAME);
+                if(jsonRsrcObj && cJSON_Array == jsonRsrcObj->type)
+                {
+                    rsrc->interfaceLen = (size_t)cJSON_GetArraySize(jsonRsrcObj);
+                    VERIFY_SUCCESS(TAG, (0 < rsrc->interfaceLen), ERROR);
+                    rsrc->interfaces = (char**)OICCalloc(rsrc->interfaceLen, sizeof(char*));
+                    VERIFY_NON_NULL(TAG, (rsrc->interfaces), ERROR);
+                    for(size_t i = 0; i < rsrc->interfaceLen; i++)
+                    {
+                        cJSON *jsonInterface = cJSON_GetArrayItem(jsonRsrcObj, i);
+                        rsrc->interfaces[i] = OICStrdup(jsonInterface->valuestring);
+                        VERIFY_NON_NULL(TAG, (rsrc->interfaces[i]), ERROR);
+                    }
+                }
 
-            } while ( ++idxx < acl->resourcesLen);
+                LL_APPEND(ace->resources, rsrc);
+            }
 
             // Permissions -- Mandatory
             jsonObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_PERMISSION_NAME);
             VERIFY_NON_NULL(TAG, jsonObj, ERROR);
             VERIFY_SUCCESS(TAG, cJSON_Number == jsonObj->type, ERROR);
-            acl->permission = jsonObj->valueint;
-            //Period -- Not Mandatory
-            cJSON *jsonPeriodObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_PERIOD_NAME);
-            if(jsonPeriodObj)
+            ace->permission = jsonObj->valueint;
+
+            //Validity -- Not Mandatory
+            cJSON *jsonValidityObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_VALIDITY_NAME);
+            if(jsonValidityObj)
             {
-                VERIFY_SUCCESS(TAG, cJSON_Array == jsonPeriodObj->type, ERROR);
-                acl->prdRecrLen = (size_t)cJSON_GetArraySize(jsonPeriodObj);
-                if(acl->prdRecrLen > 0)
+                VERIFY_SUCCESS(TAG, cJSON_Array == jsonValidityObj->type, ERROR);
+                size_t validityLen = cJSON_GetArraySize(jsonValidityObj);
+                VERIFY_SUCCESS(TAG, (0 < validityLen), ERROR);
+
+                cJSON *jsonValidity = NULL;
+                for(size_t i = 0; i < validityLen; i++)
                 {
-                    acl->periods = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
-                    VERIFY_NON_NULL(TAG, acl->periods, ERROR);
+                    jsonValidity = cJSON_GetArrayItem(jsonValidityObj, i);
+                    VERIFY_NON_NULL(TAG, jsonValidity, ERROR);
+                    VERIFY_SUCCESS(TAG, (jsonValidity->type == cJSON_Array), ERROR);
+
+                    OicSecValidity_t* validity = (OicSecValidity_t*)OICCalloc(1, sizeof(OicSecValidity_t));
+                    VERIFY_NON_NULL(TAG, validity, ERROR);
+                    LL_APPEND(ace->validities, validity);
 
-                    cJSON *jsonPeriod = NULL;
-                    for(size_t i = 0; i < acl->prdRecrLen; i++)
+                    //Period
+                    cJSON* jsonPeriod = cJSON_GetArrayItem(jsonValidity, 0);
+                    if(jsonPeriod)
                     {
-                        jsonPeriod = cJSON_GetArrayItem(jsonPeriodObj, i);
-                        VERIFY_NON_NULL(TAG, jsonPeriod, ERROR);
+                        VERIFY_SUCCESS(TAG, (cJSON_String == jsonPeriod->type), ERROR);
 
                         jsonObjLen = strlen(jsonPeriod->valuestring) + 1;
-                        acl->periods[i] = (char*)OICMalloc(jsonObjLen);
-                        VERIFY_NON_NULL(TAG, acl->periods[i], ERROR);
-                        OICStrcpy(acl->periods[i], jsonObjLen, jsonPeriod->valuestring);
+                        validity->period = (char*)OICMalloc(jsonObjLen);
+                        VERIFY_NON_NULL(TAG, validity->period, ERROR);
+                        OICStrcpy(validity->period, jsonObjLen, jsonPeriod->valuestring);
                     }
-                }
-            }
-            //Recurrence -- Not mandatory
-            cJSON *jsonRecurObj = cJSON_GetObjectItem(jsonAcl, OIC_JSON_RECURRENCES_NAME);
-            if(jsonRecurObj)
-            {
-
-                VERIFY_SUCCESS(TAG, cJSON_Array == jsonRecurObj->type, ERROR);
 
-                if(acl->prdRecrLen > 0)
-                {
-                    acl->recurrences = (char**)OICCalloc(acl->prdRecrLen, sizeof(char*));
-                    VERIFY_NON_NULL(TAG, acl->recurrences, ERROR);
-
-                    cJSON *jsonRecur = NULL;
-                    for(size_t i = 0; i < acl->prdRecrLen; i++)
+                    //Recurrence
+                    cJSON* jsonRecurObj = cJSON_GetArrayItem(jsonValidity, 1);
+                    if(jsonRecurObj)
                     {
-                        jsonRecur = cJSON_GetArrayItem(jsonRecurObj, i);
-                        VERIFY_NON_NULL(TAG, jsonRecur, ERROR);
-                        jsonObjLen = strlen(jsonRecur->valuestring) + 1;
-                        acl->recurrences[i] = (char*)OICMalloc(jsonObjLen);
-                        VERIFY_NON_NULL(TAG, acl->recurrences[i], ERROR);
-                        OICStrcpy(acl->recurrences[i], jsonObjLen, jsonRecur->valuestring);
+                        VERIFY_SUCCESS(TAG, (cJSON_Array == jsonRecurObj->type), ERROR);
+                        validity->recurrenceLen = cJSON_GetArraySize(jsonRecurObj);
+                        VERIFY_SUCCESS(TAG, (0 < validity->recurrenceLen), ERROR);
+
+                        validity->recurrences = (char**)OICCalloc(validity->recurrenceLen, sizeof(char*));
+                        VERIFY_NON_NULL(TAG, validity->recurrences, ERROR);
+
+                        cJSON *jsonRecur = NULL;
+                        for(size_t i = 0; i < validity->recurrenceLen; i++)
+                        {
+                            jsonRecur = cJSON_GetArrayItem(jsonRecurObj, i);
+                            VERIFY_NON_NULL(TAG, jsonRecur, ERROR);
+                            jsonObjLen = strlen(jsonRecur->valuestring) + 1;
+                            validity->recurrences[i] = (char*)OICMalloc(jsonObjLen);
+                            VERIFY_NON_NULL(TAG, validity->recurrences[i], ERROR);
+                            OICStrcpy(validity->recurrences[i], jsonObjLen, jsonRecur->valuestring);
+                        }
                     }
                 }
             }
-
-            acl->next = NULL;
-
         } while( ++idx < numAcl);
     }
 
@@ -734,7 +768,6 @@ OicSecCred_t * JSONToCredBin(const char * jsonStr)
         int numCred = cJSON_GetArraySize(jsonCredArray);
         VERIFY_SUCCESS(TAG, numCred > 0, ERROR);
         int idx = 0;
-        size_t ownersLen = 0;
         do
         {
             cJSON *jsonCred = cJSON_GetArrayItem(jsonCredArray, idx);
@@ -792,6 +825,24 @@ OicSecCred_t * JSONToCredBin(const char * jsonStr)
                 VERIFY_NON_NULL(TAG, (cred->privateData.data), ERROR);
                 memcpy(cred->privateData.data, jsonPriv->valuestring, jsonObjLen);
                 cred->privateData.len = jsonObjLen;
+
+                cJSON *jsonEncoding = cJSON_GetObjectItem(jsonObj, OIC_JSON_ENCODING_NAME);
+                VERIFY_NON_NULL(TAG, jsonEncoding, ERROR);
+
+                if(strcmp(OIC_SEC_ENCODING_RAW, jsonEncoding->valuestring) == 0)
+                {
+                    cred->privateData.encoding = OIC_ENCODING_RAW;
+                }
+                else if(strcmp(OIC_SEC_ENCODING_BASE64, jsonEncoding->valuestring) == 0)
+                {
+                    cred->privateData.encoding = OIC_ENCODING_BASE64;
+                }
+                else
+                {
+                    printf("Unknow encoding type dectected!\n");
+                    printf("json2cbor will use \"oic.sec.encoding.raw\" as default encoding type.\n");
+                    cred->privateData.encoding = OIC_ENCODING_RAW;
+                }
             }
 #ifdef __WITH_X509__
             //PublicData is mandatory only for SIGNED_ASYMMETRIC_KEY credentials type.
index eefeaf8..dbf4cb8 100644 (file)
@@ -19,6 +19,7 @@
 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 #include "gtest/gtest.h"
+#include "utlist.h"
 #include <sys/stat.h>
 #include "ocstack.h"
 #include "psinterface.h"
@@ -49,42 +50,111 @@ const char* ACL1_FILE_NAME = "oic_unittest_acl1.dat";
 
 #define NUM_ACE_FOR_WILDCARD_IN_ACL1_DAT (1)
 
-TEST(ACLResourceTest, CBORDefaultACLConversion)
+static bool AddResourceToACE(OicSecAce_t* ace, const char* rsrcName,
+                             const char* typeName, const char* interfaceName)
 {
-    OicSecAcl_t *defaultAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
-    ASSERT_TRUE(defaultAcl != NULL);
-    uint8_t defaultAclSub[] = { 0x2a };
-    memcpy(defaultAcl->subject.id, defaultAclSub, sizeof(defaultAclSub));
-    defaultAcl->permission = 2;
-    const char *defaulAclRsrc[] = { "/oic/res", "/oic/d", "/oic/p", "/oic/res/types/d",
-            "/oic/ad", "/oic/sec/acl", "/oic/sec/doxm", "/oic/sec/pstat"};
-    defaultAcl->resourcesLen = 8;
-    defaultAcl->resources = (char **)OICCalloc(defaultAcl->resourcesLen, sizeof(char *));
-    ASSERT_TRUE(defaultAcl->resources != NULL);
-    for (size_t i = 0 ; i < defaultAcl->resourcesLen; i++)
+    OicSecRsrc_t* rsrc = NULL;
+
+    VERIFY_NON_NULL(TAG, ace, ERROR);
+    VERIFY_NON_NULL(TAG, rsrcName, ERROR);
+    VERIFY_NON_NULL(TAG, interfaceName, ERROR);
+    VERIFY_NON_NULL(TAG, typeName, ERROR);
+
+    rsrc = (OicSecRsrc_t*)OICCalloc(1, sizeof(OicSecRsrc_t));
+    VERIFY_NON_NULL(TAG, rsrc, ERROR);
+    rsrc->href = OICStrdup(rsrcName);
+    VERIFY_NON_NULL(TAG, rsrc->href, ERROR);
+
+    rsrc->typeLen = 1;
+    rsrc->types = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, rsrc->types, ERROR);
+    rsrc->types[0] = OICStrdup(typeName);
+    VERIFY_NON_NULL(TAG, rsrc->types[0], ERROR);
+
+    rsrc->interfaceLen = 1;
+    rsrc->interfaces = (char**)OICCalloc(1, sizeof(char*));
+    VERIFY_NON_NULL(TAG, rsrc->interfaces, ERROR);
+    rsrc->interfaces[0] = OICStrdup(interfaceName);
+    VERIFY_NON_NULL(TAG, rsrc->interfaces[0], ERROR);
+
+    LL_APPEND(ace->resources, rsrc);
+    return true;
+exit:
+    if(rsrc)
+    {
+        if(rsrc->href)
+        {
+            OICFree(rsrc->href);
+            OICFree(rsrc->types[0]);
+            OICFree(rsrc->types);
+            OICFree(rsrc->interfaces[0]);
+            OICFree(rsrc->interfaces);
+        }
+        OICFree(rsrc);
+    }
+    return false;
+}
+
+static int GetNumberOfResource(const OicSecAce_t* ace)
+{
+    int ret = 0;
+    OicSecRsrc_t* rsrc = NULL;
+    LL_FOREACH(ace->resources, rsrc)
     {
-        defaultAcl->resources[i] = OICStrdup(defaulAclRsrc[i]);
-        ASSERT_TRUE(defaultAcl->resources[i] != NULL);
+        ret++;
     }
+
+    return ret;
+}
+
+TEST(ACLResourceTest, CBORDefaultACLConversion)
+{
+    uint8_t defaultAclSub[] = { 0x2a };
     uint8_t defaultAclOwnrs[] = {0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32,
         0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32};
+
+    OicSecAcl_t *defaultAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
+    ASSERT_TRUE(NULL != defaultAcl);
+    OicSecAce_t *ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    ASSERT_TRUE(NULL != ace);
+    ace->permission = 2;
+    memcpy(ace->subjectuuid.id, defaultAclSub, sizeof(defaultAclSub));
+    LL_APPEND(defaultAcl->aces, ace);
+
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/res", "oic.wk.res", "oic.if.ll"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/d", "oic.wk.d", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/p", "oic.wk.p", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/res/types/d", "oic.wk.unknow", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/ad", "oic.wk.ad", "oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/sec/acl", "oic.r.acl", "oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/sec/doxm", "oic.r.doxm" ,"oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/sec/pstat", "oic.r.pstat" ,"oic.if.baseline"));
+
     memcpy(defaultAcl->rownerID.id, defaultAclOwnrs, sizeof(defaultAclOwnrs));
 
     size_t defaultAclSize = 0;
     uint8_t *defaultPsStorage = NULL;
     OCStackResult convRet = AclToCBORPayload(defaultAcl, &defaultPsStorage, &defaultAclSize);
     EXPECT_EQ(OC_STACK_OK, convRet);
-    ASSERT_TRUE(defaultPsStorage != NULL);
+    ASSERT_TRUE(NULL != defaultPsStorage);
     EXPECT_NE(0, defaultAclSize);
 
     OicSecAcl_t* convertedAcl = CBORPayloadToAcl(defaultPsStorage, defaultAclSize);
-    ASSERT_TRUE(convertedAcl != NULL);
+    ASSERT_TRUE(NULL != convertedAcl);
 
-    EXPECT_EQ(defaultAcl->resourcesLen, convertedAcl->resourcesLen);
-    for(size_t i = 0; i < convertedAcl->resourcesLen; i++)
+    size_t rsrcCnt1 = 0;
+    size_t rsrcCnt2 = 0;
+    OicSecAce_t* tempAce = NULL;
+    LL_FOREACH(defaultAcl->aces, tempAce)
+    {
+        rsrcCnt1 += GetNumberOfResource(tempAce);
+    }
+    tempAce = NULL;
+    LL_FOREACH(convertedAcl->aces, tempAce)
     {
-        EXPECT_EQ(0, strcmp(defaultAcl->resources[i], convertedAcl->resources[i]));
+        rsrcCnt2 += GetNumberOfResource(tempAce);
     }
+    EXPECT_EQ(rsrcCnt1, rsrcCnt2);
 
     DeleteACLList(convertedAcl);
     DeleteACLList(defaultAcl);
@@ -93,79 +163,47 @@ TEST(ACLResourceTest, CBORDefaultACLConversion)
 
 TEST(ACLResourceTest, CBORACLConversion)
 {
+    uint8_t ownrs[] = {0x32, 0x32, 0x32, 0x32,
+                       0x32, 0x32, 0x32, 0x32,
+                       0x32, 0x32, 0x32, 0x32,
+                       0x32, 0x32, 0x32, 0x32};
+    const char* subjectUuid[3] = {"0000000000000000",
+                                  "1111111111111111",
+                                  "2222222222222222"};
+    const uint16_t permission[3] = {2, 6, 31};
+    const size_t numOfRsrc[3] = {6, 2, 2};
+
     OicSecAcl_t *secAcl = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
     ASSERT_TRUE(secAcl != NULL);
-    uint8_t subjectBytes[] = { 0x2a };
-    memcpy(secAcl->subject.id, subjectBytes, sizeof(subjectBytes));
-    secAcl->permission = 2;
-    const char *rsrc[] = { "/oic/res", "/oic/d", "/oic/p", "/oic/res/types/d",
-                           "/oic/ad", "/oic/sec/acl"};
-    secAcl->resourcesLen = 6;
-    secAcl->resources = (char **)OICCalloc(secAcl->resourcesLen, sizeof(char *));
-    ASSERT_TRUE(secAcl->resources != NULL);
-    for (size_t i = 0 ; i < secAcl->resourcesLen; i++)
-    {
-        secAcl->resources[i] = OICStrdup(rsrc[i]);
-        ASSERT_TRUE(secAcl->resources[i] != NULL);
-
-    }
-
-    uint8_t ownrs[] = {0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32, 0x32,
-        0x32, 0x32, 0x32, 0x32, 0x32, 0x32};
     memcpy(secAcl->rownerID.id, ownrs, sizeof(ownrs));
 
-    OicSecAcl_t *secAcl1 = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
-    ASSERT_TRUE(secAcl1 != NULL);
-    memcpy(secAcl1->subject.id, subjectBytes, sizeof(subjectBytes));
-    secAcl1->permission = 6;
-    const char *rsrc1[] = { "/oic/sec/doxm", "/oic/sec/pstat"};
-    secAcl1->resourcesLen = 2;
-    secAcl1->resources = (char **)OICCalloc(secAcl1->resourcesLen, sizeof(char *));
-    ASSERT_TRUE(secAcl1->resources != NULL);
-    for (size_t i = 0 ; i < secAcl1->resourcesLen; i++)
-    {
-        secAcl1->resources[i] = OICStrdup(rsrc1[i]);
-        ASSERT_TRUE(secAcl1->resources[i] != NULL);
-    }
-    memcpy(secAcl1->rownerID.id, ownrs, sizeof(ownrs));
-    secAcl->next = secAcl1;
-
-    OicSecAcl_t *secAcl2 = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
-    ASSERT_TRUE(secAcl2 != NULL);
-    uint8_t subjectBytes1[] = {0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31,
-        0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31};
-    memcpy(secAcl2->subject.id, subjectBytes1, sizeof(subjectBytes1));
-    secAcl2->permission = 255;
-    const char *rsrc2[] = {"/oic/light", "/oic/fan" };
-    secAcl2->resourcesLen = 2;
-    secAcl2->resources = (char **)OICCalloc(secAcl2->resourcesLen, sizeof(char *));
-    ASSERT_TRUE(secAcl2->resources != NULL);
-    for (size_t i = 0 ; i < secAcl2->resourcesLen; i++)
-    {
-        secAcl2->resources[i] = OICStrdup(rsrc2[i]);
-        ASSERT_TRUE(secAcl2->resources[i] != NULL);
-    }
-    memcpy(secAcl2->rownerID.id, ownrs, sizeof(ownrs));
-    secAcl1->next = secAcl2;
-
-    OicSecAcl_t *secAcl3 = (OicSecAcl_t *) OICCalloc(1, sizeof(OicSecAcl_t));
-    ASSERT_TRUE(secAcl3 != NULL);
-    uint8_t subjectBytes2[] = {0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33,
-                               0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33};
-    memcpy(secAcl3->subject.id, subjectBytes2, sizeof(subjectBytes2));
-    secAcl3->permission = 255;
-    const char *rsrc3[] = {"/oic/light", "/oic/garage" };
-    secAcl3->resourcesLen = 2;
-    secAcl3->resources = (char **)OICCalloc(secAcl3->resourcesLen, sizeof(char *));
-    ASSERT_TRUE(secAcl3->resources != NULL);
-    for (size_t i = 0 ; i < secAcl3->resourcesLen; i++)
-    {
-        secAcl3->resources[i] = OICStrdup(rsrc3[i]);
-        ASSERT_TRUE(secAcl3->resources[i] != NULL);
-    }
-    memcpy(secAcl3->rownerID.id, ownrs, sizeof(ownrs));
-    secAcl2->next = secAcl3;
-    secAcl3->next = NULL;
+    OicSecAce_t *ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    ASSERT_TRUE(NULL != ace);
+    ace->permission = permission[0];
+    memcpy(ace->subjectuuid.id, subjectUuid[0], strlen(subjectUuid[0]));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/res", "oic.wk.res", "oic.if.ll"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/d", "oic.wk.d", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/p", "oic.wk.p", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/res/types/d", "oic.wk.unknow", "oic.if.r"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/ad", "oic.wk.ad", "oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/oic/sec/acl", "oic.r.acl", "oic.if.baseline"));
+    LL_APPEND(secAcl->aces, ace);
+
+    OicSecAce_t *ace1 = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    ASSERT_TRUE(NULL != ace1);
+    ace1->permission = permission[1];
+    memcpy(ace1->subjectuuid.id, subjectUuid[1], strlen(subjectUuid[1]));
+    EXPECT_EQ(true, AddResourceToACE(ace1, "/oic/sec/doxm", "oic.r.doxm" ,"oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace1, "/oic/sec/pstat", "oic.r.pstat" ,"oic.if.baseline"));
+    LL_APPEND(secAcl->aces, ace1);
+
+    OicSecAce_t *ace2 = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    ASSERT_TRUE(NULL != ace2);
+    ace2->permission = permission[2];
+    memcpy(ace2->subjectuuid.id, subjectUuid[2], strlen(subjectUuid[2]));
+    EXPECT_EQ(true, AddResourceToACE(ace2, "/oic/light", "oic.core", "oic.if.baseline"));
+    EXPECT_EQ(true, AddResourceToACE(ace2, "/oic/garage", "oic.core", "oic.if.baseline"));
+    LL_APPEND(secAcl->aces, ace2);
 
     size_t size = 0;
     uint8_t *psStorage = NULL;
@@ -173,12 +211,35 @@ TEST(ACLResourceTest, CBORACLConversion)
     ASSERT_TRUE(NULL != psStorage);
     OicSecAcl_t *acl = CBORPayloadToAcl(psStorage, size);
     ASSERT_TRUE(NULL != acl);
-    EXPECT_EQ(2, acl->permission);
-    EXPECT_EQ(6 , acl->resourcesLen);
-    EXPECT_STREQ("/oic/res", acl->resources[0]);
+
+    size_t numberOfCheckedAce = 0;
+    OicSecAce_t* tempAce = NULL;
+    LL_FOREACH(acl->aces, tempAce)
+    {
+        if(memcmp(tempAce->subjectuuid.id, subjectUuid[0], strlen(subjectUuid[0])) == 0)
+        {
+            EXPECT_EQ(numOfRsrc[0], GetNumberOfResource(tempAce));
+            EXPECT_EQ(permission[0], tempAce->permission);
+            numberOfCheckedAce++;
+        }
+        if(memcmp(tempAce->subjectuuid.id, subjectUuid[1], strlen(subjectUuid[1])) == 0)
+        {
+            EXPECT_EQ(numOfRsrc[1], GetNumberOfResource(tempAce));
+            EXPECT_EQ(permission[1], tempAce->permission);
+            numberOfCheckedAce++;
+        }
+        if(memcmp(tempAce->subjectuuid.id, subjectUuid[2], strlen(subjectUuid[2])) == 0)
+        {
+            EXPECT_EQ(numOfRsrc[2], GetNumberOfResource(tempAce));
+            EXPECT_EQ(permission[2], tempAce->permission);
+            numberOfCheckedAce++;
+        }
+    }
+    EXPECT_EQ(3, numberOfCheckedAce);
+
     DeleteACLList(acl);
-    OICFree(psStorage);
     DeleteACLList(secAcl);
+    OICFree(psStorage);
 }
 
 //InitResource Tests
@@ -195,27 +256,29 @@ TEST(ACLResourceTest, GetDefaultACLTests)
     size_t size = 0;
 
     ASSERT_TRUE(ReadCBORFile(DEFAULT_ACL_FILE_NAME, OIC_JSON_ACL_NAME, &payload, &size));
-    ASSERT_TRUE(payload != NULL);
+    ASSERT_TRUE(NULL != payload);
 
     OicSecAcl_t *psAcl = CBORPayloadToAcl(payload, size);
-    ASSERT_TRUE(psAcl != NULL);
+    ASSERT_TRUE(NULL != psAcl);
 
     OicSecAcl_t *acl = NULL;
     EXPECT_EQ(OC_STACK_OK, GetDefaultACL(&acl));
-    ASSERT_TRUE(acl != NULL);
+    ASSERT_TRUE(NULL != acl);
 
     // Verify if the SRM generated default ACL matches with unit test default
     if (acl && psAcl)
     {
-        EXPECT_TRUE(strcmp((char*)acl->subject.id, (char*)psAcl->subject.id) == 0);
-        EXPECT_EQ(acl->resourcesLen, psAcl->resourcesLen);
-        for (size_t i = 0; i < acl->resourcesLen; i++)
+        OicSecAce_t* tempAce1 = NULL;
+        OicSecAce_t* tempAce2 = NULL;
+
+        for(tempAce1 = acl->aces, tempAce2 = psAcl->aces;
+            tempAce1 && tempAce2; tempAce1 = tempAce1->next,
+            tempAce2 = tempAce2->next)
         {
-            EXPECT_EQ(strlen(acl->resources[i]), strlen(psAcl->resources[i]));
-            EXPECT_TRUE(memcmp(acl->resources[i], psAcl->resources[i],
-                            strlen(acl->resources[i])) == 0);
+            EXPECT_TRUE(memcmp(tempAce1->subjectuuid.id, tempAce2->subjectuuid.id, sizeof(tempAce1->subjectuuid.id)) == 0);
+            EXPECT_EQ(tempAce1->permission, tempAce2->permission);
+            EXPECT_EQ(GetNumberOfResource(tempAce1), GetNumberOfResource(tempAce2));
         }
-        EXPECT_EQ(acl->permission, psAcl->permission);
     }
 
     DeleteACLList(psAcl);
@@ -231,15 +294,20 @@ TEST(ACLResourceTest, ACLPostTest)
     uint8_t *payload = NULL;
     size_t size = 0;
 
+    static OCPersistentStorage ps = OCPersistentStorage();
+    SetPersistentHandler(&ps, true);
+
+    OicSecAcl_t *defaultAcl = NULL;
+    EXPECT_EQ(OC_STACK_OK, GetDefaultACL(&defaultAcl));
+    ASSERT_TRUE(defaultAcl != NULL);
+    EXPECT_EQ(OC_STACK_OK, SetDefaultACL(defaultAcl));
+
     ASSERT_TRUE(ReadCBORFile(ACL1_FILE_NAME, OIC_JSON_ACL_NAME, &payload, &size));
     ASSERT_TRUE(NULL != payload);
 
     OCSecurityPayload *securityPayload = OCSecurityPayloadCreate(payload, size);
     ASSERT_TRUE(NULL != securityPayload);
 
-    static OCPersistentStorage ps = OCPersistentStorage();
-    SetPersistentHandler(&ps, true);
-
     // Create Entity Handler POST request payload
     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
     ehReq.method = OC_REST_POST;
@@ -251,8 +319,8 @@ TEST(ACLResourceTest, ACLPostTest)
     ASSERT_TRUE(NULL != acl);
 
     // Verify if SRM contains ACL for the subject
-    OicSecAcl_t *savePtr = NULL;
-    const OicSecAcl_t* subjectAcl = GetACLResourceData(&(acl->subject), &savePtr);
+    OicSecAce_t *savePtr = NULL;
+    const OicSecAce_t* subjectAcl = GetACLResourceData(&(acl->aces->subjectuuid), &savePtr);
     ASSERT_TRUE(NULL != subjectAcl);
 
     // Perform cleanup
@@ -289,16 +357,16 @@ TEST(ACLResourceTest, GetACLResourceTests)
     EXPECT_EQ(OC_STACK_OK, SetDefaultACL(acl1));
 
     // Verify that ACL file contains 2 ACE entries for 'WILDCARD' subject
-    const OicSecAcl_t *acl = NULL;
-    OicSecAcl_t *savePtr = NULL;
+    const OicSecAce_t *ace = NULL;
+    OicSecAce_t *savePtr = NULL;
     OicUuid_t subject = WILDCARD_SUBJECT_ID;
     int count = 0;
 
     do
     {
-        acl = GetACLResourceData(&subject, &savePtr);
-        count = (NULL != acl) ? count + 1 : count;
-    } while (acl != NULL);
+        ace = GetACLResourceData(&subject, &savePtr);
+        count = (NULL != ace) ? count + 1 : count;
+    } while (ace != NULL);
 
     EXPECT_EQ(count, NUM_ACE_FOR_WILDCARD_IN_ACL1_DAT);
 
@@ -310,32 +378,40 @@ TEST(ACLResourceTest, GetACLResourceTests)
 
 static OCStackResult  populateAcl(OicSecAcl_t *acl,  int numRsrc)
 {
-     OCStackResult ret = OC_STACK_ERROR;
-    memcpy(acl->subject.id, "2222222222222222", sizeof(acl->subject.id));
-    acl->resourcesLen = (size_t)numRsrc;
-    acl->resources = (char**)OICCalloc(acl->resourcesLen, sizeof(char*));
-    VERIFY_NON_NULL(TAG, acl->resources, ERROR);
-    acl->resources[0] = (char*)OICMalloc(strlen("/a/led")+1);
-    VERIFY_NON_NULL(TAG, acl->resources[0], ERROR);
-    OICStrcpy(acl->resources[0], strlen("/a/led")+1, "/a/led");
-    if(numRsrc == 2)
+    OCStackResult ret = OC_STACK_ERROR;
+    OicSecAce_t* ace = (OicSecAce_t*)OICCalloc(1, sizeof(OicSecAce_t));
+    VERIFY_NON_NULL(TAG, ace, ERROR);
+
+    memcpy(ace->subjectuuid.id, "2222222222222222", sizeof(ace->subjectuuid.id));
+    EXPECT_EQ(true, AddResourceToACE(ace, "/a/led", "oic.core", "oic.if.r"));
+    if(2 == numRsrc)
     {
-        acl->resources[1] = (char*)OICMalloc(strlen("/a/fan")+1);
-        VERIFY_NON_NULL(TAG, acl->resources[1], ERROR);
-        OICStrcpy(acl->resources[1], strlen("/a/fan")+1, "/a/fan");
+        EXPECT_EQ(true, AddResourceToACE(ace, "/a/fan", "oic.core", "oic.if.r"));
     }
-    acl->permission = 6;
+    ace->permission = 6;
+    LL_APPEND(acl->aces, ace);
+
     memcpy(acl->rownerID.id, "1111111111111111", sizeof(acl->rownerID.id));
 
     ret = OC_STACK_OK;
+
+    return ret;
 exit:
+    DeleteACLList(acl);
     return ret;
-
 }
 
 //'DELETE' ACL test
 TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
 {
+    static OCPersistentStorage ps = OCPersistentStorage();
+    SetPersistentHandler(&ps, true);
+
+    OicSecAcl_t *defaultAcl = NULL;
+    EXPECT_EQ(OC_STACK_OK, GetDefaultACL(&defaultAcl));
+    ASSERT_TRUE(defaultAcl != NULL);
+    EXPECT_EQ(OC_STACK_OK, SetDefaultACL(defaultAcl));
+
     //Populate ACL
     OicSecAcl_t acl = OicSecAcl_t();
     EXPECT_EQ(OC_STACK_OK, populateAcl(&acl, 1));
@@ -350,9 +426,6 @@ TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
     OCSecurityPayload *securityPayload = OCSecurityPayloadCreate(payload, size);
     ASSERT_TRUE(NULL != securityPayload);
 
-    static OCPersistentStorage ps = OCPersistentStorage();
-    SetPersistentHandler(&ps, true);
-
     // Create Entity Handler POST request payload
     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
     ehReq.payload = (OCPayload *) securityPayload;
@@ -360,9 +433,9 @@ TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
     ACLEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL);
 
     // Verify if SRM contains ACE for the subject
-    OicSecAcl_t* savePtr = NULL;
-    const OicSecAcl_t* subjectAcl1 = GetACLResourceData(&acl.subject, &savePtr);
-    ASSERT_TRUE(NULL != subjectAcl1);
+    OicSecAce_t* savePtr = NULL;
+    const OicSecAce_t* subjectAce1 = GetACLResourceData(&acl.aces->subjectuuid, &savePtr);
+    ASSERT_TRUE(NULL != subjectAce1);
 
     // Create Entity Handler DELETE request
     ehReq.method = OC_REST_DELETE;
@@ -374,8 +447,8 @@ TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
 
     // Verify if SRM has deleted ACE for the subject
     savePtr = NULL;
-    const OicSecAcl_t* subjectAcl2 = GetACLResourceData(&acl.subject, &savePtr);
-    ASSERT_TRUE(NULL == subjectAcl2);
+    const OicSecAce_t* subjectAce2 = GetACLResourceData(&acl.aces->subjectuuid, &savePtr);
+    ASSERT_TRUE(NULL == subjectAce2);
 
     // Perform cleanup
     DeInitACLResource();
@@ -386,6 +459,14 @@ TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
 
 TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
 {
+    static OCPersistentStorage ps = OCPersistentStorage();
+    SetPersistentHandler(&ps, true);
+
+    OicSecAcl_t *defaultAcl = NULL;
+    EXPECT_EQ(OC_STACK_OK, GetDefaultACL(&defaultAcl));
+    ASSERT_TRUE(defaultAcl != NULL);
+    EXPECT_EQ(OC_STACK_OK, SetDefaultACL(defaultAcl));
+
     //Populate ACL
     OicSecAcl_t acl = OicSecAcl_t();
     EXPECT_EQ(OC_STACK_OK, populateAcl(&acl, 2));
@@ -400,9 +481,6 @@ TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
     OCSecurityPayload *securityPayload = OCSecurityPayloadCreate(payload, size);
     ASSERT_TRUE(NULL!= securityPayload);
 
-    static OCPersistentStorage ps = OCPersistentStorage();
-    SetPersistentHandler(&ps, true);
-
     // Create Entity Handler POST request payload
     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
     ehReq.method = OC_REST_POST;
@@ -410,10 +488,18 @@ TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
     ACLEntityHandler(OC_REQUEST_FLAG, &ehReq, NULL);
 
     // Verify if SRM contains ACE for the subject with two resources
-    OicSecAcl_t* savePtr = NULL;
-    const OicSecAcl_t* subjectAcl1 = GetACLResourceData(&acl.subject, &savePtr);
-    ASSERT_TRUE(NULL != subjectAcl1);
-    EXPECT_EQ(2, subjectAcl1->resourcesLen);
+    OicSecAce_t* savePtr = NULL;
+    const OicSecAce_t* subjectAce1 = GetACLResourceData(&acl.aces->subjectuuid, &savePtr);
+    ASSERT_TRUE(NULL != subjectAce1);
+    EXPECT_EQ(2, GetNumberOfResource(subjectAce1));
+
+    printf("\n\n");
+    OicSecRsrc_t* rsrc = NULL;
+    LL_FOREACH(subjectAce1->resources, rsrc)
+    {
+        printf("%s\n", rsrc->href);
+    }
+    printf("\n\n");
 
     // Create Entity Handler DELETE request
     ehReq.method = OC_REST_DELETE;
@@ -426,9 +512,9 @@ TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
 
     // Verify if SRM contains ACL for the subject but only with one resource
     savePtr = NULL;
-    const OicSecAcl_t* subjectAcl2 = GetACLResourceData(&acl.subject, &savePtr);
-    ASSERT_TRUE(NULL != subjectAcl2);
-    EXPECT_EQ(1, subjectAcl2->resourcesLen);
+    const OicSecAce_t* subjectAce2 = GetACLResourceData(&acl.aces->subjectuuid, &savePtr);
+    ASSERT_TRUE(NULL != subjectAce2);
+    EXPECT_EQ(1, GetNumberOfResource(subjectAce2));
 
     // Perform cleanup
     OCPayloadDestroy((OCPayload *)securityPayload);
@@ -440,6 +526,14 @@ TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
 //'GET' with query ACL test
 TEST(ACLResourceTest, ACLGetWithQueryTest)
 {
+    static OCPersistentStorage ps = OCPersistentStorage();
+    SetPersistentHandler(&ps, true);
+
+    OicSecAcl_t *defaultAcl = NULL;
+    EXPECT_EQ(OC_STACK_OK, GetDefaultACL(&defaultAcl));
+    ASSERT_TRUE(defaultAcl != NULL);
+    EXPECT_EQ(OC_STACK_OK, SetDefaultACL(defaultAcl));
+
     //Populate ACL
     OicSecAcl_t acl = OicSecAcl_t();
     EXPECT_EQ(OC_STACK_OK, populateAcl(&acl, 1));
@@ -454,9 +548,6 @@ TEST(ACLResourceTest, ACLGetWithQueryTest)
     OCSecurityPayload *securityPayload = OCSecurityPayloadCreate(payload, size);
     ASSERT_TRUE(NULL != securityPayload);
 
-    static OCPersistentStorage ps = OCPersistentStorage();
-    SetPersistentHandler(&ps, true);
-
     //Create Entity Handler POST request payload
     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
     ehReq.method = OC_REST_POST;
index c048b16..835276f 100644 (file)
Binary files a/resource/csdk/security/unittest/oic_svr_db.dat and b/resource/csdk/security/unittest/oic_svr_db.dat differ
index 7c86ab3..f2c04cc 100644 (file)
@@ -8,32 +8,20 @@
                         {
                             "href": "/oic/res",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.res"],
+                            "if": ["oic.if.ll"]
                         },
                         {
                             "href": "/oic/d",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.d"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         },
                         {
                             "href": "/oic/p",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/res/types/d",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/ad",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.p"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         }
                     ],
                     "permission": 2
                         {
                             "href": "/oic/sec/doxm",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.doxm"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/pstat",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pstat"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/acl",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.acl"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 6
                         {
                             "href": "/oic/sec/pconf",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pconf"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/dpairing",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.dpairing"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 6
index e022892..4befed0 100644 (file)
Binary files a/resource/csdk/security/unittest/oic_unittest.dat and b/resource/csdk/security/unittest/oic_unittest.dat differ
index 922be86..c435721 100644 (file)
@@ -8,17 +8,17 @@
                         {
                             "href": "/oic/light",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/fan",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
-                    "permission": 31        
+                    "permission": 31
                 },
                 {
                     "subjectuuid": "33333333-3333-3333-3333-333333333333",
                         {
                             "href": "/oic/light",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/garage",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
-                    "permission": 31        
+                    "permission": 31
                 }
             ]
         },
index 93c8370..9b91532 100644 (file)
@@ -1 +1 @@
-¿caclY\ 2\8b¢faclist¡daces\84£ksubjectuuida*iresources\86¤dhrefh/oic/rescrel`brt`bif`¤dhreff/oic/dcrel`brt`bif`¤dhreff/oic/pcrel`brt`bif`¤dhrefp/oic/res/types/dcrel`brt`bif`¤dhrefg/oic/adcrel`brt`bif`¤dhrefl/oic/sec/aclcrel`brt`bif`jpermission\ 2£ksubjectuuida*iresources\82¤dhrefm/oic/sec/doxmcrel`brt`bif`¤dhrefn/oic/sec/pstatcrel`brt`bif`jpermission\ 6£ksubjectuuidx$31313131-3131-3131-3131-313131313131iresources\82¤dhrefj/oic/lightcrel`brt`bif`¤dhrefh/oic/fancrel`brt`bif`jpermission\18\1f£ksubjectuuidx$33333333-3333-3333-3333-333333333333iresources\82¤dhrefj/oic/lightcrel`brt`bif`¤dhrefk/oic/garagecrel`brt`bif`jpermission\18\1fjrowneruuidx$32323232-3232-3232-3232-323232323232ÿ
\ No newline at end of file
+¿caclY\ 3 ¢faclist¡daces\84£ksubjectuuida*iresources\83¤dhrefh/oic/resbrt\81joic.wk.resbif\81ioic.if.llcrel`¤dhreff/oic/dbrt\81hoic.wk.dbif\82ooic.if.baselinehoic.if.rcrel`¤dhreff/oic/pbrt\81hoic.wk.pbif\82ooic.if.baselinehoic.if.rcrel`jpermission\ 2£ksubjectuuida*iresources\82¤dhrefm/oic/sec/doxmbrt\81joic.r.doxmbif\81ooic.if.baselinecrel`¤dhrefn/oic/sec/pstatbrt\81koic.r.pstatbif\81ooic.if.baselinecrel`jpermission\ 6£ksubjectuuidx$31313131-3131-3131-3131-313131313131iresources\82¤dhrefj/oic/lightbrt\81hoic.corebif\81ooic.if.baselinecrel`¤dhrefh/oic/fanbrt\81hoic.corebif\81ooic.if.baselinecrel`jpermission\18\1f£ksubjectuuidx$33333333-3333-3333-3333-333333333333iresources\82¤dhrefj/oic/lightbrt\81hoic.corebif\81ooic.if.baselinecrel`¤dhrefk/oic/garagebrt\81hoic.corebif\81ooic.if.baselinecrel`jpermission\18\1fjrowneruuidx$32323232-3232-3232-3232-323232323232ÿ
\ No newline at end of file
index 7dd810f..7dbb78b 100644 (file)
@@ -8,38 +8,20 @@
                         {
                             "href": "/oic/res",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.res"],
+                            "if": ["oic.if.ll"]
                         },
                         {
                             "href": "/oic/d",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.d"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         },
                         {
                             "href": "/oic/p",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/res/types/d",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/ad",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/sec/acl",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.p"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         }
                     ],
                     "permission": 2
                         {
                             "href": "/oic/sec/doxm",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.doxm"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/pstat",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pstat"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 6
                         {
                             "href": "/oic/light",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/fan",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
-                    "permission": 31        
+                    "permission": 31
                 },
                 {
                     "subjectuuid": "33333333-3333-3333-3333-333333333333",
                         {
                             "href": "/oic/light",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/garage",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.core"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
-                    "permission": 31        
+                    "permission": 31
                 }
             ]
         },
index e9efbb5..064d997 100644 (file)
@@ -1 +1 @@
-¿caclY\ 1X¢faclist¡daces\81£ksubjectuuida*iresources\88¤dhrefh/oic/rescrel`brt`bif`¤dhreff/oic/dcrel`brt`bif`¤dhreff/oic/pcrel`brt`bif`¤dhrefp/oic/res/types/dcrel`brt`bif`¤dhrefg/oic/adcrel`brt`bif`¤dhrefl/oic/sec/aclcrel`brt`bif`¤dhrefm/oic/sec/doxmcrel`brt`bif`¤dhrefn/oic/sec/pstatcrel`brt`bif`jpermission\ 2jrowneruuidx$32323232-3232-3232-3232-323232323232ÿ
\ No newline at end of file
+¿caclY\ 1âfaclist¡daces\81£ksubjectuuida*iresources\86¤dhrefh/oic/resbrt\81joic.wk.resbif\81ioic.if.llcrel`¤dhreff/oic/dbrt\81hoic.wk.dbif\82ooic.if.baselinehoic.if.rcrel`¤dhreff/oic/pbrt\81hoic.wk.pbif\82ooic.if.baselinehoic.if.rcrel`¤dhrefm/oic/sec/doxmbrt\81joic.r.doxmbif\81ooic.if.baselinecrel`¤dhrefn/oic/sec/pstatbrt\81koic.r.pstatbif\81ooic.if.baselinecrel`¤dhrefl/oic/sec/aclbrt\81ioic.r.aclbif\81ooic.if.baselinecrel`jpermission\ 2jrowneruuidx$32323232-3232-3232-3232-323232323232ÿ
\ No newline at end of file
index d624da5..df8739a 100644 (file)
@@ -8,50 +8,38 @@
                         {
                             "href": "/oic/res",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.res"],
+                            "if": ["oic.if.ll"]
                         },
                         {
                             "href": "/oic/d",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.d"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         },
                         {
                             "href": "/oic/p",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.wk.p"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
                         },
                         {
-                            "href": "/oic/res/types/d",
+                            "href": "/oic/sec/doxm",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.doxm"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
-                            "href": "/oic/ad",
+                            "href": "/oic/sec/pstat",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.pstat"],
+                            "if": ["oic.if.baseline"]
                         },
                         {
                             "href": "/oic/sec/acl",
                             "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/sec/doxm",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
-                        },
-                        {
-                            "href": "/oic/sec/pstat",
-                            "rel": "",
-                            "rt": "",
-                            "if": ""
+                            "rt": ["oic.r.acl"],
+                            "if": ["oic.if.baseline"]
                         }
                     ],
                     "permission": 2
index ff0932f..3a2ed71 100644 (file)
Binary files a/resource/csdk/stack/samples/linux/secure/oic_amss_db.dat and b/resource/csdk/stack/samples/linux/secure/oic_amss_db.dat differ
index 4d958e9..92f954a 100644 (file)
@@ -8,44 +8,38 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },\r
                         {\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/ad",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.ad"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/amacl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.amacl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
@@ -99,7 +93,7 @@
                 "credtype": 1,\r
                 "privatedata": {\r
                     "data": "BBBBBBBBBBBBBBBB",\r
-                    "encoding": "oic.sec.encoding.raw"\r
+                    "encoding": "oic.encoding.raw"\r
                 }\r
             }\r
         ],\r
index 7dbbb0a..dc4fdee 100644 (file)
Binary files a/resource/csdk/stack/samples/linux/secure/oic_svr_db_client_devowner.dat and b/resource/csdk/stack/samples/linux/secure/oic_svr_db_client_devowner.dat differ
index 4b19514..fd12c93 100644 (file)
@@ -8,44 +8,38 @@
                         {\r
                             "href": "/oic/res",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.res"],\r
+                            "if": ["oic.if.ll"]\r
                         },\r
                         {\r
                             "href": "/oic/d",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.d"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/p",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.p"],\r
+                            "if": ["oic.if.baseline", "oic.if.r"]\r
                         },\r
                         {\r
                             "href": "/oic/ad",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.wk.ad"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/acl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.acl"],\r
+                            "if": ["oic.if.baseline"]\r
                         },\r
                         {\r
                             "href": "/oic/sec/amacl",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.amacl"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
                         {\r
                             "href": "/oic/sec/doxm",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        } ,\r
+                            "rt": ["oic.r.doxm"],\r
+                            "if": ["oic.if.baseline"]\r
+                        },\r
                         {\r
                             "href": "/oic/sec/pstat",\r
                             "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
+                            "rt": ["oic.r.pstat"],\r
+                            "if": ["oic.if.baseline"]\r
                         }\r
                     ],\r
                     "permission": 2\r
index 43b7a1c..033b730 100644 (file)
Binary files a/resource/csdk/stack/samples/linux/secure/oic_svr_db_client_directpairing.dat and b/resource/csdk/stack/samples/linux/secure/oic_svr_db_client_directpairing.dat differ
index d2e33a0..a652898 100644 (file)
 {
-    "acl": {\r
-        "aclist": {\r
-            "aces": [\r
-                {\r
-                    "subjectuuid": "*",\r
-                    "resources": [\r
-                        {\r
-                            "href": "/oic/res",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/p",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/res/types/d",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/presence",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        }\r
-                    ],\r
-                    "permission": 2\r
-                },\r
-                {\r
-                    "subjectuuid": "*",\r
-                    "resources": [\r
-                        {\r
-                            "href": "/oic/sec/doxm",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/sec/pstat",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/sec/acl",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        },\r
-                        {\r
-                            "href": "/oic/sec/cred",\r
-                            "rel": "",\r
-                            "rt": "",\r
-                            "if": ""\r
-                        }\r
-                    ],\r
-                    "permission": 6\r
-                }\r
-            ]\r
-        },\r
-        "rowneruuid" : "64697265-6374-7061-6972-696e67446576"\r
-    },\r
-    "pstat": {\r
-        "isop": false,\r
-        "deviceuuid": "64697265-6374-7061-6972-696e67446576",\r
-        "rowneruuid": "64697265-6374-7061-6972-696e67446576",\r
-        "cm": 2,\r
-        "tm": 0,\r
-        "om": 3,\r
-        "sm": 3\r
-        },\r
-    "doxm": {\r
-        "oxms": [0],\r
-        "oxmsel": 0,\r
-        "sct": 1,\r
-        "owned": false,\r
-        "deviceuuid": "64697265-6374-7061-6972-696e67446576",\r
-        "devowneruuid": "",\r
-        "rowneruuid": "64697265-6374-7061-6972-696e67446576",\r
-        "dpc": false\r
-    }\r
-}\r
+    "acl": {
+        "aclist": {
+            "aces": [
+                {
+                    "subjectuuid": "*",
+                    "resources": [
+                        {
+                            "href": "/oic/res",
+                            "rel": "",
+                            "rt": ["oic.wk.res"],
+                            "if": ["oic.if.ll"]
+                        },
+                        {
+                            "href": "/oic/d",
+                            "rel": "",
+                            "rt": ["oic.wk.d"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
+                        },
+                        {
+                            "href": "/oic/p",
+                            "rel": "",
+                            "rt": ["oic.wk.p"],
+                            "if": ["oic.if.baseline", "oic.if.r"]
+                        }
+                    ],
+                    "permission": 2
+                },
+                {
+                    "subjectuuid": "*",
+                    "resources": [
+                        {
+                            "href": "/oic/sec/doxm",
+                            "rel": "",
+                            "rt": ["oic.r.doxm"],
+                            "if": ["oic.if.baseline"]
+                        },
+                        {
+                            "href": "/oic/sec/pstat",
+                            "rel": "",
+                            "rt": ["oic.r.pstat"],
+                            "if": ["oic.if.baseline"]
+                        },
+                        {
+                            "href": "/oic/sec/acl",
+                            "rel": "",
+                            "rt": ["oic.r.acl"],
+                            "if": ["oic.if.baseline"]
+                        },
+                        {
+                            "href": "/oic/sec/cred",
+                            "rel": "",
+                            "rt": ["oic.r.cred"],
+                            "if": ["oic.if.baseline"]
+                        }
+                    ],
+                    "permission": 6
+                }
+            ]
+        },
+        "rowneruuid" : "64697265-6374-7061-6972-696e67446576"
+    },
+    "pstat": {
+        "isop": false,
+        "deviceuuid": "64697265-6374-7061-6972-696e67446576",
+        "rowneruuid": "64697265-637