From fbedd21f07fb004786c8a36defae8c7aac74ed2e Mon Sep 17 00:00:00 2001
From: Omar Kallel <omar.kallel@pivasoftware.com>
Date: Wed, 4 Mar 2020 12:06:11 +0100
Subject: [PATCH] Ticket refs #1835: Device.Security. object (code style
 review)

---
 dmtree/tr181/security.c | 250 ++++++++++++++++++++--------------------
 dmtree/tr181/security.h |   7 +-
 libbbf_api/dmcommon.c   |  52 +++++----
 3 files changed, 159 insertions(+), 150 deletions(-)

diff --git a/dmtree/tr181/security.c b/dmtree/tr181/security.c
index e196285b..51629953 100644
--- a/dmtree/tr181/security.c
+++ b/dmtree/tr181/security.c
@@ -5,7 +5,7 @@
  * it under the terms of the GNU Lesser General Public License version 2.1
  * as published by the Free Software Foundation
  *
- *	Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
+ *	Author: Omar Kallel <omar.kallel@pivasoftware.com>
  */
 
 #include "security.h"
@@ -46,7 +46,8 @@ X509 *cert,
 #elif LMBEDTLS
 mbedtls_x509_crt cert,
 #endif
-struct uci_section *dmsect, struct certificate_profile *certprofile) {
+struct uci_section *dmsect, struct certificate_profile *certprofile)
+{
 	certprofile->path = path;
 #ifdef LOPENSSL
 	certprofile->openssl_cert = cert;
@@ -59,122 +60,124 @@ struct uci_section *dmsect, struct certificate_profile *certprofile) {
 #ifdef LOPENSSL
 int convert_ASN1TIME(ASN1_TIME *t, char* buf, size_t len)
 {
-        int rc;
-        BIO *b = BIO_new(BIO_s_mem());
-        rc = ASN1_TIME_print(b, t);
-        if (rc <= 0) {
-                BIO_free(b);
-                return EXIT_FAILURE;
-        }
-        rc = BIO_gets(b, buf, len);
-        if (rc <= 0) {
-                BIO_free(b);
-                return EXIT_FAILURE;
-        }
-        BIO_free(b);
-        return EXIT_SUCCESS;
+	int rc;
+	BIO *b = BIO_new(BIO_s_mem());
+	rc = ASN1_TIME_print(b, t);
+	if (rc <= 0) {
+		BIO_free(b);
+		return EXIT_FAILURE;
+	}
+	rc = BIO_gets(b, buf, len);
+	if (rc <= 0) {
+		BIO_free(b);
+		return EXIT_FAILURE;
+	}
+	BIO_free(b);
+	return EXIT_SUCCESS;
 }
 
-char *get_certificate_sig_alg(int sig_nid){
+char *get_certificate_sig_alg(int sig_nid)
+{
 	switch(sig_nid) {
-		case NID_sha256WithRSAEncryption:
-			return LN_sha256WithRSAEncryption;
-		case NID_sha384WithRSAEncryption:
-			return LN_sha384WithRSAEncryption;
-		case NID_sha512WithRSAEncryption:
-			return LN_sha512WithRSAEncryption;
-		case NID_sha224WithRSAEncryption:
-			return LN_sha224WithRSAEncryption;
-		case NID_sha512_224WithRSAEncryption:
-			return LN_sha512_224WithRSAEncryption;
-		case NID_sha512_256WithRSAEncryption:
-			return LN_sha512_224WithRSAEncryption;
-		case NID_pbeWithMD2AndDES_CBC:
-			return LN_pbeWithMD2AndDES_CBC;
-		case NID_pbeWithMD5AndDES_CBC:
-			return LN_pbeWithMD5AndDES_CBC;
-		case NID_pbeWithMD2AndRC2_CBC:
-			return LN_pbeWithMD5AndDES_CBC;
-		case NID_pbeWithMD5AndRC2_CBC:
-			return LN_pbeWithMD5AndRC2_CBC;
-		case NID_pbeWithSHA1AndDES_CBC:
-			return LN_pbeWithSHA1AndDES_CBC;
-		case NID_pbeWithSHA1AndRC2_CBC:
-			return LN_pbeWithSHA1AndDES_CBC;
-		case NID_pbe_WithSHA1And128BitRC4:
-			return LN_pbe_WithSHA1And128BitRC4;
-		case NID_pbe_WithSHA1And40BitRC4:
-			return LN_pbe_WithSHA1And40BitRC4;
-		case NID_pbe_WithSHA1And3_Key_TripleDES_CBC:
-			return LN_pbe_WithSHA1And3_Key_TripleDES_CBC;
-		case NID_pbe_WithSHA1And2_Key_TripleDES_CBC:
-			return LN_pbe_WithSHA1And2_Key_TripleDES_CBC;
-		case NID_pbe_WithSHA1And128BitRC2_CBC:
-			return LN_pbe_WithSHA1And128BitRC2_CBC;
-		case NID_pbe_WithSHA1And40BitRC2_CBC:
-			return LN_pbe_WithSHA1And40BitRC2_CBC;
-		case NID_sm3WithRSAEncryption:
-			return LN_sm3WithRSAEncryption;
-		case NID_shaWithRSAEncryption:
-			return LN_shaWithRSAEncryption;
-		case NID_md2WithRSAEncryption:
-			return LN_md2WithRSAEncryption;
-		case NID_md4WithRSAEncryption:
-			return LN_md4WithRSAEncryption;
-		case NID_md5WithRSAEncryption:
-			return LN_md5WithRSAEncryption;
-		case NID_sha1WithRSAEncryption:
-			return LN_sha1WithRSAEncryption;
-		default:
-			return "";
+	case NID_sha256WithRSAEncryption:
+		return LN_sha256WithRSAEncryption;
+	case NID_sha384WithRSAEncryption:
+		return LN_sha384WithRSAEncryption;
+	case NID_sha512WithRSAEncryption:
+		return LN_sha512WithRSAEncryption;
+	case NID_sha224WithRSAEncryption:
+		return LN_sha224WithRSAEncryption;
+	case NID_sha512_224WithRSAEncryption:
+		return LN_sha512_224WithRSAEncryption;
+	case NID_sha512_256WithRSAEncryption:
+		return LN_sha512_224WithRSAEncryption;
+	case NID_pbeWithMD2AndDES_CBC:
+		return LN_pbeWithMD2AndDES_CBC;
+	case NID_pbeWithMD5AndDES_CBC:
+		return LN_pbeWithMD5AndDES_CBC;
+	case NID_pbeWithMD2AndRC2_CBC:
+		return LN_pbeWithMD5AndDES_CBC;
+	case NID_pbeWithMD5AndRC2_CBC:
+		return LN_pbeWithMD5AndRC2_CBC;
+	case NID_pbeWithSHA1AndDES_CBC:
+		return LN_pbeWithSHA1AndDES_CBC;
+	case NID_pbeWithSHA1AndRC2_CBC:
+		return LN_pbeWithSHA1AndDES_CBC;
+	case NID_pbe_WithSHA1And128BitRC4:
+		return LN_pbe_WithSHA1And128BitRC4;
+	case NID_pbe_WithSHA1And40BitRC4:
+		return LN_pbe_WithSHA1And40BitRC4;
+	case NID_pbe_WithSHA1And3_Key_TripleDES_CBC:
+		return LN_pbe_WithSHA1And3_Key_TripleDES_CBC;
+	case NID_pbe_WithSHA1And2_Key_TripleDES_CBC:
+		return LN_pbe_WithSHA1And2_Key_TripleDES_CBC;
+	case NID_pbe_WithSHA1And128BitRC2_CBC:
+		return LN_pbe_WithSHA1And128BitRC2_CBC;
+	case NID_pbe_WithSHA1And40BitRC2_CBC:
+		return LN_pbe_WithSHA1And40BitRC2_CBC;
+	case NID_sm3WithRSAEncryption:
+		return LN_sm3WithRSAEncryption;
+	case NID_shaWithRSAEncryption:
+		return LN_shaWithRSAEncryption;
+	case NID_md2WithRSAEncryption:
+		return LN_md2WithRSAEncryption;
+	case NID_md4WithRSAEncryption:
+		return LN_md4WithRSAEncryption;
+	case NID_md5WithRSAEncryption:
+		return LN_md5WithRSAEncryption;
+	case NID_sha1WithRSAEncryption:
+		return LN_sha1WithRSAEncryption;
+	default:
+		return "";
 	}
 }
 #elif LMBEDTLS
-char *get_certificate_md(mbedtls_md_type_t sig_md) {
-    switch(sig_md) {
-            case MBEDTLS_MD_MD2:
-                    return "md2";
-            case MBEDTLS_MD_MD4:
-                    return "md4";
-                    break;
-            case MBEDTLS_MD_MD5:
-                    return "md5";
-            case MBEDTLS_MD_SHA1:
-                    return "sha1";
-            case MBEDTLS_MD_SHA224:
-                    return "sha224";
-            case MBEDTLS_MD_SHA256:
-                    return "sha256";
-            case MBEDTLS_MD_SHA384:
-                    return "sha384";
-            case MBEDTLS_MD_SHA512:
-                    return "sha512";
-            case MBEDTLS_MD_RIPEMD160:
-                    return "ripemd160";
-            default:
-                    return "";
-    }
-    return "";
+char *get_certificate_md(mbedtls_md_type_t sig_md)
+{
+	switch(sig_md) {
+	case MBEDTLS_MD_MD2:
+		return "md2";
+	case MBEDTLS_MD_MD4:
+		return "md4";
+	case MBEDTLS_MD_MD5:
+		return "md5";
+	case MBEDTLS_MD_SHA1:
+		return "sha1";
+	case MBEDTLS_MD_SHA224:
+		return "sha224";
+	case MBEDTLS_MD_SHA256:
+		return "sha256";
+	case MBEDTLS_MD_SHA384:
+		return "sha384";
+	case MBEDTLS_MD_SHA512:
+		return "sha512";
+	case MBEDTLS_MD_RIPEMD160:
+		return "ripemd160";
+	default:
+		return "";
+	}
+	return "";
 }
 
-char *get_certificate_pk(mbedtls_pk_type_t sig_pk) {
-    switch(sig_pk) {
-            case MBEDTLS_PK_RSA:
-                    return "RSA";
-            case MBEDTLS_PK_ECKEY:
-                   	return "ECKEY";
-            case MBEDTLS_PK_ECKEY_DH:
-                    return "ECKEYDH";
-            case MBEDTLS_PK_ECDSA:
-                    return "ECDSA";
-            case MBEDTLS_PK_RSA_ALT:
-                    return "RSAALT";
-            case MBEDTLS_PK_RSASSA_PSS:
-                    return "RSASSAPSS";
-            default:
-                    return "";
-    }
-    return "";
+char *get_certificate_pk(mbedtls_pk_type_t sig_pk)
+{
+	switch(sig_pk) {
+	case MBEDTLS_PK_RSA:
+		return "RSA";
+	case MBEDTLS_PK_ECKEY:
+		return "ECKEY";
+	case MBEDTLS_PK_ECKEY_DH:
+		return "ECKEYDH";
+	case MBEDTLS_PK_ECDSA:
+		return "ECDSA";
+	case MBEDTLS_PK_RSA_ALT:
+		return "RSAALT";
+	case MBEDTLS_PK_RSASSA_PSS:
+		return "RSASSAPSS";
+	default:
+		return "";
+	}
+	return "";
 }
 #endif
 
@@ -197,17 +200,17 @@ int browseSecurityCertificateInst(struct dmctx *dmctx, DMNODE *parent_node, void
 #ifdef LOPENSSL
 		FILE *fp = NULL;
 		fp = fopen(certifcates_paths[i], "r");
-        X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
-        if (!cert) {
-        	fclose(fp);
-        	continue;
-        }
+		X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL);
+		if (!cert) {
+			fclose(fp);
+			continue;
+		}
 		if ((dmmap_sect = get_dup_section_in_dmmap_opt("dmmap_security", "security_certificate", "path", certifcates_paths[i])) == NULL) {
 			dmuci_add_section_bbfdm("dmmap_security", "security_certificate", &dmmap_sect, &v);
 			DMUCI_SET_VALUE_BY_SECTION(bbfdm, dmmap_sect, "path", certifcates_paths[i]);
 		}
 		init_certificate(certifcates_paths[i], cert, dmmap_sect, &certificateprofile);
-        cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
+		cert_inst = handle_update_instance(1, dmctx, &cert_inst_last, update_instance_alias, 3, dmmap_sect, "security_certificate_instance", "security_certificate_alias");
 		if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)&certificateprofile, cert_inst) == DM_STOP)
 			break;
 
@@ -244,6 +247,7 @@ int get_Security_CertificateNumberOfEntries(char *refparam, struct dmctx *ctx, v
 	char **certifcates_paths = NULL;
 	certifcates_paths = get_all_iop_certificates(&length);
 	int number = 0;
+
 	for (i=0; i<length; i++) {
 #ifdef LOPENSSL
 		FILE *fp = NULL;
@@ -281,13 +285,13 @@ int get_SecurityCertificate_Enable(char *refparam, struct dmctx *ctx, void *data
 int set_SecurityCertificate_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
 {
 	switch (action)	{
-		case VALUECHECK:
-			if (dm_validate_boolean(value))
-				return FAULT_9007;
-			break;
-		case VALUESET:
-			//TODO
-			break;
+	case VALUECHECK:
+		if (dm_validate_boolean(value))
+			return FAULT_9007;
+		break;
+	case VALUESET:
+		//TODO
+		break;
 	}
 	return 0;
 }
diff --git a/dmtree/tr181/security.h b/dmtree/tr181/security.h
index 5a859cb7..bdbd69de 100644
--- a/dmtree/tr181/security.h
+++ b/dmtree/tr181/security.h
@@ -5,12 +5,12 @@
  * it under the terms of the GNU Lesser General Public License version 2.1
  * as published by the Free Software Foundation
  *
- *	Author: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
+ *	Author: Omar Kallel <omar.kallel@pivasoftware.com>
  */
 
 #ifndef __SECURITY_H
 #define __SECURITY_H
-//#undef LOPENSSL
+
 #include <libbbf_api/dmcommon.h>
 #ifdef LOPENSSL
 #include <openssl/x509.h>
@@ -21,9 +21,6 @@
 #include <mbedtls/x509.h>
 #include <mbedtls/x509_crt.h>
 #endif
-#include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #define DATE_LEN 128
 
diff --git a/libbbf_api/dmcommon.c b/libbbf_api/dmcommon.c
index f0845df8..ab6d81f7 100644
--- a/libbbf_api/dmcommon.c
+++ b/libbbf_api/dmcommon.c
@@ -2051,35 +2051,38 @@ int dm_validate_int_list(char *value, char *min_item, char *max_item, char *max_
 	return 0;
 }
 
-int get_base64char_value(char b64) {
+int get_base64char_value(char b64)
+{
 	char *base64C = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
 	int i;
-	for(i = 0; i<64; i++)
-			if ( base64C[i] == b64 )
-					return i;
+	for (i = 0; i<64; i++)
+		if ( base64C[i] == b64 )
+			return i;
 	return -1;
 }
 
-char *decode64 (char *enc) {
+char *decode64 (char *enc)
+{
 	int i, j=0;
 	size_t decsize = strlen(enc)*6/8;
 	char *dec = (char *)dmmalloc((decsize +1) * sizeof(char));
 
 	for (i=0; i<strlen(enc)-1; i++) {
-			dec[j] = (get_base64char_value(enc[i]) << (j%3==0?2:(j%3==1?4:6))) + (get_base64char_value(enc[i+1]) >> (j%3==0?4:     (j%3==1? 2:0)));
-			if( j%3 == 2)
-					i++;
-			j++;
+		dec[j] = (get_base64char_value(enc[i]) << (j%3==0?2:(j%3==1?4:6))) + (get_base64char_value(enc[i+1]) >> (j%3==0?4:(j%3==1? 2:0)));
+		if (j%3 == 2)
+			i++;
+		j++;
 	}
 	dec[j] = '\0';
 	return dec;
 }
 
-int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename) {
+int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, char *filename)
+{
 	int i;
 
-	for(i=0; i<length; i++) {
-		if(strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
+	for (i=0; i<length; i++) {
+		if (strncmp(cert_paths[i], dirpath, strlen(dirpath)) == 0 && strstr(cert_paths[i], filename))
 			return 1;
 	}
 	return 0;
@@ -2087,14 +2090,16 @@ int is_string_exist_in_str_array(char **cert_paths, int length, char *dirpath, c
 
 int is_regular_file(const char *path)
 {
-	if (access(path, F_OK)!=0)
+	if (access(path, F_OK) != 0)
 		return 1;
+
     struct stat path_stat;
     stat(path, &path_stat);
     return S_ISREG(path_stat.st_mode);
 }
 
-char *get_cert_directory_path_from_uci(char *ucipath) {
+char *get_cert_directory_path_from_uci(char *ucipath)
+{
 	char **uci_elts = NULL, **dirs = NULL;
 	char *pth = NULL;
 	size_t length;
@@ -2112,7 +2117,8 @@ char *get_cert_directory_path_from_uci(char *ucipath) {
 	return pth;
 }
 
-char **get_all_iop_certificates(int* length) {
+char **get_all_iop_certificates(int* length)
+{
 	char * certs_uci[] = {"openvpn.sample_server.cert", "openvpn.sample_client.cert", "owsd.ubusproxy.peer_cert", "owsd.wan_https.cert"};
 	int i, j=0;
 	char *dirpath = NULL;
@@ -2123,13 +2129,13 @@ char **get_all_iop_certificates(int* length) {
 
 	for (i=0; i<number_certs_dirs; i++) {
 		dirpath = get_cert_directory_path_from_uci(certs_uci[i]);
-		if(dirpath && strlen(dirpath)>0) {
+		if (dirpath && strlen(dirpath)>0) {
 			DIR *dir;
 			struct dirent *ent;
 			if ((dir = opendir(dirpath)) == NULL)
 				continue;
 			while ((ent = readdir (dir)) != NULL) {
-				if(ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
+				if (ent->d_name[0] == '.' || is_string_exist_in_str_array(certificates_paths, j, dirpath, ent->d_name))
 					continue;
 				dmasprintf(&certificates_paths[j],"%s%s", dirpath, ent->d_name);
 				j++;
@@ -2142,20 +2148,22 @@ char **get_all_iop_certificates(int* length) {
 	return certificates_paths;
 }
 
-char* stringToHex(char *text, int length) {
+char* stringToHex(char *text, int length)
+{
   char *hex = NULL;
-
+  int i, j;
   hex = (char *)dmcalloc(100, sizeof(char));
 
-  for (int i = 0, j = 0; i < length; ++i, j += 3){
+  for (i = 0, j = 0; i < length; ++i, j += 3){
     sprintf(hex + j, "%02x", text[i] & 0xff);
-    if(i<length-1)
+    if (i<length-1)
     	sprintf(hex + j+2, "%c", ':');
   }
   return hex;
 }
 
-char* replace_char(char* str, char find, char replace){
+char* replace_char(char* str, char find, char replace)
+{
     char *current_pos = strchr(str,find);
     while (current_pos){
         *current_pos = replace;