From 03b8c51332c216ccf22abdef3d154c93c86a8c76 Mon Sep 17 00:00:00 2001 From: Erik Boasson Date: Thu, 16 Jan 2020 13:20:41 +0100 Subject: [PATCH] Move security config tests Signed-off-by: Erik Boasson --- src/core/ddsc/tests/CMakeLists.txt | 31 - src/core/ddsc/tests/config.c | 808 +---------------- src/core/ddsc/tests/config_env.h.in | 4 - .../core/tests/plugin_loading/CMakeLists.txt | 134 +-- .../core/tests/plugin_loading/config_env.h.in | 4 + .../tests/plugin_loading/security_config.c | 812 ++++++++++++++++++ 6 files changed, 866 insertions(+), 927 deletions(-) create mode 100644 src/security/core/tests/plugin_loading/security_config.c diff --git a/src/core/ddsc/tests/CMakeLists.txt b/src/core/ddsc/tests/CMakeLists.txt index 62e8844..3365bb0 100644 --- a/src/core/ddsc/tests/CMakeLists.txt +++ b/src/core/ddsc/tests/CMakeLists.txt @@ -73,33 +73,6 @@ set(CUnit_ddsc_config_simple_udp_file "${CMAKE_CURRENT_LIST_DIR}/config_simple_u set(CUnit_ddsc_config_simple_udp_uri "file://${CUnit_ddsc_config_simple_udp_file}") set(CUnit_ddsc_config_simple_udp_max_participants "0") set(CUnit_ddsc_config_simple_udp_env "${PROJECT_NAME_CAPS}_URI=${CUnit_ddsc_config_simple_udp_uri};MAX_PARTICIPANTS=${CUnit_ddsc_config_simple_udp_max_participants};${CUnit_ddsc_config_simple_udp_env}") - - -unset(test_lib_tests) -# Let the cunit application know the location and name of the security mock libraries. -#file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/../../../security/core/tests/plugin_loading" test_lib_native_dir) - - -file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/src/security/core/tests/plugin_loading" test_lib_native_dir) -file(TO_NATIVE_PATH "/" test_lib_sep) -string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir}) -string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep}) - -process_cunit_source_file("config.c" test_lib_header test_lib_suites test_lib_tests) -foreach(libtest ${test_lib_tests}) - string(REPLACE ":" ";" libtest ${libtest}) - list(GET libtest 0 suite) - list(GET libtest 1 test) - set(libtestname "CUnit_${suite}_${test}") - if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*") - set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}") - else() - set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}") - endif() -endforeach() - - - set_tests_properties( CUnit_ddsc_config_simple_udp PROPERTIES @@ -107,7 +80,3 @@ set_tests_properties( ENVIRONMENT "${CUnit_ddsc_config_simple_udp_env}") configure_file("config_env.h.in" "config_env.h" @ONLY) - - - - diff --git a/src/core/ddsc/tests/config.c b/src/core/ddsc/tests/config.c index 644867c..bb82d85 100644 --- a/src/core/ddsc/tests/config.c +++ b/src/core/ddsc/tests/config.c @@ -22,10 +22,6 @@ #include "dds/ddsi/q_misc.h" #include "dds/ddsi/q_xqos.h" -#ifdef DDSI_INCLUDE_SECURITY -#include "dds/security/dds_security_api_defs.h" -#endif - #define FORCE_ENV #define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" @@ -106,38 +102,11 @@ static void logger(void *ptr, const dds_log_data_t *data) } } -CU_Test(ddsc_config, security_non, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* There shouldn't be traces that mention security. */ - const char *log_expected[] = { - "*Security*", - NULL - }; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant > 0); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* No security traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x0); -} - -CU_Test(ddsc_config, security_empty, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with an empty security element. */ +CU_Test(ddsc_security_config, empty, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with an empty security element. We need to + test this one here to be sure that it refuses to start when security is configured + but the implementation doesn't include support for it. */ const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", @@ -172,770 +141,3 @@ CU_Test(ddsc_config, security_empty, .init = ddsrt_init, .fini = ddsrt_fini) { CU_ASSERT_FATAL(found == 0x7); #endif } - -CU_Test(ddsc_config, security_missing, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", -#endif - NULL - }; - - /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ - const char *sec_config = - "finest" - "" - "" - "" - "" - "" - "testtext_Password_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant < 0); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x7); -#endif -} - -CU_Test(ddsc_config, security_all, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", - -#endif - NULL - }; - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x1fffff); -#endif -} - -CU_Test(ddsc_config, security, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", - "config: Domain/DDSSecurity/Authentication/Password/#text: {}*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,,0}," - "{dds.sec.auth.trusted_ca_dir,,0}}binary_value={}}*}*", -#endif - NULL - }; - - const char *sec_config = - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x1fffff); -#endif -} - -CU_Test(ddsc_config, security_deprecated, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0},{dds.sec.access.library.finalize,finalize_access_control,0},{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", -#endif - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "any" - "" - "" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "finest" - "" - ""; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x1fffff); -#endif -} - -CU_Test(ddsc_config, security_qos, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifdef DDSI_INCLUDE_SECURITY - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," - "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}}binary_value={}}*}*", - #endif - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); - dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); - dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); - dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); - dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); - dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); - dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0); -#else - CU_ASSERT_FATAL(found == 0x1); -#endif -} - -CU_Test(ddsc_config, security_qos_props, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifdef DDSI_INCLUDE_SECURITY - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{test.prop1,testtext_value1_testtext,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," - "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}," - "{test.prop2,testtext_value2_testtext,0}}" - "binary_value={{test.bprop1,(3,*),0}}}*}*", - - #endif - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); - dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - - dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); - dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); - dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); - dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); - dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); - dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - - dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); - - dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); - - dds_qset_bprop(qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0); -#else - CU_ASSERT_FATAL(found == 0x1); -#endif -} - -CU_Test(ddsc_config, security_config_qos, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expect qos settings used when creating participant with config security elements and qos. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - /* The security settings from qos properties should have been parsed into the participant QoS. */ - "new_participant(*): using security settings from QoS*", - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:QOS_Governance.p7s,0}," - "{dds.sec.access.permissions,file:QOS_Permissions.p7s,0}," - "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}" - "}binary_value={}}*}*", - #endif - NULL - }; - - const char *sec_config = - "finest" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext"); - dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext"); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext"); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s"); -#ifdef DDSI_INCLUDE_SECURITY /*for using with constants coming from API */ - dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); - dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); - dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); - dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); -#endif - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x3); -#endif -} - -CU_Test(ddsc_config, security_other_prop, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expect config used when creating participant with config security elements and - * qos containing only non-security properties. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - /* The security settings from config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{test.dds.sec.prop1,testtext_value1_testtext,0}," - "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.auth.library.init,init_authentication,0}," - "{dds.sec.auth.library.finalize,finalize_authentication,0}," - "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.crypto.library.init,init_crypto,0}," - "{dds.sec.crypto.library.finalize,finalize_crypto,0}," - "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," - "{dds.sec.access.library.init,init_access_control,0}," - "{dds.sec.access.library.finalize,finalize_access_control,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", - #endif - NULL - }; - - const char *sec_config = - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext"); - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); -#else - CU_ASSERT_FATAL(found == 0x1); -#endif -} - -CU_Test(ddsc_config, security_qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { -#ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", -#else - /* The config should have been parsed into the participant QoS. */ - "new_participant(*): using security settings from QoS*", - "new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.governance missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*", - #endif - NULL - }; - - const char *sec_config = - "finest" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext"); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_delete_qos(qos); -#ifdef DDSI_INCLUDE_SECURITY - CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); -#else - dds_delete(participant); -#endif - ddsrt_setenv(URI_VARIABLE, ""); - - /* All traces should have been provided. */ -#ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x01); -#else - CU_ASSERT_FATAL(found == 0xffff); -#endif - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); -} - diff --git a/src/core/ddsc/tests/config_env.h.in b/src/core/ddsc/tests/config_env.h.in index 60339cf..5d984d6 100644 --- a/src/core/ddsc/tests/config_env.h.in +++ b/src/core/ddsc/tests/config_env.h.in @@ -14,9 +14,5 @@ #define CONFIG_ENV_SIMPLE_UDP "@CUnit_ddsc_config_simple_udp_uri@" #define CONFIG_ENV_MAX_PARTICIPANTS "@CUnit_ddsc_config_simple_udp_max_participants@" -#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@" -#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" -#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" -#define CONFIG_LIB_SEP "@test_lib_sep@" #endif /* CONFIG_ENV_H */ diff --git a/src/security/core/tests/plugin_loading/CMakeLists.txt b/src/security/core/tests/plugin_loading/CMakeLists.txt index 9b2e088..0eda38b 100644 --- a/src/security/core/tests/plugin_loading/CMakeLists.txt +++ b/src/security/core/tests/plugin_loading/CMakeLists.txt @@ -9,121 +9,77 @@ # # SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause # -include (GenerateExportHeader) -include (CUnit) +include(GenerateExportHeader) +include(CUnit) set(security_plugin_loading_test_sources - "plugin_loading.c" - ) + "security_config.c" + "plugin_loading.c") add_cunit_executable(cunit_security_plugin_loading ${security_plugin_loading_test_sources}) target_include_directories( cunit_security_plugin_loading PRIVATE "$" - "$>" - "$>" - "$" - "$" - "$" - ) - + "$>" + "$>" + "$" + "$" + "$") target_link_libraries(cunit_security_plugin_loading PRIVATE ddsc security_api) target_include_directories(cunit_security_plugin_loading PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") set(CUnit_plugin_mock_dir ".") - +# Let the cunit application know the location and name of the library. configure_file("config_env.h.in" "config_env.h") -# Let the cunit application know the location and name of the library. -file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}" test_lib_native_dir) -file(TO_NATIVE_PATH "." test_lib_sep) -string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir}) -string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep}) -configure_file("config_env.h.in" "${CMAKE_CURRENT_BINARY_DIR}/include/config_env.h" @ONLY) -# Let ctest set the proper library path when executing library tests. -unset(test_lib_tests) -process_cunit_source_file("plugin_loading.c" test_lib_header test_lib_suites test_lib_tests) -foreach(libtest ${test_lib_tests}) - string(REPLACE ":" ";" libtest ${libtest}) - list(GET libtest 0 suite) - list(GET libtest 1 test) - set(libtestname "CUnit_${suite}_${test}") - if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*") - set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}") - else() - set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}") - endif() -endforeach() - - -function( add_mock libname casename ) - - +function(add_mock libname casename) PREPEND(srcs_mock_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" - "mock_${libname}.c" - ) - -# PREPEND(hdrs_private_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" -# "mock_${libname}.h" -# ) -# + "mock_${libname}.c") add_library("dds_security_${casename}" SHARED "") generate_export_header( - "dds_security_${casename}" - BASE_NAME SECURITY - EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h" - ) + "dds_security_${casename}" + BASE_NAME SECURITY + EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h") set_target_properties( - "dds_security_${casename}" - PROPERTIES - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} ) - - + "dds_security_${casename}" + PROPERTIES + RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR}) + #find_package(OpenSSL ) - - target_link_libraries("dds_security_${casename}" PUBLIC ddsc) #target_link_libraries("dds_security_${casename}" PUBLIC OpenSSL::SSL) + target_link_libraries("dds_security_${casename}" PUBLIC ddsc) target_sources("dds_security_${casename}" - PRIVATE - ${srcs_mock_authentication_all_ok} - - ) - + PRIVATE + ${srcs_mock_authentication_all_ok}) target_include_directories("dds_security_${casename}" - PUBLIC - "$>" - "$>" - "$>" - "$" - - ) - - + PUBLIC + "$>" + "$>" + "$>" + "$") endfunction() #PLUGIN MOCKS -add_mock( authentication authentication_all_ok ) -add_mock( authentication authentication_all_ok_other ) -add_mock( authentication authentication_missing_function ) -add_mock( authentication authentication_finalize_error ) -add_mock( access_control access_control_all_ok ) -add_mock( access_control access_control_missing_function ) -add_mock( cryptography cryptography_all_ok ) -add_mock( cryptography cryptography_missing_function ) -add_mock( authentication authentication_init_error ) - - +add_mock(authentication authentication_all_ok) +add_mock(authentication authentication_all_ok_other) +add_mock(authentication authentication_missing_function) +add_mock(authentication authentication_finalize_error) +add_mock(access_control access_control_all_ok) +add_mock(access_control access_control_missing_function) +add_mock(cryptography cryptography_all_ok) +add_mock(cryptography cryptography_missing_function) +add_mock(authentication authentication_init_error) diff --git a/src/security/core/tests/plugin_loading/config_env.h.in b/src/security/core/tests/plugin_loading/config_env.h.in index 203620f..6d05734 100644 --- a/src/security/core/tests/plugin_loading/config_env.h.in +++ b/src/security/core/tests/plugin_loading/config_env.h.in @@ -17,5 +17,9 @@ #define TEST_LIB_SEP "@test_lib_sep@" #define TEST_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" #define TEST_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" +#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@" +#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" +#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" +#define CONFIG_LIB_SEP "@test_lib_sep@" #endif /* CONFIG_ENV_H */ diff --git a/src/security/core/tests/plugin_loading/security_config.c b/src/security/core/tests/plugin_loading/security_config.c new file mode 100644 index 0000000..5e95683 --- /dev/null +++ b/src/security/core/tests/plugin_loading/security_config.c @@ -0,0 +1,812 @@ +/* + * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" +#include "config_env.h" + +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsi/q_misc.h" +#include "dds/ddsi/q_xqos.h" + +#include "dds/security/dds_security_api_defs.h" + +#define MOCKLIB_PATH(name) \ + CONFIG_PLUGIN_MOCK_DIR CONFIG_LIB_SEP CONFIG_LIB_PREFIX name CONFIG_LIB_SUFFIX +#define MOCKLIB_ELEM_AUTH(name) \ + "" +#define MOCKLIB_ELEM_CRYPTO(name) \ + "" +#define MOCKLIB_ELEM_ACCESS_CONTROL(name) \ + "" + +#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" + +/* + * The 'found' variable will contain flags related to the expected log + * messages that were received. + * Using flags will allow to show that when message isn't received, + * which one it was. + */ +static uint32_t found; + +static void logger(void *ptr, const dds_log_data_t *data) +{ + char **expected = (char**)ptr; + for (uint32_t i = 0; expected[i] != NULL; i++) { + if (ddsi2_patmatch(expected[i], data->message)) { + found |= (uint32_t)(1 << i); + } + } +} + + +CU_Test(ddsc_security_config, empty, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with an empty security element. We need to + test this one here to be sure that it refuses to start when security is configured + but the implementation doesn't include support for it. */ + const char *log_expected[] = { + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + NULL + }; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, ""); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant < 0); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x7); +} + +CU_Test(ddsc_security_config, non, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* There shouldn't be traces that mention security. */ + const char *log_expected[] = { + "*Security*", + NULL + }; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* No security traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x0); +} + +CU_Test(ddsc_security_config, missing, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + NULL + }; + + /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ + const char *sec_config = + "finest" + "" + " " + " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") + " " + " " + " testtext_Password_testtext" + " " + " " + " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") + " " + " " + " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant < 0); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x7); +} + +CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + NULL + }; + const char *sec_config = + "<"DDS_PROJECT_NAME">" + " " + " finest" + " " + " " + " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") + " " + " " + " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + " " + ""; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1fffff); +} + +CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", + "config: Domain/DDSSecurity/Authentication/Password/#text: {}*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,,0}," + "{dds.sec.auth.trusted_ca_dir,,0}}binary_value={}}*}*", + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " " + " " + " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") + " " + " " + " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1fffff); +} + +CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0},{dds.sec.access.library.finalize,finalize_access_control,0},{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + " " + " " + " " + " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") + " " + " " + " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + " finest" + " " + ""; + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1fffff); +} + +CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," + "{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}}binary_value={}}*}*", + NULL + }; + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_delete_qos(qos); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{test.prop1,testtext_value1_testtext,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," + "{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{test.prop2,testtext_value2_testtext,0}}" + "binary_value={{test.bprop1,(3,*),0}}}*}*", + NULL + }; + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + + dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expect qos settings used when creating participant with config security elements and qos. */ + const char *log_expected[] = { + /* The security settings from qos properties should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:QOS_Governance.p7s,0}," + "{dds.sec.access.permissions,file:QOS_Permissions.p7s,0}," + "{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}" + "}binary_value={}}*}*", + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + dds_entity_t participant; + dds_qos_t * qos; + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_FATAL (participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expect config used when creating participant with config security elements and + * qos containing only non-security properties. */ + const char *log_expected[] = { + /* The security settings from config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={{test.dds.sec.prop1,testtext_value1_testtext,0}," + "{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") + " " + " " + " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + dds_entity_t participant; + dds_qos_t * qos; + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext"); + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_FATAL (participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini) +{ + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + "new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.governance missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*", + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " testtext_IdentityCertificate_testtext" + " testtext_IdentityCA_testtext" + " testtext_PrivateKey_testtext" + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext"); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + dds_delete_qos(qos); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + ddsrt_setenv(URI_VARIABLE, ""); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0xffff); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); +}