niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move security config tests

Browse source 
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2020-01-16 13:20:41 +01:00 committed by eboasson
parent 5748f72c90
commit 03b8c51332
6 changed files with 866 additions and 927 deletions
Download patch file Download diff file Expand all files Collapse all files

31
src/core/ddsc/tests/CMakeLists.txt
View file

@ -73,33 +73,6 @@ set(CUnit_ddsc_config_simple_udp_file "${CMAKE_CURRENT_LIST_DIR}/config_simple_u
set(CUnit_ddsc_config_simple_udp_uri "file://${CUnit_ddsc_config_simple_udp_file}") set(CUnit_ddsc_config_simple_udp_uri "file://${CUnit_ddsc_config_simple_udp_file}")
set(CUnit_ddsc_config_simple_udp_max_participants "0") set(CUnit_ddsc_config_simple_udp_max_participants "0")
set(CUnit_ddsc_config_simple_udp_env "${PROJECT_NAME_CAPS}_URI=${CUnit_ddsc_config_simple_udp_uri};MAX_PARTICIPANTS=${CUnit_ddsc_config_simple_udp_max_participants};${CUnit_ddsc_config_simple_udp_env}") set(CUnit_ddsc_config_simple_udp_env "${PROJECT_NAME_CAPS}_URI=${CUnit_ddsc_config_simple_udp_uri};MAX_PARTICIPANTS=${CUnit_ddsc_config_simple_udp_max_participants};${CUnit_ddsc_config_simple_udp_env}")
unset(test_lib_tests)
# Let the cunit application know the location and name of the security mock libraries.
#file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/../../../security/core/tests/plugin_loading" test_lib_native_dir)
file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/src/security/core/tests/plugin_loading" test_lib_native_dir)
file(TO_NATIVE_PATH "/" test_lib_sep)
string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir})
string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep})
process_cunit_source_file("config.c" test_lib_header test_lib_suites test_lib_tests)
foreach(libtest ${test_lib_tests})
string(REPLACE ":" ";" libtest ${libtest})
list(GET libtest 0 suite)
list(GET libtest 1 test)
set(libtestname "CUnit_${suite}_${test}")
if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*")
set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}")
else()
set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}")
endif()
endforeach()
set_tests_properties( set_tests_properties(
CUnit_ddsc_config_simple_udp CUnit_ddsc_config_simple_udp
PROPERTIES PROPERTIES
@ -107,7 +80,3 @@ set_tests_properties(
ENVIRONMENT "${CUnit_ddsc_config_simple_udp_env}") ENVIRONMENT "${CUnit_ddsc_config_simple_udp_env}")
configure_file("config_env.h.in" "config_env.h" @ONLY) configure_file("config_env.h.in" "config_env.h" @ONLY)

808
src/core/ddsc/tests/config.c
View file

@ -22,10 +22,6 @@
#include "dds/ddsi/q_misc.h" #include "dds/ddsi/q_misc.h"
#include "dds/ddsi/q_xqos.h" #include "dds/ddsi/q_xqos.h"
#ifdef DDSI_INCLUDE_SECURITY
#include "dds/security/dds_security_api_defs.h"
#endif
#define FORCE_ENV #define FORCE_ENV
#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" #define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI"
@ -106,38 +102,11 @@ static void logger(void *ptr, const dds_log_data_t *data)
} }
} }
CU_Test(ddsc_config, security_non, .init = ddsrt_init, .fini = ddsrt_fini) { CU_Test(ddsc_security_config, empty, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* There shouldn't be traces that mention security. */ /* Expected traces when creating participant with an empty security element. We need to
const char *log_expected[] = { test this one here to be sure that it refuses to start when security is configured
"*Security*", but the implementation doesn't include support for it. */
NULL
};
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with an empty security element. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
CU_ASSERT_FATAL(participant > 0);
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* No security traces should have been provided. */
CU_ASSERT_FATAL(found == 0x0);
}
CU_Test(ddsc_config, security_empty, .init = ddsrt_init, .fini = ddsrt_fini) {
/* Expected traces when creating participant with an empty security element. */
const char *log_expected[] = { const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY #ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*", "config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
@ -172,770 +141,3 @@ CU_Test(ddsc_config, security_empty, .init = ddsrt_init, .fini = ddsrt_fini) {
CU_ASSERT_FATAL(found == 0x7); CU_ASSERT_FATAL(found == 0x7);
#endif #endif
} }
CU_Test(ddsc_config, security_missing, .init = ddsrt_init, .fini = ddsrt_fini) {
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*",
#endif
NULL
};
/* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate></IdentityCertificate>"
"<PrivateKey></PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"</Authentication>"
"<Cryptographic>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_crypto\" finalizeFunction=\"finalize_crypto\"/>"
"</Cryptographic>"
"<AccessControl>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_access_control\" finalizeFunction=\"finalize_access_control\"/>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with an empty security element. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
CU_ASSERT_FATAL(participant < 0);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x7);
#endif
}
CU_Test(ddsc_config, security_all, .init = ddsrt_init, .fini = ddsrt_fini) {
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
"config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
#endif
NULL
};
const char *sec_config =
"<"DDS_PROJECT_NAME">"
"<Domain id=\"any\">"
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
"<Cryptographic>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_crypto\" finalizeFunction=\"finalize_crypto\"/>"
"</Cryptographic>"
"<AccessControl>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_access_control\" finalizeFunction=\"finalize_access_control\"/>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>"
"</Domain>"
"</"DDS_PROJECT_NAME">";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x1fffff);
#endif
}
CU_Test(ddsc_config, security, .init = ddsrt_init, .fini = ddsrt_fini) {
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
"config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: {}*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,,0},"
"{dds.sec.auth.trusted_ca_dir,,0}}binary_value={}}*}*",
#endif
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"</Authentication>"
"<Cryptographic>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_crypto\" finalizeFunction=\"finalize_crypto\"/>"
"</Cryptographic>"
"<AccessControl>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_access_control\" finalizeFunction=\"finalize_access_control\"/>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x1fffff);
#endif
}
CU_Test(ddsc_config, security_deprecated, .init = ddsrt_init, .fini = ddsrt_fini) {
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
"config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},{dds.sec.access.library.finalize,finalize_access_control,0},{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
#endif
NULL
};
const char *sec_config =
"<"DDS_PROJECT_NAME">"
"<Domain>"
"<Id>any</Id>"
"</Domain>"
"<DDSI2E>"
"<DDSSecurity>"
"<Authentication>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
"<Cryptographic>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_crypto\" finalizeFunction=\"finalize_crypto\"/>"
"</Cryptographic>"
"<AccessControl>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_access_control\" finalizeFunction=\"finalize_access_control\"/>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>"
"<Tracing><Verbosity>finest</></>"
"</DDSI2E>"
"</"DDS_PROJECT_NAME">";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x1fffff);
#endif
}
CU_Test(ddsc_config, security_qos, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifdef DDSI_INCLUDE_SECURITY
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,file:/test/dir,0},"
"{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0}}binary_value={}}*}*",
#endif
NULL
};
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext");
dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir");
dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto");
dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_delete_qos(qos);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0);
#else
CU_ASSERT_FATAL(found == 0x1);
#endif
}
CU_Test(ddsc_config, security_qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifdef DDSI_INCLUDE_SECURITY
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{test.prop1,testtext_value1_testtext,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,file:/test/dir,0},"
"{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{test.prop2,testtext_value2_testtext,0}}"
"binary_value={{test.bprop1,(3,*),0}}}*}*",
#endif
NULL
};
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext");
dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir");
dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto");
dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_bprop(qos, "test.bprop1", bvalue, 3);
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0);
#else
CU_ASSERT_FATAL(found == 0x1);
#endif
}
CU_Test(ddsc_config, security_config_qos, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expect qos settings used when creating participant with config security elements and qos. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
/* The security settings from qos properties should have been parsed into the participant QoS. */
"new_participant(*): using security settings from QoS*",
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:QOS_Governance.p7s,0},"
"{dds.sec.access.permissions,file:QOS_Permissions.p7s,0},"
"{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0}"
"}binary_value={}}*}*",
#endif
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"</Authentication>"
"<AccessControl>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s");
#ifdef DDSI_INCLUDE_SECURITY /*for using with constants coming from API */
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication");
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control");
#endif
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x3);
#endif
}
CU_Test(ddsc_config, security_other_prop, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expect config used when creating participant with config security elements and
* qos containing only non-security properties. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
/* The security settings from config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{test.dds.sec.prop1,testtext_value1_testtext,0},"
"{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
#endif
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
"<Cryptographic>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_crypto\" finalizeFunction=\"finalize_crypto\"/>"
"</Cryptographic>"
"<AccessControl>"
"<Library path=\""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"\" initFunction=\"init_access_control\" finalizeFunction=\"finalize_access_control\"/>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext");
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x1);
#else
CU_ASSERT_FATAL(found == 0x1);
#endif
}
CU_Test(ddsc_config, security_qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
#ifndef DDSI_INCLUDE_SECURITY
"config: //CycloneDDS/Domain: DDSSecurity: unknown element*",
#else
/* The config should have been parsed into the participant QoS. */
"new_participant(*): using security settings from QoS*",
"new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.governance missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*",
#endif
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
"<Authentication>"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"</Authentication>"
"<AccessControl>"
"<Governance>file:Governance.p7s</Governance>"
"<PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
"<Permissions>file:Permissions.p7s</Permissions>"
"</AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext");
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
dds_delete_qos(qos);
#ifdef DDSI_INCLUDE_SECURITY
CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR);
#else
dds_delete(participant);
#endif
ddsrt_setenv(URI_VARIABLE, "");
/* All traces should have been provided. */
#ifndef DDSI_INCLUDE_SECURITY
CU_ASSERT_FATAL(found == 0x01);
#else
CU_ASSERT_FATAL(found == 0xffff);
#endif
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
}

4
src/core/ddsc/tests/config_env.h.in
View file

@ -14,9 +14,5 @@
#define CONFIG_ENV_SIMPLE_UDP "@CUnit_ddsc_config_simple_udp_uri@" #define CONFIG_ENV_SIMPLE_UDP "@CUnit_ddsc_config_simple_udp_uri@"
#define CONFIG_ENV_MAX_PARTICIPANTS "@CUnit_ddsc_config_simple_udp_max_participants@" #define CONFIG_ENV_MAX_PARTICIPANTS "@CUnit_ddsc_config_simple_udp_max_participants@"
#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@"
#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@"
#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@"
#define CONFIG_LIB_SEP "@test_lib_sep@"
#endif /* CONFIG_ENV_H */ #endif /* CONFIG_ENV_H */

134
src/security/core/tests/plugin_loading/CMakeLists.txt
View file

@ -9,121 +9,77 @@
# #
# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause # SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
# #
include (GenerateExportHeader) include(GenerateExportHeader)
include (CUnit) include(CUnit)
set(security_plugin_loading_test_sources set(security_plugin_loading_test_sources
"plugin_loading.c" "security_config.c"
) "plugin_loading.c")
add_cunit_executable(cunit_security_plugin_loading ${security_plugin_loading_test_sources}) add_cunit_executable(cunit_security_plugin_loading ${security_plugin_loading_test_sources})
target_include_directories( target_include_directories(
cunit_security_plugin_loading PRIVATE cunit_security_plugin_loading PRIVATE
"$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/src/include/>" "$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/src/include/>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsc,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsc,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../../core/ddsi/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}/../../../../core/ddsi/include>")
)
target_link_libraries(cunit_security_plugin_loading PRIVATE ddsc security_api) target_link_libraries(cunit_security_plugin_loading PRIVATE ddsc security_api)
target_include_directories(cunit_security_plugin_loading PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") target_include_directories(cunit_security_plugin_loading PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
set(CUnit_plugin_mock_dir ".") set(CUnit_plugin_mock_dir ".")
# Let the cunit application know the location and name of the library.
configure_file("config_env.h.in" "config_env.h") configure_file("config_env.h.in" "config_env.h")
# Let the cunit application know the location and name of the library. function(add_mock libname casename)
file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}" test_lib_native_dir)
file(TO_NATIVE_PATH "." test_lib_sep)
string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir})
string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep})
configure_file("config_env.h.in" "${CMAKE_CURRENT_BINARY_DIR}/include/config_env.h" @ONLY)
# Let ctest set the proper library path when executing library tests.
unset(test_lib_tests)
process_cunit_source_file("plugin_loading.c" test_lib_header test_lib_suites test_lib_tests)
foreach(libtest ${test_lib_tests})
string(REPLACE ":" ";" libtest ${libtest})
list(GET libtest 0 suite)
list(GET libtest 1 test)
set(libtestname "CUnit_${suite}_${test}")
if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*")
set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}")
else()
set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}")
endif()
endforeach()
function( add_mock libname casename )
PREPEND(srcs_mock_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" PREPEND(srcs_mock_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}"
"mock_${libname}.c" "mock_${libname}.c")
)
# PREPEND(hdrs_private_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}"
# "mock_${libname}.h"
# )
#
add_library("dds_security_${casename}" SHARED "") add_library("dds_security_${casename}" SHARED "")
generate_export_header( generate_export_header(
"dds_security_${casename}" "dds_security_${casename}"
BASE_NAME SECURITY BASE_NAME SECURITY
EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h" EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h")
)
set_target_properties( set_target_properties(
"dds_security_${casename}" "dds_security_${casename}"
PROPERTIES PROPERTIES
RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR}
RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR}
RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR}
RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR}
LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR}
LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR}
LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR}
LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} ) LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR})
#find_package(OpenSSL ) #find_package(OpenSSL )
target_link_libraries("dds_security_${casename}" PUBLIC ddsc)
#target_link_libraries("dds_security_${casename}" PUBLIC OpenSSL::SSL) #target_link_libraries("dds_security_${casename}" PUBLIC OpenSSL::SSL)
target_link_libraries("dds_security_${casename}" PUBLIC ddsc)
target_sources("dds_security_${casename}" target_sources("dds_security_${casename}"
PRIVATE PRIVATE
${srcs_mock_authentication_all_ok} ${srcs_mock_authentication_all_ok})
)
target_include_directories("dds_security_${casename}" target_include_directories("dds_security_${casename}"
PUBLIC PUBLIC
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_api,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_api,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_core,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>" "$<BUILD_INTERFACE:$<TARGET_PROPERTY:ddsrt,INTERFACE_INCLUDE_DIRECTORIES>>"
"$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>" "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include>")
)
endfunction() endfunction()
#PLUGIN MOCKS #PLUGIN MOCKS
add_mock( authentication authentication_all_ok ) add_mock(authentication authentication_all_ok)
add_mock( authentication authentication_all_ok_other ) add_mock(authentication authentication_all_ok_other)
add_mock( authentication authentication_missing_function ) add_mock(authentication authentication_missing_function)
add_mock( authentication authentication_finalize_error ) add_mock(authentication authentication_finalize_error)
add_mock( access_control access_control_all_ok ) add_mock(access_control access_control_all_ok)
add_mock( access_control access_control_missing_function ) add_mock(access_control access_control_missing_function)
add_mock( cryptography cryptography_all_ok ) add_mock(cryptography cryptography_all_ok)
add_mock( cryptography cryptography_missing_function ) add_mock(cryptography cryptography_missing_function)
add_mock( authentication authentication_init_error ) add_mock(authentication authentication_init_error)

4
src/security/core/tests/plugin_loading/config_env.h.in
View file

@ -17,5 +17,9 @@
#define TEST_LIB_SEP "@test_lib_sep@" #define TEST_LIB_SEP "@test_lib_sep@"
#define TEST_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" #define TEST_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@"
#define TEST_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" #define TEST_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@"
#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@"
#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@"
#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@"
#define CONFIG_LIB_SEP "@test_lib_sep@"
#endif /* CONFIG_ENV_H */ #endif /* CONFIG_ENV_H */

812
src/security/core/tests/plugin_loading/security_config.c Normal file
View file

@ -0,0 +1,812 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <stdlib.h>
#include "dds/dds.h"
#include "CUnit/Test.h"
#include "config_env.h"
#include "dds/version.h"
#include "dds/ddsrt/cdtors.h"
#include "dds/ddsrt/environ.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsi/q_misc.h"
#include "dds/ddsi/q_xqos.h"
#include "dds/security/dds_security_api_defs.h"
#define MOCKLIB_PATH(name) \
CONFIG_PLUGIN_MOCK_DIR CONFIG_LIB_SEP CONFIG_LIB_PREFIX name CONFIG_LIB_SUFFIX
#define MOCKLIB_ELEM_AUTH(name) \
"<Library path=\"" MOCKLIB_PATH(name) "\"" \
" initFunction=\"init_authentication\"" \
" finalizeFunction=\"finalize_authentication\" />"
#define MOCKLIB_ELEM_CRYPTO(name) \
"<Library path=\"" MOCKLIB_PATH(name) "\"" \
" initFunction=\"init_crypto\"" \
" finalizeFunction=\"finalize_crypto\" />"
#define MOCKLIB_ELEM_ACCESS_CONTROL(name) \
"<Library path=\"" MOCKLIB_PATH(name) "\"" \
" initFunction=\"init_access_control\"" \
" finalizeFunction=\"finalize_access_control\" />"
#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI"
/*
* The 'found' variable will contain flags related to the expected log
* messages that were received.
* Using flags will allow to show that when message isn't received,
* which one it was.
*/
static uint32_t found;
static void logger(void *ptr, const dds_log_data_t *data)
{
char **expected = (char**)ptr;
for (uint32_t i = 0; expected[i] != NULL; i++) {
if (ddsi2_patmatch(expected[i], data->message)) {
found |= (uint32_t)(1 << i);
}
}
}
CU_Test(ddsc_security_config, empty, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with an empty security element. We need to
test this one here to be sure that it refuses to start when security is configured
but the implementation doesn't include support for it. */
const char *log_expected[] = {
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*",
NULL
};
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with an empty security element. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<DDSSecurity/>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
CU_ASSERT_FATAL(participant < 0);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x7);
}
CU_Test(ddsc_security_config, non, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* There shouldn't be traces that mention security. */
const char *log_expected[] = {
"*Security*",
NULL
};
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with an empty security element. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
CU_ASSERT_FATAL(participant > 0);
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* No security traces should have been provided. */
CU_ASSERT_FATAL(found == 0x0);
}
CU_Test(ddsc_security_config, missing, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*",
"config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*",
NULL
};
/* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate></IdentityCertificate>"
" <PrivateKey></PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
" </Cryptographic>"
" <AccessControl>"
" "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok")
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with an empty security element. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
ddsrt_setenv(URI_VARIABLE, "");
CU_ASSERT_FATAL(participant < 0);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x7);
}
CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
"config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
NULL
};
const char *sec_config =
"<"DDS_PROJECT_NAME">"
" <Domain id=\"any\">"
" <Tracing><Verbosity>finest</></>"
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
" </Cryptographic>"
" <AccessControl>"
" "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok")
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
" </DDSSecurity>"
" </Domain>"
"</"DDS_PROJECT_NAME">";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1fffff);
}
CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
"config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: {}*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,,0},"
"{dds.sec.auth.trusted_ca_dir,,0}}binary_value={}}*}*",
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
" </Cryptographic>"
" <AccessControl>"
" "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok")
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1fffff);
}
CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
"config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
"config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*",
"config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*",
"config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*",
"config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*",
"config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*",
"config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*",
"config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*",
"config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*",
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},{dds.sec.access.library.finalize,finalize_access_control,0},{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
NULL
};
const char *sec_config =
"<"DDS_PROJECT_NAME">"
" <Domain id=\"any\">"
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
" </Cryptographic>"
" <AccessControl>"
" "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok")
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
" </DDSSecurity>"
" <Tracing><Verbosity>finest</></>"
" </Domain>"
"</"DDS_PROJECT_NAME">";
dds_entity_t participant;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1fffff);
}
CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,file:/test/dir,0},"
"{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0}}binary_value={}}*}*",
NULL
};
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext");
dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir");
dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")"");
dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto");
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_delete_qos(qos);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1);
}
CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
/* The config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={"
"{test.prop1,testtext_value1_testtext,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,file:/test/dir,0},"
"{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{test.prop2,testtext_value2_testtext,0}}"
"binary_value={{test.bprop1,(3,*),0}}}*}*",
NULL
};
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext");
dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir");
dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")"");
dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto");
dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto");
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_bprop(qos, "test.bprop1", bvalue, 3);
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, "<Tracing><Verbosity>finest</></>");
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
CU_ASSERT_FATAL(participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1);
}
CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expect qos settings used when creating participant with config security elements and qos. */
const char *log_expected[] = {
/* The security settings from qos properties should have been parsed into the participant QoS. */
"new_participant(*): using security settings from QoS*",
"PARTICIPANT * QOS={*property_list={value={"
"{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:QOS_Governance.p7s,0},"
"{dds.sec.access.permissions,file:QOS_Permissions.p7s,0},"
"{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0}"
"}binary_value={}}*}*",
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s");
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication");
dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_cryptography_all_ok")"");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto");
dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control");
dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control");
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
CU_ASSERT_FATAL (participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x3);
}
CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expect config used when creating participant with config security elements and
* qos containing only non-security properties. */
const char *log_expected[] = {
/* The security settings from config should have been parsed into the participant QoS. */
"PARTICIPANT * QOS={*property_list={value={{test.dds.sec.prop1,testtext_value1_testtext,0},"
"{dds.sec.auth.library.path,"MOCKLIB_PATH("dds_security_authentication_all_ok")",0},"
"{dds.sec.auth.library.init,init_authentication,0},"
"{dds.sec.auth.library.finalize,finalize_authentication,0},"
"{dds.sec.crypto.library.path,"MOCKLIB_PATH("dds_security_cryptography_all_ok")",0},"
"{dds.sec.crypto.library.init,init_crypto,0},"
"{dds.sec.crypto.library.finalize,finalize_crypto,0},"
"{dds.sec.access.library.path,"MOCKLIB_PATH("dds_security_access_control_all_ok")",0},"
"{dds.sec.access.library.init,init_access_control,0},"
"{dds.sec.access.library.finalize,finalize_access_control,0},"
"{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},"
"{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},"
"{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},"
"{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},"
"{dds.sec.access.governance,file:Governance.p7s,0},"
"{dds.sec.access.permissions,file:Permissions.p7s,0},"
"{dds.sec.auth.password,testtext_Password_testtext,0},"
"{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*",
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
" </Cryptographic>"
" <AccessControl>"
" "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok")
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext");
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create participant with security elements. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
CU_ASSERT_FATAL (participant > 0);
ddsrt_setenv(URI_VARIABLE, "");
dds_delete(participant);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
dds_delete_qos(qos);
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0x1);
}
CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini)
{
/* Expected traces when creating participant with the security elements. */
const char *log_expected[] = {
/* The config should have been parsed into the participant QoS. */
"new_participant(*): using security settings from QoS*",
"new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.governance missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*",
"new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*",
NULL
};
const char *sec_config =
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"
" <PermissionsCA>file:Permissions_CA.pem</PermissionsCA>"
" <Permissions>file:Permissions.p7s</Permissions>"
" </AccessControl>"
"</DDSSecurity>";
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext");
/* Create participant with security config in qos. */
found = 0;
ddsrt_setenv(URI_VARIABLE, sec_config);
participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL);
dds_delete_qos(qos);
CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR);
ddsrt_setenv(URI_VARIABLE, "");
/* All traces should have been provided. */
CU_ASSERT_FATAL(found == 0xffff);
dds_set_log_sink(NULL, NULL);
dds_set_trace_sink(NULL, NULL);
}