From 1cf472ea06df198bdc13e2dfb84883f7c4e0511d Mon Sep 17 00:00:00 2001 From: Dennis Potman Date: Mon, 24 Feb 2020 14:08:56 +0100 Subject: [PATCH] Refactored tests for security core: introduced generic wrappers for security plugins and updated plugin loading tests to use these instead of specific wrappers per test. Added test for securing communication ad handshake fail (using different identity CAs) Signed-off-by: Dennis Potman --- .../ddsi/include/dds/ddsi/ddsi_security_omg.h | 3 +- src/core/ddsi/src/ddsi_security_omg.c | 7 + src/security/CMakeLists.txt | 2 +- .../access_control/CMakeLists.txt | 12 +- .../authentication/CMakeLists.txt | 21 +- .../authentication/src/authentication.c | 2 +- .../cryptographic/CMakeLists.txt | 11 +- .../builtin_plugins/tests/CMakeLists.txt | 19 +- src/security/core/CMakeLists.txt | 12 +- .../dds/security/core/dds_security_utils.h | 3 +- src/security/core/src/dds_security_utils.c | 4 +- src/security/core/tests/CMakeLists.txt | 79 +- src/security/core/tests/SecurityCoreTests.idl | 18 + src/security/core/tests/authentication.c | 119 +++ .../tests/common/access_control_wrapper.c | 551 +++++++++++ .../tests/common/access_control_wrapper.h | 26 + .../tests/common/authentication_wrapper.c | 566 +++++++++++ .../tests/common/authentication_wrapper.h | 38 + .../core/tests/common/config_env.h.in | 27 + .../core/tests/common/cryptography_wrapper.c | 728 ++++++++++++++ .../core/tests/common/cryptography_wrapper.h | 39 + src/security/core/tests/common/etc/create_p7s | 36 + .../tests/common/etc/default_governance.p7s | 120 +++ .../tests/common/etc/default_governance.xml | 62 ++ .../tests/common/etc/default_permissions.p7s | 97 ++ .../tests/common/etc/default_permissions.xml | 39 + .../common/etc/default_permissions_ca.pem | 26 + .../common/etc/default_permissions_ca_key.pem | 27 + .../core/tests/common/handshake_test_utils.c | 232 +++++ .../core/tests/common/handshake_test_utils.h | 48 + .../core/tests/common/plugin_wrapper_msg_q.c | 134 +++ .../core/tests/common/plugin_wrapper_msg_q.h | 62 ++ .../tests/common/security_config_test_utils.c | 156 +++ .../tests/common/security_config_test_utils.h | 28 + .../core/tests/common/test_identity.h | 184 ++++ src/security/core/tests/config.c | 631 ++++++++++++ src/security/core/tests/dds_security_core.c | 8 +- src/security/core/tests/handshake.c | 99 ++ src/security/core/tests/plugin_loading.c | 646 +++++++++++++ .../core/tests/plugin_loading/CMakeLists.txt | 85 -- .../core/tests/plugin_loading/config_env.h.in | 25 - .../tests/plugin_loading/plugin_loading.c | 911 ------------------ .../mock_access_control.c | 597 ------------ .../mock_access_control.h | 281 ------ .../mock_access_control.c | 600 ------------ .../mock_access_control.h | 280 ------ .../mock_authentication.c | 404 -------- .../mock_authentication.h | 137 --- .../mock_authentication.c | 353 ------- .../mock_authentication.h | 136 --- .../mock_authentication.c | 394 -------- .../mock_authentication.h | 264 ----- .../mock_authentication.c | 347 ------- .../mock_authentication.h | 217 ----- .../mock_authentication.c | 402 -------- .../mock_authentication.h | 218 ----- .../cryptography_all_ok/mock_cryptography.c | 667 ------------- .../cryptography_all_ok/mock_cryptography.h | 21 - .../mock_cryptography.c | 656 ------------- .../mock_cryptography.h | 26 - .../tests/plugin_loading/security_config.c | 724 -------------- .../core/tests/secure_communication.c | 481 +++++++++ 62 files changed, 5335 insertions(+), 7813 deletions(-) create mode 100644 src/security/core/tests/SecurityCoreTests.idl create mode 100644 src/security/core/tests/authentication.c create mode 100644 src/security/core/tests/common/access_control_wrapper.c create mode 100644 src/security/core/tests/common/access_control_wrapper.h create mode 100644 src/security/core/tests/common/authentication_wrapper.c create mode 100644 src/security/core/tests/common/authentication_wrapper.h create mode 100644 src/security/core/tests/common/config_env.h.in create mode 100644 src/security/core/tests/common/cryptography_wrapper.c create mode 100644 src/security/core/tests/common/cryptography_wrapper.h create mode 100755 src/security/core/tests/common/etc/create_p7s create mode 100644 src/security/core/tests/common/etc/default_governance.p7s create mode 100644 src/security/core/tests/common/etc/default_governance.xml create mode 100644 src/security/core/tests/common/etc/default_permissions.p7s create mode 100644 src/security/core/tests/common/etc/default_permissions.xml create mode 100644 src/security/core/tests/common/etc/default_permissions_ca.pem create mode 100644 src/security/core/tests/common/etc/default_permissions_ca_key.pem create mode 100644 src/security/core/tests/common/handshake_test_utils.c create mode 100644 src/security/core/tests/common/handshake_test_utils.h create mode 100644 src/security/core/tests/common/plugin_wrapper_msg_q.c create mode 100644 src/security/core/tests/common/plugin_wrapper_msg_q.h create mode 100644 src/security/core/tests/common/security_config_test_utils.c create mode 100644 src/security/core/tests/common/security_config_test_utils.h create mode 100644 src/security/core/tests/common/test_identity.h create mode 100644 src/security/core/tests/config.c create mode 100644 src/security/core/tests/handshake.c create mode 100644 src/security/core/tests/plugin_loading.c delete mode 100644 src/security/core/tests/plugin_loading/CMakeLists.txt delete mode 100644 src/security/core/tests/plugin_loading/config_env.h.in delete mode 100644 src/security/core/tests/plugin_loading/plugin_loading.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c delete mode 100644 src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h delete mode 100644 src/security/core/tests/plugin_loading/security_config.c create mode 100644 src/security/core/tests/secure_communication.c diff --git a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h index 534a762..674cd3f 100644 --- a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h +++ b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h @@ -123,6 +123,8 @@ struct reader_sec_attributes { struct dds_security_authentication *q_omg_participant_get_authentication(const struct participant *pp); +DDS_EXPORT struct dds_security_cryptography *q_omg_participant_get_cryptography(const struct participant *pp); + void q_omg_log_exception(const struct ddsrt_log_cfg *lc, uint32_t cat, DDS_Security_SecurityException *exception, const char *file, uint32_t line, const char *func, const char *fmt, ...); /** @@ -1083,7 +1085,6 @@ void q_omg_security_deinit( struct ddsi_domaingv *gv ); bool q_omg_is_security_loaded( struct dds_security_context *sc ); - #else /* DDSI_INCLUDE_SECURITY */ #include "dds/ddsi/q_unused.h" diff --git a/src/core/ddsi/src/ddsi_security_omg.c b/src/core/ddsi/src/ddsi_security_omg.c index 7204515..16da442 100644 --- a/src/core/ddsi/src/ddsi_security_omg.c +++ b/src/core/ddsi/src/ddsi_security_omg.c @@ -559,6 +559,13 @@ get_first_matched_proxypp_crypto_handle(struct participant_sec_attributes *attr) return handle; } +struct dds_security_cryptography *q_omg_participant_get_cryptography(const struct participant *pp) +{ + if (pp && pp->e.gv->security_context && q_omg_is_security_loaded(pp->e.gv->security_context)) + return pp->e.gv->security_context->crypto_context; + return NULL; +} + bool q_omg_is_security_loaded (dds_security_context *sc) { return (sc->crypto_context != NULL || sc->authentication_context != NULL || sc->access_control_context != NULL); diff --git a/src/security/CMakeLists.txt b/src/security/CMakeLists.txt index b96c7da..fd9af5d 100644 --- a/src/security/CMakeLists.txt +++ b/src/security/CMakeLists.txt @@ -18,4 +18,4 @@ if(ENABLE_SECURITY) if(ENABLE_SSL) add_subdirectory(builtin_plugins) endif() -endif() \ No newline at end of file +endif() diff --git a/src/security/builtin_plugins/access_control/CMakeLists.txt b/src/security/builtin_plugins/access_control/CMakeLists.txt index e882b2c..e0ffc78 100644 --- a/src/security/builtin_plugins/access_control/CMakeLists.txt +++ b/src/security/builtin_plugins/access_control/CMakeLists.txt @@ -26,16 +26,12 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) -add_definitions(-DDDSI_INCLUDE_SSL) - target_link_libraries(dds_security_ac PUBLIC ddsc) target_link_libraries(dds_security_ac PUBLIC OpenSSL::SSL) - -target_sources(dds_security_ac - PRIVATE - ${srcs_accesscontrol} -) - +if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties(dds_security_ac PROPERTIES LINK_FLAGS "/ignore:4099") +endif() +target_sources(dds_security_ac PRIVATE ${srcs_accesscontrol}) target_include_directories(dds_security_ac PUBLIC "$>" diff --git a/src/security/builtin_plugins/authentication/CMakeLists.txt b/src/security/builtin_plugins/authentication/CMakeLists.txt index 9dc9b53..91455c5 100644 --- a/src/security/builtin_plugins/authentication/CMakeLists.txt +++ b/src/security/builtin_plugins/authentication/CMakeLists.txt @@ -15,7 +15,7 @@ PREPEND(srcs_authentication "${CMAKE_CURRENT_LIST_DIR}/src" authentication.c auth_utils.c ) - + PREPEND(hdrs_private_authentication "${CMAKE_CURRENT_LIST_DIR}/src" auth_defs.h authentication.h @@ -31,21 +31,12 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) - - -find_package(OpenSSL ) - -add_definitions(-DDDSI_INCLUDE_SSL) - target_link_libraries(dds_security_auth PUBLIC ddsc) target_link_libraries(dds_security_auth PUBLIC OpenSSL::SSL) - -target_sources(dds_security_auth - PRIVATE - ${srcs_authentication} - -) - +if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties(dds_security_auth PROPERTIES LINK_FLAGS "/ignore:4099") +endif() +target_sources(dds_security_auth PRIVATE ${srcs_authentication}) target_include_directories(dds_security_auth PUBLIC "$>" @@ -55,7 +46,7 @@ target_include_directories(dds_security_auth ) install( - TARGETS + TARGETS EXPORT "${PROJECT_NAME}" RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT lib LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT lib diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c index 63f4a60..d6139d9 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.c +++ b/src/security/builtin_plugins/authentication/src/authentication.c @@ -23,7 +23,7 @@ #include "dds/ddsrt/heap.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_timed_cb.h" - +#include "dds/security/core/dds_security_utils.h" #if OPENSLL_VERSION_NUMBER >= 0x10002000L #define AUTH_INCLUDE_EC diff --git a/src/security/builtin_plugins/cryptographic/CMakeLists.txt b/src/security/builtin_plugins/cryptographic/CMakeLists.txt index a1eb46e..3cae998 100644 --- a/src/security/builtin_plugins/cryptographic/CMakeLists.txt +++ b/src/security/builtin_plugins/cryptographic/CMakeLists.txt @@ -29,15 +29,12 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) -add_definitions(-DDDSI_INCLUDE_SSL) - target_link_libraries(dds_security_crypto PUBLIC ddsc) target_link_libraries(dds_security_crypto PUBLIC OpenSSL::SSL) - -target_sources(dds_security_crypto - PRIVATE - ${srcs_cryptographic} -) +if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties(dds_security_crypto PROPERTIES LINK_FLAGS "/ignore:4099") +endif() +target_sources(dds_security_crypto PRIVATE ${srcs_cryptographic}) target_include_directories(dds_security_crypto PUBLIC diff --git a/src/security/builtin_plugins/tests/CMakeLists.txt b/src/security/builtin_plugins/tests/CMakeLists.txt index d2a8af1..60a9704 100644 --- a/src/security/builtin_plugins/tests/CMakeLists.txt +++ b/src/security/builtin_plugins/tests/CMakeLists.txt @@ -60,6 +60,7 @@ set(security_crypto_test_sources ) add_cunit_executable(cunit_security_plugins ${security_auth_test_sources} ${security_ac_test_sources} ${security_crypto_test_sources}) + target_include_directories( cunit_security_plugins PRIVATE "$" @@ -69,15 +70,10 @@ target_include_directories( "$" "$" ) -target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api) - -if(OPENSSL_FOUND) -target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_ac) -target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto) - target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL) - -else() - message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON") +target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api dds_security_ac dds_security_crypto) +target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL) +if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties(cunit_security_plugins PROPERTIES LINK_FLAGS "/ignore:4099") endif() target_include_directories( @@ -91,11 +87,6 @@ target_include_directories( "$" ) - - set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}") set(CUnit_build_dir "${CMAKE_CURRENT_BINARY_DIR}") - configure_file("config_env.h.in" "config_env.h") - - diff --git a/src/security/core/CMakeLists.txt b/src/security/core/CMakeLists.txt index 41ea708..19f4823 100644 --- a/src/security/core/CMakeLists.txt +++ b/src/security/core/CMakeLists.txt @@ -17,7 +17,7 @@ PREPEND(srcs_security_core "${CMAKE_CURRENT_LIST_DIR}/src" dds_security_fsm.c dds_security_timed_cb.c ) - + PREPEND(hdrs_public_security_core "${CMAKE_CURRENT_LIST_DIR}/include/security/core" dds_security_serialize.h dds_security_types.h @@ -35,12 +35,7 @@ endif() add_library(security_core INTERFACE) - -target_sources(security_core - INTERFACE - ${srcs_security_core} - -) +target_sources(security_core INTERFACE ${srcs_security_core}) target_include_directories(security_core INTERFACE @@ -49,12 +44,9 @@ target_include_directories(security_core "$>" "$>" ) -#target_link_libraries(security_core PRIVATE ddsrt security_api) if(BUILD_TESTING) add_subdirectory(tests) -# Temporarily disabled because needs refractoring w.r.t. security implementation -# add_subdirectory(tests/plugin_loading) endif() install( diff --git a/src/security/core/include/dds/security/core/dds_security_utils.h b/src/security/core/include/dds/security/core/dds_security_utils.h index d6a745e..c9cbf0e 100644 --- a/src/security/core/include/dds/security/core/dds_security_utils.h +++ b/src/security/core/include/dds/security/core/dds_security_utils.h @@ -271,7 +271,7 @@ DDS_Security_Exception_set( ...); -#if DDSI_INCLUDE_SSL +#ifdef DDSI_INCLUDE_SSL DDS_EXPORT void DDS_Security_Exception_set_with_openssl_error( DDS_Security_SecurityException *ex, @@ -279,7 +279,6 @@ DDS_Security_Exception_set_with_openssl_error( int code, int minor_code, const char *fmt); - #endif DDS_EXPORT void diff --git a/src/security/core/src/dds_security_utils.c b/src/security/core/src/dds_security_utils.c index ea5a7d8..3c04c60 100644 --- a/src/security/core/src/dds_security_utils.c +++ b/src/security/core/src/dds_security_utils.c @@ -22,7 +22,7 @@ #include "dds/ddsrt/string.h" #include "dds/ddsrt/misc.h" -#if DDSI_INCLUDE_SSL +#ifdef DDSI_INCLUDE_SSL #include #include #endif @@ -806,7 +806,7 @@ DDS_Security_Exception_set( ex->minor_code = minor_code; } -#if DDSI_INCLUDE_SSL +#ifdef DDSI_INCLUDE_SSL DDS_EXPORT void DDS_Security_Exception_set_with_openssl_error( DDS_Security_SecurityException *ex, diff --git a/src/security/core/tests/CMakeLists.txt b/src/security/core/tests/CMakeLists.txt index d240583..9fcc0c0 100644 --- a/src/security/core/tests/CMakeLists.txt +++ b/src/security/core/tests/CMakeLists.txt @@ -12,14 +12,78 @@ include (GenerateExportHeader) include (CUnit) +idlc_generate(SecurityCoreTests SecurityCoreTests.idl) + +function(add_wrapper libname linklibs) + set(srcs_wrapper + "${CMAKE_CURRENT_LIST_DIR}/common/${libname}_wrapper.c" + "${CMAKE_CURRENT_LIST_DIR}/common/plugin_wrapper_msg_q.c") + add_library("dds_security_${libname}_wrapper" SHARED "") + if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties("dds_security_${libname}_wrapper" PROPERTIES LINK_FLAGS "/ignore:4099") + endif() + + generate_export_header( + "dds_security_${libname}_wrapper" + BASE_NAME SECURITY + EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${libname}_wrapper_export.h") + + set_target_properties( + "dds_security_${libname}_wrapper" + PROPERTIES + RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR}) + + if(APPLE) + set_target_properties("dds_security_${libname}_wrapper" PROPERTIES LINK_FLAGS "-undefined dynamic_lookup") + endif() + + target_link_libraries("dds_security_${libname}_wrapper" PUBLIC ddsc ${linklibs}) + target_sources("dds_security_${libname}_wrapper" PRIVATE ${srcs_wrapper}) + target_include_directories("dds_security_${libname}_wrapper" + PUBLIC + "$>" + "$>" + "$>" + "$" + "$" + "$") +endfunction() + set(security_core_test_sources "tc_fsm.c" "dds_security_core.c" "security_utils.c" - ) +) + +if(ENABLE_SSL) + add_wrapper(access_control "") + add_wrapper(authentication dds_security_auth) + add_wrapper(cryptography dds_security_crypto) + + list(APPEND security_core_test_sources + "common/security_config_test_utils.c" + "common/handshake_test_utils.c" + "authentication.c" + "config.c" + "handshake.c" + "plugin_loading.c" + "secure_communication.c" + ) +endif() -add_definitions(-DDDSI_INCLUDE_SECURITY) add_cunit_executable(cunit_security_core ${security_core_test_sources}) +if(CMAKE_GENERATOR MATCHES "Visual Studio") + set_target_properties(cunit_security_core PROPERTIES LINK_FLAGS "/ignore:4099") +endif() target_include_directories( cunit_security_core PRIVATE @@ -33,6 +97,15 @@ target_include_directories( "$" ) +set(common_etc_dir "${CMAKE_CURRENT_SOURCE_DIR}/common/etc") +set(plugin_wrapper_lib_dir "${CMAKE_CURRENT_BINARY_DIR}") +file(TO_NATIVE_PATH "/" file_path_sep) +string(REPLACE "\\" "\\\\" file_path_sep ${file_path_sep}) +configure_file("common/config_env.h.in" "common/config_env.h") -target_link_libraries(cunit_security_core PRIVATE ddsc security_api) +target_link_libraries(cunit_security_core PRIVATE ddsc security_api SecurityCoreTests) +if(ENABLE_SSL) + target_link_libraries(cunit_security_core PRIVATE dds_security_auth dds_security_ac dds_security_crypto dds_security_authentication_wrapper dds_security_cryptography_wrapper) + target_link_libraries(cunit_security_core PRIVATE OpenSSL::SSL) +endif() target_include_directories(cunit_security_core PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") diff --git a/src/security/core/tests/SecurityCoreTests.idl b/src/security/core/tests/SecurityCoreTests.idl new file mode 100644 index 0000000..1eb6700 --- /dev/null +++ b/src/security/core/tests/SecurityCoreTests.idl @@ -0,0 +1,18 @@ +/* + * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +module SecurityCoreTests { + struct Type1 { + long id; //@Key + long value; + }; +#pragma keylist Type1 id +}; diff --git a/src/security/core/tests/authentication.c b/src/security/core/tests/authentication.c new file mode 100644 index 0000000..e981648 --- /dev/null +++ b/src/security/core/tests/authentication.c @@ -0,0 +1,119 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" + +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/q_config.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/ddsi/q_misc.h" +#include "dds/ddsi/ddsi_xqos.h" + +#include "dds/security/dds_security_api.h" + +#include "common/config_env.h" +#include "common/authentication_wrapper.h" +#include "common/handshake_test_utils.h" +#include "common/security_config_test_utils.h" +#include "common/test_identity.h" + +static const char *config = + "${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}" + "0" + "" + " finest" + " " + " " + " " + " ${TEST_IDENTITY_CERTIFICATE}" + " ${TEST_IDENTITY_PRIVATE_KEY}" + " ${TEST_IDENTITY_CA_CERTIFICATE}" + " testtext_Password_testtext" + " ." + " " + " " + " " + " file:" COMMON_ETC_PATH("default_governance.p7s") "" + " file:" COMMON_ETC_PATH("default_permissions_ca.pem") "" + " file:" COMMON_ETC_PATH("default_permissions.p7s") "" + " " + " " + " " + " " + " " + ""; + +#define DDS_DOMAINID1 0 +#define DDS_DOMAINID2 1 + +static dds_entity_t g_domain1 = 0; +static dds_entity_t g_participant1 = 0; + +static dds_entity_t g_domain2 = 0; +static dds_entity_t g_participant2 = 0; + +static void authentication_init(void) +{ + struct kvp governance_vars[] = { + { "ALLOW_UNAUTH_PP", "false" }, + { "ENABLE_JOIN_AC", "true" }, + { NULL, NULL } + }; + char * gov_config_signed = get_governance_config (governance_vars); + + struct kvp config_vars1[] = { + { "GOVERNANCE_DATA", gov_config_signed }, + { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY_CERTIFICATE }, + { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY_PRIVATE_KEY }, + { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA_CERTIFICATE }, + { NULL, NULL } + }; + struct kvp config_vars2[] = { + { "GOVERNANCE_DATA", gov_config_signed }, + { "TEST_IDENTITY_CERTIFICATE", TEST_IDENTITY2_CERTIFICATE }, + { "TEST_IDENTITY_PRIVATE_KEY", TEST_IDENTITY2_PRIVATE_KEY }, + { "TEST_IDENTITY_CA_CERTIFICATE", TEST_IDENTITY_CA2_CERTIFICATE }, + { NULL, NULL } + }; + + char *conf1 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars1); + char *conf2 = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars2); + g_domain1 = dds_create_domain (DDS_DOMAINID1, conf1); + g_domain2 = dds_create_domain (DDS_DOMAINID2, conf2); + dds_free (conf1); + dds_free (conf2); + ddsrt_free (gov_config_signed); + + CU_ASSERT_FATAL ((g_participant1 = dds_create_participant (DDS_DOMAINID1, NULL, NULL)) > 0); + CU_ASSERT_FATAL ((g_participant2 = dds_create_participant (DDS_DOMAINID2, NULL, NULL)) > 0); +} + +static void authentication_fini(void) +{ + CU_ASSERT_EQUAL_FATAL (dds_delete (g_participant1), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL (dds_delete (g_participant2), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL (dds_delete (g_domain1), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL (dds_delete (g_domain2), DDS_RETCODE_OK); +} + +CU_Test(ddssec_authentication, different_ca, .init = authentication_init, .fini = authentication_fini) +{ + validate_handshake (DDS_DOMAINID1, true, NULL, true, "error: unable to get local issuer certificate"); + validate_handshake (DDS_DOMAINID2, true, NULL, true, "error: unable to get local issuer certificate"); +} diff --git a/src/security/core/tests/common/access_control_wrapper.c b/src/security/core/tests/common/access_control_wrapper.c new file mode 100644 index 0000000..83b88f6 --- /dev/null +++ b/src/security/core/tests/common/access_control_wrapper.c @@ -0,0 +1,551 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include +#include "dds/dds.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_utils.h" +#include "access_control_wrapper.h" + +enum ac_plugin_mode { + PLUGIN_MODE_ALL_OK, + PLUGIN_MODE_MISSING_FUNC +}; + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ +struct dds_security_access_control_impl { + dds_security_access_control base; + enum ac_plugin_mode mode; +}; + +static DDS_Security_PermissionsHandle validate_local_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(identity); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return 1; +} + +static DDS_Security_PermissionsHandle validate_remote_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(remote_permissions_token); + DDSRT_UNUSED_ARG(remote_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return 0; +} + +static DDS_Security_boolean check_create_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_create_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(writer_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_create_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(reader_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_create_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const char *topic_name, + const DDS_Security_Qos *qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_local_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_local_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_remote_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_remote_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_remote_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + *relay_only = false; + return true; +} + +static DDS_Security_boolean check_remote_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_local_datawriter_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_local_datareader_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_remote_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(instance_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean check_remote_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean get_permissions_token( + dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + memset(permissions_token, 0, sizeof(*permissions_token)); + permissions_token->class_id = ddsrt_strdup(""); + return true; +} + +static DDS_Security_boolean get_permissions_credential_token( + dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean set_listener( dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_permissions_token( dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + ddsrt_free (token->class_id); + return true; +} + +static DDS_Security_boolean return_permissions_credential_token( + dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean get_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean get_topic_sec_attributes( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean get_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean get_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_topic_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + +static DDS_Security_boolean return_permissions_handle( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + return true; +} + + +static struct dds_security_access_control_impl * init_test_access_control_common() +{ + struct dds_security_access_control_impl *impl = ddsrt_malloc(sizeof(*impl)); + memset(impl, 0, sizeof(*impl)); + impl->base.validate_local_permissions = &validate_local_permissions; + impl->base.validate_remote_permissions = &validate_remote_permissions; + impl->base.check_create_participant = &check_create_participant; + impl->base.check_create_datawriter = &check_create_datawriter; + impl->base.check_create_datareader = &check_create_datareader; + impl->base.check_create_topic = &check_create_topic; + impl->base.check_local_datawriter_register_instance = &check_local_datawriter_register_instance; + impl->base.check_local_datawriter_dispose_instance = &check_local_datawriter_dispose_instance; + impl->base.check_remote_participant = &check_remote_participant; + impl->base.check_remote_datawriter = &check_remote_datawriter; + impl->base.check_remote_datareader = &check_remote_datareader; + impl->base.check_remote_topic = &check_remote_topic; + impl->base.check_local_datawriter_match = &check_local_datawriter_match; + impl->base.check_local_datareader_match = &check_local_datareader_match; + impl->base.check_remote_datawriter_register_instance = &check_remote_datawriter_register_instance; + impl->base.check_remote_datawriter_dispose_instance = &check_remote_datawriter_dispose_instance; + impl->base.get_permissions_token = &get_permissions_token; + impl->base.get_permissions_credential_token = &get_permissions_credential_token; + impl->base.set_listener = &set_listener; + impl->base.return_permissions_token = &return_permissions_token; + impl->base.return_permissions_credential_token = &return_permissions_credential_token; + impl->base.get_participant_sec_attributes = &get_participant_sec_attributes; + impl->base.get_topic_sec_attributes = &get_topic_sec_attributes; + impl->base.get_datawriter_sec_attributes = &get_datawriter_sec_attributes; + impl->base.get_datareader_sec_attributes = &get_datareader_sec_attributes; + impl->base.return_participant_sec_attributes = &return_participant_sec_attributes; + impl->base.return_topic_sec_attributes = &return_topic_sec_attributes; + impl->base.return_datawriter_sec_attributes = &return_datawriter_sec_attributes; + impl->base.return_datareader_sec_attributes = &return_datareader_sec_attributes; + impl->base.return_permissions_handle = &return_permissions_handle; + return impl; +} + +int32_t init_test_access_control_all_ok(const char *argument, void **context) +{ + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + struct dds_security_access_control_impl *impl = init_test_access_control_common(); + impl->mode = PLUGIN_MODE_ALL_OK; + *context = impl; + return 0; +} + +int32_t finalize_test_access_control_all_ok(void *context) +{ + assert(((struct dds_security_access_control_impl *)context)->mode == PLUGIN_MODE_ALL_OK); + ddsrt_free(context); + return 0; +} + +int32_t init_test_access_control_missing_func(const char *argument, void **context) +{ + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + struct dds_security_access_control_impl *impl = init_test_access_control_common(); + impl->base.check_create_datareader = NULL; + impl->mode = PLUGIN_MODE_MISSING_FUNC; + *context = impl; + return 0; +} + +int32_t finalize_test_access_control_missing_func(void *context) +{ + assert(((struct dds_security_access_control_impl *)context)->mode == PLUGIN_MODE_MISSING_FUNC); + ddsrt_free(context); + return 0; +} + diff --git a/src/security/core/tests/common/access_control_wrapper.h b/src/security/core/tests/common/access_control_wrapper.h new file mode 100644 index 0000000..70c9c2c --- /dev/null +++ b/src/security/core/tests/common/access_control_wrapper.h @@ -0,0 +1,26 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ +#define SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ + +#include "dds/security/dds_security_api.h" +#include "dds/security/access_control_wrapper_export.h" + +/* Init in all-ok mode: all functions return success without calling the actual plugin */ +SECURITY_EXPORT int32_t init_test_access_control_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_access_control_all_ok(void *context); + +/* Init in missing function mode: one of the function pointers is null */ +SECURITY_EXPORT int32_t init_test_access_control_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_access_control_missing_func(void *context); + +#endif /* SECURITY_CORE_TEST_ACCESS_CONTROL_WRAPPER_H_ */ diff --git a/src/security/core/tests/common/authentication_wrapper.c b/src/security/core/tests/common/authentication_wrapper.c new file mode 100644 index 0000000..b794a3e --- /dev/null +++ b/src/security/core/tests/common/authentication_wrapper.c @@ -0,0 +1,566 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include +#include "dds/dds.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_utils.h" +#include "authentication_wrapper.h" +#include "test_identity.h" +#include "plugin_wrapper_msg_q.h" + +int32_t init_authentication(const char *argument, void **context); +int32_t finalize_authentication(void *context); + +enum auth_plugin_mode { + PLUGIN_MODE_ALL_OK, + PLUGIN_MODE_WRAPPED, + PLUGIN_MODE_MISSING_FUNC, + PLUGIN_MODE_INIT_FAIL +}; + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ +struct dds_security_authentication_impl +{ + dds_security_authentication base; + dds_security_authentication *instance; + struct message_queue msg_queue; + const struct ddsi_domaingv *gv; + enum auth_plugin_mode mode; +}; + +static struct dds_security_authentication_impl **auth_impl; +static size_t auth_impl_count = 0; + +static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_DUMMY; +static const char *test_private_key = TEST_IDENTITY_PRIVATE_KEY_DUMMY; +static const char *test_ca_certificate = TEST_IDENTITY_CA_CERTIFICATE_DUMMY; + +static DDS_Security_ValidationResult_t test_validate_local_identity_all_ok( + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid) +{ + DDS_Security_ValidationResult_t result = DDS_SECURITY_VALIDATION_OK; + char *identity_ca = NULL; + char *identity_certificate = NULL; + char *private_key = NULL; + + memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(*adjusted_participant_guid)); + for (unsigned i = 0; i < participant_qos->property.value._length; i++) + { + printf("%s\n", participant_qos->property.value._buffer[i].name); + if (!strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key")) + private_key = participant_qos->property.value._buffer[i].value; + else if (!strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca")) + identity_ca = participant_qos->property.value._buffer[i].value; + else if (!strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate")) + identity_certificate = participant_qos->property.value._buffer[i].value; + } + + if (strcmp(identity_certificate, test_identity_certificate)) + { + printf("identity received=%s\n", identity_certificate); + printf("identity expected=%s\n", test_identity_certificate); + result = DDS_SECURITY_VALIDATION_FAILED; + printf("FAILED: Could not get identity_certificate value properly\n"); + } + else if (strcmp(identity_ca, test_ca_certificate)) + { + printf("ca received=%s\n", identity_ca); + printf("ca expected=%s\n", test_ca_certificate); + printf("FAILED: Could not get identity_ca value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + else if (strcmp(private_key, test_private_key)) + { + printf("FAILED: Could not get private_key value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + if (result == DDS_SECURITY_VALIDATION_OK) + printf("DDS_SECURITY_VALIDATION_OK\n"); + + return result; +} + +static DDS_Security_ValidationResult_t test_validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + { + DDS_Security_ValidationResult_t result = impl->instance->validate_local_identity( + impl->instance, local_identity_handle, adjusted_participant_guid, domain_id, participant_qos, candidate_participant_guid, ex); + add_message(&impl->msg_queue, MESSAGE_KIND_VALIDATE_LOCAL_IDENTITY, *local_identity_handle, + 0, 0, adjusted_participant_guid, NULL, result, ex ? ex->message : "", NULL, instance); + return result; + } + case PLUGIN_MODE_ALL_OK: + default: + return test_validate_local_identity_all_ok(adjusted_participant_guid, participant_qos, candidate_participant_guid); + } +} + +static DDS_Security_boolean test_get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->get_identity_token(impl->instance, identity_token, handle, ex); + + case PLUGIN_MODE_ALL_OK: + default: + { + memset(identity_token, 0, sizeof(*identity_token)); + identity_token->class_id = ddsrt_strdup(""); + return true; + } + } +} + +static DDS_Security_boolean test_get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->get_identity_status_token(impl->instance, identity_status_token, handle, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->set_permissions_credential_and_token(impl->instance, handle, permissions_credential, permissions_token, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_ValidationResult_t test_validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + { + DDS_Security_ValidationResult_t result = impl->instance->validate_remote_identity( + impl->instance, remote_identity_handle, local_auth_request_token, remote_auth_request_token, + local_identity_handle, remote_identity_token, remote_participant_guid, ex); + add_message(&impl->msg_queue, MESSAGE_KIND_VALIDATE_REMOTE_IDENTITY, local_identity_handle, + *remote_identity_handle, 0, NULL, remote_participant_guid, result, ex ? ex->message : "", local_auth_request_token, instance); + return result; + } + + case PLUGIN_MODE_ALL_OK: + default: + return DDS_SECURITY_VALIDATION_OK; + } +} + +static DDS_Security_ValidationResult_t test_begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + { + DDS_Security_ValidationResult_t result = impl->instance->begin_handshake_request( + impl->instance, handshake_handle, handshake_message, initiator_identity_handle, + replier_identity_handle, serialized_local_participant_data, ex); + add_message(&impl->msg_queue, MESSAGE_KIND_BEGIN_HANDSHAKE_REQUEST, initiator_identity_handle, + replier_identity_handle, *handshake_handle, NULL, NULL, result, ex ? ex->message : "", handshake_message, instance); + return result; + } + + case PLUGIN_MODE_ALL_OK: + default: + return DDS_SECURITY_VALIDATION_OK; + } +} + +static DDS_Security_ValidationResult_t test_begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + { + DDS_Security_ValidationResult_t result = impl->instance->begin_handshake_reply( + impl->instance, handshake_handle, handshake_message_out, handshake_message_in, + initiator_identity_handle, replier_identity_handle, serialized_local_participant_data, ex); + add_message(&impl->msg_queue, MESSAGE_KIND_BEGIN_HANDSHAKE_REPLY, replier_identity_handle, + initiator_identity_handle, *handshake_handle, NULL, NULL, result, ex ? ex->message : "", handshake_message_out, instance); + return result; + } + + case PLUGIN_MODE_ALL_OK: + default: + return DDS_SECURITY_VALIDATION_OK; + } +} + +static DDS_Security_ValidationResult_t test_process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + { + DDS_Security_ValidationResult_t result = impl->instance->process_handshake(impl->instance, handshake_message_out, handshake_message_in, handshake_handle, ex); + add_message(&impl->msg_queue, MESSAGE_KIND_PROCESS_HANDSHAKE, 0, 0, handshake_handle, + NULL, NULL, result, ex ? ex->message : "", handshake_message_out, instance); + return result; + } + + case PLUGIN_MODE_ALL_OK: + default: + return DDS_SECURITY_VALIDATION_OK; + } +} + +static DDS_Security_SharedSecretHandle test_get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->get_shared_secret(impl->instance, handshake_handle, ex); + case PLUGIN_MODE_ALL_OK: + default: + return 0; + } +} + +static DDS_Security_boolean test_get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->get_authenticated_peer_credential_token(impl->instance, peer_credential_token, handshake_handle, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->set_listener(impl->instance, listener, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_identity_token(impl->instance, token, ex); + case PLUGIN_MODE_ALL_OK: + default: + if (token->class_id) + ddsrt_free (token->class_id); + return true; + } +} + +static DDS_Security_boolean test_return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_identity_status_token(impl->instance, token, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_authenticated_peer_credential_token(impl->instance, peer_credential_token, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_handshake_handle(impl->instance, handshake_handle, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static DDS_Security_boolean test_return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_identity_handle(impl->instance, identity_handle, ex); + default: + return true; + } +} + +static DDS_Security_boolean test_return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_authentication_impl *impl = (struct dds_security_authentication_impl *)instance; + switch (impl->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_sharedsecret_handle(impl->instance, sharedsecret_handle, ex); + case PLUGIN_MODE_ALL_OK: + default: + return true; + } +} + +static struct dds_security_authentication_impl * get_impl_for_domain(dds_domainid_t domain_id) +{ + for (size_t i = 0; i < auth_impl_count; i++) + { + if (auth_impl[i]->gv->config.domainId == domain_id) + { + assert(auth_impl[i]); + return auth_impl[i]; + } + } + return NULL; +} + +struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout) +{ + struct dds_security_authentication_impl *impl = get_impl_for_domain(domain_id); + assert(impl); + return take_message(&impl->msg_queue, kind, lidHandle, ridHandle, hsHandle, timeout); +} + +void test_authentication_plugin_release_msg(struct message *msg) +{ + delete_message(msg); +} + +static struct dds_security_authentication_impl * init_test_authentication_common() +{ + struct dds_security_authentication_impl * impl = ddsrt_malloc(sizeof(*impl)); + memset(impl, 0, sizeof(*impl)); + impl->base.validate_local_identity = &test_validate_local_identity; + impl->base.get_identity_token = &test_get_identity_token; + impl->base.get_identity_status_token = &test_get_identity_status_token; + impl->base.set_permissions_credential_and_token = &test_set_permissions_credential_and_token; + impl->base.validate_remote_identity = &test_validate_remote_identity; + impl->base.begin_handshake_request = &test_begin_handshake_request; + impl->base.begin_handshake_reply = &test_begin_handshake_reply; + impl->base.process_handshake = &test_process_handshake; + impl->base.get_shared_secret = &test_get_shared_secret; + impl->base.get_authenticated_peer_credential_token = &test_get_authenticated_peer_credential_token; + impl->base.set_listener = &test_set_listener; + impl->base.return_identity_token = &test_return_identity_token; + impl->base.return_identity_status_token = &test_return_identity_status_token; + impl->base.return_authenticated_peer_credential_token = &test_return_authenticated_peer_credential_token; + impl->base.return_handshake_handle = &test_return_handshake_handle; + impl->base.return_identity_handle = &test_return_identity_handle; + impl->base.return_sharedsecret_handle = &test_return_sharedsecret_handle; + return impl; +} + +int32_t init_test_authentication_all_ok(const char *argument, void **context) +{ + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + struct dds_security_authentication_impl *impl = init_test_authentication_common(); + impl->mode = PLUGIN_MODE_ALL_OK; + *context = impl; + return 0; +} + +int32_t finalize_test_authentication_all_ok(void *context) +{ + assert(((struct dds_security_authentication_impl *)context)->mode == PLUGIN_MODE_ALL_OK); + ddsrt_free(context); + return 0; +} + +int32_t init_test_authentication_missing_func(const char *argument, void **context) +{ + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + struct dds_security_authentication_impl *impl = init_test_authentication_common(); + impl->base.get_shared_secret = NULL; + impl->mode = PLUGIN_MODE_MISSING_FUNC; + *context = impl; + return 0; +} + +int32_t finalize_test_authentication_missing_func(void *context) +{ + assert(((struct dds_security_authentication_impl *)context)->mode == PLUGIN_MODE_MISSING_FUNC); + ddsrt_free(context); + return 0; +} + +int32_t init_test_authentication_init_error(const char *argument, void **context) +{ + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + return 1; +} + +int32_t finalize_test_authentication_init_error(void *context) +{ + DDSRT_UNUSED_ARG(context); + return 0; +} + +int32_t init_test_authentication_wrapped(const char *argument, void **context) +{ + int32_t ret; + struct dds_security_authentication_impl *impl = init_test_authentication_common(); + impl->mode = PLUGIN_MODE_WRAPPED; + + init_message_queue(&impl->msg_queue); + struct thread_state1 * const ts1 = lookup_thread_state (); + struct ddsi_domaingv const * const gv = ddsrt_atomic_ldvoidp (&ts1->gv); + impl->gv = gv; + + ret = init_authentication(argument, (void **)&impl->instance); + + auth_impl_count++; + auth_impl = ddsrt_realloc(auth_impl, auth_impl_count * sizeof(*auth_impl)); + auth_impl[auth_impl_count - 1] = impl; + + *context = impl; + return ret; +} + +int32_t finalize_test_authentication_wrapped(void *context) +{ + int32_t ret; + struct dds_security_authentication_impl *impl = context; + assert(impl->mode == PLUGIN_MODE_WRAPPED); + deinit_message_queue(&impl->msg_queue); + ret = finalize_authentication(impl->instance); + ddsrt_free(context); + auth_impl_count--; + return ret; +} + diff --git a/src/security/core/tests/common/authentication_wrapper.h b/src/security/core/tests/common/authentication_wrapper.h new file mode 100644 index 0000000..be4854a --- /dev/null +++ b/src/security/core/tests/common/authentication_wrapper.h @@ -0,0 +1,38 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ +#define SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ + +#include "dds/security/dds_security_api.h" +#include "dds/security/authentication_wrapper_export.h" +#include "plugin_wrapper_msg_q.h" + +/* Init in wrapper mode */ +SECURITY_EXPORT int32_t init_test_authentication_wrapped(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_authentication_wrapped(void *context); + +/* Init in all-ok mode: all functions return success without calling the actual plugin */ +SECURITY_EXPORT int32_t init_test_authentication_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_authentication_all_ok(void *context); + +/* Init in missing function mode: one of the function pointers is null */ +SECURITY_EXPORT int32_t init_test_authentication_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_authentication_missing_func(void *context); + +/* Init function fails */ +SECURITY_EXPORT int32_t init_test_authentication_init_error(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_authentication_init_error(void *context); + +SECURITY_EXPORT struct message * test_authentication_plugin_take_msg(dds_domainid_t domain_id, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout); +SECURITY_EXPORT void test_authentication_plugin_release_msg(struct message *msg); + +#endif /* SECURITY_CORE_TEST_AUTHENTICATION_WRAPPER_H_ */ diff --git a/src/security/core/tests/common/config_env.h.in b/src/security/core/tests/common/config_env.h.in new file mode 100644 index 0000000..a3773f1 --- /dev/null +++ b/src/security/core/tests/common/config_env.h.in @@ -0,0 +1,27 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef CONFIG_ENV_H +#define CONFIG_ENV_H + +#define FILE_PATH_SEP "@file_path_sep@" +#define COMMON_ETC_DIR "@common_etc_dir@" +#define PLUGIN_WRAPPER_LIB_DIR "@plugin_wrapper_lib_dir@" +#define PLUGIN_WRAPPER_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" +#define PLUGIN_WRAPPER_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" + +#define WRAPPERLIB_PATH(name) \ + PLUGIN_WRAPPER_LIB_DIR FILE_PATH_SEP PLUGIN_WRAPPER_LIB_PREFIX name PLUGIN_WRAPPER_LIB_SUFFIX + +#define COMMON_ETC_PATH(name) \ + COMMON_ETC_DIR FILE_PATH_SEP name + +#endif /* CONFIG_ENV_H */ diff --git a/src/security/core/tests/common/cryptography_wrapper.c b/src/security/core/tests/common/cryptography_wrapper.c new file mode 100644 index 0000000..ad9346b --- /dev/null +++ b/src/security/core/tests/common/cryptography_wrapper.c @@ -0,0 +1,728 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include +#include "dds/dds.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/dds_security_api_defs.h" +#include "dds/security/core/dds_security_utils.h" +#include "cryptography_wrapper.h" + +int32_t init_crypto(const char *argument, void **context); +int32_t finalize_crypto(void *context); + +enum crypto_plugin_mode { + PLUGIN_MODE_ALL_OK, + PLUGIN_MODE_MISSING_FUNC, + PLUGIN_MODE_WRAPPED +}; + +struct dds_security_crypto_key_exchange_impl { + struct dds_security_crypto_key_exchange base; + struct dds_security_crypto_key_exchange *instance; + struct dds_security_cryptography_impl *parent; +}; + +struct dds_security_crypto_key_factory_impl { + struct dds_security_crypto_key_factory base; + struct dds_security_crypto_key_factory *instance; + struct dds_security_cryptography_impl *parent; +}; + +struct dds_security_crypto_transform_impl { + struct dds_security_crypto_transform base; + struct dds_security_crypto_transform *instance; + struct dds_security_cryptography_impl *parent; +}; + +struct dds_security_cryptography_impl { + struct dds_security_cryptography base; + struct dds_security_cryptography *instance; + struct dds_security_crypto_transform_impl transform_wrap; + struct dds_security_crypto_key_factory_impl factory_wrap; + struct dds_security_crypto_key_exchange_impl exchange_wrap; + enum crypto_plugin_mode mode; + DDS_Security_ProtectionKind rtps_protection_kind; + DDS_Security_ProtectionKind metadata_protection_kind; + DDS_Security_BasicProtectionKind payload_protection_kind; +}; + +static DDS_Security_ParticipantCryptoHandle g_local_participant_handle = 0; + +void set_protection_kinds( + struct dds_security_cryptography_impl * impl, + DDS_Security_ProtectionKind rtps_protection_kind, + DDS_Security_ProtectionKind metadata_protection_kind, + DDS_Security_BasicProtectionKind payload_protection_kind) +{ + assert(impl); + impl->rtps_protection_kind = rtps_protection_kind; + impl->metadata_protection_kind = metadata_protection_kind; + impl->payload_protection_kind = payload_protection_kind; +} + +static unsigned char * find_buffer_match(unsigned char *input, size_t input_len, unsigned char *match, size_t match_len) +{ + if (match_len <= input_len && match_len > 0 && input_len > 0) + { + unsigned char *match_end = match + match_len; + unsigned char *i = input; + while (i <= input + input_len - match_len) + { + unsigned char *m = match, *j = i; + while (*m == *j && j < input + input_len) + { + j++; + if (++m == match_end) + return i; + } + i++; + } + } + return NULL; +} + +static bool check_buffers(const DDS_Security_OctetSeq *encoded_buffer, const DDS_Security_OctetSeq *plain_buffer, bool expect_encrypted, DDS_Security_SecurityException *ex) +{ + unsigned char *m = find_buffer_match (encoded_buffer->_buffer, encoded_buffer->_length, + plain_buffer->_buffer, plain_buffer->_length); + if ((m == NULL) != expect_encrypted) + { + ex->code = 1; + ex->message = ddsrt_strdup (expect_encrypted ? + "Expect encryption, but clear payload found after encoding." : "Expect only signature, but clear payload was not found in source after decoding."); + return false; + } + return true; +} + +static DDS_Security_long_long check_handle(DDS_Security_long_long handle) +{ + /* Assume that handle, which actually is a pointer, has a value that is likely to be + a valid memory address and not a value returned by the mock implementation. */ + assert (handle == 0 || handle > 4096); + return handle; +} + +static bool expect_encrypted_buffer (DDS_Security_ProtectionKind pk) +{ + return pk == DDS_SECURITY_PROTECTION_KIND_ENCRYPT || pk == DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION; +} + +/** + * Crypto key exchange + */ +static DDS_Security_boolean create_local_participant_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->create_local_participant_crypto_tokens (impl->instance, local_participant_crypto_tokens, + local_participant_crypto, remote_participant_crypto, ex); + default: + return true; + } +} + +static DDS_Security_boolean set_remote_participant_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->set_remote_participant_crypto_tokens (impl->instance, check_handle (local_participant_crypto), + check_handle (remote_participant_crypto), remote_participant_tokens, ex); + default: + return true; + } +} + +static DDS_Security_boolean create_local_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->create_local_datawriter_crypto_tokens (impl->instance, local_datawriter_crypto_tokens, + check_handle (local_datawriter_crypto), check_handle (remote_datareader_crypto), ex); + default: + return true; + } +} + +static DDS_Security_boolean set_remote_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->set_remote_datawriter_crypto_tokens (impl->instance, check_handle (local_datareader_crypto), + check_handle (remote_datawriter_crypto), remote_datawriter_tokens, ex); + default: + return true; + } +} + +static DDS_Security_boolean create_local_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->create_local_datareader_crypto_tokens (impl->instance, local_datareader_cryto_tokens, + check_handle (local_datareader_crypto), check_handle (remote_datawriter_crypto), ex); + default: + return true; + } +} + +static DDS_Security_boolean set_remote_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->set_remote_datareader_crypto_tokens (impl->instance, check_handle (local_datawriter_crypto), + check_handle (remote_datareader_crypto), remote_datareader_tokens, ex); + default: + return true; + } +} + +static DDS_Security_boolean return_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_CryptoTokenSeq *crypto_tokens, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_exchange_impl *impl = (struct dds_security_crypto_key_exchange_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->return_crypto_tokens (impl->instance, crypto_tokens, ex); + default: + return true; + } +} + +/** + * Crypto key factory + */ +static DDS_Security_ParticipantCryptoHandle register_local_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_IdentityHandle participant_identity, + const DDS_Security_PermissionsHandle participant_permissions, + const DDS_Security_PropertySeq *participant_properties, + const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_local_participant (impl->instance, check_handle (participant_identity), + check_handle (participant_permissions), participant_properties, participant_security_attributes, ex)); + default: + return ++g_local_participant_handle; + } +} + +static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, + const DDS_Security_IdentityHandle remote_participant_identity, + const DDS_Security_PermissionsHandle remote_participant_permissions, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_matched_remote_participant (impl->instance, local_participant_crypto_handle, + remote_participant_identity, remote_participant_permissions, shared_secret, ex)); + default: + return 0; + } +} + +static DDS_Security_DatawriterCryptoHandle register_local_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datawriter_properties, + const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_local_datawriter (impl->instance, check_handle (participant_crypto), + datawriter_properties, datawriter_security_attributes, ex)); + default: + return 0; + } +} + +static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_SharedSecretHandle shared_secret, + const DDS_Security_boolean relay_only, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_matched_remote_datareader (impl->instance, check_handle (local_datawriter_crypto_handle), + check_handle (remote_participant_crypto), check_handle (shared_secret), relay_only, ex)); + default: + return 0; + } +} + +static DDS_Security_DatareaderCryptoHandle register_local_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datareader_properties, + const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_local_datareader (impl->instance, check_handle (participant_crypto), + datareader_properties, datareader_security_attributes, ex)); + default: + return 0; + } +} + +static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return check_handle (impl->instance->register_matched_remote_datawriter (impl->instance, check_handle (local_datareader_crypto_handle), + check_handle (remote_participant_crypt), shared_secret, ex)); + default: + return 1; + } +} + +static DDS_Security_boolean unregister_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->unregister_participant (impl->instance, check_handle (participant_crypto_handle), ex); + default: + return true; + } +} + +static DDS_Security_boolean unregister_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->unregister_datawriter (impl->instance, check_handle (datawriter_crypto_handle), ex); + default: + return true; + } +} + +static DDS_Security_boolean unregister_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_key_factory_impl *impl = (struct dds_security_crypto_key_factory_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->unregister_datareader (impl->instance, check_handle (datareader_crypto_handle), ex); + default: + return true; + } +} + +/** + * Crypto transform + */ +static DDS_Security_boolean encode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_buffer, + DDS_Security_OctetSeq *extra_inline_qos, + const DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->encode_serialized_payload (impl->instance, encoded_buffer, + extra_inline_qos, plain_buffer, check_handle (sending_datawriter_crypto), ex)) + return false; + return check_buffers (encoded_buffer, plain_buffer, impl->parent->payload_protection_kind == DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT, ex); + default: + return true; + } +} + +static DDS_Security_boolean encode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, + int32_t *receiving_datareader_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->encode_datawriter_submessage (impl->instance, encoded_rtps_submessage, + plain_rtps_submessage, check_handle (sending_datawriter_crypto), receiving_datareader_crypto_list, receiving_datareader_crypto_list_index, ex)) + return false; + return expect_encrypted_buffer (impl->parent->metadata_protection_kind) ? + check_buffers (encoded_rtps_submessage, plain_rtps_submessage, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean encode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->encode_datareader_submessage (impl->instance, encoded_rtps_submessage, + plain_rtps_submessage, check_handle (sending_datareader_crypto), receiving_datawriter_crypto_list, ex)) + return false; + return expect_encrypted_buffer (impl->parent->metadata_protection_kind) ? + check_buffers (encoded_rtps_submessage, plain_rtps_submessage, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean encode_rtps_message( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, + int32_t *receiving_participant_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->encode_rtps_message (impl->instance, encoded_rtps_message, + plain_rtps_message, check_handle (sending_participant_crypto), receiving_participant_crypto_list, receiving_participant_crypto_list_index, ex)) + return false; + return expect_encrypted_buffer (impl->parent->rtps_protection_kind) ? + check_buffers (encoded_rtps_message, plain_rtps_message, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean decode_rtps_message( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->decode_rtps_message (impl->instance, plain_buffer, encoded_buffer, + check_handle (receiving_participant_crypto), check_handle (sending_participant_crypto), ex)) + return false; + return expect_encrypted_buffer (impl->parent->rtps_protection_kind) ? + check_buffers (encoded_buffer, plain_buffer, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean preprocess_secure_submsg( + dds_security_crypto_transform *instance, + DDS_Security_DatawriterCryptoHandle *datawriter_crypto, + DDS_Security_DatareaderCryptoHandle *datareader_crypto, + DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + return impl->instance->preprocess_secure_submsg (impl->instance, datawriter_crypto, datareader_crypto, + secure_submessage_category, encoded_rtps_submessage, check_handle (receiving_participant_crypto), check_handle (sending_participant_crypto), ex); + default: + return true; + } +} + +static DDS_Security_boolean decode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->decode_datawriter_submessage (impl->instance, plain_rtps_submessage, + encoded_rtps_submessage, check_handle (receiving_datareader_crypto), check_handle (sending_datawriter_crypto), ex)) + return false; + return expect_encrypted_buffer (impl->parent->metadata_protection_kind) ? + check_buffers (encoded_rtps_submessage, plain_rtps_submessage, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean decode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->decode_datareader_submessage (impl->instance, plain_rtps_submessage, + encoded_rtps_submessage, check_handle (receiving_datawriter_crypto), check_handle (sending_datareader_crypto), ex)) + return false; + return expect_encrypted_buffer (impl->parent->metadata_protection_kind) ? + check_buffers (encoded_rtps_submessage, plain_rtps_submessage, true, ex) : true; + default: + return true; + } +} + +static DDS_Security_boolean decode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_OctetSeq *inline_qos, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + struct dds_security_crypto_transform_impl *impl = (struct dds_security_crypto_transform_impl *)instance; + switch (impl->parent->mode) + { + case PLUGIN_MODE_WRAPPED: + if (!impl->instance->decode_serialized_payload(impl->instance, plain_buffer, encoded_buffer, + inline_qos, check_handle (receiving_datareader_crypto), check_handle (sending_datawriter_crypto), ex)) + return false; + return check_buffers(encoded_buffer, plain_buffer, impl->parent->payload_protection_kind == DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT, ex); + default: + return true; + } +} + +/** + * Init and finalize functions + */ +static struct dds_security_cryptography_impl * init_test_cryptography_common(const char *argument, bool wrapped) +{ + struct dds_security_cryptography_impl *impl = (struct dds_security_cryptography_impl*) ddsrt_malloc(sizeof(*impl)); + memset(impl, 0, sizeof(*impl)); + + if (wrapped) + { + if (init_crypto(argument, (void **)&impl->instance) != DDS_SECURITY_SUCCESS) + return NULL; + + impl->transform_wrap.instance = impl->instance->crypto_transform; + impl->factory_wrap.instance = impl->instance->crypto_key_factory; + impl->exchange_wrap.instance = impl->instance->crypto_key_exchange; + } + + impl->base.crypto_transform = (dds_security_crypto_transform *)&impl->transform_wrap; + impl->base.crypto_key_factory = (dds_security_crypto_key_factory *)&impl->factory_wrap; + impl->base.crypto_key_exchange = (dds_security_crypto_key_exchange *)&impl->exchange_wrap; + + impl->transform_wrap.parent = impl; + impl->factory_wrap.parent = impl; + impl->exchange_wrap.parent = impl; + + impl->factory_wrap.base.register_local_participant = ®ister_local_participant; + impl->factory_wrap.base.register_matched_remote_participant = ®ister_matched_remote_participant; + impl->factory_wrap.base.register_local_datawriter = ®ister_local_datawriter; + impl->factory_wrap.base.register_matched_remote_datareader = ®ister_matched_remote_datareader; + impl->factory_wrap.base.register_local_datareader = ®ister_local_datareader; + impl->factory_wrap.base.register_matched_remote_datawriter = ®ister_matched_remote_datawriter; + impl->factory_wrap.base.unregister_participant = &unregister_participant; + impl->factory_wrap.base.unregister_datawriter = &unregister_datawriter; + impl->factory_wrap.base.unregister_datareader = &unregister_datareader; + + impl->exchange_wrap.base.create_local_participant_crypto_tokens = &create_local_participant_crypto_tokens; + impl->exchange_wrap.base.set_remote_participant_crypto_tokens = &set_remote_participant_crypto_tokens; + impl->exchange_wrap.base.create_local_datawriter_crypto_tokens = &create_local_datawriter_crypto_tokens; + impl->exchange_wrap.base.set_remote_datawriter_crypto_tokens = &set_remote_datawriter_crypto_tokens; + impl->exchange_wrap.base.create_local_datareader_crypto_tokens = &create_local_datareader_crypto_tokens; + impl->exchange_wrap.base.set_remote_datareader_crypto_tokens = &set_remote_datareader_crypto_tokens; + impl->exchange_wrap.base.return_crypto_tokens = &return_crypto_tokens; + + impl->transform_wrap.base.encode_datawriter_submessage = &encode_datawriter_submessage; + impl->transform_wrap.base.encode_datareader_submessage = &encode_datareader_submessage; + impl->transform_wrap.base.encode_rtps_message = &encode_rtps_message; + impl->transform_wrap.base.decode_rtps_message = &decode_rtps_message; + impl->transform_wrap.base.preprocess_secure_submsg = &preprocess_secure_submsg; + impl->transform_wrap.base.decode_datawriter_submessage = &decode_datawriter_submessage; + impl->transform_wrap.base.decode_datareader_submessage = &decode_datareader_submessage; + impl->transform_wrap.base.decode_serialized_payload = &decode_serialized_payload; + impl->transform_wrap.base.encode_serialized_payload = &encode_serialized_payload; + + return impl; +} + +static int32_t finalize_test_cryptography_common(struct dds_security_cryptography_impl * impl, bool wrapped) +{ + int32_t ret; + if (wrapped && (ret = finalize_crypto(impl->instance)) != DDS_SECURITY_SUCCESS) + return ret; + ddsrt_free(impl); + return DDS_SECURITY_SUCCESS; +} + +int32_t init_test_cryptography_all_ok(const char *argument, void **context) +{ + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); + if (!impl) + return DDS_SECURITY_FAILED; + impl->mode = PLUGIN_MODE_ALL_OK; + *context = impl; + return DDS_SECURITY_SUCCESS; +} + +int32_t finalize_test_cryptography_all_ok(void *context) +{ + struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context; + assert(impl->mode == PLUGIN_MODE_ALL_OK); + return finalize_test_cryptography_common(impl, false); +} + +int32_t init_test_cryptography_missing_func(const char *argument, void **context) +{ + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, false); + if (!impl) + return DDS_SECURITY_FAILED; + impl->base.crypto_key_exchange->set_remote_participant_crypto_tokens = NULL; + impl->mode = PLUGIN_MODE_MISSING_FUNC; + *context = impl; + return DDS_SECURITY_SUCCESS; +} + +int32_t finalize_test_cryptography_missing_func(void *context) +{ + struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context; + assert(impl->mode == PLUGIN_MODE_MISSING_FUNC); + return finalize_test_cryptography_common(impl, false); +} + +int32_t init_test_cryptography_wrapped(const char *argument, void **context) +{ + struct dds_security_cryptography_impl *impl = init_test_cryptography_common(argument, true); + if (!impl) + return DDS_SECURITY_FAILED; + impl->mode = PLUGIN_MODE_WRAPPED; + *context = impl; + return DDS_SECURITY_SUCCESS; +} + +int32_t finalize_test_cryptography_wrapped(void *context) +{ + struct dds_security_cryptography_impl* impl = (struct dds_security_cryptography_impl*) context; + assert(impl->mode == PLUGIN_MODE_WRAPPED); + return finalize_test_cryptography_common(impl, true); +} + diff --git a/src/security/core/tests/common/cryptography_wrapper.h b/src/security/core/tests/common/cryptography_wrapper.h new file mode 100644 index 0000000..9fd17d1 --- /dev/null +++ b/src/security/core/tests/common/cryptography_wrapper.h @@ -0,0 +1,39 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ +#define SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ + +#include "dds/security/dds_security_api.h" +#include "dds/security/dds_security_api_defs.h" +#include "dds/security/cryptography_wrapper_export.h" + +struct dds_security_cryptography_impl; + +SECURITY_EXPORT void set_protection_kinds( + struct dds_security_cryptography_impl * impl, + DDS_Security_ProtectionKind rtps_protection_kind, + DDS_Security_ProtectionKind metadata_protection_kind, + DDS_Security_BasicProtectionKind payload_protection_kind); + +/* Init in all-ok mode: all functions return success without calling the actual plugin */ +SECURITY_EXPORT int32_t init_test_cryptography_all_ok(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_cryptography_all_ok(void *context); + +/* Init in missing function mode: one of the function pointers is null */ +SECURITY_EXPORT int32_t init_test_cryptography_missing_func(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_cryptography_missing_func(void *context); + +/* Init in wrapper mode */ +SECURITY_EXPORT int32_t init_test_cryptography_wrapped(const char *argument, void **context); +SECURITY_EXPORT int32_t finalize_test_cryptography_wrapped(void *context); + +#endif /* SECURITY_CORE_TEST_CRYPTO_WRAPPER_H_ */ diff --git a/src/security/core/tests/common/etc/create_p7s b/src/security/core/tests/common/etc/create_p7s new file mode 100755 index 0000000..904e7bd --- /dev/null +++ b/src/security/core/tests/common/etc/create_p7s @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Argument +if [ -z "$1" ] +then + echo "This script can be used for signing Permissions and Governance file list. Can be called from any directory" + echo "Expected a filename list with or without the .xml extension" + echo "PERMISSION_CA_CERT and PERMISSION_CA_KEY environment variables are used for signing if they are set" + exit +fi + +# Location of the pem files is the same as this script location. +PEM_LOCATION="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" +if [ -v PERMISSION_CA_CERT ] && [ -v PERMISSION_CA_KEY ] ; then + echo "Using custom permission key and certificate" + echo "PERMISSION_CA_CERT: $PERMISSION_CA_CERT" + echo "PERMISSION_CA_KEY: $PERMISSION_CA_KEY" +else + PERMISSION_CA_CERT=${PEM_LOCATION}/default_permissions_ca.pem + PERMISSION_CA_KEY=${PEM_LOCATION}/default_permissions_ca_key.pem +fi + +# Do all given files. +for filename in "$@" +do + if [ ${filename:${#filename}-4:4} == ".xml" ] ; then + BASE_FILE_NAME=${filename:0:-4} + echo $BASE_FILE_NAME + else + BASE_FILE_NAME=$filename + fi + + # Create the p7s file(s) + openssl smime -sign -in "${BASE_FILE_NAME}.xml" -text -out "${BASE_FILE_NAME}.p7s" -signer "$PERMISSION_CA_CERT" -inkey "$PERMISSION_CA_KEY" +done + diff --git a/src/security/core/tests/common/etc/default_governance.p7s b/src/security/core/tests/common/etc/default_governance.p7s new file mode 100644 index 0000000..0fae1eb --- /dev/null +++ b/src/security/core/tests/common/etc/default_governance.p7s @@ -0,0 +1,120 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----53BB1E1533C543713994C321F5A9998F" + +This is an S/MIME signed message + +------53BB1E1533C543713994C321F5A9998F +Content-Type: text/plain + + + + + + + + + 0 + 230 + + + + + false + + + true + + + ENCRYPT + + + ENCRYPT + + + ENCRYPT + + + + + * + + + true + + + true + + + true + + + true + + + ENCRYPT + + + ENCRYPT + + + + + + +------53BB1E1533C543713994C321F5A9998F +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIHoQYJKoZIhvcNAQcCoIIHkjCCB44CAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggRzMIIEbzCCA1egAwIBAgIUfoby6818hlJQ+41KUHiM6BZll/0w +DQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAk5MMQswCQYDVQQIDAJPVjEWMBQG +A1UEBwwNTG9jYWxpdHkgTmFtZTETMBEGA1UECwwKRXhhbXBsZSBPVTEgMB4GA1UE +CgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVy +bWlzc2lvbnMgQ0ExOjA4BgkqhkiG9w0BCQEWK2F1dGhvcml0eUBjeWNsb25lZGRz +c2VjdXJpdHkuYWRsaW5rdGVjaC5jb20wHhcNMjAwMjI3MTM0ODA5WhcNMzAwMjI0 +MTM0ODA5WjCBxjELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1M +b2NhbGl0eSBOYW1lMRMwEQYDVQQLDApFeGFtcGxlIE9VMSAwHgYDVQQKDBdFeGFt +cGxlIENBIE9yZ2FuaXphdGlvbjEfMB0GA1UEAwwWRXhhbXBsZSBQZXJtaXNzaW9u +cyBDQTE6MDgGCSqGSIb3DQEJARYrYXV0aG9yaXR5QGN5Y2xvbmVkZHNzZWN1cml0 +eS5hZGxpbmt0ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANNWwyrW3J+TCyaZH77q+29GGqFsYP5rv9cpcL/TMDNccsPYY+1RA1K+zMRYo1LG +8VdJNtJlhxE+tmEbKxsVUTtoj8zbLVU4P4g0gIh6U7LMv5lUEZ3XYKWvYrbZTFMo +f2rXQYGXPO7pFnvbNAbnMiLmagRKxKJ91kq4utuMG3U6rkCA7i2S8cEISNO3gIpF +a0IZJ8yS8wDlKa/LGxL90BYasLsSA6tw/69OIiUUYqpMRD+xxyyTkMO37VjmdiFL +Ha/dxO8HH0t3Q0U0AgZP9uwYTgZpN+2UEFnjv3BDIydc3Wa0UaSdxLtHXMPvg3sR +uH9CTqr4Le7/3uTYehYKgd0CAwEAAaNTMFEwHQYDVR0OBBYEFFi4pK986ZSB0BLi +Mm8ivu6AUxYPMB8GA1UdIwQYMBaAFFi4pK986ZSB0BLiMm8ivu6AUxYPMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHYLaJVWrLHg+62jC8yIz9db +ECIroX9Gb7Ll937HMum6Hj4wlImrifMVV3iORWBrBLvtTtn0Zno3mwfjLRQtkjOi +h71eJT+6//B7CT7noULJYVq8IRGErbKtmXULnxTajFApzO0v4hSu7rWj/Jfhil0T +X7QgKNpgKzjYodWz3oGGtchxvw3+v9wdIWD5Cj0bk/VMCQCaBV0anvyga7d4k8/z +PF7nW2Z9jNfKsVD1piFa+Yd4zN6XOPPKiFXfLD7ht9i2gG25iS+d95tKg1DfjnRD +7u0BJSOAPerxGtN/wf43qY1XzUoE2FBJ9QJGOA/02ffaUMOwSzICF/ShctH+Knkx +ggLyMIIC7gIBATCB3zCBxjELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYD +VQQHDA1Mb2NhbGl0eSBOYW1lMRMwEQYDVQQLDApFeGFtcGxlIE9VMSAwHgYDVQQK +DBdFeGFtcGxlIENBIE9yZ2FuaXphdGlvbjEfMB0GA1UEAwwWRXhhbXBsZSBQZXJt +aXNzaW9ucyBDQTE6MDgGCSqGSIb3DQEJARYrYXV0aG9yaXR5QGN5Y2xvbmVkZHNz +ZWN1cml0eS5hZGxpbmt0ZWNoLmNvbQIUfoby6818hlJQ+41KUHiM6BZll/0wDQYJ +YIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG +9w0BCQUxDxcNMjAwMjI3MTM0ODM0WjAvBgkqhkiG9w0BCQQxIgQgEOdJRhNPEiPV +hgGuWuTP8V074cDixAzQ31XymGEq0asweQYJKoZIhvcNAQkPMWwwajALBglghkgB +ZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggq +hkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC +ASgwDQYJKoZIhvcNAQEBBQAEggEAKGHnKKHlTdyGgbduE/dvtq4CteGtJJFE1z/Y +aG5xKd8NeInFIvMtGEoxp+hum1uh0819XRyHbOA5FUSB8y1HXNqqnfe6YwscD6Ds +Ux/nYtUrDuckZp+F1ulzsHe/lq7khtVaweck9YHt0iKUszn2fea774bR/ZjdZ0Fr ++6DBKLBR8XOlYK7m0HOjlOoN4O0qTCh100001884C0O75KXnOEGA6saf9epOwL0Z +LitRo9Evh20IvYlOzzDS5ddQqtOPgMDhq1dO8Mra4KKmYc6vj2gsNzQag0l0LkQa +lRQ/3YFTD0vAt09DzqUehNOZbr9pOYZYbP/z/Ov7zrb0+kPGzQ== + +------53BB1E1533C543713994C321F5A9998F-- + diff --git a/src/security/core/tests/common/etc/default_governance.xml b/src/security/core/tests/common/etc/default_governance.xml new file mode 100644 index 0000000..7d3e314 --- /dev/null +++ b/src/security/core/tests/common/etc/default_governance.xml @@ -0,0 +1,62 @@ + + + + + + + + 0 + 230 + + + + + false + + + true + + + ENCRYPT + + + ENCRYPT + + + ENCRYPT + + + + + * + + + true + + + true + + + true + + + true + + + ENCRYPT + + + ENCRYPT + + + + + diff --git a/src/security/core/tests/common/etc/default_permissions.p7s b/src/security/core/tests/common/etc/default_permissions.p7s new file mode 100644 index 0000000..3417eac --- /dev/null +++ b/src/security/core/tests/common/etc/default_permissions.p7s @@ -0,0 +1,97 @@ +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----024D6D35BD8D71C15552DF3E23F615BB" + +This is an S/MIME signed message + +------024D6D35BD8D71C15552DF3E23F615BB +Content-Type: text/plain + + + + + + emailAddress=alice@cycloneddssecurity.adlinktech.com,CN=Alice Example,O=Example Organization,OU=Organizational Unit Name,L=Locality Name,ST=OV,C=NL + + + 2015-09-15T01:00:00 + 2115-09-15T01:00:00 + + + + + 0 + 230 + + + + + * + + + * + + + + + * + + + * + + + + DENY + + + + +------024D6D35BD8D71C15552DF3E23F615BB +Content-Type: application/x-pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIIHoQYJKoZIhvcNAQcCoIIHkjCCB44CAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggRzMIIEbzCCA1egAwIBAgIUfoby6818hlJQ+41KUHiM6BZll/0w +DQYJKoZIhvcNAQELBQAwgcYxCzAJBgNVBAYTAk5MMQswCQYDVQQIDAJPVjEWMBQG +A1UEBwwNTG9jYWxpdHkgTmFtZTETMBEGA1UECwwKRXhhbXBsZSBPVTEgMB4GA1UE +CgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVy +bWlzc2lvbnMgQ0ExOjA4BgkqhkiG9w0BCQEWK2F1dGhvcml0eUBjeWNsb25lZGRz +c2VjdXJpdHkuYWRsaW5rdGVjaC5jb20wHhcNMjAwMjI3MTM0ODA5WhcNMzAwMjI0 +MTM0ODA5WjCBxjELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1M +b2NhbGl0eSBOYW1lMRMwEQYDVQQLDApFeGFtcGxlIE9VMSAwHgYDVQQKDBdFeGFt +cGxlIENBIE9yZ2FuaXphdGlvbjEfMB0GA1UEAwwWRXhhbXBsZSBQZXJtaXNzaW9u +cyBDQTE6MDgGCSqGSIb3DQEJARYrYXV0aG9yaXR5QGN5Y2xvbmVkZHNzZWN1cml0 +eS5hZGxpbmt0ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANNWwyrW3J+TCyaZH77q+29GGqFsYP5rv9cpcL/TMDNccsPYY+1RA1K+zMRYo1LG +8VdJNtJlhxE+tmEbKxsVUTtoj8zbLVU4P4g0gIh6U7LMv5lUEZ3XYKWvYrbZTFMo +f2rXQYGXPO7pFnvbNAbnMiLmagRKxKJ91kq4utuMG3U6rkCA7i2S8cEISNO3gIpF +a0IZJ8yS8wDlKa/LGxL90BYasLsSA6tw/69OIiUUYqpMRD+xxyyTkMO37VjmdiFL +Ha/dxO8HH0t3Q0U0AgZP9uwYTgZpN+2UEFnjv3BDIydc3Wa0UaSdxLtHXMPvg3sR +uH9CTqr4Le7/3uTYehYKgd0CAwEAAaNTMFEwHQYDVR0OBBYEFFi4pK986ZSB0BLi +Mm8ivu6AUxYPMB8GA1UdIwQYMBaAFFi4pK986ZSB0BLiMm8ivu6AUxYPMA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHYLaJVWrLHg+62jC8yIz9db +ECIroX9Gb7Ll937HMum6Hj4wlImrifMVV3iORWBrBLvtTtn0Zno3mwfjLRQtkjOi +h71eJT+6//B7CT7noULJYVq8IRGErbKtmXULnxTajFApzO0v4hSu7rWj/Jfhil0T +X7QgKNpgKzjYodWz3oGGtchxvw3+v9wdIWD5Cj0bk/VMCQCaBV0anvyga7d4k8/z +PF7nW2Z9jNfKsVD1piFa+Yd4zN6XOPPKiFXfLD7ht9i2gG25iS+d95tKg1DfjnRD +7u0BJSOAPerxGtN/wf43qY1XzUoE2FBJ9QJGOA/02ffaUMOwSzICF/ShctH+Knkx +ggLyMIIC7gIBATCB3zCBxjELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYD +VQQHDA1Mb2NhbGl0eSBOYW1lMRMwEQYDVQQLDApFeGFtcGxlIE9VMSAwHgYDVQQK +DBdFeGFtcGxlIENBIE9yZ2FuaXphdGlvbjEfMB0GA1UEAwwWRXhhbXBsZSBQZXJt +aXNzaW9ucyBDQTE6MDgGCSqGSIb3DQEJARYrYXV0aG9yaXR5QGN5Y2xvbmVkZHNz +ZWN1cml0eS5hZGxpbmt0ZWNoLmNvbQIUfoby6818hlJQ+41KUHiM6BZll/0wDQYJ +YIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG +9w0BCQUxDxcNMjAwMjI3MTM1MDU2WjAvBgkqhkiG9w0BCQQxIgQgLVEvOwNNW9+x ++KKNuY51LjFOBF441MR89lv8fK5pDKMweQYJKoZIhvcNAQkPMWwwajALBglghkgB +ZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggq +hkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC +ASgwDQYJKoZIhvcNAQEBBQAEggEAxDaQlT3KGO3Z69Dgh1JAnkR8fEW+SK/pRls0 +du8ZemKaeLAgwwS9rbMh+6YJqsYWrp1LWjxNI3oJqTp1RvcRzJJXF48nkP+Oe1jY +2KX9wx5LthmrT/573EvZHkXsx7mBu3Ar2etm4iE3lqkblEiynTNfy4XmJBNdB+u8 +cTzzm6J9372FK3iu5Od9yVDV33Ys/OHBI8GYcrK9RBKovkctr2fK+RJHaVqrDy3y +oE03GAaFr8brL2g9WlWRsE3nuRvPXppsz32kUWvHLUfEpGbq1K/9C137JSgVHNX2 +atfV404PDWdFqL/JMSdc8RIJTzY6I2Bwrg8z1912DkYD5KPuOA== + +------024D6D35BD8D71C15552DF3E23F615BB-- + diff --git a/src/security/core/tests/common/etc/default_permissions.xml b/src/security/core/tests/common/etc/default_permissions.xml new file mode 100644 index 0000000..74e3c9f --- /dev/null +++ b/src/security/core/tests/common/etc/default_permissions.xml @@ -0,0 +1,39 @@ + + + + + emailAddress=alice@cycloneddssecurity.adlinktech.com,CN=Alice Example,O=Example Organization,OU=Organizational Unit Name,L=Locality Name,ST=OV,C=NL + + + 2015-09-15T01:00:00 + 2115-09-15T01:00:00 + + + + + 0 + 230 + + + + + * + + + * + + + + + * + + + * + + + + DENY + + + diff --git a/src/security/core/tests/common/etc/default_permissions_ca.pem b/src/security/core/tests/common/etc/default_permissions_ca.pem new file mode 100644 index 0000000..377a1e5 --- /dev/null +++ b/src/security/core/tests/common/etc/default_permissions_ca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEbzCCA1egAwIBAgIUfoby6818hlJQ+41KUHiM6BZll/0wDQYJKoZIhvcNAQEL +BQAwgcYxCzAJBgNVBAYTAk5MMQswCQYDVQQIDAJPVjEWMBQGA1UEBwwNTG9jYWxp +dHkgTmFtZTETMBEGA1UECwwKRXhhbXBsZSBPVTEgMB4GA1UECgwXRXhhbXBsZSBD +QSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlzc2lvbnMgQ0Ex +OjA4BgkqhkiG9w0BCQEWK2F1dGhvcml0eUBjeWNsb25lZGRzc2VjdXJpdHkuYWRs +aW5rdGVjaC5jb20wHhcNMjAwMjI3MTM0ODA5WhcNMzAwMjI0MTM0ODA5WjCBxjEL +MAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0eSBOYW1l +MRMwEQYDVQQLDApFeGFtcGxlIE9VMSAwHgYDVQQKDBdFeGFtcGxlIENBIE9yZ2Fu +aXphdGlvbjEfMB0GA1UEAwwWRXhhbXBsZSBQZXJtaXNzaW9ucyBDQTE6MDgGCSqG +SIb3DQEJARYrYXV0aG9yaXR5QGN5Y2xvbmVkZHNzZWN1cml0eS5hZGxpbmt0ZWNo +LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNWwyrW3J+TCyaZ +H77q+29GGqFsYP5rv9cpcL/TMDNccsPYY+1RA1K+zMRYo1LG8VdJNtJlhxE+tmEb +KxsVUTtoj8zbLVU4P4g0gIh6U7LMv5lUEZ3XYKWvYrbZTFMof2rXQYGXPO7pFnvb +NAbnMiLmagRKxKJ91kq4utuMG3U6rkCA7i2S8cEISNO3gIpFa0IZJ8yS8wDlKa/L +GxL90BYasLsSA6tw/69OIiUUYqpMRD+xxyyTkMO37VjmdiFLHa/dxO8HH0t3Q0U0 +AgZP9uwYTgZpN+2UEFnjv3BDIydc3Wa0UaSdxLtHXMPvg3sRuH9CTqr4Le7/3uTY +ehYKgd0CAwEAAaNTMFEwHQYDVR0OBBYEFFi4pK986ZSB0BLiMm8ivu6AUxYPMB8G +A1UdIwQYMBaAFFi4pK986ZSB0BLiMm8ivu6AUxYPMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBAHYLaJVWrLHg+62jC8yIz9dbECIroX9Gb7Ll937H +Mum6Hj4wlImrifMVV3iORWBrBLvtTtn0Zno3mwfjLRQtkjOih71eJT+6//B7CT7n +oULJYVq8IRGErbKtmXULnxTajFApzO0v4hSu7rWj/Jfhil0TX7QgKNpgKzjYodWz +3oGGtchxvw3+v9wdIWD5Cj0bk/VMCQCaBV0anvyga7d4k8/zPF7nW2Z9jNfKsVD1 +piFa+Yd4zN6XOPPKiFXfLD7ht9i2gG25iS+d95tKg1DfjnRD7u0BJSOAPerxGtN/ +wf43qY1XzUoE2FBJ9QJGOA/02ffaUMOwSzICF/ShctH+Knk= +-----END CERTIFICATE----- diff --git a/src/security/core/tests/common/etc/default_permissions_ca_key.pem b/src/security/core/tests/common/etc/default_permissions_ca_key.pem new file mode 100644 index 0000000..e68bae1 --- /dev/null +++ b/src/security/core/tests/common/etc/default_permissions_ca_key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA01bDKtbcn5MLJpkfvur7b0YaoWxg/mu/1ylwv9MwM1xyw9hj +7VEDUr7MxFijUsbxV0k20mWHET62YRsrGxVRO2iPzNstVTg/iDSAiHpTssy/mVQR +nddgpa9ittlMUyh/atdBgZc87ukWe9s0BucyIuZqBErEon3WSri624wbdTquQIDu +LZLxwQhI07eAikVrQhknzJLzAOUpr8sbEv3QFhqwuxIDq3D/r04iJRRiqkxEP7HH +LJOQw7ftWOZ2IUsdr93E7wcfS3dDRTQCBk/27BhOBmk37ZQQWeO/cEMjJ1zdZrRR +pJ3Eu0dcw++DexG4f0JOqvgt7v/e5Nh6FgqB3QIDAQABAoIBABFHMKGZ+2OYc/rt +3eiP8YqBYr/7ylpCmOaQXsVwEKrCTiew00qdqvXi337V+FRWK3kFZVQCNO61/9ck +j3uhXIjM3aTT7nrfJGKQWEnQJnOhxbBVbTNIXoBtPFbSoSjTUMd9Xb+oi7TEna/2 +leRSloi/6b78FeNrAlANlklIxR3qTjRSxjGYVfukCWsKq3uFfWM4Wp9N1B1gsyRo +/SH2jOu0XTLNdajggtBKcFoqxVIiaetERKVRRid7pW0zwuYS5Zwv5Wtl3XMbUuAn +VGesMeCKAGpwkLjmvXKBE5setnd7cWBKdVKddYDkzbDvU7X6QEHFnac6m6OQ2P62 +QfkO94ECgYEA70tV55AreDnPQEpf698ZjA8pYvF90GfGx/Y4oYWU/s0IlD6Pfbsr +qkRu+1I+SUNZWARhirXmJzuOmJYUQRteCEq+6RPJzn5Jl9MtipOBAjI0h589dbAB +8m/BRk+bEZKCXLgVa0TyZ/gd/wDBxB+qd+bPep8nAl4krMWK9W1+DLECgYEA4hfP +EwUPMwHrGlq0oRUA08ssQ8XxVCKWeS3cLAJjO6EdJyIUm/8S/UZPBPeSkGyZeld+ +fY7z9ZV0HA338p5BYYDCqgJC6b5Ud5UV0yLkq01v6b0H3nSjTPcbA61l9laN0vhm +QJ/xTiAHgsGBbOx2VtwDoE8T1AbAaamcapqNYu0CgYAXCiPdRc5JpxdDU2Xk6fgl +uhf8BNBeTn+fJR/SvW/ZEJiw3U0nh+vuWuRsokCJAUkK5nEVz+m3AU77dgfBNQda +uQeknVki3pnrWlPaMdWMBpV0MWrTd/zYANaVFHkTug1/K+I0D9FfHU6WDNabMYlS +PhDf947j9XiGggadFsu6IQKBgQC6dgpIVFbZqU5cuMvZQToicaA68Kd7zN6uZ7z5 +6qouRkyFtpyqnq3pha+rmAYe6AGXnUrrgBcAxdYxQO/o/s1K/WcN0LmgjmCZErIi +I9fU0xNmAIjZ1PXMhsqXuMyrYWyrvkKOL5pR5SZsluwHieh68A5pim3+4eaT/dbL +MFVEbQKBgQDfkeApSfKATXJpYIV/tiGjmRkkYoZ6NVar92npjlb72jaA4V0gHmuD +9ttypXOJPB/5zMa5uL6drp3CLv/GcWekUiUUXuyKQpcxZWqxf/leh9gTgGDAH/k4 +4+zX4HLEzTmoOc0cqzi4w6pTIj29BOV5QpnnyUGyvj8NGNSdFvZFSQ== +-----END RSA PRIVATE KEY----- diff --git a/src/security/core/tests/common/handshake_test_utils.c b/src/security/core/tests/common/handshake_test_utils.c new file mode 100644 index 0000000..5385fe5 --- /dev/null +++ b/src/security/core/tests/common/handshake_test_utils.c @@ -0,0 +1,232 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include + +#include "CUnit/Test.h" +#include "dds/dds.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/heap.h" +#include "dds/security/dds_security_api.h" +#include "authentication_wrapper.h" +#include "handshake_test_utils.h" + +#define TIMEOUT DDS_SECS(2) + +struct Identity localIdentityList[MAX_LOCAL_IDENTITIES]; +int numLocal = 0; + +struct Identity remoteIdentityList[MAX_REMOTE_IDENTITIES]; +int numRemote = 0; + +struct Handshake handshakeList[MAX_HANDSHAKES]; +int numHandshake = 0; + +static void add_local_identity(DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) +{ + printf("add local identity %"PRId64"\n", handle); + localIdentityList[numLocal].handle = handle; + memcpy(&localIdentityList[numLocal].guid, guid, sizeof(DDS_Security_GUID_t)); + numLocal++; +} + +static int find_local_identity(DDS_Security_IdentityHandle handle) +{ + for (int i = 0; i < (int)numLocal; i++) + { + if (localIdentityList[i].handle == handle) + return i; + } + return -1; +} + +static int find_remote_identity(DDS_Security_IdentityHandle handle) +{ + for (int i = 0; i < numRemote; i++) + { + if (remoteIdentityList[i].handle == handle) + return i; + } + return -1; +} + +static void add_remote_identity(DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) +{ + if (find_remote_identity(handle) < 0) + { + printf("add remote identity %"PRId64"\n", handle); + remoteIdentityList[numRemote].handle = handle; + memcpy(&remoteIdentityList[numRemote].guid, guid, sizeof(DDS_Security_GUID_t)); + numRemote++; + } +} + +static void clear_stores(void) +{ + numLocal = 0; + numRemote = 0; + numHandshake = 0; +} + +static void add_handshake(DDS_Security_HandshakeHandle handle, int isRequest, DDS_Security_IdentityHandle lHandle, DDS_Security_IdentityHandle rHandle, DDS_Security_ValidationResult_t result) +{ + printf("add handshake %"PRId64"\n", handle); + handshakeList[numHandshake].handle = handle; + handshakeList[numHandshake].isRequest = isRequest; + handshakeList[numHandshake].handshakeResult = result; + handshakeList[numHandshake].lidx = find_local_identity(lHandle); + handshakeList[numHandshake].ridx = find_remote_identity(rHandle); + handshakeList[numHandshake].finalResult = DDS_SECURITY_VALIDATION_FAILED; + numHandshake++; +} + +static int find_handshake(DDS_Security_HandshakeHandle handle) +{ + for (int i = 0; i < numHandshake; i++) + { + if (handshakeList[i].handle == handle) + return i; + } + return -1; +} + +static char * get_validation_result_str(DDS_Security_ValidationResult_t result) +{ + switch (result) + { + case DDS_SECURITY_VALIDATION_OK: + return "ok"; + case DDS_SECURITY_VALIDATION_PENDING_RETRY: + return "pending retry"; + case DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_REQUEST: + return "handshake request"; + case DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE: + return "handshake message"; + case DDS_SECURITY_VALIDATION_OK_FINAL_MESSAGE: + return "ok final"; + default: + case DDS_SECURITY_VALIDATION_FAILED: + return "failed"; + } +} + +static bool handle_process_message(dds_domainid_t domain_id, DDS_Security_IdentityHandle handshake) +{ + struct message *msg; + bool result = false; + if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_PROCESS_HANDSHAKE, 0, 0, handshake, TIMEOUT))) + { + int idx; + if ((idx = find_handshake(msg->hsHandle)) >= 0) + { + printf("set handshake %"PRId64" final result to '%s'\n", msg->hsHandle, get_validation_result_str(msg->result)); + handshakeList[idx].finalResult = msg->result; + result = true; + } + test_authentication_plugin_release_msg(msg); + } + return result; +} + +static bool handle_begin_handshake_request(dds_domainid_t domain_id, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid, char ** err_msg) +{ + struct message *msg; + bool result = false; + printf("handle begin handshake request %"PRId64"<->%"PRId64"\n", lid, rid); + if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REQUEST, lid, rid, 0, TIMEOUT))) + { + add_handshake(msg->hsHandle, 1, msg->lidHandle, msg->ridHandle, msg->result); + if (msg->result == DDS_SECURITY_VALIDATION_OK) + result = handle_process_message(domain_id, msg->hsHandle); + else if (msg->result == DDS_SECURITY_VALIDATION_FAILED && err_msg) + *err_msg = ddsrt_strdup (msg->err_msg); + test_authentication_plugin_release_msg(msg); + } + return result; +} + +static bool handle_begin_handshake_reply(dds_domainid_t domain_id, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid, char ** err_msg) +{ + struct message *msg; + bool result = false; + printf("handle begin handshake reply %"PRId64"<->%"PRId64"\n", lid, rid); + if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REPLY, lid, rid, 0, TIMEOUT))) + { + add_handshake(msg->hsHandle, 0, msg->lidHandle, msg->ridHandle, msg->result); + if (msg->result == DDS_SECURITY_VALIDATION_OK) + result = handle_process_message(domain_id, msg->hsHandle); + else if (msg->result == DDS_SECURITY_VALIDATION_FAILED && err_msg) + *err_msg = ddsrt_strdup (msg->err_msg); + test_authentication_plugin_release_msg(msg); + } + return result; +} + +static bool handle_validate_remote_identity(dds_domainid_t domain_id, DDS_Security_IdentityHandle lid, int count, bool * is_hs_requester, char ** err_msg_req, char ** err_msg_reply) +{ + bool result = true; + struct message *msg; + assert(is_hs_requester); + while (count-- > 0 && result && (msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_VALIDATE_REMOTE_IDENTITY, lid, 0, 0, TIMEOUT))) + { + add_remote_identity(msg->ridHandle, &msg->rguid); + if (msg->result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_REQUEST) + { + result = handle_begin_handshake_request(domain_id, lid, msg->ridHandle, err_msg_req); + *is_hs_requester = true; + } + else if (msg->result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE) + { + result = handle_begin_handshake_reply(domain_id, lid, msg->ridHandle, err_msg_reply); + *is_hs_requester = false; + } + else + result = false; + + test_authentication_plugin_release_msg(msg); + } + return result; +} + +void validate_handshake(dds_domainid_t domain_id, bool exp_req_fail, const char * exp_req_msg, bool exp_reply_fail, const char * exp_reply_msg) +{ + printf("validate handshake for domain %d\n", domain_id); + clear_stores(); + + struct message *msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_VALIDATE_LOCAL_IDENTITY, 0, 0, 0, TIMEOUT); + CU_ASSERT_FATAL (msg != NULL); + add_local_identity (msg->lidHandle, &msg->lguid); + test_authentication_plugin_release_msg (msg); + bool is_requester = false; + char * err_msg_req = NULL, *err_msg_reply = NULL; + bool ret = handle_validate_remote_identity (domain_id, localIdentityList[0].handle, 1, &is_requester, &err_msg_req, &err_msg_reply); + CU_ASSERT_FATAL ((is_requester && ret != exp_req_fail) || (!is_requester && ret != exp_reply_fail)); + if (ret) + { + DDS_Security_ValidationResult_t exp_result = is_requester ? DDS_SECURITY_VALIDATION_OK_FINAL_MESSAGE : DDS_SECURITY_VALIDATION_OK; + CU_ASSERT_EQUAL_FATAL (handshakeList[0].finalResult, exp_result); + } + else if (is_requester && exp_req_msg) + { + CU_ASSERT_FATAL (err_msg_req && strstr(err_msg_req, exp_req_msg) != NULL); + } + else if (!is_requester && exp_reply_msg) + { + CU_ASSERT_FATAL (err_msg_reply && strstr(err_msg_reply, exp_reply_msg) != NULL); + } + if (err_msg_req) + ddsrt_free (err_msg_req); + if (err_msg_reply) + ddsrt_free (err_msg_reply); + printf ("finished validate handshake for domain %d\n\n", domain_id); +} + diff --git a/src/security/core/tests/common/handshake_test_utils.h b/src/security/core/tests/common/handshake_test_utils.h new file mode 100644 index 0000000..9ca8afb --- /dev/null +++ b/src/security/core/tests/common/handshake_test_utils.h @@ -0,0 +1,48 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_HANDSHAKE_TEST_UTILS_H_ +#define SECURITY_CORE_HANDSHAKE_TEST_UTILS_H_ + +#include "dds/dds.h" +#include "dds/ddsrt/sync.h" + +#include "dds/security/dds_security_api.h" + +#define MAX_LOCAL_IDENTITIES 8 +#define MAX_REMOTE_IDENTITIES 8 +#define MAX_HANDSHAKES 32 +#define TIMEOUT DDS_SECS(2) + +union guid { + DDS_Security_GUID_t g; + unsigned u[4]; +}; + +struct Identity +{ + DDS_Security_IdentityHandle handle; + union guid guid; +}; + +struct Handshake +{ + DDS_Security_HandshakeHandle handle; + int isRequest; + int lidx; + int ridx; + DDS_Security_ValidationResult_t handshakeResult; + DDS_Security_ValidationResult_t finalResult; +}; + +void validate_handshake(dds_domainid_t domain_id, bool exp_req_fail, const char * exp_req_msg, bool exp_reply_fail, const char * exp_reply_msg); + +#endif /* SECURITY_CORE_HANDSHAKE_TEST_UTILS_H_ */ diff --git a/src/security/core/tests/common/plugin_wrapper_msg_q.c b/src/security/core/tests/common/plugin_wrapper_msg_q.c new file mode 100644 index 0000000..3ecad82 --- /dev/null +++ b/src/security/core/tests/common/plugin_wrapper_msg_q.c @@ -0,0 +1,134 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include +#include "dds/dds.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_utils.h" +#include "plugin_wrapper_msg_q.h" + +void insert_message(struct message_queue *queue, struct message *msg) +{ + ddsrt_mutex_lock(&queue->lock); + if (!queue->head) + queue->head = msg; + else + queue->tail->next = msg; + queue->tail = msg; + + ddsrt_cond_signal(&queue->cond); + ddsrt_mutex_unlock(&queue->lock); +} + +void add_message(struct message_queue *queue, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, + const DDS_Security_GUID_t *lguid, const DDS_Security_GUID_t *rguid, DDS_Security_ValidationResult_t result, const char * err_msg, + const DDS_Security_DataHolder *token, void *instance) +{ + struct message *msg = ddsrt_malloc(sizeof(*msg)); + memset(msg, 0, sizeof(*msg)); + msg->kind = kind; + msg->lidHandle = lidHandle; + msg->ridHandle = ridHandle; + msg->hsHandle = hsHandle; + msg->result = result; + msg->err_msg = ddsrt_strdup (err_msg ? err_msg : ""); + if (lguid) + memcpy(&msg->lguid, lguid, sizeof(msg->lguid)); + if (rguid) + memcpy(&msg->rguid, rguid, sizeof(msg->rguid)); + if (token) + DDS_Security_DataHolder_copy(&msg->token, token); + msg->instance = instance; + + insert_message(queue, msg); +} + +void delete_message(struct message *msg) +{ + if (msg) + { + DDS_Security_DataHolder_deinit(&msg->token); + ddsrt_free(msg->err_msg); + ddsrt_free(msg); + } +} + +void init_message_queue(struct message_queue *queue) +{ + queue->head = NULL; + queue->tail = NULL; + ddsrt_mutex_init(&queue->lock); + ddsrt_cond_init(&queue->cond); +} + +void deinit_message_queue(struct message_queue *queue) +{ + struct message *msg = queue->head; + while (msg) + { + queue->head = msg->next; + delete_message(msg); + msg = queue->head; + } + ddsrt_cond_destroy(&queue->cond); + ddsrt_mutex_destroy(&queue->lock); +} + +int message_matched(struct message *msg, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle) +{ + return msg->kind == kind && + (!lidHandle || msg->lidHandle == lidHandle) && + (!ridHandle || msg->ridHandle == ridHandle) && + (!hsHandle || msg->hsHandle == hsHandle); +} + +struct message * take_message(struct message_queue *queue, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout) +{ + struct message *msg = NULL, *cur, *prev; + int r = 1; + ddsrt_mutex_lock(&queue->lock); + do + { + cur = queue->head; + prev = NULL; + while (cur && !msg) + { + if (message_matched(cur, kind, lidHandle, ridHandle, hsHandle)) + { + msg = cur; + if (prev) + prev->next = msg->next; + else + queue->head = msg->next; + if (queue->tail == msg) + queue->tail = prev; + } + else + { + prev = cur; + cur = cur->next; + } + } + if (!msg) + { + if (!ddsrt_cond_waitfor(&queue->cond, &queue->lock, timeout)) + r = 0; + } + } while (r && !msg); + + ddsrt_mutex_unlock(&queue->lock); + return msg; +} diff --git a/src/security/core/tests/common/plugin_wrapper_msg_q.h b/src/security/core/tests/common/plugin_wrapper_msg_q.h new file mode 100644 index 0000000..32ec557 --- /dev/null +++ b/src/security/core/tests/common/plugin_wrapper_msg_q.h @@ -0,0 +1,62 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_PLUGIN_WRAPPER_MSG_Q_H_ +#define SECURITY_CORE_PLUGIN_WRAPPER_MSG_Q_H_ + +#include "dds/dds.h" +#include "dds/ddsrt/sync.h" + +#include "dds/security/dds_security_api.h" + +typedef enum { + MESSAGE_KIND_VALIDATE_LOCAL_IDENTITY, + MESSAGE_KIND_VALIDATE_REMOTE_IDENTITY, + MESSAGE_KIND_BEGIN_HANDSHAKE_REQUEST, + MESSAGE_KIND_BEGIN_HANDSHAKE_REPLY, + MESSAGE_KIND_PROCESS_HANDSHAKE +} message_kind_t; + +struct message { + message_kind_t kind; + DDS_Security_IdentityHandle lidHandle; + DDS_Security_IdentityHandle ridHandle; + DDS_Security_IdentityHandle hsHandle; + DDS_Security_GUID_t lguid; + DDS_Security_GUID_t rguid; + DDS_Security_ValidationResult_t result; + char * err_msg; + DDS_Security_DataHolder token; + void *instance; + struct message *next; +}; + +struct message_queue { + ddsrt_mutex_t lock; + ddsrt_cond_t cond; + struct message *head; + struct message *tail; +}; + +struct dds_security_authentication_impl; + +void insert_message(struct message_queue *queue, struct message *msg); +void add_message(struct message_queue *queue, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, + const DDS_Security_GUID_t *lguid, const DDS_Security_GUID_t *rguid, DDS_Security_ValidationResult_t result, const char * err_msg, + const DDS_Security_DataHolder *token, void *instance); +void delete_message(struct message *msg); +void init_message_queue(struct message_queue *queue); +void deinit_message_queue(struct message_queue *queue); +int message_matched(struct message *msg, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle); +struct message * take_message(struct message_queue *queue, message_kind_t kind, DDS_Security_IdentityHandle lidHandle, DDS_Security_IdentityHandle ridHandle, DDS_Security_IdentityHandle hsHandle, dds_duration_t timeout); + + +#endif /* SECURITY_CORE_PLUGIN_WRAPPER_MSG_Q_H_ */ diff --git a/src/security/core/tests/common/security_config_test_utils.c b/src/security/core/tests/common/security_config_test_utils.c new file mode 100644 index 0000000..c67a4d8 --- /dev/null +++ b/src/security/core/tests/common/security_config_test_utils.c @@ -0,0 +1,156 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "CUnit/Test.h" +#include "dds/dds.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/expand_vars.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/string.h" +#include "common/config_env.h" +#include "security_config_test_utils.h" + +static const char *governance_xml = + "" + "" + " " + " " + " " + " " + " 0" + " 230" + " " + " " + " ${ALLOW_UNAUTH_PP:-false}" + " ${ENABLE_JOIN_AC:-false}" + " ${DISCOVERY_PROTECTION_KIND:-NONE}" + " ${LIVELINESS_PROTECTION_KIND:-NONE}" + " ${RTPS_PROTECTION_KIND:-NONE}" + " " + " " + " *" + " ${ENABLE_DISC_PROTECTION:-false}" + " ${ENABLE_LIVELINESS_PROTECTION:-false}" + " ${ENABLE_READ_AC:-false}" + " ${ENABLE_WRITE_AC:-false}" + " ${METADATA_PROTECTION_KIND:-NONE}" + " ${DATA_PROTECTION_KIND:-NONE}" + " " + " " + " " + " " + ""; + +const char * expand_lookup_vars(const char *name, void * data) +{ + const struct kvp *vars = (struct kvp *)data; + for (uint32_t i = 0; vars[i].key != NULL; i++) + { + if (!strcmp(vars[i].key, name)) + return vars[i].value; + } + return NULL; +} + +const char * expand_lookup_vars_env(const char *name, void * data) +{ + const char *env; + if ((env = expand_lookup_vars (name, data))) + return env; + return ((ddsrt_getenv(name, &env)) == DDS_RETCODE_OK) ? env : NULL; +} + +static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data) +{ + // Read CA certificate + BIO *ca_cert_bio = BIO_new (BIO_s_file ()); + if (BIO_read_filename (ca_cert_bio, ca_cert_path) <= 0) + { + printf ("Error reading CA certificate file %s\n", ca_cert_path); + CU_ASSERT_FATAL (false); + } + + // Read CA private key + BIO *ca_priv_key_bio = BIO_new (BIO_s_file ()); + if (BIO_read_filename (ca_priv_key_bio, ca_priv_key_path) <= 0) + { + printf ("Error reading CA private key file %s\n", ca_priv_key_path); + CU_ASSERT_FATAL (false); + } + + // Create Openssl certificate and private key from the BIO's + X509 *ca_cert = PEM_read_bio_X509_AUX (ca_cert_bio, NULL, NULL, NULL); + EVP_PKEY* ca_priv_key = PEM_read_bio_PrivateKey (ca_priv_key_bio, NULL, 0, NULL); + + // Read the data + BIO *data_bio = BIO_new (BIO_s_mem ()); + if (BIO_puts (data_bio, data) <= 0) { + printf ("Error getting configuration data for signing\n"); + CU_ASSERT_FATAL (false); + } + + // Create the data signing object + PKCS7 *signed_data = PKCS7_sign (ca_cert, ca_priv_key, NULL, data_bio, PKCS7_DETACHED | PKCS7_STREAM | PKCS7_TEXT); + if (!signed_data) { + printf ("Error signing configuration data\n"); + CU_ASSERT_FATAL (false); + } + + // Create BIO for writing output + BIO *output_bio = BIO_new (BIO_s_mem ()); + if (!SMIME_write_PKCS7 (output_bio, signed_data, data_bio, PKCS7_DETACHED | PKCS7_STREAM | PKCS7_TEXT)) { + printf ("Error writing signed XML configuration\n"); + CU_ASSERT_FATAL (false); + } + + // Get string + char *output_tmp = NULL; + size_t output_sz = (size_t)BIO_get_mem_data (output_bio, &output_tmp); + char * output = ddsrt_malloc(output_sz + 1); + memcpy(output, output_tmp, output_sz); + output[output_sz] = 0; + + BIO_free (output_bio); + PKCS7_free (signed_data); + BIO_free (data_bio); + EVP_PKEY_free (ca_priv_key); + X509_free (ca_cert); + BIO_free (ca_priv_key_bio); + BIO_free (ca_cert_bio); + + return output; +} + +static char *get_signed_governance_data(const char *gov_xml) +{ + return smime_sign ( + COMMON_ETC_PATH("default_permissions_ca.pem"), + COMMON_ETC_PATH("default_permissions_ca_key.pem"), + gov_xml); +} + +char * get_governance_config(struct kvp *config_vars) +{ + char * config = ddsrt_expand_vars(governance_xml, &expand_lookup_vars, config_vars); + char * config_signed = get_signed_governance_data(config); + ddsrt_free (config); + return config_signed; +} diff --git a/src/security/core/tests/common/security_config_test_utils.h b/src/security/core/tests/common/security_config_test_utils.h new file mode 100644 index 0000000..d2c8635 --- /dev/null +++ b/src/security/core/tests/common/security_config_test_utils.h @@ -0,0 +1,28 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_CORE_TEST_SECURITY_CONFIG_TEST_UTILS_H_ +#define SECURITY_CORE_TEST_SECURITY_CONFIG_TEST_UTILS_H_ + +#include +#include "dds/ddsrt/environ.h" + +struct kvp { + const char *key; + const char *value; +}; + +const char * expand_lookup_vars (const char *name, void * data); +const char * expand_lookup_vars_env (const char *name, void * data); + +char * get_governance_config (struct kvp *config_vars); + +#endif /* SECURITY_CORE_TEST_SECURITY_CONFIG_TEST_UTILS_H_ */ diff --git a/src/security/core/tests/common/test_identity.h b/src/security/core/tests/common/test_identity.h new file mode 100644 index 0000000..2fbcd3b --- /dev/null +++ b/src/security/core/tests/common/test_identity.h @@ -0,0 +1,184 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#ifndef PLUGIN_SECURITY_CORE_TEST_IDENTITY_H_ +#define PLUGIN_SECURITY_CORE_TEST_IDENTITY_H_ + +#define TEST_IDENTITY_CERTIFICATE_DUMMY "testtext_IdentityCertificate_testtext" +#define TEST_IDENTITY_PRIVATE_KEY_DUMMY "testtext_PrivateKey_testtext" +#define TEST_IDENTITY_CA_CERTIFICATE_DUMMY "testtext_IdentityCA_testtext" + +#define TEST_IDENTITY_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\ +MIIEDTCCAvUCFHZ4yXyk/9yeMxgHs6Ib0bLKhXYuMA0GCSqGSIb3DQEBCwUAMIHA\n\ +MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h\n\ +bWUxEzARBgNVBAsMCkV4YW1wbGUgT1UxIzAhBgNVBAoMGkV4YW1wbGUgSUQgQ0Eg\n\ +T3JnYW5pemF0aW9uMRYwFAYDVQQDDA1FeGFtcGxlIElEIENBMTowOAYJKoZIhvcN\n\ +AQkBFithdXRob3JpdHlAY3ljbG9uZWRkc3NlY3VyaXR5LmFkbGlua3RlY2guY29t\n\ +MB4XDTIwMDIyNzE5MjQwMVoXDTMwMDIyNDE5MjQwMVowgcQxCzAJBgNVBAYTAk5M\n\ +MQswCQYDVQQIDAJPVjEWMBQGA1UEBwwNTG9jYWxpdHkgTmFtZTEhMB8GA1UECwwY\n\ +T3JnYW5pemF0aW9uYWwgVW5pdCBOYW1lMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2Fu\n\ +aXphdGlvbjEWMBQGA1UEAwwNQWxpY2UgRXhhbXBsZTE2MDQGCSqGSIb3DQEJARYn\n\ +YWxpY2VAY3ljbG9uZWRkc3NlY3VyaXR5LmFkbGlua3RlY2guY29tMIIBIjANBgkq\n\ +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mEhLZIP2ko1bRJyJCwbnvhIpXFv6GOh\n\ +nvuS5v8tsTju40O62NNQmKT/my1QVKiUu7OoWZtLNBebgxgJ851eQ4TBRXy/f2jG\n\ +kLPYM22dohLTblVCpGutn+Itw3QRM3nkne7Sk8O6FP6NH6Y+7gkjxy5kI3GvhuIC\n\ +uBIzAV4dHK+hPlCn/Z+W33W71/ZAmnmI+2GaWiu5tjAQyFcmqWbi0BD7TWqBqidZ\n\ +2n7LTImUtp8NrYLfhzvgNLr9BZe7uf+T3mgdwcHtfi98GA94Lo6lqGeygiwig746\n\ +Y5uW4c6whsbd6riJ8FG1l8O86Ump4bSKChxjeoTLj4M4KX615kYa4QIDAQABMA0G\n\ +CSqGSIb3DQEBCwUAA4IBAQAM2g7v3FaA+d1zDkvDF5emCRL+R9H8pgimEOENrZTV\n\ +iK/kl8Hm7xkO7/LZ3y/kXpQpth8FtFS6LsZBAXPYabfADeDFVImnOD6UbWewwHQR\n\ +01gxkmYL/1nco/g3AsX/Ledh2ihwClGp+d6vNm5xF+Gw8Ux0YvH/aHy4RKg7mE/S\n\ +nonfHWRlT2tw1OtohTVhmBn00Jvj0IzSAiNvpmZHVRLYL9JRb5awYSX5XGetpoFM\n\ +VwzWIaZ06idvCtPKTfP71jJypV3+I2g5PNqranbuMv5nNAKZq1QlSB07f2Z1VIu6\n\ +6jeSZSADfm73qnE2Kj1PiZkPn0Wu+K24GXCvdILATcUS\n\ +-----END CERTIFICATE-----" + +#define TEST_IDENTITY_PRIVATE_KEY "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIEpQIBAAKCAQEA5mEhLZIP2ko1bRJyJCwbnvhIpXFv6GOhnvuS5v8tsTju40O6\n\ +2NNQmKT/my1QVKiUu7OoWZtLNBebgxgJ851eQ4TBRXy/f2jGkLPYM22dohLTblVC\n\ +pGutn+Itw3QRM3nkne7Sk8O6FP6NH6Y+7gkjxy5kI3GvhuICuBIzAV4dHK+hPlCn\n\ +/Z+W33W71/ZAmnmI+2GaWiu5tjAQyFcmqWbi0BD7TWqBqidZ2n7LTImUtp8NrYLf\n\ +hzvgNLr9BZe7uf+T3mgdwcHtfi98GA94Lo6lqGeygiwig746Y5uW4c6whsbd6riJ\n\ +8FG1l8O86Ump4bSKChxjeoTLj4M4KX615kYa4QIDAQABAoIBAAtNMoJ4ytxLjaln\n\ +IUBTBZvb1DyBfxroYFJbRw6b8BLklxuBBBaE70w9s+hZ5bnxdzJqEtUqgBrzGYbp\n\ +0/smeixXw99zyjUm367Tk8SaGQSNZd/gwN8uBRt1zgbrl7htv2BcCeqDzIohHq0x\n\ +y56DxkSMKw9uEU1NoxKCmgv0IPt6LlvjCwFhDv8iLu4lvu61F+ovVYIM6UXJJH0G\n\ +bHcJ1XnFBj5jCJFAWZRq7KxBgc4K3DlG+J7JcGEz89ZnZfGwcIiLqJ4rbU7E0ZE8\n\ +LslIHOwodtMDReIRWl6wEYmvd3mQizTXj2EWlRywQ/P3yFlxuHsGxPtRxdWoyXDc\n\ +Ii7GZK0CgYEA9KA+uEAMA5jZK0h1EMFoTiOIRe0x8CjlrHg4l0zU0ElcMeUXwoci\n\ +XqM0sjARiNgqkcMaONCb5bKgyxncWyWcamUxgp+bi2FUQIlBKHb56TCioPP0zzc6\n\ +yCiQ2cA8QW9PjL0WScJz3bCzeXrQceGZenDpPyphYE7SIUaRAOlMTMMCgYEA8RdP\n\ +QfYbOrcwgZB8ZycFE7lpZibe7Wh4UI1b/ipNZKcncr2pOZR+gVNv6eDQbV4z9xZY\n\ +5K6oU3rUcFHf0ZAi9xIpNzcq9q4+qOGO2OCEZX5tewXjKw9rwyDPUbv3yToFyZ9w\n\ +YwEKLfUgnYzpd5qn2NXa/pAZIoTh5ILF+EezD4sCgYEAr2lg0BoNA19NCn5wg01M\n\ +kAtmok3Nq1qIJr4mRkfvqlOQaq7N9M2V1arOFJ/nUus+yzrNyMO9pl4Kctjea/Vy\n\ +TdC2SeZNUQq/sW86a9u0pIQdebC1cQk3e2OrSplQG9PHhTHpk4Z+Mw+MAqYQZjjR\n\ +Jz1j48lt/fNHNlk1jSO9dKUCgYEAuYkJuqZuMBJ4Zs1Nn4ic1KAUp8N0Pdnu9XbD\n\ +++aMJtCogBnLWH+Zl2chsigL3o7niNiO0nZDHfNh94pap4i4D9HPHCn9i1du60Ki\n\ +Tu8BlKXmFQ3j0+iLMuBWC/2O5DId8BseP2K2dcW2MukVZrEDSNDTNqKoZTNEMDof\n\ +pkFvYJ8CgYEA6du9DFFZzIp5tuSIfVqCq5oxiNrRGJ/EpJEneBexrX56cC90sqLM\n\ +ecxDkgEVC592b004K1mjak3w6O0jYozQM1uvve38nZyMgtbMo3ORCtAO6Xszj8Oj\n\ +yNw1+km1Zy6EWdFEMciEFlbRwWVmDfE/um9LZsSWbmuWAOTww9GBDhc=\n\ +-----END RSA PRIVATE KEY-----" + + +#define TEST_IDENTITY_CA_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\ +MIIEYzCCA0ugAwIBAgIUOp5yaGGuh0vaQTZHVPkX5jHoc/4wDQYJKoZIhvcNAQEL\n\ +BQAwgcAxCzAJBgNVBAYTAk5MMQswCQYDVQQIDAJPVjEWMBQGA1UEBwwNTG9jYWxp\n\ +dHkgTmFtZTETMBEGA1UECwwKRXhhbXBsZSBPVTEjMCEGA1UECgwaRXhhbXBsZSBJ\n\ +RCBDQSBPcmdhbml6YXRpb24xFjAUBgNVBAMMDUV4YW1wbGUgSUQgQ0ExOjA4Bgkq\n\ +hkiG9w0BCQEWK2F1dGhvcml0eUBjeWNsb25lZGRzc2VjdXJpdHkuYWRsaW5rdGVj\n\ +aC5jb20wHhcNMjAwMjI3MTkyMjA1WhcNMzAwMjI0MTkyMjA1WjCBwDELMAkGA1UE\n\ +BhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0eSBOYW1lMRMwEQYD\n\ +VQQLDApFeGFtcGxlIE9VMSMwIQYDVQQKDBpFeGFtcGxlIElEIENBIE9yZ2FuaXph\n\ +dGlvbjEWMBQGA1UEAwwNRXhhbXBsZSBJRCBDQTE6MDgGCSqGSIb3DQEJARYrYXV0\n\ +aG9yaXR5QGN5Y2xvbmVkZHNzZWN1cml0eS5hZGxpbmt0ZWNoLmNvbTCCASIwDQYJ\n\ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALKhk7JXUpqJphyOC6oOI00LH49WTtO2\n\ +GCgDyJhcRYYAm7APMtmEDH+zptvd34N4eSu03Dc65cB/XN4Lbi2TjolVvKz0hHjz\n\ +tzmQT5jTgb1UkJX4NjKGw+RrYe9Ls0kfoAL2kvb12kmd1Oj4TIKMZP9TCrz7Vw8m\n\ +cZKQxZ56bLys6cU2XdiTp3v+Ef/vMll4+DINj4ZAMWL3CkT+q1G6ZxHRpFlsIyhc\n\ +Q1wX6gxUoY6cQdBA7TehKCCEWz4L1KM1A18ZmCHmjTniU0ssLoiAzsQs4b6Fnw8Z\n\ +MLFj8ocwzN5g66gJJWGofakXqX/V24KbGl54WX2X7FYU0tGzR234DXcCAwEAAaNT\n\ +MFEwHQYDVR0OBBYEFGeCcK8B74QWCuuCjlSUzOBBUTF5MB8GA1UdIwQYMBaAFGeC\n\ +cK8B74QWCuuCjlSUzOBBUTF5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\n\ +BQADggEBAJQeMc4XzMFnpQKCb58rzRs3Wt9FmZZS4O596sHxMEewTkEHm5gLYMzF\n\ +9JYEdUiLoTurQuIr0KgPi+Q3kliQdLfrVPbdWTmlUDZARR5ir5d1gGHST6qnb3Xi\n\ +mG+7nwle9R/hLrtPio+gYRgwJEiS55f6p0/E1wDcc+6numvjCRQ/CGIiJfwD/R+d\n\ +pv93YLEfuliZttfBc/apIu6OL4chxF+3QgSw1ltV5nXXqDTGHMRZENkp3Yiolumc\n\ +6smL4uA7Q812pVcENi3MLjdJgBS/8DcSBQHspVuXugaKKPDMkJnD0IyLWc8vLXh4\n\ +O7JdDrmusJAZA9RsTkinl3DuPfF34Sk=\n\ +-----END CERTIFICATE-----" + + +#define TEST_IDENTITY2_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\ +MIIEDjCCAvYCFDEZQzcfGKK8IKNyH+AdNSjdyVgnMA0GCSqGSIb3DQEBCwUAMIHF\n\ +MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h\n\ +bWUxEzARBgNVBAsMCkV4YW1wbGUgT1UxJTAjBgNVBAoMHEV4YW1wbGUgSUQgQ0Eg\n\ +MiBPcmdhbml6YXRpb24xGDAWBgNVBAMMD0V4YW1wbGUgSUQgQ0EgMjE7MDkGCSqG\n\ +SIb3DQEJARYsYXV0aG9yaXR5MkBjeWNsb25lZGRzc2VjdXJpdHkuYWRsaW5rdGVj\n\ +aC5jb20wHhcNMjAwMjI3MTkyNjIwWhcNMzAwMjI0MTkyNjIwWjCBwDELMAkGA1UE\n\ +BhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0eSBOYW1lMSEwHwYD\n\ +VQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxHTAbBgNVBAoMFEV4YW1wbGUg\n\ +T3JnYW5pemF0aW9uMRQwEgYDVQQDDAtCb2IgRXhhbXBsZTE0MDIGCSqGSIb3DQEJ\n\ +ARYlYm9iQGN5Y2xvbmVkZHNzZWN1cml0eS5hZGxpbmt0ZWNoLmNvbTCCASIwDQYJ\n\ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMAQM9eN0zjTTdZALCTijog0oqx/kqnW\n\ +VtVWjV/c34OyPvUuH/DNRH6Cr0fI76UiooLD9nfvHe52X8oZH8WqNW7m7g7dMliu\n\ +DJD3yVpdLRmTTgl40ES8MTqmdb2y8ut70MJf5nUz0EQs9lXvnT0ru0B2CfyubiPt\n\ +aLSfyDoVBkRLbfzeqaNEQe7Ta6mQKZOckb6BHcaInb9GYEsU+OyOHuf2tCVNnRIH\n\ +ALiTPbA7rRS/J7ICS904/qz7w6km9Ta/oYQI5n0np64L+HqgtYZgIlVURW9grg2p\n\ +BuaX+xnJdRZbLQ0YYs+Gpmc1Vnykd+c2b0KP7zyHf8WFk9vV5W1ah2sCAwEAATAN\n\ +BgkqhkiG9w0BAQsFAAOCAQEA1RHDhLZf/UOR+azuH2lvD7ioSGRtdaOdJchSPdMk\n\ +v1q74PsHgm4/QAadVPdzvaIVV9kDfo6kGMzh+dCtq69EqVOavw1WUDo/NfuVSbgA\n\ +W7yeA39o3ROMO9UgbE5T3BPLq/XSXdIisP9OA4uXCnt22JELJaSv4m59FHg5gnQ7\n\ +2qOWRM7hi/+cQwescE+lDRw7PUzW8SS1HkQA1DmdtIIpWVuvYj7EPUNQX3jIetn8\n\ +AuPUgPJObxJhxJSC4p5qy37pYZHiNH1wG/+BDHgZo3wNwFsWqxabKziGB8XU3INc\n\ +USI3GDWM2jjElMSnDCj4ChM5wFbwWrqwdOEzeGWBWbo3hQ==\n\ +-----END CERTIFICATE-----" + +#define TEST_IDENTITY2_PRIVATE_KEY "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIEpQIBAAKCAQEAwBAz143TONNN1kAsJOKOiDSirH+SqdZW1VaNX9zfg7I+9S4f\n\ +8M1EfoKvR8jvpSKigsP2d+8d7nZfyhkfxao1bubuDt0yWK4MkPfJWl0tGZNOCXjQ\n\ +RLwxOqZ1vbLy63vQwl/mdTPQRCz2Ve+dPSu7QHYJ/K5uI+1otJ/IOhUGREtt/N6p\n\ +o0RB7tNrqZApk5yRvoEdxoidv0ZgSxT47I4e5/a0JU2dEgcAuJM9sDutFL8nsgJL\n\ +3Tj+rPvDqSb1Nr+hhAjmfSenrgv4eqC1hmAiVVRFb2CuDakG5pf7Gcl1FlstDRhi\n\ +z4amZzVWfKR35zZvQo/vPId/xYWT29XlbVqHawIDAQABAoIBAFNm9cw15zI2+AcA\n\ +yOqfgzt8d+OmZl7gF8b+lde6B0meHp7Dj9U2nfa98zWd+QrhtmZIiH/eU0YZG1Gc\n\ +hWKFnjxxhZDo1xMRSZ2uLD7UVWBUyj9suiwO+OW6IUjmK3y8wJOXp3DftiHU0IfS\n\ +zJoiombEm2Ohr2xkjOJavE0UkisXQauc3K5AKv9coW9W6hzZf330Sm4sokmC5D3B\n\ +GcO/Keof2k2sFuv56wXPi9eGuXCEB2trhHhrxqncvb/fbRwpG1ELQsvZBnyuNNnY\n\ +FQcLYl52gkttP6EGvRPw1DFbQwsAJKnXBC7ddJaAl+JoKYAcGTt0+mRm0Z8ltzWl\n\ +c6uZQsECgYEA4NGiUMNq9kSn/6tQyPcsrphJ5uobu/svLaBipZ0vv2yQP3wQ5NPA\n\ +06KjwSm8gg8BLi0LCKplSxY09TwgUsc9unRkDTQ/eflgjdGA76lFKOjvLQdutxn7\n\ +eYNbx81WMY6E6n4y6K+2szpqW+Ds1At4ORRvweJWdFyc01bTqWNeuYsCgYEA2rOO\n\ +Ye6H2VixUfXzXwevBd4QyFJITW46WqnbYDFcUzf9pYBZfZoHU0YJqolDIhHhtHnG\n\ +soRi0Uk5P9D7Lvu+ZHAGQJrdmNELOMoqMNOqXcAdvK44qLLMwaLC8PS2zDIATrhZ\n\ +nc0TbeZJC8MynfIpxDsBVVMOa8u4eHRFdpk8ZaECgYEAlzuuCtJKQ7vPn2dpAqdz\n\ +gUekfxeA7KV+CR1Y/ruMgSLQrkQRQT1I+5Tuv2QKERty2dMnFv85AJfBrC50N/sb\n\ +hTAClfdNtAmTcBM8vvuJMInxSsMzMSzjQ8yfkvqIPvH2a5/VMz3wkwR6w6+84K+O\n\ +gidDPpO5QLGENY6097+G2x0CgYEAk7cdX0YGGaZPNiWiOLhu3c6slTEGRs5BucTq\n\ +OGF+k3LI7kTvrOchNXyjwLyvTE65nPV3YFIMkIEdmt3jGkvMv/fuMSqoq7PeGYBq\n\ +2MnOUz4Ul8Ew4bjKlasCck9HPEo1bPYVCYFfMyaMhdZU1NugnDqiXugXYHWb5jfa\n\ +Rw2e/qECgYEA3PvLLHklsRts6P37iSwUmDnkiopSSPfVdGXpDDGD/RbLpG6cSLRm\n\ +uh5n9+nxa2YXi0+LMLQvGpCSWk2k2qaRPpe2mahy9yAYrLhfDDcuGpSvw5BBJ3qw\n\ +mi1HgIUzXZTRBNamYCltJWYnN0hOlSL6vcHgeJ9y1gSDh0QqB2BG8HY=\n\ +-----END RSA PRIVATE KEY-----" + + +#define TEST_IDENTITY_CA2_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\ +MIIEbTCCA1WgAwIBAgIUL0mSpPRgzveYTJ8UHSmOIwkIjjYwDQYJKoZIhvcNAQEL\n\ +BQAwgcUxCzAJBgNVBAYTAk5MMQswCQYDVQQIDAJPVjEWMBQGA1UEBwwNTG9jYWxp\n\ +dHkgTmFtZTETMBEGA1UECwwKRXhhbXBsZSBPVTElMCMGA1UECgwcRXhhbXBsZSBJ\n\ +RCBDQSAyIE9yZ2FuaXphdGlvbjEYMBYGA1UEAwwPRXhhbXBsZSBJRCBDQSAyMTsw\n\ +OQYJKoZIhvcNAQkBFixhdXRob3JpdHkyQGN5Y2xvbmVkZHNzZWN1cml0eS5hZGxp\n\ +bmt0ZWNoLmNvbTAeFw0yMDAyMjcxNjI3MjRaFw0zMDAyMjQxNjI3MjRaMIHFMQsw\n\ +CQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUx\n\ +EzARBgNVBAsMCkV4YW1wbGUgT1UxJTAjBgNVBAoMHEV4YW1wbGUgSUQgQ0EgMiBP\n\ +cmdhbml6YXRpb24xGDAWBgNVBAMMD0V4YW1wbGUgSUQgQ0EgMjE7MDkGCSqGSIb3\n\ +DQEJARYsYXV0aG9yaXR5MkBjeWNsb25lZGRzc2VjdXJpdHkuYWRsaW5rdGVjaC5j\n\ +b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDk+ewDf871kPgBqXkm\n\ +UEXdf/vqWWoKx3KfJ4N3Gq4vt/cDOMs0xakpqr5uxm787AvbOui4P8QmT8naLhAA\n\ +TvHtNGg2LV0ZQtLcVVFsXXsBYDUEbLJYmCBtJU8zSfLLzgtN+z9nVqLthAcVyGhZ\n\ +iEkCfXKS4XzwjFUxgrXUM1VSiHHz8DbreQFDTF8mVavZ75HjieuHz1OcSaoIHCIF\n\ +mhPDlxRR/qZpc3Y52NZMNRHVPj4Tmc3N4H2eneeoG7nVn0MgNuqbssezeQtUOOoH\n\ +DgPGp3xzd8XQxaF5hVIM9E7aL77kw5v4gwccjL5xWC72zzxC3c1ltmbaEcwhHGsu\n\ +MR4lAgMBAAGjUzBRMB0GA1UdDgQWBBTTpmGTY5teWrZBA8Sd7kL5Lg/JmjAfBgNV\n\ +HSMEGDAWgBTTpmGTY5teWrZBA8Sd7kL5Lg/JmjAPBgNVHRMBAf8EBTADAQH/MA0G\n\ +CSqGSIb3DQEBCwUAA4IBAQCbelDJr9sVsYgQSp4yzSOSop5DSOWCweBF56NatcbY\n\ +3HUYc4iaH4NcB04WFkUl2XmqVCAM0zbmV0q4HoQikTK5PBHmwxuuD2HhPDWtMeFR\n\ +W96BjzGVpV27yaNIPvLwjTVV+A72r4vRvufiFhrMCovRwlWgHY6+gXKfrtyljTZ0\n\ +m1mENHOJOQWDXFAXP5yiehSMKy/izKvQ1G1hLErYMMc+sdgF/9X2KaudnTakTW0d\n\ +44kXUFKSU7mqV44D12unxCNODclznd31tiJ+70U39AXlR2BzwBzyFzPCh5JYtMog\n\ +TwbdLY3LN40gpkDUxIIH115D7ujUKNd8s2gmSHOCm1ar\n\ +-----END CERTIFICATE-----" + + +#endif /* PLUGIN_SECURITY_CORE_TEST_IDENTITY_H_ */ diff --git a/src/security/core/tests/config.c b/src/security/core/tests/config.c new file mode 100644 index 0000000..6bfc918 --- /dev/null +++ b/src/security/core/tests/config.c @@ -0,0 +1,631 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsi/q_misc.h" +#include "dds/ddsi/ddsi_xqos.h" +#include "dds/security/dds_security_api_defs.h" +#include "common/config_env.h" +#include "common/test_identity.h" + +#define PROPLIST(init_auth, fin_auth, init_crypto, fin_crypto, init_ac, fin_ac, perm_ca, gov, perm, pre_str, post_str, binprops) \ + "property_list={" pre_str \ + "0:\"dds.sec.auth.library.path\":\""WRAPPERLIB_PATH("dds_security_authentication_wrapper")"\"," \ + "0:\"dds.sec.auth.library.init\":\""init_auth"\"," \ + "0:\"dds.sec.auth.library.finalize\":\""fin_auth"\"," \ + "0:\"dds.sec.crypto.library.path\":\""WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"\"," \ + "0:\"dds.sec.crypto.library.init\":\""init_crypto"\"," \ + "0:\"dds.sec.crypto.library.finalize\":\""fin_crypto"\"," \ + "0:\"dds.sec.access.library.path\":\""WRAPPERLIB_PATH("dds_security_access_control_wrapper")"\"," \ + "0:\"dds.sec.access.library.init\":\""init_ac"\"," \ + "0:\"dds.sec.access.library.finalize\":\""fin_ac"\"," \ + "0:\"dds.sec.auth.identity_ca\":\"" TEST_IDENTITY_CA_CERTIFICATE_DUMMY "\"," \ + "0:\"dds.sec.auth.private_key\":\"" TEST_IDENTITY_PRIVATE_KEY_DUMMY "\"," \ + "0:\"dds.sec.auth.identity_certificate\":\"" TEST_IDENTITY_CERTIFICATE_DUMMY "\"," \ + "0:\"dds.sec.access.permissions_ca\":\""perm_ca"\"," \ + "0:\"dds.sec.access.governance\":\""gov"\"," \ + "0:\"dds.sec.access.permissions\":\""perm"\"" \ + post_str "}:{" binprops "}" +#define PARTICIPANT_QOS(init_auth, fin_auth, init_crypto, fin_crypto, init_ac, fin_ac, perm_ca, gov, perm, pre_str, post_str, binprops) \ + "PARTICIPANT * QOS={*" PROPLIST (init_auth, fin_auth, init_crypto, fin_crypto, init_ac, fin_ac, perm_ca, gov, perm, pre_str, post_str, binprops) "*" +#define PARTICIPANT_QOS_ALL_OK(pre_str, post_str, binprops) \ + PARTICIPANT_QOS ("init_test_authentication_all_ok", "finalize_test_authentication_all_ok", \ + "init_test_cryptography_all_ok", "finalize_test_cryptography_all_ok", \ + "init_test_access_control_all_ok", "finalize_test_access_control_all_ok", \ + "file:Permissions_CA.pem", "file:Governance.p7s", "file:Permissions.p7s", \ + pre_str, post_str, binprops) + +/* + * The 'found' variable will contain flags related to the expected log + * messages that were received. + * Using flags will allow to show that when message isn't received, + * which one it was. + */ +static uint32_t found; + +static void logger(void *ptr, const dds_log_data_t *data) +{ + char **expected = (char**)ptr; + fputs (data->message, stdout); + for (uint32_t i = 0; expected[i] != NULL; i++) { + if (ddsi2_patmatch(expected[i], data->message)) { + found |= (uint32_t)(1 << i); + } + } +} + +static void set_logger_exp(const void * log_expected) +{ + found = 0; + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); +} + +static void reset_logger() +{ + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); +} + +/* Expected traces when creating domain with an empty security element. We need to + test this one here to be sure that it refuses to start when security is configured + but the implementation doesn't include support for it. */ +CU_Test(ddssec_config, empty, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain; + const char *log_expected[] = { + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + NULL + }; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, ""); + CU_ASSERT_EQUAL_FATAL(domain, DDS_RETCODE_ERROR); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x7); +} + +/* Create domain without security element, there shouldn't + be traces that mention security. */ +CU_Test(ddssec_config, non, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain; + const char *log_expected[] = { + "*Security*", + NULL + }; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + dds_delete(domain); + reset_logger(); + + /* No security traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x0); +} + +/* Expected traces when creating domain with the security elements. */ +CU_Test(ddssec_config, missing, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain; + const char *log_expected[] = { + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + NULL + }; + + /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ + const char *sec_config = + "" + " finest" + " " + " " + " " + " " + " " + " testtext_Password_testtext" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_EQUAL_FATAL(domain, DDS_RETCODE_ERROR); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x7); +} + +/* Expected traces when creating domain with the security elements. */ +CU_Test(ddssec_config, all, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_IDENTITY_PRIVATE_KEY_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_test_cryptography_all_ok*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_test_cryptography_all_ok*", + /* The config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + " " + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + printf("found: %x\n", found); + CU_ASSERT_FATAL(found == 0x1fffff); +} + +/* Expected traces when creating participant with the security elements. */ +CU_Test(ddssec_config, security, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_IDENTITY_PRIVATE_KEY_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/Password/#text: {}*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_test_cryptography_all_ok*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_test_cryptography_all_ok*", + /* The config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"\",0:\"dds.sec.auth.trusted_ca_dir\":\"\"", ""), + NULL + }; + + const char *sec_config = + "" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + " finest" + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1fffff); +} + +/* Expected traces when creating domain with the security elements. */ +CU_Test(ddssec_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "config: Domain/DDSSecurity/Authentication/Library/#text: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "WRAPPERLIB_PATH("dds_security_authentication_wrapper")"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_test_authentication_all_ok*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_IDENTITY_PRIVATE_KEY_DUMMY"*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "WRAPPERLIB_PATH("dds_security_access_control_wrapper")"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_test_access_control_all_ok*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "WRAPPERLIB_PATH("dds_security_cryptography_wrapper")"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_test_cryptography_all_ok*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_test_cryptography_all_ok*", + /* The config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + " " + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + " finest" + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1fffff); +} + +/* Expected traces when creating participant with the security elements. */ +CU_Test(ddssec_config, qos, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t * qos; + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"file:/test/dir\"", ""), + NULL + }; + + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.library.path", ""WRAPPERLIB_PATH("dds_security_authentication_wrapper")""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_test_authentication_all_ok"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_test_authentication_all_ok"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""WRAPPERLIB_PATH("dds_security_cryptography_wrapper")""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_test_cryptography_all_ok"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_test_cryptography_all_ok"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""WRAPPERLIB_PATH("dds_security_access_control_wrapper")""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_test_access_control_all_ok"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_test_access_control_all_ok"); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", ""TEST_IDENTITY_CA_CERTIFICATE_DUMMY""); + dds_qset_prop(qos, "dds.sec.auth.private_key", ""TEST_IDENTITY_PRIVATE_KEY_DUMMY""); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", ""TEST_IDENTITY_CERTIFICATE_DUMMY""); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +/* Expected traces when creating participant with the security elements. */ +CU_Test(ddssec_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t * qos; + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"file:/test/dir\",0:\"test.prop1\":\"testtext_value1_testtext\",0:\"test.prop2\":\"testtext_value2_testtext\"", + "0:\"test.bprop1\":3<1,2,3>"), + NULL + }; + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.library.path", ""WRAPPERLIB_PATH("dds_security_authentication_wrapper")""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_test_authentication_all_ok"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_test_authentication_all_ok"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""WRAPPERLIB_PATH("dds_security_cryptography_wrapper")""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_test_cryptography_all_ok"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_test_cryptography_all_ok"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""WRAPPERLIB_PATH("dds_security_access_control_wrapper")""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_test_access_control_all_ok"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_test_access_control_all_ok"); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_IDENTITY_CA_CERTIFICATE_DUMMY); + dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_IDENTITY_PRIVATE_KEY_DUMMY); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_DUMMY); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +/* Expect qos settings used when creating participant with config security elements and qos. */ +CU_Test(ddssec_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t * qos; + const char *log_expected[] = { + /* The security settings from qos properties should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + PARTICIPANT_QOS ("init_test_authentication_all_ok", "finalize_test_authentication_all_ok", \ + "init_test_cryptography_all_ok", "finalize_test_cryptography_all_ok", \ + "init_test_access_control_all_ok", "finalize_test_access_control_all_ok", \ + "file:QOS_Permissions_CA.pem", "file:QOS_Governance.p7s", "file:QOS_Permissions.p7s", \ + "", "", ""), + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_authentication_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_cryptography_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_access_control_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_test_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_test_access_control_all_ok"); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_IDENTITY_CA_CERTIFICATE_DUMMY); + dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_IDENTITY_PRIVATE_KEY_DUMMY); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_DUMMY); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s"); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_FATAL (participant > 0); + dds_delete(participant); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x3); +} + +/* Expect config used when creating participant with config security elements and + qos containing only non-security properties. */ +CU_Test(ddssec_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t * qos; + const char *log_expected[] = { + /* The security settings from config should have been parsed into the participant QoS. */ + PARTICIPANT_QOS_ALL_OK ("0:\"test.dds.sec.prop1\":\"testtext_value1_testtext\",", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext"); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_FATAL (participant > 0); + dds_delete(participant); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x1); +} + +/* Expected traces when creating participant with the security elements. */ +CU_Test(ddssec_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t * qos; + const char *log_expected[] = { + /* The config should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + "new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.governance missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*", + NULL + }; + + const char *sec_config = + "finest" + "" + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + ""; + + set_logger_exp(log_expected); + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext"); + + /* Create participant with security config in qos. */ + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + /* All traces should have been provided. */ + CU_ASSERT_FATAL(found == 0xffff); +} diff --git a/src/security/core/tests/dds_security_core.c b/src/security/core/tests/dds_security_core.c index ac494c2..aef1e4f 100644 --- a/src/security/core/tests/dds_security_core.c +++ b/src/security/core/tests/dds_security_core.c @@ -291,7 +291,7 @@ CU_Test(dds_security_timed_cb, test_create_dispatcher) /************************************************************************* * Check if adding callbacks succeeds *************************************************************************/ - + /* The last argument is a sequence number in which * the callbacks are expected to be called. */ /* We can only really check if it crashes or not... */ @@ -299,7 +299,7 @@ CU_Test(dds_security_timed_cb, test_create_dispatcher) dds_security_timed_dispatcher_add(tcb, d2, tc__callback, past, (void*)0); dds_security_timed_dispatcher_add(tcb, d2, tc__callback, present, (void*)2); dds_security_timed_dispatcher_add(tcb, d1, tc__callback, future, (void*)7); - + CU_PASS("Added callbacks") /************************************************************************* @@ -308,7 +308,7 @@ CU_Test(dds_security_timed_cb, test_create_dispatcher) d3 = dds_security_timed_dispatcher_new(tcb); d4 = dds_security_timed_dispatcher_new(tcb); d5 = dds_security_timed_dispatcher_new(tcb); - + CU_ASSERT_PTR_NOT_NULL_FATAL(d3); CU_ASSERT_PTR_NOT_NULL_FATAL(d4); CU_ASSERT_PTR_NOT_NULL_FATAL(d5); @@ -351,7 +351,7 @@ CU_Test(dds_security_timed_cb, test_create_dispatcher) /************************************************************************* * Check if timeout callbacks are triggered in the right sequence *************************************************************************/ - + int idx; int timeout = 200; /* 2 seconds */ diff --git a/src/security/core/tests/handshake.c b/src/security/core/tests/handshake.c new file mode 100644 index 0000000..6de2876 --- /dev/null +++ b/src/security/core/tests/handshake.c @@ -0,0 +1,99 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" + +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsi/q_config.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/ddsi/q_misc.h" +#include "dds/ddsi/ddsi_xqos.h" + +#include "dds/security/dds_security_api.h" + +#include "common/config_env.h" +#include "common/authentication_wrapper.h" +#include "common/plugin_wrapper_msg_q.h" +#include "common/handshake_test_utils.h" +#include "common/test_identity.h" + +static const char *config = + "${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}" + "0" + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE"" + " "TEST_IDENTITY_PRIVATE_KEY"" + " "TEST_IDENTITY_CA_CERTIFICATE"" + " testtext_Password_testtext" + " ." + " " + " " + " " + " file:" COMMON_ETC_PATH("default_governance.p7s") "" + " file:" COMMON_ETC_PATH("default_permissions_ca.pem") "" + " file:" COMMON_ETC_PATH("default_permissions.p7s") "" + " " + " " + " " + " " + " " + ""; + +#define DDS_DOMAINID_PART1 0 +#define DDS_DOMAINID_PART2 1 + +static dds_entity_t g_part1_domain = 0; +static dds_entity_t g_part1_participant = 0; + +static dds_entity_t g_part2_domain = 0; +static dds_entity_t g_part2_participant = 0; + +static void handshake_init(void) +{ + /* Domains for pub and sub use a different domain id, but the portgain setting + * in configuration is 0, so that both domains will map to the same port number. + * This allows to create two domains in a single test process. */ + char *conf_part1 = ddsrt_expand_envvars(config, DDS_DOMAINID_PART1); + char *conf_part2 = ddsrt_expand_envvars(config, DDS_DOMAINID_PART2); + g_part1_domain = dds_create_domain(DDS_DOMAINID_PART1, conf_part1); + g_part2_domain = dds_create_domain(DDS_DOMAINID_PART2, conf_part2); + dds_free(conf_part1); + dds_free(conf_part2); + + CU_ASSERT_FATAL((g_part1_participant = dds_create_participant(DDS_DOMAINID_PART1, NULL, NULL)) > 0); + CU_ASSERT_FATAL((g_part2_participant = dds_create_participant(DDS_DOMAINID_PART2, NULL, NULL)) > 0); +} + +static void handshake_fini(void) +{ + CU_ASSERT_EQUAL_FATAL(dds_delete(g_part1_participant), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL(dds_delete(g_part2_participant), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL(dds_delete(g_part1_domain), DDS_RETCODE_OK); + CU_ASSERT_EQUAL_FATAL(dds_delete(g_part2_domain), DDS_RETCODE_OK); +} + +CU_Test(ddssec_handshake, happy_day, .init = handshake_init, .fini = handshake_fini) +{ + validate_handshake(DDS_DOMAINID_PART1, false, NULL, false, NULL); + validate_handshake(DDS_DOMAINID_PART2, false, NULL, false, NULL); +} diff --git a/src/security/core/tests/plugin_loading.c b/src/security/core/tests/plugin_loading.c new file mode 100644 index 0000000..f6aa141 --- /dev/null +++ b/src/security/core/tests/plugin_loading.c @@ -0,0 +1,646 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include "CUnit/Test.h" +#include "dds/dds.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsi/q_misc.h" +#include "dds/security/dds_security_api_defs.h" +#include "common/config_env.h" +#include "common/test_identity.h" + +#define MAX_PARTICIPANTS_VARIABLE "MAX_PARTICIPANTS" + +static uint32_t found; + +static void logger(void *ptr, const dds_log_data_t *data) +{ + char **expected = (char **)ptr; + fputs(data->message, stdout); + for (uint32_t i = 0; expected[i] != NULL; i++) + { + if (ddsi2_patmatch(expected[i], data->message)) + { + found |= (uint32_t)(1 << i); + } + } +} + +static void set_logger_exp(const void *log_expected) +{ + found = 0; + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void *)log_expected); + dds_set_trace_sink(&logger, (void *)log_expected); +} + +static void reset_logger() +{ + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); +} + +CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "DDS Security plugins have been loaded*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x1); +} + +CU_Test(ddssec_security_plugin_loading, missing_finalize, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Could not find the function: finalize_test_authentication_NON_EXISTING_FUNC*", + "Could not load Authentication plugin*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, authentication_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Could not find the function for Authentication: get_shared_secret*", + "Could not load security*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, access_control_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Could not find the function for Access Control: check_create_datareader*", + "Could not load security*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, cryptography_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Could not find the function for Cryptographic: set_remote_participant_crypto_tokens*", + "Could not load security*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Could not load Authentication library: " WRAPPERLIB_PATH("dds_security_authentication_wrapper_INVALID") ": cannot open shared object file: No such file or directory*", + "Could not load Authentication library: dlopen(" WRAPPERLIB_PATH("dds_security_authentication_wrapper_INVALID") "*", + "Could not load Authentication library: The specified module could not be found.*", + "Could not load Authentication plugin*", + "Could not load security*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x19 || found == 0x1a || found == 0x1c); +} + +CU_Test(ddssec_security_plugin_loading, init_error, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + const char *log_expected[] = { + "Error occured while initializing Authentication plugin*", + "Could not load Authentication plugin*", + "Could not load security*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + domain = dds_create_domain(0, sec_config); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, NULL, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x7); +} + +CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t *qos; + const char *log_expected[] = { + "DDS Security plugins have been loaded*", + NULL}; + + unsigned char bvalue[3] = {0x01, 0x02, 0x03}; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_authentication_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_cryptography_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_access_control_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_test_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_test_access_control_all_ok"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_delete(domain); + dds_delete_qos(qos); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x1); +} + +CU_Test(ddssec_security_plugin_loading, missing_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t *qos; + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.auth.library.init missing in Property QoS*", + NULL}; + + unsigned char bvalue[3] = {0x01, 0x02, 0x03}; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + // missing: dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(0, qos, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, empty_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t *qos; + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.auth.library.finalize missing in Property QoS*", + NULL}; + + unsigned char bvalue[3] = {0x01, 0x02, 0x03}; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, ""); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, missing_security_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain, participant; + dds_qos_t *qos; + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.access.permissions missing in Property QoS*", + NULL}; + + unsigned char bvalue[3] = {0x01, 0x02, 0x03}; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + /* we ignore permissions for testing + //dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); */ + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + set_logger_exp(log_expected); + domain = dds_create_domain(0, "finest"); + CU_ASSERT_FATAL(domain > 0); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); + dds_delete_qos(qos); + dds_delete(domain); + reset_logger(); + + CU_ASSERT_FATAL(found == 0x3); +} + +CU_Test(ddssec_security_plugin_loading, multiple_domains_different_config, .init = ddsrt_init, .fini = ddsrt_fini) +{ + dds_entity_t domain1, domain2, participant1, participant2, participant3; + dds_qos_t *qos; + const char *log_expected[] = { + "*using security settings from configuration*", + "*using security settings from QoS*", + "DDS Security plugins have been loaded*", + "*security is already loaded for this domain*", + NULL}; + + const char *sec_config = + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + "" + "" + " finest" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_CA_CERTIFICATE_DUMMY"" + " "TEST_IDENTITY_PRIVATE_KEY_DUMMY"" + " testtext_Password_testtext" + " testtext_Dir_testtext" + " " + " " + " " + " " + " " + " " + " file:Governance.p7s" + " file:Permissions_CA.pem" + " file:Permissions.p7s" + " " + " " + ""; + + set_logger_exp(log_expected); + + domain1 = dds_create_domain(1, sec_config); + CU_ASSERT_FATAL(domain1 > 0); + domain2 = dds_create_domain(2, sec_config); + CU_ASSERT_FATAL(domain2 > 0); + + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_authentication_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_test_authentication_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_cryptography_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_test_cryptography_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, WRAPPERLIB_PATH("dds_security_access_control_wrapper")); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_test_access_control_all_ok"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_test_access_control_all_ok"); + + participant1 = dds_create_participant(1, NULL, NULL); + participant2 = dds_create_participant(2, NULL, NULL); + participant3 = dds_create_participant(2, qos, NULL); + CU_ASSERT_FATAL(participant1 > 0); + CU_ASSERT_FATAL(participant2 > 0); + CU_ASSERT_FATAL(participant3 > 0); + dds_delete_qos(qos); + dds_delete(domain1); + dds_delete(domain2); + reset_logger(); + + CU_ASSERT_FATAL(found == 0xf); +} diff --git a/src/security/core/tests/plugin_loading/CMakeLists.txt b/src/security/core/tests/plugin_loading/CMakeLists.txt deleted file mode 100644 index 0eda38b..0000000 --- a/src/security/core/tests/plugin_loading/CMakeLists.txt +++ /dev/null @@ -1,85 +0,0 @@ - # -# Copyright(c) 2006 to 2019 ADLINK Technology Limited and others -# -# This program and the accompanying materials are made available under the -# terms of the Eclipse Public License v. 2.0 which is available at -# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License -# v. 1.0 which is available at -# http://www.eclipse.org/org/documents/edl-v10.php. -# -# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause -# -include(GenerateExportHeader) -include(CUnit) - -set(security_plugin_loading_test_sources - "security_config.c" - "plugin_loading.c") - -add_cunit_executable(cunit_security_plugin_loading ${security_plugin_loading_test_sources}) -target_include_directories( - cunit_security_plugin_loading PRIVATE - "$" - "$>" - "$>" - "$" - "$" - "$") - -target_link_libraries(cunit_security_plugin_loading PRIVATE ddsc security_api) -target_include_directories(cunit_security_plugin_loading PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") - -set(CUnit_plugin_mock_dir ".") - -# Let the cunit application know the location and name of the library. -configure_file("config_env.h.in" "config_env.h") - -function(add_mock libname casename) - PREPEND(srcs_mock_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" - "mock_${libname}.c") - add_library("dds_security_${casename}" SHARED "") - - generate_export_header( - "dds_security_${casename}" - BASE_NAME SECURITY - EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h") - - set_target_properties( - "dds_security_${casename}" - PROPERTIES - RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} - RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} - LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR}) - - #find_package(OpenSSL ) - #target_link_libraries("dds_security_${casename}" PUBLIC OpenSSL::SSL) - target_link_libraries("dds_security_${casename}" PUBLIC ddsc) - - target_sources("dds_security_${casename}" - PRIVATE - ${srcs_mock_authentication_all_ok}) - target_include_directories("dds_security_${casename}" - PUBLIC - "$>" - "$>" - "$>" - "$") -endfunction() - -#PLUGIN MOCKS -add_mock(authentication authentication_all_ok) -add_mock(authentication authentication_all_ok_other) -add_mock(authentication authentication_missing_function) -add_mock(authentication authentication_finalize_error) -add_mock(access_control access_control_all_ok) -add_mock(access_control access_control_missing_function) -add_mock(cryptography cryptography_all_ok) -add_mock(cryptography cryptography_missing_function) -add_mock(authentication authentication_init_error) diff --git a/src/security/core/tests/plugin_loading/config_env.h.in b/src/security/core/tests/plugin_loading/config_env.h.in deleted file mode 100644 index 6d05734..0000000 --- a/src/security/core/tests/plugin_loading/config_env.h.in +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#ifndef CONFIG_ENV_H -#define CONFIG_ENV_H - -#define CONFIG_ENV_PLUGIN_MOCK_DIR "@CUnit_plugin_mock_dir@" -#define TEST_LIB_DIR "@test_lib_dir@" -#define TEST_LIB_SEP "@test_lib_sep@" -#define TEST_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" -#define TEST_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" -#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@" -#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" -#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" -#define CONFIG_LIB_SEP "@test_lib_sep@" - -#endif /* CONFIG_ENV_H */ diff --git a/src/security/core/tests/plugin_loading/plugin_loading.c b/src/security/core/tests/plugin_loading/plugin_loading.c deleted file mode 100644 index 09c6c0b..0000000 --- a/src/security/core/tests/plugin_loading/plugin_loading.c +++ /dev/null @@ -1,911 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#include -#include - -#include "dds/dds.h" -#include "CUnit/Test.h" -#include "config_env.h" - -#include "dds/version.h" -#include "dds/ddsrt/cdtors.h" -#include "dds/ddsrt/environ.h" -#include "dds/ddsrt/heap.h" -#include "plugin_mock_common.h" -//#include "dds/ddsi/ddsi_security_omg.h" - -#define FORCE_ENV - -#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" -#define MAX_PARTICIPANTS_VARIABLE "MAX_PARTICIPANTS" -static bool print_log=true; - -static int patmatch (const char *pat, const char *str) -{ - while (*pat) - { - if (*pat == '?') - { - /* any character will do */ - if (*str++ == 0) - { - return 0; - } - pat++; - } - else if (*pat == '*') - { - /* collapse a sequence of wildcards, requiring as many - characters in str as there are ?s in the sequence */ - while (*pat == '*' || *pat == '?') - { - if (*pat == '?' && *str++ == 0) - { - return 0; - } - pat++; - } - /* try matching on all positions where str matches pat */ - while (*str) - { - if (*str == *pat && patmatch (pat+1, str+1)) - { - return 1; - } - str++; - } - return *pat == 0; - } - else - { - /* only an exact match */ - if (*str++ != *pat++) - { - return 0; - } - } - } - return *str == 0; -} - - -/* - * The 'found' variable will contain flags related to the expected log - * messages that were received. - * Using flags will allow to show that when message isn't received, - * which one it was. - */ -static uint32_t found; -static void logger(void *ptr, const dds_log_data_t *data) { - char **expected = (char **) ptr; - if (print_log) { - fputs(data->message, stdout); - } - for (uint32_t i = 0; expected[i] != NULL; i++) { - if (patmatch(expected[i], data->message)) { - found |= (uint32_t)(1 << i); - } - } -} - - -CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "DDS Security plugins have been loaded*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - ""TEST_IDENTITY_CERTIFICATE_ALL_OK"" - ""TEST_CA_CERTIFICATE_ALL_OK"" - ""TEST_PRIVATE_KEY_ALL_OK"" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - dds_set_log_sink(NULL,NULL); - dds_set_trace_sink(NULL,NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(found == 0x1); - - - dds_delete(participant); - -} - -CU_Test(ddssec_security_plugin_loading, missing_finalize, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Could not find the function: finalize_authentication*", - "Could not load Authentication plugin*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - dds_set_log_sink( NULL, NULL ); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - -} - - -CU_Test(ddssec_security_plugin_loading, authentication_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Could not find the function for Authentication: get_shared_secret*", - "Could not load security*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - print_log = true; - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - - -} - - -CU_Test(ddssec_security_plugin_loading, access_control_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Could not find the function for Access Control: check_create_datareader*", - "Could not load security*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - - - -} - - -CU_Test(ddssec_security_plugin_loading, cryptography_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Could not find the function for Cryptographic: set_remote_participant_crypto_tokens*", - "Could not load security*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - - - -} - - -CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Could not load Authentication library: no_library_in_path: cannot open shared object file: No such file or directory*", - "Could not load Authentication library: *not*found*", - "Could not load Authentication plugin*", - "Could not load security*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - - CU_ASSERT_FATAL(found == 0xd || found == 0xe); - - dds_delete(participant); - -} - - -CU_Test(ddssec_security_plugin_loading, init_error, .init = ddsrt_init, .fini = ddsrt_fini) { - - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "Error occured while initializing Authentication plugin*", - "Could not load Authentication plugin*", - "Could not load security*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x7); - - - dds_delete(participant); - -} -CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "DDS Security plugins have been loaded*", - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_INFO); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); - - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - dds_delete(participant); - dds_delete_qos(qos); - CU_ASSERT_FATAL(found == 0x1); -} - - - -CU_Test(ddssec_security_plugin_loading, missing_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "*using security settings from QoS*", - "*required security property dds.sec.auth.library.init missing in Property QoS*", - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); - - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - dds_delete_qos(qos); -} - - - -CU_Test(ddssec_security_plugin_loading, empty_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "*using security settings from QoS*", - "*required security property dds.sec.auth.library.finalize missing in Property QoS*", - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, ""); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); - - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - dds_delete_qos(qos); -} - - -CU_Test(ddssec_security_plugin_loading, missing_security_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "*using security settings from QoS*", - "*required security property dds.sec.access.permissions missing in Property QoS*", - NULL - }; - - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); - /* we ignore permissions for testing - //dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); */ - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); - - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); -#else - dds_delete(participant); -#endif - CU_ASSERT_FATAL(found == 0x3); - dds_delete_qos(qos); -} - - - - -CU_Test(ddssec_security_plugin_loading, multiple_domains_different_config, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "*using security settings from configuration*", - "*using security settings from QoS*", - "DDS Security plugins have been loaded*", - "*security is already loaded for this domain*", - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; - - - dds_entity_t participant1, participant2, participant3; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); - - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok_other"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); - dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); - - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - print_log = true; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant1 = dds_create_participant(1, NULL, NULL); - participant2 = dds_create_participant(2, qos, NULL); - participant3 = dds_create_participant(2, NULL, NULL); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); -#ifdef PR304_MERGED - /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR - CU_ASSERT_FATAL( participant1 == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ - CU_ASSERT_FATAL( participant1 == DDS_RETCODE_ERROR ); -#else - dds_delete(participant1); - dds_delete(participant2); - dds_delete(participant3); -#endif - CU_ASSERT_FATAL(found == 0xf); - dds_delete_qos(qos); -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c deleted file mode 100644 index 322c465..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c +++ /dev/null @@ -1,597 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_access_control.h" -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_access_control_impl { - dds_security_access_control base; - int member; -} dds_security_access_control_impl; - -/** - * Function implementations - */ - -DDS_Security_PermissionsHandle validate_local_permissions( - dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle identity, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(identity); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 1; -} - -DDS_Security_PermissionsHandle validate_remote_permissions( - dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityHandle remote_identity_handle, - const DDS_Security_PermissionsToken *remote_permissions_token, - const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(remote_permissions_token); - DDSRT_UNUSED_ARG(remote_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean check_create_participant( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_datawriter( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *writer_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(writer_qos); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_datareader( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *reader_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(reader_qos); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_topic( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *qos, DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_register_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, const DDS_Security_DynamicData *key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(writer); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_dispose_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(writer); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_participant( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datareader( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_boolean *relay_only, DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - *relay_only = false; - - return true; -} - -DDS_Security_boolean check_remote_topic( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_TopicBuiltinTopicData *topic_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_match( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(writer_permissions_handle); - DDSRT_UNUSED_ARG(reader_permissions_handle); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datareader_match( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(reader_permissions_handle); - DDSRT_UNUSED_ARG(writer_permissions_handle); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter_register_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - const DDS_Security_InstanceHandle instance_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(reader); - DDSRT_UNUSED_ARG(publication_handle); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(instance_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter_dispose_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(reader); - DDSRT_UNUSED_ARG(publication_handle); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_permissions_token( dds_security_access_control *instance, - DDS_Security_PermissionsToken *permissions_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex) -{ - - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_permissions_credential_token( - dds_security_access_control *instance, - DDS_Security_PermissionsCredentialToken *permissions_credential_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_credential_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener( dds_security_access_control *instance, - const dds_security_access_control_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_token( dds_security_access_control *instance, - const DDS_Security_PermissionsToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_credential_token( - dds_security_access_control *instance, - const DDS_Security_PermissionsCredentialToken *permissions_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_participant_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_topic_sec_attributes( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_datawriter_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_datareader_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_participant_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_topic_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_datawriter_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_datareader_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_handle( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - - int32_t init_access_control( const char *argument, void **context) -{ - - dds_security_access_control *access_control; - - DDSRT_UNUSED_ARG(argument); - - //allocate new instance - access_control = ddsrt_malloc(sizeof(dds_security_access_control)); - memset(access_control, 0, sizeof(dds_security_access_control)); - - //assign the interface functions - access_control->validate_local_permissions = &validate_local_permissions; - - access_control->validate_remote_permissions = &validate_remote_permissions; - - access_control->check_create_participant = &check_create_participant; - - access_control->check_create_datawriter = &check_create_datawriter; - - access_control->check_create_datareader = &check_create_datareader; - - access_control->check_create_topic = &check_create_topic; - - access_control->check_local_datawriter_register_instance = - &check_local_datawriter_register_instance; - - access_control->check_local_datawriter_dispose_instance = - &check_local_datawriter_dispose_instance; - - access_control->check_remote_participant = &check_remote_participant; - - access_control->check_remote_datawriter = &check_remote_datawriter; - - access_control->check_remote_datareader = &check_remote_datareader; - - access_control->check_remote_topic = &check_remote_topic; - - access_control->check_local_datawriter_match = &check_local_datawriter_match; - - access_control->check_local_datareader_match = &check_local_datareader_match; - - access_control->check_remote_datawriter_register_instance = - &check_remote_datawriter_register_instance; - - access_control->check_remote_datawriter_dispose_instance = - &check_remote_datawriter_dispose_instance; - - access_control->get_permissions_token = &get_permissions_token; - - access_control->get_permissions_credential_token = - &get_permissions_credential_token; - - access_control->set_listener = &set_listener; - - access_control->return_permissions_token = &return_permissions_token; - - access_control->return_permissions_credential_token = - &return_permissions_credential_token; - - access_control->get_participant_sec_attributes = - &get_participant_sec_attributes; - - access_control->get_topic_sec_attributes = &get_topic_sec_attributes; - - access_control->get_datawriter_sec_attributes = - &get_datawriter_sec_attributes; - - access_control->get_datareader_sec_attributes = - &get_datareader_sec_attributes; - - access_control->return_participant_sec_attributes = - &return_participant_sec_attributes; - - access_control->return_topic_sec_attributes = - &return_topic_sec_attributes; - - access_control->return_datawriter_sec_attributes = - &return_datawriter_sec_attributes; - - access_control->return_datareader_sec_attributes = - &return_datareader_sec_attributes; - - access_control->return_permissions_handle = - &return_permissions_handle; - - //return the instance - *context = access_control; - return 0; -} - - int32_t finalize_access_control( void *context) -{ - - DDSRT_UNUSED_ARG(context); - - ddsrt_free((dds_security_access_control*) context); - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h deleted file mode 100644 index 07eb595..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#ifndef SECURITY_ACCESS_CONTROL_ALLOK_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/access_control_all_ok_export.h" -#include "dds/security/dds_security_api.h" - -SECURITY_EXPORT int32_t -init_access_control(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_access_control(void *context); - - -/** - * AccessControl Interface - */ - -DDS_Security_PermissionsHandle -validate_local_permissions - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle identity, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_PermissionsHandle -validate_remote_permissions - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityHandle remote_identity_handle, - const DDS_Security_PermissionsToken *remote_permissions_token, - const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_participant - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_datawriter - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *writer_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_datareader - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *reader_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_create_topic - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *topic_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_local_datawriter_register_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData *key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_local_datawriter_dispose_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_participant - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datareader - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_boolean *relay_only, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_topic - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_TopicBuiltinTopicData *topic_data, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_local_datawriter_match - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_local_datareader_match - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter_register_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - const DDS_Security_InstanceHandle instance_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter_dispose_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_permissions_token - ( dds_security_access_control *instance, - DDS_Security_PermissionsToken *permissions_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_permissions_credential_token - ( dds_security_access_control *instance, - DDS_Security_PermissionsCredentialToken *permissions_credential_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -set_listener - ( dds_security_access_control *instance, - const dds_security_access_control_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_token - ( dds_security_access_control *instance, - const DDS_Security_PermissionsToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_credential_token - ( dds_security_access_control *instance, - const DDS_Security_PermissionsCredentialToken *permissions_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_participant_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_topic_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_datawriter_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_datareader_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -return_participant_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_topic_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_datawriter_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -return_datareader_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_handle - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c deleted file mode 100644 index a28e7e7..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c +++ /dev/null @@ -1,600 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_access_control.h" -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_access_control_impl { - dds_security_access_control base; - int member; -} dds_security_access_control_impl; - -/** - * Function implementations - */ - -DDS_Security_PermissionsHandle validate_local_permissions( - dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle identity, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(identity); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 1; -} - -DDS_Security_PermissionsHandle validate_remote_permissions( - dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityHandle remote_identity_handle, - const DDS_Security_PermissionsToken *remote_permissions_token, - const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(auth_plugin); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(remote_permissions_token); - DDSRT_UNUSED_ARG(remote_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean check_create_participant( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_datawriter( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *writer_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(writer_qos); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_datareader( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *reader_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(reader_qos); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_create_topic( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, const char *topic_name, - const DDS_Security_Qos *qos, DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(qos); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_register_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, const DDS_Security_DynamicData *key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(writer); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_dispose_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(writer); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_participant( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datareader( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_boolean *relay_only, DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - *relay_only = false; - - return true; -} - -DDS_Security_boolean check_remote_topic( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_TopicBuiltinTopicData *topic_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(topic_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datawriter_match( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(writer_permissions_handle); - DDSRT_UNUSED_ARG(reader_permissions_handle); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_local_datareader_match( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(reader_permissions_handle); - DDSRT_UNUSED_ARG(writer_permissions_handle); - DDSRT_UNUSED_ARG(subscription_data); - DDSRT_UNUSED_ARG(publication_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter_register_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - const DDS_Security_InstanceHandle instance_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(reader); - DDSRT_UNUSED_ARG(publication_handle); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(instance_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean check_remote_datawriter_dispose_instance( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(reader); - DDSRT_UNUSED_ARG(publication_handle); - DDSRT_UNUSED_ARG(key); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_permissions_token( dds_security_access_control *instance, - DDS_Security_PermissionsToken *permissions_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex) -{ - - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_permissions_credential_token( - dds_security_access_control *instance, - DDS_Security_PermissionsCredentialToken *permissions_credential_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_credential_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener( dds_security_access_control *instance, - const dds_security_access_control_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_token( dds_security_access_control *instance, - const DDS_Security_PermissionsToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_credential_token( - dds_security_access_control *instance, - const DDS_Security_PermissionsCredentialToken *permissions_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_participant_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_topic_sec_attributes( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_datawriter_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean get_datareader_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(topic_name); - DDSRT_UNUSED_ARG(partition); - DDSRT_UNUSED_ARG(data_tag); - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_participant_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_topic_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_datawriter_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_datareader_sec_attributes( - dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(attributes); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_permissions_handle( - dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(permissions_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_access_control( const char *argument, void **context) -{ - - dds_security_access_control *access_control; - - DDSRT_UNUSED_ARG(argument); - - //allocate new instance - access_control = ddsrt_malloc(sizeof(dds_security_access_control)); - memset(access_control, 0, sizeof(dds_security_access_control)); - - //assign the interface functions - access_control->validate_local_permissions = &validate_local_permissions; - - access_control->validate_remote_permissions = &validate_remote_permissions; - - access_control->check_create_participant = &check_create_participant; - - access_control->check_create_datawriter = &check_create_datawriter; - - /* removed the function assignment - access_control->check_create_datareader = &check_create_datareader; - - */ - - access_control->check_create_topic = &check_create_topic; - - access_control->check_local_datawriter_register_instance = - &check_local_datawriter_register_instance; - - access_control->check_local_datawriter_dispose_instance = - &check_local_datawriter_dispose_instance; - - access_control->check_remote_participant = &check_remote_participant; - - access_control->check_remote_datawriter = &check_remote_datawriter; - - access_control->check_remote_datareader = &check_remote_datareader; - - access_control->check_remote_topic = &check_remote_topic; - - access_control->check_local_datawriter_match = &check_local_datawriter_match; - - access_control->check_local_datareader_match = &check_local_datareader_match; - - access_control->check_remote_datawriter_register_instance = - &check_remote_datawriter_register_instance; - - access_control->check_remote_datawriter_dispose_instance = - &check_remote_datawriter_dispose_instance; - - access_control->get_permissions_token = &get_permissions_token; - - access_control->get_permissions_credential_token = - &get_permissions_credential_token; - - access_control->set_listener = &set_listener; - - access_control->return_permissions_token = &return_permissions_token; - - access_control->return_permissions_credential_token = - &return_permissions_credential_token; - - access_control->get_participant_sec_attributes = - &get_participant_sec_attributes; - - access_control->get_topic_sec_attributes = &get_topic_sec_attributes; - - access_control->get_datawriter_sec_attributes = - &get_datawriter_sec_attributes; - - access_control->get_datareader_sec_attributes = - &get_datareader_sec_attributes; - - access_control->return_participant_sec_attributes = - &return_participant_sec_attributes; - - access_control->return_topic_sec_attributes = - &return_topic_sec_attributes; - - access_control->return_datawriter_sec_attributes = - &return_datawriter_sec_attributes; - - access_control->return_datareader_sec_attributes = - &return_datareader_sec_attributes; - - access_control->return_permissions_handle = - &return_permissions_handle; - - //return the instance - *context = access_control; - return 0; -} - - int32_t finalize_access_control( void *context) -{ - - DDSRT_UNUSED_ARG(context); - - ddsrt_free((dds_security_access_control*) context); - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h deleted file mode 100644 index 89d87c0..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#ifndef SECURITY_ACCESS_CONTROL_ALLOK_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/access_control_missing_function_export.h" -#include "dds/security/dds_security_api.h" - -SECURITY_EXPORT int32_t -init_access_control(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_access_control(void *context); - - -/** - * AccessControl Interface - */ - -DDS_Security_PermissionsHandle -validate_local_permissions - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle identity, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_PermissionsHandle -validate_remote_permissions - ( dds_security_access_control *instance, - const dds_security_authentication *auth_plugin, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityHandle remote_identity_handle, - const DDS_Security_PermissionsToken *remote_permissions_token, - const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_participant - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_datawriter - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *writer_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_create_datareader - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *reader_qos, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTags *data_tag, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_create_topic - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_char *topic_name, - const DDS_Security_Qos *topic_qos, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_local_datawriter_register_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData *key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_local_datawriter_dispose_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *writer, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_participant - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datareader - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_boolean *relay_only, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_topic - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_DomainId domain_id, - const DDS_Security_TopicBuiltinTopicData *topic_data, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_local_datawriter_match - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -check_local_datareader_match - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle reader_permissions_handle, - const DDS_Security_PermissionsHandle writer_permissions_handle, - const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, - const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter_register_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - const DDS_Security_InstanceHandle instance_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -check_remote_datawriter_dispose_instance - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_Entity *reader, - const DDS_Security_InstanceHandle publication_handle, - const DDS_Security_DynamicData key, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_permissions_token - ( dds_security_access_control *instance, - DDS_Security_PermissionsToken *permissions_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_permissions_credential_token - ( dds_security_access_control *instance, - DDS_Security_PermissionsCredentialToken *permissions_credential_token, - const DDS_Security_PermissionsHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -set_listener - ( dds_security_access_control *instance, - const dds_security_access_control_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_token - ( dds_security_access_control *instance, - const DDS_Security_PermissionsToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_credential_token - ( dds_security_access_control *instance, - const DDS_Security_PermissionsCredentialToken *permissions_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_participant_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_topic_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_datawriter_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -get_datareader_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - const DDS_Security_char *topic_name, - const DDS_Security_PartitionQosPolicy *partition, - const DDS_Security_DataTagQosPolicy *data_tag, - DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -return_participant_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_ParticipantSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_topic_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_TopicSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_datawriter_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean -return_datareader_sec_attributes - ( dds_security_access_control *instance, - const DDS_Security_EndpointSecurityAttributes *attributes, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_permissions_handle - ( dds_security_access_control *instance, - const DDS_Security_PermissionsHandle permissions_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c deleted file mode 100644 index 03f9666..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_authentication.h" -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_authentication_impl { - dds_security_authentication base; - int id; //sample internal member -} dds_security_authentication_impl; - - -static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_ALL_OK; -static const char *test_ca_certificate = TEST_CA_CERTIFICATE_ALL_OK; -static const char *test_private_key = TEST_PRIVATE_KEY_ALL_OK; - -DDS_Security_ValidationResult_t validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex) -{ - - unsigned i; - DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; - dds_security_authentication_impl *implementation = - (dds_security_authentication_impl *) instance; - char *identity_ca = NULL; - char *identity_certificate = NULL; - char *private_key = NULL; - - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(adjusted_participant_guid); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(candidate_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - implementation->id = 2; - - memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); - - for( i=0; i< participant_qos->property.value._length; i++) - { - - //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); - printf("%s\n",participant_qos->property.value._buffer[i].name); - if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) - { - private_key = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) - { - identity_ca = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) - { - identity_certificate = participant_qos->property.value._buffer[i].value; - } - } - - if( strcmp(identity_certificate, test_identity_certificate) != 0){ - printf("identity received=%s\n", identity_certificate); - printf("identity expected=%s\n", test_identity_certificate); - result = DDS_SECURITY_VALIDATION_FAILED; - printf("FAILED: Could not get identity_certificate value properly\n"); - } - else if( strcmp(identity_ca, test_ca_certificate) != 0){ - printf("ca received=%s\n", identity_ca); - printf("ca expected=%s\n", test_ca_certificate); - printf("FAILED: Could not get identity_ca value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - }else if( strcmp(private_key, test_private_key) != 0){ - printf("FAILED: Could not get private_key value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - } - - if( result == DDS_SECURITY_VALIDATION_OK ) - { - printf("DDS_SECURITY_VALIDATION_OK\n"); - } - - - return result; -} - -DDS_Security_boolean get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - memset(identity_token, 0, sizeof(*identity_token)); - - return true; -} - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_status_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(permissions_credential); - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_ValidationResult_t validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(local_auth_request_token); - DDSRT_UNUSED_ARG(remote_auth_request_token); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_token); - DDSRT_UNUSED_ARG(remote_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(sharedsecret_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_authentication( const char *argument, void **context) -{ - - dds_security_authentication_impl *authentication; - - DDSRT_UNUSED_ARG(argument); - - //allocate implementation wrapper - authentication = (dds_security_authentication_impl*) ddsrt_malloc( - sizeof(dds_security_authentication_impl)); - memset(authentication, 0, sizeof(dds_security_authentication_impl)); - - //assign the interface functions - authentication->base.validate_local_identity = &validate_local_identity; - - authentication->base.get_identity_token = &get_identity_token; - - authentication->base.get_identity_status_token = &get_identity_status_token; - - authentication->base.set_permissions_credential_and_token = - &set_permissions_credential_and_token; - - authentication->base.validate_remote_identity = &validate_remote_identity; - - authentication->base.begin_handshake_request = &begin_handshake_request; - - authentication->base.begin_handshake_reply = &begin_handshake_reply; - - authentication->base.process_handshake = &process_handshake; - - authentication->base.get_shared_secret = &get_shared_secret; - - authentication->base.get_authenticated_peer_credential_token = - &get_authenticated_peer_credential_token; - - authentication->base.set_listener = &set_listener; - - authentication->base.return_identity_token = &return_identity_token; - - authentication->base.return_identity_status_token = - &return_identity_status_token; - - authentication->base.return_authenticated_peer_credential_token = - &return_authenticated_peer_credential_token; - - authentication->base.return_handshake_handle = &return_handshake_handle; - - authentication->base.return_identity_handle = &return_identity_handle; - - authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; - - //prepare implementation wrapper - authentication->id = 1; - - //return the instance - *context = authentication; - return 0; -} - -int32_t finalize_authentication(void *instance) -{ - - ddsrt_free((dds_security_authentication_impl*) instance); - - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h deleted file mode 100644 index bb4479f..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h +++ /dev/null @@ -1,137 +0,0 @@ -/* - * authentication.h - * - * Created on: Jan 15, 2018 - * Author: kurtulus oksuztepe - */ - -#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/authentication_all_ok_export.h" -#include "../../plugin_mock_common.h" - -SECURITY_EXPORT int32_t -init_authentication(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_authentication(void *context); - -DDS_Security_ValidationResult_t -validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - - DDS_Security_SecurityException *ex); -DDS_Security_boolean -get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -return_identity_handle( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c deleted file mode 100644 index ff367c5..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "dds/ddsrt/string.h" -#include "mock_authentication.h" -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_authentication_impl { - dds_security_authentication base; - int id; //sample internal member -} dds_security_authentication_impl; - -DDS_Security_ValidationResult_t validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex) -{ - - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(adjusted_participant_guid); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(candidate_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - ex->message = ddsrt_strdup("Certificate expired"); - ex->code = DDS_SECURITY_ERR_CERT_EXPIRED_CODE; - ex->minor_code = 0; - - return DDS_SECURITY_VALIDATION_FAILED; -} - -DDS_Security_boolean get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - memset(identity_token, 0, sizeof(*identity_token)); - - return true; -} - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_status_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(permissions_credential); - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_ValidationResult_t validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(local_auth_request_token); - DDSRT_UNUSED_ARG(remote_auth_request_token); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_token); - DDSRT_UNUSED_ARG(remote_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(sharedsecret_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_authentication( const char *argument, void **context) -{ - - dds_security_authentication_impl *authentication; - - DDSRT_UNUSED_ARG(argument); - - //allocate implementation wrapper - authentication = (dds_security_authentication_impl*) ddsrt_malloc( - sizeof(dds_security_authentication_impl)); - memset(authentication, 0, sizeof(dds_security_authentication_impl)); - - //assign the interface functions - authentication->base.validate_local_identity = &validate_local_identity; - - authentication->base.get_identity_token = &get_identity_token; - - authentication->base.get_identity_status_token = &get_identity_status_token; - - authentication->base.set_permissions_credential_and_token = - &set_permissions_credential_and_token; - - authentication->base.validate_remote_identity = &validate_remote_identity; - - authentication->base.begin_handshake_request = &begin_handshake_request; - - authentication->base.begin_handshake_reply = &begin_handshake_reply; - - authentication->base.process_handshake = &process_handshake; - - authentication->base.get_shared_secret = &get_shared_secret; - - authentication->base.get_authenticated_peer_credential_token = - &get_authenticated_peer_credential_token; - - authentication->base.set_listener = &set_listener; - - authentication->base.return_identity_token = &return_identity_token; - - authentication->base.return_identity_status_token = - &return_identity_status_token; - - authentication->base.return_authenticated_peer_credential_token = - &return_authenticated_peer_credential_token; - - authentication->base.return_handshake_handle = &return_handshake_handle; - - authentication->base.return_identity_handle = &return_identity_handle; - - authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; - - //prepare implementation wrapper - authentication->id = 1; - - //return the instance - *context = authentication; - return 0; -} - -int32_t finalize_authentication(void *instance) -{ - - ddsrt_free((dds_security_authentication_impl*) instance); - - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h deleted file mode 100644 index c6a416f..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h +++ /dev/null @@ -1,136 +0,0 @@ -/* - * authentication.h - * - * Created on: Jan 15, 2018 - * Author: kurtulus oksuztepe - */ - -#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/authentication_all_ok_other_export.h" - -SECURITY_EXPORT int32_t -init_authentication(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_authentication(void *context); - -DDS_Security_ValidationResult_t -validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - - DDS_Security_SecurityException *ex); -DDS_Security_boolean -get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -return_identity_handle( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c deleted file mode 100644 index 68f53ad..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c +++ /dev/null @@ -1,394 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_authentication.h" -#include -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_authentication_impl { - dds_security_authentication base; - int id; //sample internal member -} dds_security_authentication_impl; - -DDS_Security_ValidationResult_t validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex) -{ - - unsigned i; - DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; - dds_security_authentication_impl *implementation = - (dds_security_authentication_impl *) instance; - char *identity_ca=NULL; - char *identity_certificate=NULL; - char *private_key=NULL; - - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(adjusted_participant_guid); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(candidate_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - implementation->id = 2; - - for( i=0; i< participant_qos->property.value._length; i++) - { - - printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); - if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) - { - private_key = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) - { - identity_ca = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) - { - identity_certificate = participant_qos->property.value._buffer[i].value; - } - } - - /* for Clang's static analyzer */ - assert(identity_certificate != NULL); - assert(identity_ca != NULL); - assert(private_key != NULL); - - if( strcmp(identity_certificate, test_identity_certificate) != 0){ - - result = DDS_SECURITY_VALIDATION_FAILED; - printf("FAILED: Could not get identity_certificate value properly\n"); - } - else if( strcmp(identity_ca, test_ca_certificate) != 0){ - printf("FAILED: Could not get identity_ca value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - }else if( strcmp(private_key, test_privatekey) != 0){ - printf("FAILED: Could not get private_key value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - } - - - return result; -} - -DDS_Security_boolean get_identity_token( dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - memset(identity_token, 0, sizeof(*identity_token)); - - return true; -} - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_status_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(permissions_credential); - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_ValidationResult_t validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(local_auth_request_token); - DDSRT_UNUSED_ARG(remote_auth_request_token); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_token); - DDSRT_UNUSED_ARG(remote_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener( dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_token( dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_handshake_handle( dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_handle( dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(sharedsecret_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_authentication( const char *argument, void **context) -{ - - dds_security_authentication_impl *authentication; - DDSRT_UNUSED_ARG(argument); - - //allocate implementation wrapper - authentication = (dds_security_authentication_impl*) ddsrt_malloc( - sizeof(dds_security_authentication_impl)); - memset(authentication, 0, sizeof(dds_security_authentication_impl)); - - //assign the interface functions - authentication->base.validate_local_identity = &validate_local_identity; - - authentication->base.get_identity_token = &get_identity_token; - - authentication->base.get_identity_status_token = &get_identity_status_token; - - authentication->base.set_permissions_credential_and_token = - &set_permissions_credential_and_token; - - authentication->base.validate_remote_identity = &validate_remote_identity; - - authentication->base.begin_handshake_request = &begin_handshake_request; - - authentication->base.begin_handshake_reply = &begin_handshake_reply; - - authentication->base.process_handshake = &process_handshake; - - authentication->base.get_shared_secret = &get_shared_secret; - - authentication->base.get_authenticated_peer_credential_token = - &get_authenticated_peer_credential_token; - - authentication->base.set_listener = &set_listener; - - authentication->base.return_identity_token = &return_identity_token; - - authentication->base.return_identity_status_token = - &return_identity_status_token; - - authentication->base.return_authenticated_peer_credential_token = - &return_authenticated_peer_credential_token; - - authentication->base.return_handshake_handle = &return_handshake_handle; - - authentication->base.return_identity_handle = &return_identity_handle; - - authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; - - //prepare implementation wrapper - authentication->id = 1; - - //return the instance - *context = authentication; - return 0; -} - -/* wrong finalize function name for test purposes */ -int32_t finalize_authentication_WRONG_NAME( void *instance) -{ - - ddsrt_free((dds_security_authentication_impl*) instance); - - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h deleted file mode 100644 index d7c0e09..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h +++ /dev/null @@ -1,264 +0,0 @@ -/* - * authentication.h - * - * Created on: Jan 15, 2018 - * Author: kurtulus oksuztepe - */ - -#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - - -#include "dds/security/authentication_finalize_error_export.h" - -SECURITY_EXPORT int32_t -init_authentication(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_authentication_WRONG_NAME(void *context); - -char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIGJzCCBA+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRlIx\n\ -DzANBgNVBAgMBkFsc2FjZTETMBEGA1UEBwwKU3RyYXNib3VyZzEYMBYGA1UECgwP\n\ -d3d3LmZyZWVsYW4ub3JnMRAwDgYDVQQLDAdmcmVlbGFuMS0wKwYDVQQDDCRGcmVl\n\ -bGFuIFNhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEW\n\ -E2NvbnRhY3RAZnJlZWxhbi5vcmcwHhcNMTIwNDI3MTAzMTE4WhcNMjIwNDI1MTAz\n\ -MTE4WjB+MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRgwFgYDVQQKDA93\n\ -d3cuZnJlZWxhbi5vcmcxEDAOBgNVBAsMB2ZyZWVsYW4xDjAMBgNVBAMMBWFsaWNl\n\ -MSIwIAYJKoZIhvcNAQkBFhNjb250YWN0QGZyZWVsYW4ub3JnMIICIjANBgkqhkiG\n\ -9w0BAQEFAAOCAg8AMIICCgKCAgEA3W29+ID6194bH6ejLrIC4hb2Ugo8v6ZC+Mrc\n\ -k2dNYMNPjcOKABvxxEtBamnSaeU/IY7FC/giN622LEtV/3oDcrua0+yWuVafyxmZ\n\ -yTKUb4/GUgafRQPf/eiX9urWurtIK7XgNGFNUjYPq4dSJQPPhwCHE/LKAykWnZBX\n\ -RrX0Dq4XyApNku0IpjIjEXH+8ixE12wH8wt7DEvdO7T3N3CfUbaITl1qBX+Nm2Z6\n\ -q4Ag/u5rl8NJfXg71ZmXA3XOj7zFvpyapRIZcPmkvZYn7SMCp8dXyXHPdpSiIWL2\n\ -uB3KiO4JrUYvt2GzLBUThp+lNSZaZ/Q3yOaAAUkOx+1h08285Pi+P8lO+H2Xic4S\n\ -vMq1xtLg2bNoPC5KnbRfuFPuUD2/3dSiiragJ6uYDLOyWJDivKGt/72OVTEPAL9o\n\ -6T2pGZrwbQuiFGrGTMZOvWMSpQtNl+tCCXlT4mWqJDRwuMGrI4DnnGzt3IKqNwS4\n\ -Qyo9KqjMIPwnXZAmWPm3FOKe4sFwc5fpawKO01JZewDsYTDxVj+cwXwFxbE2yBiF\n\ -z2FAHwfopwaH35p3C6lkcgP2k/zgAlnBluzACUI+MKJ/G0gv/uAhj1OHJQ3L6kn1\n\ -SpvQ41/ueBjlunExqQSYD7GtZ1Kg8uOcq2r+WISE3Qc9MpQFFkUVllmgWGwYDuN3\n\ -Zsez95kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT\n\ -TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFlfyRO6G8y5qEFKikl5\n\ -ajb2fT7XMB8GA1UdIwQYMBaAFCNsLT0+KV14uGw+quK7Lh5sh/JTMA0GCSqGSIb3\n\ -DQEBBQUAA4ICAQAT5wJFPqervbja5+90iKxi1d0QVtVGB+z6aoAMuWK+qgi0vgvr\n\ -mu9ot2lvTSCSnRhjeiP0SIdqFMORmBtOCFk/kYDp9M/91b+vS+S9eAlxrNCB5VOf\n\ -PqxEPp/wv1rBcE4GBO/c6HcFon3F+oBYCsUQbZDKSSZxhDm3mj7pb67FNbZbJIzJ\n\ -70HDsRe2O04oiTx+h6g6pW3cOQMgIAvFgKN5Ex727K4230B0NIdGkzuj4KSML0NM\n\ -slSAcXZ41OoSKNjy44BVEZv0ZdxTDrRM4EwJtNyggFzmtTuV02nkUj1bYYYC5f0L\n\ -ADr6s0XMyaNk8twlWYlYDZ5uKDpVRVBfiGcq0uJIzIvemhuTrofh8pBQQNkPRDFT\n\ -Rq1iTo1Ihhl3/Fl1kXk1WR3jTjNb4jHX7lIoXwpwp767HAPKGhjQ9cFbnHMEtkro\n\ -RlJYdtRq5mccDtwT0GFyoJLLBZdHHMHJz0F9H7FNk2tTQQMhK5MVYwg+LIaee586\n\ -CQVqfbscp7evlgjLW98H+5zylRHAgoH2G79aHljNKMp9BOuq6SnEglEsiWGVtu2l\n\ -hnx8SB3sVJZHeer8f/UQQwqbAO+Kdy70NmbSaqaVtp8jOxLiidWkwSyRTsuU6D8i\n\ -DiH5uEqBXExjrj0FslxcVKdVj5glVcSmkLwZKbEU1OKwleT/iXFhvooWhQ==\n\ ------END CERTIFICATE-----"; - -char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIGOTCCBCGgAwIBAgIJAOE/vJd8EB24MA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD\n\ -VQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRMwEQYDVQQHDApTdHJhc2JvdXJnMRgw\n\ -FgYDVQQKDA93d3cuZnJlZWxhbi5vcmcxEDAOBgNVBAsMB2ZyZWVsYW4xLTArBgNV\n\ -BAMMJEZyZWVsYW4gU2FtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGCSqG\n\ -SIb3DQEJARYTY29udGFjdEBmcmVlbGFuLm9yZzAeFw0xMjA0MjcxMDE3NDRaFw0x\n\ -MjA1MjcxMDE3NDRaMIGyMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRMw\n\ -EQYDVQQHDApTdHJhc2JvdXJnMRgwFgYDVQQKDA93d3cuZnJlZWxhbi5vcmcxEDAO\n\ -BgNVBAsMB2ZyZWVsYW4xLTArBgNVBAMMJEZyZWVsYW4gU2FtcGxlIENlcnRpZmlj\n\ -YXRlIEF1dGhvcml0eTEiMCAGCSqGSIb3DQEJARYTY29udGFjdEBmcmVlbGFuLm9y\n\ -ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAODp+8oQcK+MTuWPZVxJ\n\ -ZR75paK4zcUngupYXWSGWFXPTV7vssFk6vInePArTL+T9KwHfiZ29Pp3UbzDlysY\n\ -Kz9f9Ae50jGD6xVPwXgQ/VI979GyFXzhiEMtSYykF04tBJiDl2/FZxbHPpNxC39t\n\ -14kwuDqBin9N/ZbT5+45tbbS8ziXS+QgL5hD2q2eYCWayrGEt1Y+jDAdHDHmGnZ8\n\ -d4hbgILJAs3IInOCDjC4c1gwHFb8G4QHHTwVhjhqpkq2hQHgzWBC1l2Dku/oDYev\n\ -Zu/pfpTo3z6+NOYBrUWseQmIuG+DGMQA9KOuSQveyTywBm4G4vZKn0sCu1/v2+9T\n\ -BGv41tgS/Yf6oeeQVrbS4RFY1r9qTK6DW9wkTTesa4xoDKQrWjSJ7+aa8tvBXLGX\n\ -x2xdRNWLeRMuGBSOihwXmDr+rCJRauT7pItN5X+uWNTX1ofNksQSUMaFJ5K7L0LU\n\ -iQqU2Yyt/8UphdVZL4EFkGSA13UDWtb9mM1hY0h65LlSYwCchEphrtI9cuV+ITrS\n\ -NcN6cP/dqDx1/jWd6dqjNu7+dugwX5elQS9uUYCFmugR5s1m2eeBg3QuC7gZLE0N\n\ -NbgS7oSxKJe9KeOcw68jHWfBKsCfBfQ4fU2t/ntMybT3hCdEMQu4dgM5Tyw/UeFq\n\ -0SaJyTl+G1bTzS0FW6uUp6NLAgMBAAGjUDBOMB0GA1UdDgQWBBQjbC09PildeLhs\n\ -Pqriuy4ebIfyUzAfBgNVHSMEGDAWgBQjbC09PildeLhsPqriuy4ebIfyUzAMBgNV\n\ -HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCwRJpJCgp7S+k9BT6X3kBefonE\n\ -EOYtyWXBPpuyG3Qlm1rdhc66DCGForDmTxjMmHYtNmAVnM37ILW7MoflWrAkaY19\n\ -gv88Fzwa5e6rWK4fTSpiEOc5WB2A3HPN9wJnhQXt1WWMDD7jJSLxLIwFqkzpDbDE\n\ -9122TtnIbmKNv0UQpzPV3Ygbqojy6eZHUOT05NaOT7vviv5QwMAH5WeRfiCys8CG\n\ -Sno/o830OniEHvePTYswLlX22LyfSHeoTQCCI8pocytl7IwARKCvBgeFqvPrMiqP\n\ -ch16FiU9II8KaMgpebrUSz3J1BApOOd1LBd42BeTAkNSxjRvbh8/lDWfnE7ODbKc\n\ -b6Ad3V9flFb5OBZH4aTi6QfrDnBmbLgLL8o/MLM+d3Kg94XRU9LjC2rjivQ6MC53\n\ -EnWNobcJFY+soXsJokGtFxKgIx8XrhF5GOsT2f1pmMlYL4cjlU0uWkPOOkhq8tIp\n\ -R8cBYphzXu1v6h2AaZLRq184e30ZO98omKyQoQ2KAm5AZayRrZZtjvEZPNamSuVQ\n\ -iPe3o/4tyQGq+jEMAEjLlDECu0dEa6RFntcbBPMBP3wZwE2bI9GYgvyaZd63DNdm\n\ -Xd65m0mmfOWYttfrDT3Q95YP54nHpIxKBw1eFOzrnXOqbKVmJ/1FDP2yWeooKVLf\n\ -KvbxUcDaVvXB0EU0bg==\n\ ------END CERTIFICATE-----"; - -char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ -MIIJKQIBAAKCAgEA3W29+ID6194bH6ejLrIC4hb2Ugo8v6ZC+Mrck2dNYMNPjcOK\n\ -ABvxxEtBamnSaeU/IY7FC/giN622LEtV/3oDcrua0+yWuVafyxmZyTKUb4/GUgaf\n\ -RQPf/eiX9urWurtIK7XgNGFNUjYPq4dSJQPPhwCHE/LKAykWnZBXRrX0Dq4XyApN\n\ -ku0IpjIjEXH+8ixE12wH8wt7DEvdO7T3N3CfUbaITl1qBX+Nm2Z6q4Ag/u5rl8NJ\n\ -fXg71ZmXA3XOj7zFvpyapRIZcPmkvZYn7SMCp8dXyXHPdpSiIWL2uB3KiO4JrUYv\n\ -t2GzLBUThp+lNSZaZ/Q3yOaAAUkOx+1h08285Pi+P8lO+H2Xic4SvMq1xtLg2bNo\n\ -PC5KnbRfuFPuUD2/3dSiiragJ6uYDLOyWJDivKGt/72OVTEPAL9o6T2pGZrwbQui\n\ -FGrGTMZOvWMSpQtNl+tCCXlT4mWqJDRwuMGrI4DnnGzt3IKqNwS4Qyo9KqjMIPwn\n\ -XZAmWPm3FOKe4sFwc5fpawKO01JZewDsYTDxVj+cwXwFxbE2yBiFz2FAHwfopwaH\n\ -35p3C6lkcgP2k/zgAlnBluzACUI+MKJ/G0gv/uAhj1OHJQ3L6kn1SpvQ41/ueBjl\n\ -unExqQSYD7GtZ1Kg8uOcq2r+WISE3Qc9MpQFFkUVllmgWGwYDuN3Zsez95kCAwEA\n\ -AQKCAgBymEHxouau4z6MUlisaOn/Ej0mVi/8S1JrqakgDB1Kj6nTRzhbOBsWKJBR\n\ -PzTrIv5aIqYtvJwQzrDyGYcHMaEpNpg5Rz716jPGi5hAPRH+7pyHhO/Watv4bvB+\n\ -lCjO+O+v12+SDC1U96+CaQUFLQSw7H/7vfH4UsJmhvX0HWSSWFzsZRCiklOgl1/4\n\ -vlNgB7MU/c7bZLyor3ZuWQh8Q6fgRSQj0kp1T/78RrwDl8r7xG4gW6vj6F6m+9bg\n\ -ro5Zayu3qxqJhWVvR3OPvm8pVa4hIJR5J5Jj3yZNOwdOX/Saiv6tEx7MvB5bGQlC\n\ -6co5SIEPPZ/FNC1Y/PNOWrb/Q4GW1AScdICZu7wIkKzWAJCo59A8Luv5FV8vm4R2\n\ -4JkyB6kXcVfowrjYXqDF/UX0ddDLLGF96ZStte3PXX8PQWY89FZuBkGw6NRZInHi\n\ -xinN2V8cm7Cw85d9Ez2zEGB4KC7LI+JgLQtdg3XvbdfhOi06eGjgK2mwfOqT8Sq+\n\ -v9POIJXTNEI3fi3dB86af/8OXRtOrAa1mik2msDI1Goi7cKQbC3fz/p1ISQCptvs\n\ -YvNwstDDutkA9o9araQy5b0LC6w5k+CSdVNbd8O2EUd0OBOUjblHKvdZ3Voz8EDF\n\ -ywYimmNGje1lK8nh2ndpja5q3ipDs1hKg5UujoGfei2gn0ch5QKCAQEA8O+IHOOu\n\ -T/lUgWspophE0Y1aUJQPqgK3EiKB84apwLfz2eAPSBff2dCN7Xp6s//u0fo41LE5\n\ -P0ds/5eu9PDlNF6HH5H3OYpV/57v5O2OSBQdB/+3TmNmQGYJCSzouIS3YNOUPQ1z\n\ -FFvRateN91BW7wKFHr0+M4zG6ezfutAQywWNoce7oGaYTT8z/yWXqmFidDqng5w5\n\ -6d8t40ScozIVacGug+lRi8lbTC+3Tp0r+la66h49upged3hFOvGXIOybvYcE98K2\n\ -GpNl9cc4q6O1WLdR7QC91ZNflKOKE8fALLZ/stEXL0p2bixbSnbIdxOEUch/iQhM\n\ -chxlsRFLjxV1dwKCAQEA60X6LyefIlXzU3PA+gIRYV0g8FOxzxXfvqvYeyOGwDaa\n\ -p/Ex50z76jIJK8wlW5Ei7U6xsxxw3E9DLH7Sf3H4KiGouBVIdcv9+IR0LcdYPR9V\n\ -oCQ1Mm5a7fjnm/FJwTokdgWGSwmFTH7/jGcNHZ8lumlRFCj6VcLT/nRxM6dgIXSo\n\ -w1D9QGC9V+e6KOZ6VR5xK0h8pOtkqoGrbFLu26GPBSuguPJXt0fwJt9PAG+6VvxJ\n\ -89NLML/n+g2/jVKXhfTT1Mbb3Fx4lnbLnkP+JrvYIaoQ1PZNggILYCUGJJTLtqOT\n\ -gkg1S41/X8EFg671kAB6ZYPbd5WnL14Xp0a9MOB/bwKCAQEA6WVAl6u/al1/jTdA\n\ -R+/1ioHB4Zjsa6bhrUGcXUowGy6XnJG+e/oUsS2kr04cm03sDaC1eOSNLk2Euzw3\n\ -EbRidI61mtGNikIF+PAAN+YgFJbXYK5I5jjIDs5JJohIkKaP9c5AJbxnpGslvLg/\n\ -IDrFXBc22YY9QTa4YldCi/eOrP0eLIANs95u3zXAqwPBnh1kgG9pYsbuGy5Fh4kp\n\ -q7WSpLYo1kQo6J8QQAdhLVh4B7QIsU7GQYGm0djCR81Mt2o9nCW1nEUUnz32YVay\n\ -ASM/Q0eip1I2kzSGPLkHww2XjjjkD1cZfIhHnYZ+kO3sV92iKo9tbFOLqmbz48l7\n\ -RoplFQKCAQEA6i+DcoCL5A+N3tlvkuuQBUw/xzhn2uu5BP/kwd2A+b7gfp6Uv9lf\n\ -P6SCgHf6D4UOMQyN0O1UYdb71ESAnp8BGF7cpC97KtXcfQzK3+53JJAWGQsxcHts\n\ -Q0foss6gTZfkRx4EqJhXeOdI06aX5Y5ObZj7PYf0dn0xqyyYqYPHKkYG3jO1gelJ\n\ -T0C3ipKv3h4pI55Jg5dTYm0kBvUeELxlsg3VM4L2UNdocikBaDvOTVte+Taut12u\n\ -OLaKns9BR/OFD1zJ6DSbS5n/4A9p4YBFCG1Rx8lLKUeDrzXrQWpiw+9amunpMsUr\n\ -rlJhfMwgXjA7pOR1BjmOapXMEZNWKlqsPQKCAQByVDxIwMQczUFwQMXcu2IbA3Z8\n\ -Czhf66+vQWh+hLRzQOY4hPBNceUiekpHRLwdHaxSlDTqB7VPq+2gSkVrCX8/XTFb\n\ -SeVHTYE7iy0Ckyme+2xcmsl/DiUHfEy+XNcDgOutS5MnWXANqMQEoaLW+NPLI3Lu\n\ -V1sCMYTd7HN9tw7whqLg18wB1zomSMVGT4DkkmAzq4zSKI1FNYp8KA3OE1Emwq+0\n\ -wRsQuawQVLCUEP3To6kYOwTzJq7jhiUK6FnjLjeTrNQSVdoqwoJrlTAHgXVV3q7q\n\ -v3TGd3xXD9yQIjmugNgxNiwAZzhJs/ZJy++fPSJ1XQxbd9qPghgGoe/ff6G7\n\ ------END RSA PRIVATE KEY-----"; - - - -DDS_Security_ValidationResult_t -validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - - DDS_Security_SecurityException *ex); -DDS_Security_boolean -get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -return_identity_handle( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c deleted file mode 100644 index d42e4f5..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c +++ /dev/null @@ -1,347 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_authentication.h" -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_authentication_impl { - dds_security_authentication base; - int id; //sample internal member -} dds_security_authentication_impl; - -DDS_Security_ValidationResult_t validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex) -{ - - unsigned i; - DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; - dds_security_authentication_impl *implementation = - (dds_security_authentication_impl *) instance; - char *identity_ca = NULL; - char *identity_certificate = NULL; - char *private_key = NULL; - - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(adjusted_participant_guid); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(candidate_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - implementation->id = 2; - - memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); - - for( i=0; i< participant_qos->property.value._length; i++) - { - - //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); - printf("%s\n",participant_qos->property.value._buffer[i].name); - if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) - { - private_key = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) - { - identity_ca = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) - { - identity_certificate = participant_qos->property.value._buffer[i].value; - } - } - - if( strcmp(identity_certificate, test_identity_certificate) != 0){ - - result = DDS_SECURITY_VALIDATION_FAILED; - printf("FAILED: Could not get identity_certificate value properly\n"); - } - else if( strcmp(identity_ca, test_ca_certificate) != 0){ - printf("FAILED: Could not get identity_ca value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - }else if( strcmp(private_key, test_privatekey) != 0){ - printf("FAILED: Could not get private_key value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - } - - if( result == DDS_SECURITY_VALIDATION_OK ) - { - printf("DDS_SECURITY_VALIDATION_OK\n"); - } - - - return result; -} - -DDS_Security_boolean get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - memset(identity_token, 0, sizeof(*identity_token)); - - return true; -} - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_status_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(permissions_credential); - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_ValidationResult_t validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(local_auth_request_token); - DDSRT_UNUSED_ARG(remote_auth_request_token); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_token); - DDSRT_UNUSED_ARG(remote_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(sharedsecret_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_authentication( const char *argument, void **context) -{ - - DDSRT_UNUSED_ARG(argument); - DDSRT_UNUSED_ARG(context); - - /* return error code for test purposes */ - return 1; -} - -int32_t finalize_authentication(void *instance) -{ - - ddsrt_free((dds_security_authentication_impl*) instance); - - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h deleted file mode 100644 index faceace..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/authentication_init_error_export.h" - -SECURITY_EXPORT int32_t -init_authentication(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_authentication(void *context); - -char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ -MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ -aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ -Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\ -TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\ -VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\ -YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\ -Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\ -kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\ -9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\ -+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\ -/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\ -Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\ -kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\ -Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\ -jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\ -gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\ -By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\ -xEEFrw==\n\ ------END CERTIFICATE-----"; - -char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ -MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ -aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ -Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\ -TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\ -ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\ -ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\ -bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\ -0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\ -SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\ -72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\ -tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\ -9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\ -FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\ -CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\ -BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\ -AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\ -ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\ -Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\ -NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\ -sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\ -AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\ -O9IAQi5pa15gXjSbUg==\n\ ------END CERTIFICATE-----"; - -char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ -MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\ -k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\ -DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\ -FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\ -m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\ -8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\ -8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\ -E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\ -wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\ -tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\ -MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\ -ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\ -CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\ -LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\ -rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\ -paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\ -9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\ -HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\ -wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\ -/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\ -P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\ -MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\ -H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\ -ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\ -LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\ ------END RSA PRIVATE KEY-----"; - - -DDS_Security_ValidationResult_t -validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - - DDS_Security_SecurityException *ex); -DDS_Security_boolean -get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -return_identity_handle( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c deleted file mode 100644 index c80c8d1..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c +++ /dev/null @@ -1,402 +0,0 @@ -/* - * authentication.c - * - * Created on: Jan 12, 2018 - * Author: kurtulus oksuztepe - * - * Description: This file implements the Authentication interface for DDS Security 1.2 - * - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include "mock_authentication.h" -#include -#include -#include -#include - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_authentication_impl { - dds_security_authentication base; - int id; //sample internal member -} dds_security_authentication_impl; - -DDS_Security_ValidationResult_t validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - DDS_Security_SecurityException *ex) -{ - - unsigned i; - DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; - dds_security_authentication_impl *implementation = - (dds_security_authentication_impl *) instance; - char *identity_ca = NULL; - char *identity_certificate = NULL; - char *private_key = NULL; - - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(adjusted_participant_guid); - DDSRT_UNUSED_ARG(domain_id); - DDSRT_UNUSED_ARG(participant_qos); - DDSRT_UNUSED_ARG(candidate_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - implementation->id = 2; - - memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); - - for( i=0; i< participant_qos->property.value._length; i++) - { - - //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); - printf("%s\n",participant_qos->property.value._buffer[i].name); - if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) - { - private_key = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) - { - identity_ca = participant_qos->property.value._buffer[i].value; - } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) - { - identity_certificate = participant_qos->property.value._buffer[i].value; - } - } - - /* for Clang's static analyzer */ - assert(identity_certificate != NULL); - assert(identity_ca != NULL); - assert(private_key != NULL); - - if( strcmp(identity_certificate, test_identity_certificate) != 0){ - - result = DDS_SECURITY_VALIDATION_FAILED; - printf("FAILED: Could not get identity_certificate value properly\n"); - } - else if( strcmp(identity_ca, test_ca_certificate) != 0){ - printf("FAILED: Could not get identity_ca value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - }else if( strcmp(private_key, test_privatekey) != 0){ - printf("FAILED: Could not get private_key value properly\n"); - result = DDS_SECURITY_VALIDATION_FAILED; - } - - if( result == DDS_SECURITY_VALIDATION_OK ) - { - printf("DDS_SECURITY_VALIDATION_OK\n"); - } - - - return result; -} - -DDS_Security_boolean get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - memset(identity_token, 0, sizeof(*identity_token)); - - return true; -} - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_status_token); - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handle); - DDSRT_UNUSED_ARG(permissions_credential); - DDSRT_UNUSED_ARG(permissions_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_ValidationResult_t validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(remote_identity_handle); - DDSRT_UNUSED_ARG(local_auth_request_token); - DDSRT_UNUSED_ARG(remote_auth_request_token); - DDSRT_UNUSED_ARG(local_identity_handle); - DDSRT_UNUSED_ARG(remote_identity_token); - DDSRT_UNUSED_ARG(remote_participant_guid); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(initiator_identity_handle); - DDSRT_UNUSED_ARG(replier_identity_handle); - DDSRT_UNUSED_ARG(serialized_local_participant_data); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_ValidationResult_t process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_message_out); - DDSRT_UNUSED_ARG(handshake_message_in); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return DDS_SECURITY_VALIDATION_OK; -} - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return 0; -} - -DDS_Security_boolean get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(listener); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(peer_credential_token); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(handshake_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(identity_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(sharedsecret_handle); - DDSRT_UNUSED_ARG(ex); - DDSRT_UNUSED_ARG(instance); - - return true; -} - -int32_t init_authentication( const char *argument, void **context) -{ - - dds_security_authentication_impl *authentication; - - DDSRT_UNUSED_ARG(argument); - - //allocate implementation wrapper - authentication = (dds_security_authentication_impl*) ddsrt_malloc( - sizeof(dds_security_authentication_impl)); - memset(authentication, 0, sizeof(dds_security_authentication_impl)); - - //assign the interface functions - authentication->base.validate_local_identity = &validate_local_identity; - - authentication->base.get_identity_token = &get_identity_token; - - authentication->base.get_identity_status_token = &get_identity_status_token; - - authentication->base.set_permissions_credential_and_token = - &set_permissions_credential_and_token; - - authentication->base.validate_remote_identity = &validate_remote_identity; - - authentication->base.begin_handshake_request = &begin_handshake_request; - - authentication->base.begin_handshake_reply = &begin_handshake_reply; - - authentication->base.process_handshake = &process_handshake; - - /* missing function - authentication->base.get_shared_secret = &get_shared_secret; - */ - - authentication->base.get_authenticated_peer_credential_token = - &get_authenticated_peer_credential_token; - - authentication->base.set_listener = &set_listener; - - authentication->base.return_identity_token = &return_identity_token; - - authentication->base.return_identity_status_token = - &return_identity_status_token; - - authentication->base.return_authenticated_peer_credential_token = - &return_authenticated_peer_credential_token; - - authentication->base.return_handshake_handle = &return_handshake_handle; - - authentication->base.return_identity_handle = &return_identity_handle; - - authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; - - //prepare implementation wrapper - authentication->id = 1; - - //return the instance - *context = authentication; - return 0; -} - -int32_t finalize_authentication(void *instance) -{ - - ddsrt_free((dds_security_authentication_impl*) instance); - - return 0; -} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h deleted file mode 100644 index d3854b1..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ -#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ - -#include "dds/security/authentication_missing_function_export.h" - -SECURITY_EXPORT int32_t -init_authentication(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_authentication(void *context); - -char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ -MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ -aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ -Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\ -TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\ -VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\ -YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\ -Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\ -kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\ -9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\ -+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\ -/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\ -Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\ -kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\ -Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\ -jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\ -gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\ -By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\ -xEEFrw==\n\ ------END CERTIFICATE-----"; - -char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ -MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ -MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ -aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ -Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\ -TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\ -ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\ -ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\ -bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\ -0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\ -SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\ -72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\ -tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\ -9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\ -FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\ -CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\ -BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\ -AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\ -ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\ -Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\ -NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\ -sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\ -AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\ -O9IAQi5pa15gXjSbUg==\n\ ------END CERTIFICATE-----"; - -char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ -MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\ -k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\ -DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\ -FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\ -m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\ -8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\ -8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\ -E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\ -wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\ -tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\ -MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\ -ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\ -CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\ -LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\ -rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\ -paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\ -9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\ -HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\ -wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\ -/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\ -P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\ -MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\ -H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\ -ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\ -LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\ ------END RSA PRIVATE KEY-----"; - - -DDS_Security_ValidationResult_t -validate_local_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *local_identity_handle, - DDS_Security_GUID_t *adjusted_participant_guid, - const DDS_Security_DomainId domain_id, - const DDS_Security_Qos *participant_qos, - const DDS_Security_GUID_t *candidate_participant_guid, - - DDS_Security_SecurityException *ex); -DDS_Security_boolean -get_identity_token(dds_security_authentication *instance, - DDS_Security_IdentityToken *identity_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -set_permissions_credential_and_token( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle handle, - const DDS_Security_PermissionsCredentialToken *permissions_credential, - const DDS_Security_PermissionsToken *permissions_token, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -validate_remote_identity( - dds_security_authentication *instance, - DDS_Security_IdentityHandle *remote_identity_handle, - DDS_Security_AuthRequestMessageToken *local_auth_request_token, - const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, - const DDS_Security_IdentityHandle local_identity_handle, - const DDS_Security_IdentityToken *remote_identity_token, - const DDS_Security_GUID_t *remote_participant_guid, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_request( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -begin_handshake_reply( - dds_security_authentication *instance, - DDS_Security_HandshakeHandle *handshake_handle, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_IdentityHandle initiator_identity_handle, - const DDS_Security_IdentityHandle replier_identity_handle, - const DDS_Security_OctetSeq *serialized_local_participant_data, - DDS_Security_SecurityException *ex); - -DDS_Security_ValidationResult_t -process_handshake( - dds_security_authentication *instance, - DDS_Security_HandshakeMessageToken *handshake_message_out, - const DDS_Security_HandshakeMessageToken *handshake_message_in, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_SharedSecretHandle get_shared_secret( - dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -get_authenticated_peer_credential_token( - dds_security_authentication *instance, - DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); - - -DDS_Security_boolean get_identity_status_token( - dds_security_authentication *instance, - DDS_Security_IdentityStatusToken *identity_status_token, - const DDS_Security_IdentityHandle handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean set_listener(dds_security_authentication *instance, - const dds_security_authentication_listener *listener, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_token(dds_security_authentication *instance, - const DDS_Security_IdentityToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_identity_status_token( - dds_security_authentication *instance, - const DDS_Security_IdentityStatusToken *token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_authenticated_peer_credential_token( - dds_security_authentication *instance, - const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean -return_handshake_handle(dds_security_authentication *instance, - const DDS_Security_HandshakeHandle handshake_handle, - DDS_Security_SecurityException *ex); -DDS_Security_boolean -return_identity_handle( - dds_security_authentication *instance, - const DDS_Security_IdentityHandle identity_handle, - DDS_Security_SecurityException *ex); - -DDS_Security_boolean return_sharedsecret_handle( - dds_security_authentication *instance, - const DDS_Security_SharedSecretHandle sharedsecret_handle, - DDS_Security_SecurityException *ex); - - - -#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c deleted file mode 100644 index 7f664bf..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c +++ /dev/null @@ -1,667 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include -#include -#include -#include "mock_cryptography.h" -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_cryptography_impl { - dds_security_cryptography base; - int member; -} dds_security_cryptography_impl; - - -dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void); -void dds_security_crypto_key_exchange__dealloc( - dds_security_crypto_key_exchange* instance); - -dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void); -void dds_security_crypto_key_factory__dealloc( - dds_security_crypto_key_factory* instance); - -/** - * CryptoTransform Interface - */ - -/* - * Allocation function for implementer structure (with internal variables) transparently. - * - */ - -dds_security_crypto_transform* dds_security_crypto_transform__alloc(void); -void dds_security_crypto_transform__dealloc( - dds_security_crypto_transform* instance); - - -int32_t init_crypto( const char *argument, void **context) -{ - - dds_security_cryptography_impl *cryptography; - - dds_security_crypto_key_exchange *crypto_key_exchange; - dds_security_crypto_key_factory *crypto_key_factory; - dds_security_crypto_transform *crypto_transform; - - - DDSRT_UNUSED_ARG(argument); - - //allocate new instance - cryptography = (dds_security_cryptography_impl*) ddsrt_malloc( - sizeof(dds_security_cryptography_impl)); - - //assign the sub components - crypto_key_exchange = dds_security_crypto_key_exchange__alloc(); - crypto_key_factory = dds_security_crypto_key_factory__alloc(); - crypto_transform = dds_security_crypto_transform__alloc(); - - - cryptography->base.crypto_key_exchange = crypto_key_exchange; - cryptography->base.crypto_key_factory = crypto_key_factory; - cryptography->base.crypto_transform = crypto_transform; - - //return the instance - *context = cryptography; - return 0; -} - -int32_t finalize_crypto( void *instance) -{ - - dds_security_cryptography_impl* instance_impl = - (dds_security_cryptography_impl*) instance; - - //deallocate components - dds_security_crypto_key_exchange__dealloc( - instance_impl->base.crypto_key_exchange); - dds_security_crypto_key_factory__dealloc( - instance_impl->base.crypto_key_factory); - dds_security_crypto_transform__dealloc(instance_impl->base.crypto_transform); - //deallocate cryptography - ddsrt_free(instance_impl); - - return 0; -} - - - - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_key_exchange_impl { - dds_security_crypto_key_exchange base; - int member; -} dds_security_crypto_key_exchange_impl; - -/** - * Function implementations - */ -static DDS_Security_boolean create_local_participant_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_participant_crypto_tokens); - DDSRT_UNUSED_ARG(local_participant_crypto); - DDSRT_UNUSED_ARG(remote_participant_crypto); - DDSRT_UNUSED_ARG(ex); - return true; - -} - -static DDS_Security_boolean set_remote_participant_crypto_tokens( - dds_security_crypto_key_exchange *instance, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_participant_crypto); - DDSRT_UNUSED_ARG(remote_participant_crypto); - DDSRT_UNUSED_ARG(remote_participant_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean create_local_datawriter_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawriter_crypto_tokens); - DDSRT_UNUSED_ARG(local_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datareader_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean set_remote_datawriter_crypto_tokens( - dds_security_crypto_key_exchange *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean create_local_datareader_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_cryto_tokens); - DDSRT_UNUSED_ARG(local_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean set_remote_datareader_crypto_tokens( - dds_security_crypto_key_exchange *instance, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datareader_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean return_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_CryptoTokenSeq *crypto_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(crypto_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void) -{ - dds_security_crypto_key_exchange_impl *instance; - instance = (dds_security_crypto_key_exchange_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_key_exchange_impl)); - - instance->base.create_local_participant_crypto_tokens = - &create_local_participant_crypto_tokens; - - instance->base.set_remote_participant_crypto_tokens = - &set_remote_participant_crypto_tokens; - - instance->base.create_local_datawriter_crypto_tokens = - &create_local_datawriter_crypto_tokens; - - instance->base.set_remote_datawriter_crypto_tokens = - &set_remote_datawriter_crypto_tokens; - - instance->base.create_local_datareader_crypto_tokens = - &create_local_datareader_crypto_tokens; - - instance->base.set_remote_datareader_crypto_tokens = - &set_remote_datareader_crypto_tokens; - - instance->base.return_crypto_tokens = &return_crypto_tokens; - - return (dds_security_crypto_key_exchange*) instance; -} - -void dds_security_crypto_key_exchange__dealloc( - dds_security_crypto_key_exchange* instance) -{ - - ddsrt_free((dds_security_crypto_key_exchange_impl*) instance); -} - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_key_factory_impl { - dds_security_crypto_key_factory base; - int member; -} dds_security_crypto_key_factory_impl; - -/** - * Function implementations - */ - -static DDS_Security_ParticipantCryptoHandle register_local_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_IdentityHandle participant_identity, - const DDS_Security_PermissionsHandle participant_permissions, - const DDS_Security_PropertySeq *participant_properties, - const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_identity); - DDSRT_UNUSED_ARG(participant_permissions); - DDSRT_UNUSED_ARG(participant_properties); - DDSRT_UNUSED_ARG(participant_security_attributes); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, - const DDS_Security_IdentityHandle remote_participant_identity, - const DDS_Security_PermissionsHandle remote_participant_permissions, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_participant_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_identity); - DDSRT_UNUSED_ARG(remote_participant_permissions); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatawriterCryptoHandle register_local_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto, - const DDS_Security_PropertySeq *datawriter_properties, - const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto); - DDSRT_UNUSED_ARG(datawriter_properties); - DDSRT_UNUSED_ARG(datawriter_security_attributes); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle local_datawritert_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - const DDS_Security_SharedSecretHandle shared_secret, - const DDS_Security_boolean relay_only, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawritert_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_crypto); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(relay_only); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatareaderCryptoHandle register_local_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto, - const DDS_Security_PropertySeq *datareader_properties, - const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto); - DDSRT_UNUSED_ARG(datareader_properties); - DDSRT_UNUSED_ARG(datareader_security_attributes); - DDSRT_UNUSED_ARG(ex); - - return 0; -} - -static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_crypt); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datawriter_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datareader_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void) -{ - dds_security_crypto_key_factory_impl *instance; - instance = (dds_security_crypto_key_factory_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_key_factory_impl)); - - instance->base.register_local_participant = ®ister_local_participant; - - instance->base.register_matched_remote_participant = - ®ister_matched_remote_participant; - - instance->base.register_local_datawriter = ®ister_local_datawriter; - - instance->base.register_matched_remote_datareader = - ®ister_matched_remote_datareader; - - instance->base.register_local_datareader = ®ister_local_datareader; - - instance->base.register_matched_remote_datawriter = - ®ister_matched_remote_datawriter; - - instance->base.unregister_participant = &unregister_participant; - - instance->base.unregister_datawriter = &unregister_datawriter; - - instance->base.unregister_datareader = &unregister_datareader; - - return (dds_security_crypto_key_factory*) instance; -} - -void dds_security_crypto_key_factory__dealloc( - dds_security_crypto_key_factory* instance) -{ - - ddsrt_free((dds_security_crypto_key_factory_impl*) instance); -} - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_transform_impl { - dds_security_crypto_transform base; - int member; -} dds_security_crypto_transform_impl; - -/** - * Function implementations - */ -static DDS_Security_boolean encode_serialized_payload( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_buffer, - DDS_Security_OctetSeq *extra_inline_qos, - const DDS_Security_OctetSeq *plain_buffer, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(extra_inline_qos); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_datawriter_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, - int32_t *receiving_datareader_crypto_list_index, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(receiving_datareader_crypto_list); - DDSRT_UNUSED_ARG(receiving_datareader_crypto_list_index); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_datareader_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(sending_datareader_crypto); - DDSRT_UNUSED_ARG(receiving_datawriter_crypto_list); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_rtps_message( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, - int32_t *receiving_participant_crypto_list_index, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_message); - DDSRT_UNUSED_ARG(plain_rtps_message); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(receiving_participant_crypto_list); - DDSRT_UNUSED_ARG(receiving_participant_crypto_list_index); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_rtps_message( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(receiving_participant_crypto); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - - -static DDS_Security_boolean preprocess_secure_submsg( - dds_security_crypto_transform *instance, - DDS_Security_DatawriterCryptoHandle *datawriter_crypto, - DDS_Security_DatareaderCryptoHandle *datareader_crypto, - DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datawriter_crypto); - DDSRT_UNUSED_ARG(datareader_crypto); - DDSRT_UNUSED_ARG(secure_submessage_category); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(receiving_participant_crypto); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_datawriter_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(receiving_datareader_crypto); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_datareader_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_rtps_message); - DDSRT_UNUSED_ARG(encoded_rtps_message); - DDSRT_UNUSED_ARG(receiving_datawriter_crypto); - DDSRT_UNUSED_ARG(sending_datareader_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_serialized_payload( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_OctetSeq *inline_qos, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(inline_qos); - DDSRT_UNUSED_ARG(receiving_datareader_crypto); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -dds_security_crypto_transform* dds_security_crypto_transform__alloc(void) -{ - dds_security_crypto_transform_impl *instance; - instance = (dds_security_crypto_transform_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_transform_impl)); - - memset( instance, 0, sizeof(dds_security_crypto_transform_impl)); - - instance->base.encode_datawriter_submessage = &encode_datawriter_submessage; - - instance->base.encode_datareader_submessage = &encode_datareader_submessage; - - instance->base.encode_rtps_message = &encode_rtps_message; - - instance->base.decode_rtps_message = &decode_rtps_message; - - instance->base.preprocess_secure_submsg = &preprocess_secure_submsg; - - instance->base.decode_datawriter_submessage = &decode_datawriter_submessage; - - instance->base.decode_datareader_submessage = &decode_datareader_submessage; - - instance->base.decode_serialized_payload = &decode_serialized_payload; - - instance->base.encode_serialized_payload = &encode_serialized_payload; - - return (dds_security_crypto_transform*) instance; -} - -void dds_security_crypto_transform__dealloc( - dds_security_crypto_transform* instance) -{ - - ddsrt_free((dds_security_crypto_transform_impl*) instance); -} - - diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h deleted file mode 100644 index e532a94..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * authentication.h - * - * Created on: Jan 15, 2018 - * Author: kurtulus oksuztepe - */ - -#ifndef SECURITY_CRYPTO_OK_H_ -#define SECURITY_CRYPTO_OK_H_ - -#include "dds/security/cryptography_all_ok_export.h" -#include "dds/security/dds_security_api.h" - -SECURITY_EXPORT int32_t -init_crypto(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_crypto(void *context); - - -#endif /* SECURITY_CRYPTO_OK_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c deleted file mode 100644 index 3a72441..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c +++ /dev/null @@ -1,656 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/misc.h" -#include -#include -#include -#include "mock_cryptography.h" -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_cryptography_impl { - dds_security_cryptography base; - int member; -} dds_security_cryptography_impl; - - -dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void); -void dds_security_crypto_key_exchange__dealloc( - dds_security_crypto_key_exchange* instance); - -dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void); -void dds_security_crypto_key_factory__dealloc( - dds_security_crypto_key_factory* instance); - -/** - * CryptoTransform Interface - */ - -/* - * Allocation function for implementer structure (with internal variables) transparently. - * - */ - -dds_security_crypto_transform* dds_security_crypto_transform__alloc(void); -void dds_security_crypto_transform__dealloc( - dds_security_crypto_transform* instance); - - -int32_t init_crypto( const char *argument, void **context) -{ - - dds_security_cryptography_impl *cryptography; - - dds_security_crypto_key_exchange *crypto_key_exchange; - dds_security_crypto_key_factory *crypto_key_factory; - dds_security_crypto_transform *crypto_transform; - - - DDSRT_UNUSED_ARG(argument); - - //allocate new instance - cryptography = (dds_security_cryptography_impl*) ddsrt_malloc( - sizeof(dds_security_cryptography_impl)); - - memset( cryptography, 0, sizeof(dds_security_cryptography_impl)); - //assign the sub components - crypto_key_exchange = dds_security_crypto_key_exchange__alloc(); - crypto_key_factory = dds_security_crypto_key_factory__alloc(); - crypto_transform = dds_security_crypto_transform__alloc(); - - - cryptography->base.crypto_key_exchange = crypto_key_exchange; - cryptography->base.crypto_key_factory = crypto_key_factory; - cryptography->base.crypto_transform = crypto_transform; - - //return the instance - *context = cryptography; - return 0; -} - -int32_t finalize_crypto( void *instance) -{ - - dds_security_cryptography_impl* instance_impl = - (dds_security_cryptography_impl*) instance; - - //deallocate components - dds_security_crypto_key_exchange__dealloc( - instance_impl->base.crypto_key_exchange); - dds_security_crypto_key_factory__dealloc( - instance_impl->base.crypto_key_factory); - dds_security_crypto_transform__dealloc(instance_impl->base.crypto_transform); - //deallocate cryptography - ddsrt_free(instance_impl); - - return 0; -} - - - - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_key_exchange_impl { - dds_security_crypto_key_exchange base; - int member; -} dds_security_crypto_key_exchange_impl; - -/** - * Function implementations - */ -static DDS_Security_boolean create_local_participant_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_participant_crypto_tokens); - DDSRT_UNUSED_ARG(local_participant_crypto); - DDSRT_UNUSED_ARG(remote_participant_crypto); - DDSRT_UNUSED_ARG(ex); - return true; - -} - -static DDS_Security_boolean create_local_datawriter_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawriter_crypto_tokens); - DDSRT_UNUSED_ARG(local_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datareader_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean set_remote_datawriter_crypto_tokens( - dds_security_crypto_key_exchange *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean create_local_datareader_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_cryto_tokens); - DDSRT_UNUSED_ARG(local_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean set_remote_datareader_crypto_tokens( - dds_security_crypto_key_exchange *instance, - const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, - const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawriter_crypto); - DDSRT_UNUSED_ARG(remote_datareader_crypto); - DDSRT_UNUSED_ARG(remote_datareader_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean return_crypto_tokens( - dds_security_crypto_key_exchange *instance, - DDS_Security_CryptoTokenSeq *crypto_tokens, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(crypto_tokens); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void) -{ - dds_security_crypto_key_exchange_impl *instance; - instance = (dds_security_crypto_key_exchange_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_key_exchange_impl)); - - memset( instance, 0, sizeof(dds_security_crypto_key_exchange_impl)); - - instance->base.create_local_participant_crypto_tokens = - &create_local_participant_crypto_tokens; - - /* Do not assign it for testing purposes - instance->base.set_remote_participant_crypto_tokens = - &set_remote_participant_crypto_tokens; - */ - - instance->base.create_local_datawriter_crypto_tokens = - &create_local_datawriter_crypto_tokens; - - instance->base.set_remote_datawriter_crypto_tokens = - &set_remote_datawriter_crypto_tokens; - - instance->base.create_local_datareader_crypto_tokens = - &create_local_datareader_crypto_tokens; - - instance->base.set_remote_datareader_crypto_tokens = - &set_remote_datareader_crypto_tokens; - - instance->base.return_crypto_tokens = &return_crypto_tokens; - - return (dds_security_crypto_key_exchange*) instance; -} - -void dds_security_crypto_key_exchange__dealloc( - dds_security_crypto_key_exchange* instance) -{ - - ddsrt_free((dds_security_crypto_key_exchange_impl*) instance); -} - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_key_factory_impl { - dds_security_crypto_key_factory base; - int member; -} dds_security_crypto_key_factory_impl; - -/** - * Function implementations - */ - -static DDS_Security_ParticipantCryptoHandle register_local_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_IdentityHandle participant_identity, - const DDS_Security_PermissionsHandle participant_permissions, - const DDS_Security_PropertySeq *participant_properties, - const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_identity); - DDSRT_UNUSED_ARG(participant_permissions); - DDSRT_UNUSED_ARG(participant_properties); - DDSRT_UNUSED_ARG(participant_security_attributes); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, - const DDS_Security_IdentityHandle remote_participant_identity, - const DDS_Security_PermissionsHandle remote_participant_permissions, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_participant_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_identity); - DDSRT_UNUSED_ARG(remote_participant_permissions); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatawriterCryptoHandle register_local_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto, - const DDS_Security_PropertySeq *datawriter_properties, - const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto); - DDSRT_UNUSED_ARG(datawriter_properties); - DDSRT_UNUSED_ARG(datawriter_security_attributes); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle local_datawritert_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, - const DDS_Security_SharedSecretHandle shared_secret, - const DDS_Security_boolean relay_only, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datawritert_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_crypto); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(relay_only); - DDSRT_UNUSED_ARG(ex); - return 0; -} - -static DDS_Security_DatareaderCryptoHandle register_local_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto, - const DDS_Security_PropertySeq *datareader_properties, - const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto); - DDSRT_UNUSED_ARG(datareader_properties); - DDSRT_UNUSED_ARG(datareader_security_attributes); - DDSRT_UNUSED_ARG(ex); - - return 0; -} - -static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, - const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, - const DDS_Security_SharedSecretHandle shared_secret, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(local_datareader_crypto_handle); - DDSRT_UNUSED_ARG(remote_participant_crypt); - DDSRT_UNUSED_ARG(shared_secret); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_participant( - dds_security_crypto_key_factory *instance, - const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(participant_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_datawriter( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datawriter_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -static DDS_Security_boolean unregister_datareader( - dds_security_crypto_key_factory *instance, - const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datareader_crypto_handle); - DDSRT_UNUSED_ARG(ex); - return true; -} - -dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void) -{ - dds_security_crypto_key_factory_impl *instance; - instance = (dds_security_crypto_key_factory_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_key_factory_impl)); - - memset( instance, 0, sizeof(dds_security_crypto_key_factory_impl)); - instance->base.register_local_participant = ®ister_local_participant; - - instance->base.register_matched_remote_participant = - ®ister_matched_remote_participant; - - instance->base.register_local_datawriter = ®ister_local_datawriter; - - instance->base.register_matched_remote_datareader = - ®ister_matched_remote_datareader; - - instance->base.register_local_datareader = ®ister_local_datareader; - - instance->base.register_matched_remote_datawriter = - ®ister_matched_remote_datawriter; - - instance->base.unregister_participant = &unregister_participant; - - instance->base.unregister_datawriter = &unregister_datawriter; - - instance->base.unregister_datareader = &unregister_datareader; - - return (dds_security_crypto_key_factory*) instance; -} - -void dds_security_crypto_key_factory__dealloc( - dds_security_crypto_key_factory* instance) -{ - - ddsrt_free((dds_security_crypto_key_factory_impl*) instance); -} - - - -/** - * Implementation structure for storing encapsulated members of the instance - * while giving only the interface definition to user - */ - -typedef struct dds_security_crypto_transform_impl { - dds_security_crypto_transform base; - int member; -} dds_security_crypto_transform_impl; - -/** - * Function implementations - */ -static DDS_Security_boolean encode_serialized_payload( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_buffer, - DDS_Security_OctetSeq *extra_inline_qos, - const DDS_Security_OctetSeq *plain_buffer, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(extra_inline_qos); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_datawriter_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, - int32_t *receiving_datareader_crypto_list_index, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(receiving_datareader_crypto_list); - DDSRT_UNUSED_ARG(receiving_datareader_crypto_list_index); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_datareader_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(sending_datareader_crypto); - DDSRT_UNUSED_ARG(receiving_datawriter_crypto_list); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean encode_rtps_message( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, - int32_t *receiving_participant_crypto_list_index, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(encoded_rtps_message); - DDSRT_UNUSED_ARG(plain_rtps_message); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(receiving_participant_crypto_list); - DDSRT_UNUSED_ARG(receiving_participant_crypto_list_index); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_rtps_message( dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(receiving_participant_crypto); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean preprocess_secure_submsg( - dds_security_crypto_transform *instance, - DDS_Security_DatawriterCryptoHandle *datawriter_crypto, - DDS_Security_DatareaderCryptoHandle *datareader_crypto, - DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, - const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(datawriter_crypto); - DDSRT_UNUSED_ARG(datareader_crypto); - DDSRT_UNUSED_ARG(secure_submessage_category); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(receiving_participant_crypto); - DDSRT_UNUSED_ARG(sending_participant_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_datawriter_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_submessage, - const DDS_Security_OctetSeq *encoded_rtps_submessage, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_rtps_submessage); - DDSRT_UNUSED_ARG(encoded_rtps_submessage); - DDSRT_UNUSED_ARG(receiving_datareader_crypto); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_datareader_submessage( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_rtps_message, - const DDS_Security_OctetSeq *encoded_rtps_message, - const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, - const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_rtps_message); - DDSRT_UNUSED_ARG(encoded_rtps_message); - DDSRT_UNUSED_ARG(receiving_datawriter_crypto); - DDSRT_UNUSED_ARG(sending_datareader_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -static DDS_Security_boolean decode_serialized_payload( - dds_security_crypto_transform *instance, - DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, - const DDS_Security_OctetSeq *inline_qos, - const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, - const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, - DDS_Security_SecurityException *ex) -{ - DDSRT_UNUSED_ARG(instance); - DDSRT_UNUSED_ARG(plain_buffer); - DDSRT_UNUSED_ARG(encoded_buffer); - DDSRT_UNUSED_ARG(inline_qos); - DDSRT_UNUSED_ARG(receiving_datareader_crypto); - DDSRT_UNUSED_ARG(sending_datawriter_crypto); - DDSRT_UNUSED_ARG(ex); - - return true; -} - -dds_security_crypto_transform* dds_security_crypto_transform__alloc(void) -{ - dds_security_crypto_transform_impl *instance; - instance = (dds_security_crypto_transform_impl*) ddsrt_malloc( - sizeof(dds_security_crypto_transform_impl)); - - - - instance->base.encode_datawriter_submessage = &encode_datawriter_submessage; - - instance->base.encode_datareader_submessage = &encode_datareader_submessage; - - instance->base.encode_rtps_message = &encode_rtps_message; - - instance->base.decode_rtps_message = &decode_rtps_message; - - instance->base.preprocess_secure_submsg = &preprocess_secure_submsg; - - instance->base.decode_datawriter_submessage = &decode_datawriter_submessage; - - instance->base.decode_datareader_submessage = &decode_datareader_submessage; - - instance->base.decode_serialized_payload = &decode_serialized_payload; - - instance->base.encode_serialized_payload = &encode_serialized_payload; - - return (dds_security_crypto_transform*) instance; -} - -void dds_security_crypto_transform__dealloc( - dds_security_crypto_transform* instance) -{ - - ddsrt_free((dds_security_crypto_transform_impl*) instance); -} - - diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h deleted file mode 100644 index 2908eeb..0000000 --- a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ - -#ifndef SECURITY_CRYPTO_MISSING_H_ -#define SECURITY_CRYPTO_MISSING_H_ - -#include "dds/security/cryptography_missing_function_export.h" -#include "dds/security/dds_security_api.h" - -SECURITY_EXPORT int32_t -init_crypto(const char *argument, void **context); - -SECURITY_EXPORT int32_t -finalize_crypto(void *context); - - -#endif /* SECURITY_CRYPTO_MISSING_H_ */ diff --git a/src/security/core/tests/plugin_loading/security_config.c b/src/security/core/tests/plugin_loading/security_config.c deleted file mode 100644 index dbd0806..0000000 --- a/src/security/core/tests/plugin_loading/security_config.c +++ /dev/null @@ -1,724 +0,0 @@ -/* - * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Public License v. 2.0 which is available at - * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License - * v. 1.0 which is available at - * http://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause - */ -#include - -#include "dds/dds.h" -#include "CUnit/Test.h" -#include "config_env.h" - -#include "dds/version.h" -#include "dds/ddsrt/cdtors.h" -#include "dds/ddsrt/environ.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsi/q_misc.h" -#include "dds/ddsi/ddsi_xqos.h" -#include "plugin_mock_common.h" - -#include "dds/security/dds_security_api_defs.h" - -#define MOCKLIB_PATH(name) \ - CONFIG_PLUGIN_MOCK_DIR CONFIG_LIB_SEP CONFIG_LIB_PREFIX name CONFIG_LIB_SUFFIX -#define MOCKLIB_ELEM_AUTH(name) \ - "" -#define MOCKLIB_ELEM_CRYPTO(name) \ - "" -#define MOCKLIB_ELEM_ACCESS_CONTROL(name) \ - "" - -#define PROPLIST(auth, crypto, ac, pre_str, post_str, binprops) \ - "property_list={" pre_str \ - "0:\"dds.sec.auth.library.path\":\""auth"\"," \ - "0:\"dds.sec.auth.library.init\":\"init_authentication\"," \ - "0:\"dds.sec.auth.library.finalize\":\"finalize_authentication\"," \ - "0:\"dds.sec.crypto.library.path\":\""crypto"\"," \ - "0:\"dds.sec.crypto.library.init\":\"init_crypto\"," \ - "0:\"dds.sec.crypto.library.finalize\":\"finalize_crypto\"," \ - "0:\"dds.sec.access.library.path\":\""ac"\"," \ - "0:\"dds.sec.access.library.init\":\"init_access_control\"," \ - "0:\"dds.sec.access.library.finalize\":\"finalize_access_control\"," \ - "0:\"dds.sec.auth.identity_ca\":\"" TEST_CA_CERTIFICATE_ALL_OK "\"," \ - "0:\"dds.sec.auth.private_key\":\"" TEST_PRIVATE_KEY_ALL_OK "\"," \ - "0:\"dds.sec.auth.identity_certificate\":\"" TEST_IDENTITY_CERTIFICATE_ALL_OK "\"," \ - "0:\"dds.sec.access.permissions_ca\":\"file:Permissions_CA.pem\"," \ - "0:\"dds.sec.access.governance\":\"file:Governance.p7s\"," \ - "0:\"dds.sec.access.permissions\":\"file:Permissions.p7s\"" \ - post_str "}:{" binprops "}" -#define PARTICIPANT_QOS(auth, crypto, ac, pre_str, post_str, binprops) \ - "PARTICIPANT * QOS={*" PROPLIST (auth, crypto, ac, pre_str, post_str, binprops) "*" -#define PARTICIPANT_QOS_ALL_OK(pre_str, post_str, binprops) \ - PARTICIPANT_QOS (MOCKLIB_PATH ("dds_security_authentication_all_ok"), \ - MOCKLIB_PATH ("dds_security_cryptography_all_ok"), \ - MOCKLIB_PATH ("dds_security_access_control_all_ok"), \ - pre_str, post_str, binprops) - -#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" - -/* - * The 'found' variable will contain flags related to the expected log - * messages that were received. - * Using flags will allow to show that when message isn't received, - * which one it was. - */ -static uint32_t found; - -static void logger(void *ptr, const dds_log_data_t *data) -{ - char **expected = (char**)ptr; - fputs (data->message, stdout); - for (uint32_t i = 0; expected[i] != NULL; i++) { - if (ddsi2_patmatch(expected[i], data->message)) { - found |= (uint32_t)(1 << i); - } - } -} - - -CU_Test(ddsc_security_config, empty, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with an empty security element. We need to - test this one here to be sure that it refuses to start when security is configured - but the implementation doesn't include support for it. */ - const char *log_expected[] = { - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", - NULL - }; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, ""); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant < 0); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x7); -} - -CU_Test(ddsc_security_config, non, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* There shouldn't be traces that mention security. */ - const char *log_expected[] = { - "*Security*", - NULL - }; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant > 0); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* No security traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x0); -} - -CU_Test(ddsc_security_config, missing, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", - NULL - }; - - /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ - const char *sec_config = - "finest" - "" - " " - " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") - " " - " " - " testtext_Password_testtext" - " " - " " - " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") - " " - " " - " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - ""; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant < 0); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x7); -} - -CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), - NULL - }; - const char *sec_config = - "<"DDS_PROJECT_NAME">" - " " - " finest" - " " - " " - " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " testtext_Password_testtext" - " testtext_Dir_testtext" - " " - " " - " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") - " " - " " - " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - " " - " " - ""; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1fffff); -} - -CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/Password/#text: {}*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"\",0:\"dds.sec.auth.trusted_ca_dir\":\"\"", ""), - NULL - }; - - const char *sec_config = - "finest" - "" - " " - " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " " - " " - " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") - " " - " " - " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - ""; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1fffff); -} - -CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - "config: Domain/DDSSecurity/Authentication/Library/#text: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "MOCKLIB_PATH("dds_security_cryptography_all_ok")"*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), - NULL - }; - - const char *sec_config = - "<"DDS_PROJECT_NAME">" - " " - " " - " " - " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " testtext_Password_testtext" - " testtext_Dir_testtext" - " " - " " - " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") - " " - " " - " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - " " - " finest" - " " - ""; - - dds_entity_t participant; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1fffff); -} - -CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - /* The config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"file:/test/dir\"", ""), - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos -- the properties are dumped in the order in which they are set, so for - PARTICIPANT_QOS_ALL_OK to work, the order must match that one */ - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); - dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); - dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); - dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); - dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); - dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); - dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); - dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); - dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1); -} - -CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - /* The config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"file:/test/dir\",0:\"test.prop1\":\"testtext_value1_testtext\",0:\"test.prop2\":\"testtext_value2_testtext\"", - "0:\"test.bprop1\":3<1,2,3>"), - NULL - }; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos -- the properties are dumped in the order in which they are set, so for - PARTICIPANT_QOS_ALL_OK to work, the order must match that one */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - - dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); - dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); - dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); - dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); - dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); - dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); - dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); - dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); - dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - - dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_bprop(qos, "test.bprop1", bvalue, 3); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - CU_ASSERT_FATAL(participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1); -} - -CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expect qos settings used when creating participant with config security elements and qos. */ - const char *log_expected[] = { - /* The security settings from qos properties should have been parsed into the participant QoS. */ - "new_participant(*): using security settings from QoS*", - PARTICIPANT_QOS_ALL_OK ("", "", ""), - NULL - }; - - const char *sec_config = - "finest" - "" - " " - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " " - " " - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Create the qos -- the properties are dumped in the order in which they are set, so for - PARTICIPANT_QOS_ALL_OK to work, the order must match that one */ - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")""); - dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); - dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); - dds_qset_prop(qos, "dds.sec.crypto.library.path", ""MOCKLIB_PATH("dds_security_cryptography_all_ok")""); - dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); - dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); - dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")""); - dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); - dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK); - dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK); - dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - CU_ASSERT_FATAL (participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x3); -} - -CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expect config used when creating participant with config security elements and - * qos containing only non-security properties. */ - const char *log_expected[] = { - /* The security settings from config should have been parsed into the participant QoS. */ - PARTICIPANT_QOS_ALL_OK ("0:\"test.dds.sec.prop1\":\"testtext_value1_testtext\",", ",0:\"dds.sec.auth.password\":\"testtext_Password_testtext\",0:\"dds.sec.auth.trusted_ca_dir\":\"testtext_Dir_testtext\"", ""), - NULL - }; - - const char *sec_config = - "finest" - "" - " " - " "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok") - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " testtext_Password_testtext" - " testtext_Dir_testtext" - " " - " " - " "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok") - " " - " " - " "MOCKLIB_ELEM_ACCESS_CONTROL("dds_security_access_control_all_ok") - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext"); - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - CU_ASSERT_FATAL (participant > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); - dds_delete_qos(qos); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x1); -} - -CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini) -{ - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { - /* The config should have been parsed into the participant QoS. */ - "new_participant(*): using security settings from QoS*", - "new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.governance missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*", - "new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*", - NULL - }; - - const char *sec_config = - "finest" - "" - " " - " "TEST_IDENTITY_CERTIFICATE_ALL_OK"" - " "TEST_CA_CERTIFICATE_ALL_OK"" - " "TEST_PRIVATE_KEY_ALL_OK"" - " " - " " - " file:Governance.p7s" - " file:Permissions_CA.pem" - " file:Permissions.p7s" - " " - ""; - - dds_entity_t participant; - dds_qos_t * qos; - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create the qos */ - CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); - dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext"); - - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_delete_qos(qos); - CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); - ddsrt_setenv(URI_VARIABLE, ""); - - /* All traces should have been provided. */ - CU_ASSERT_FATAL(found == 0xffff); - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); -} diff --git a/src/security/core/tests/secure_communication.c b/src/security/core/tests/secure_communication.c new file mode 100644 index 0000000..c8ac8df --- /dev/null +++ b/src/security/core/tests/secure_communication.c @@ -0,0 +1,481 @@ +/* + * Copyright(c) 2006 to 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" +#include "CUnit/Theory.h" + +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/threads.h" +#include "dds/ddsrt/process.h" +#include "dds/ddsi/q_config.h" +#include "dds/ddsi/ddsi_domaingv.h" +#include "dds/ddsi/q_misc.h" +#include "dds/ddsi/ddsi_xqos.h" +#include "dds/ddsi/q_entity.h" +#include "dds/ddsi/ddsi_entity_index.h" +#include "dds/ddsi/ddsi_security_omg.h" +#include "dds__entity.h" +#include "dds/security/dds_security_api.h" + +#include "common/config_env.h" +#include "common/test_identity.h" +#include "common/security_config_test_utils.h" +#include "common/cryptography_wrapper.h" + +#include "SecurityCoreTests.h" + +#define PK_N DDS_SECURITY_PROTECTION_KIND_NONE +#define PK_S DDS_SECURITY_PROTECTION_KIND_SIGN +#define PK_SOA DDS_SECURITY_PROTECTION_KIND_SIGN_WITH_ORIGIN_AUTHENTICATION +#define PK_E DDS_SECURITY_PROTECTION_KIND_ENCRYPT +#define PK_EOA DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION +#define BPK_N DDS_SECURITY_BASICPROTECTION_KIND_NONE +#define BPK_S DDS_SECURITY_BASICPROTECTION_KIND_SIGN +#define BPK_E DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT + +static const char *config = + "${CYCLONEDDS_URI}${CYCLONEDDS_URI:+,}" + "0" + "" + " " + " " + " " + " "TEST_IDENTITY_CERTIFICATE"" + " "TEST_IDENTITY_PRIVATE_KEY"" + " "TEST_IDENTITY_CA_CERTIFICATE"" + " " + " ." + " " + " " + " " + " " + " file:" COMMON_ETC_PATH("default_permissions_ca.pem") "" + " file:" COMMON_ETC_PATH("default_permissions.p7s") "" + " " + " " + " " + " " + " " + ""; + +#define DDS_DOMAINID_PUB 0 +#define DDS_DOMAINID_SUB 10 + +#define MAX_DOMAINS 10 +#define MAX_PARTICIPANTS 10 + +const char * g_pk_none = "NONE"; +const char * g_pk_sign = "SIGN"; +const char * g_pk_encrypt = "ENCRYPT"; +const char * g_pk_sign_oa = "SIGN_WITH_ORIGIN_AUTHENTICATION"; +const char * g_pk_encrypt_oa = "ENCRYPT_WITH_ORIGIN_AUTHENTICATION"; + +uint32_t g_topic_nr = 0; + +static dds_entity_t g_pub_domains[MAX_DOMAINS]; +static dds_entity_t g_pub_participants[MAX_DOMAINS * MAX_PARTICIPANTS]; +static dds_entity_t g_pub_publishers[MAX_DOMAINS * MAX_PARTICIPANTS]; + +static dds_entity_t g_sub_domains[MAX_DOMAINS]; +static dds_entity_t g_sub_participants[MAX_DOMAINS * MAX_PARTICIPANTS]; +static dds_entity_t g_sub_subscribers[MAX_DOMAINS * MAX_PARTICIPANTS]; + +struct domain_sec_config { + DDS_Security_ProtectionKind discovery_pk; + DDS_Security_ProtectionKind liveliness_pk; + DDS_Security_ProtectionKind rtps_pk; + DDS_Security_ProtectionKind metadata_pk; + DDS_Security_BasicProtectionKind payload_pk; +}; + + +static struct dds_security_cryptography_impl * get_crypto_context(dds_entity_t participant) +{ + struct dds_entity *pp_entity = NULL; + struct participant *pp; + struct dds_security_cryptography_impl *context; + dds_return_t ret; + + ret = dds_entity_lock (participant, DDS_KIND_PARTICIPANT, &pp_entity); + CU_ASSERT_EQUAL_FATAL (ret, 0); + thread_state_awake (lookup_thread_state(), &pp_entity->m_domain->gv); + pp = entidx_lookup_participant_guid (pp_entity->m_domain->gv.entity_index, &pp_entity->m_guid); + CU_ASSERT_FATAL (pp != NULL); + context = (struct dds_security_cryptography_impl *) q_omg_participant_get_cryptography (pp); + thread_state_asleep (lookup_thread_state ()); + dds_entity_unlock (pp_entity); + return context; +} + +static const char * pk_to_str(DDS_Security_ProtectionKind pk) +{ + switch (pk) + { + case DDS_SECURITY_PROTECTION_KIND_NONE: return g_pk_none; + case DDS_SECURITY_PROTECTION_KIND_SIGN: return g_pk_sign; + case DDS_SECURITY_PROTECTION_KIND_ENCRYPT: return g_pk_encrypt; + case DDS_SECURITY_PROTECTION_KIND_SIGN_WITH_ORIGIN_AUTHENTICATION: return g_pk_sign_oa; + case DDS_SECURITY_PROTECTION_KIND_ENCRYPT_WITH_ORIGIN_AUTHENTICATION: return g_pk_encrypt_oa; + } + assert (false); + return NULL; +} + +static const char * bpk_to_str(DDS_Security_BasicProtectionKind bpk) +{ + switch (bpk) + { + case DDS_SECURITY_BASICPROTECTION_KIND_NONE: return g_pk_none; + case DDS_SECURITY_BASICPROTECTION_KIND_SIGN: return g_pk_sign; + case DDS_SECURITY_BASICPROTECTION_KIND_ENCRYPT: return g_pk_encrypt; + } + assert (false); + return NULL; +} + +static void print_config_vars(struct kvp *vars) +{ + for (uint32_t i = 0; vars[i].key != NULL; i++) + printf("%s=%s; ", vars[i].key, vars[i].value); +} + +static char *create_topic_name(const char *prefix, uint32_t nr, char *name, size_t size) +{ + ddsrt_pid_t pid = ddsrt_getpid (); + ddsrt_tid_t tid = ddsrt_gettid (); + (void)snprintf(name, size, "%s%d_pid%" PRIdPID "_tid%" PRIdTID "", prefix, nr, pid, tid); + return name; +} + +static dds_entity_t create_pp (dds_domainid_t domain_id, const struct domain_sec_config * domain_config) +{ + dds_entity_t pp = dds_create_participant (domain_id, NULL, NULL); + CU_ASSERT_FATAL (pp > 0); + struct dds_security_cryptography_impl * crypto_context = get_crypto_context (pp); + CU_ASSERT_FATAL (crypto_context != NULL); + set_protection_kinds (crypto_context, domain_config->rtps_pk, domain_config->metadata_pk, domain_config->payload_pk); + return pp; +} + +typedef dds_entity_t (*pubsub_create_fn)(dds_entity_t, const dds_qos_t *qos, const dds_listener_t *listener); + +static void create_dom_pp_pubsub(dds_domainid_t domain_id_base, const char * domain_conf, const struct domain_sec_config * domain_sec_config, + size_t n_dom, size_t n_pp, dds_entity_t * doms, dds_entity_t * pps, dds_entity_t * pubsubs, pubsub_create_fn pubsub_create) +{ + for (size_t d = 0; d < n_dom; d++) + { + doms[d] = dds_create_domain (domain_id_base + (uint32_t)d, domain_conf); + CU_ASSERT_FATAL (doms[d] > 0); + for (size_t p = 0; p < n_pp; p++) + { + size_t pp_index = d * n_pp + p; + pps[pp_index] = create_pp (domain_id_base + (uint32_t)d, domain_sec_config); + pubsubs[pp_index] = pubsub_create (pps[pp_index], NULL, NULL); + CU_ASSERT_FATAL (pubsubs[pp_index] > 0); + } + } +} + +static void test_init(const struct domain_sec_config * domain_config, size_t n_sub_domains, size_t n_sub_participants, size_t n_pub_domains, size_t n_pub_participants) +{ + assert (n_sub_domains < MAX_DOMAINS); + assert (n_sub_participants < MAX_PARTICIPANTS); + assert (n_pub_domains < MAX_DOMAINS); + assert (n_pub_participants < MAX_PARTICIPANTS); + + struct kvp governance_vars[] = { + { "DISCOVERY_PROTECTION_KIND", pk_to_str (domain_config->discovery_pk) }, + { "LIVELINESS_PROTECTION_KIND", pk_to_str (domain_config->liveliness_pk) }, + { "RTPS_PROTECTION_KIND", pk_to_str (domain_config->rtps_pk) }, + { "METADATA_PROTECTION_KIND", pk_to_str (domain_config->metadata_pk) }, + { "DATA_PROTECTION_KIND", bpk_to_str (domain_config->payload_pk) }, + { NULL, NULL } + }; + + printf("Governance configuration: "); + print_config_vars(governance_vars); + printf("\n"); + + char * gov_config_signed = get_governance_config (governance_vars); + + struct kvp config_vars[] = { + { "GOVERNANCE_DATA", gov_config_signed }, + { "CRYPTO_INIT", "init_test_cryptography_wrapped" }, + { "CRYPTO_FINI", "finalize_test_cryptography_wrapped" }, + { NULL, NULL } + }; + + char *conf_pub = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars); + create_dom_pp_pubsub (DDS_DOMAINID_PUB, conf_pub, domain_config, n_pub_domains, n_pub_participants, + g_pub_domains, g_pub_participants, g_pub_publishers, &dds_create_publisher); + dds_free (conf_pub); + + char *conf_sub = ddsrt_expand_vars (config, &expand_lookup_vars_env, config_vars); + create_dom_pp_pubsub (DDS_DOMAINID_SUB, conf_sub, domain_config, n_sub_domains, n_sub_participants, + g_sub_domains, g_sub_participants, g_sub_subscribers, &dds_create_subscriber); + dds_free (conf_sub); + + dds_free (gov_config_signed); +} + +static void test_fini(size_t n_sub_domain, size_t n_pub_domain) +{ + dds_return_t ret; + for (size_t d = 0; d < n_pub_domain; d++) + { + ret = dds_delete (g_pub_domains[d]); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + } + for (size_t d = 0; d < n_sub_domain; d++) + { + ret = dds_delete (g_sub_domains[d]); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + } + printf("Test finished\n"); +} + +static void sync_writer_to_readers(dds_entity_t pub_participant, dds_entity_t writer, size_t n_exp_rd) +{ + size_t found = 0; + dds_attach_t triggered; + dds_return_t ret; + dds_entity_t waitset_wr = dds_create_waitset (pub_participant); + CU_ASSERT_FATAL (waitset_wr > 0); + + /* Sync writer to reader. */ + ret = dds_waitset_attach (waitset_wr, writer, writer); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + while (true) + { + ret = dds_waitset_wait (waitset_wr, &triggered, 1, DDS_SECS(5)); + CU_ASSERT_FATAL(ret >= 1); + CU_ASSERT_EQUAL_FATAL (writer, (dds_entity_t)(intptr_t) triggered); + if ((found += (size_t)ret) >= n_exp_rd) + break; + }; + dds_delete (waitset_wr); +} + +static void reader_wait_for_data(dds_entity_t sub_participant, dds_entity_t reader) +{ + dds_attach_t triggered; + dds_return_t ret; + dds_entity_t waitset_rd = dds_create_waitset (sub_participant); + CU_ASSERT_FATAL (waitset_rd > 0); + + ret = dds_waitset_attach (waitset_rd, reader, reader); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + ret = dds_waitset_wait (waitset_rd, &triggered, 1, DDS_SECS(5)); + CU_ASSERT_EQUAL_FATAL (ret, 1); + CU_ASSERT_EQUAL_FATAL (reader, (dds_entity_t)(intptr_t)triggered); + dds_delete (waitset_rd); +} + +typedef dds_entity_t (*ep_create_fn)(dds_entity_t, dds_entity_t, const dds_qos_t *qos, const dds_listener_t *listener); + +static void create_eps (dds_entity_t **endpoints, dds_entity_t **topics, size_t n_dom, size_t n_pp, size_t n_eps, const char * topic_name, const dds_entity_t * pps, const dds_qos_t * qos, ep_create_fn ep_create, unsigned status_mask) +{ + *topics = ddsrt_malloc (n_dom * n_pp * sizeof (dds_entity_t)); + *endpoints = ddsrt_malloc (n_dom * n_pp * n_eps * sizeof (dds_entity_t)); + for (size_t d = 0; d < n_dom; d++) + { + for (size_t p = 0; p < n_pp; p++) + { + size_t pp_index = d * n_pp + p; + (*topics)[pp_index] = dds_create_topic (pps[pp_index], &SecurityCoreTests_Type1_desc, topic_name, NULL, NULL); + CU_ASSERT_FATAL ((*topics)[pp_index] > 0); + for (size_t e = 0; e < n_eps; e++) + { + size_t ep_index = pp_index * n_eps + e; + (*endpoints)[ep_index] = ep_create (pps[pp_index], (*topics)[pp_index], qos, NULL); + CU_ASSERT_FATAL ((*endpoints)[ep_index] > 0); + dds_return_t ret = dds_set_status_mask ((*endpoints)[ep_index], status_mask); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + } + } + } +} + +static void test_write_read(struct domain_sec_config *domain_config, + size_t n_sub_domains, size_t n_sub_participants, size_t n_readers, + size_t n_pub_domains, size_t n_pub_participants, size_t n_writers) +{ + dds_entity_t *writers, *readers, *writer_topics, *reader_topics; + dds_qos_t *qos; + SecurityCoreTests_Type1 sample = { 0, 1 }; + SecurityCoreTests_Type1 rd_sample; + void * samples[] = { &rd_sample }; + dds_sample_info_t info[1]; + dds_return_t ret; + char name[100]; + + printf("Testing: %"PRIuSIZE" subscriber domains, %"PRIuSIZE" pp per domain, %"PRIuSIZE" rd per pp; %"PRIuSIZE" publishing domains, %"PRIuSIZE" pp per domain, %"PRIuSIZE" wr per pp\n", + n_sub_domains, n_sub_participants, n_readers, n_pub_domains, n_pub_participants, n_writers); + test_init(domain_config, n_sub_domains, n_sub_participants, n_pub_domains, n_pub_participants); + + create_topic_name("ddssec_secure_communication_", g_topic_nr++, name, sizeof name); + + qos = dds_create_qos (); + CU_ASSERT_FATAL (qos != NULL); + dds_qset_history (qos, DDS_HISTORY_KEEP_ALL, -1); + dds_qset_durability (qos, DDS_DURABILITY_TRANSIENT_LOCAL); + dds_qset_reliability (qos, DDS_RELIABILITY_RELIABLE, DDS_INFINITY); + + create_eps (&writers, &writer_topics, n_pub_domains, n_pub_participants, n_writers, name, g_pub_participants, qos, &dds_create_writer, DDS_PUBLICATION_MATCHED_STATUS); + create_eps (&readers, &reader_topics, n_sub_domains, n_sub_participants, n_readers, name, g_sub_participants, qos, &dds_create_reader, DDS_DATA_AVAILABLE_STATUS); + + for (size_t d = 0; d < n_pub_domains; d++) + { + for (size_t p = 0; p < n_pub_participants; p++) + { + size_t pp_index = d * n_pub_participants + p; + for (size_t w = 0; w < n_writers; w++) + { + size_t wr_index = pp_index * n_writers + w; + sync_writer_to_readers (g_pub_participants[pp_index], writers[wr_index], n_sub_domains * n_sub_participants * n_readers); + sample.id = (int32_t) wr_index; + printf("writer %"PRId32" writing sample %d\n", writers[wr_index], sample.id); + ret = dds_write (writers[wr_index], &sample); + CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); + } + } + } + + for (size_t d = 0; d < n_sub_domains; d++) + { + for (size_t p = 0; p < n_sub_participants; p++) + { + size_t pp_index = d * n_sub_participants + p; + for (size_t r = 0; r < n_readers; r++) + { + size_t rd_index = pp_index * n_readers + r; + size_t n_samples = n_pub_domains * n_pub_participants * n_writers; + while (n_samples > 0) + { + ret = dds_take (readers[rd_index], samples, info, 1, 1); + if (ret == 0) + { + reader_wait_for_data (g_sub_participants[pp_index], readers[rd_index]); + continue; + } + printf("reader %"PRId32" received sample %d\n", readers[rd_index], rd_sample.id); + CU_ASSERT_EQUAL_FATAL (ret, 1); + CU_ASSERT_EQUAL_FATAL (rd_sample.value, 1); + n_samples--; + } + } + } + } + + /* Cleanup */ + dds_delete_qos (qos); + test_fini (n_sub_domains, n_pub_domains); + ddsrt_free (readers); + ddsrt_free (writers); + ddsrt_free (reader_topics); + ddsrt_free (writer_topics); +} + +static void test_discovery_liveliness_protection(DDS_Security_ProtectionKind discovery_pk, DDS_Security_ProtectionKind liveliness_pk) +{ + struct domain_sec_config domain_config = { discovery_pk, liveliness_pk, PK_N, PK_N, BPK_N }; + /* FIXME: add more asserts in wrapper or test instead of just testing communication */ + test_write_read (&domain_config, 1, 1, 1, 1, 1, 1); +} + +static void test_data_protection_kind(DDS_Security_ProtectionKind rtps_pk, DDS_Security_ProtectionKind metadata_pk, DDS_Security_BasicProtectionKind payload_pk) +{ + struct domain_sec_config domain_config = { PK_N, PK_N, rtps_pk, metadata_pk, payload_pk }; + test_write_read (&domain_config, 1, 1, 1, 1, 1, 1); +} + +static void test_multiple_readers(size_t n_dom, size_t n_pp, size_t n_rd, DDS_Security_ProtectionKind metadata_pk, DDS_Security_BasicProtectionKind payload_pk) +{ + struct domain_sec_config domain_config = { PK_N, PK_N, PK_N, metadata_pk, payload_pk }; + test_write_read (&domain_config, n_dom, n_pp, n_rd, 1, 1, 1); +} + +static void test_multiple_writers(size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr, DDS_Security_ProtectionKind metadata_pk) +{ + struct domain_sec_config domain_config = { PK_N, PK_N, PK_N, metadata_pk, BPK_N }; + test_write_read (&domain_config, n_rd_dom, 1, n_rd, n_wr_dom, 1, n_wr); +} + +CU_Test(ddssec_secure_communication, protection_kinds, .timeout = 120) +{ + DDS_Security_ProtectionKind rtps_pk[] = { PK_N, PK_S, PK_E }; + DDS_Security_ProtectionKind metadata_pk[] = { PK_N, PK_S, PK_E }; + DDS_Security_BasicProtectionKind payload_pk[] = { BPK_N, BPK_S, BPK_E }; + for (size_t rtps = 0; rtps < sizeof (rtps_pk) / sizeof (rtps_pk[0]); rtps++) + { + for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++) + { + for (size_t payload = 0; payload < sizeof (payload_pk) / sizeof (payload_pk[0]); payload++) + { + test_data_protection_kind (rtps_pk[rtps], metadata_pk[metadata], payload_pk[payload]); + } + } + } +} + +CU_Test(ddssec_secure_communication, discovery_liveliness_protection, .timeout = 60) +{ + DDS_Security_ProtectionKind discovery_pk[] = { PK_N, PK_S, PK_E }; + DDS_Security_ProtectionKind liveliness_pk[] = { PK_N, PK_S, PK_E }; + for (size_t disc = 0; disc < sizeof (discovery_pk) / sizeof (discovery_pk[0]); disc++) + { + for (size_t liveliness = 0; liveliness < sizeof (liveliness_pk) / sizeof (liveliness_pk[0]); liveliness++) + { + test_discovery_liveliness_protection (discovery_pk[disc], liveliness_pk[liveliness]); + } + } +} + +CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers) = { + CU_DataPoints(size_t, 1, 1, 1, 3), /* number of domains */ + CU_DataPoints(size_t, 1, 3, 1, 3), /* number of participants per domain */ + CU_DataPoints(size_t, 3, 1, 3, 3), /* number of readers per participant */ +}; +CU_Theory((size_t n_dom, size_t n_pp, size_t n_rd), ddssec_secure_communication, multiple_readers, .timeout = 60) +{ + DDS_Security_ProtectionKind metadata_pk[] = { PK_N, PK_SOA, PK_EOA }; + DDS_Security_BasicProtectionKind payload_pk[] = { BPK_N, BPK_S, BPK_E }; + for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++) + { + for (size_t payload = 0; payload < sizeof (payload_pk) / sizeof (payload_pk[0]); payload++) + { + test_multiple_readers (n_dom, n_pp, n_rd, metadata_pk[metadata], payload_pk[payload]); + } + } +} + +CU_TheoryDataPoints(ddssec_secure_communication, multiple_readers_writers) = { + CU_DataPoints(size_t, 1, 1, 2), /* number of reader domains */ + CU_DataPoints(size_t, 1, 3, 3), /* number of readers per domain */ + CU_DataPoints(size_t, 1, 1, 2), /* number of writer domains */ + CU_DataPoints(size_t, 1, 3, 3), /* number of writers per domain */ +}; +CU_Theory((size_t n_rd_dom, size_t n_rd, size_t n_wr_dom, size_t n_wr), ddssec_secure_communication, multiple_readers_writers, .timeout = 60) +{ + DDS_Security_ProtectionKind metadata_pk[] = { PK_SOA, PK_EOA }; + for (size_t metadata = 0; metadata < sizeof (metadata_pk) / sizeof (metadata_pk[0]); metadata++) + { + test_multiple_writers (n_rd_dom, n_rd, n_wr_dom, n_wr, metadata_pk[metadata]); + } +}