niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security authentication handshake and encoding and decoding

Browse source 
Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>
This commit is contained in:
Marcel Jordense 2019-11-22 17:50:35 +01:00 committed by eboasson
parent 1c77aad39c
commit 4960fbf94c
48 changed files with 7473 additions and 1539 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/security/core/CMakeLists.txt
View file

@ -53,7 +53,8 @@ target_include_directories(security_core
if(BUILD_TESTING)
add_subdirectory(tests)
add_subdirectory(tests/plugin_loading)
# Temporarily disabled because needs refractoring w.r.t. security implementation
# add_subdirectory(tests/plugin_loading)
endif()
install(

4
src/security/core/include/dds/security/core/dds_security_utils.h
View file

@ -26,8 +26,8 @@ typedef DDS_Security_long_long DDS_Security_Handle;
typedef DDS_Security_LongLongSeq DDS_Security_HandleSeq;
#define DDS_SECURITY_SEQUENCE_INIT {0, 0, NULL}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_TOKEN_INIT {NULL, DDS_SECURITY_SEQUENCE_INIT, DDS_SECURITY_SEQUENCE_INIT}
#define DDS_SECURITY_EXCEPTION_INIT {NULL, 0, 0}
typedef enum {
DDS_SECURITY_CONFIG_ITEM_PREFIX_UNKNOWN,

227
src/security/core/src/dds_security_fsm.c
View file

@ -49,7 +49,8 @@ struct dds_security_fsm
{
struct dds_security_fsm *next_fsm;
struct dds_security_fsm *prev_fsm;
bool active;
bool busy;
bool deleting;
struct dds_security_fsm_control *control;
const dds_security_fsm_transition *transitions;
uint32_t size;
@ -69,8 +70,10 @@ struct dds_security_fsm_control
struct ddsi_domaingv *gv;
struct dds_security_fsm *first_fsm;
struct dds_security_fsm *last_fsm;
struct fsm_event *event_queue;
struct fsm_event *first_event;
struct fsm_event *last_event;
ddsrt_fibheap_t timers;
ddsrt_thread_t tid;
bool running;
};
@ -86,6 +89,68 @@ static int compare_timer_event (const void *va, const void *vb)
return (a->endtime == b->endtime) ? 0 : (a->endtime < b->endtime) ? -1 : 1;
}
static void append_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->next = NULL;
event->prev = control->last_event;
if (control->last_event)
control->last_event->next = event;
else
control->first_event = event;
control->last_event = event;
}
static void insert_event(struct dds_security_fsm_control *control, struct fsm_event *event)
{
event->prev = NULL;
event->next = control->first_event;
if (control->first_event)
control->first_event->prev = event;
else
control->last_event = event;
control->first_event = event;
}
static struct fsm_event *get_event(struct dds_security_fsm_control *control)
{
struct fsm_event *event = control->first_event;
if (event)
{
control->first_event = event->next;
if (event->next)
event->next->prev = NULL;
else
control->last_event = NULL;
event->next = NULL;
event->prev = NULL;
}
return event;
}
static void remove_events(struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
struct fsm_event *event = control->first_event;
while (event)
{
struct fsm_event *next = event->next;
if (event->fsm == fsm)
{
if (event->prev)
event->prev->next = event->next;
else
control->first_event = event->next;
if (event->next)
event->next->prev = event->prev;
else
control->last_event = event->prev;
ddsrt_free(event);
}
event = next;
}
}
static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
{
struct dds_security_fsm_control *control = fsm->control;
@ -103,26 +168,10 @@ static void fsm_dispatch (struct dds_security_fsm *fsm, int event_id, bool lifo)
event->next = NULL;
event->prev = NULL;
if (lifo) {
/* Insert event at the top of the event list */
if (control->event_queue) {
control->event_queue->prev = event;
}
event->next = control->event_queue;
control->event_queue = event;
} else {
/* Insert FIFO event */
if (control->event_queue) {
struct fsm_event *last = control->event_queue;
while (last->next != NULL ) {
last = last->next;
}
last->next = event;
event->prev = last;
} else {
control->event_queue = event;
}
}
if (lifo)
insert_event(control, event);
else
append_event(control, event);
}
static void set_state_timer (struct dds_security_fsm *fsm)
@ -142,16 +191,18 @@ static void clear_state_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->state_timeout_event.endtime != DDS_NEVER)
if (fsm->state_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->state_timeout_event);
fsm->state_timeout_event.endtime = DDS_NEVER;
}
static void clear_overall_timer (struct dds_security_fsm *fsm)
{
struct dds_security_fsm_control *control = fsm->control;
if (fsm->current && fsm->overall_timeout_event.endtime != DDS_NEVER)
if (fsm->overall_timeout_event.endtime != DDS_NEVER)
ddsrt_fibheap_delete (&timer_events_fhdef, &control->timers, &fsm->overall_timeout_event);
fsm->overall_timeout_event.endtime = DDS_NEVER;
}
static dds_time_t first_timeout (struct dds_security_fsm_control *control)
@ -185,57 +236,57 @@ static void fsm_state_change (struct thread_state1 *ts1, struct dds_security_fsm
int event_id = event->event_id;
uint32_t i;
if (fsm->active)
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
{
if (fsm->debug_func)
fsm->debug_func (fsm, DDS_SECURITY_FSM_DEBUG_ACT_HANDLING, fsm->current, event_id, fsm->arg);
for (i = 0; i < fsm->size; i++)
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
if ((fsm->transitions[i].begin == fsm->current) && (fsm->transitions[i].event_id == event_id))
{
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
clear_state_timer (fsm);
fsm->current = fsm->transitions[i].end;
set_state_timer (fsm);
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
ddsrt_mutex_unlock (&control->lock);
thread_state_asleep (ts1);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
if (fsm->transitions[i].func)
fsm->transitions[i].func (fsm, fsm->arg);
if (fsm->current && fsm->current->func)
fsm->current->func (fsm, fsm->arg);
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
thread_state_asleep (ts1);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (!fsm->deleting)
fsm_check_auto_state_change (fsm);
break;
}
else
ddsrt_cond_broadcast(&control->cond);
break;
}
}
else if (event_id == DDS_SECURITY_FSM_EVENT_DELETE)
fsm_delete (control, fsm);
}
static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct fsm_timer_event *timer_event)
{
struct dds_security_fsm *fsm = timer_event->fsm;
if (fsm->active)
switch (timer_event->kind)
{
switch (timer_event->kind)
{
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
break;
}
case FSM_TIMEOUT_STATE:
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_TIMEOUT, true);
break;
case FSM_TIMEOUT_OVERALL:
fsm->busy = true;
ddsrt_mutex_unlock (&control->lock);
if (fsm->overall_timeout_action)
fsm->overall_timeout_action (fsm, fsm->arg);
ddsrt_mutex_lock (&control->lock);
fsm->busy = false;
if (fsm->deleting)
ddsrt_cond_broadcast(&control->cond);
break;
}
/* mark timer event as being processed */
@ -245,17 +296,16 @@ static void fsm_handle_timeout (struct dds_security_fsm_control *control, struct
static uint32_t handle_events (struct dds_security_fsm_control *control)
{
struct thread_state1 * const ts1 = lookup_thread_state ();
struct fsm_event *event;
control->tid = ddsrt_thread_self();
thread_state_awake (ts1, control->gv);
ddsrt_mutex_lock (&control->lock);
while (control->running)
{
if (control->event_queue)
if ((event = get_event(control)) != NULL)
{
struct fsm_event *event = control->event_queue;
control->event_queue = event->next;
if (control->event_queue)
control->event_queue->prev = NULL;
fsm_state_change (ts1, control, event);
ddsrt_free (event);
}
@ -288,7 +338,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
assert(timeout > 0);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
if (timeout != DDS_NEVER)
{
@ -297,7 +347,7 @@ void dds_security_fsm_set_timeout (struct dds_security_fsm *fsm, dds_security_fs
fsm->overall_timeout_event.endtime = ddsrt_time_add_duration(dds_time(), timeout);
ddsrt_fibheap_insert (&timer_events_fhdef, &fsm->control->timers, &fsm->overall_timeout_event);
if (fsm->overall_timeout_event.endtime < first_timeout(fsm->control))
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
else
clear_overall_timer (fsm);
@ -311,10 +361,10 @@ void dds_security_fsm_dispatch (struct dds_security_fsm *fsm, int32_t event_id,
assert(fsm->control);
ddsrt_mutex_lock (&fsm->control->lock);
if (fsm->active)
if (!fsm->deleting)
{
fsm_dispatch (fsm, event_id, prio);
ddsrt_cond_signal (&fsm->control->cond);
ddsrt_cond_broadcast (&fsm->control->cond);
}
ddsrt_mutex_unlock (&fsm->control->lock);
}
@ -324,7 +374,6 @@ const dds_security_fsm_state * dds_security_fsm_current_state (struct dds_securi
const dds_security_fsm_state *state;
assert(fsm);
assert(fsm->active);
ddsrt_mutex_lock (&fsm->control->lock);
state = fsm->current;
@ -407,7 +456,8 @@ struct dds_security_fsm * dds_security_fsm_create (struct dds_security_fsm_contr
fsm->overall_timeout_event.kind = FSM_TIMEOUT_OVERALL;
fsm->overall_timeout_event.endtime = DDS_NEVER;
fsm->overall_timeout_event.fsm = fsm;
fsm->active = true;
fsm->busy = false;
fsm->deleting = false;
fsm->next_fsm = NULL;
fsm->prev_fsm = NULL;
fsm->control = control;
@ -425,16 +475,17 @@ dds_security_fsm_start (struct dds_security_fsm *fsm)
dds_security_fsm_dispatch(fsm, DDS_SECURITY_FSM_EVENT_AUTO, false);
}
static void fsm_deactivate (struct dds_security_fsm *fsm, bool gen_del_event)
static void fsm_deactivate (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
if (fsm->active)
fsm->deleting = true;
remove_events(control, fsm);
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (!ddsrt_thread_equal(control->tid, ddsrt_thread_self()))
{
fsm->active = false;
clear_state_timer (fsm);
clear_overall_timer (fsm);
fsm->current = NULL;
if (gen_del_event)
fsm_dispatch (fsm, DDS_SECURITY_FSM_EVENT_DELETE, false);
while (fsm->busy)
ddsrt_cond_wait(&control->cond, &control->lock);
}
}
@ -447,14 +498,14 @@ void dds_security_fsm_free (struct dds_security_fsm *fsm)
control = fsm->control;
ddsrt_mutex_lock (&control->lock);
fsm_deactivate (fsm, true);
fsm_deactivate (control, fsm);
ddsrt_mutex_unlock (&control->lock);
}
static void fsm_delete (struct dds_security_fsm_control *control, struct dds_security_fsm *fsm)
{
fsm_deactivate (fsm, false);
remove_fsm_from_list (control, fsm);
fsm_deactivate (control, fsm);
ddsrt_free(fsm);
}
@ -464,7 +515,8 @@ struct dds_security_fsm_control * dds_security_fsm_control_create (struct ddsi_d
control = ddsrt_malloc (sizeof(*control));
control->running = false;
control->event_queue = NULL;
control->first_event = NULL;
control->last_event = NULL;
control->first_fsm = NULL;
control->last_fsm = NULL;
control->gv = gv;
@ -486,12 +538,11 @@ void dds_security_fsm_control_free (struct dds_security_fsm_control *control)
while ((fsm = control->first_fsm) != NULL)
{
control->first_fsm = fsm->next_fsm;
fsm_deactivate (fsm, false);
ddsrt_free (fsm);
fsm_delete (control, fsm);
}
while ((event = control->event_queue) != NULL)
while ((event = control->first_event) != NULL)
{
control->event_queue = event->next;
control->first_event = event->next;
ddsrt_free (event);
}
@ -520,7 +571,7 @@ void dds_security_fsm_control_stop (struct dds_security_fsm_control *control)
ddsrt_mutex_lock (&control->lock);
control->running = false;
ddsrt_cond_signal (&control->cond);
ddsrt_cond_broadcast (&control->cond);
ddsrt_mutex_unlock (&control->lock);
join_thread (control->ts);

8
src/security/core/src/dds_security_utils.c
View file

@ -124,6 +124,7 @@ DDS_Security_BinaryProperty_set_by_value(
bp->name = ddsrt_strdup(name);
bp->value._length = length;
bp->value._maximum = length;
bp->propagate = true;
if (length) {
bp->value._buffer = ddsrt_malloc(length);
memcpy(bp->value._buffer, data, length);
@ -164,6 +165,7 @@ DDS_Security_BinaryProperty_set_by_ref(
bp->value._length = length;
bp->value._maximum = length;
bp->value._buffer = data;
bp->propagate = true;
}
DDS_Security_BinaryPropertySeq *
@ -840,7 +842,7 @@ DDS_Security_Exception_set_with_openssl_error(
void
DDS_Security_Exception_reset(
DDS_Security_SecurityException *ex)
DDS_Security_SecurityException *ex)
{
if (ex) {
if (ex->message) {
@ -855,7 +857,9 @@ DDS_Security_Exception_clean(
DDS_Security_SecurityException *ex)
{
if (ex) {
memset(ex, 0, sizeof(DDS_Security_SecurityException));
ex->code = 0;
ex->minor_code = 0;
ex->message = NULL;
}
}

17
src/security/core/tests/plugin_loading/plugin_loading.c
View file

@ -20,6 +20,7 @@
#include "dds/ddsrt/cdtors.h"
#include "dds/ddsrt/environ.h"
#include "dds/ddsrt/heap.h"
#include "plugin_mock_common.h"
//#include "dds/ddsi/ddsi_security_omg.h"
#define FORCE_ENV
@ -87,7 +88,7 @@ static uint32_t found;
static void logger(void *ptr, const dds_log_data_t *data) {
char **expected = (char **) ptr;
if (print_log) {
printf("%s\n", data->message);
fputs(data->message, stdout);
}
for (uint32_t i = 0; expected[i] != NULL; i++) {
if (patmatch(expected[i], data->message)) {
@ -112,9 +113,9 @@ CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsr
"<DDSSecurity>"
"<Authentication>"
"<Library path=\"dds_security_authentication_all_ok\" initFunction=\"init_authentication\" finalizeFunction=\"finalize_authentication\" />"
"<IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
"<IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
"<PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
"<IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
"<IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
"<PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
"<Password>testtext_Password_testtext</Password>"
"<TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
"</Authentication>"
@ -469,7 +470,7 @@ CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init,
#else
dds_delete(participant);
#endif
CU_ASSERT_FATAL(found == 0xd || found == 0xe);
dds_delete(participant);
@ -551,13 +552,13 @@ CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .
dds_entity_t participant;
dds_qos_t * qos;
/* Set up the trace sinks to detect the config parsing. */
dds_set_log_mask(DDS_LC_INFO);
dds_set_log_sink(&logger, (void*)log_expected);
dds_set_trace_sink(&logger, (void*)log_expected);
/* Create the qos */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL);

12
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c
View file

@ -28,6 +28,11 @@ typedef struct dds_security_authentication_impl {
int id; //sample internal member
} dds_security_authentication_impl;
static const char *test_identity_certificate = TEST_IDENTITY_CERTIFICATE_ALL_OK;
static const char *test_ca_certificate = TEST_CA_CERTIFICATE_ALL_OK;
static const char *test_private_key = TEST_PRIVATE_KEY_ALL_OK;
DDS_Security_ValidationResult_t validate_local_identity(
dds_security_authentication *instance,
DDS_Security_IdentityHandle *local_identity_handle,
@ -76,14 +81,17 @@ DDS_Security_ValidationResult_t validate_local_identity(
}
if( strcmp(identity_certificate, test_identity_certificate) != 0){
printf("identity received=%s\n", identity_certificate);
printf("identity expected=%s\n", test_identity_certificate);
result = DDS_SECURITY_VALIDATION_FAILED;
printf("FAILED: Could not get identity_certificate value properly\n");
}
else if( strcmp(identity_ca, test_ca_certificate) != 0){
printf("ca received=%s\n", identity_ca);
printf("ca expected=%s\n", test_ca_certificate);
printf("FAILED: Could not get identity_ca value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}else if( strcmp(private_key, test_privatekey) != 0){
}else if( strcmp(private_key, test_private_key) != 0){
printf("FAILED: Could not get private_key value properly\n");
result = DDS_SECURITY_VALIDATION_FAILED;
}

78
src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h
View file

@ -9,6 +9,7 @@
#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_
#include "dds/security/authentication_all_ok_export.h"
#include "../../plugin_mock_common.h"
SECURITY_EXPORT int32_t
init_authentication(const char *argument, void **context);
@ -16,83 +17,6 @@ init_authentication(const char *argument, void **context);
SECURITY_EXPORT int32_t
finalize_authentication(void *context);
char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----";
char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----";
char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----";
DDS_Security_ValidationResult_t
validate_local_identity(
dds_security_authentication *instance,

98
src/security/core/tests/plugin_loading/plugin_mock_common.h Normal file
View file

@ -0,0 +1,98 @@
/*
* Copyright(c) 2006 to 2019 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef PLUGIN_MOCK_COMMON_H_
#define PLUGIN_MOCK_COMMON_H_
#define TEST_IDENTITY_CERTIFICATE_ALL_OK "testtext_IdentityCertificate_testtext"
#define TEST_CA_CERTIFICATE_ALL_OK "testtext_IdentityCA_testtext"
#define TEST_PRIVATE_KEY_ALL_OK "testtext_PrivateKey_testtext"
#define TEST_IDENTITY_CERTIFICATE "data:,-----BEGIN CERTIFICATE-----\n\
MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\
VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\
YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\
Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\
kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\
9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\
+imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\
/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\
Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\
kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\
Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\
jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\
gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\
By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\
xEEFrw==\n\
-----END CERTIFICATE-----"
#define TEST_CA_CERTIFICATE_ALL "data:,-----BEGIN CERTIFICATE-----\n\
MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\
MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\
aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\
Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\
TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\
ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\
ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\
bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\
0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\
SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\
72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\
tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\
9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\
FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\
CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\
BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\
ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\
Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\
NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\
sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\
AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\
O9IAQi5pa15gXjSbUg==\n\
-----END CERTIFICATE-----"
#define TEST_PRIVATE_KEY_ALL "data:,-----BEGIN RSA PRIVATE KEY-----\n\
MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\
k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\
DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\
FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\
m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\
8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\
8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\
E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\
wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\
tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\
MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\
ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\
CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\
LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\
rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\
paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\
9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\
HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\
wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\
/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\
P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\
MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\
H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\
ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\
LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\
-----END RSA PRIVATE KEY-----"
#endif

81
src/security/core/tests/plugin_loading/security_config.c
View file

@ -21,6 +21,7 @@
#include "dds/ddsrt/heap.h"
#include "dds/ddsi/q_misc.h"
#include "dds/ddsi/ddsi_xqos.h"
#include "plugin_mock_common.h"
#include "dds/security/dds_security_api_defs.h"
@ -50,9 +51,9 @@
"0:\"dds.sec.access.library.path\":\""ac"\"," \
"0:\"dds.sec.access.library.init\":\"init_access_control\"," \
"0:\"dds.sec.access.library.finalize\":\"finalize_access_control\"," \
"0:\"dds.sec.auth.identity_ca\":\"testtext_IdentityCA_testtext\"," \
"0:\"dds.sec.auth.private_key\":\"testtext_PrivateKey_testtext\"," \
"0:\"dds.sec.auth.identity_certificate\":\"testtext_IdentityCertificate_testtext\"," \
"0:\"dds.sec.auth.identity_ca\":\"" TEST_CA_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.auth.private_key\":\"" TEST_PRIVATE_KEY_ALL_OK "\"," \
"0:\"dds.sec.auth.identity_certificate\":\"" TEST_IDENTITY_CERTIFICATE_ALL_OK "\"," \
"0:\"dds.sec.access.permissions_ca\":\"file:Permissions_CA.pem\"," \
"0:\"dds.sec.access.governance\":\"file:Governance.p7s\"," \
"0:\"dds.sec.access.permissions\":\"file:Permissions.p7s\"" \
@ -206,9 +207,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -233,9 +234,9 @@ CU_Test(ddsc_security_config, all, .init = ddsrt_init, .fini = ddsrt_fini)
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -281,9 +282,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: {}*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -307,9 +308,9 @@ CU_Test(ddsc_security_config, security, .init = ddsrt_init, .fini = ddsrt_fini)
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <Cryptographic>"
" "MOCKLIB_ELEM_CRYPTO("dds_security_cryptography_all_ok")
@ -351,9 +352,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
"config: Domain/DDSSecurity/Authentication/Library[@path]: "MOCKLIB_PATH("dds_security_authentication_all_ok")"*",
"config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*",
"config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*",
"config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: "TEST_IDENTITY_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/IdentityCA/#text: "TEST_CA_CERTIFICATE_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/PrivateKey/#text: "TEST_PRIVATE_KEY_ALL_OK"*",
"config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*",
"config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*",
"config: Domain/DDSSecurity/AccessControl/Library/#text: "MOCKLIB_PATH("dds_security_access_control_all_ok")"*",
@ -378,9 +379,9 @@ CU_Test(ddsc_security_config, deprecated, .init = ddsrt_init, .fini = ddsrt_fini
" <DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -448,9 +449,9 @@ CU_Test(ddsc_security_config, qos, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -494,6 +495,7 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
PARTICIPANT_QOS_ALL_OK to work, the order must match that one */
unsigned char bvalue[3] = { 0x01, 0x02, 0x03 };
CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL);
dds_qset_prop(qos, "dds.sec.auth.library.path", ""MOCKLIB_PATH("dds_security_authentication_all_ok")"");
dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication");
dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication");
@ -503,9 +505,9 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -514,7 +516,6 @@ CU_Test(ddsc_security_config, qos_props, .init = ddsrt_init, .fini = ddsrt_fini)
dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext");
dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext");
dds_qset_bprop(qos, "test.bprop1", bvalue, 3);
/* Create participant with security config in qos. */
@ -546,9 +547,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"
@ -572,9 +573,9 @@ CU_Test(ddsc_security_config, config_qos, .init = ddsrt_init, .fini = ddsrt_fini
dds_qset_prop(qos, "dds.sec.access.library.path", ""MOCKLIB_PATH("dds_security_access_control_all_ok")"");
dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control");
dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext");
dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext");
dds_qset_prop(qos, "dds.sec.auth.identity_ca", TEST_CA_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.private_key", TEST_PRIVATE_KEY_ALL_OK);
dds_qset_prop(qos, "dds.sec.auth.identity_certificate", TEST_IDENTITY_CERTIFICATE_ALL_OK);
dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem");
dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s");
dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s");
@ -614,9 +615,9 @@ CU_Test(ddsc_security_config, other_prop, .init = ddsrt_init, .fini = ddsrt_fini
"<DDSSecurity>"
" <Authentication>"
" "MOCKLIB_ELEM_AUTH("dds_security_authentication_all_ok")
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" <Password>testtext_Password_testtext</Password>"
" <TrustedCADirectory>testtext_Dir_testtext</TrustedCADirectory>"
" </Authentication>"
@ -685,9 +686,9 @@ CU_Test(ddsc_security_config, qos_invalid, .init = ddsrt_init, .fini = ddsrt_fin
"<Tracing><Verbosity>finest</></>"
"<DDSSecurity>"
" <Authentication>"
" <IdentityCertificate>testtext_IdentityCertificate_testtext</IdentityCertificate>"
" <IdentityCA>testtext_IdentityCA_testtext</IdentityCA>"
" <PrivateKey>testtext_PrivateKey_testtext</PrivateKey>"
" <IdentityCertificate>"TEST_IDENTITY_CERTIFICATE_ALL_OK"</IdentityCertificate>"
" <IdentityCA>"TEST_CA_CERTIFICATE_ALL_OK"</IdentityCA>"
" <PrivateKey>"TEST_PRIVATE_KEY_ALL_OK"</PrivateKey>"
" </Authentication>"
" <AccessControl>"
" <Governance>file:Governance.p7s</Governance>"

69
src/security/core/tests/tc_fsm.c
View file

@ -369,16 +369,19 @@ static const uint32_t TransitionsSize = sizeof(Transitions)/sizeof(Transitions[0
**********************************************************************/
typedef enum {
eventToTimeout, eventToEnd,
eventToTimeout, eventToInterupt, eventToEnd,
} timeout_events;
struct fsm_timeout_arg {
int id;
};
static struct dds_security_fsm *fsm_timeout;
static uint32_t visited_timeout = 0;
static uint32_t correct_fsm_timeout = 0;
static uint32_t correct_arg_timeout = 0;
static ddsrt_cond_t stop_timeout_cond;
static ddsrt_mutex_t stop_timeout_cond_mutex;
static uint32_t stop_timeout_cond_cnt = 0;
static struct fsm_timeout_arg fsm_arg = { .id = FSM_AUTH_ARG };
/* The functions called from the state-machine. */
static void doInterupt(struct dds_security_fsm *fsm, void *arg)
@ -393,24 +396,15 @@ static void doInterupt(struct dds_security_fsm *fsm, void *arg)
static void doTimeout(struct dds_security_fsm *fsm, void *arg)
{
dds_duration_t delay4 = 4 * DDS_NSECS_IN_SEC;
DDSRT_UNUSED_ARG(arg);
if (DB_TC_PRINT_DEBUG) {
printf("Transition >>>> %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition >>>> %s\n", __FUNCTION__);
}
visited_timeout |= 1UL << 1;
stop_timeout_cond_cnt++;
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
(void) ddsrt_cond_waitfor(&stop_timeout_cond, &stop_timeout_cond_mutex,
delay4);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
stop_timeout_cond_cnt--;
if (DB_TC_PRINT_DEBUG) {
printf("Transition <<<< %s %d\n", __FUNCTION__, stop_timeout_cond_cnt);
printf("Transition <<<< %s\n", __FUNCTION__);
}
dds_security_fsm_dispatch(fsm, eventToTimeout, false);
@ -418,7 +412,7 @@ static void doTimeout(struct dds_security_fsm *fsm, void *arg)
static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
{
int *fsm_arg;
struct fsm_timeout_arg *farg = arg;
if (DB_TC_PRINT_DEBUG) {
printf("TimeoutCallback\n");
@ -426,10 +420,8 @@ static void TimeoutCallback(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 2;
if (arg != NULL) {
fsm_arg = (int *) arg;
if (*fsm_arg == FSM_AUTH_ARG) {
if (farg != NULL) {
if (farg->id == FSM_AUTH_ARG) {
correct_arg_timeout = 1;
} else {
correct_arg_timeout = 0;
@ -452,14 +444,17 @@ static void TimeoutCallback2(struct dds_security_fsm *fsm, void *arg)
visited_timeout |= 1UL << 3;
}
static dds_security_fsm_state StateTimeout = {doTimeout, 0};static int fsm_arg = FSM_AUTH_ARG;
static dds_security_fsm_state StateInitial = {doTimeout, 0};
static dds_security_fsm_state StateWaitTimeout = {NULL, DDS_SECS(4)};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static dds_security_fsm_state StateInterupt = {doInterupt, 0};
static const dds_security_fsm_transition TimeoutTransitions[] = {
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateTimeout}, // NULL state is the start state
{&StateTimeout, eventToTimeout, NULL, &StateInterupt},
{&StateInterupt,eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
{NULL, DDS_SECURITY_FSM_EVENT_AUTO, NULL, &StateInitial}, // NULL state is the start state
{&StateInitial, eventToTimeout, NULL, &StateWaitTimeout},
{&StateWaitTimeout, DDS_SECURITY_FSM_EVENT_TIMEOUT, NULL, &StateInterupt},
{&StateWaitTimeout, eventToInterupt, NULL, &StateInterupt},
{&StateInterupt, eventToEnd, NULL, NULL}, // Reaching NULL means end of state-diagram
};
static const uint32_t TimeoutTransitionsSize = sizeof(TimeoutTransitions)/sizeof(TimeoutTransitions[0]);
@ -541,16 +536,10 @@ static void fsm_control_init(void)
rc = dds_security_fsm_control_start (g_fsm_control, NULL);
CU_ASSERT_FATAL(rc == 0);
ddsrt_mutex_init(&stop_timeout_cond_mutex);
ddsrt_cond_init(&stop_timeout_cond);
}
static void fsm_control_fini(void)
{
ddsrt_cond_destroy(&stop_timeout_cond);
ddsrt_mutex_destroy(&stop_timeout_cond_mutex);
dds_security_fsm_control_stop(g_fsm_control);
dds_security_fsm_control_free(g_fsm_control);
@ -697,12 +686,10 @@ CU_Test(ddssec_fsm, timeout, .init = fsm_control_init, .fini = fsm_control_fini)
timeout--;
}
CU_ASSERT(timeout > 0);
CU_ASSERT(
CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(CHECK_BIT(visited_timeout, 0) && CHECK_BIT(visited_timeout, 1) && CHECK_BIT(visited_timeout, 2));
CU_ASSERT(correct_arg_timeout && correct_fsm_timeout);
dds_security_fsm_free(fsm_timeout);
}
/**
@ -740,10 +727,6 @@ CU_Test(ddssec_fsm, double_timeout, .init = fsm_control_init, .fini = fsm_contro
CU_ASSERT(CHECK_BIT(visited_timeout, 3));
dds_security_fsm_free(fsm_timeout);
dds_security_fsm_free(fsm_timeout2);
ddsrt_mutex_lock(&stop_timeout_cond_mutex);
ddsrt_cond_signal(&stop_timeout_cond);
ddsrt_mutex_unlock(&stop_timeout_cond_mutex);
}
/**
@ -840,15 +823,5 @@ CU_Test(ddssec_fsm, delete_with_timeout, .init = fsm_control_init, .fini = fsm_c
}
dds_security_fsm_free(fsm_timeout);
dds_sleepfor(100 * DDS_NSECS_IN_MSEC);
/* Just for safety to be certain that the condition isn't used anymore before destroying it. */
while (stop_timeout_cond_cnt > 0) {
dds_time_t d = DDS_NSECS_IN_SEC;
ddsrt_cond_signal(&stop_timeout_cond);
dds_sleepfor(d);
}
}