diff --git a/src/security/core/tests/access_control.c b/src/security/core/tests/access_control.c index 508828c..981a196 100644 --- a/src/security/core/tests/access_control.c +++ b/src/security/core/tests/access_control.c @@ -148,7 +148,7 @@ CU_TheoryDataPoints(ddssec_access_control, config_parameters_file) = { CU_Theory((const char * test_descr, const char * gov, const char * perm, const char * ca, bool incl_empty_els, bool exp_fail), ddssec_access_control, config_parameters_file) { - printf("running test config_parameters_file: %s\n", test_descr); + print_test_msg ("running test config_parameters_file: %s\n", test_descr); access_control_init ( (const char *[]) { TEST_IDENTITY1_CERTIFICATE, TEST_IDENTITY1_CERTIFICATE }, (const char *[]) { TEST_IDENTITY1_PRIVATE_KEY, TEST_IDENTITY1_PRIVATE_KEY }, @@ -170,29 +170,28 @@ CU_TheoryDataPoints(ddssec_access_control, permissions_expiry) = { /* | */"valid -1 minute until now", /* | | */"1s valid, create pp after 1100ms", /* | | | */"node 2 permissions expired", - /* | | | | */"node 1 3s valid, write/read for 1s delayed 3s", - /* | | | | | */"node 2 3s valid, write/read for 1s delayed 3s"), + /* | | | | */"node 1 3s valid, write/read for 10s", + /* | | | | | */"node 2 3s valid, write/read for 10s"), CU_DataPoints(int32_t, 0, -M(1), 0, 0, 0, 0), /* node 1 permissions not before (offset from local time) */ - CU_DataPoints(int32_t, M(1), 0, S(1), D(1), S(3), D(1)), /* node 1 permissions not after (offset from local time) */ + CU_DataPoints(int32_t, M(1), 0, S(1), D(1), S(4), D(1)), /* node 1 permissions not after (offset from local time) */ CU_DataPoints(int32_t, 0, -M(1), 0, -D(1), 0, 0), /* node 2 permissions not before (offset from local time) */ - CU_DataPoints(int32_t, M(1), 0, S(1), 0, D(1), S(3)), /* node 2 permissions not after (offset from local time) */ + CU_DataPoints(int32_t, M(1), 0, S(1), 0, D(1), S(4)), /* node 2 permissions not after (offset from local time) */ CU_DataPoints(uint32_t, 0, 0, 1100, 0, 0, 0), /* delay (ms) after generating permissions */ CU_DataPoints(bool, false, true, true, false, false, false), /* expect pp 1 create failure */ CU_DataPoints(bool, false, true, true, true, false, false), /* expect pp 2 create failure */ - CU_DataPoints(uint32_t, 0, 0, 0, 0, 3000, 3000), /* delay (ms) after creating readers/writers */ - CU_DataPoints(uint32_t, 1, 0, 0, 0, 1000, 1000), /* write/read data during x ms */ + CU_DataPoints(uint32_t, 1, 0, 0, 0, 10000, 10000), /* write/read data during x ms */ CU_DataPoints(bool, false, false, false, false, true, true), /* expect read data failure */ }; CU_Theory( (const char * test_descr, int32_t perm1_not_before, int32_t perm1_not_after, int32_t perm2_not_before, int32_t perm2_not_after, - uint32_t delay_perm, bool exp_pp1_fail, bool exp_pp2_fail, uint32_t delay_wr_rd, uint32_t write_read_dur, bool exp_read_fail), + uint32_t delay_perm, bool exp_pp1_fail, bool exp_pp2_fail, uint32_t write_read_dur, bool exp_read_fail), ddssec_access_control, permissions_expiry, .timeout=20) { - printf("running test permissions_expiry: %s\n", test_descr); + print_test_msg ("running test permissions_expiry: %s\n", test_descr); char topic_name[100]; - create_topic_name("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name)); + create_topic_name ("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name)); /* create ca and id1/id2 certs that will not expire during this test */ char *ca, *id1, *id2, *id1_subj, *id2_subj; @@ -202,7 +201,7 @@ CU_Theory( /* localtime will be converted to gmtime in get_permissions_grant */ dds_time_t now = dds_time (); - char * perm_topic = get_permissions_topic(topic_name); + char * perm_topic = get_permissions_topic (topic_name); char * grants[] = { get_permissions_grant ("id1", id1_subj, now + DDS_SECS(perm1_not_before), now + DDS_SECS(perm1_not_after), perm_topic, perm_topic, NULL), get_permissions_grant ("id2", id2_subj, now + DDS_SECS(perm2_not_before), now + DDS_SECS(perm2_not_after), perm_topic, perm_topic, NULL) }; @@ -222,7 +221,6 @@ CU_Theory( { dds_entity_t wr = 0, rd = 0; rd_wr_init (g_participant[0], &g_pubsub[0], &g_topic[0], &wr, g_participant[1], &g_pubsub[1], &g_topic[1], &rd, topic_name); - dds_sleepfor (DDS_MSECS (delay_wr_rd)); write_read_for (wr, g_participant[1], rd, DDS_MSECS (write_read_dur), false, exp_read_fail); } @@ -243,12 +241,14 @@ CU_Theory( #undef M -#define N_NODES 4 +#define N_RD 1 // N_RD > 1 not yet implemented +#define N_WR 3 +#define N_NODES (N_RD + N_WR) #define PERM_EXP_BASE 3 CU_Test(ddssec_access_control, permissions_expiry_multiple, .timeout=20) { char topic_name[100]; - create_topic_name("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name)); + create_topic_name ("ddssec_access_control_", g_topic_nr++, topic_name, sizeof (topic_name)); dds_time_t t_perm = dds_time (); char *ca = generate_ca ("ca1", TEST_IDENTITY_CA1_PRIVATE_KEY, 0, 3600); @@ -266,7 +266,7 @@ CU_Test(ddssec_access_control, permissions_expiry_multiple, .timeout=20) ca_list[i] = ca; id[i] = generate_identity (ca_list[i], TEST_IDENTITY_CA1_PRIVATE_KEY, id_name, pk[i], 0, 3600, &id_subj[i]); exp_fail[i] = false; - dds_duration_t v = DDS_SECS(i == 0 ? 3600 : PERM_EXP_BASE + i); /* 1st node is reader and should not expire */ + dds_duration_t v = DDS_SECS(i < N_RD ? 3600 : PERM_EXP_BASE + 2 * i); /* 1st node is reader and should not expire */ grants[i] = get_permissions_grant (id_name, id_subj[i], t_perm, t_perm + v, perm_topic, perm_topic, NULL); ddsrt_free (id_name); } @@ -274,34 +274,39 @@ CU_Test(ddssec_access_control, permissions_expiry_multiple, .timeout=20) char * perm_config = get_permissions_config (grants, N_NODES, true); access_control_init ( id, pk, ca_list, exp_fail, N_NODES, - true, PF_F COMMON_ETC_PATH("default_governance.p7s"), + true, PF_F COMMON_ETC_PATH ("default_governance.p7s"), true, perm_config, - true, PF_F COMMON_ETC_PATH("default_permissions_ca.pem")); + true, PF_F COMMON_ETC_PATH ("default_permissions_ca.pem")); dds_qos_t * qos = dds_create_qos (); CU_ASSERT_FATAL (qos != NULL); dds_qset_history (qos, DDS_HISTORY_KEEP_ALL, -1); dds_qset_durability (qos, DDS_DURABILITY_TRANSIENT_LOCAL); dds_qset_reliability (qos, DDS_RELIABILITY_RELIABLE, DDS_INFINITY); - dds_entity_t sub_tp = dds_create_topic (g_participant[0], &SecurityCoreTests_Type1_desc, topic_name, NULL, NULL); - CU_ASSERT_FATAL (sub_tp > 0); - dds_entity_t sub = dds_create_subscriber (g_participant[0], NULL, NULL); - CU_ASSERT_FATAL (sub > 0); - dds_entity_t rd = dds_create_reader (sub, sub_tp, qos, NULL); - CU_ASSERT_FATAL (rd > 0); - dds_set_status_mask (rd, DDS_DATA_AVAILABLE_STATUS); - dds_entity_t wr[N_NODES - 1]; - for (int i = 1; i < N_NODES; i++) + dds_entity_t rd[N_RD]; + for (int i = 0; i < N_RD; i++) { - dds_entity_t pub = dds_create_publisher (g_participant[i], NULL, NULL); + dds_entity_t sub = dds_create_subscriber (g_participant[i], NULL, NULL); + CU_ASSERT_FATAL (sub > 0); + dds_entity_t sub_tp = dds_create_topic (g_participant[i], &SecurityCoreTests_Type1_desc, topic_name, NULL, NULL); + CU_ASSERT_FATAL (sub_tp > 0); + rd[i] = dds_create_reader (sub, sub_tp, qos, NULL); + CU_ASSERT_FATAL (rd[i] > 0); + dds_set_status_mask (rd[i], DDS_DATA_AVAILABLE_STATUS); + } + + dds_entity_t wr[N_WR]; + for (int i = 0; i < N_WR; i++) + { + dds_entity_t pub = dds_create_publisher (g_participant[i + N_RD], NULL, NULL); CU_ASSERT_FATAL (pub > 0); - dds_entity_t pub_tp = dds_create_topic (g_participant[i], &SecurityCoreTests_Type1_desc, topic_name, NULL, NULL); + dds_entity_t pub_tp = dds_create_topic (g_participant[i + N_RD], &SecurityCoreTests_Type1_desc, topic_name, NULL, NULL); CU_ASSERT_FATAL (pub_tp > 0); - wr[i - 1] = dds_create_writer (pub, pub_tp, qos, NULL); - CU_ASSERT_FATAL (wr[i - 1] > 0); - dds_set_status_mask (wr[i - 1], DDS_PUBLICATION_MATCHED_STATUS); - sync_writer_to_readers(g_participant[i], wr[i - 1], 1); + wr[i] = dds_create_writer (pub, pub_tp, qos, NULL); + CU_ASSERT_FATAL (wr[i] > 0); + dds_set_status_mask (wr[i], DDS_PUBLICATION_MATCHED_STATUS); + sync_writer_to_readers (g_participant[i + N_RD], wr[i], N_RD); } dds_delete_qos (qos); @@ -311,47 +316,48 @@ CU_Test(ddssec_access_control, permissions_expiry_multiple, .timeout=20) dds_sample_info_t info[1]; dds_return_t ret; - for (int i = 1; i < N_NODES; i++) + for (int i = 0; i < N_WR; i++) { // sleep until 1s before next writer pp permission expires - dds_duration_t delay = DDS_SECS (PERM_EXP_BASE + i - 1) - (dds_time () - t_perm); + dds_duration_t delay = DDS_SECS (PERM_EXP_BASE + 2 * i) - (dds_time () - t_perm); if (delay > 0) dds_sleepfor (delay); - printf ("run %d\n", i); + print_test_msg ("run %d\n", i); - for (int w = 1; w < N_NODES; w++) + for (int w = 0; w < N_WR; w++) { sample.id = w; - ret = dds_write (wr[w - 1], &sample); + ret = dds_write (wr[w], &sample); CU_ASSERT_EQUAL_FATAL (ret, DDS_RETCODE_OK); - printf ("write %d\n", w); + print_test_msg ("write %d\n", w); } // Expect reader to receive data from writers with non-expired permissions int n_samples = 0, n_invalid = 0, n_wait = 0; - while (n_samples + n_invalid < N_NODES - 1 && n_wait < 5) + while (n_samples + n_invalid < N_WR && n_wait < 5) { - ret = dds_take (rd, samples, info, 1, 1); + ret = dds_take (rd[0], samples, info, 1, 1); CU_ASSERT_FATAL (ret >= 0); if (ret == 0) { - reader_wait_for_data (g_participant[0], rd, DDS_MSECS (100)); + reader_wait_for_data (g_participant[0], rd[0], DDS_MSECS (200)); + print_test_msg ("wait for data\n"); n_wait++; } else if (info[0].instance_state == DDS_IST_ALIVE) { - printf ("recv sample %d\n", rd_sample.id); + print_test_msg ("recv sample %d\n", rd_sample.id); n_samples++; } else { - printf ("recv inv sample\n"); + print_test_msg ("recv inv sample\n"); n_invalid++; } } - CU_ASSERT_EQUAL (n_samples, N_NODES - i); - CU_ASSERT (n_invalid < i); + CU_ASSERT_EQUAL (n_samples, N_WR - i); + CU_ASSERT (n_invalid <= i); } access_control_fini (N_NODES); diff --git a/src/security/core/tests/authentication.c b/src/security/core/tests/authentication.c index ab12143..7a9a21a 100644 --- a/src/security/core/tests/authentication.c +++ b/src/security/core/tests/authentication.c @@ -228,7 +228,7 @@ CU_Theory((const char * test_descr, const char * id2, const char *key2, const ch { struct Handshake *hs_list; int nhs; - printf("running test id_ca_certs: %s\n", test_descr); + print_test_msg ("running test id_ca_certs: %s\n", test_descr); authentication_init (ID1, ID1K, CA1, id2, key2, ca2, NULL, NULL, exp_fail_pp1, exp_fail_pp2); // Domain 1 @@ -252,7 +252,7 @@ CU_TheoryDataPoints(ddssec_authentication, trusted_ca_dir) = { }; CU_Theory((const char * ca_dir, bool exp_fail), ddssec_authentication, trusted_ca_dir) { - printf("Testing custom CA dir: %s\n", ca_dir); + print_test_msg ("Testing custom CA dir: %s\n", ca_dir); authentication_init (ID1, ID1K, CA1, ID1, ID1K, CA1, ca_dir, NULL, exp_fail, exp_fail); if (!exp_fail) { @@ -275,17 +275,17 @@ CU_TheoryDataPoints(ddssec_authentication, expired_cert) = { /* | | | | */"ca and id1 1min valid", /* | | | | | */"id1 and id2 1s valid, delay 1100ms", /* | | | | | | */"id1 valid after 1s, delay 1100ms", - /* | | | | | | | */"id1 expire during session"), + /* | | | | | | | */"id1 expires during session"), CU_DataPoints(int32_t, 0, -M(1), 0, 0, 0, 0, 0, 0 ), /* CA1 not before */ CU_DataPoints(int32_t, D(1), 0, D(1), D(1), M(1), D(1), D(1), D(1) ), /* CA1 not after (offset from local time) */ CU_DataPoints(int32_t, 0, 0, -D(1), 0, 0, 0, S(1), 0 ), /* ID1 not before (offset from local time) */ - CU_DataPoints(int32_t, D(1), D(1), 0, D(1), M(1), S(1), D(1), S(2) ), /* ID1 not after (offset from local time) */ + CU_DataPoints(int32_t, D(1), D(1), 0, D(1), M(1), S(1), D(1), S(4) ), /* ID1 not after (offset from local time) */ CU_DataPoints(bool, false, true, true, false, false, true, false, false ), /* expect validate local ID1 fail */ CU_DataPoints(int32_t, 0, 0, 0, -D(1), 0, 0, 0, 0 ), /* ID2 not before (offset from local time) */ CU_DataPoints(int32_t, D(1), D(1), D(1), 0, D(1), S(1), D(1), D(1) ), /* ID2 not after (offset from local time) */ CU_DataPoints(bool, false, true, false, true, false, true, false, false ), /* expect validate local ID2 fail */ CU_DataPoints(uint32_t, 0, 0, 0, 0, 0, 1100, 1100, 0 ), /* delay (ms) after generating certificate */ - CU_DataPoints(uint32_t, 1, 0, 0, 0, 1, 0, 1, 3500 ), /* write/read data during x ms */ + CU_DataPoints(uint32_t, 1, 0, 0, 0, 1, 0, 1, 10000 ), /* write/read data during x ms */ CU_DataPoints(bool, false, false, false, false, false, false, false, true ), /* expect read data failure */ }; CU_Theory( @@ -295,11 +295,12 @@ CU_Theory( uint32_t delay, uint32_t write_read_dur, bool exp_read_fail), ddssec_authentication, expired_cert, .timeout=30) { - printf("running test expired_cert: %s\n", test_descr); + print_test_msg ("running test expired_cert: %s\n", test_descr); char topic_name[100]; create_topic_name("ddssec_authentication_", g_topic_nr++, topic_name, sizeof (topic_name)); + print_test_msg ("generate ids (id1: %d-%d, id2: %d-%d):\n", id1_not_before, id1_not_after, id2_not_before, id2_not_after); char *ca, *id1, *id2, *id1_subj, *id2_subj; ca = generate_ca ("ca1", CA1K, ca_not_before, ca_not_after); id1 = generate_identity (ca, CA1K, "id1", ID1K, id1_not_before, id1_not_after, &id1_subj); diff --git a/src/security/core/tests/common/test_utils.c b/src/security/core/tests/common/test_utils.c index 476490c..bf8c300 100644 --- a/src/security/core/tests/common/test_utils.c +++ b/src/security/core/tests/common/test_utils.c @@ -34,7 +34,7 @@ int numRemote = 0; struct Handshake handshakeList[MAX_HANDSHAKES]; int numHandshake = 0; -static char * get_validation_result_str(DDS_Security_ValidationResult_t result) +static char * get_validation_result_str (DDS_Security_ValidationResult_t result) { switch (result) { @@ -49,7 +49,7 @@ static char * get_validation_result_str(DDS_Security_ValidationResult_t result) return ""; } -static char * get_node_type_str(enum hs_node_type node_type) +static char * get_node_type_str (enum hs_node_type node_type) { switch (node_type) { @@ -61,17 +61,27 @@ static char * get_node_type_str(enum hs_node_type node_type) return ""; } -static void add_local_identity(DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) +void print_test_msg (const char *msg, ...) { - printf("add local identity %"PRId64"\n", handle); + va_list args; + dds_time_t t = dds_time (); + printf ("%d.%06d ", (int32_t) (t / DDS_NSECS_IN_SEC), (int32_t) (t % DDS_NSECS_IN_SEC) / 1000); + va_start (args, msg); + vprintf (msg, args); + va_end (args); +} + +static void add_local_identity (DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) +{ + print_test_msg ("add local identity %"PRId64"\n", handle); localIdentityList[numLocal].handle = handle; - memcpy(&localIdentityList[numLocal].guid, guid, sizeof(DDS_Security_GUID_t)); + memcpy (&localIdentityList[numLocal].guid, guid, sizeof(DDS_Security_GUID_t)); numLocal++; } -static int find_local_identity(DDS_Security_IdentityHandle handle) +static int find_local_identity (DDS_Security_IdentityHandle handle) { - for (int i = 0; i < (int)numLocal; i++) + for (int i = 0; i < (int) numLocal; i++) { if (localIdentityList[i].handle == handle) return i; @@ -79,7 +89,7 @@ static int find_local_identity(DDS_Security_IdentityHandle handle) return -1; } -static int find_remote_identity(DDS_Security_IdentityHandle handle) +static int find_remote_identity (DDS_Security_IdentityHandle handle) { for (int i = 0; i < numRemote; i++) { @@ -89,13 +99,13 @@ static int find_remote_identity(DDS_Security_IdentityHandle handle) return -1; } -static void add_remote_identity(DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) +static void add_remote_identity (DDS_Security_IdentityHandle handle, DDS_Security_GUID_t *guid) { - if (find_remote_identity(handle) < 0) + if (find_remote_identity (handle) < 0) { - printf("add remote identity %"PRId64"\n", handle); + print_test_msg ("add remote identity %"PRId64"\n", handle); remoteIdentityList[numRemote].handle = handle; - memcpy(&remoteIdentityList[numRemote].guid, guid, sizeof(DDS_Security_GUID_t)); + memcpy (&remoteIdentityList[numRemote].guid, guid, sizeof(DDS_Security_GUID_t)); numRemote++; } } @@ -107,21 +117,21 @@ static void clear_stores(void) numHandshake = 0; } -static struct Handshake *add_handshake(enum hs_node_type node_type, DDS_Security_IdentityHandle lHandle, DDS_Security_IdentityHandle rHandle) +static struct Handshake *add_handshake (enum hs_node_type node_type, DDS_Security_IdentityHandle lHandle, DDS_Security_IdentityHandle rHandle) { - printf("add handshake %"PRId64"-%"PRId64"\n", lHandle, rHandle); + print_test_msg ("add handshake %"PRId64"-%"PRId64"\n", lHandle, rHandle); handshakeList[numHandshake].handle = -1; handshakeList[numHandshake].node_type = node_type; handshakeList[numHandshake].handshakeResult = DDS_SECURITY_VALIDATION_FAILED; - handshakeList[numHandshake].lidx = find_local_identity(lHandle); - handshakeList[numHandshake].ridx = find_remote_identity(rHandle); + handshakeList[numHandshake].lidx = find_local_identity (lHandle); + handshakeList[numHandshake].ridx = find_remote_identity (rHandle); handshakeList[numHandshake].finalResult = DDS_SECURITY_VALIDATION_FAILED; handshakeList[numHandshake].err_msg = NULL; numHandshake++; return &handshakeList[numHandshake - 1]; } -static int find_handshake(DDS_Security_HandshakeHandle handle) +static int find_handshake (DDS_Security_HandshakeHandle handle) { for (int i = 0; i < numHandshake; i++) { @@ -131,123 +141,123 @@ static int find_handshake(DDS_Security_HandshakeHandle handle) return -1; } -static void handle_process_message(dds_domainid_t domain_id, DDS_Security_IdentityHandle handshake) +static void handle_process_message (dds_domainid_t domain_id, DDS_Security_IdentityHandle handshake) { struct message *msg; - if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_PROCESS_HANDSHAKE, 0, 0, handshake, HS_TIMEOUT))) + if ((msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_PROCESS_HANDSHAKE, 0, 0, handshake, HS_TIMEOUT))) { int idx; - if ((idx = find_handshake(msg->hsHandle)) >= 0) + if ((idx = find_handshake (msg->hsHandle)) >= 0) { - printf("set handshake %"PRId64" final result to '%s' (errmsg: %s)\n", msg->hsHandle, get_validation_result_str(msg->result), msg->err_msg); + print_test_msg ("set handshake %"PRId64" final result to '%s' (errmsg: %s)\n", msg->hsHandle, get_validation_result_str (msg->result), msg->err_msg); handshakeList[idx].finalResult = msg->result; handshakeList[idx].err_msg = ddsrt_strdup (msg->err_msg); } - test_authentication_plugin_release_msg(msg); + test_authentication_plugin_release_msg (msg); } } -static void handle_begin_handshake_request(dds_domainid_t domain_id, struct Handshake *hs, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid) +static void handle_begin_handshake_request (dds_domainid_t domain_id, struct Handshake *hs, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid) { struct message *msg; - printf("handle begin handshake request %"PRId64"<->%"PRId64"\n", lid, rid); - if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REQUEST, lid, rid, 0, HS_TIMEOUT))) + print_test_msg ("handle begin handshake request %"PRId64"<->%"PRId64"\n", lid, rid); + if ((msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REQUEST, lid, rid, 0, HS_TIMEOUT))) { hs->handle = msg->hsHandle; hs->handshakeResult = msg->result; if (msg->result != DDS_SECURITY_VALIDATION_FAILED) - handle_process_message(domain_id, msg->hsHandle); + handle_process_message (domain_id, msg->hsHandle); else hs->err_msg = ddsrt_strdup (msg->err_msg); - test_authentication_plugin_release_msg(msg); + test_authentication_plugin_release_msg (msg); } } -static void handle_begin_handshake_reply(dds_domainid_t domain_id, struct Handshake *hs, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid) +static void handle_begin_handshake_reply (dds_domainid_t domain_id, struct Handshake *hs, DDS_Security_IdentityHandle lid, DDS_Security_IdentityHandle rid) { struct message *msg; - printf("handle begin handshake reply %"PRId64"<->%"PRId64"\n", lid, rid); - if ((msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REPLY, lid, rid, 0, HS_TIMEOUT))) + print_test_msg ("handle begin handshake reply %"PRId64"<->%"PRId64"\n", lid, rid); + if ((msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_BEGIN_HANDSHAKE_REPLY, lid, rid, 0, HS_TIMEOUT))) { hs->handle = msg->hsHandle; hs->handshakeResult = msg->result; if (msg->result != DDS_SECURITY_VALIDATION_FAILED) - handle_process_message(domain_id, msg->hsHandle); + handle_process_message (domain_id, msg->hsHandle); else hs->err_msg = ddsrt_strdup (msg->err_msg); - test_authentication_plugin_release_msg(msg); + test_authentication_plugin_release_msg (msg); } } -static void handle_validate_remote_identity(dds_domainid_t domain_id, DDS_Security_IdentityHandle lid, int count) +static void handle_validate_remote_identity (dds_domainid_t domain_id, DDS_Security_IdentityHandle lid, int count) { struct message *msg; - while (count-- > 0 && (msg = test_authentication_plugin_take_msg(domain_id, MESSAGE_KIND_VALIDATE_REMOTE_IDENTITY, lid, 0, 0, HS_TIMEOUT))) + while (count-- > 0 && (msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_VALIDATE_REMOTE_IDENTITY, lid, 0, 0, HS_TIMEOUT))) { struct Handshake *hs; - add_remote_identity(msg->ridHandle, &msg->rguid); - hs = add_handshake(HSN_UNDEFINED, lid, msg->ridHandle); + add_remote_identity (msg->ridHandle, &msg->rguid); + hs = add_handshake (HSN_UNDEFINED, lid, msg->ridHandle); if (msg->result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_REQUEST) { hs->node_type = HSN_REQUESTER; - handle_begin_handshake_request(domain_id, hs, lid, msg->ridHandle); + handle_begin_handshake_request (domain_id, hs, lid, msg->ridHandle); } else if (msg->result == DDS_SECURITY_VALIDATION_PENDING_HANDSHAKE_MESSAGE) { hs->node_type = HSN_REPLIER; - handle_begin_handshake_reply(domain_id, hs, lid, msg->ridHandle); + handle_begin_handshake_reply (domain_id, hs, lid, msg->ridHandle); } else { - printf("validate remote failed\n"); + print_test_msg ("validate remote failed\n"); } - test_authentication_plugin_release_msg(msg); + test_authentication_plugin_release_msg (msg); } } -static void handle_validate_local_identity(dds_domainid_t domain_id, bool exp_localid_fail, const char * exp_localid_msg) +static void handle_validate_local_identity (dds_domainid_t domain_id, bool exp_localid_fail, const char * exp_localid_msg) { struct message *msg = test_authentication_plugin_take_msg (domain_id, MESSAGE_KIND_VALIDATE_LOCAL_IDENTITY, 0, 0, 0, HS_TIMEOUT); CU_ASSERT_FATAL (msg != NULL); CU_ASSERT_FATAL ((msg->result == DDS_SECURITY_VALIDATION_OK) != exp_localid_fail); if (exp_localid_fail && exp_localid_msg) { - printf("validate_local_identity failed as expected (msg: %s)\n", msg->err_msg); - CU_ASSERT_FATAL (msg->err_msg && strstr(msg->err_msg, exp_localid_msg) != NULL); + print_test_msg ("validate_local_identity failed as expected (msg: %s)\n", msg->err_msg); + CU_ASSERT_FATAL (msg->err_msg && strstr (msg->err_msg, exp_localid_msg) != NULL); } else add_local_identity (msg->lidHandle, &msg->lguid); test_authentication_plugin_release_msg (msg); } -void validate_handshake(dds_domainid_t domain_id, bool exp_localid_fail, const char * exp_localid_msg, struct Handshake *hs_list[], int *nhs) +void validate_handshake (dds_domainid_t domain_id, bool exp_localid_fail, const char * exp_localid_msg, struct Handshake *hs_list[], int *nhs) { - clear_stores(); + clear_stores (); if (nhs) *nhs = 0; if (hs_list) *hs_list = NULL; - handle_validate_local_identity(domain_id, exp_localid_fail, exp_localid_msg); + handle_validate_local_identity (domain_id, exp_localid_fail, exp_localid_msg); if (!exp_localid_fail) { handle_validate_remote_identity (domain_id, localIdentityList[0].handle, 1); for (int n = 0; n < numHandshake; n++) { struct Handshake *hs = &handshakeList[n]; - printf("Result: hs %"PRId64", node type %s, final result %s\n", hs->handle, get_node_type_str(hs->node_type), get_validation_result_str(hs->finalResult)); + print_test_msg ("Result: hs %"PRId64", node type %s, final result %s\n", hs->handle, get_node_type_str (hs->node_type), get_validation_result_str (hs->finalResult)); if (hs->err_msg && strlen (hs->err_msg)) - printf("- err_msg: %s\n", hs->err_msg); + print_test_msg ("- err_msg: %s\n", hs->err_msg); } if (nhs) *nhs = numHandshake; if (hs_list) *hs_list = handshakeList; else - handshake_list_fini(handshakeList, numHandshake); + handshake_list_fini (handshakeList, numHandshake); } - printf ("finished validate handshake for domain %d\n\n", domain_id); + print_test_msg ("finished validate handshake for domain %d\n\n", domain_id); } void validate_handshake_nofail (dds_domainid_t domain_id) @@ -264,7 +274,7 @@ void validate_handshake_nofail (dds_domainid_t domain_id) handshake_list_fini (hs_list, nhs); } -void handshake_list_fini(struct Handshake *hs_list, int nhs) +void handshake_list_fini (struct Handshake *hs_list, int nhs) { for (int n = 0; n < nhs; n++) { @@ -273,7 +283,7 @@ void handshake_list_fini(struct Handshake *hs_list, int nhs) } } -void sync_writer_to_readers(dds_entity_t pp_wr, dds_entity_t wr, uint32_t exp_count) +void sync_writer_to_readers (dds_entity_t pp_wr, dds_entity_t wr, uint32_t exp_count) { dds_attach_t triggered; dds_entity_t ws = dds_create_waitset (pp_wr); @@ -296,7 +306,7 @@ void sync_writer_to_readers(dds_entity_t pp_wr, dds_entity_t wr, uint32_t exp_co CU_ASSERT_EQUAL_FATAL (pub_matched.total_count, exp_count); } -char *create_topic_name(const char *prefix, uint32_t nr, char *name, size_t size) +char *create_topic_name (const char *prefix, uint32_t nr, char *name, size_t size) { ddsrt_pid_t pid = ddsrt_getpid (); ddsrt_tid_t tid = ddsrt_gettid (); @@ -304,7 +314,7 @@ char *create_topic_name(const char *prefix, uint32_t nr, char *name, size_t size return name; } -bool reader_wait_for_data(dds_entity_t pp, dds_entity_t rd, dds_duration_t dur) +bool reader_wait_for_data (dds_entity_t pp, dds_entity_t rd, dds_duration_t dur) { dds_attach_t triggered; dds_entity_t ws = dds_create_waitset (pp); @@ -359,6 +369,7 @@ void write_read_for(dds_entity_t wr, dds_entity_t pp_rd, dds_entity_t rd, dds_du do { + print_test_msg("write\n"); if (dds_write (wr, &sample) != DDS_RETCODE_OK) write_fail = true; @@ -366,18 +377,29 @@ void write_read_for(dds_entity_t wr, dds_entity_t pp_rd, dds_entity_t rd, dds_du { if ((ret = dds_take (rd, samples, info, 1, 1)) > 0) { + print_test_msg ("take sample\n"); + if (info[0].instance_state != DDS_IST_ALIVE || !info[0].valid_data) + { + print_test_msg ("invalid sample instance_state=%d valid_data=%d\n", info[0].instance_state, info[0].valid_data); + read_fail = true; + } + else + CU_ASSERT_EQUAL_FATAL (rd_sample.value, 1); CU_ASSERT_EQUAL_FATAL (ret, 1); break; } - if (ret < 0 || !reader_wait_for_data (pp_rd, rd, DDS_MSECS (100))) + if (ret < 0 || !reader_wait_for_data (pp_rd, rd, DDS_MSECS (1000))) { + print_test_msg ("take no sample\n"); read_fail = true; break; } } - dds_sleepfor (DDS_MSECS (1)); + if (write_fail || read_fail) + break; + dds_sleepfor (DDS_MSECS (100)); } - while (dds_time() < tend && !write_fail && !read_fail); - CU_ASSERT_EQUAL (write_fail, exp_write_fail); - CU_ASSERT_EQUAL (read_fail, exp_read_fail); + while (dds_time() < tend); + CU_ASSERT_EQUAL_FATAL (write_fail, exp_write_fail); + CU_ASSERT_EQUAL_FATAL (read_fail, exp_read_fail); } diff --git a/src/security/core/tests/common/test_utils.h b/src/security/core/tests/common/test_utils.h index a1c30b4..b396f60 100644 --- a/src/security/core/tests/common/test_utils.h +++ b/src/security/core/tests/common/test_utils.h @@ -50,6 +50,7 @@ struct Handshake char * err_msg; }; +void print_test_msg (const char *msg, ...); void validate_handshake(dds_domainid_t domain_id, bool exp_localid_fail, const char * exp_localid_msg, struct Handshake *hs_list[], int *nhs); void validate_handshake_nofail (dds_domainid_t domain_id); void handshake_list_fini(struct Handshake *hs_list, int nhs);