Certificate trigger and directory operations

Implement trigger of certificate and permission expiries using the timed callbacks.

Implement directory operations such that trusted CA can be read.
This implements OS abstraction functions such as opendir and stat.

Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>

src/ddsrt/CMakeLists.txt

@@ -149,7 +149,7 @@ list(APPEND sources
 # network stack. In order to mix-and-match various compilers, architectures,
 # operating systems, etc input from the build system is required.
 foreach(feature atomics cdtors environ heap ifaddrs random rusage
-        sockets string sync threads time md5 process netstat dynlib)
+        sockets string sync threads time md5 process netstat dynlib filesystem)
   if(EXISTS "${include_path}/dds/ddsrt/${feature}.h")
     list(APPEND headers "${include_path}/dds/ddsrt/${feature}.h")
     file(GLOB_RECURSE

src/ddsrt/include/dds/ddsrt/filesystem.h

@@ -0,0 +1,123 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#ifndef FILESYSTEM_H
+#define FILESYSTEM_H
+
+#include <stddef.h>
+
+#include "dds/export.h"
+#include "dds/ddsrt/retcode.h"
+#include "dds/ddsrt/time.h"
+
+#if _WIN32
+#include "dds/ddsrt/filesystem/windows.h"
+#else
+#include "dds/ddsrt/filesystem/posix.h"
+#endif
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+struct ddsrt_stat {
+  ddsrt_mode_t stat_mode;
+  size_t stat_size;
+  dds_time_t  stat_mtime;
+};
+
+
+struct ddsrt_dirent {
+    char d_name[DDSRT_PATH_MAX + 1];
+};
+
+/** \brief opendir wrapper
+ *
+ * Open the directory conform opendir
+ *
+ * Precondition:
+ *   none
+ *
+ * Possible results:
+ * - return DDS_RETCODE_OK if directory 'name' is opened
+ * - DDS_RETCODE_ERROR if 'name' could not
+ *     be found or is not a directory.
+ */
+DDS_EXPORT dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir);
+
+/** \brief closedir wrapper
+ *
+ * Close the directory conform closdir
+ *
+ * Precondition:
+ *   none
+ *
+ * Possible results:
+ * - return DDS_RETCODE_OK if directory identified by the handle
+ *     is succesfully closed
+ * - return DDS_RETCODE_ERROR if the handle is invalid.
+ */
+DDS_EXPORT dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d);
+
+/** \brief readdir wrapper
+ *
+ * Read the directory conform readdir.
+ *
+ * Precondition:
+ *   none
+ *
+ * Possible results:
+ * - return DDS_RETCODE_OK if next directory is found
+ * - return DDS_RETCODE_ERROR if no more directories are found.
+ */
+DDS_EXPORT dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp);
+
+/** \brief stat wrapper
+ *
+ * Gets directory status conform stat.
+ *
+ * Precondition:
+ *   none
+ *
+ * Possible results:
+ * - return DDS_RETCODE_OK if stat is successful
+ * - return DDS_RETCODE_ERROR if stat fails.
+ */
+DDS_EXPORT dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf);
+
+/** \brief Transforms the given filepath into a platform specific filepath.
+ *
+ * This translation function will replace any platform file seperator into
+ * the fileseperator of the current platform. Doulbe quotes are removed
+ * as well.
+ *
+ * Precondition:
+ *   none
+ *
+ * Possible results:
+ * - returns normalized filepath conform current platform
+ * - return NULL if out of memory.
+ */
+DDS_EXPORT char* ddsrt_file_normalize(const char *filepath);
+
+/** \brief Get file seperator
+ *
+ * Possible Results:
+ * - "<file-seperator-string>"
+ */
+DDS_EXPORT const char* ddsrt_file_sep(void);
+
+#if defined (__cplusplus)
+}
+#endif
+
+#endif // FILESYSTEM_H

src/ddsrt/include/dds/ddsrt/filesystem/posix.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+#ifndef DDSRT_FILESYSTEM_POSIX_H
+#define DDSRT_FILESYSTEM_POSIX_H
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <limits.h>
+
+typedef DIR *ddsrt_dir_handle_t;
+typedef mode_t ddsrt_mode_t;
+
+#define DDSRT_PATH_MAX PATH_MAX
+#define DDSRT_FILESEPCHAR '/'
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* DDSRT_FILESYSTEM_POSIX_H */

src/ddsrt/include/dds/ddsrt/filesystem/windows.h

@@ -0,0 +1,34 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+#ifndef DDSRT_FILESYSTEM_WINDOWS_H
+#define DDSRT_FILESYSTEM_WINDOWS_H
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "dds/ddsrt/types.h"
+
+typedef HANDLE ddsrt_dir_handle_t;
+typedef unsigned short ddsrt_mode_t;
+
+#define DDSRT_PATH_MAX MAX_PATH
+#define DDSRT_FILESEPCHAR '\\'
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* DDSRT_FILESYSTEM_WINDOWS_H */

src/ddsrt/src/filesystem/posix/filesystem.c

@@ -0,0 +1,116 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#include <string.h>
+
+#include "dds/ddsrt/filesystem.h"
+#include "dds/ddsrt/string.h"
+#include "dds/ddsrt/heap.h"
+
+dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir)
+{
+    dds_return_t result = DDS_RETCODE_ERROR;
+    DIR *d;
+    if (dir) {
+        d = opendir(name);
+        if (d) {
+            *dir = d;
+            result = DDS_RETCODE_OK;
+        }
+    }
+    return result;
+}
+
+dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp)
+{
+    dds_return_t result;
+    struct dirent *d_entry;
+
+    result = DDS_RETCODE_ERROR;
+    if (d && direntp) {
+        d_entry = readdir(d);
+        if (d_entry) {
+            ddsrt_strlcpy(direntp->d_name, d_entry->d_name, sizeof(direntp->d_name));
+            result = DDS_RETCODE_OK;
+        }
+    }
+
+    return result;
+}
+
+dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d)
+{
+    dds_return_t result;
+
+    result = DDS_RETCODE_ERROR;
+    if (d) {
+        if (closedir(d) == 0) {
+            result = DDS_RETCODE_OK;
+        }
+    }
+
+    return result;
+}
+
+dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf)
+{
+    dds_return_t result;
+    struct stat _buf;
+    int r;
+
+    r = stat(path, &_buf);
+    if (r == 0) {
+        buf->stat_mode = _buf.st_mode;
+        buf->stat_size = (size_t) _buf.st_size;
+        buf->stat_mtime = DDS_SECS(_buf.st_mtime);
+        result = DDS_RETCODE_OK;
+    } else {
+        result = DDS_RETCODE_ERROR;
+    }
+
+    return result;
+}
+
+char * ddsrt_file_normalize(const char *filepath)
+{
+    char *norm;
+    const char *fpPtr;
+    char *normPtr;
+
+    norm = NULL;
+    if ((filepath != NULL) && (*filepath != '\0')) {
+        norm = ddsrt_malloc(strlen(filepath) + 1);
+        /* replace any / or \ by DDSRT_FILESEPCHAR */
+        fpPtr = (char *) filepath;
+        normPtr = norm;
+        while (*fpPtr != '\0') {
+            *normPtr = *fpPtr;
+            if ((*fpPtr == '/') || (*fpPtr == '\\')) {
+                *normPtr = DDSRT_FILESEPCHAR;
+                normPtr++;
+            } else {
+                if (*fpPtr != '\"') {
+                    normPtr++;
+                }
+            }
+            fpPtr++;
+        }
+        *normPtr = '\0';
+    }
+
+    return norm;
+}
+
+const char *ddsrt_file_sep(void)
+{
+    return "/";
+}

src/ddsrt/src/filesystem/windows/filesystem.c

@@ -0,0 +1,122 @@
+/*
+ * Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
+ * v. 1.0 which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+ */
+
+#include <string.h>
+
+#include "dds/ddsrt/filesystem.h"
+#include "dds/ddsrt/string.h"
+#include "dds/ddsrt/heap.h"
+#include "dds/ddsrt/io.h"
+
+dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir)
+{
+    dds_return_t result;
+
+    TCHAR szDir[DDSRT_PATH_MAX + 1];
+    WIN32_FIND_DATA FileData;
+    HANDLE hList;
+
+    result = DDS_RETCODE_ERROR;
+    if (dir) {
+        snprintf(szDir, DDSRT_PATH_MAX, "%s\\*", name);
+        hList = FindFirstFile(szDir, &FileData);
+
+        if (hList != INVALID_HANDLE_VALUE) {
+            *dir = hList;
+            result = DDS_RETCODE_OK;
+        }
+    }
+
+    return result;
+}
+
+dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp)
+{
+    dds_return_t result;
+    WIN32_FIND_DATA FileData;
+    BOOL r;
+
+    if (direntp) {
+        r = FindNextFile(d, &FileData);
+        if (r) {
+            ddsrt_strlcpy(direntp->d_name, FileData.cFileName, sizeof(direntp->d_name));
+            result = DDS_RETCODE_OK;
+        } else {
+            result = DDS_RETCODE_ERROR;
+        }
+    } else {
+        result = DDS_RETCODE_ERROR;
+    }
+
+    return result;
+}
+
+dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d)
+{
+    FindClose(d);
+
+    return DDS_RETCODE_OK;
+}
+
+dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf)
+{
+    dds_return_t result;
+    struct _stat _buf;
+    int r;
+
+    r = _stat(path, &_buf);
+    if (r == 0) {
+        buf->stat_mode = _buf.st_mode;
+        buf->stat_size = _buf.st_size;
+        buf->stat_mtime = DDS_SECS(_buf.st_mtime);;
+        result = DDS_RETCODE_OK;
+    } else {
+        result = DDS_RETCODE_ERROR;
+    }
+
+    return result;
+}
+
+char * ddsrt_file_normalize(const char *filepath)
+{
+    char *norm;
+    const char *fpPtr;
+    char *normPtr;
+
+    norm = NULL;
+    if ((filepath != NULL) && (*filepath != '\0')) {
+        norm = ddsrt_malloc(strlen(filepath) + 1);
+        /* replace any / or \ by DDSRT_FILESEPCHAR */
+        fpPtr = (char *) filepath;
+        normPtr = norm;
+        while (*fpPtr != '\0') {
+            *normPtr = *fpPtr;
+            if ((*fpPtr == '/') || (*fpPtr == '\\')) {
+                *normPtr = DDSRT_FILESEPCHAR;
+                normPtr++;
+            } else {
+                if (*fpPtr != '\"') {
+                    normPtr++;
+                }
+            }
+            fpPtr++;
+        }
+        *normPtr = '\0';
+    }
+
+    return norm;
+}
+
+const char *ddsrt_file_sep(void)
+{
+    return "\\";
+}

src/security/builtin_plugins/access_control/src/access_control.c

@@ -26,6 +26,7 @@
 #include "access_control_utils.h"
 #include "access_control_objects.h"
 #include "access_control_parser.h"
+#include "dds/security/core/dds_security_timed_cb.h"
 
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
 #define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL);
@@ -78,9 +79,10 @@ typedef struct dds_security_access_control_impl
   struct AccessControlTable *local_permissions;
 #endif
   struct AccessControlTable *remote_permissions;
-#if TIMED_CALLBACK_IMPLEMENTED
+
-  struct ut_timed_dispatcher_t *timed_callbacks;
+  struct dds_security_timed_cb_data *timed_callbacks;
-#endif
+  struct dds_security_timed_dispatcher_t *dispatcher;
+
 } dds_security_access_control_impl;
 
 static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name,
@@ -105,9 +107,7 @@ static struct topic_rule *find_topic_from_domain_rule(struct domain_rule *domain
 static DDS_Security_boolean domainid_within_sets(struct domain_id_set *domain, int domain_id);
 static DDS_Security_boolean compare_class_id_plugin_classname(DDS_Security_string class_id_1, DDS_Security_string class_id_2);
 static DDS_Security_boolean compare_class_id_major_ver(DDS_Security_string class_id_1, DDS_Security_string class_id_2);
-#if TIMED_CALLBACK_IMPLEMENTED
+static void add_validity_end_trigger(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, dds_time_t end);
-  static void add_validity_end_trigger(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, dds_time_t end);
-#endif
 static DDS_Security_boolean is_allowed_by_permissions(struct permissions_parser *permissions, int domain_id, const char *topic_name, const DDS_Security_PartitionQosPolicy *partitions,
     const char *identity_subject_name, permission_criteria_type criteria_type, DDS_Security_SecurityException *ex);
 static void sanity_check_local_access_rights(local_participant_access_rights *rights);
@@ -168,10 +168,8 @@ validate_local_permissions(
   {
     assert (rights->permissions_expiry != DDS_TIME_INVALID);
 
-#if TIMED_CALLBACK_IMPLEMENTED
     if (rights->permissions_expiry != 0)
       add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry);
-#endif
   }
 
   return permissions_handle;
@@ -232,10 +230,8 @@ validate_remote_permissions(
 
   permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights);
 
-#if TIMED_CALLBACK_IMPLEMENTED
   if (permissions_handle != DDS_SECURITY_HANDLE_NIL)
     add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry);
-#endif
 
   if (remote_rights)
     access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights);
@@ -926,16 +922,12 @@ set_listener(dds_security_access_control *instance,
              DDS_Security_SecurityException *ex)
 {
   DDSRT_UNUSED_ARG(ex);
-#if TIMED_CALLBACK_IMPLEMENTED
+
   dds_security_access_control_impl *ac = (dds_security_access_control_impl *)instance;
   if (listener)
-    ut_timed_dispatcher_enable(ac->timed_callbacks, (void *)listener);
+    dds_security_timed_dispatcher_enable(ac->timed_callbacks, ac->dispatcher, (void *)listener);
   else
-    ut_timed_dispatcher_disable(ac->timed_callbacks);
+    dds_security_timed_dispatcher_disable(ac->timed_callbacks, ac->dispatcher);
-#else
-  DDSRT_UNUSED_ARG(instance);
-  DDSRT_UNUSED_ARG(listener);
-#endif
 
   return true;
 }
@@ -1490,9 +1482,9 @@ int init_access_control(const char *argument, void **context)
   dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control));
   memset(access_control, 0, sizeof(*access_control));
 
-#if TIMED_CALLBACK_IMPLEMENTED
+
-  access_control->timed_callbacks = ut_timed_dispatcher_new();
+  access_control->timed_callbacks = dds_security_timed_cb_new();
-#endif
+  access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks);
   access_control->base.validate_local_permissions = &validate_local_permissions;
   access_control->base.validate_remote_permissions = &validate_remote_permissions;
   access_control->base.check_create_participant = &check_create_participant;
@@ -1875,7 +1867,6 @@ find_remote_permissions_by_permissions_handle(
   return (remote_participant_access_rights *)args.object;
 }
 
-#if TIMED_CALLBACK_IMPLEMENTED
 
 typedef struct
 {
@@ -1884,15 +1875,17 @@ typedef struct
 } validity_cb_info;
 
 static void
-validity_callback(struct ut_timed_dispatcher_t *d,
+validity_callback(struct dds_security_timed_dispatcher_t *d,
-                  ut_timed_cb_kind kind,
+                  dds_security_timed_cb_kind kind,
                   void *listener,
                   void *arg)
 {
   validity_cb_info *info = arg;
+
+  DDSRT_UNUSED_ARG(d);
   assert(d);
   assert(arg);
-  if (kind == UT_TIMED_CB_KIND_TIMEOUT)
+  if (kind == DDS_SECURITY_TIMED_CB_KIND_TIMEOUT)
   {
     assert(listener);
     if (1 /* TODO: Check if hdl is still valid or if it has been already returned. */)
@@ -1913,9 +1906,8 @@ add_validity_end_trigger(dds_security_access_control_impl *ac,
   validity_cb_info *arg = ddsrt_malloc(sizeof(validity_cb_info));
   arg->ac = ac;
   arg->hdl = permissions_handle;
-  ut_timed_dispatcher_add(ac->timed_callbacks, validity_callback, end, (void *)arg);
+  dds_security_timed_dispatcher_add(ac->timed_callbacks, ac->dispatcher, validity_callback, end, (void *)arg);
 }
-#endif
 
 static DDS_Security_boolean
 is_allowed_by_permissions(struct permissions_parser *permissions,
@@ -2465,9 +2457,10 @@ int finalize_access_control(void *context)
   dds_security_access_control_impl *access_control = context;
   if (access_control)
   {
-#if TIMED_CALLBACK_IMPLEMENTED
+
-    ut_timed_dispatcher_free(access_control->timed_callbacks);
+    dds_security_timed_dispatcher_free(access_control->timed_callbacks, access_control->dispatcher);
-#endif
+    dds_security_timed_cb_free(access_control->timed_callbacks);
+
     access_control_table_free(access_control->remote_permissions);
 #ifdef ACCESS_CONTROL_USE_ONE_PERMISSION
     if (access_control->local_access_rights)

src/security/builtin_plugins/authentication/src/auth_utils.c

@@ -30,6 +30,8 @@
 #include <openssl/rand.h>
 #include "dds/ddsrt/time.h"
 #include "dds/ddsrt/heap.h"
+#include "dds/ddsrt/filesystem.h"
+#include "dds/ddsrt/retcode.h"
 #include "dds/security/dds_security_api_defs.h"
 #include "dds/security/core/dds_security_utils.h"
 #include <assert.h>
@@ -47,11 +49,11 @@
 #include "dds/ddsrt/heap.h"
 #include "dds/ddsrt/atomics.h"
 #include "dds/ddsrt/string.h"
+#include "dds/ddsrt/io.h"
 #include "dds/security/core/dds_security_utils.h"
 #include <string.h>
 #include "auth_utils.h"
 
-
 #define MAX_TRUSTED_CA 100
 
 char *
@@ -1190,40 +1192,29 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
 
 
     DDS_Security_ValidationResult_t loading_result = DDS_RETCODE_OK;
-    DDSRT_UNUSED_ARG( ca_list );
-    DDSRT_UNUSED_ARG( trusted_ca_dir );
-    DDSRT_UNUSED_ARG( ex );
-/* TODO: Trusted CA directory tracing function should be ported */
-/* TODO: MAX_TRUSTED_CA limitation will be removed */
-#ifdef TRUSTED_CA_LIST_IMPLEMENTED
 
-    os_result        r;
+    dds_return_t        r;
-    os_dirHandle     d_descr;
+    ddsrt_dir_handle_t     d_descr;
-    struct os_dirent d_entry;
+    struct ddsrt_dirent d_entry;
-    struct os_stat_s status;
+    struct ddsrt_stat status;
     char *full_file_path;
     char *trusted_ca_dir_normalized;
 
     X509 *ca_buffer_array[MAX_TRUSTED_CA]; /*max trusted CA size */
     unsigned ca_buffer_array_size=0;
     unsigned i;
-    trusted_ca_dir_normalized  = os_fileNormalize(trusted_ca_dir);
+    trusted_ca_dir_normalized  = ddsrt_file_normalize(trusted_ca_dir);
 
-    r = os_opendir(trusted_ca_dir_normalized, &d_descr);
+    r = ddsrt_opendir(trusted_ca_dir_normalized, &d_descr);
     ddsrt_free ( trusted_ca_dir_normalized );
-
+    if (r == DDS_RETCODE_OK && ca_buffer_array_size < MAX_TRUSTED_CA) { /* accessable */
-    if (r == os_resultSuccess && ca_buffer_array_size < MAX_TRUSTED_CA) { /* accessable */
+        r = ddsrt_readdir(d_descr, &d_entry);
-        r = os_readdir(d_descr, &d_entry);
+        while (r == DDS_RETCODE_OK) {
-        while (r == os_resultSuccess) {
+            ddsrt_asprintf(&full_file_path, "%s%s%s", trusted_ca_dir, ddsrt_file_sep(), d_entry.d_name);
-            full_file_path = (char*) ddsrt_malloc(strlen(trusted_ca_dir) + strlen(os_fileSep()) + strlen(d_entry.d_name) + strlen(os_fileSep()) + 1 );
+            if (ddsrt_stat (full_file_path, &status) == DDS_RETCODE_OK) { /* accessable */
-            ddsrt_strcpy(full_file_path, trusted_ca_dir);
-            ddsrt_strcat(full_file_path, os_fileSep());
-            ddsrt_strcat(full_file_path, d_entry.d_name);
-
-            if (os_stat (full_file_path, &status) == os_resultSuccess) { /* accessable */
                 if ((strcmp(d_entry.d_name, ".") != 0) &&
                     (strcmp(d_entry.d_name, "..") != 0)) {
-                    char * filename = os_fileNormalize(full_file_path);
+                    char * filename = ddsrt_file_normalize(full_file_path);
 
                     if(filename){
                         X509 *identityCA;
@@ -1239,26 +1230,26 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
                     }
                 }
             }
-            r = os_readdir(d_descr, &d_entry);
+            r = ddsrt_readdir(d_descr, &d_entry);
 
             ddsrt_free(full_file_path);
         }
 
-        os_closedir (d_descr);
+        ddsrt_closedir (d_descr);
 
         /* deallocate given ca_list if it is not NULL */
         free_ca_list_contents(ca_list);
 
         /*copy CAs to out parameter as HASH*/
         if( ca_buffer_array_size > 0 ){
-            ca_list->_buffer = ddsrt_malloc( ca_buffer_array_size * sizeof(X509 * ) );
+            ca_list->buffer = ddsrt_malloc( ca_buffer_array_size * sizeof(X509 * ) );
             for (i = 0; i < ca_buffer_array_size; ++i) {
-                ca_list->_buffer[i] = ca_buffer_array[i];
+                ca_list->buffer[i] = ca_buffer_array[i];
 
             }
 
         }
-        ca_list->_length = ca_buffer_array_size;
+        ca_list->length = ca_buffer_array_size;
 
         return DDS_SECURITY_VALIDATION_OK;
 
@@ -1267,7 +1258,6 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
         DDS_Security_Exception_set(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_CODE, 0, DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_MESSAGE);
         return DDS_SECURITY_VALIDATION_FAILED;
     }
-#endif
 
     return loading_result;
 }

src/security/builtin_plugins/authentication/src/authentication.c

@@ -22,6 +22,7 @@
 #include "authentication.h"
 #include "dds/ddsrt/heap.h"
 #include "dds/security/dds_security_api.h"
+#include "dds/security/core/dds_security_timed_cb.h"
 
 
 #if OPENSLL_VERSION_NUMBER >= 0x10002000L
@@ -202,7 +203,8 @@ typedef struct dds_security_authentication_impl {
     ddsrt_mutex_t lock;
     struct ddsrt_hh *objectHash;
     struct ddsrt_hh *remoteGuidHash;
-    struct ut_timed_dispatcher_t *timed_callbacks;
+    struct dds_security_timed_cb_data *timed_callbacks;
+    struct dds_security_timed_dispatcher_t *dispatcher;
     X509Seq trustedCAList;
 
 
@@ -844,22 +846,19 @@ hash_value_to_binary_property(
     return bp;
 }
 
-
-/* Will be enabled after timed callback feature implementation */
-#if TIMED_CALLBACK_IMPLEMENTED
-
 static void
-validity_callback(struct ut_timed_dispatcher_t *d,
+validity_callback(struct dds_security_timed_dispatcher_t *d,
-                  ut_timed_cb_kind kind,
+                  dds_security_timed_cb_kind kind,
                   void *listener,
                   void *arg)
 {
     validity_cb_info *info = arg;
 
+    DDSRT_UNUSED_ARG(d);
     assert(d);
     assert(arg);
 
-    if (kind == UT_TIMED_CB_KIND_TIMEOUT) {
+    if (kind == DDS_SECURITY_TIMED_CB_KIND_TIMEOUT) {
         assert(listener);
         dds_security_authentication_listener *auth_listener = (dds_security_authentication_listener*)listener;
         if (auth_listener->on_revoke_identity) {
@@ -872,26 +871,19 @@ validity_callback(struct ut_timed_dispatcher_t *d,
     ddsrt_free(arg);
 }
 
-#endif
 
 static void
 add_validity_end_trigger(dds_security_authentication_impl *auth,
                          const DDS_Security_IdentityHandle identity_handle,
                          dds_time_t end)
 {
-    DDSRT_UNUSED_ARG( auth );
-    DDSRT_UNUSED_ARG( identity_handle );
-    DDSRT_UNUSED_ARG( end );
-    /* Will be enabled after timed call back feature implementation */
-    /*
     validity_cb_info *arg = ddsrt_malloc(sizeof(validity_cb_info));
     arg->auth = auth;
     arg->hdl = identity_handle;
-    ut_timed_dispatcher_add(auth->timed_callbacks,
+    dds_security_timed_dispatcher_add(auth->timed_callbacks, auth->dispatcher,
                             validity_callback,
                             end,
                             (void*)arg);
-                            */
 }
 
 
@@ -3170,18 +3162,14 @@ DDS_Security_boolean set_listener(dds_security_authentication *instance,
 {
     dds_security_authentication_impl *auth = (dds_security_authentication_impl*)instance;
 
-    DDSRT_UNUSED_ARG(auth);
-    DDSRT_UNUSED_ARG(listener);
     DDSRT_UNUSED_ARG(ex);
 
-    /* Will be enabled after timed call back feature implementation */
-#if TIMED_CALLBACK_IMPLEMENTED
     if (listener) {
-        ut_timed_dispatcher_enable(auth->timed_callbacks, (void*)listener);
+        dds_security_timed_dispatcher_enable(auth->timed_callbacks, auth->dispatcher, (void*)listener);
     } else {
-        ut_timed_dispatcher_disable(auth->timed_callbacks);
+        dds_security_timed_dispatcher_disable(auth->timed_callbacks, auth->dispatcher);
     }
-#endif
+
     return true;
 }
 
@@ -3398,8 +3386,8 @@ init_authentication( const char *argument, void **context)
     memset(authentication, 0, sizeof(dds_security_authentication_impl));
 
     /* assign dispatcher to be notified when a validity date ends */
-    /* Disable it until timed callback is ready */
+    authentication->timed_callbacks = dds_security_timed_cb_new();
-    /*authentication->timed_callbacks = ut_timed_dispatcher_new(); */
+    authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks);
 
     /* assign the interface functions */
     authentication->base.validate_local_identity = &validate_local_identity;
@@ -3474,8 +3462,9 @@ int32_t finalize_authentication(void *instance)
     if( authentication ){
         ddsrt_mutex_lock(&authentication->lock);
 
-        /* Will be enabled after timed call back feature implementation */
+        dds_security_timed_dispatcher_free(authentication->timed_callbacks, authentication->dispatcher);
-        /* ut_timed_dispatcher_free(authentication->timed_callbacks); */
+        dds_security_timed_cb_free(authentication->timed_callbacks);
+
         if (authentication->remoteGuidHash) {
             ddsrt_hh_free(authentication->remoteGuidHash);
         }

src/security/builtin_plugins/tests/CMakeLists.txt

@@ -21,6 +21,8 @@ set(security_auth_test_sources
     "validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c"
     "validate_local_identity/src/validate_local_identity_utests.c"
     "validate_remote_identity/src/validate_remote_identity_utests.c"
+    "listeners_authentication/src/listeners_authentication_utests.c"
+    "listeners_access_control/src/listeners_access_control_utests.c"
 )
 
 set(security_ac_test_sources
@@ -74,6 +76,7 @@ if(OPENSSL_FOUND)
 target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_ac)
 target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto)
   target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL)
+
 else()
   message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON")
 endif()
@@ -92,5 +95,8 @@ target_include_directories(
 
 
 set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}")
+set(CUnit_build_dir "${CMAKE_CURRENT_BINARY_DIR}")
 
 configure_file("config_env.h.in" "config_env.h")
+
+

src/security/builtin_plugins/tests/config_env.h.in

@@ -13,5 +13,6 @@
 #define CONFIG_ENV_H
 
 #define CONFIG_ENV_TESTS_DIR           "@CUnit_builtin_plugins_tests_dir@"
+#define CONFIG_ENV_BUILD_DIR           "@CUnit_build_dir@"
 
 #endif /* CONFIG_ENV_H */

src/security/builtin_plugins/tests/listeners_access_control/etc/Test_Permissions_listener.p7s

@@ -1,51 +0,0 @@
-MIME-Version: 1.0
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----3900963D3572093F6AEC654A72CAEE5A"
-
-This is an S/MIME signed message
-
-------3900963D3572093F6AEC654A72CAEE5A
-Content-Type: text/plain
-
-<?xml version="1.0" encoding="utf-8"?>                                    <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"                                                                xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">          <permissions>                                                                                                               <grant name="DEFAULT_PERMISSIONS">                                                                                        <subject_name>/C=NL/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CHAM500 cert</subject_name>                                                                                           <validity>                                                                                                                  <not_before>2015-09-15T01:00:00</not_before>                                                                            <not_after>2019-11-18T11:48:49</not_after>                                                                          </validity>                                                                                                             <deny_rule>                                                                                                                <domains>                                                                                                                   <id_range>                                                                                                                  <min>0</min>                                                                                                            <max>230</max>                                                                                                      </id_range>                                                                                                         </domains>                                                                                                              <publish>                                                                                                                   <topics>                                                                                                                    <topic>*</topic>                                                                                                    </topics>                                                                                                               <partitions/>                                                                                                       </publish>                                                                                                              <subscribe>                                                                                                                 <topics>                                                                                                                    <topic>*</topic>                                                                                                    </topics>                                                                                                               <partitions/>                                                                                                       </subscribe>                                                                                                       </deny_rule>                                                                                                           <default>DENY</default>                                                                                             </grant>                                                                                                            </permissions>                                                                                                      </dds>                                  
-------3900963D3572093F6AEC654A72CAEE5A
-Content-Type: application/x-pkcs7-signature; name="smime.p7s"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7s"
-
-MIIGSAYJKoZIhvcNAQcCoIIGOTCCBjUCAQExDzANBglghkgBZQMEAgEFADALBgkq
-hkiG9w0BBwGgggORMIIDjTCCAnWgAwIBAgIJANsr3sm0NrypMA0GCSqGSIb3DQEB
-CwUAMFwxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApTb21lLVN0YXRlMR8wHQYDVQQK
-DBZBRExJTksgVGVjaG5vbG9jeSBJbmMuMRcwFQYDVQQDDA5hZGxpbmt0ZWNoLmNv
-bTAgFw0xODA3MzAxMjQ1NTVaGA8yMTE4MDcwNjEyNDU1NVowXDELMAkGA1UEBhMC
-TkwxEzARBgNVBAgMClNvbWUtU3RhdGUxHzAdBgNVBAoMFkFETElOSyBUZWNobm9s
-b2N5IEluYy4xFzAVBgNVBAMMDmFkbGlua3RlY2guY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAu7jfnJ0wYVuXgG+PgNawdN38+dRpa8jceqi+blID
-ehV6XCxrnGXusTCDuFmo7HMOBVMVNDXlcBWgoGd+u5EultnOEiIeGTgtHc1O6V9w
-icp3BGSpZZax/TcONjMVORaqHCADbQ2J8wsz1FHxuKDwX6BJElYOlK77lb/x3yLs
-DFFC+a0qn2RFh37rcWBRAHy8VEASXKZElT9ZmfKd+KUq34KojhNJ4DepKStTq074
-BRDXVivx+wVD951LFNPiQXq+mgHcLj1k37KlZflTFhdP5oEMtATNsXNJPHlEymiy
-SogRWAmKhysLQudukHfNKN+r0FEQMk/hzpYcFeZSOvbfNQIDAQABo1AwTjAdBgNV
-HQ4EFgQURWMbWvBKZwJvRV1/tyc1R82k0+gwHwYDVR0jBBgwFoAURWMbWvBKZwJv
-RV1/tyc1R82k0+gwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPF+
-ysVtvHnk2hpu9yNDLCJ96ZzIoKOyY7uRj4ovzlAHFdpNOJQdcJihTmN8i7Trht9X
-Vh0rGoR/6nHzo3TIeiogRC80RlDtuA3PF2dDQBMVDStlZMTZPb693hfjdAjhyyw9
-yghhKHHqNDvSsAL0KfBqjG4yGfGpJylYXIT5fWuKlo/ln/yyPa5s54T5XDo+CMbt
-lLX3QnwVOmaRyzylPiTcPCDIkdLBdXmlfyJcmW6fWa6kPx+35MOxPsXZbujCo+42
-+OyLqcH1rKT6XhcshjXBEf+kdgUfSClrM1pNRWsw2ChIYim0F+nry5JFy0Y+8Hbb
-6SDB340BFmtgDHbFHTGCAnswggJ3AgEBMGkwXDELMAkGA1UEBhMCTkwxEzARBgNV
-BAgMClNvbWUtU3RhdGUxHzAdBgNVBAoMFkFETElOSyBUZWNobm9sb2N5IEluYy4x
-FzAVBgNVBAMMDmFkbGlua3RlY2guY29tAgkA2yveybQ2vKkwDQYJYIZIAWUDBAIB
-BQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
-MTkxMTE4MTE0ODQ4WjAvBgkqhkiG9w0BCQQxIgQgaLNNlFwfVR0PrziT9wCAy5bM
-qCZJX9yO3xJgut3/o7EweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJ
-YIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC
-AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI
-hvcNAQEBBQAEggEAWCFrUIvdYKBeT0lmpkRdmYJuvdmQ/Ro7k9iyreVofpB1/70B
-hVOEeRjrlmhv/TUjSgQyli56wmXFmexcNRzSzpPNycz0gjwP9kX5BMnhAkKd08fC
-4rgoirScmNxvxEkj5+wyq7s7rBEJOgVQ9ofwiZXEBVDMVvW2ENZhVF3FyoNulDQe
-6BjXkuLw/QrJLWjywPy5naSSda2T7V3+Ssdu5/2vEjXPIJMM+xPOCaqGHJsSb72s
-KiP48jZ95Wruvj3QAlpGxDaazWPTgn7tfThYrY3Kgiz5zyZM7FhFyIqxRF/89Ngo
-hbu2mWzcXFF7wBLy+CvK5Foajro9t/PzD8uNuA==
-
-------3900963D3572093F6AEC654A72CAEE5A--
-

src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c

@@ -215,6 +215,7 @@ static DDS_Security_PermissionsHandle local_permissions_handle = DDS_SECURITY_HA
 static DDS_Security_PermissionsHandle remote_permissions_handle = DDS_SECURITY_HANDLE_NIL;
 static DDS_Security_GUID_t local_participant_guid;
 static char *g_path_to_etc_dir = NULL;
+static char *g_path_build_dir = NULL;
 static DDS_Security_PermissionsHandle permission_handle_for_callback1 = DDS_SECURITY_HANDLE_NIL;
 static DDS_Security_PermissionsHandle permission_handle_for_callback2 = DDS_SECURITY_HANDLE_NIL;
 static dds_time_t local_expiry_date;
@@ -251,14 +252,16 @@ static void reset_exception(DDS_Security_SecurityException *ex)
 static void get_future_xsdate(char *str, size_t len, int32_t delta)
 {
   time_t rawtime;
-  struct tm *future;
+  struct tm *future = ddsrt_malloc(sizeof(struct tm));
 
   /* Get future time. */
   rawtime = time(NULL) + delta;
-  future = gmtime(&rawtime);
+  OPENSSL_gmtime(&rawtime, future);
 
   /* Put the future time in a xsDate format. */
   strftime(str, len, "%Y-%m-%dT%H:%M:%S", future);
+
+  ddsrt_free(future);
 }
 
 static int smime_sign(const char *certificate_file, const char *key_file, const char *data, const char *out_file)
@@ -345,7 +348,7 @@ static void fill_participant_qos(DDS_Security_Qos *qos, int32_t permission_expir
 
   ddsrt_asprintf(&permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
   ddsrt_asprintf(&permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
-  ddsrt_asprintf(&permissions_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_FILE);
+  ddsrt_asprintf(&permissions_file, "%s%s", g_path_build_dir, PERMISSIONS_FILE);
 
   smime_sign(permissions_ca_cert_file, permissions_ca_key_file, permissions_xml_with_expiry, permissions_file);
 
@@ -407,9 +410,9 @@ static int fill_peer_credential_token(DDS_Security_AuthenticatedPeerCredentialTo
   remote_expiry_date = DDS_Security_parse_xml_date(permission_expiry_date_str);
   permissions_xml_with_expiry = ddsrt_str_replace(PERMISSIONS_DOCUMENT, "PERMISSION_EXPIRY_DATE", permission_expiry_date_str, 1);
 
-  ddsrt_asprintf(permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
+  ddsrt_asprintf(&permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
-  ddsrt_asprintf(permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
+  ddsrt_asprintf(&permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
-  ddsrt_asprintf(permissions_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_FILE);
+  ddsrt_asprintf(&permissions_file, "%s%s", g_path_build_dir, PERMISSIONS_FILE);
 
   smime_sign(permissions_ca_cert_file, permissions_ca_key_file, permissions_xml_with_expiry, permissions_file);
 
@@ -531,17 +534,29 @@ static void set_path_to_etc_dir(void)
 {
   ddsrt_asprintf(&g_path_to_etc_dir, "%s%s", CONFIG_ENV_TESTS_DIR, RELATIVE_PATH_TO_ETC_DIR);
 }
-
+static void set_path_build_dir(void)
-static void suite_listeners_access_control_init(void)
 {
-  plugins = load_plugins(&access_control, &auth, NULL /* Cryptograpy */);
+  ddsrt_asprintf(&g_path_build_dir, "%s/", CONFIG_ENV_BUILD_DIR);
-  CU_ASSERT_FATAL(plugins != NULL);
-  set_path_to_etc_dir();
-  OpenSSL_add_all_algorithms();
-  ERR_load_crypto_strings();
 }
 
-static void suite_listeners_access_control_fini(void)
+CU_Init(ddssec_builtin_listeners_access_control)
+{
+  int res = 0;
+
+  plugins = load_plugins(&access_control, &auth, NULL /* Cryptograpy */);
+  if (!plugins) {
+    res = -1;
+  } else {
+    set_path_to_etc_dir();
+    set_path_build_dir();
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+  }
+
+  return res;
+}
+
+CU_Clean(ddssec_builtin_listeners_access_control)
 {
   unload_plugins(plugins);
   ddsrt_free(g_path_to_etc_dir);
@@ -549,6 +564,8 @@ static void suite_listeners_access_control_fini(void)
   CRYPTO_cleanup_all_ex_data();
   REMOVE_THREAD_STATE();
   ERR_free_strings();
+
+  return 0;
 }
 
 static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control_listener *instance, const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle)
@@ -559,11 +576,11 @@ static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control
     permission_handle_for_callback1 = handle;
   else if (permission_handle_for_callback2 == DDS_SECURITY_HANDLE_NIL)
     permission_handle_for_callback2 = handle;
-  printf("Listener called for handle: %lld  Local:%ld Remote:%ld\n", (long long)handle, local_permissions_handle, remote_permissions_handle);
+  printf("Listener called for handle: %lld  Local:%lld Remote:%lld\n", (long long)handle, (long long)local_permissions_handle, (long long)remote_permissions_handle);
   return true;
 }
 
-CU_Test(ddssec_builtin_listeners_access_control, local_2secs, .init = suite_listeners_access_control_init, .fini = suite_listeners_access_control_fini)
+CU_Test(ddssec_builtin_listeners_access_control, local_2secs)
 {
   DDS_Security_PermissionsHandle result;
   DDS_Security_PermissionsToken permissions_token;

src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Governance.p7s

@@ -0,0 +1,120 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----8F2D5CA80FE8B4509AF031712E008F0E"
+
+This is an S/MIME signed message
+
+------8F2D5CA80FE8B4509AF031712E008F0E
+Content-Type: text/plain
+
+<?xml version="1.0" encoding="utf-8"?>
+<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_governance.xsd">
+    <domain_access_rules>
+        <domain_rule>
+            <domains>
+                <!-- All domains -->
+                <id_range>
+                    <min>0</min>
+                    <max>230</max>
+                </id_range>
+            </domains>
+
+            <!-- DomainParticipant that cann not authenticate or fail the authentication should be
+                 allowed to join the domain and see any any discovery data that are configured as "unprotected"
+                 and topics that are configured as "unprotected" -->
+            <allow_unauthenticated_participants>true</allow_unauthenticated_participants>
+
+            <!--  Only and any authenticated DomainParticipant should be allowed to join the domain and
+                  see the discovery data without checking access control  -->
+            <enable_join_access_control>true</enable_join_access_control>
+
+            <!-- Discovery information should be protected with encryption followed by MAC (Message Authentication Codes) -->
+            <discovery_protection_kind>ENCRYPT</discovery_protection_kind>
+
+            <!--  Liveliness messages are also encrypted -->
+            <liveliness_protection_kind>ENCRYPT</liveliness_protection_kind>
+
+            <!-- Whole RTPS message is not protected -->
+            <rtps_protection_kind>ENCRYPT</rtps_protection_kind>
+
+            <topic_access_rules>
+                <topic_rule>
+                    <!-- All (non-builtin) topics -->
+                    <topic_expression>*</topic_expression>
+
+                    <!-- Liveliness QoS data is protected -->
+                    <enable_liveliness_protection>true</enable_liveliness_protection>
+
+                    <!-- The discovery information on specific Topics should be sent
+                         using the secure (protected) discovery writers -->
+                    <enable_discovery_protection>true</enable_discovery_protection>
+
+                    <!-- The read access to all topics should be open to all. -->
+                    <enable_read_access_control>true</enable_read_access_control>
+
+                    <!-- The write access to all topics should be open to all. -->
+                    <enable_write_access_control>true</enable_write_access_control>
+
+                    <!-- Whole RTPS sub-message is protected. This includes metadata information
+                         like sequence numbers, heartbeats, key hashes, gaps,
+                         acknowledgment messages, etc. It also includes th possible payload. -->
+                    <metadata_protection_kind>ENCRYPT</metadata_protection_kind>
+
+                    <!-- The payload data sent on the Topic (serialized application level data) should be
+                         protected with Encrypt then MAC. -->
+                    <data_protection_kind>ENCRYPT</data_protection_kind>
+                </topic_rule>
+            </topic_access_rules>
+        </domain_rule>
+    </domain_access_rules>
+</dds>
+
+------8F2D5CA80FE8B4509AF031712E008F0E
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
+hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
+CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
+aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
+A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
+UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
+aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
+MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
+bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
+RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
+c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
+bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
+h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
+v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
+pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
+iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
+LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
+ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
+MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
+89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
+zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
+IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
+gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
+h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
+1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
+eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
+BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
+cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
+bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
+9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
+MC8GCSqGSIb3DQEJBDEiBCCAw/IHksMBWVnBQEtBoPLvJ1B+9IvOrQ4OkihJ6q0v
+ijB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
+YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
+AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAd
+j3vO63v4bBbNhE0wZ8gWPHFfJsZO4JUu+ZzJ08hO1fku07Q13medyyp1+6jeZWoV
+rCqQbG37xL1dx023wsRu+mYPSgEtIx2zBGW8ADk2qEIGAVPUPGUiVXl6+7esAmnP
+AFDrt3Qp6nEZIr7iQ6i+4WW3kWM3o9C1ghSz4tVBjP9El5/yrux2mo5DTSeB8QMR
+npMNgwgatwAxTwUrBpQj0FE5NUDm21OT1VwlUAGTHz6m5npw92p6qvQxFYufRzWj
+XoADdJW0qgfbL00Gvoimi2K21cSUqiYcKU06eQeCkrLXyjif2JlFdKXvODwlydOy
+dtwcKpPKVKgBI01+5Imf
+
+------8F2D5CA80FE8B4509AF031712E008F0E--
+

src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Permissions_Alice.p7s

@@ -0,0 +1,98 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----51AB97062CF028E6EBDDAA31699954BC"
+
+This is an S/MIME signed message
+
+------51AB97062CF028E6EBDDAA31699954BC
+Content-Type: text/plain
+
+<?xml version="1.0" encoding="utf-8"?>
+<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
+    <permissions>
+        <grant name="OpenSplicePermissions">
+            <subject_name>/C=NL/ST=OV/L=Locality Name/OU=Organizational Unit Name/O=Example Organization/CN=Alice Example/emailAddress=alice@exampleltd.com</subject_name>
+            <validity>
+                <!-- Format is CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] in GMT -->
+                <not_before>2015-09-15T01:00:00</not_before>
+                <not_after>2115-09-15T01:00:00</not_after>
+            </validity>
+            <allow_rule>
+                <domains>
+                  <id_range>
+                    <min>0</min>
+                    <max>230</max>
+                  </id_range>
+                </domains>
+                <publish>
+                    <topics>
+                        <topic>*</topic>
+                    </topics>
+                    <partitions>
+                        <partition>*</partition>
+                    </partitions>
+                </publish>
+                <subscribe>
+                    <topics>
+                        <topic>*</topic>
+                    </topics>
+                    <partitions>
+                        <partition>*</partition>
+                    </partitions>
+                    
+                </subscribe>
+            </allow_rule>
+            <default>DENY</default>
+        </grant>
+    </permissions>
+</dds>
+
+------51AB97062CF028E6EBDDAA31699954BC
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
+hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
+CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
+aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
+A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
+UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
+aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
+MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
+bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
+RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
+c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
+bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
+h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
+v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
+pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
+iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
+LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
+ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
+MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
+89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
+zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
+IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
+gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
+h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
+1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
+eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
+BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
+cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
+bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
+9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
+MC8GCSqGSIb3DQEJBDEiBCAX5wSM0Og83gWKRmru9iCOm8h85e9oZ7rBebmSbLVN
+1TB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
+YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
+AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAT
+QZbljrtQs/FcBUJBYoenquAQ5++twy5LE6A06dASaHFDxSxPsAe0KBl9EWJzE59X
+4k73u+4bJZiuLHUPztuXIUt3gEKM72DDT+ET/13dWdM2vtITW6HZ27nvkngE35cc
+kdUqkLyeM5dzsSDpr3Ba8epulThlwl7bw9dUd2FUOBCc266da+q1lcChjwfC5GBu
+GB7oWODhSAk6L9dici8w5q9ybygBkFJHXTZVtsXQWuNmDtXWB2ury++WQlvtNK0s
+aF+dtQlyEx2vvi5tV195vncAt514uHJ9optdEbaIyMo51G53QD0Cq62QhuFusug0
+nz2pgcEZ35JCd4gESMkL
+
+------51AB97062CF028E6EBDDAA31699954BC--
+

src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Permissions_Bob.p7s

@@ -0,0 +1,98 @@
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----EDFB3CE1089204FED046E2D32968C669"
+
+This is an S/MIME signed message
+
+------EDFB3CE1089204FED046E2D32968C669
+Content-Type: text/plain
+
+<?xml version="1.0" encoding="utf-8"?>
+<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
+    <permissions>
+        <grant name="OpenSplicePermissions">
+            <subject_name>/C=NL/ST=OV/L=Locality Name/OU=Organizational Unit Name/O=Example Organization/CN=Bob Example/emailAddress=bob@exampleltd.com</subject_name>
+            <validity>
+                <!-- Format is CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] in GMT -->
+                <not_before>2015-09-15T01:00:00</not_before>
+                <not_after>2115-09-15T01:00:00</not_after>
+            </validity>
+            <allow_rule>
+                <domains>
+                  <id_range>
+                    <min>0</min>
+                    <max>230</max>
+                  </id_range>
+                </domains>
+                <publish>
+                    <topics>
+                        <topic>*</topic>
+                    </topics>
+                    <partitions>
+                        <partition>*</partition>
+                    </partitions>
+                </publish>
+                <subscribe>
+                    <topics>
+                        <topic>*</topic>
+                    </topics>
+                    <partitions>
+                        <partition>*</partition>
+                    </partitions>
+                    
+                </subscribe>
+            </allow_rule>
+            <default>DENY</default>
+        </grant>
+    </permissions>
+</dds>
+
+------EDFB3CE1089204FED046E2D32968C669
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
+hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
+CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
+aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
+A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
+UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
+aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
+MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
+bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
+RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
+c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
+bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
+h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
+v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
+pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
+iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
+LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
+ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
+MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
+89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
+zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
+IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
+gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
+h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
+1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
+eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
+BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
+cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
+bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
+9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
+MC8GCSqGSIb3DQEJBDEiBCCEqUh7CpMRXpSMDeuCmSMz+I6WXjXpO2HRkCdRSczj
+1TB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
+YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
+AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAL
+ExoTydhBE/8GgnqGp39cRVQ0Z1YIc55uACZK1V37R2b8rY4upLA7iHyzCBXQOwCz
+mhjHfaNdW8twWru34EvD17RTfk49Lvmge4ceipgmqKwGVyTO57P5xzDaC+2F2KEi
++s6/YWIslixMhlQyuxZsmQDbRWcmQ1FRy7LJ80cctlDA44IviaEfv/u2+sqJgPNL
+Z5AHMEv/qceKjtm/Wh7sdFhjfM4ZnfUWFB6Ni/sdNSmO9O3j9OHfpkzMJHxM4B5r
+G5pMNDn2xibxwlx41he7mfENIjuk4Z3VDaTCTs++8GyivvvsCZSVimd0iuI1kVmd
+JL58DFeKqgEZ358rN9/5
+
+------EDFB3CE1089204FED046E2D32968C669--
+

src/security/builtin_plugins/tests/listeners_authentication/etc/Identity_CA_Cert.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEOTCCAyGgAwIBAgIJAPq0b61+PT2WMA0GCSqGSIb3DQEBCwUAMIGyMQswCQYD
+VQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAf
+BgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEaMBgGA1UECgwRRXhhbXBs
+ZSBTaWduZXIgQ0ExEzARBgNVBAMMCkV4YW1wbGUgQ0ExKjAoBgkqhkiG9w0BCQEW
+G2F1dGhvcml0eUBpZGVudGl0eWNhbHRkLm9yZzAeFw0xOTAyMTIxMDIxNTJaFw0y
+OTAyMDkxMDIxNTJaMIGyMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNV
+BAcMDUxvY2FsaXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQg
+TmFtZTEaMBgGA1UECgwRRXhhbXBsZSBTaWduZXIgQ0ExEzARBgNVBAMMCkV4YW1w
+bGUgQ0ExKjAoBgkqhkiG9w0BCQEWG2F1dGhvcml0eUBpZGVudGl0eWNhbHRkLm9y
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCBJ1r/2AcSHorpA2G2
+WR0CvGHPhhY2x93twW91LCJVOVzO0LuOscZXSkWDtAhyhy1EZN6r+4aLbMku/wVJ
+kdjHPD+WSVEZn70LxYSgxiUwXalpa5RQeTkEHll5cSgtE8kSD4/HIxBsbwizeDVV
+g8SWpBVb044GM4O3TDbCug9F7GJFzqcbSHQZnHO+3nWu6f21BEU7PZjrFox1NREN
+g3H7WmNISx4DOK9bJcWS/i4qJjTxjQPPFmzGvRgO2FfWP+xYb70x/iOeKsML2y+d
+XZqL99yzfP1dnpDtBzCTqJJizfuNMD6gvIXyk2PUy3FpAYoI9BvUehdWCP/okikx
+5jsCAwEAAaNQME4wHQYDVR0OBBYEFL7LTHLvMsEeUDjMYeW4+DcXn62PMB8GA1Ud
+IwQYMBaAFL7LTHLvMsEeUDjMYeW4+DcXn62PMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAIDJ4g6aVGIVXDSQ5R2yY9I82zsRf3k+yRF/BBkqBP1XXYRA
+6lk7Wk4y6+DmL9qbVG/xrkTCC066J8kVblOyfFP1LHAzlNOQE7aU+tyrAufW4fpz
+f/Gv8PBQUTQGr8vNqLUuEdoQjzARm8g7L3qeXhIKjiWsWi99ibnm/jTjol1GleIX
+RudKSSGyMcB2VgRjCEEIYrkXdkIfrznKcJxzUw3dsGx277dB+4iFLcqf1YDpoRe2
+aSwbtgx+lLZ4KXWtikBSmLSRBq9j2aGtKO08kru0U3jQo6B4Bvzp1KuJCBiktueY
+yNRfgh8ggNERYF/SpVr/ivm3RM+mnWd3QpmVolw=
+-----END CERTIFICATE-----

src/security/builtin_plugins/tests/listeners_authentication/etc/Identity_CA_Private_Key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAoIEnWv/YBxIeiukDYbZZHQK8Yc+GFjbH3e3Bb3UsIlU5XM7Q
+u46xxldKRYO0CHKHLURk3qv7hotsyS7/BUmR2Mc8P5ZJURmfvQvFhKDGJTBdqWlr
+lFB5OQQeWXlxKC0TyRIPj8cjEGxvCLN4NVWDxJakFVvTjgYzg7dMNsK6D0XsYkXO
+pxtIdBmcc77eda7p/bUERTs9mOsWjHU1EQ2DcftaY0hLHgM4r1slxZL+LiomNPGN
+A88WbMa9GA7YV9Y/7FhvvTH+I54qwwvbL51dmov33LN8/V2ekO0HMJOokmLN+40w
+PqC8hfKTY9TLcWkBigj0G9R6F1YI/+iSKTHmOwIDAQABAoIBAAc5iRH5jjnTQPiz
+wGk3kg9SPjSQ6NI7KQf+WcSwm4n4GBrrXE31AF+TMk6qvQHcVeVdvMShLTNDN2Re
+7y/Hvf7qCPY7x5UU+DHEQ+HSctjdsnmbuzHz5WEBpHQWmVdboBZe78BjEFr+5oiX
+u4N7E/FXbo9fkMhF0y/MomucnE9vnhFsCj/Qz+gqKJDz7n+jY1G9loGJpoZoGllK
+s2+HzbY5qVKrrpDzD5FO5i+M/Obk4uwZVDSnFL316SKe9MzdlrH9ochdtsGlver8
+YsYtetqHy4QgE/WZLSgwQoYY7nlKnkAKUnGvTJ8pnmO2FkO9SAQsBIl32rURMQFY
+2C7ka5ECgYEAz13hOWwsefCkMTpXOXpeagCACN86Oqel+gV+UYDWnRdwDrUKBhjA
+u40+NVaxuJSNKV3mC0N2PxwTuYzQ6BOQgmNzlxv0xyKwkGW/d6F8VunV2mqb3EAL
+m9qzN1k08V30RikSMCt1OV5isuUiC4ox3ToboLTibXKnbEFWjT3juM8CgYEAxiW0
++CvqJQjrjJ/valshCQDF4fYLa2uTJcdDifyU3HVTn06yy0z42tLBhHCv8RY/SBRK
+IqR3RDhYJbBgLhG7oBDvoGWUEhdGJ+z6qcw9v1tDj9QD1bQF7RJvuh2JA7mhbFe5
+cIptcDJNRN7PCrjqGksQfy8Gg6ABOGFhz3xZPtUCgYBeFpKio1pq2a0mSPpashM0
+tZVicSbShk7g6q0t/e9ix8eoZKxvp7uLXcLkILnyrjR+mIRQiAOXDv5EKoh/RKFF
+CCriXWTrFepXGlONzE/Gf8Lwn36oqMabqNe4PVmwSpkTXH9MK+u8Y/8UfLK92a5W
+Wo8+k9RJJMSiceL7oyE4MQKBgQCkVg2bbkCJaraBMPxNxzrEzsFPwNKDyvqFcJhR
+TwzfMuehzpF3D2WthvI8t4EUgJEHZNx/ksvf5qMkzv1V+BsWjDVRYC3IO0lSP7c9
+MEld9YE5PmvXx7DKiGnlgC1sy35X7wG7lvNhBDcVkX1BtU9jczJBaW0LqZ6Zdhq7
+DLSv6QKBgQDNZpHEwi2P2LdlTRgbc4IWYjZZJaj+RrG881lgi+v8SI4E8eizlxLw
+9HlG1nydvRqtU3T5h8UuqLOlXbfvQ7GOxVO2uJjtjJHZ8KbsFUH5i3UwZ+llyrRW
+Y1ydvvE9Hux6I7I3L42J11jphNYKw/YwARkp8/Bc/wzKsGlnh3Oh+w==
+-----END RSA PRIVATE KEY-----

src/security/builtin_plugins/tests/listeners_authentication/etc/Permissions_CA_Cert.pem

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEBCwUAMIHHMQswCQYD
+VQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAf
+BgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwXRXhhbXBs
+ZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlzc2lvbnMg
+Q0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2NhbHRkLm9y
+ZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHHMQswCQYDVQQGEwJO
+TDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAfBgNVBAsM
+GE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwXRXhhbXBsZSBDQSBP
+cmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlzc2lvbnMgQ0ExLTAr
+BgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2NhbHRkLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMhah3xGfJy8f3lowPHI
+j6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXVv0j9HCpQ3mRynNTy
+jLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZkpwE30E6xvZrlQcrk
+QY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2iXGZczCr9AqAszc/
+7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8pLC+1FQPtkKmcVXO8
+oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtdZJVMa2rYCk8CAwEA
+AaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMB8GA1UdIwQYMBaA
+FA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH89ijEdMYlKKLYT0R
+18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TVzOKAJ8NttCyW3Yqr
+iUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHERIbCIohKi/2mk1JZS
+9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYNgDFVUZx0At4zzRjG
+TvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4h1feIH+aucsAKBz1
+Ne5fTiTCannlKvLl8xWz5IdzP7gF0LI=
+-----END CERTIFICATE-----

src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c

@@ -523,7 +523,7 @@ validate_local_identity(const char* trusted_ca_dir)
         char trusted_ca_dir_path[1024];
         dds_security_property_init(&participant_qos.property.value, 4);
 #ifdef WIN32
-    snprintf(trusted_ca_dir_path, 1024, "%s\\testsuite\\dbt\\security_plugin\\tests\\validate_begin_handshake_reply\\etc\\%s", CONFIG_ENV_TESTS_DIR,trusted_ca_dir);
+    snprintf(trusted_ca_dir_path, 1024, "%s\\validate_begin_handshake_reply\\etc\\%s", CONFIG_ENV_TESTS_DIR, trusted_ca_dir);
 #else
     snprintf(trusted_ca_dir_path, 1024, "%s/validate_begin_handshake_reply/etc/%s", CONFIG_ENV_TESTS_DIR, trusted_ca_dir);
 #endif

src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c

@@ -220,7 +220,7 @@ static const char *unrelated_identity =
         "B7DMeaVlLClGQaKZZ7aexEx9se+IyLn2\n"
         "-----END CERTIFICATE-----\n";
 
-#ifdef TRUSTED_CA_DIR_IMPLEMENTED
+
 static const char *remote_identity_trusted =
                 "-----BEGIN CERTIFICATE-----\n"
                 "MIIDcDCCAligAwIBAgIBBTANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n"
@@ -297,7 +297,6 @@ static const char *remote_identity_trusted_expired =
                 "O3gAjPUL0jzRztp5Yj3dYPV8YyJHLEKr75IXNedV9YKhT4f6kTS3UEjMTqYbYsix\n"
                 "MtqgY283RjsExzjNvw==\n"
                 "-----END CERTIFICATE-----\n";
-#endif
 
 static struct plugins_hdl *plugins = NULL;
 static dds_security_authentication *auth = NULL;
@@ -1968,10 +1967,7 @@ CU_Test(ddssec_builtin_validate_begin_handshake_reply,return_handle,  .init = in
 
 }
 
-/*TODO: test is waiting for Trusted CA parsing function */
+CU_Test(validate_begin_handshake_reply,extended_certificate_check,  .init = init_testcase, .fini = fini_testcase )
-
-#if(0)
-CU _ Test(validate_begin_handshake_reply,extended_certificate_check )
 {
     DDS_Security_ValidationResult_t result;
     DDS_Security_HandshakeHandle handshake_handle;
@@ -2107,4 +2103,3 @@ CU _ Test(validate_begin_handshake_reply,extended_certificate_check )
     handshake_message_deinit(&handshake_token_out);
     reset_exception(&exception);
 }
-#endif

src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c

@@ -2017,10 +2017,8 @@ CU_Test(ddssec_builtin_validate_local_identity,no_file)
 
 }
 
-/* TODO: Should be enabled after implementing trusted ca dir parsing*/
+CU_Test(ddssec_builtin_validate_local_identity,with_extended_certificate_check)
-#if(0)
+{ 
-CU _ Test(validate_local_identity,with_extended_certificate_check)
-{
     DDS_Security_ValidationResult_t result;
     DDS_Security_IdentityHandle local_identity_handle = DDS_SECURITY_HANDLE_NIL;
     DDS_Security_GUID_t adjusted_participant_guid;
@@ -2042,7 +2040,7 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
 
     fill_participant_qos(&participant_qos, false, identity_certificate,
                                            false, identity_ca,
-                                           false, private_key,
+                                           false, private_key_pem,
                                            NULL,
                                            "trusted_ca_dir");
     /* Now call the function. */
@@ -2106,4 +2104,3 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
 
 
 }
-#endif

src/security/core/include/dds/security/core/dds_security_timed_cb.h

@@ -25,7 +25,11 @@ extern "C" {
  */
 struct dds_security_timed_dispatcher_t;
 
-struct dds_security_timed_cb_data_t;
+/**
+ * The timed callback structure holds a list of dispatchers and manages
+ * the thread that calls the dispatchers callbacks.
+ */
+struct dds_security_timed_cb_data;
 
 /**
  * The callback is triggered by two causes:

src/security/core/src/dds_security_utils.c

@@ -1291,3 +1291,4 @@ DDS_Security_parse_xml_date(
 
   return DDS_TIME_INVALID;
 }
+