niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Certificate trigger and directory operations

Browse source 
Implement trigger of certificate and permission expiries using the timed callbacks.

Implement directory operations such that trusted CA can be read.
This implements OS abstraction functions such as opendir and stat.

Signed-off-by: Stefan Kimmer <skimmer@s2e-systems.com>
This commit is contained in:
Stefan Kimmer 2020-01-24 10:53:18 +01:00 committed by eboasson
parent 3b4facbd45
commit aef4f0a126
25 changed files with 3039 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/ddsrt/CMakeLists.txt
View file

@ -149,7 +149,7 @@ list(APPEND sources
# network stack. In order to mix-and-match various compilers, architectures,
# operating systems, etc input from the build system is required.
foreach(feature atomics cdtors environ heap ifaddrs random rusage
sockets string sync threads time md5 process netstat dynlib)
sockets string sync threads time md5 process netstat dynlib filesystem)
if(EXISTS "${include_path}/dds/ddsrt/${feature}.h")
list(APPEND headers "${include_path}/dds/ddsrt/${feature}.h")
file(GLOB_RECURSE

123
src/ddsrt/include/dds/ddsrt/filesystem.h Normal file
View file

@ -0,0 +1,123 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef FILESYSTEM_H
#define FILESYSTEM_H
#include <stddef.h>
#include "dds/export.h"
#include "dds/ddsrt/retcode.h"
#include "dds/ddsrt/time.h"
#if _WIN32
#include "dds/ddsrt/filesystem/windows.h"
#else
#include "dds/ddsrt/filesystem/posix.h"
#endif
#if defined (__cplusplus)
extern "C" {
#endif
struct ddsrt_stat {
ddsrt_mode_t stat_mode;
size_t stat_size;
dds_time_t stat_mtime;
};
struct ddsrt_dirent {
char d_name[DDSRT_PATH_MAX + 1];
};
/** \brief opendir wrapper
*
* Open the directory conform opendir
*
* Precondition:
* none
*
* Possible results:
* - return DDS_RETCODE_OK if directory 'name' is opened
* - DDS_RETCODE_ERROR if 'name' could not
* be found or is not a directory.
*/
DDS_EXPORT dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir);
/** \brief closedir wrapper
*
* Close the directory conform closdir
*
* Precondition:
* none
*
* Possible results:
* - return DDS_RETCODE_OK if directory identified by the handle
* is succesfully closed
* - return DDS_RETCODE_ERROR if the handle is invalid.
*/
DDS_EXPORT dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d);
/** \brief readdir wrapper
*
* Read the directory conform readdir.
*
* Precondition:
* none
*
* Possible results:
* - return DDS_RETCODE_OK if next directory is found
* - return DDS_RETCODE_ERROR if no more directories are found.
*/
DDS_EXPORT dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp);
/** \brief stat wrapper
*
* Gets directory status conform stat.
*
* Precondition:
* none
*
* Possible results:
* - return DDS_RETCODE_OK if stat is successful
* - return DDS_RETCODE_ERROR if stat fails.
*/
DDS_EXPORT dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf);
/** \brief Transforms the given filepath into a platform specific filepath.
*
* This translation function will replace any platform file seperator into
* the fileseperator of the current platform. Doulbe quotes are removed
* as well.
*
* Precondition:
* none
*
* Possible results:
* - returns normalized filepath conform current platform
* - return NULL if out of memory.
*/
DDS_EXPORT char* ddsrt_file_normalize(const char *filepath);
/** \brief Get file seperator
*
* Possible Results:
* - "<file-seperator-string>"
*/
DDS_EXPORT const char* ddsrt_file_sep(void);
#if defined (__cplusplus)
}
#endif
#endif // FILESYSTEM_H

34
src/ddsrt/include/dds/ddsrt/filesystem/posix.h Normal file
View file

@ -0,0 +1,34 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DDSRT_FILESYSTEM_POSIX_H
#define DDSRT_FILESYSTEM_POSIX_H
#include <sys/stat.h>
#include <sys/types.h>
#include <dirent.h>
#include <limits.h>
typedef DIR *ddsrt_dir_handle_t;
typedef mode_t ddsrt_mode_t;
#define DDSRT_PATH_MAX PATH_MAX
#define DDSRT_FILESEPCHAR '/'
#if defined(__cplusplus)
extern "C" {
#endif
#if defined(__cplusplus)
}
#endif
#endif /* DDSRT_FILESYSTEM_POSIX_H */

34
src/ddsrt/include/dds/ddsrt/filesystem/windows.h Normal file
View file

@ -0,0 +1,34 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifndef DDSRT_FILESYSTEM_WINDOWS_H
#define DDSRT_FILESYSTEM_WINDOWS_H
#include <sys/types.h>
#include <sys/stat.h>
#include "dds/ddsrt/types.h"
typedef HANDLE ddsrt_dir_handle_t;
typedef unsigned short ddsrt_mode_t;
#define DDSRT_PATH_MAX MAX_PATH
#define DDSRT_FILESEPCHAR '\\'
#if defined(__cplusplus)
extern "C" {
#endif
#if defined(__cplusplus)
}
#endif
#endif /* DDSRT_FILESYSTEM_WINDOWS_H */

116
src/ddsrt/src/filesystem/posix/filesystem.c Normal file
View file

@ -0,0 +1,116 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <string.h>
#include "dds/ddsrt/filesystem.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/heap.h"
dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir)
{
dds_return_t result = DDS_RETCODE_ERROR;
DIR *d;
if (dir) {
d = opendir(name);
if (d) {
*dir = d;
result = DDS_RETCODE_OK;
}
}
return result;
}
dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp)
{
dds_return_t result;
struct dirent *d_entry;
result = DDS_RETCODE_ERROR;
if (d && direntp) {
d_entry = readdir(d);
if (d_entry) {
ddsrt_strlcpy(direntp->d_name, d_entry->d_name, sizeof(direntp->d_name));
result = DDS_RETCODE_OK;
}
}
return result;
}
dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d)
{
dds_return_t result;
result = DDS_RETCODE_ERROR;
if (d) {
if (closedir(d) == 0) {
result = DDS_RETCODE_OK;
}
}
return result;
}
dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf)
{
dds_return_t result;
struct stat _buf;
int r;
r = stat(path, &_buf);
if (r == 0) {
buf->stat_mode = _buf.st_mode;
buf->stat_size = (size_t) _buf.st_size;
buf->stat_mtime = DDS_SECS(_buf.st_mtime);
result = DDS_RETCODE_OK;
} else {
result = DDS_RETCODE_ERROR;
}
return result;
}
char * ddsrt_file_normalize(const char *filepath)
{
char *norm;
const char *fpPtr;
char *normPtr;
norm = NULL;
if ((filepath != NULL) && (*filepath != '\0')) {
norm = ddsrt_malloc(strlen(filepath) + 1);
/* replace any / or \ by DDSRT_FILESEPCHAR */
fpPtr = (char *) filepath;
normPtr = norm;
while (*fpPtr != '\0') {
*normPtr = *fpPtr;
if ((*fpPtr == '/') || (*fpPtr == '\\')) {
*normPtr = DDSRT_FILESEPCHAR;
normPtr++;
} else {
if (*fpPtr != '\"') {
normPtr++;
}
}
fpPtr++;
}
*normPtr = '\0';
}
return norm;
}
const char *ddsrt_file_sep(void)
{
return "/";
}

122
src/ddsrt/src/filesystem/windows/filesystem.c Normal file
View file

@ -0,0 +1,122 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#include <string.h>
#include "dds/ddsrt/filesystem.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/io.h"
dds_return_t ddsrt_opendir(const char *name, ddsrt_dir_handle_t *dir)
{
dds_return_t result;
TCHAR szDir[DDSRT_PATH_MAX + 1];
WIN32_FIND_DATA FileData;
HANDLE hList;
result = DDS_RETCODE_ERROR;
if (dir) {
snprintf(szDir, DDSRT_PATH_MAX, "%s\\*", name);
hList = FindFirstFile(szDir, &FileData);
if (hList != INVALID_HANDLE_VALUE) {
*dir = hList;
result = DDS_RETCODE_OK;
}
}
return result;
}
dds_return_t ddsrt_readdir(ddsrt_dir_handle_t d, struct ddsrt_dirent *direntp)
{
dds_return_t result;
WIN32_FIND_DATA FileData;
BOOL r;
if (direntp) {
r = FindNextFile(d, &FileData);
if (r) {
ddsrt_strlcpy(direntp->d_name, FileData.cFileName, sizeof(direntp->d_name));
result = DDS_RETCODE_OK;
} else {
result = DDS_RETCODE_ERROR;
}
} else {
result = DDS_RETCODE_ERROR;
}
return result;
}
dds_return_t ddsrt_closedir(ddsrt_dir_handle_t d)
{
FindClose(d);
return DDS_RETCODE_OK;
}
dds_return_t ddsrt_stat(const char *path, struct ddsrt_stat *buf)
{
dds_return_t result;
struct _stat _buf;
int r;
r = _stat(path, &_buf);
if (r == 0) {
buf->stat_mode = _buf.st_mode;
buf->stat_size = _buf.st_size;
buf->stat_mtime = DDS_SECS(_buf.st_mtime);;
result = DDS_RETCODE_OK;
} else {
result = DDS_RETCODE_ERROR;
}
return result;
}
char * ddsrt_file_normalize(const char *filepath)
{
char *norm;
const char *fpPtr;
char *normPtr;
norm = NULL;
if ((filepath != NULL) && (*filepath != '\0')) {
norm = ddsrt_malloc(strlen(filepath) + 1);
/* replace any / or \ by DDSRT_FILESEPCHAR */
fpPtr = (char *) filepath;
normPtr = norm;
while (*fpPtr != '\0') {
*normPtr = *fpPtr;
if ((*fpPtr == '/') || (*fpPtr == '\\')) {
*normPtr = DDSRT_FILESEPCHAR;
normPtr++;
} else {
if (*fpPtr != '\"') {
normPtr++;
}
}
fpPtr++;
}
*normPtr = '\0';
}
return norm;
}
const char *ddsrt_file_sep(void)
{
return "\\";
}

51
src/security/builtin_plugins/access_control/src/access_control.c
View file

@ -26,6 +26,7 @@
#include "access_control_utils.h"
#include "access_control_objects.h"
#include "access_control_parser.h"
#include "dds/security/core/dds_security_timed_cb.h"
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL);
@ -78,9 +79,10 @@ typedef struct dds_security_access_control_impl
struct AccessControlTable *local_permissions;
#endif
struct AccessControlTable *remote_permissions;
#if TIMED_CALLBACK_IMPLEMENTED
struct ut_timed_dispatcher_t *timed_callbacks;
#endif
struct dds_security_timed_cb_data *timed_callbacks;
struct dds_security_timed_dispatcher_t *dispatcher;
} dds_security_access_control_impl;
static bool get_sec_attributes(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, const char *topic_name,
@ -105,9 +107,7 @@ static struct topic_rule *find_topic_from_domain_rule(struct domain_rule *domain
static DDS_Security_boolean domainid_within_sets(struct domain_id_set *domain, int domain_id);
static DDS_Security_boolean compare_class_id_plugin_classname(DDS_Security_string class_id_1, DDS_Security_string class_id_2);
static DDS_Security_boolean compare_class_id_major_ver(DDS_Security_string class_id_1, DDS_Security_string class_id_2);
#if TIMED_CALLBACK_IMPLEMENTED
static void add_validity_end_trigger(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, dds_time_t end);
#endif
static void add_validity_end_trigger(dds_security_access_control_impl *ac, const DDS_Security_PermissionsHandle permissions_handle, dds_time_t end);
static DDS_Security_boolean is_allowed_by_permissions(struct permissions_parser *permissions, int domain_id, const char *topic_name, const DDS_Security_PartitionQosPolicy *partitions,
const char *identity_subject_name, permission_criteria_type criteria_type, DDS_Security_SecurityException *ex);
static void sanity_check_local_access_rights(local_participant_access_rights *rights);
@ -168,10 +168,8 @@ validate_local_permissions(
{
assert (rights->permissions_expiry != DDS_TIME_INVALID);
#if TIMED_CALLBACK_IMPLEMENTED
if (rights->permissions_expiry != 0)
add_validity_end_trigger(ac, permissions_handle, rights->permissions_expiry);
#endif
}
return permissions_handle;
@ -232,10 +230,8 @@ validate_remote_permissions(
permissions_handle = ACCESS_CONTROL_OBJECT_HANDLE(remote_rights);
#if TIMED_CALLBACK_IMPLEMENTED
if (permissions_handle != DDS_SECURITY_HANDLE_NIL)
add_validity_end_trigger(ac, permissions_handle, remote_rights->permissions_expiry);
#endif
if (remote_rights)
access_control_table_insert(ac->remote_permissions, (AccessControlObject *)remote_rights);
@ -926,16 +922,12 @@ set_listener(dds_security_access_control *instance,
DDS_Security_SecurityException *ex)
{
DDSRT_UNUSED_ARG(ex);
#if TIMED_CALLBACK_IMPLEMENTED
dds_security_access_control_impl *ac = (dds_security_access_control_impl *)instance;
if (listener)
ut_timed_dispatcher_enable(ac->timed_callbacks, (void *)listener);
dds_security_timed_dispatcher_enable(ac->timed_callbacks, ac->dispatcher, (void *)listener);
else
ut_timed_dispatcher_disable(ac->timed_callbacks);
#else
DDSRT_UNUSED_ARG(instance);
DDSRT_UNUSED_ARG(listener);
#endif
dds_security_timed_dispatcher_disable(ac->timed_callbacks, ac->dispatcher);
return true;
}
@ -1490,9 +1482,9 @@ int init_access_control(const char *argument, void **context)
dds_security_access_control_impl *access_control = ddsrt_malloc(sizeof(*access_control));
memset(access_control, 0, sizeof(*access_control));
#if TIMED_CALLBACK_IMPLEMENTED
access_control->timed_callbacks = ut_timed_dispatcher_new();
#endif
access_control->timed_callbacks = dds_security_timed_cb_new();
access_control->dispatcher = dds_security_timed_dispatcher_new(access_control->timed_callbacks);
access_control->base.validate_local_permissions = &validate_local_permissions;
access_control->base.validate_remote_permissions = &validate_remote_permissions;
access_control->base.check_create_participant = &check_create_participant;
@ -1875,7 +1867,6 @@ find_remote_permissions_by_permissions_handle(
return (remote_participant_access_rights *)args.object;
}
#if TIMED_CALLBACK_IMPLEMENTED
typedef struct
{
@ -1884,15 +1875,17 @@ typedef struct
} validity_cb_info;
static void
validity_callback(struct ut_timed_dispatcher_t *d,
ut_timed_cb_kind kind,
validity_callback(struct dds_security_timed_dispatcher_t *d,
dds_security_timed_cb_kind kind,
void *listener,
void *arg)
{
validity_cb_info *info = arg;
DDSRT_UNUSED_ARG(d);
assert(d);
assert(arg);
if (kind == UT_TIMED_CB_KIND_TIMEOUT)
if (kind == DDS_SECURITY_TIMED_CB_KIND_TIMEOUT)
{
assert(listener);
if (1 /* TODO: Check if hdl is still valid or if it has been already returned. */)
@ -1913,9 +1906,8 @@ add_validity_end_trigger(dds_security_access_control_impl *ac,
validity_cb_info *arg = ddsrt_malloc(sizeof(validity_cb_info));
arg->ac = ac;
arg->hdl = permissions_handle;
ut_timed_dispatcher_add(ac->timed_callbacks, validity_callback, end, (void *)arg);
dds_security_timed_dispatcher_add(ac->timed_callbacks, ac->dispatcher, validity_callback, end, (void *)arg);
}
#endif
static DDS_Security_boolean
is_allowed_by_permissions(struct permissions_parser *permissions,
@ -2465,9 +2457,10 @@ int finalize_access_control(void *context)
dds_security_access_control_impl *access_control = context;
if (access_control)
{
#if TIMED_CALLBACK_IMPLEMENTED
ut_timed_dispatcher_free(access_control->timed_callbacks);
#endif
dds_security_timed_dispatcher_free(access_control->timed_callbacks, access_control->dispatcher);
dds_security_timed_cb_free(access_control->timed_callbacks);
access_control_table_free(access_control->remote_permissions);
#ifdef ACCESS_CONTROL_USE_ONE_PERMISSION
if (access_control->local_access_rights)

50
src/security/builtin_plugins/authentication/src/auth_utils.c
View file

@ -30,6 +30,8 @@
#include <openssl/rand.h>
#include "dds/ddsrt/time.h"
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/filesystem.h"
#include "dds/ddsrt/retcode.h"
#include "dds/security/dds_security_api_defs.h"
#include "dds/security/core/dds_security_utils.h"
#include <assert.h>
@ -47,11 +49,11 @@
#include "dds/ddsrt/heap.h"
#include "dds/ddsrt/atomics.h"
#include "dds/ddsrt/string.h"
#include "dds/ddsrt/io.h"
#include "dds/security/core/dds_security_utils.h"
#include <string.h>
#include "auth_utils.h"
#define MAX_TRUSTED_CA 100
char *
@ -1190,40 +1192,29 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
DDS_Security_ValidationResult_t loading_result = DDS_RETCODE_OK;
DDSRT_UNUSED_ARG( ca_list );
DDSRT_UNUSED_ARG( trusted_ca_dir );
DDSRT_UNUSED_ARG( ex );
/* TODO: Trusted CA directory tracing function should be ported */
/* TODO: MAX_TRUSTED_CA limitation will be removed */
#ifdef TRUSTED_CA_LIST_IMPLEMENTED
os_result r;
os_dirHandle d_descr;
struct os_dirent d_entry;
struct os_stat_s status;
dds_return_t r;
ddsrt_dir_handle_t d_descr;
struct ddsrt_dirent d_entry;
struct ddsrt_stat status;
char *full_file_path;
char *trusted_ca_dir_normalized;
X509 *ca_buffer_array[MAX_TRUSTED_CA]; /*max trusted CA size */
unsigned ca_buffer_array_size=0;
unsigned i;
trusted_ca_dir_normalized = os_fileNormalize(trusted_ca_dir);
trusted_ca_dir_normalized = ddsrt_file_normalize(trusted_ca_dir);
r = os_opendir(trusted_ca_dir_normalized, &d_descr);
r = ddsrt_opendir(trusted_ca_dir_normalized, &d_descr);
ddsrt_free ( trusted_ca_dir_normalized );
if (r == os_resultSuccess && ca_buffer_array_size < MAX_TRUSTED_CA) { /* accessable */
r = os_readdir(d_descr, &d_entry);
while (r == os_resultSuccess) {
full_file_path = (char*) ddsrt_malloc(strlen(trusted_ca_dir) + strlen(os_fileSep()) + strlen(d_entry.d_name) + strlen(os_fileSep()) + 1 );
ddsrt_strcpy(full_file_path, trusted_ca_dir);
ddsrt_strcat(full_file_path, os_fileSep());
ddsrt_strcat(full_file_path, d_entry.d_name);
if (os_stat (full_file_path, &status) == os_resultSuccess) { /* accessable */
if (r == DDS_RETCODE_OK && ca_buffer_array_size < MAX_TRUSTED_CA) { /* accessable */
r = ddsrt_readdir(d_descr, &d_entry);
while (r == DDS_RETCODE_OK) {
ddsrt_asprintf(&full_file_path, "%s%s%s", trusted_ca_dir, ddsrt_file_sep(), d_entry.d_name);
if (ddsrt_stat (full_file_path, &status) == DDS_RETCODE_OK) { /* accessable */
if ((strcmp(d_entry.d_name, ".") != 0) &&
(strcmp(d_entry.d_name, "..") != 0)) {
char * filename = os_fileNormalize(full_file_path);
char * filename = ddsrt_file_normalize(full_file_path);
if(filename){
X509 *identityCA;
@ -1239,26 +1230,26 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
}
}
}
r = os_readdir(d_descr, &d_entry);
r = ddsrt_readdir(d_descr, &d_entry);
ddsrt_free(full_file_path);
}
os_closedir (d_descr);
ddsrt_closedir (d_descr);
/* deallocate given ca_list if it is not NULL */
free_ca_list_contents(ca_list);
/*copy CAs to out parameter as HASH*/
if( ca_buffer_array_size > 0 ){
ca_list->_buffer = ddsrt_malloc( ca_buffer_array_size * sizeof(X509 * ) );
ca_list->buffer = ddsrt_malloc( ca_buffer_array_size * sizeof(X509 * ) );
for (i = 0; i < ca_buffer_array_size; ++i) {
ca_list->_buffer[i] = ca_buffer_array[i];
ca_list->buffer[i] = ca_buffer_array[i];
}
}
ca_list->_length = ca_buffer_array_size;
ca_list->length = ca_buffer_array_size;
return DDS_SECURITY_VALIDATION_OK;
@ -1267,7 +1258,6 @@ get_trusted_ca_list ( const char* trusted_ca_dir,
DDS_Security_Exception_set(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_CODE, 0, DDS_SECURITY_ERR_INVALID_TRUSTED_CA_DIR_MESSAGE);
return DDS_SECURITY_VALIDATION_FAILED;
}
#endif
return loading_result;
}

43
src/security/builtin_plugins/authentication/src/authentication.c
View file

@ -22,6 +22,7 @@
#include "authentication.h"
#include "dds/ddsrt/heap.h"
#include "dds/security/dds_security_api.h"
#include "dds/security/core/dds_security_timed_cb.h"
#if OPENSLL_VERSION_NUMBER >= 0x10002000L
@ -202,7 +203,8 @@ typedef struct dds_security_authentication_impl {
ddsrt_mutex_t lock;
struct ddsrt_hh *objectHash;
struct ddsrt_hh *remoteGuidHash;
struct ut_timed_dispatcher_t *timed_callbacks;
struct dds_security_timed_cb_data *timed_callbacks;
struct dds_security_timed_dispatcher_t *dispatcher;
X509Seq trustedCAList;
@ -844,22 +846,19 @@ hash_value_to_binary_property(
return bp;
}
/* Will be enabled after timed callback feature implementation */
#if TIMED_CALLBACK_IMPLEMENTED
static void
validity_callback(struct ut_timed_dispatcher_t *d,
ut_timed_cb_kind kind,
validity_callback(struct dds_security_timed_dispatcher_t *d,
dds_security_timed_cb_kind kind,
void *listener,
void *arg)
{
validity_cb_info *info = arg;
DDSRT_UNUSED_ARG(d);
assert(d);
assert(arg);
if (kind == UT_TIMED_CB_KIND_TIMEOUT) {
if (kind == DDS_SECURITY_TIMED_CB_KIND_TIMEOUT) {
assert(listener);
dds_security_authentication_listener *auth_listener = (dds_security_authentication_listener*)listener;
if (auth_listener->on_revoke_identity) {
@ -872,26 +871,19 @@ validity_callback(struct ut_timed_dispatcher_t *d,
ddsrt_free(arg);
}
#endif
static void
add_validity_end_trigger(dds_security_authentication_impl *auth,
const DDS_Security_IdentityHandle identity_handle,
dds_time_t end)
{
DDSRT_UNUSED_ARG( auth );
DDSRT_UNUSED_ARG( identity_handle );
DDSRT_UNUSED_ARG( end );
/* Will be enabled after timed call back feature implementation */
/*
validity_cb_info *arg = ddsrt_malloc(sizeof(validity_cb_info));
arg->auth = auth;
arg->hdl = identity_handle;
ut_timed_dispatcher_add(auth->timed_callbacks,
dds_security_timed_dispatcher_add(auth->timed_callbacks, auth->dispatcher,
validity_callback,
end,
(void*)arg);
*/
}
@ -3170,18 +3162,14 @@ DDS_Security_boolean set_listener(dds_security_authentication *instance,
{
dds_security_authentication_impl *auth = (dds_security_authentication_impl*)instance;
DDSRT_UNUSED_ARG(auth);
DDSRT_UNUSED_ARG(listener);
DDSRT_UNUSED_ARG(ex);
/* Will be enabled after timed call back feature implementation */
#if TIMED_CALLBACK_IMPLEMENTED
if (listener) {
ut_timed_dispatcher_enable(auth->timed_callbacks, (void*)listener);
dds_security_timed_dispatcher_enable(auth->timed_callbacks, auth->dispatcher, (void*)listener);
} else {
ut_timed_dispatcher_disable(auth->timed_callbacks);
dds_security_timed_dispatcher_disable(auth->timed_callbacks, auth->dispatcher);
}
#endif
return true;
}
@ -3398,8 +3386,8 @@ init_authentication( const char *argument, void **context)
memset(authentication, 0, sizeof(dds_security_authentication_impl));
/* assign dispatcher to be notified when a validity date ends */
/* Disable it until timed callback is ready */
/*authentication->timed_callbacks = ut_timed_dispatcher_new(); */
authentication->timed_callbacks = dds_security_timed_cb_new();
authentication->dispatcher = dds_security_timed_dispatcher_new(authentication->timed_callbacks);
/* assign the interface functions */
authentication->base.validate_local_identity = &validate_local_identity;
@ -3474,8 +3462,9 @@ int32_t finalize_authentication(void *instance)
if( authentication ){
ddsrt_mutex_lock(&authentication->lock);
/* Will be enabled after timed call back feature implementation */
/* ut_timed_dispatcher_free(authentication->timed_callbacks); */
dds_security_timed_dispatcher_free(authentication->timed_callbacks, authentication->dispatcher);
dds_security_timed_cb_free(authentication->timed_callbacks);
if (authentication->remoteGuidHash) {
ddsrt_hh_free(authentication->remoteGuidHash);
}

6
src/security/builtin_plugins/tests/CMakeLists.txt
View file

@ -21,6 +21,8 @@ set(security_auth_test_sources
"validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c"
"validate_local_identity/src/validate_local_identity_utests.c"
"validate_remote_identity/src/validate_remote_identity_utests.c"
"listeners_authentication/src/listeners_authentication_utests.c"
"listeners_access_control/src/listeners_access_control_utests.c"
)
set(security_ac_test_sources
@ -74,6 +76,7 @@ if(OPENSSL_FOUND)
target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_ac)
target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto)
target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL)
else()
message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON")
endif()
@ -92,5 +95,8 @@ target_include_directories(
set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}")
set(CUnit_build_dir "${CMAKE_CURRENT_BINARY_DIR}")
configure_file("config_env.h.in" "config_env.h")

1
src/security/builtin_plugins/tests/config_env.h.in
View file

@ -13,5 +13,6 @@
#define CONFIG_ENV_H
#define CONFIG_ENV_TESTS_DIR "@CUnit_builtin_plugins_tests_dir@"
#define CONFIG_ENV_BUILD_DIR "@CUnit_build_dir@"
#endif /* CONFIG_ENV_H */

51
src/security/builtin_plugins/tests/listeners_access_control/etc/Test_Permissions_listener.p7s
View file

@ -1,51 +0,0 @@
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----3900963D3572093F6AEC654A72CAEE5A"
This is an S/MIME signed message
------3900963D3572093F6AEC654A72CAEE5A
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?> <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd"> <permissions> <grant name="DEFAULT_PERMISSIONS"> <subject_name>/C=NL/ST=Some-State/O=Internet Widgits Pty Ltd/CN=CHAM500 cert</subject_name> <validity> <not_before>2015-09-15T01:00:00</not_before> <not_after>2019-11-18T11:48:49</not_after> </validity> <deny_rule> <domains> <id_range> <min>0</min> <max>230</max> </id_range> </domains> <publish> <topics> <topic>*</topic> </topics> <partitions/> </publish> <subscribe> <topics> <topic>*</topic> </topics> <partitions/> </subscribe> </deny_rule> <default>DENY</default> </grant> </permissions> </dds>
------3900963D3572093F6AEC654A72CAEE5A
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIGSAYJKoZIhvcNAQcCoIIGOTCCBjUCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggORMIIDjTCCAnWgAwIBAgIJANsr3sm0NrypMA0GCSqGSIb3DQEB
CwUAMFwxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApTb21lLVN0YXRlMR8wHQYDVQQK
DBZBRExJTksgVGVjaG5vbG9jeSBJbmMuMRcwFQYDVQQDDA5hZGxpbmt0ZWNoLmNv
bTAgFw0xODA3MzAxMjQ1NTVaGA8yMTE4MDcwNjEyNDU1NVowXDELMAkGA1UEBhMC
TkwxEzARBgNVBAgMClNvbWUtU3RhdGUxHzAdBgNVBAoMFkFETElOSyBUZWNobm9s
b2N5IEluYy4xFzAVBgNVBAMMDmFkbGlua3RlY2guY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAu7jfnJ0wYVuXgG+PgNawdN38+dRpa8jceqi+blID
ehV6XCxrnGXusTCDuFmo7HMOBVMVNDXlcBWgoGd+u5EultnOEiIeGTgtHc1O6V9w
icp3BGSpZZax/TcONjMVORaqHCADbQ2J8wsz1FHxuKDwX6BJElYOlK77lb/x3yLs
DFFC+a0qn2RFh37rcWBRAHy8VEASXKZElT9ZmfKd+KUq34KojhNJ4DepKStTq074
BRDXVivx+wVD951LFNPiQXq+mgHcLj1k37KlZflTFhdP5oEMtATNsXNJPHlEymiy
SogRWAmKhysLQudukHfNKN+r0FEQMk/hzpYcFeZSOvbfNQIDAQABo1AwTjAdBgNV
HQ4EFgQURWMbWvBKZwJvRV1/tyc1R82k0+gwHwYDVR0jBBgwFoAURWMbWvBKZwJv
RV1/tyc1R82k0+gwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkPF+
ysVtvHnk2hpu9yNDLCJ96ZzIoKOyY7uRj4ovzlAHFdpNOJQdcJihTmN8i7Trht9X
Vh0rGoR/6nHzo3TIeiogRC80RlDtuA3PF2dDQBMVDStlZMTZPb693hfjdAjhyyw9
yghhKHHqNDvSsAL0KfBqjG4yGfGpJylYXIT5fWuKlo/ln/yyPa5s54T5XDo+CMbt
lLX3QnwVOmaRyzylPiTcPCDIkdLBdXmlfyJcmW6fWa6kPx+35MOxPsXZbujCo+42
+OyLqcH1rKT6XhcshjXBEf+kdgUfSClrM1pNRWsw2ChIYim0F+nry5JFy0Y+8Hbb
6SDB340BFmtgDHbFHTGCAnswggJ3AgEBMGkwXDELMAkGA1UEBhMCTkwxEzARBgNV
BAgMClNvbWUtU3RhdGUxHzAdBgNVBAoMFkFETElOSyBUZWNobm9sb2N5IEluYy4x
FzAVBgNVBAMMDmFkbGlua3RlY2guY29tAgkA2yveybQ2vKkwDQYJYIZIAWUDBAIB
BQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MTkxMTE4MTE0ODQ4WjAvBgkqhkiG9w0BCQQxIgQgaLNNlFwfVR0PrziT9wCAy5bM
qCZJX9yO3xJgut3/o7EweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJ
YIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgIC
AIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI
hvcNAQEBBQAEggEAWCFrUIvdYKBeT0lmpkRdmYJuvdmQ/Ro7k9iyreVofpB1/70B
hVOEeRjrlmhv/TUjSgQyli56wmXFmexcNRzSzpPNycz0gjwP9kX5BMnhAkKd08fC
4rgoirScmNxvxEkj5+wyq7s7rBEJOgVQ9ofwiZXEBVDMVvW2ENZhVF3FyoNulDQe
6BjXkuLw/QrJLWjywPy5naSSda2T7V3+Ssdu5/2vEjXPIJMM+xPOCaqGHJsSb72s
KiP48jZ95Wruvj3QAlpGxDaazWPTgn7tfThYrY3Kgiz5zyZM7FhFyIqxRF/89Ngo
hbu2mWzcXFF7wBLy+CvK5Foajro9t/PzD8uNuA==
------3900963D3572093F6AEC654A72CAEE5A--

49
src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c
View file

@ -215,6 +215,7 @@ static DDS_Security_PermissionsHandle local_permissions_handle = DDS_SECURITY_HA
static DDS_Security_PermissionsHandle remote_permissions_handle = DDS_SECURITY_HANDLE_NIL;
static DDS_Security_GUID_t local_participant_guid;
static char *g_path_to_etc_dir = NULL;
static char *g_path_build_dir = NULL;
static DDS_Security_PermissionsHandle permission_handle_for_callback1 = DDS_SECURITY_HANDLE_NIL;
static DDS_Security_PermissionsHandle permission_handle_for_callback2 = DDS_SECURITY_HANDLE_NIL;
static dds_time_t local_expiry_date;
@ -251,14 +252,16 @@ static void reset_exception(DDS_Security_SecurityException *ex)
static void get_future_xsdate(char *str, size_t len, int32_t delta)
{
time_t rawtime;
struct tm *future;
struct tm *future = ddsrt_malloc(sizeof(struct tm));
/* Get future time. */
rawtime = time(NULL) + delta;
future = gmtime(&rawtime);
OPENSSL_gmtime(&rawtime, future);
/* Put the future time in a xsDate format. */
strftime(str, len, "%Y-%m-%dT%H:%M:%S", future);
ddsrt_free(future);
}
static int smime_sign(const char *certificate_file, const char *key_file, const char *data, const char *out_file)
@ -345,7 +348,7 @@ static void fill_participant_qos(DDS_Security_Qos *qos, int32_t permission_expir
ddsrt_asprintf(&permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
ddsrt_asprintf(&permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
ddsrt_asprintf(&permissions_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_FILE);
ddsrt_asprintf(&permissions_file, "%s%s", g_path_build_dir, PERMISSIONS_FILE);
smime_sign(permissions_ca_cert_file, permissions_ca_key_file, permissions_xml_with_expiry, permissions_file);
@ -407,9 +410,9 @@ static int fill_peer_credential_token(DDS_Security_AuthenticatedPeerCredentialTo
remote_expiry_date = DDS_Security_parse_xml_date(permission_expiry_date_str);
permissions_xml_with_expiry = ddsrt_str_replace(PERMISSIONS_DOCUMENT, "PERMISSION_EXPIRY_DATE", permission_expiry_date_str, 1);
ddsrt_asprintf(permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
ddsrt_asprintf(permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
ddsrt_asprintf(permissions_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_FILE);
ddsrt_asprintf(&permissions_ca_cert_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_CERT_FILE);
ddsrt_asprintf(&permissions_ca_key_file, "%s%s", g_path_to_etc_dir, PERMISSIONS_CA_KEY_FILE);
ddsrt_asprintf(&permissions_file, "%s%s", g_path_build_dir, PERMISSIONS_FILE);
smime_sign(permissions_ca_cert_file, permissions_ca_key_file, permissions_xml_with_expiry, permissions_file);
@ -531,17 +534,29 @@ static void set_path_to_etc_dir(void)
{
ddsrt_asprintf(&g_path_to_etc_dir, "%s%s", CONFIG_ENV_TESTS_DIR, RELATIVE_PATH_TO_ETC_DIR);
}
static void suite_listeners_access_control_init(void)
static void set_path_build_dir(void)
{
plugins = load_plugins(&access_control, &auth, NULL /* Cryptograpy */);
CU_ASSERT_FATAL(plugins != NULL);
set_path_to_etc_dir();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ddsrt_asprintf(&g_path_build_dir, "%s/", CONFIG_ENV_BUILD_DIR);
}
static void suite_listeners_access_control_fini(void)
CU_Init(ddssec_builtin_listeners_access_control)
{
int res = 0;
plugins = load_plugins(&access_control, &auth, NULL /* Cryptograpy */);
if (!plugins) {
res = -1;
} else {
set_path_to_etc_dir();
set_path_build_dir();
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
}
return res;
}
CU_Clean(ddssec_builtin_listeners_access_control)
{
unload_plugins(plugins);
ddsrt_free(g_path_to_etc_dir);
@ -549,6 +564,8 @@ static void suite_listeners_access_control_fini(void)
CRYPTO_cleanup_all_ex_data();
REMOVE_THREAD_STATE();
ERR_free_strings();
return 0;
}
static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control_listener *instance, const dds_security_access_control *plugin, const DDS_Security_PermissionsHandle handle)
@ -559,11 +576,11 @@ static DDS_Security_boolean on_revoke_permissions_cb(dds_security_access_control
permission_handle_for_callback1 = handle;
else if (permission_handle_for_callback2 == DDS_SECURITY_HANDLE_NIL)
permission_handle_for_callback2 = handle;
printf("Listener called for handle: %lld Local:%ld Remote:%ld\n", (long long)handle, local_permissions_handle, remote_permissions_handle);
printf("Listener called for handle: %lld Local:%lld Remote:%lld\n", (long long)handle, (long long)local_permissions_handle, (long long)remote_permissions_handle);
return true;
}
CU_Test(ddssec_builtin_listeners_access_control, local_2secs, .init = suite_listeners_access_control_init, .fini = suite_listeners_access_control_fini)
CU_Test(ddssec_builtin_listeners_access_control, local_2secs)
{
DDS_Security_PermissionsHandle result;
DDS_Security_PermissionsToken permissions_token;

120
src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Governance.p7s Normal file
View file

@ -0,0 +1,120 @@
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----8F2D5CA80FE8B4509AF031712E008F0E"
This is an S/MIME signed message
------8F2D5CA80FE8B4509AF031712E008F0E
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?>
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_governance.xsd">
<domain_access_rules>
<domain_rule>
<domains>
<!-- All domains -->
<id_range>
<min>0</min>
<max>230</max>
</id_range>
</domains>
<!-- DomainParticipant that cann not authenticate or fail the authentication should be
allowed to join the domain and see any any discovery data that are configured as "unprotected"
and topics that are configured as "unprotected" -->
<allow_unauthenticated_participants>true</allow_unauthenticated_participants>
<!-- Only and any authenticated DomainParticipant should be allowed to join the domain and
see the discovery data without checking access control -->
<enable_join_access_control>true</enable_join_access_control>
<!-- Discovery information should be protected with encryption followed by MAC (Message Authentication Codes) -->
<discovery_protection_kind>ENCRYPT</discovery_protection_kind>
<!-- Liveliness messages are also encrypted -->
<liveliness_protection_kind>ENCRYPT</liveliness_protection_kind>
<!-- Whole RTPS message is not protected -->
<rtps_protection_kind>ENCRYPT</rtps_protection_kind>
<topic_access_rules>
<topic_rule>
<!-- All (non-builtin) topics -->
<topic_expression>*</topic_expression>
<!-- Liveliness QoS data is protected -->
<enable_liveliness_protection>true</enable_liveliness_protection>
<!-- The discovery information on specific Topics should be sent
using the secure (protected) discovery writers -->
<enable_discovery_protection>true</enable_discovery_protection>
<!-- The read access to all topics should be open to all. -->
<enable_read_access_control>true</enable_read_access_control>
<!-- The write access to all topics should be open to all. -->
<enable_write_access_control>true</enable_write_access_control>
<!-- Whole RTPS sub-message is protected. This includes metadata information
like sequence numbers, heartbeats, key hashes, gaps,
acknowledgment messages, etc. It also includes th possible payload. -->
<metadata_protection_kind>ENCRYPT</metadata_protection_kind>
<!-- The payload data sent on the Topic (serialized application level data) should be
protected with Encrypt then MAC. -->
<data_protection_kind>ENCRYPT</data_protection_kind>
</topic_rule>
</topic_access_rules>
</domain_rule>
</domain_access_rules>
</dds>
------8F2D5CA80FE8B4509AF031712E008F0E
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
MC8GCSqGSIb3DQEJBDEiBCCAw/IHksMBWVnBQEtBoPLvJ1B+9IvOrQ4OkihJ6q0v
ijB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAd
j3vO63v4bBbNhE0wZ8gWPHFfJsZO4JUu+ZzJ08hO1fku07Q13medyyp1+6jeZWoV
rCqQbG37xL1dx023wsRu+mYPSgEtIx2zBGW8ADk2qEIGAVPUPGUiVXl6+7esAmnP
AFDrt3Qp6nEZIr7iQ6i+4WW3kWM3o9C1ghSz4tVBjP9El5/yrux2mo5DTSeB8QMR
npMNgwgatwAxTwUrBpQj0FE5NUDm21OT1VwlUAGTHz6m5npw92p6qvQxFYufRzWj
XoADdJW0qgfbL00Gvoimi2K21cSUqiYcKU06eQeCkrLXyjif2JlFdKXvODwlydOy
dtwcKpPKVKgBI01+5Imf
------8F2D5CA80FE8B4509AF031712E008F0E--

98
src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Permissions_Alice.p7s Normal file
View file

@ -0,0 +1,98 @@
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----51AB97062CF028E6EBDDAA31699954BC"
This is an S/MIME signed message
------51AB97062CF028E6EBDDAA31699954BC
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?>
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
<permissions>
<grant name="OpenSplicePermissions">
<subject_name>/C=NL/ST=OV/L=Locality Name/OU=Organizational Unit Name/O=Example Organization/CN=Alice Example/emailAddress=alice@exampleltd.com</subject_name>
<validity>
<!-- Format is CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] in GMT -->
<not_before>2015-09-15T01:00:00</not_before>
<not_after>2115-09-15T01:00:00</not_after>
</validity>
<allow_rule>
<domains>
<id_range>
<min>0</min>
<max>230</max>
</id_range>
</domains>
<publish>
<topics>
<topic>*</topic>
</topics>
<partitions>
<partition>*</partition>
</partitions>
</publish>
<subscribe>
<topics>
<topic>*</topic>
</topics>
<partitions>
<partition>*</partition>
</partitions>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
</permissions>
</dds>
------51AB97062CF028E6EBDDAA31699954BC
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
MC8GCSqGSIb3DQEJBDEiBCAX5wSM0Og83gWKRmru9iCOm8h85e9oZ7rBebmSbLVN
1TB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAT
QZbljrtQs/FcBUJBYoenquAQ5++twy5LE6A06dASaHFDxSxPsAe0KBl9EWJzE59X
4k73u+4bJZiuLHUPztuXIUt3gEKM72DDT+ET/13dWdM2vtITW6HZ27nvkngE35cc
kdUqkLyeM5dzsSDpr3Ba8epulThlwl7bw9dUd2FUOBCc266da+q1lcChjwfC5GBu
GB7oWODhSAk6L9dici8w5q9ybygBkFJHXTZVtsXQWuNmDtXWB2ury++WQlvtNK0s
aF+dtQlyEx2vvi5tV195vncAt514uHJ9optdEbaIyMo51G53QD0Cq62QhuFusug0
nz2pgcEZ35JCd4gESMkL
------51AB97062CF028E6EBDDAA31699954BC--

98
src/security/builtin_plugins/tests/listeners_authentication/etc/Example_Permissions_Bob.p7s Normal file
View file

@ -0,0 +1,98 @@
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----EDFB3CE1089204FED046E2D32968C669"
This is an S/MIME signed message
------EDFB3CE1089204FED046E2D32968C669
Content-Type: text/plain
<?xml version="1.0" encoding="utf-8"?>
<dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_permissions.xsd">
<permissions>
<grant name="OpenSplicePermissions">
<subject_name>/C=NL/ST=OV/L=Locality Name/OU=Organizational Unit Name/O=Example Organization/CN=Bob Example/emailAddress=bob@exampleltd.com</subject_name>
<validity>
<!-- Format is CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm] in GMT -->
<not_before>2015-09-15T01:00:00</not_before>
<not_after>2115-09-15T01:00:00</not_after>
</validity>
<allow_rule>
<domains>
<id_range>
<min>0</min>
<max>230</max>
</id_range>
</domains>
<publish>
<topics>
<topic>*</topic>
</topics>
<partitions>
<partition>*</partition>
</partitions>
</publish>
<subscribe>
<topics>
<topic>*</topic>
</topics>
<partitions>
<partition>*</partition>
</partitions>
</subscribe>
</allow_rule>
<default>DENY</default>
</grant>
</permissions>
</dds>
------EDFB3CE1089204FED046E2D32968C669
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIIHiwYJKoZIhvcNAQcCoIIHfDCCB3gCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggRnMIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEB
CwUAMIHHMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2Fs
aXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4G
A1UECgwXRXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUg
UGVybWlzc2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNz
aW9uc2NhbHRkLm9yZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHH
MQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5h
bWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwX
RXhhbXBsZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlz
c2lvbnMgQ0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2Nh
bHRkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMha
h3xGfJy8f3lowPHIj6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXV
v0j9HCpQ3mRynNTyjLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZk
pwE30E6xvZrlQcrkQY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2
iXGZczCr9AqAszc/7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8p
LC+1FQPtkKmcVXO8oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtd
ZJVMa2rYCk8CAwEAAaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pg
MB8GA1UdIwQYMBaAFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH
89ijEdMYlKKLYT0R18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TV
zOKAJ8NttCyW3YqriUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHER
IbCIohKi/2mk1JZS9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYN
gDFVUZx0At4zzRjGTvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4
h1feIH+aucsAKBz1Ne5fTiTCannlKvLl8xWz5IdzP7gF0LIxggLoMIIC5AIBATCB
1TCBxzELMAkGA1UEBhMCTkwxCzAJBgNVBAgMAk9WMRYwFAYDVQQHDA1Mb2NhbGl0
eSBOYW1lMSEwHwYDVQQLDBhPcmdhbml6YXRpb25hbCBVbml0IE5hbWUxIDAeBgNV
BAoMF0V4YW1wbGUgQ0EgT3JnYW5pemF0aW9uMR8wHQYDVQQDDBZFeGFtcGxlIFBl
cm1pc3Npb25zIENBMS0wKwYJKoZIhvcNAQkBFh5hdXRob3JpdHlAcGVybWlzc2lv
bnNjYWx0ZC5vcmcCCQDN8gLVC3GhCDANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTEyMDcxNjAxMjZa
MC8GCSqGSIb3DQEJBDEiBCCEqUh7CpMRXpSMDeuCmSMz+I6WXjXpO2HRkCdRSczj
1TB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJ
YIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0D
AgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQAL
ExoTydhBE/8GgnqGp39cRVQ0Z1YIc55uACZK1V37R2b8rY4upLA7iHyzCBXQOwCz
mhjHfaNdW8twWru34EvD17RTfk49Lvmge4ceipgmqKwGVyTO57P5xzDaC+2F2KEi
+s6/YWIslixMhlQyuxZsmQDbRWcmQ1FRy7LJ80cctlDA44IviaEfv/u2+sqJgPNL
Z5AHMEv/qceKjtm/Wh7sdFhjfM4ZnfUWFB6Ni/sdNSmO9O3j9OHfpkzMJHxM4B5r
G5pMNDn2xibxwlx41he7mfENIjuk4Z3VDaTCTs++8GyivvvsCZSVimd0iuI1kVmd
JL58DFeKqgEZ358rN9/5
------EDFB3CE1089204FED046E2D32968C669--

25
src/security/builtin_plugins/tests/listeners_authentication/etc/Identity_CA_Cert.pem Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEOTCCAyGgAwIBAgIJAPq0b61+PT2WMA0GCSqGSIb3DQEBCwUAMIGyMQswCQYD
VQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAf
BgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEaMBgGA1UECgwRRXhhbXBs
ZSBTaWduZXIgQ0ExEzARBgNVBAMMCkV4YW1wbGUgQ0ExKjAoBgkqhkiG9w0BCQEW
G2F1dGhvcml0eUBpZGVudGl0eWNhbHRkLm9yZzAeFw0xOTAyMTIxMDIxNTJaFw0y
OTAyMDkxMDIxNTJaMIGyMQswCQYDVQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNV
BAcMDUxvY2FsaXR5IE5hbWUxITAfBgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQg
TmFtZTEaMBgGA1UECgwRRXhhbXBsZSBTaWduZXIgQ0ExEzARBgNVBAMMCkV4YW1w
bGUgQ0ExKjAoBgkqhkiG9w0BCQEWG2F1dGhvcml0eUBpZGVudGl0eWNhbHRkLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCBJ1r/2AcSHorpA2G2
WR0CvGHPhhY2x93twW91LCJVOVzO0LuOscZXSkWDtAhyhy1EZN6r+4aLbMku/wVJ
kdjHPD+WSVEZn70LxYSgxiUwXalpa5RQeTkEHll5cSgtE8kSD4/HIxBsbwizeDVV
g8SWpBVb044GM4O3TDbCug9F7GJFzqcbSHQZnHO+3nWu6f21BEU7PZjrFox1NREN
g3H7WmNISx4DOK9bJcWS/i4qJjTxjQPPFmzGvRgO2FfWP+xYb70x/iOeKsML2y+d
XZqL99yzfP1dnpDtBzCTqJJizfuNMD6gvIXyk2PUy3FpAYoI9BvUehdWCP/okikx
5jsCAwEAAaNQME4wHQYDVR0OBBYEFL7LTHLvMsEeUDjMYeW4+DcXn62PMB8GA1Ud
IwQYMBaAFL7LTHLvMsEeUDjMYeW4+DcXn62PMAwGA1UdEwQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAIDJ4g6aVGIVXDSQ5R2yY9I82zsRf3k+yRF/BBkqBP1XXYRA
6lk7Wk4y6+DmL9qbVG/xrkTCC066J8kVblOyfFP1LHAzlNOQE7aU+tyrAufW4fpz
f/Gv8PBQUTQGr8vNqLUuEdoQjzARm8g7L3qeXhIKjiWsWi99ibnm/jTjol1GleIX
RudKSSGyMcB2VgRjCEEIYrkXdkIfrznKcJxzUw3dsGx277dB+4iFLcqf1YDpoRe2
aSwbtgx+lLZ4KXWtikBSmLSRBq9j2aGtKO08kru0U3jQo6B4Bvzp1KuJCBiktueY
yNRfgh8ggNERYF/SpVr/ivm3RM+mnWd3QpmVolw=
-----END CERTIFICATE-----

27
src/security/builtin_plugins/tests/listeners_authentication/etc/Identity_CA_Private_Key.pem Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAoIEnWv/YBxIeiukDYbZZHQK8Yc+GFjbH3e3Bb3UsIlU5XM7Q
u46xxldKRYO0CHKHLURk3qv7hotsyS7/BUmR2Mc8P5ZJURmfvQvFhKDGJTBdqWlr
lFB5OQQeWXlxKC0TyRIPj8cjEGxvCLN4NVWDxJakFVvTjgYzg7dMNsK6D0XsYkXO
pxtIdBmcc77eda7p/bUERTs9mOsWjHU1EQ2DcftaY0hLHgM4r1slxZL+LiomNPGN
A88WbMa9GA7YV9Y/7FhvvTH+I54qwwvbL51dmov33LN8/V2ekO0HMJOokmLN+40w
PqC8hfKTY9TLcWkBigj0G9R6F1YI/+iSKTHmOwIDAQABAoIBAAc5iRH5jjnTQPiz
wGk3kg9SPjSQ6NI7KQf+WcSwm4n4GBrrXE31AF+TMk6qvQHcVeVdvMShLTNDN2Re
7y/Hvf7qCPY7x5UU+DHEQ+HSctjdsnmbuzHz5WEBpHQWmVdboBZe78BjEFr+5oiX
u4N7E/FXbo9fkMhF0y/MomucnE9vnhFsCj/Qz+gqKJDz7n+jY1G9loGJpoZoGllK
s2+HzbY5qVKrrpDzD5FO5i+M/Obk4uwZVDSnFL316SKe9MzdlrH9ochdtsGlver8
YsYtetqHy4QgE/WZLSgwQoYY7nlKnkAKUnGvTJ8pnmO2FkO9SAQsBIl32rURMQFY
2C7ka5ECgYEAz13hOWwsefCkMTpXOXpeagCACN86Oqel+gV+UYDWnRdwDrUKBhjA
u40+NVaxuJSNKV3mC0N2PxwTuYzQ6BOQgmNzlxv0xyKwkGW/d6F8VunV2mqb3EAL
m9qzN1k08V30RikSMCt1OV5isuUiC4ox3ToboLTibXKnbEFWjT3juM8CgYEAxiW0
+CvqJQjrjJ/valshCQDF4fYLa2uTJcdDifyU3HVTn06yy0z42tLBhHCv8RY/SBRK
IqR3RDhYJbBgLhG7oBDvoGWUEhdGJ+z6qcw9v1tDj9QD1bQF7RJvuh2JA7mhbFe5
cIptcDJNRN7PCrjqGksQfy8Gg6ABOGFhz3xZPtUCgYBeFpKio1pq2a0mSPpashM0
tZVicSbShk7g6q0t/e9ix8eoZKxvp7uLXcLkILnyrjR+mIRQiAOXDv5EKoh/RKFF
CCriXWTrFepXGlONzE/Gf8Lwn36oqMabqNe4PVmwSpkTXH9MK+u8Y/8UfLK92a5W
Wo8+k9RJJMSiceL7oyE4MQKBgQCkVg2bbkCJaraBMPxNxzrEzsFPwNKDyvqFcJhR
TwzfMuehzpF3D2WthvI8t4EUgJEHZNx/ksvf5qMkzv1V+BsWjDVRYC3IO0lSP7c9
MEld9YE5PmvXx7DKiGnlgC1sy35X7wG7lvNhBDcVkX1BtU9jczJBaW0LqZ6Zdhq7
DLSv6QKBgQDNZpHEwi2P2LdlTRgbc4IWYjZZJaj+RrG881lgi+v8SI4E8eizlxLw
9HlG1nydvRqtU3T5h8UuqLOlXbfvQ7GOxVO2uJjtjJHZ8KbsFUH5i3UwZ+llyrRW
Y1ydvvE9Hux6I7I3L42J11jphNYKw/YwARkp8/Bc/wzKsGlnh3Oh+w==
-----END RSA PRIVATE KEY-----

26
src/security/builtin_plugins/tests/listeners_authentication/etc/Permissions_CA_Cert.pem Normal file
View file

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEYzCCA0ugAwIBAgIJAM3yAtULcaEIMA0GCSqGSIb3DQEBCwUAMIHHMQswCQYD
VQQGEwJOTDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAf
BgNVBAsMGE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwXRXhhbXBs
ZSBDQSBPcmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlzc2lvbnMg
Q0ExLTArBgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2NhbHRkLm9y
ZzAeFw0xOTAyMTIxMzUyMzJaFw0yOTAyMDkxMzUyMzJaMIHHMQswCQYDVQQGEwJO
TDELMAkGA1UECAwCT1YxFjAUBgNVBAcMDUxvY2FsaXR5IE5hbWUxITAfBgNVBAsM
GE9yZ2FuaXphdGlvbmFsIFVuaXQgTmFtZTEgMB4GA1UECgwXRXhhbXBsZSBDQSBP
cmdhbml6YXRpb24xHzAdBgNVBAMMFkV4YW1wbGUgUGVybWlzc2lvbnMgQ0ExLTAr
BgkqhkiG9w0BCQEWHmF1dGhvcml0eUBwZXJtaXNzaW9uc2NhbHRkLm9yZzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKD6nYCszMhah3xGfJy8f3lowPHI
j6zcldVYs5Krg7zXxZn+20lAMHUfgQcWZAauKbCnokYfTvXVv0j9HCpQ3mRynNTy
jLjc7HxAe6kfaJ75PoIoOMMQMEGvPOqRUq0tomVVJvcgzZZkpwE30E6xvZrlQcrk
QY/aOQ0sbje+RN8RKQ9vf6O45Np/0m2K5ohZPlBqg4F539v2iXGZczCr9AqAszc/
7rOPX1aqZmmRDou0T+Zhx3ZZSAwZYQtr7uvvlUeGmDhNh+8pLC+1FQPtkKmcVXO8
oZWm5N8piOvH3M+v3qhyPtLv30cpl0bDiFl+PN7nZ6InOOtdZJVMa2rYCk8CAwEA
AaNQME4wHQYDVR0OBBYEFA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMB8GA1UdIwQYMBaA
FA/CtiP8Z5Fk4aWDIb2j3FPwh9pgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBACBupRddIR9zYBFLGFTzeiW+H1tRRKz+B3SWnCJH89ijEdMYlKKLYT0R
18lCV0vHnl29bU1CPlkLn+GQkvdfIjKguWEQKTP+GLzoa9TVzOKAJ8NttCyW3Yqr
iUOUGKqra1Fdt8nvrAyZUF+v/k8pTInmCvwu3l5HrVhkKHERIbCIohKi/2mk1JZS
9reWvZhqLoUIw5IDFlqtBDYOfMaqm8XF01YjEDBM6OuyQzYNgDFVUZx0At4zzRjG
TvqpLTkDYL1A3v4QYXZcwZiKeEVbFuNkauXgD+8pEZMB8yL4h1feIH+aucsAKBz1
Ne5fTiTCannlKvLl8xWz5IdzP7gF0LI=
-----END CERTIFICATE-----

2105
src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c Normal file
View file

File diff suppressed because it is too large Load diff

2
src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c
View file

@ -523,7 +523,7 @@ validate_local_identity(const char* trusted_ca_dir)
char trusted_ca_dir_path[1024];
dds_security_property_init(&participant_qos.property.value, 4);
#ifdef WIN32
snprintf(trusted_ca_dir_path, 1024, "%s\\testsuite\\dbt\\security_plugin\\tests\\validate_begin_handshake_reply\\etc\\%s", CONFIG_ENV_TESTS_DIR,trusted_ca_dir);
snprintf(trusted_ca_dir_path, 1024, "%s\\validate_begin_handshake_reply\\etc\\%s", CONFIG_ENV_TESTS_DIR, trusted_ca_dir);
#else
snprintf(trusted_ca_dir_path, 1024, "%s/validate_begin_handshake_reply/etc/%s", CONFIG_ENV_TESTS_DIR, trusted_ca_dir);
#endif

9
src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c
View file

@ -220,7 +220,7 @@ static const char *unrelated_identity =
"B7DMeaVlLClGQaKZZ7aexEx9se+IyLn2\n"
"-----END CERTIFICATE-----\n";
#ifdef TRUSTED_CA_DIR_IMPLEMENTED
static const char *remote_identity_trusted =
"-----BEGIN CERTIFICATE-----\n"
"MIIDcDCCAligAwIBAgIBBTANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n"
@ -297,7 +297,6 @@ static const char *remote_identity_trusted_expired =
"O3gAjPUL0jzRztp5Yj3dYPV8YyJHLEKr75IXNedV9YKhT4f6kTS3UEjMTqYbYsix\n"
"MtqgY283RjsExzjNvw==\n"
"-----END CERTIFICATE-----\n";
#endif
static struct plugins_hdl *plugins = NULL;
static dds_security_authentication *auth = NULL;
@ -1968,10 +1967,7 @@ CU_Test(ddssec_builtin_validate_begin_handshake_reply,return_handle, .init = in
}
/*TODO: test is waiting for Trusted CA parsing function */
#if(0)
CU _ Test(validate_begin_handshake_reply,extended_certificate_check )
CU_Test(validate_begin_handshake_reply,extended_certificate_check, .init = init_testcase, .fini = fini_testcase )
{
DDS_Security_ValidationResult_t result;
DDS_Security_HandshakeHandle handshake_handle;
@ -2107,4 +2103,3 @@ CU _ Test(validate_begin_handshake_reply,extended_certificate_check )
handshake_message_deinit(&handshake_token_out);
reset_exception(&exception);
}
#endif

7
src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c
View file

@ -2017,9 +2017,7 @@ CU_Test(ddssec_builtin_validate_local_identity,no_file)
}
/* TODO: Should be enabled after implementing trusted ca dir parsing*/
#if(0)
CU _ Test(validate_local_identity,with_extended_certificate_check)
CU_Test(ddssec_builtin_validate_local_identity,with_extended_certificate_check)
{
DDS_Security_ValidationResult_t result;
DDS_Security_IdentityHandle local_identity_handle = DDS_SECURITY_HANDLE_NIL;
@ -2042,7 +2040,7 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
fill_participant_qos(&participant_qos, false, identity_certificate,
false, identity_ca,
false, private_key,
false, private_key_pem,
NULL,
"trusted_ca_dir");
/* Now call the function. */
@ -2106,4 +2104,3 @@ CU _ Test(validate_local_identity,with_extended_certificate_check)
}
#endif

6
src/security/core/include/dds/security/core/dds_security_timed_cb.h
View file

@ -25,7 +25,11 @@ extern "C" {
*/
struct dds_security_timed_dispatcher_t;
struct dds_security_timed_cb_data_t;
/**
* The timed callback structure holds a list of dispatchers and manages
* the thread that calls the dispatchers callbacks.
*/
struct dds_security_timed_cb_data;
/**
* The callback is triggered by two causes:

1
src/security/core/src/dds_security_utils.c
View file

@ -1291,3 +1291,4 @@ DDS_Security_parse_xml_date(
return DDS_TIME_INVALID;
}