diff --git a/src/core/ddsc/tests/CMakeLists.txt b/src/core/ddsc/tests/CMakeLists.txt index bb6dbe7..62e8844 100644 --- a/src/core/ddsc/tests/CMakeLists.txt +++ b/src/core/ddsc/tests/CMakeLists.txt @@ -74,10 +74,40 @@ set(CUnit_ddsc_config_simple_udp_uri "file://${CUnit_ddsc_config_simple_udp_file set(CUnit_ddsc_config_simple_udp_max_participants "0") set(CUnit_ddsc_config_simple_udp_env "${PROJECT_NAME_CAPS}_URI=${CUnit_ddsc_config_simple_udp_uri};MAX_PARTICIPANTS=${CUnit_ddsc_config_simple_udp_max_participants};${CUnit_ddsc_config_simple_udp_env}") + +unset(test_lib_tests) +# Let the cunit application know the location and name of the security mock libraries. +#file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}/../../../security/core/tests/plugin_loading" test_lib_native_dir) + + +file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/src/security/core/tests/plugin_loading" test_lib_native_dir) +file(TO_NATIVE_PATH "/" test_lib_sep) +string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir}) +string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep}) + +process_cunit_source_file("config.c" test_lib_header test_lib_suites test_lib_tests) +foreach(libtest ${test_lib_tests}) + string(REPLACE ":" ";" libtest ${libtest}) + list(GET libtest 0 suite) + list(GET libtest 1 test) + set(libtestname "CUnit_${suite}_${test}") + if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*") + set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}") + else() + set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}") + endif() +endforeach() + + + set_tests_properties( CUnit_ddsc_config_simple_udp PROPERTIES REQUIRED_FILES ${CUnit_ddsc_config_simple_udp_file} ENVIRONMENT "${CUnit_ddsc_config_simple_udp_env}") -configure_file("config_env.h.in" "config_env.h") +configure_file("config_env.h.in" "config_env.h" @ONLY) + + + + diff --git a/src/core/ddsc/tests/config.c b/src/core/ddsc/tests/config.c index ff8d975..644867c 100644 --- a/src/core/ddsc/tests/config.c +++ b/src/core/ddsc/tests/config.c @@ -22,6 +22,10 @@ #include "dds/ddsi/q_misc.h" #include "dds/ddsi/q_xqos.h" +#ifdef DDSI_INCLUDE_SECURITY +#include "dds/security/dds_security_api_defs.h" +#endif + #define FORCE_ENV #define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" @@ -94,193 +98,215 @@ CU_Test (ddsc_config, user_config, .init = ddsrt_init, .fini = ddsrt_fini) static uint32_t found; static void logger(void *ptr, const dds_log_data_t *data) { - char **expected = (char**)ptr; - for (uint32_t i = 0; expected[i] != NULL; i++) { - if (ddsi2_patmatch(expected[i], data->message)) { - found |= (uint32_t)(1 << i); - } - } + char **expected = (char**)ptr; + for (uint32_t i = 0; expected[i] != NULL; i++) { + if (ddsi2_patmatch(expected[i], data->message)) { + found |= (uint32_t)(1 << i); + } + } } CU_Test(ddsc_config, security_non, .init = ddsrt_init, .fini = ddsrt_fini) { - /* There shouldn't be traces that mention security. */ - const char *log_expected[] = { - "*Security*", - NULL - }; + /* There shouldn't be traces that mention security. */ + const char *log_expected[] = { + "*Security*", + NULL + }; - dds_entity_t participant; + dds_entity_t participant; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant > 0); - dds_delete(participant); + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant > 0); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); - /* No security traces should have been provided. */ - CU_ASSERT_FATAL(found == 0x0); + /* No security traces should have been provided. */ + CU_ASSERT_FATAL(found == 0x0); } CU_Test(ddsc_config, security_empty, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with an empty security element. */ - const char *log_expected[] = { + /* Expected traces when creating participant with an empty security element. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", #endif NULL - }; + }; - dds_entity_t participant; + dds_entity_t participant; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, ""); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant < 0); + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, ""); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant < 0); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #else - CU_ASSERT_FATAL(found == 0x7); + CU_ASSERT_FATAL(found == 0x7); #endif } CU_Test(ddsc_config, security_missing, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", - "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCertificate/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/IdentityCA/#text: element missing in configuration*", + "config: //CycloneDDS/Domain/DDSSecurity/Authentication/PrivateKey/#text: element missing in configuration*", #endif NULL }; - /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ - const char *sec_config = - "finest" - "" - "" - "" - "" - "" - "testtext_Password_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; + /* IdentityCertificate, IdentityCA and PrivateKey values or elements are missing. */ + const char *sec_config = + "finest" + "" + "" + "" + "" + "" + "testtext_Password_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + ""; - dds_entity_t participant; + dds_entity_t participant; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create participant with an empty security element. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - CU_ASSERT_FATAL(participant < 0); - - /* All traces should have been provided. */ + /* Create participant with an empty security element. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(participant < 0); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #else - CU_ASSERT_FATAL(found == 0x7); + CU_ASSERT_FATAL(found == 0x7); #endif } CU_Test(ddsc_config, security_all, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - "config: Domain/DDSSecurity/Authentication/Library/#text: dds_security_auth*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: dds_security_auth*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_ac*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: dds_security_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: dds_security_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},{dds.sec.access.governance,file:Governance.p7s,0},{dds.sec.access.permissions,file:Permissions.p7s,0},{dds.sec.auth.password,testtext_Password_testtext,0},{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", -#endif - NULL - }; + "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + +#endif + NULL + }; + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "" - ""; dds_entity_t participant; @@ -296,6 +322,8 @@ CU_Test(ddsc_config, security_all, .init = ddsrt_init, .fini = ddsrt_fini) { participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); ddsrt_setenv(URI_VARIABLE, ""); dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY @@ -312,8 +340,8 @@ CU_Test(ddsc_config, security, .init = ddsrt_init, .fini = ddsrt_fini) { #ifndef DDSI_INCLUDE_SECURITY "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - "config: Domain/DDSSecurity/Authentication/Library/#text: dds_security_auth*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: dds_security_auth*", + "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", @@ -321,42 +349,58 @@ CU_Test(ddsc_config, security, .init = ddsrt_init, .fini = ddsrt_fini) { "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", "config: Domain/DDSSecurity/Authentication/Password/#text: {}*", "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: {}*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_ac*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: dds_security_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: dds_security_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},{dds.sec.access.governance,file:Governance.p7s,0},{dds.sec.access.permissions,file:Permissions.p7s,0}}binary_value={}}*}*", + "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,,0}," + "{dds.sec.auth.trusted_ca_dir,,0}}binary_value={}}*}*", #endif - NULL - }; + NULL + }; - const char *sec_config = - "finest" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; + const char *sec_config = + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + ""; dds_entity_t participant; @@ -372,6 +416,8 @@ CU_Test(ddsc_config, security, .init = ddsrt_init, .fini = ddsrt_fini) { participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); ddsrt_setenv(URI_VARIABLE, ""); dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY @@ -388,404 +434,508 @@ CU_Test(ddsc_config, security_deprecated, .init = ddsrt_init, .fini = ddsrt_fini #ifndef DDSI_INCLUDE_SECURITY "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - "config: Domain/DDSSecurity/Authentication/Library/#text: dds_security_auth*", - "config: Domain/DDSSecurity/Authentication/Library[@path]: dds_security_auth*", - "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", - "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", - "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", - "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", - "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", - "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", - "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", - "config: Domain/DDSSecurity/AccessControl/Library/#text: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@path]: dds_security_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_ac*", - "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_ac*", - "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", - "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", - "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", - "config: Domain/DDSSecurity/Cryptographic/Library/#text: dds_security_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@path]: dds_security_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", - "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0},{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0},{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0},{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0},{dds.sec.access.governance,file:Governance.p7s,0},{dds.sec.access.permissions,file:Permissions.p7s,0},{dds.sec.auth.password,testtext_Password_testtext,0},{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + "config: Domain/DDSSecurity/Authentication/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Authentication/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Authentication/Library[@initFunction]: init_authentication*", + "config: Domain/DDSSecurity/Authentication/Library[@finalizeFunction]: finalize_authentication*", + "config: Domain/DDSSecurity/Authentication/IdentityCertificate/#text: testtext_IdentityCertificate_testtext*", + "config: Domain/DDSSecurity/Authentication/IdentityCA/#text: testtext_IdentityCA_testtext*", + "config: Domain/DDSSecurity/Authentication/PrivateKey/#text: testtext_PrivateKey_testtext*", + "config: Domain/DDSSecurity/Authentication/Password/#text: testtext_Password_testtext*", + "config: Domain/DDSSecurity/Authentication/TrustedCADirectory/#text: testtext_Dir_testtext*", + "config: Domain/DDSSecurity/AccessControl/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/AccessControl/Library[@initFunction]: init_access_control*", + "config: Domain/DDSSecurity/AccessControl/Library[@finalizeFunction]: finalize_access_control*", + "config: Domain/DDSSecurity/AccessControl/PermissionsCA/#text: file:Permissions_CA.pem*", + "config: Domain/DDSSecurity/AccessControl/Governance/#text: file:Governance.p7s*", + "config: Domain/DDSSecurity/AccessControl/Permissions/#text: file:Permissions.p7s*", + "config: Domain/DDSSecurity/Cryptographic/Library/#text: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@path]: "CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX"*", + "config: Domain/DDSSecurity/Cryptographic/Library[@initFunction]: init_crypto*", + "config: Domain/DDSSecurity/Cryptographic/Library[@finalizeFunction]: finalize_crypto*", + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0},{dds.sec.access.library.finalize,finalize_access_control,0},{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", #endif - NULL - }; + NULL + }; - const char *sec_config = - "<"DDS_PROJECT_NAME">" - "" - "any" - "" - "" - "" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "testtext_Password_testtext" - "testtext_Dir_testtext" - "" - "" - "" - "" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - "" - "finest" - "" - ""; + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "any" + "" + "" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "finest" + "" + ""; + dds_entity_t participant; - dds_entity_t participant; + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #else - CU_ASSERT_FATAL(found == 0x1fffff); + CU_ASSERT_FATAL(found == 0x1fffff); #endif } CU_Test(ddsc_config, security_qos, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { #ifdef DDSI_INCLUDE_SECURITY - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}" - "}binary_value={}}*}*", -#endif - NULL - }; + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," + "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}}binary_value={}}*}*", + #endif + NULL + }; - dds_entity_t participant; - dds_qos_t * qos; + dds_entity_t participant; + dds_qos_t * qos; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create the qos */ - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop (qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop (qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop (qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop (qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); + dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_delete_qos(qos); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0); + CU_ASSERT_FATAL(found == 0); #else - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #endif } CU_Test(ddsc_config, security_qos_props, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { #ifdef DDSI_INCLUDE_SECURITY - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{test.prop1,testtext_value1_testtext,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}," - "{dds.sec.auth.password,testtext_Password_testtext,0}," - "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," - "{test.prop2,testtext_value2_testtext,0}}" - "binary_value={{test.bprop1,(3,*),0}}}*}*", -#endif - NULL - }; + /* The config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={" + "{test.prop1,testtext_value1_testtext,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,file:/test/dir,0}," + "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{test.prop2,testtext_value2_testtext,0}}" + "binary_value={{test.bprop1,(3,*),0}}}*}*", - dds_entity_t participant; - dds_qos_t * qos; + #endif + NULL + }; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + dds_entity_t participant; + dds_qos_t * qos; - /* Create the qos */ - unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); - dds_qset_prop (qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); - dds_qset_prop (qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); - dds_qset_prop (qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); - dds_qset_prop (qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); - dds_qset_prop (qos, "dds.sec.access.governance", "file:Governance.p7s"); - dds_qset_prop (qos, "dds.sec.access.permissions", "file:Permissions.p7s"); - dds_qset_prop (qos, "dds.sec.auth.password", "testtext_Password_testtext"); - dds_qset_prop (qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); - dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, "finest"); - CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:Permissions.p7s"); + dds_qset_prop(qos, "dds.sec.auth.password", "testtext_Password_testtext"); + dds_qset_prop(qos, "dds.sec.auth.trusted_ca_dir", "file:/test/dir"); - /* All traces should have been provided. */ + dds_qset_prop(qos, "dds.sec.auth.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.auth.library.init", "init_authentication"); + dds_qset_prop(qos, "dds.sec.auth.library.finalize", "finalize_authentication"); + dds_qset_prop(qos, "dds.sec.crypto.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.crypto.library.init", "init_crypto"); + dds_qset_prop(qos, "dds.sec.crypto.library.finalize", "finalize_crypto"); + dds_qset_prop(qos, "dds.sec.access.library.path", ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, "dds.sec.access.library.init", "init_access_control"); + dds_qset_prop(qos, "dds.sec.access.library.finalize", "finalize_access_control"); + + dds_qset_prop(qos, "test.prop2", "testtext_value2_testtext"); + + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_IdentityCA_testtext"); + + dds_qset_bprop(qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + CU_ASSERT_FATAL(participant > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); + + + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0); + CU_ASSERT_FATAL(found == 0); #else - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #endif } CU_Test(ddsc_config, security_config_qos, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expect qos settings used when creating participant with config security elements and qos. */ - const char *log_expected[] = { + /* Expect qos settings used when creating participant with config security elements and qos. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - /* The security settings from qos properties should have been parsed into the participant QoS. */ - "new_participant(*): using security settings from QoS, ignoring security configuration*", - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:QOS_Governance.p7s,0}," - "{dds.sec.access.permissions,file:QOS_Permissions.p7s,0}" - "}binary_value={}}*}*", + /* The security settings from qos properties should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + "PARTICIPANT * QOS={*property_list={value={" + "{dds.sec.auth.identity_ca,testtext_QOS_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_QOS_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_QOS_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:QOS_Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:QOS_Governance.p7s,0}," + "{dds.sec.access.permissions,file:QOS_Permissions.p7s,0}," + "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}" + "}binary_value={}}*}*", + #endif + NULL + }; + + const char *sec_config = + "finest" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + ""; + + dds_entity_t participant; + dds_qos_t * qos; + + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext"); + dds_qset_prop(qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext"); + dds_qset_prop(qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext"); + dds_qset_prop(qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem"); + dds_qset_prop(qos, "dds.sec.access.governance", "file:QOS_Governance.p7s"); + dds_qset_prop(qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s"); +#ifdef DDSI_INCLUDE_SECURITY /*for using with constants coming from API */ + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, ""CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX""); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop(qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); #endif - NULL - }; + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - const char *sec_config = - "finest" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); - dds_entity_t participant; - dds_qos_t * qos; - - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "dds.sec.auth.identity_ca", "testtext_QOS_IdentityCA_testtext"); - dds_qset_prop (qos, "dds.sec.auth.private_key", "testtext_QOS_PrivateKey_testtext"); - dds_qset_prop (qos, "dds.sec.auth.identity_certificate", "testtext_QOS_IdentityCertificate_testtext"); - dds_qset_prop (qos, "dds.sec.access.permissions_ca", "file:QOS_Permissions_CA.pem"); - dds_qset_prop (qos, "dds.sec.access.governance", "file:QOS_Governance.p7s"); - dds_qset_prop (qos, "dds.sec.access.permissions", "file:QOS_Permissions.p7s"); - - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); - - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); - - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #else - CU_ASSERT_FATAL(found == 0x3); + CU_ASSERT_FATAL(found == 0x3); #endif } CU_Test(ddsc_config, security_other_prop, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expect config used when creating participant with config security elements and - * qos containing only non-security properties. */ - const char *log_expected[] = { + /* Expect config used when creating participant with config security elements and + * qos containing only non-security properties. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - /* The security settings from config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{test.dds.sec.prop1,testtext_value1_testtext,0}," - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}" - "}binary_value={}}*}*", -#endif - NULL - }; + /* The security settings from config should have been parsed into the participant QoS. */ + "PARTICIPANT * QOS={*property_list={value={{test.dds.sec.prop1,testtext_value1_testtext,0}," + "{dds.sec.auth.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_authentication_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.auth.library.init,init_authentication,0}," + "{dds.sec.auth.library.finalize,finalize_authentication,0}," + "{dds.sec.crypto.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_cryptography_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.crypto.library.init,init_crypto,0}," + "{dds.sec.crypto.library.finalize,finalize_crypto,0}," + "{dds.sec.access.library.path,"CONFIG_PLUGIN_MOCK_DIR""CONFIG_LIB_SEP""CONFIG_LIB_PREFIX"dds_security_access_control_all_ok"CONFIG_LIB_SUFFIX",0}," + "{dds.sec.access.library.init,init_access_control,0}," + "{dds.sec.access.library.finalize,finalize_access_control,0}," + "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," + "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," + "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," + "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," + "{dds.sec.access.governance,file:Governance.p7s,0}," + "{dds.sec.access.permissions,file:Permissions.p7s,0}," + "{dds.sec.auth.password,testtext_Password_testtext,0}," + "{dds.sec.auth.trusted_ca_dir,testtext_Dir_testtext,0}}binary_value={}}*}*", + #endif + NULL + }; - const char *sec_config = - "finest" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; + const char *sec_config = + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + ""; - dds_entity_t participant; - dds_qos_t * qos; + dds_entity_t participant; + dds_qos_t * qos; - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "test.dds.sec.prop1", "testtext_value1_testtext"); + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "test.dds.sec.prop1", "testtext_value1_testtext"); - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create participant with security elements. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - ddsrt_setenv(URI_VARIABLE, ""); - dds_delete(participant); - dds_delete_qos(qos); + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_delete(participant); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + dds_delete_qos(qos); - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #else - CU_ASSERT_FATAL(found == 0x1); + CU_ASSERT_FATAL(found == 0x1); #endif } CU_Test(ddsc_config, security_qos_invalid, .init = ddsrt_init, .fini = ddsrt_fini) { - /* Expected traces when creating participant with the security elements. */ - const char *log_expected[] = { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { #ifndef DDSI_INCLUDE_SECURITY - "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", + "config: //CycloneDDS/Domain: DDSSecurity: unknown element*", #else - /* The config should have been parsed into the participant QoS. */ - "PARTICIPANT * QOS={*property_list={value={" - "{dds.sec.auth.identity_ca,testtext_IdentityCA_testtext,0}," - "{dds.sec.auth.private_key,testtext_PrivateKey_testtext,0}," - "{dds.sec.auth.identity_certificate,testtext_IdentityCertificate_testtext,0}," - "{dds.sec.access.permissions_ca,file:Permissions_CA.pem,0}," - "{dds.sec.access.governance,file:Governance.p7s,0}," - "{dds.sec.access.permissions,file:Permissions.p7s,0}" - "}binary_value={}}*}*", - "new_participant(*): required security property "DDS_SEC_PROP_AUTH_IDENTITY_CA" missing in Property QoS*", - "new_participant(*): required security property "DDS_SEC_PROP_AUTH_PRIV_KEY" missing in Property QoS*", - "new_participant(*): required security property "DDS_SEC_PROP_AUTH_IDENTITY_CERT" missing in Property QoS*", - "new_participant(*): required security property "DDS_SEC_PROP_ACCESS_PERMISSIONS_CA" missing in Property QoS*", - "new_participant(*): required security property "DDS_SEC_PROP_ACCESS_GOVERNANCE" missing in Property QoS*", - "new_participant(*): required security property "DDS_SEC_PROP_ACCESS_PERMISSIONS" missing in Property QoS*", -#endif - NULL - }; + /* The config should have been parsed into the participant QoS. */ + "new_participant(*): using security settings from QoS*", + "new_participant(*): required security property dds.sec.auth.identity_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.private_key missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.identity_certificate missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions_ca missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.governance missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.permissions missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.auth.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.crypto.library.finalize missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.path missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.init missing in Property QoS*", + "new_participant(*): required security property dds.sec.access.library.finalize missing in Property QoS*", + #endif + NULL + }; - const char *sec_config = - "finest" - "" - "" - "testtext_IdentityCertificate_testtext" - "testtext_IdentityCA_testtext" - "testtext_PrivateKey_testtext" - "" - "" - "file:Governance.p7s" - "file:Permissions_CA.pem" - "file:Permissions.p7s" - "" - ""; + const char *sec_config = + "finest" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + ""; - dds_entity_t participant; - dds_qos_t * qos; + dds_entity_t participant; + dds_qos_t * qos; - /* Set up the trace sinks to detect the config parsing. */ - dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); - dds_set_log_sink(&logger, (void*)log_expected); - dds_set_trace_sink(&logger, (void*)log_expected); + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL | DDS_LC_ERROR | DDS_LC_WARNING | DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); - /* Create the qos */ - CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); - dds_qset_prop (qos, "dds.sec.dummy", "testtext_dummy_testtext"); + /* Create the qos */ + CU_ASSERT_FATAL((qos = dds_create_qos()) != NULL); + dds_qset_prop(qos, "dds.sec.dummy", "testtext_dummy_testtext"); - /* Create participant with security config in qos. */ - found = 0; - ddsrt_setenv(URI_VARIABLE, sec_config); - participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); - dds_delete_qos(qos); + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + dds_delete_qos(qos); #ifdef DDSI_INCLUDE_SECURITY - CU_ASSERT_EQUAL_FATAL (participant, DDS_RETCODE_ERROR); + CU_ASSERT_EQUAL_FATAL(participant, DDS_RETCODE_ERROR); #else - dds_delete(participant); + dds_delete(participant); #endif - ddsrt_setenv(URI_VARIABLE, ""); + ddsrt_setenv(URI_VARIABLE, ""); - /* All traces should have been provided. */ + /* All traces should have been provided. */ #ifndef DDSI_INCLUDE_SECURITY - CU_ASSERT_FATAL(found == 0x01); + CU_ASSERT_FATAL(found == 0x01); #else - CU_ASSERT_FATAL(found == 0x7e); + CU_ASSERT_FATAL(found == 0xffff); #endif - dds_set_log_sink(NULL, NULL); - dds_set_trace_sink(NULL, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); } diff --git a/src/core/ddsc/tests/config_env.h.in b/src/core/ddsc/tests/config_env.h.in index 5d984d6..60339cf 100644 --- a/src/core/ddsc/tests/config_env.h.in +++ b/src/core/ddsc/tests/config_env.h.in @@ -14,5 +14,9 @@ #define CONFIG_ENV_SIMPLE_UDP "@CUnit_ddsc_config_simple_udp_uri@" #define CONFIG_ENV_MAX_PARTICIPANTS "@CUnit_ddsc_config_simple_udp_max_participants@" +#define CONFIG_PLUGIN_MOCK_DIR "@test_lib_dir@" +#define CONFIG_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" +#define CONFIG_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" +#define CONFIG_LIB_SEP "@test_lib_sep@" #endif /* CONFIG_ENV_H */ diff --git a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h index 7ad3425..db0514e 100644 --- a/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h +++ b/src/core/ddsi/include/dds/ddsi/ddsi_security_omg.h @@ -17,6 +17,10 @@ #include "dds/ddsi/q_globals.h" #include "dds/ddsi/q_radmin.h" #include "dds/ddsi/q_xmsg.h" +#include "dds/ddsrt/retcode.h" +#include "dds/ddsrt/types.h" +#include "dds/ddsrt/sync.h" + #if defined (__cplusplus) extern "C" { @@ -30,6 +34,9 @@ typedef enum { #ifdef DDSI_INCLUDE_SECURITY +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_plugins.h" + typedef struct nn_msg_sec_info { int64_t src_pp_handle; int64_t dst_pp_handle; @@ -37,14 +44,7 @@ typedef struct nn_msg_sec_info { } nn_msg_sec_info_t; -/** - * @brief Check if any participant has security enabled. - * - * @returns bool - * @retval true Some participant is secure - * @retval false No participant is not secure - */ -bool q_omg_security_enabled(void); + /** * @brief Check if security is enabled for the participant. @@ -500,6 +500,30 @@ secure_conn_write( bool dst_one, nn_msg_sec_info_t *sec_info, ddsi_tran_write_fn_t conn_write_cb); + + +/** + * @brief Loads the security plugins with the given configuration. + * This function tries to load the plugins only once. Returns the same + * result on subsequent calls. + * It logs the reason and returns error if can not load a plugin. + * + * @param[in] qos Participant qos which owns the Property list + * that contains security configurations and + * plugin properties that are required for loading libraries + * @returns dds_return_t + * @retval DDS_RETCODE_OK All plugins are successfully loaded + * @retval DDS_RETCODE_ERROR One or more security plugins are not loaded. + */ +dds_return_t q_omg_security_load( struct dds_security_context *security_context, const dds_qos_t *qos ); + + +void q_omg_security_init( struct dds_security_context **sc); + +void q_omg_security_deinit( struct dds_security_context **sc); + +bool q_omg_is_security_loaded( struct dds_security_context *sc ); + /** * @brief Check if the participant and the proxy participant @@ -694,12 +718,6 @@ bool q_omg_security_match_remote_reader_enabled(struct writer *wr, struct proxy_ #include "dds/ddsi/q_unused.h" -inline bool -q_omg_security_enabled(void) -{ - return false; -} - inline bool q_omg_participant_is_secure( UNUSED_ARG(const struct participant *pp)) @@ -895,6 +913,17 @@ decode_rtps_message( return NN_RTPS_MSG_STATE_PLAIN; } +inline dds_return_t q_omg_security_load( UNUSED_ARG( struct dds_security_context *security_context ), UNUSED_ARG( const dds_qos_t *property_seq) ) +{ + return DDS_RETCODE_ERROR; +} + +inline void q_omg_security_init( UNUSED_ARG( struct dds_security_context *sc) ) {} + +inline void q_omg_security_deinit( UNUSED_ARG( struct dds_security_context *sc) ) {} + +inline bool q_omg_is_security_loaded( UNUSED_ARG( struct dds_security_context *sc )) { return false; } + #endif /* DDSI_INCLUDE_SECURITY */ #if defined (__cplusplus) diff --git a/src/core/ddsi/include/dds/ddsi/q_entity.h b/src/core/ddsi/include/dds/ddsi/q_entity.h index 2e3eba4..d769c12 100644 --- a/src/core/ddsi/include/dds/ddsi/q_entity.h +++ b/src/core/ddsi/include/dds/ddsi/q_entity.h @@ -220,6 +220,7 @@ struct participant int64_t local_identity_handle; /* OMG DDS Security related member */ int64_t permissions_handle; /* OMG DDS Security related member */ struct participant_sec_attributes *sec_attr; + nn_security_info_t security_info; #endif }; diff --git a/src/core/ddsi/include/dds/ddsi/q_globals.h b/src/core/ddsi/include/dds/ddsi/q_globals.h index 9ce01f4..4d12f96 100644 --- a/src/core/ddsi/include/dds/ddsi/q_globals.h +++ b/src/core/ddsi/include/dds/ddsi/q_globals.h @@ -46,6 +46,7 @@ struct ddsi_tran_factory; struct ddsrt_thread_pool_s; struct debug_monitor; struct ddsi_tkmap; +struct dds_security_context; typedef struct config_in_addr_node { nn_locator_t loc; @@ -296,6 +297,12 @@ struct q_globals { struct ddsi_builtin_topic_interface *builtin_topic_interface; struct nn_group_membership *mship; + + /* security globals */ +#ifdef DDSI_INCLUDE_SECURITY + struct dds_security_context *security_context; +#endif + }; #if defined (__cplusplus) diff --git a/src/core/ddsi/include/dds/ddsi/q_xqos.h b/src/core/ddsi/include/dds/ddsi/q_xqos.h index d77a21d..bb64519 100644 --- a/src/core/ddsi/include/dds/ddsi/q_xqos.h +++ b/src/core/ddsi/include/dds/ddsi/q_xqos.h @@ -321,21 +321,14 @@ DDS_EXPORT uint64_t nn_xqos_delta (const dds_qos_t *a, const dds_qos_t *b, uint6 DDS_EXPORT void nn_xqos_addtomsg (struct nn_xmsg *m, const dds_qos_t *xqos, uint64_t wanted); DDS_EXPORT void nn_log_xqos (uint32_t cat, const struct ddsrt_log_cfg *logcfg, const dds_qos_t *xqos); DDS_EXPORT dds_qos_t *nn_xqos_dup (const dds_qos_t *src); -DDS_EXPORT bool nn_xqos_has_prop (const dds_qos_t *xqos, const char *pname, bool startswith); +DDS_EXPORT bool nn_xqos_has_prop (const dds_qos_t *xqos, const char *pname, bool startswith, bool check_non_empty); #ifdef DDSI_INCLUDE_SECURITY -#define DDS_SEC_PROP_AUTH_IDENTITY_CA "dds.sec.auth.identity_ca" -#define DDS_SEC_PROP_AUTH_PRIV_KEY "dds.sec.auth.private_key" -#define DDS_SEC_PROP_AUTH_IDENTITY_CERT "dds.sec.auth.identity_certificate" -#define DDS_SEC_PROP_AUTH_PASSWORD "dds.sec.auth.password" -#define DDS_SEC_PROP_ACCESS_PERMISSIONS_CA "dds.sec.access.permissions_ca" -#define DDS_SEC_PROP_ACCESS_GOVERNANCE "dds.sec.access.governance" -#define DDS_SEC_PROP_ACCESS_PERMISSIONS "dds.sec.access.permissions" -#define DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR "dds.sec.auth.trusted_ca_dir" + struct omg_security_configuration_type; -DDS_EXPORT bool nn_xqos_mergein_security_config (dds_qos_t *xqos, const struct omg_security_configuration_type *cfg); +DDS_EXPORT void nn_xqos_mergein_security_config (dds_qos_t *xqos, const struct omg_security_configuration_type *cfg); #endif #if defined (__cplusplus) diff --git a/src/core/ddsi/src/ddsi_security_omg.c b/src/core/ddsi/src/ddsi_security_omg.c index 10fca50..0759f73 100644 --- a/src/core/ddsi/src/ddsi_security_omg.c +++ b/src/core/ddsi/src/ddsi_security_omg.c @@ -20,12 +20,43 @@ #include "dds/ddsrt/process.h" #include "dds/ddsi/q_bswap.h" -#include "dds/ddsi/q_unused.h" #include "dds/ddsi/q_radmin.h" #include "dds/ddsi/ddsi_entity_index.h" #include "dds/ddsi/ddsi_security_omg.h" #include "dds/ddsi/ddsi_sertopic.h" +#include "dds/ddsi/q_config.h" +#include "dds/ddsi/q_log.h" +#include "dds/ddsrt/sync.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_utils.h" +#include "dds/security/core/dds_security_plugins.h" +#include "dds/ddsrt/hopscotch.h" +#include "dds/ddsi/q_entity.h" +#include "dds/ddsi/q_xevent.h" +#include "dds/ddsi/q_plist.h" + + + +#define AUTH_NAME "Authentication" +#define AC_NAME "Access Control" +#define CRYPTO_NAME "Cryptographic" + +#define SECURITY_EXCEPTION_INIT {NULL, 0, 0} + +struct dds_security_context { + dds_security_plugin auth_plugin; + dds_security_plugin ac_plugin; + dds_security_plugin crypto_plugin; + + dds_security_authentication *authentication_context; + dds_security_cryptography *crypto_context; + dds_security_access_control *access_control_context; + ddsrt_mutex_t omg_security_lock; + uint32_t next_plugin_id; +}; + +typedef struct dds_security_context dds_security_context; static bool @@ -34,6 +65,7 @@ q_omg_writer_is_payload_protected( + static bool endpoint_is_DCPSParticipantSecure(const ddsi_guid_t *guid) { return ((guid->entityid.u == NN_ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_WRITER) || @@ -76,11 +108,209 @@ static bool endpoint_is_DCPSParticipantVolatileMessageSecure(const ddsi_guid_t * #endif } +bool q_omg_is_security_loaded( dds_security_context *sc ){ + if( sc->crypto_context == NULL && sc->authentication_context == NULL && sc->access_control_context == NULL){ + return false; + } else { + return true; + } +} -bool -q_omg_security_enabled(void) +void q_omg_security_init( dds_security_context **sc ) { - return false; + + + *sc = ddsrt_malloc( sizeof( dds_security_context)); + memset( *sc, 0, sizeof( dds_security_context)); + //if( participant_reference_count == 0 ){ + + (*sc)->auth_plugin.name = AUTH_NAME; + (*sc)->ac_plugin.name = AC_NAME; + (*sc)->crypto_plugin.name = CRYPTO_NAME; + + (void)ddsrt_mutex_init(&(*sc)->omg_security_lock); + DDS_LOG(DDS_LC_TRACE,"DDS Security init\n"); +#if HANDSHAKE_IMPLEMENTED + //remote_participant_crypto_handle_list_init(); +#endif + //} + + //participant_reference_count++; +} + + + +/** + * Releases all plugins + */ +static void release_plugins( dds_security_context *security_context ) +{ +#if HANDSHAKE_IMPLEMENTED + q_handshake_terminate(); +#endif + + + if (dds_security_plugin_release( &security_context->auth_plugin, security_context->authentication_context )) { + DDS_ERROR("Error occured releasing %s plugin", security_context->auth_plugin.name); + } + + if (dds_security_plugin_release( &security_context->crypto_plugin, security_context->crypto_context )) { + DDS_ERROR("Error occured releasing %s plugin", security_context->crypto_plugin.name); + } + + if (dds_security_plugin_release( &security_context->ac_plugin, security_context->access_control_context )) { + DDS_ERROR("Error occured releasing %s plugin", security_context->ac_plugin.name); + } + + security_context->authentication_context = NULL; + security_context->access_control_context = NULL; + security_context->crypto_context = NULL; +} + + +void q_omg_security_deinit( struct dds_security_context **security_context) { + + assert( security_context != NULL ); + assert( *security_context != NULL ); + +#if HANDSHAKE_IMPLEMENTED + //remote_participant_crypto_handle_list_deinit(); +#endif + if( (*security_context)->authentication_context != NULL && (*security_context)->access_control_context != NULL && (*security_context)->crypto_context != NULL ){ + release_plugins( *security_context ); + } + + ddsrt_mutex_destroy(&(*security_context)->omg_security_lock); + ddsrt_free( *security_context ); + *security_context = NULL; + + DDS_LOG(DDS_LC_TRACE,"DDS Security deinit\n"); +} + + + +static void +dds_qos_to_security_plugin_configuration( + const dds_qos_t *qos, + dds_security_plugin_suite_config *suite_config) +{ + uint32_t i; + +#define CHECK_SECURITY_PROPERTY( security_property, target ) \ + if(strcmp (qos->property.value.props[i].name, security_property) == 0){ \ + target = ddsrt_strdup( qos->property.value.props[i].value ); \ + } + + for (i = 0; i < qos->property.value.n; i++) { + CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_AUTH_LIBRARY_PATH, suite_config->authentication.library_path ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_AUTH_LIBRARY_INIT, suite_config->authentication.library_init ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, suite_config->authentication.library_finalize ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, suite_config->cryptography.library_path ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, suite_config->cryptography.library_init ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, suite_config->cryptography.library_finalize ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_ACCESS_LIBRARY_PATH, suite_config->access_control.library_path ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_ACCESS_LIBRARY_INIT, suite_config->access_control.library_init ) + else CHECK_SECURITY_PROPERTY( DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, suite_config->access_control.library_finalize ) + } + +#undef CHECK_SECURITY_PROPERTY +} + +static void deinit_plugin_config(dds_security_plugin_config *plugin_config){ + ddsrt_free( plugin_config->library_path ); + ddsrt_free( plugin_config->library_init ); + ddsrt_free( plugin_config->library_finalize ); +} + +static void deinit_plugin_suite_config(dds_security_plugin_suite_config *suite_config ){ + deinit_plugin_config( &suite_config->access_control ); + deinit_plugin_config( &suite_config->authentication ); + deinit_plugin_config( &suite_config->cryptography ); + +} + +dds_return_t q_omg_security_load( dds_security_context *security_context, + const dds_qos_t *qos) +{ + dds_return_t ret = DDS_RETCODE_ERROR; + + ddsrt_mutex_lock(&security_context->omg_security_lock); + + dds_security_plugin_suite_config plugin_suite_config; + + memset ( &plugin_suite_config, 0, sizeof(dds_security_plugin_suite_config)); + /* Get plugin information */ + + dds_qos_to_security_plugin_configuration( qos, &plugin_suite_config); + + /* Check configuration content */ + if( dds_security_check_plugin_configuration( &plugin_suite_config ) == DDS_RETCODE_OK ){ + + if (dds_security_load_security_library( + &(plugin_suite_config.authentication), &security_context->auth_plugin, + (void**) &security_context->authentication_context) == DDS_RETCODE_OK) { + + if (dds_security_load_security_library( + &(plugin_suite_config.access_control), &security_context->ac_plugin, + (void**) &security_context->access_control_context) == DDS_RETCODE_OK ) { + + if (dds_security_load_security_library( + &(plugin_suite_config.cryptography), &security_context->crypto_plugin, + (void**) &security_context->crypto_context) == DDS_RETCODE_OK ) { + /* now check if all plugin functions are implemented */ + if( dds_security_verify_plugin_functions( + security_context->authentication_context,&security_context->auth_plugin, + security_context->crypto_context,&security_context->crypto_plugin, + security_context->access_control_context, &security_context->ac_plugin) == DDS_RETCODE_OK){ + + /* Add listeners */ +#if LISTENERS_IMPLEMENTED + if ( access_control_context->set_listener(access_control_context, &listener_ac, &ex)) { + if ( authentication_context->set_listener(authentication_context, &listener_auth, &ex)) { +#if HANDSHAKE_IMPLEMENTED + (void)q_handshake_initialize(); +#endif + } else { + DDS_ERROR("Could not set authentication listener: %s\n", + ex.message ? ex.message : ""); + } + + } else { + DDS_ERROR("Could not set access_control listener: %s\n", + ex.message ? ex.message : ""); + } +#endif //LISTENERS_IMPLEMENTED + + //tried_to_load = true; + //ret = last_load_result = DDS_RETCODE_OK; + ret = DDS_RETCODE_OK; + //omg_security_plugin_loaded = true; + DDS_INFO( "DDS Security plugins have been loaded\n" ); + } else { + release_plugins( security_context ); + } + + } else{ + DDS_ERROR("Could not load %s library\n", security_context->crypto_plugin.name); + } + }else{ + DDS_ERROR("Could not load %s library\n", security_context->ac_plugin.name); + } + + } + else{ + DDS_ERROR("Could not load %s plugin.\n", security_context->auth_plugin.name); + + } + + } + + deinit_plugin_suite_config( &plugin_suite_config ); + + ddsrt_mutex_unlock( &security_context->omg_security_lock ); + + + return ret; } bool @@ -797,53 +1027,54 @@ encode_datareader_submsg( struct proxy_writer *pwr, const struct ddsi_guid *rd_guid) { + struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, rd_guid); + struct participant *pp = NULL; /* Only encode when needed. */ - if (q_omg_security_enabled()) + if( rd != NULL ){ + pp = rd->c.pp; + } + if (!pp && q_omg_participant_is_secure( pp )) { - struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, rd_guid); - if (rd) + if (q_omg_reader_is_submessage_protected(rd)) { - if (q_omg_reader_is_submessage_protected(rd)) + unsigned char *src_buf; + unsigned int src_len; + unsigned char *dst_buf; + unsigned int dst_len; + + /* Make one blob of the current sub-message by appending the serialized payload. */ + nn_xmsg_submsg_append_refd_payload(msg, sm_marker); + + /* Get the sub-message buffer. */ + src_buf = (unsigned char*)nn_xmsg_submsg_from_marker(msg, sm_marker); + src_len = (unsigned int)nn_xmsg_submsg_size(msg, sm_marker); + + /* Do the actual encryption. */ + if (q_omg_security_encode_datareader_submessage(rd, &(pwr->e.guid.prefix), src_buf, src_len, &dst_buf, &dst_len)) { - unsigned char *src_buf; - unsigned int src_len; - unsigned char *dst_buf; - unsigned int dst_len; - - /* Make one blob of the current sub-message by appending the serialized payload. */ - nn_xmsg_submsg_append_refd_payload(msg, sm_marker); - - /* Get the sub-message buffer. */ - src_buf = (unsigned char*)nn_xmsg_submsg_from_marker(msg, sm_marker); - src_len = (unsigned int)nn_xmsg_submsg_size(msg, sm_marker); - - /* Do the actual encryption. */ - if (q_omg_security_encode_datareader_submessage(rd, &(pwr->e.guid.prefix), src_buf, src_len, &dst_buf, &dst_len)) - { - /* Replace the old sub-message with the new encoded one(s). */ - nn_xmsg_submsg_replace(msg, sm_marker, dst_buf, dst_len); - ddsrt_free(dst_buf); - } - else - { - /* The sub-message should have been encoded, which failed. - * Remove it to prevent it from being send. */ - nn_xmsg_submsg_remove(msg, sm_marker); - } + /* Replace the old sub-message with the new encoded one(s). */ + nn_xmsg_submsg_replace(msg, sm_marker, dst_buf, dst_len); + ddsrt_free(dst_buf); + } + else + { + /* The sub-message should have been encoded, which failed. + * Remove it to prevent it from being send. */ + nn_xmsg_submsg_remove(msg, sm_marker); } } } } - void encode_datawriter_submsg( struct nn_xmsg *msg, struct nn_xmsg_marker sm_marker, struct writer *wr) { + struct participant *pp = wr->c.pp; /* Only encode when needed. */ - if (q_omg_security_enabled()) + if (q_omg_participant_is_secure( pp )) { if (q_omg_writer_is_submessage_protected(wr)) { diff --git a/src/core/ddsi/src/q_entity.c b/src/core/ddsi/src/q_entity.c index 6a126c7..264ca47 100644 --- a/src/core/ddsi/src/q_entity.c +++ b/src/core/ddsi/src/q_entity.c @@ -698,44 +698,77 @@ dds_return_t new_participant_guid (const ddsi_guid_t *ppguid, struct q_globals * nn_plist_mergein_missing (pp->plist, &gv->default_local_plist_pp, ~(uint64_t)0, ~(uint64_t)0); #ifdef DDSI_INCLUDE_SECURITY - if (gv->config.omg_security_configuration) + /* + * if there there are security properties check them . + * if there are no security properties, then merge from security configuration if there is + */ + /* check for existing security properties (name starts with dds.sec. conform DDS Security spec 7.2.4.1) + * and return if any is found */ { - /* For security, configuration can be provided through the configuration. - * However, the specification (and the plugins) expect it to be in the QoS. */ - if (!nn_xqos_mergein_security_config(&pp->plist->qos, &gv->config.omg_security_configuration->cfg)) - { - char *req[] = { DDS_SEC_PROP_AUTH_IDENTITY_CA, - DDS_SEC_PROP_AUTH_PRIV_KEY, - DDS_SEC_PROP_AUTH_IDENTITY_CERT, - DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, - DDS_SEC_PROP_ACCESS_GOVERNANCE, - DDS_SEC_PROP_ACCESS_PERMISSIONS }; + bool ready_to_load_security = false; + if (nn_xqos_has_prop(&pp->plist->qos, "dds.sec.", true, false)) { + char *req[] = {DDS_SEC_PROP_AUTH_IDENTITY_CA, + DDS_SEC_PROP_AUTH_PRIV_KEY, + DDS_SEC_PROP_AUTH_IDENTITY_CERT, + DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, + DDS_SEC_PROP_ACCESS_GOVERNANCE, + DDS_SEC_PROP_ACCESS_PERMISSIONS, - GVLOGDISC ("new_participant("PGUIDFMT"): using security settings from QoS, ignoring security configuration\n", PGUID (*ppguid)); + DDS_SEC_PROP_AUTH_LIBRARY_PATH, + DDS_SEC_PROP_AUTH_LIBRARY_INIT, + DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, + DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, + DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, + DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, + DDS_SEC_PROP_ACCESS_LIBRARY_PATH, + DDS_SEC_PROP_ACCESS_LIBRARY_INIT, + DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE}; + GVLOGDISC ("new_participant(" + PGUIDFMT + "): using security settings from QoS\n", PGUID(*ppguid)); /* check if all required security properties exist in qos */ - for (size_t i = 0; i < sizeof(req) / sizeof(req[0]); i++) - { - if (!nn_xqos_has_prop (&pp->plist->qos, req[i], false)) - { - GVERROR ("new_participant("PGUIDFMT"): required security property %s missing in Property QoS\n", PGUID (*ppguid), req[i]); + for (size_t i = 0; i < sizeof(req) / sizeof(req[0]); i++) { + if (!nn_xqos_has_prop(&pp->plist->qos, req[i], false, true)) { + GVERROR ("new_participant(" + PGUIDFMT + "): required security property %s missing in Property QoS\n", PGUID(*ppguid), req[i]); ret = DDS_RETCODE_PRECONDITION_NOT_MET; } } - if (ret != DDS_RETCODE_OK) + if (ret == DDS_RETCODE_OK) { + ready_to_load_security = true; + } else { goto new_pp_err_secprop; + } + } else if (gv->config.omg_security_configuration) { + /* For security, configuration can be provided through the configuration. + * However, the specification (and the plugins) expect it to be in the QoS. */ + GVLOGDISC ("new_participant(" + PGUIDFMT + "): using security settings from configuration\n", PGUID(*ppguid)); + nn_xqos_mergein_security_config(&pp->plist->qos, &gv->config.omg_security_configuration->cfg); + ready_to_load_security = true; + } + + if( q_omg_is_security_loaded( gv->security_context ) == false ){ + if (ready_to_load_security && q_omg_security_load(gv->security_context, &pp->plist->qos) < 0) { + GVERROR("Could not load security\n"); + ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; + goto new_pp_err_secprop; + } + } else { + GVLOGDISC ("new_participant(" + PGUIDFMT + "): security is already loaded for this domain\n", PGUID(*ppguid)); } - } - if (nn_xqos_has_prop (&pp->plist->qos, "dds.sec.", true)) - { if (!q_omg_security_check_create_participant (pp, gv->config.domainId)) { ret = DDS_RETCODE_NOT_ALLOWED_BY_SECURITY; goto not_allowed; } } - #endif if (gv->logconfig.c.mask & DDS_LC_DISCOVERY) diff --git a/src/core/ddsi/src/q_init.c b/src/core/ddsi/src/q_init.c index e214d48..d519ed6 100644 --- a/src/core/ddsi/src/q_init.c +++ b/src/core/ddsi/src/q_init.c @@ -62,6 +62,8 @@ #include "dds__whc.h" #include "dds/ddsi/ddsi_iid.h" +#include "dds/ddsi/ddsi_security_omg.h" + static void add_peer_addresses (const struct q_globals *gv, struct addrset *as, const struct config_peer_listelem *list) { while (list) @@ -1081,6 +1083,8 @@ int rtps_init (struct q_globals *gv) * the entities (see DDS Security spec chapter 8.8.8.1). */ add_property_to_xqos(&gv->builtin_volatile_xqos_rd, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureReader"); add_property_to_xqos(&gv->builtin_volatile_xqos_wr, "dds.sec.builtin_endpoint_name", "BuiltinParticipantVolatileMessageSecureWriter"); + + q_omg_security_init( &gv->security_context ); #endif make_special_topics (gv); @@ -1420,6 +1424,8 @@ err_unicast_sockets: nn_xqos_fini (&gv->builtin_stateless_xqos_rd); nn_xqos_fini (&gv->builtin_volatile_xqos_wr); nn_xqos_fini (&gv->builtin_volatile_xqos_rd); + + q_omg_security_deinit( &gv->security_context ); #endif nn_xqos_fini (&gv->builtin_endpoint_xqos_wr); nn_xqos_fini (&gv->builtin_endpoint_xqos_rd); @@ -1764,6 +1770,8 @@ void rtps_fini (struct q_globals *gv) nn_xqos_fini (&gv->builtin_stateless_xqos_rd); nn_xqos_fini (&gv->builtin_volatile_xqos_wr); nn_xqos_fini (&gv->builtin_volatile_xqos_rd); + + q_omg_security_deinit( &gv->security_context); #endif nn_xqos_fini (&gv->builtin_endpoint_xqos_wr); nn_xqos_fini (&gv->builtin_endpoint_xqos_rd); diff --git a/src/core/ddsi/src/q_plist.c b/src/core/ddsi/src/q_plist.c index 1cabed6..2e38033 100644 --- a/src/core/ddsi/src/q_plist.c +++ b/src/core/ddsi/src/q_plist.c @@ -40,6 +40,7 @@ #include "dds/ddsi/q_misc.h" /* for vendor_is_... */ #include "dds/ddsi/ddsi_plist_generic.h" +#include "dds/ddsi/ddsi_security_omg.h" /* I am tempted to change LENGTH_UNLIMITED to 0 in the API (with -1 supported for backwards compatibility) ... on the wire however @@ -2884,17 +2885,17 @@ dds_qos_t * nn_xqos_dup (const dds_qos_t *src) return dst; } -bool nn_xqos_has_prop (const dds_qos_t *xqos, const char *pname, bool startswith) +bool nn_xqos_has_prop (const dds_qos_t *xqos, const char *pname, bool startswith, bool check_non_empty) { if (!(xqos->present & QP_PROPERTY_LIST)) return false; - for (uint32_t i = 0; i < xqos->property.value.n; i++) - { - if (startswith && (strncmp (xqos->property.value.props[i].name, pname, strlen (pname)) == 0)) - return true; - else if (!startswith && (strcmp (xqos->property.value.props[i].name, pname) == 0)) - return true; + for (uint32_t i = 0; i < xqos->property.value.n; i++) { + if (startswith && (strncmp(xqos->property.value.props[i].name, pname, strlen(pname)) == 0)) { + return !check_non_empty || strlen(xqos->property.value.props[i].value) != 0; + } else if (!startswith && (strcmp(xqos->property.value.props[i].name, pname) == 0)) { + return !check_non_empty || strlen(xqos->property.value.props[i].value) != 0; + } } return false; } @@ -2912,7 +2913,7 @@ static void fill_property(dds_property_t *prop, const char *name, const char *va * plugins to get their proper settings. If security properties are already present in * the QoS, the settings from configuration are ignored. */ -bool nn_xqos_mergein_security_config (dds_qos_t *xqos, const struct omg_security_configuration_type *cfg) +void nn_xqos_mergein_security_config (dds_qos_t *xqos, const struct omg_security_configuration_type *cfg) { assert(cfg != NULL); @@ -2925,24 +2926,29 @@ bool nn_xqos_mergein_security_config (dds_qos_t *xqos, const struct omg_security xqos->present |= QP_PROPERTY_LIST; } - /* check for existing security properties (name starts with dds.sec. conform DDS Security spec 7.2.4.1) - * and return if any is found */ - if (nn_xqos_has_prop (xqos, "dds.sec.", true)) - return false; + /* assume that no security properties exist in qos: fill QoS properties with values from configuration */ + xqos->property.value.props = ddsrt_realloc (xqos->property.value.props, xqos->property.value.n + 18 /* max */ * sizeof (dds_property_t)); + + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_LIBRARY_PATH, cfg->authentication_plugin.library_path); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_LIBRARY_INIT, cfg->authentication_plugin.library_init); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, cfg->authentication_plugin.library_finalize); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, cfg->cryptography_plugin.library_path); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, cfg->cryptography_plugin.library_init); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, cfg->cryptography_plugin.library_finalize); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_LIBRARY_PATH, cfg->access_control_plugin.library_path); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_LIBRARY_INIT, cfg->access_control_plugin.library_init); + fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, cfg->access_control_plugin.library_finalize); - /* no security properties exist in qos: fill QoS properties with values from configuration */ - xqos->property.value.props = ddsrt_realloc (xqos->property.value.props, xqos->property.value.n + 8 /* max */ * sizeof (dds_property_t)); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_IDENTITY_CA, cfg->authentication_properties.identity_ca); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_PRIV_KEY, cfg->authentication_properties.private_key); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_IDENTITY_CERT, cfg->authentication_properties.identity_certificate); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, cfg->access_control_properties.permissions_ca); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_GOVERNANCE, cfg->access_control_properties.governance); fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_PERMISSIONS, cfg->access_control_properties.permissions); - if (cfg->authentication_properties.password && (strlen(cfg->authentication_properties.password) != 0)) + if (cfg->authentication_properties.password ) fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_AUTH_PASSWORD, cfg->authentication_properties.password); - if (cfg->authentication_properties.trusted_ca_dir && (strlen(cfg->authentication_properties.trusted_ca_dir) != 0)) + if (cfg->authentication_properties.trusted_ca_dir ) fill_property(&(xqos->property.value.props[xqos->property.value.n++]), DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, cfg->authentication_properties.trusted_ca_dir); - return true; } #endif /* DDSI_INCLUDE_SECURITY */ diff --git a/src/core/ddsi/src/q_xevent.c b/src/core/ddsi/src/q_xevent.c index b9ccc2e..4ff5608 100644 --- a/src/core/ddsi/src/q_xevent.c +++ b/src/core/ddsi/src/q_xevent.c @@ -977,12 +977,9 @@ static void handle_xevk_acknack (struct nn_xpack *xp, struct xevent *ev, nn_mtim seqno_t nack_seq; struct participant *pp = NULL; - if (q_omg_security_enabled()) - { - struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, &ev->u.acknack.rd_guid); - if (rd) - pp = rd->c.pp; - } + struct reader *rd = entidx_lookup_reader_guid(pwr->e.gv->entity_index, &ev->u.acknack.rd_guid); + if (rd) + pp = rd->c.pp; if ((msg = nn_xmsg_new (gv->xmsgpool, &ev->u.acknack.rd_guid, pp, ACKNACK_SIZE_MAX, NN_XMSG_KIND_CONTROL)) == NULL) goto outofmem; diff --git a/src/ddsrt/src/dynlib/posix/dynlib.c b/src/ddsrt/src/dynlib/posix/dynlib.c index 4ee6bb7..1a61267 100644 --- a/src/ddsrt/src/dynlib/posix/dynlib.c +++ b/src/ddsrt/src/dynlib/posix/dynlib.c @@ -44,6 +44,7 @@ dds_return_t ddsrt_dlopen(const char *name, bool translate, *handle = dlopen(name, RTLD_GLOBAL | RTLD_NOW); } + if (*handle != NULL) { retcode = DDS_RETCODE_OK; } else { diff --git a/src/security/CMakeLists.txt b/src/security/CMakeLists.txt index 2d67ac3..3b2d8f9 100644 --- a/src/security/CMakeLists.txt +++ b/src/security/CMakeLists.txt @@ -12,6 +12,7 @@ cmake_minimum_required(VERSION 3.7) if( ENABLE_SECURITY ) + add_definitions(-DDDSI_INCLUDE_SECURITY) add_subdirectory(api) add_subdirectory(core) diff --git a/src/security/api/include/dds/security/dds_security_api_defs.h b/src/security/api/include/dds/security/dds_security_api_defs.h index d3d1705..fbc2539 100644 --- a/src/security/api/include/dds/security/dds_security_api_defs.h +++ b/src/security/api/include/dds/security/dds_security_api_defs.h @@ -183,6 +183,30 @@ typedef enum { #define DDS_SECURITY_MASTER_RECEIVER_SPECIFIC_KEY_SIZE_128 16 #define DDS_SECURITY_MASTER_RECEIVER_SPECIFIC_KEY_SIZE_256 32 +/************************************************************************** + * * + * Security Property Key Names * + * * + *************************************************************************/ +#define DDS_SEC_PROP_AUTH_LIBRARY_PATH "dds.sec.auth.library.path" +#define DDS_SEC_PROP_AUTH_LIBRARY_INIT "dds.sec.auth.library.init" +#define DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE "dds.sec.auth.library.finalize" +#define DDS_SEC_PROP_CRYPTO_LIBRARY_PATH "dds.sec.crypto.library.path" +#define DDS_SEC_PROP_CRYPTO_LIBRARY_INIT "dds.sec.crypto.library.init" +#define DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE "dds.sec.crypto.library.finalize" +#define DDS_SEC_PROP_ACCESS_LIBRARY_PATH "dds.sec.access.library.path" +#define DDS_SEC_PROP_ACCESS_LIBRARY_INIT "dds.sec.access.library.init" +#define DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE "dds.sec.access.library.finalize" + +#define DDS_SEC_PROP_AUTH_IDENTITY_CA "dds.sec.auth.identity_ca" +#define DDS_SEC_PROP_AUTH_PRIV_KEY "dds.sec.auth.private_key" +#define DDS_SEC_PROP_AUTH_IDENTITY_CERT "dds.sec.auth.identity_certificate" +#define DDS_SEC_PROP_AUTH_PASSWORD "dds.sec.auth.password" +#define DDS_SEC_PROP_ACCESS_PERMISSIONS_CA "dds.sec.access.permissions_ca" +#define DDS_SEC_PROP_ACCESS_GOVERNANCE "dds.sec.access.governance" +#define DDS_SEC_PROP_ACCESS_PERMISSIONS "dds.sec.access.permissions" +#define DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR "dds.sec.auth.trusted_ca_dir" + #if defined (__cplusplus) } diff --git a/src/security/builtin_plugins/authentication/src/auth_utils.c b/src/security/builtin_plugins/authentication/src/auth_utils.c index 57d5a3a..430dffd 100644 --- a/src/security/builtin_plugins/authentication/src/auth_utils.c +++ b/src/security/builtin_plugins/authentication/src/auth_utils.c @@ -79,7 +79,7 @@ get_openssl_error_message( char * get_certificate_subject_name( - const X509 *cert, + X509 *cert, DDS_Security_SecurityException *ex) { X509_NAME *name; diff --git a/src/security/builtin_plugins/authentication/src/auth_utils.h b/src/security/builtin_plugins/authentication/src/auth_utils.h index f9db31d..b08df38 100644 --- a/src/security/builtin_plugins/authentication/src/auth_utils.h +++ b/src/security/builtin_plugins/authentication/src/auth_utils.h @@ -61,7 +61,7 @@ get_openssl_error_message( */ char* get_certificate_subject_name( - const X509 *cert, + X509 *cert, DDS_Security_SecurityException *ex); /* Return the expiry date of contained in a X509 certificate diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c index c893254..dada4db 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.c +++ b/src/security/builtin_plugins/authentication/src/authentication.c @@ -199,7 +199,6 @@ typedef struct HandshakeInfo { typedef struct dds_security_authentication_impl { dds_security_authentication base; - int id; //sample internal member ddsrt_mutex_t lock; struct ddsrt_hh *objectHash; struct ddsrt_hh *remoteGuidHash; @@ -969,8 +968,6 @@ validate_local_identity( goto err_bad_param; } - implementation->id = 2; - identityCertPEM = DDS_Security_Property_get_value(&participant_qos->property.value, PROPERTY_IDENTITY_CERT); if (!identityCertPEM) { result = DDS_SECURITY_VALIDATION_FAILED; @@ -3387,7 +3384,8 @@ DDS_Security_boolean return_sharedsecret_handle( return true; } -int32_t init_authentication( const char *argument, void **context) +int32_t +init_authentication( const char *argument, void **context) { dds_security_authentication_impl *authentication; @@ -3442,9 +3440,6 @@ int32_t init_authentication( const char *argument, void **context) authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; - //prepare implementation wrapper - authentication->id = 1; - ddsrt_mutex_init(&authentication->lock); authentication->objectHash = ddsrt_hh_new(32, security_object_hash, security_object_equal); diff --git a/src/security/builtin_plugins/tests/CMakeLists.txt b/src/security/builtin_plugins/tests/CMakeLists.txt index 226255f..d3250d0 100644 --- a/src/security/builtin_plugins/tests/CMakeLists.txt +++ b/src/security/builtin_plugins/tests/CMakeLists.txt @@ -50,9 +50,10 @@ set(security_crypto_test_sources add_cunit_executable(cunit_security_plugins ${security_auth_test_sources} ${security_crypto_test_sources}) if(OPENSSL_FOUND) + target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto) target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL) else() - message(FATAL_ERROR "To build without openssl support, set DDSC_ENABLE_OPENSSL to OFF") + message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON") endif() target_include_directories( @@ -65,7 +66,7 @@ target_include_directories( "$" ) -target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api dds_security_crypto) + set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}") diff --git a/src/security/core/CMakeLists.txt b/src/security/core/CMakeLists.txt index 231eb9e..6802c73 100644 --- a/src/security/core/CMakeLists.txt +++ b/src/security/core/CMakeLists.txt @@ -12,19 +12,23 @@ PREPEND(srcs_security_core "${CMAKE_CURRENT_LIST_DIR}/src" dds_security_serialize.c dds_security_utils.c + dds_security_plugins.c shared_secret.c ) PREPEND(hdrs_public_security_core "${CMAKE_CURRENT_LIST_DIR}/include/security/core" - dds_security_core_if.h dds_security_serialize.h dds_security_types.h dds_security_utils.h + dds_security_plugins.h shared_secret.h ) -set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC" ) -set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" ) +if(NOT WIN32) + set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC" ) + set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" ) +endif() + add_library(security_core INTERFACE) @@ -48,10 +52,4 @@ install( DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/dds/security/core/" COMPONENT dev) -#install( -# TARGETS security_core -# EXPORT "${PROJECT_NAME}" -# RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}" COMPONENT lib -# LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT lib -# ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}" COMPONENT lib -#) +add_subdirectory(tests/plugin_loading) diff --git a/src/security/core/include/dds/security/core/dds_security_plugins.h b/src/security/core/include/dds/security/core/dds_security_plugins.h new file mode 100644 index 0000000..da5d2ad --- /dev/null +++ b/src/security/core/include/dds/security/core/dds_security_plugins.h @@ -0,0 +1,65 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + + +#ifndef SECURITY_CORE_PLUGINS_H_ +#define SECURITY_CORE_PLUGINS_H_ + +#include "dds/export.h" +#include "dds/ddsrt/retcode.h" +#include "dds/ddsrt/dynlib.h" +#include +#include "dds/security/dds_security_api.h" + +typedef struct dds_security_plugin { + ddsrt_dynlib_t lib_handle; + plugin_init func_init; + plugin_finalize func_finalize; + char *name; +} dds_security_plugin; + +/* we are using our own security plugin configuration (not certificates etc) + * because we do not want to depend on DDSI configuration data types. + * + * A configuration data type is needed because there are traverses to properties several times + */ + +typedef struct dds_security_plugin_config { + char *library_path; + char *library_init; + char *library_finalize; +} dds_security_plugin_config; + +typedef struct dds_security_plugin_suite_config{ + dds_security_plugin_config authentication; + dds_security_plugin_config cryptography; + dds_security_plugin_config access_control; +} dds_security_plugin_suite_config; + +DDS_EXPORT dds_return_t dds_security_plugin_release( + const dds_security_plugin *security_plugin, + void *context ); + +DDS_EXPORT dds_return_t dds_security_check_plugin_configuration( + const dds_security_plugin_suite_config *security_suite_config ); + +DDS_EXPORT dds_return_t dds_security_load_security_library( + const dds_security_plugin_config *plugin_config, + dds_security_plugin *security_plugin, void **security_plugin_context); + +DDS_EXPORT dds_return_t dds_security_verify_plugin_functions( + dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, + dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, + dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin); + +#endif /* SECURITY_CORE_PLUGINS_H_ */ + diff --git a/src/security/core/src/dds_security_plugins.c b/src/security/core/src/dds_security_plugins.c new file mode 100644 index 0000000..942e94b --- /dev/null +++ b/src/security/core/src/dds_security_plugins.c @@ -0,0 +1,404 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include + +#include "dds/ddsrt/misc.h" + +#include "dds/security/core/dds_security_utils.h" +#include "dds/security/core/dds_security_plugins.h" +#include "dds/security/dds_security_api.h" +#include "dds/ddsi/q_unused.h" +#include "dds/ddsi/ddsi_security_msg.h" +#include "dds/ddsi/ddsi_security_omg.h" + + +#include "dds/ddsi/q_config.h" +#include "dds/ddsi/q_log.h" +#include "dds/ddsrt/atomics.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/dynlib.h" +#include "dds/ddsrt/process.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/hopscotch.h" + +#include "dds/ddsi/q_entity.h" +#include "dds/ddsi/q_bswap.h" +#include "dds/ddsi/q_xevent.h" +#include "dds/ddsi/q_time.h" +#include "dds/ddsi/q_plist.h" +#include "dds/ddsrt/io.h" + + + +#define AUTH_NAME "Authentication" +#define AC_NAME "Access Control" +#define CRYPTO_NAME "Cryptographic" + +dds_return_t dds_security_check_plugin_configuration( + const dds_security_plugin_suite_config *security_suite_config ) +{ + + dds_return_t result = DDS_RETCODE_ERROR; + + if (security_suite_config->access_control.library_path == NULL) { + DDS_ERROR("AccessControl security plugin library path is not defined"); + } else if (strlen(security_suite_config->access_control.library_path) + == 0) { + DDS_ERROR("AccessControl security plugin library path is empty "); + } else if (security_suite_config->access_control.library_init == NULL) { + DDS_ERROR("AccessControl security plugin init function is not defined"); + } else if (strlen(security_suite_config->access_control.library_init) + == 0) { + DDS_ERROR("AccessControl security plugin init function is empty "); + } else if (security_suite_config->access_control.library_finalize == NULL) { + DDS_ERROR( + "AccessControl security plugin finalize function is not defined "); + } else if (strlen(security_suite_config->access_control.library_finalize) + == 0) { + DDS_ERROR("AccessControl security plugin finalize function is empty"); + } else if (security_suite_config->authentication.library_path == NULL) { + DDS_ERROR( + "Authentication security plugin library path is not defined in the configuration "); + } else if (strlen(security_suite_config->authentication.library_path) + == 0) { + DDS_ERROR("Authentication security plugin library path is empty "); + } else if (security_suite_config->authentication.library_init == NULL) { + DDS_ERROR("Authentication security plugin init function is not defined "); + } else if (strlen(security_suite_config->authentication.library_init) + == 0) { + DDS_ERROR("Authentication security plugin init function is empty "); + } else if (security_suite_config->authentication.library_finalize == NULL) { + DDS_ERROR( + "Authentication security plugin finalize function is not defined "); + } else if (strlen(security_suite_config->authentication.library_finalize) + == 0) { + DDS_ERROR("Authentication security plugin finalize function is empty"); + } else if (security_suite_config->cryptography.library_path == NULL) { + DDS_ERROR( + "Cryptography security plugin library path is not defined in the configuration "); + } else if (strlen(security_suite_config->cryptography.library_path) + == 0) { + DDS_ERROR("Cryptography security plugin library path is empty "); + } else if (security_suite_config->cryptography.library_init == NULL) { + DDS_ERROR("Cryptography security plugin init function is not defined "); + } else if (strlen(security_suite_config->cryptography.library_init) + == 0) { + DDS_ERROR("Cryptography security plugin init function is empty "); + } else if (security_suite_config->cryptography.library_finalize == NULL) { + DDS_ERROR("Cryptography security plugin finalize function is not defined "); + } else if (strlen(security_suite_config->cryptography.library_finalize) + == 0) { + DDS_ERROR("Cryptography security plugin finalize function is empty"); + } else { + result = DDS_RETCODE_OK; + } + + return result; +} + +/* + * checks the function pointer value and CHANGES the out-result value if it is NULL + */ +static bool verify_function(void *function_ptr, dds_security_plugin *plugin, + const char *function_name) +{ + + if ( function_ptr == NULL ) { + DDS_ERROR("Could not find the function for %s: %s \n", plugin->name, + function_name); + return false; + } + else { + return true; + } +} + +dds_return_t dds_security_verify_plugin_functions( + dds_security_authentication *authentication_context, dds_security_plugin *auth_plugin, + dds_security_cryptography *crypto_context, dds_security_plugin *crypto_plugin, + dds_security_access_control *access_control_context, dds_security_plugin *ac_plugin) +{ + + if( + verify_function(authentication_context->validate_local_identity, auth_plugin, + "validate_local_identity" ) && + verify_function(authentication_context->get_identity_token, auth_plugin, + "get_identity_token" ) && + verify_function(authentication_context->get_identity_status_token, + auth_plugin, "get_identity_status_token" ) && + verify_function(authentication_context->set_permissions_credential_and_token, + auth_plugin, "set_permissions_credential_and_token" ) && + verify_function(authentication_context->validate_remote_identity, + auth_plugin, "validate_remote_identity" ) && + verify_function(authentication_context->begin_handshake_request, auth_plugin, + "begin_handshake_request" ) && + verify_function(authentication_context->begin_handshake_reply, auth_plugin, + "begin_handshake_reply" ) && + verify_function(authentication_context->process_handshake, auth_plugin, + "process_handshake" ) && + verify_function(authentication_context->get_shared_secret, auth_plugin, + "get_shared_secret" ) && + verify_function( + authentication_context->get_authenticated_peer_credential_token, + auth_plugin, "get_authenticated_peer_credential_token" ) && + verify_function(authentication_context->set_listener, auth_plugin, + "set_listener" ) && + verify_function(authentication_context->return_identity_token, auth_plugin, + "return_identity_token" ) && + verify_function(authentication_context->return_identity_status_token, + auth_plugin, "return_identity_status_token" ) && + + verify_function( + authentication_context->return_authenticated_peer_credential_token, + auth_plugin, "return_authenticated_peer_credential_token" ) && + verify_function(authentication_context->return_handshake_handle, auth_plugin, + "return_handshake_handle" ) && + verify_function(authentication_context->return_identity_handle, auth_plugin, + "return_identity_handle" ) && + verify_function(authentication_context->return_sharedsecret_handle, + auth_plugin, "return_sharedsecret_handle" ) && + + verify_function(access_control_context->validate_local_permissions, + ac_plugin, "validate_local_permissions" ) && + verify_function(access_control_context->validate_remote_permissions, + ac_plugin, "validate_remote_permissions" ) && + verify_function(access_control_context->check_create_participant, ac_plugin, + "check_create_participant" ) && + verify_function(access_control_context->check_create_datawriter, ac_plugin, + "check_create_datawriter" ) && + verify_function(access_control_context->check_create_datareader, ac_plugin, + "check_create_datareader" ) && + + verify_function(access_control_context->check_create_topic, ac_plugin, + "check_create_topic" ) && + verify_function( + access_control_context->check_local_datawriter_register_instance, + ac_plugin, "check_local_datawriter_register_instance" ) && + verify_function( + access_control_context->check_local_datawriter_dispose_instance, + ac_plugin, "check_local_datawriter_dispose_instance" ) && + verify_function(access_control_context->check_remote_participant, ac_plugin, + "check_remote_participant" ) && + verify_function(access_control_context->check_remote_datawriter, ac_plugin, + "check_remote_datawriter" ) && + verify_function(access_control_context->check_remote_datareader, ac_plugin, + "check_remote_datareader" ) && + verify_function(access_control_context->check_remote_topic, ac_plugin, + "check_remote_topic" ) && + verify_function(access_control_context->check_local_datawriter_match, + ac_plugin, "check_local_datawriter_match" ) && + verify_function(access_control_context->check_local_datareader_match, + ac_plugin, "check_local_datareader_match" ) && + verify_function( + access_control_context->check_remote_datawriter_register_instance, + ac_plugin, "check_remote_datawriter_register_instance" ) && + verify_function( + access_control_context->check_remote_datawriter_dispose_instance, + ac_plugin, "check_remote_datawriter_dispose_instance" ) && + verify_function(access_control_context->get_permissions_token, ac_plugin, + "get_permissions_token" ) && + verify_function(access_control_context->get_permissions_credential_token, + ac_plugin, "get_permissions_credential_token" ) && + verify_function(access_control_context->set_listener, ac_plugin, + "set_listener" ) && + verify_function(access_control_context->return_permissions_token, ac_plugin, + "return_permissions_token" ) && + verify_function(access_control_context->return_permissions_credential_token, + ac_plugin, "return_permissions_credential_token" ) && + verify_function(access_control_context->get_participant_sec_attributes, + ac_plugin, "get_participant_sec_attributes" ) && + verify_function(access_control_context->get_topic_sec_attributes, ac_plugin, + "get_topic_sec_attributes" ) && + verify_function(access_control_context->get_datawriter_sec_attributes, + ac_plugin, "get_datawriter_sec_attributes" ) && + verify_function(access_control_context->get_datareader_sec_attributes, + ac_plugin, "get_datareader_sec_attributes" ) && + verify_function(access_control_context->return_participant_sec_attributes, + ac_plugin, "return_participant_sec_attributes" ) && + verify_function(access_control_context->return_datawriter_sec_attributes, + ac_plugin, "return_datawriter_sec_attributes" ) && + verify_function(access_control_context->return_datareader_sec_attributes, + ac_plugin, "return_datareader_sec_attributes" ) && + verify_function(access_control_context->return_permissions_handle, + ac_plugin, "return_permissions_handle" ) && + + verify_function( + crypto_context->crypto_key_factory->register_local_participant, + crypto_plugin, "register_local_participant" ) && + verify_function( + crypto_context->crypto_key_factory->register_matched_remote_participant, + crypto_plugin, "register_matched_remote_participant" ) && + verify_function(crypto_context->crypto_key_factory->register_local_datawriter, + crypto_plugin, "register_local_datawriter" ) && + verify_function( + crypto_context->crypto_key_factory->register_matched_remote_datareader, + crypto_plugin, "register_matched_remote_datareader" ) && + verify_function(crypto_context->crypto_key_factory->register_local_datareader, + crypto_plugin, "register_local_datareader" ) && + verify_function( + crypto_context->crypto_key_factory->register_matched_remote_datawriter, + crypto_plugin, "register_matched_remote_datawriter" ) && + verify_function(crypto_context->crypto_key_factory->unregister_participant, + crypto_plugin, "unregister_participant" ) && + verify_function(crypto_context->crypto_key_factory->unregister_datawriter, + crypto_plugin, "unregister_datawriter" ) && + verify_function(crypto_context->crypto_key_factory->unregister_datareader, + crypto_plugin, "unregister_datareader" ) && + + verify_function( + crypto_context->crypto_key_exchange->create_local_participant_crypto_tokens, + crypto_plugin, "create_local_participant_crypto_tokens" ) && + verify_function( + crypto_context->crypto_key_exchange->set_remote_participant_crypto_tokens, + crypto_plugin, "set_remote_participant_crypto_tokens" ) && + verify_function( + crypto_context->crypto_key_exchange->create_local_datawriter_crypto_tokens, + crypto_plugin, "create_local_datawriter_crypto_tokens" ) && + verify_function( + crypto_context->crypto_key_exchange->set_remote_datawriter_crypto_tokens, + crypto_plugin, "set_remote_datawriter_crypto_tokens" ) && + verify_function( + crypto_context->crypto_key_exchange->create_local_datareader_crypto_tokens, + crypto_plugin, "create_local_datareader_crypto_tokens" ) && + verify_function( + crypto_context->crypto_key_exchange->set_remote_datareader_crypto_tokens, + crypto_plugin, "set_remote_datareader_crypto_tokens" ) && + verify_function(crypto_context->crypto_key_exchange->return_crypto_tokens, + crypto_plugin, "return_crypto_tokens" ) && + + verify_function(crypto_context->crypto_transform->encode_serialized_payload, + crypto_plugin, "encode_serialized_payload" ) && + verify_function( + crypto_context->crypto_transform->encode_datawriter_submessage, + crypto_plugin, "encode_datawriter_submessage" ) && + verify_function( + crypto_context->crypto_transform->encode_datareader_submessage, + crypto_plugin, "encode_datareader_submessage" ) && + verify_function(crypto_context->crypto_transform->encode_rtps_message, + crypto_plugin, "encode_rtps_message" ) && + verify_function(crypto_context->crypto_transform->decode_rtps_message, + crypto_plugin, "decode_rtps_message" ) && + verify_function(crypto_context->crypto_transform->preprocess_secure_submsg, + crypto_plugin, "preprocess_secure_submsg" ) && + verify_function( + crypto_context->crypto_transform->decode_datawriter_submessage, + crypto_plugin, "decode_datawriter_submessage" ) && + verify_function( + crypto_context->crypto_transform->decode_datareader_submessage, + crypto_plugin, "decode_datareader_submessage" ) && + verify_function(crypto_context->crypto_transform->decode_serialized_payload, + crypto_plugin, "decode_serialized_payload" ) ){ + return DDS_RETCODE_OK; + } + else { + return DDS_RETCODE_ERROR; + } + +} + +/** + * All fields of the library properties are supposed to be non-empty + */ +dds_return_t dds_security_load_security_library( + const dds_security_plugin_config *plugin_config, + dds_security_plugin *security_plugin, + void **security_plugin_context) +{ + dds_return_t ret = DDS_RETCODE_ERROR; + dds_return_t lib_ret = DDS_RETCODE_ERROR; + char * init_parameters = ""; + char *library_str; + + assert( plugin_config->library_path ); + assert( plugin_config->library_init ); + assert( plugin_config->library_finalize ); + + if ( strlen(plugin_config->library_path) > 0 ) { + + //library_str = ddsrt_malloc(strlen(plugin_config->library_path) + 1); + + if (strncmp(plugin_config->library_path, "file://", 7) == 0) { + (void)ddsrt_asprintf(&library_str, "%s", &plugin_config->library_path[7]); + } else { + (void)ddsrt_asprintf(&library_str, "%s", plugin_config->library_path); + } + + lib_ret = ddsrt_dlopen( library_str, true, &security_plugin->lib_handle); + ddsrt_free(library_str); + if( lib_ret == DDS_RETCODE_OK && security_plugin->lib_handle){ + + /* Get init and fini functions . */ + if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_init, (void **)&security_plugin->func_init) == DDS_RETCODE_OK){ + if ( ddsrt_dlsym(security_plugin->lib_handle, plugin_config->library_finalize, (void **)&security_plugin->func_finalize) == DDS_RETCODE_OK){ + + /* Initialize plugin. */ + if ( security_plugin->func_init != NULL) { + lib_ret = security_plugin->func_init(init_parameters, (void **) security_plugin_context); + + if (lib_ret == DDS_RETCODE_OK){ /* error occured on init */ + return DDS_RETCODE_OK; + } else{ + DDS_ERROR("Error occured while initializing %s plugin\n", + security_plugin->name); + goto library_error; + } + } + + } + else { + DDS_ERROR("Could not find the function: %s\n", plugin_config->library_finalize); + goto library_error; + } + + + } + else{ + DDS_ERROR("Could not find the function: %s\n",plugin_config->library_init); + goto library_error; + } + + } else { + char buffer[256]; + ddsrt_dlerror(buffer, sizeof(buffer)); + DDS_ERROR("Could not load %s library: %s\n", security_plugin->name, buffer); + goto load_error; + } + + + return ret; + } + + +library_error: + ddsrt_dlclose(security_plugin->lib_handle); + security_plugin->lib_handle = NULL; +load_error: + return ret; +} + +dds_return_t dds_security_plugin_release( const dds_security_plugin *security_plugin, void *context ){ + dds_return_t result= DDS_RETCODE_OK; + assert( security_plugin->lib_handle ); + assert( security_plugin->func_finalize ); + + /* if get error from either finalize OR close, return error */ + if( security_plugin->func_finalize( context ) != DDS_RETCODE_OK){ + DDS_ERROR("Error occured while finaizing %s plugin", security_plugin->name); + result = DDS_RETCODE_ERROR; + } + if( ddsrt_dlclose( security_plugin->lib_handle ) != DDS_RETCODE_OK){ + result = DDS_RETCODE_ERROR; + } + return result; +} + diff --git a/src/security/core/tests/plugin_loading/CMakeLists.txt b/src/security/core/tests/plugin_loading/CMakeLists.txt new file mode 100644 index 0000000..9b2e088 --- /dev/null +++ b/src/security/core/tests/plugin_loading/CMakeLists.txt @@ -0,0 +1,129 @@ + # +# Copyright(c) 2006 to 2019 ADLINK Technology Limited and others +# +# This program and the accompanying materials are made available under the +# terms of the Eclipse Public License v. 2.0 which is available at +# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License +# v. 1.0 which is available at +# http://www.eclipse.org/org/documents/edl-v10.php. +# +# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause +# +include (GenerateExportHeader) +include (CUnit) + +set(security_plugin_loading_test_sources + "plugin_loading.c" + ) + +add_cunit_executable(cunit_security_plugin_loading ${security_plugin_loading_test_sources}) +target_include_directories( + cunit_security_plugin_loading PRIVATE + "$" + "$>" + "$>" + "$" + "$" + "$" + ) + + +target_link_libraries(cunit_security_plugin_loading PRIVATE ddsc security_api) +target_include_directories(cunit_security_plugin_loading PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") + +set(CUnit_plugin_mock_dir ".") + + +configure_file("config_env.h.in" "config_env.h") + +# Let the cunit application know the location and name of the library. +file(TO_NATIVE_PATH "${CMAKE_CURRENT_BINARY_DIR}" test_lib_native_dir) +file(TO_NATIVE_PATH "." test_lib_sep) +string(REPLACE "\\" "\\\\" test_lib_dir ${test_lib_native_dir}) +string(REPLACE "\\" "\\\\" test_lib_sep ${test_lib_sep}) +configure_file("config_env.h.in" "${CMAKE_CURRENT_BINARY_DIR}/include/config_env.h" @ONLY) +# Let ctest set the proper library path when executing library tests. +unset(test_lib_tests) +process_cunit_source_file("plugin_loading.c" test_lib_header test_lib_suites test_lib_tests) +foreach(libtest ${test_lib_tests}) + string(REPLACE ":" ";" libtest ${libtest}) + list(GET libtest 0 suite) + list(GET libtest 1 test) + set(libtestname "CUnit_${suite}_${test}") + if("${CMAKE_HOST_SYSTEM}" MATCHES ".*Windows.*") + set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "${test_lib_native_dir}") + else() + set_property(TEST ${libtestname} APPEND PROPERTY ENVIRONMENT "LD_LIBRARY_PATH=${test_lib_native_dir};$ENV{LD_LIBRARY_PATH}") + endif() +endforeach() + + +function( add_mock libname casename ) + + + PREPEND(srcs_mock_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" + "mock_${libname}.c" + ) + +# PREPEND(hdrs_private_authentication_all_ok "${CMAKE_CURRENT_LIST_DIR}/plugin_mock/${casename}" +# "mock_${libname}.h" +# ) +# + add_library("dds_security_${casename}" SHARED "") + + generate_export_header( + "dds_security_${casename}" + BASE_NAME SECURITY + EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/${casename}_export.h" + ) + + set_target_properties( + "dds_security_${casename}" + PROPERTIES + RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + RUNTIME_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_DEBUG ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELEASE ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_RELWITHDEBINFO ${CMAKE_CURRENT_BINARY_DIR} + LIBRARY_OUTPUT_DIRECTORY_MINSIZEREL ${CMAKE_CURRENT_BINARY_DIR} ) + + + #find_package(OpenSSL ) + + target_link_libraries("dds_security_${casename}" PUBLIC ddsc) + #target_link_libraries("dds_security_${casename}" PUBLIC OpenSSL::SSL) + + target_sources("dds_security_${casename}" + PRIVATE + ${srcs_mock_authentication_all_ok} + + ) + + target_include_directories("dds_security_${casename}" + PUBLIC + "$>" + "$>" + "$>" + "$" + + ) + + +endfunction() + +#PLUGIN MOCKS +add_mock( authentication authentication_all_ok ) +add_mock( authentication authentication_all_ok_other ) +add_mock( authentication authentication_missing_function ) +add_mock( authentication authentication_finalize_error ) +add_mock( access_control access_control_all_ok ) +add_mock( access_control access_control_missing_function ) +add_mock( cryptography cryptography_all_ok ) +add_mock( cryptography cryptography_missing_function ) +add_mock( authentication authentication_init_error ) + + diff --git a/src/security/core/tests/plugin_loading/config_env.h.in b/src/security/core/tests/plugin_loading/config_env.h.in new file mode 100644 index 0000000..203620f --- /dev/null +++ b/src/security/core/tests/plugin_loading/config_env.h.in @@ -0,0 +1,21 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef CONFIG_ENV_H +#define CONFIG_ENV_H + +#define CONFIG_ENV_PLUGIN_MOCK_DIR "@CUnit_plugin_mock_dir@" +#define TEST_LIB_DIR "@test_lib_dir@" +#define TEST_LIB_SEP "@test_lib_sep@" +#define TEST_LIB_SUFFIX "@CMAKE_SHARED_LIBRARY_SUFFIX@" +#define TEST_LIB_PREFIX "@CMAKE_SHARED_LIBRARY_PREFIX@" + +#endif /* CONFIG_ENV_H */ diff --git a/src/security/core/tests/plugin_loading/plugin_loading.c b/src/security/core/tests/plugin_loading/plugin_loading.c new file mode 100644 index 0000000..b3d145d --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_loading.c @@ -0,0 +1,910 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include + +#include "dds/dds.h" +#include "CUnit/Test.h" +#include "config_env.h" + +#include "dds/version.h" +#include "dds/ddsrt/cdtors.h" +#include "dds/ddsrt/environ.h" +#include "dds/ddsrt/heap.h" +//#include "dds/ddsi/ddsi_security_omg.h" + +#define FORCE_ENV + +#define URI_VARIABLE DDS_PROJECT_NAME_NOSPACE_CAPS"_URI" +#define MAX_PARTICIPANTS_VARIABLE "MAX_PARTICIPANTS" +static bool print_log=true; + +static int patmatch (const char *pat, const char *str) +{ + while (*pat) + { + if (*pat == '?') + { + /* any character will do */ + if (*str++ == 0) + { + return 0; + } + pat++; + } + else if (*pat == '*') + { + /* collapse a sequence of wildcards, requiring as many + characters in str as there are ?s in the sequence */ + while (*pat == '*' || *pat == '?') + { + if (*pat == '?' && *str++ == 0) + { + return 0; + } + pat++; + } + /* try matching on all positions where str matches pat */ + while (*str) + { + if (*str == *pat && patmatch (pat+1, str+1)) + { + return 1; + } + str++; + } + return *pat == 0; + } + else + { + /* only an exact match */ + if (*str++ != *pat++) + { + return 0; + } + } + } + return *str == 0; +} + + +/* + * The 'found' variable will contain flags related to the expected log + * messages that were received. + * Using flags will allow to show that when message isn't received, + * which one it was. + */ +static uint32_t found; +static void logger(void *ptr, const dds_log_data_t *data) { + char **expected = (char **) ptr; + if (print_log) { + printf("%s\n", data->message); + } + for (uint32_t i = 0; expected[i] != NULL; i++) { + if (patmatch(expected[i], data->message)) { + found |= (uint32_t)(1 << i); + } + } +} + + +CU_Test(ddssec_security_plugin_loading, all_ok, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "DDS Security plugins have been loaded*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + dds_set_log_sink(NULL,NULL); + dds_set_trace_sink(NULL,NULL); + ddsrt_setenv(URI_VARIABLE, ""); + CU_ASSERT_FATAL(found == 0x1); + + + dds_delete(participant); + +} + +CU_Test(ddssec_security_plugin_loading, missing_finalize, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Could not find the function: finalize_authentication*", + "Could not load Authentication plugin*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_CONFIG); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + dds_set_log_sink( NULL, NULL ); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + +} + + +CU_Test(ddssec_security_plugin_loading, authentication_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Could not find the function for Authentication: get_shared_secret*", + "Could not load security*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + print_log = true; + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + + +} + + +CU_Test(ddssec_security_plugin_loading, access_control_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Could not find the function for Access Control: check_create_datareader*", + "Could not load security*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + + + +} + + +CU_Test(ddssec_security_plugin_loading, cryptography_missing_function, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Could not find the function for Cryptographic: set_remote_participant_crypto_tokens*", + "Could not load security*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + + + +} + + +CU_Test(ddssec_security_plugin_loading, no_library_in_path, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Could not load Authentication library: no_library_in_path: cannot open shared object file: No such file or directory*", + "Could not load Authentication library: *not*found*", + "Could not load Authentication plugin*", + "Could not load security*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + + CU_ASSERT_FATAL(found == 0xd || found == 0xe); + + dds_delete(participant); + +} + + +CU_Test(ddssec_security_plugin_loading, init_error, .init = ddsrt_init, .fini = ddsrt_fini) { + + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "Error occured while initializing Authentication plugin*", + "Could not load Authentication plugin*", + "Could not load security*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_FATAL|DDS_LC_ERROR|DDS_LC_WARNING|DDS_LC_INFO| DDS_LC_TRACE); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create participant with security elements. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x7); + + + dds_delete(participant); + +} +CU_Test(ddssec_security_plugin_loading, all_ok_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "DDS Security plugins have been loaded*", + NULL + }; + + dds_entity_t participant; + dds_qos_t * qos; + + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_INFO); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); + dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + + dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + CU_ASSERT_FATAL ((participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL)) > 0); + ddsrt_setenv(URI_VARIABLE, ""); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + + dds_delete(participant); + dds_delete_qos(qos); + CU_ASSERT_FATAL(found == 0x1); +} + + + +CU_Test(ddssec_security_plugin_loading, missing_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.auth.library.init missing in Property QoS*", + NULL + }; + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); + dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + dds_delete_qos(qos); +} + + + +CU_Test(ddssec_security_plugin_loading, empty_plugin_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.auth.library.finalize missing in Property QoS*", + NULL + }; + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); + dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, ""); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + dds_delete_qos(qos); +} + + +CU_Test(ddssec_security_plugin_loading, missing_security_property_with_props, .init = ddsrt_init, .fini = ddsrt_fini) { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "*using security settings from QoS*", + "*required security property dds.sec.access.permissions missing in Property QoS*", + NULL + }; + + + dds_entity_t participant; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); + dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + /* we ignore permissions for testing + //dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); */ + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + ddsrt_setenv(URI_VARIABLE, "finest"); + participant = dds_create_participant(DDS_DOMAIN_DEFAULT, qos, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant == DDS_RETCODE_ERROR ); +#else + dds_delete(participant); +#endif + CU_ASSERT_FATAL(found == 0x3); + dds_delete_qos(qos); +} + + + + +CU_Test(ddssec_security_plugin_loading, multiple_domains_different_config, .init = ddsrt_init, .fini = ddsrt_fini) { + /* Expected traces when creating participant with the security elements. */ + const char *log_expected[] = { + "*using security settings from configuration*", + "*using security settings from QoS*", + "DDS Security plugins have been loaded*", + "*security is already loaded for this domain*", + NULL + }; + + const char *sec_config = + "<"DDS_PROJECT_NAME">" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + "" + "finest" + "" + "" + "" + "testtext_IdentityCertificate_testtext" + "testtext_IdentityCA_testtext" + "testtext_PrivateKey_testtext" + "testtext_Password_testtext" + "testtext_Dir_testtext" + "" + "" + "" + "" + "" + "" + "file:Governance.p7s" + "file:Permissions_CA.pem" + "file:Permissions.p7s" + "" + "" + "" + ""; + + + dds_entity_t participant1, participant2, participant3; + dds_qos_t * qos; + + /* Set up the trace sinks to detect the config parsing. */ + dds_set_log_mask(DDS_LC_INFO|DDS_LC_ERROR); + dds_set_log_sink(&logger, (void*)log_expected); + dds_set_trace_sink(&logger, (void*)log_expected); + + /* Create the qos */ + unsigned char bvalue[3] = { 0x01, 0x02, 0x03 }; + CU_ASSERT_FATAL ((qos = dds_create_qos()) != NULL); + dds_qset_prop (qos, "test.prop1", "testtext_value1_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PRIV_KEY, "testtext_PrivateKey_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CERT, "testtext_IdentityCertificate_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS_CA, "file:Permissions_CA.pem"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_GOVERNANCE, "file:Governance.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_PERMISSIONS, "file:Permissions.p7s"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_PASSWORD, "testtext_Password_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_TRUSTED_CA_DIR, "file:/test/dir"); + + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_PATH, "dds_security_authentication_all_ok_other"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_INIT, "init_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_LIBRARY_FINALIZE, "finalize_authentication"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_PATH, "dds_security_cryptography_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_INIT, "init_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_CRYPTO_LIBRARY_FINALIZE, "finalize_crypto"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_PATH, "dds_security_access_control_all_ok"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_INIT, "init_access_control"); + dds_qset_prop (qos, DDS_SEC_PROP_ACCESS_LIBRARY_FINALIZE, "finalize_access_control"); + + dds_qset_prop (qos, "test.prop2", "testtext_value2_testtext"); + dds_qset_prop (qos, DDS_SEC_PROP_AUTH_IDENTITY_CA, "testtext_IdentityCA_testtext"); + dds_qset_bprop (qos, "test.bprop1", bvalue, 3); + + /* Create participant with security config in qos. */ + found = 0; + print_log = true; + ddsrt_setenv(URI_VARIABLE, sec_config); + participant1 = dds_create_participant(1, NULL, NULL); + participant2 = dds_create_participant(2, qos, NULL); + participant3 = dds_create_participant(2, NULL, NULL); + dds_set_log_sink(NULL, NULL); + dds_set_trace_sink(NULL, NULL); + ddsrt_setenv(URI_VARIABLE, ""); +#ifdef PR304_MERGED + /* It is better dds to return DDS_RETCODE_NOT_ALLOWED_BY_SECURITY instead of DDS_RETCODE_ERROR + CU_ASSERT_FATAL( participant1 == DDS_RETCODE_NOT_ALLOWED_BY_SECURITY ); */ + CU_ASSERT_FATAL( participant1 == DDS_RETCODE_ERROR ); +#else + dds_delete(participant1); + dds_delete(participant2); + dds_delete(participant3); +#endif + CU_ASSERT_FATAL(found == 0xf); + dds_delete_qos(qos); +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c new file mode 100644 index 0000000..322c465 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.c @@ -0,0 +1,597 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_access_control.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_access_control_impl { + dds_security_access_control base; + int member; +} dds_security_access_control_impl; + +/** + * Function implementations + */ + +DDS_Security_PermissionsHandle validate_local_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(identity); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 1; +} + +DDS_Security_PermissionsHandle validate_remote_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(remote_permissions_token); + DDSRT_UNUSED_ARG(remote_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean check_create_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(writer_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(reader_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *qos, DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + *relay_only = false; + + return true; +} + +DDS_Security_boolean check_remote_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datareader_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(instance_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_permissions_token( dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_permissions_credential_token( + dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener( dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_token( dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_credential_token( + dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_topic_sec_attributes( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_topic_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_handle( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + + int32_t init_access_control( const char *argument, void **context) +{ + + dds_security_access_control *access_control; + + DDSRT_UNUSED_ARG(argument); + + //allocate new instance + access_control = ddsrt_malloc(sizeof(dds_security_access_control)); + memset(access_control, 0, sizeof(dds_security_access_control)); + + //assign the interface functions + access_control->validate_local_permissions = &validate_local_permissions; + + access_control->validate_remote_permissions = &validate_remote_permissions; + + access_control->check_create_participant = &check_create_participant; + + access_control->check_create_datawriter = &check_create_datawriter; + + access_control->check_create_datareader = &check_create_datareader; + + access_control->check_create_topic = &check_create_topic; + + access_control->check_local_datawriter_register_instance = + &check_local_datawriter_register_instance; + + access_control->check_local_datawriter_dispose_instance = + &check_local_datawriter_dispose_instance; + + access_control->check_remote_participant = &check_remote_participant; + + access_control->check_remote_datawriter = &check_remote_datawriter; + + access_control->check_remote_datareader = &check_remote_datareader; + + access_control->check_remote_topic = &check_remote_topic; + + access_control->check_local_datawriter_match = &check_local_datawriter_match; + + access_control->check_local_datareader_match = &check_local_datareader_match; + + access_control->check_remote_datawriter_register_instance = + &check_remote_datawriter_register_instance; + + access_control->check_remote_datawriter_dispose_instance = + &check_remote_datawriter_dispose_instance; + + access_control->get_permissions_token = &get_permissions_token; + + access_control->get_permissions_credential_token = + &get_permissions_credential_token; + + access_control->set_listener = &set_listener; + + access_control->return_permissions_token = &return_permissions_token; + + access_control->return_permissions_credential_token = + &return_permissions_credential_token; + + access_control->get_participant_sec_attributes = + &get_participant_sec_attributes; + + access_control->get_topic_sec_attributes = &get_topic_sec_attributes; + + access_control->get_datawriter_sec_attributes = + &get_datawriter_sec_attributes; + + access_control->get_datareader_sec_attributes = + &get_datareader_sec_attributes; + + access_control->return_participant_sec_attributes = + &return_participant_sec_attributes; + + access_control->return_topic_sec_attributes = + &return_topic_sec_attributes; + + access_control->return_datawriter_sec_attributes = + &return_datawriter_sec_attributes; + + access_control->return_datareader_sec_attributes = + &return_datareader_sec_attributes; + + access_control->return_permissions_handle = + &return_permissions_handle; + + //return the instance + *context = access_control; + return 0; +} + + int32_t finalize_access_control( void *context) +{ + + DDSRT_UNUSED_ARG(context); + + ddsrt_free((dds_security_access_control*) context); + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h new file mode 100644 index 0000000..07eb595 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/access_control_all_ok/mock_access_control.h @@ -0,0 +1,281 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#ifndef SECURITY_ACCESS_CONTROL_ALLOK_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/access_control_all_ok_export.h" +#include "dds/security/dds_security_api.h" + +SECURITY_EXPORT int32_t +init_access_control(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_access_control(void *context); + + +/** + * AccessControl Interface + */ + +DDS_Security_PermissionsHandle +validate_local_permissions + ( dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_PermissionsHandle +validate_remote_permissions + ( dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_participant + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_datawriter + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_datareader + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_create_topic + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *topic_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_local_datawriter_register_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_local_datawriter_dispose_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_participant + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datareader + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_topic + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_local_datawriter_match + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_local_datareader_match + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter_register_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter_dispose_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_permissions_token + ( dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_permissions_credential_token + ( dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +set_listener + ( dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_token + ( dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_credential_token + ( dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_participant_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_topic_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_datawriter_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_datareader_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +return_participant_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_topic_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_datawriter_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +return_datareader_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_handle + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c new file mode 100644 index 0000000..a28e7e7 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.c @@ -0,0 +1,600 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_access_control.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_access_control_impl { + dds_security_access_control base; + int member; +} dds_security_access_control_impl; + +/** + * Function implementations + */ + +DDS_Security_PermissionsHandle validate_local_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(identity); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 1; +} + +DDS_Security_PermissionsHandle validate_remote_permissions( + dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(auth_plugin); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(remote_permissions_token); + DDSRT_UNUSED_ARG(remote_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean check_create_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(writer_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(reader_qos); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_create_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, const char *topic_name, + const DDS_Security_Qos *qos, DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(qos); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(writer); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_participant( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datareader( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + *relay_only = false; + + return true; +} + +DDS_Security_boolean check_remote_topic( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(topic_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datawriter_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_local_datareader_match( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(reader_permissions_handle); + DDSRT_UNUSED_ARG(writer_permissions_handle); + DDSRT_UNUSED_ARG(subscription_data); + DDSRT_UNUSED_ARG(publication_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter_register_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(instance_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean check_remote_datawriter_dispose_instance( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(reader); + DDSRT_UNUSED_ARG(publication_handle); + DDSRT_UNUSED_ARG(key); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_permissions_token( dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_permissions_credential_token( + dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener( dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_token( dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_credential_token( + dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_topic_sec_attributes( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean get_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(topic_name); + DDSRT_UNUSED_ARG(partition); + DDSRT_UNUSED_ARG(data_tag); + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_participant_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_topic_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_datawriter_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_datareader_sec_attributes( + dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(attributes); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_permissions_handle( + dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(permissions_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_access_control( const char *argument, void **context) +{ + + dds_security_access_control *access_control; + + DDSRT_UNUSED_ARG(argument); + + //allocate new instance + access_control = ddsrt_malloc(sizeof(dds_security_access_control)); + memset(access_control, 0, sizeof(dds_security_access_control)); + + //assign the interface functions + access_control->validate_local_permissions = &validate_local_permissions; + + access_control->validate_remote_permissions = &validate_remote_permissions; + + access_control->check_create_participant = &check_create_participant; + + access_control->check_create_datawriter = &check_create_datawriter; + + /* removed the function assignment + access_control->check_create_datareader = &check_create_datareader; + + */ + + access_control->check_create_topic = &check_create_topic; + + access_control->check_local_datawriter_register_instance = + &check_local_datawriter_register_instance; + + access_control->check_local_datawriter_dispose_instance = + &check_local_datawriter_dispose_instance; + + access_control->check_remote_participant = &check_remote_participant; + + access_control->check_remote_datawriter = &check_remote_datawriter; + + access_control->check_remote_datareader = &check_remote_datareader; + + access_control->check_remote_topic = &check_remote_topic; + + access_control->check_local_datawriter_match = &check_local_datawriter_match; + + access_control->check_local_datareader_match = &check_local_datareader_match; + + access_control->check_remote_datawriter_register_instance = + &check_remote_datawriter_register_instance; + + access_control->check_remote_datawriter_dispose_instance = + &check_remote_datawriter_dispose_instance; + + access_control->get_permissions_token = &get_permissions_token; + + access_control->get_permissions_credential_token = + &get_permissions_credential_token; + + access_control->set_listener = &set_listener; + + access_control->return_permissions_token = &return_permissions_token; + + access_control->return_permissions_credential_token = + &return_permissions_credential_token; + + access_control->get_participant_sec_attributes = + &get_participant_sec_attributes; + + access_control->get_topic_sec_attributes = &get_topic_sec_attributes; + + access_control->get_datawriter_sec_attributes = + &get_datawriter_sec_attributes; + + access_control->get_datareader_sec_attributes = + &get_datareader_sec_attributes; + + access_control->return_participant_sec_attributes = + &return_participant_sec_attributes; + + access_control->return_topic_sec_attributes = + &return_topic_sec_attributes; + + access_control->return_datawriter_sec_attributes = + &return_datawriter_sec_attributes; + + access_control->return_datareader_sec_attributes = + &return_datareader_sec_attributes; + + access_control->return_permissions_handle = + &return_permissions_handle; + + //return the instance + *context = access_control; + return 0; +} + + int32_t finalize_access_control( void *context) +{ + + DDSRT_UNUSED_ARG(context); + + ddsrt_free((dds_security_access_control*) context); + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h new file mode 100644 index 0000000..89d87c0 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/access_control_missing_function/mock_access_control.h @@ -0,0 +1,280 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_ACCESS_CONTROL_ALLOK_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/access_control_missing_function_export.h" +#include "dds/security/dds_security_api.h" + +SECURITY_EXPORT int32_t +init_access_control(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_access_control(void *context); + + +/** + * AccessControl Interface + */ + +DDS_Security_PermissionsHandle +validate_local_permissions + ( dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle identity, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_PermissionsHandle +validate_remote_permissions + ( dds_security_access_control *instance, + const dds_security_authentication *auth_plugin, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityHandle remote_identity_handle, + const DDS_Security_PermissionsToken *remote_permissions_token, + const DDS_Security_AuthenticatedPeerCredentialToken *remote_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_participant + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_datawriter + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *writer_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_create_datareader + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *reader_qos, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTags *data_tag, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_create_topic + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_char *topic_name, + const DDS_Security_Qos *topic_qos, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_local_datawriter_register_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData *key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_local_datawriter_dispose_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *writer, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_participant + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_ParticipantBuiltinTopicDataSecure *participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datareader + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_boolean *relay_only, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_topic + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_DomainId domain_id, + const DDS_Security_TopicBuiltinTopicData *topic_data, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_local_datawriter_match + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +check_local_datareader_match + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle reader_permissions_handle, + const DDS_Security_PermissionsHandle writer_permissions_handle, + const DDS_Security_SubscriptionBuiltinTopicDataSecure *subscription_data, + const DDS_Security_PublicationBuiltinTopicDataSecure *publication_data, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter_register_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + const DDS_Security_InstanceHandle instance_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +check_remote_datawriter_dispose_instance + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_Entity *reader, + const DDS_Security_InstanceHandle publication_handle, + const DDS_Security_DynamicData key, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_permissions_token + ( dds_security_access_control *instance, + DDS_Security_PermissionsToken *permissions_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_permissions_credential_token + ( dds_security_access_control *instance, + DDS_Security_PermissionsCredentialToken *permissions_credential_token, + const DDS_Security_PermissionsHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +set_listener + ( dds_security_access_control *instance, + const dds_security_access_control_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_token + ( dds_security_access_control *instance, + const DDS_Security_PermissionsToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_credential_token + ( dds_security_access_control *instance, + const DDS_Security_PermissionsCredentialToken *permissions_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_participant_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_topic_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_datawriter_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +get_datareader_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + const DDS_Security_char *topic_name, + const DDS_Security_PartitionQosPolicy *partition, + const DDS_Security_DataTagQosPolicy *data_tag, + DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +return_participant_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_ParticipantSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_topic_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_TopicSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_datawriter_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean +return_datareader_sec_attributes + ( dds_security_access_control *instance, + const DDS_Security_EndpointSecurityAttributes *attributes, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_permissions_handle + ( dds_security_access_control *instance, + const DDS_Security_PermissionsHandle permissions_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c new file mode 100644 index 0000000..cfe680a --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.c @@ -0,0 +1,396 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_authentication.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_authentication_impl { + dds_security_authentication base; + int id; //sample internal member +} dds_security_authentication_impl; + +DDS_Security_ValidationResult_t validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + + unsigned i; + DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; + dds_security_authentication_impl *implementation = + (dds_security_authentication_impl *) instance; + char *identity_ca = NULL; + char *identity_certificate = NULL; + char *private_key = NULL; + + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(adjusted_participant_guid); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(candidate_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + implementation->id = 2; + + memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); + + for( i=0; i< participant_qos->property.value._length; i++) + { + + //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); + printf("%s\n",participant_qos->property.value._buffer[i].name); + if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) + { + private_key = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) + { + identity_ca = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) + { + identity_certificate = participant_qos->property.value._buffer[i].value; + } + } + + if( strcmp(identity_certificate, test_identity_certificate) != 0){ + + result = DDS_SECURITY_VALIDATION_FAILED; + printf("FAILED: Could not get identity_certificate value properly\n"); + } + else if( strcmp(identity_ca, test_ca_certificate) != 0){ + printf("FAILED: Could not get identity_ca value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + }else if( strcmp(private_key, test_privatekey) != 0){ + printf("FAILED: Could not get private_key value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + + if( result == DDS_SECURITY_VALIDATION_OK ) + { + printf("DDS_SECURITY_VALIDATION_OK\n"); + } + + + return result; +} + +DDS_Security_boolean get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + memset(identity_token, 0, sizeof(*identity_token)); + + return true; +} + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_status_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(permissions_credential); + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_ValidationResult_t validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(local_auth_request_token); + DDSRT_UNUSED_ARG(remote_auth_request_token); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_token); + DDSRT_UNUSED_ARG(remote_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(sharedsecret_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_authentication( const char *argument, void **context) +{ + + dds_security_authentication_impl *authentication; + + DDSRT_UNUSED_ARG(argument); + + //allocate implementation wrapper + authentication = (dds_security_authentication_impl*) ddsrt_malloc( + sizeof(dds_security_authentication_impl)); + memset(authentication, 0, sizeof(dds_security_authentication_impl)); + + //assign the interface functions + authentication->base.validate_local_identity = &validate_local_identity; + + authentication->base.get_identity_token = &get_identity_token; + + authentication->base.get_identity_status_token = &get_identity_status_token; + + authentication->base.set_permissions_credential_and_token = + &set_permissions_credential_and_token; + + authentication->base.validate_remote_identity = &validate_remote_identity; + + authentication->base.begin_handshake_request = &begin_handshake_request; + + authentication->base.begin_handshake_reply = &begin_handshake_reply; + + authentication->base.process_handshake = &process_handshake; + + authentication->base.get_shared_secret = &get_shared_secret; + + authentication->base.get_authenticated_peer_credential_token = + &get_authenticated_peer_credential_token; + + authentication->base.set_listener = &set_listener; + + authentication->base.return_identity_token = &return_identity_token; + + authentication->base.return_identity_status_token = + &return_identity_status_token; + + authentication->base.return_authenticated_peer_credential_token = + &return_authenticated_peer_credential_token; + + authentication->base.return_handshake_handle = &return_handshake_handle; + + authentication->base.return_identity_handle = &return_identity_handle; + + authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; + + //prepare implementation wrapper + authentication->id = 1; + + //return the instance + *context = authentication; + return 0; +} + +int32_t finalize_authentication(void *instance) +{ + + ddsrt_free((dds_security_authentication_impl*) instance); + + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h new file mode 100644 index 0000000..56d297c --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok/mock_authentication.h @@ -0,0 +1,213 @@ +/* + * authentication.h + * + * Created on: Jan 15, 2018 + * Author: kurtulus oksuztepe + */ + +#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/authentication_all_ok_export.h" + +SECURITY_EXPORT int32_t +init_authentication(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_authentication(void *context); + +char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\ +VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\ +YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\ +Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\ +kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\ +9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\ ++imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\ +/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\ +Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\ +kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\ +Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\ +jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\ +gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\ +By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\ +xEEFrw==\n\ +-----END CERTIFICATE-----"; + +char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\ +ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\ +ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\ +bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\ +0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\ +SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\ +72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\ +tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\ +9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\ +FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\ +CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\ +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\ +AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\ +ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\ +Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\ +NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\ +sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\ +AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\ +O9IAQi5pa15gXjSbUg==\n\ +-----END CERTIFICATE-----"; + +char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\ +k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\ +DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\ +FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\ +m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\ +8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\ +8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\ +E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\ +wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\ +tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\ +MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\ +ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\ +CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\ +LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\ +rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\ +paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\ +9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\ +HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\ +wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\ +/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\ +P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\ +MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\ +H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\ +ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\ +LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\ +-----END RSA PRIVATE KEY-----"; + + +DDS_Security_ValidationResult_t +validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + + DDS_Security_SecurityException *ex); +DDS_Security_boolean +get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c new file mode 100644 index 0000000..ff367c5 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.c @@ -0,0 +1,353 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "dds/ddsrt/string.h" +#include "mock_authentication.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_authentication_impl { + dds_security_authentication base; + int id; //sample internal member +} dds_security_authentication_impl; + +DDS_Security_ValidationResult_t validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(adjusted_participant_guid); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(candidate_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + ex->message = ddsrt_strdup("Certificate expired"); + ex->code = DDS_SECURITY_ERR_CERT_EXPIRED_CODE; + ex->minor_code = 0; + + return DDS_SECURITY_VALIDATION_FAILED; +} + +DDS_Security_boolean get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + memset(identity_token, 0, sizeof(*identity_token)); + + return true; +} + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_status_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(permissions_credential); + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_ValidationResult_t validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(local_auth_request_token); + DDSRT_UNUSED_ARG(remote_auth_request_token); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_token); + DDSRT_UNUSED_ARG(remote_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(sharedsecret_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_authentication( const char *argument, void **context) +{ + + dds_security_authentication_impl *authentication; + + DDSRT_UNUSED_ARG(argument); + + //allocate implementation wrapper + authentication = (dds_security_authentication_impl*) ddsrt_malloc( + sizeof(dds_security_authentication_impl)); + memset(authentication, 0, sizeof(dds_security_authentication_impl)); + + //assign the interface functions + authentication->base.validate_local_identity = &validate_local_identity; + + authentication->base.get_identity_token = &get_identity_token; + + authentication->base.get_identity_status_token = &get_identity_status_token; + + authentication->base.set_permissions_credential_and_token = + &set_permissions_credential_and_token; + + authentication->base.validate_remote_identity = &validate_remote_identity; + + authentication->base.begin_handshake_request = &begin_handshake_request; + + authentication->base.begin_handshake_reply = &begin_handshake_reply; + + authentication->base.process_handshake = &process_handshake; + + authentication->base.get_shared_secret = &get_shared_secret; + + authentication->base.get_authenticated_peer_credential_token = + &get_authenticated_peer_credential_token; + + authentication->base.set_listener = &set_listener; + + authentication->base.return_identity_token = &return_identity_token; + + authentication->base.return_identity_status_token = + &return_identity_status_token; + + authentication->base.return_authenticated_peer_credential_token = + &return_authenticated_peer_credential_token; + + authentication->base.return_handshake_handle = &return_handshake_handle; + + authentication->base.return_identity_handle = &return_identity_handle; + + authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; + + //prepare implementation wrapper + authentication->id = 1; + + //return the instance + *context = authentication; + return 0; +} + +int32_t finalize_authentication(void *instance) +{ + + ddsrt_free((dds_security_authentication_impl*) instance); + + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h new file mode 100644 index 0000000..c6a416f --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_all_ok_other/mock_authentication.h @@ -0,0 +1,136 @@ +/* + * authentication.h + * + * Created on: Jan 15, 2018 + * Author: kurtulus oksuztepe + */ + +#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/authentication_all_ok_other_export.h" + +SECURITY_EXPORT int32_t +init_authentication(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_authentication(void *context); + +DDS_Security_ValidationResult_t +validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + + DDS_Security_SecurityException *ex); +DDS_Security_boolean +get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c new file mode 100644 index 0000000..a072b00 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.c @@ -0,0 +1,388 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_authentication.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_authentication_impl { + dds_security_authentication base; + int id; //sample internal member +} dds_security_authentication_impl; + +DDS_Security_ValidationResult_t validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + + unsigned i; + DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; + dds_security_authentication_impl *implementation = + (dds_security_authentication_impl *) instance; + char *identity_ca=NULL; + char *identity_certificate=NULL; + char *private_key=NULL; + + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(adjusted_participant_guid); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(candidate_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + implementation->id = 2; + + for( i=0; i< participant_qos->property.value._length; i++) + { + + printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); + if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) + { + private_key = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) + { + identity_ca = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) + { + identity_certificate = participant_qos->property.value._buffer[i].value; + } + } + + if( strcmp(identity_certificate, test_identity_certificate) != 0){ + + result = DDS_SECURITY_VALIDATION_FAILED; + printf("FAILED: Could not get identity_certificate value properly\n"); + } + else if( strcmp(identity_ca, test_ca_certificate) != 0){ + printf("FAILED: Could not get identity_ca value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + }else if( strcmp(private_key, test_privatekey) != 0){ + printf("FAILED: Could not get private_key value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + + + return result; +} + +DDS_Security_boolean get_identity_token( dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + memset(identity_token, 0, sizeof(*identity_token)); + + return true; +} + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_status_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(permissions_credential); + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_ValidationResult_t validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(local_auth_request_token); + DDSRT_UNUSED_ARG(remote_auth_request_token); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_token); + DDSRT_UNUSED_ARG(remote_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener( dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_token( dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_handshake_handle( dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_handle( dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(sharedsecret_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_authentication( const char *argument, void **context) +{ + + dds_security_authentication_impl *authentication; + DDSRT_UNUSED_ARG(argument); + + //allocate implementation wrapper + authentication = (dds_security_authentication_impl*) ddsrt_malloc( + sizeof(dds_security_authentication_impl)); + memset(authentication, 0, sizeof(dds_security_authentication_impl)); + + //assign the interface functions + authentication->base.validate_local_identity = &validate_local_identity; + + authentication->base.get_identity_token = &get_identity_token; + + authentication->base.get_identity_status_token = &get_identity_status_token; + + authentication->base.set_permissions_credential_and_token = + &set_permissions_credential_and_token; + + authentication->base.validate_remote_identity = &validate_remote_identity; + + authentication->base.begin_handshake_request = &begin_handshake_request; + + authentication->base.begin_handshake_reply = &begin_handshake_reply; + + authentication->base.process_handshake = &process_handshake; + + authentication->base.get_shared_secret = &get_shared_secret; + + authentication->base.get_authenticated_peer_credential_token = + &get_authenticated_peer_credential_token; + + authentication->base.set_listener = &set_listener; + + authentication->base.return_identity_token = &return_identity_token; + + authentication->base.return_identity_status_token = + &return_identity_status_token; + + authentication->base.return_authenticated_peer_credential_token = + &return_authenticated_peer_credential_token; + + authentication->base.return_handshake_handle = &return_handshake_handle; + + authentication->base.return_identity_handle = &return_identity_handle; + + authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; + + //prepare implementation wrapper + authentication->id = 1; + + //return the instance + *context = authentication; + return 0; +} + +/* wrong finalize function name for test purposes */ +int32_t finalize_authentication_WRONG_NAME( void *instance) +{ + + ddsrt_free((dds_security_authentication_impl*) instance); + + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h new file mode 100644 index 0000000..d7c0e09 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_finalize_error/mock_authentication.h @@ -0,0 +1,264 @@ +/* + * authentication.h + * + * Created on: Jan 15, 2018 + * Author: kurtulus oksuztepe + */ + +#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + + +#include "dds/security/authentication_finalize_error_export.h" + +SECURITY_EXPORT int32_t +init_authentication(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_authentication_WRONG_NAME(void *context); + +char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIGJzCCBA+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBsjELMAkGA1UEBhMCRlIx\n\ +DzANBgNVBAgMBkFsc2FjZTETMBEGA1UEBwwKU3RyYXNib3VyZzEYMBYGA1UECgwP\n\ +d3d3LmZyZWVsYW4ub3JnMRAwDgYDVQQLDAdmcmVlbGFuMS0wKwYDVQQDDCRGcmVl\n\ +bGFuIFNhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgkqhkiG9w0BCQEW\n\ +E2NvbnRhY3RAZnJlZWxhbi5vcmcwHhcNMTIwNDI3MTAzMTE4WhcNMjIwNDI1MTAz\n\ +MTE4WjB+MQswCQYDVQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRgwFgYDVQQKDA93\n\ +d3cuZnJlZWxhbi5vcmcxEDAOBgNVBAsMB2ZyZWVsYW4xDjAMBgNVBAMMBWFsaWNl\n\ +MSIwIAYJKoZIhvcNAQkBFhNjb250YWN0QGZyZWVsYW4ub3JnMIICIjANBgkqhkiG\n\ +9w0BAQEFAAOCAg8AMIICCgKCAgEA3W29+ID6194bH6ejLrIC4hb2Ugo8v6ZC+Mrc\n\ +k2dNYMNPjcOKABvxxEtBamnSaeU/IY7FC/giN622LEtV/3oDcrua0+yWuVafyxmZ\n\ +yTKUb4/GUgafRQPf/eiX9urWurtIK7XgNGFNUjYPq4dSJQPPhwCHE/LKAykWnZBX\n\ +RrX0Dq4XyApNku0IpjIjEXH+8ixE12wH8wt7DEvdO7T3N3CfUbaITl1qBX+Nm2Z6\n\ +q4Ag/u5rl8NJfXg71ZmXA3XOj7zFvpyapRIZcPmkvZYn7SMCp8dXyXHPdpSiIWL2\n\ +uB3KiO4JrUYvt2GzLBUThp+lNSZaZ/Q3yOaAAUkOx+1h08285Pi+P8lO+H2Xic4S\n\ +vMq1xtLg2bNoPC5KnbRfuFPuUD2/3dSiiragJ6uYDLOyWJDivKGt/72OVTEPAL9o\n\ +6T2pGZrwbQuiFGrGTMZOvWMSpQtNl+tCCXlT4mWqJDRwuMGrI4DnnGzt3IKqNwS4\n\ +Qyo9KqjMIPwnXZAmWPm3FOKe4sFwc5fpawKO01JZewDsYTDxVj+cwXwFxbE2yBiF\n\ +z2FAHwfopwaH35p3C6lkcgP2k/zgAlnBluzACUI+MKJ/G0gv/uAhj1OHJQ3L6kn1\n\ +SpvQ41/ueBjlunExqQSYD7GtZ1Kg8uOcq2r+WISE3Qc9MpQFFkUVllmgWGwYDuN3\n\ +Zsez95kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT\n\ +TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFlfyRO6G8y5qEFKikl5\n\ +ajb2fT7XMB8GA1UdIwQYMBaAFCNsLT0+KV14uGw+quK7Lh5sh/JTMA0GCSqGSIb3\n\ +DQEBBQUAA4ICAQAT5wJFPqervbja5+90iKxi1d0QVtVGB+z6aoAMuWK+qgi0vgvr\n\ +mu9ot2lvTSCSnRhjeiP0SIdqFMORmBtOCFk/kYDp9M/91b+vS+S9eAlxrNCB5VOf\n\ +PqxEPp/wv1rBcE4GBO/c6HcFon3F+oBYCsUQbZDKSSZxhDm3mj7pb67FNbZbJIzJ\n\ +70HDsRe2O04oiTx+h6g6pW3cOQMgIAvFgKN5Ex727K4230B0NIdGkzuj4KSML0NM\n\ +slSAcXZ41OoSKNjy44BVEZv0ZdxTDrRM4EwJtNyggFzmtTuV02nkUj1bYYYC5f0L\n\ +ADr6s0XMyaNk8twlWYlYDZ5uKDpVRVBfiGcq0uJIzIvemhuTrofh8pBQQNkPRDFT\n\ +Rq1iTo1Ihhl3/Fl1kXk1WR3jTjNb4jHX7lIoXwpwp767HAPKGhjQ9cFbnHMEtkro\n\ +RlJYdtRq5mccDtwT0GFyoJLLBZdHHMHJz0F9H7FNk2tTQQMhK5MVYwg+LIaee586\n\ +CQVqfbscp7evlgjLW98H+5zylRHAgoH2G79aHljNKMp9BOuq6SnEglEsiWGVtu2l\n\ +hnx8SB3sVJZHeer8f/UQQwqbAO+Kdy70NmbSaqaVtp8jOxLiidWkwSyRTsuU6D8i\n\ +DiH5uEqBXExjrj0FslxcVKdVj5glVcSmkLwZKbEU1OKwleT/iXFhvooWhQ==\n\ +-----END CERTIFICATE-----"; + +char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIGOTCCBCGgAwIBAgIJAOE/vJd8EB24MA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD\n\ +VQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRMwEQYDVQQHDApTdHJhc2JvdXJnMRgw\n\ +FgYDVQQKDA93d3cuZnJlZWxhbi5vcmcxEDAOBgNVBAsMB2ZyZWVsYW4xLTArBgNV\n\ +BAMMJEZyZWVsYW4gU2FtcGxlIENlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAGCSqG\n\ +SIb3DQEJARYTY29udGFjdEBmcmVlbGFuLm9yZzAeFw0xMjA0MjcxMDE3NDRaFw0x\n\ +MjA1MjcxMDE3NDRaMIGyMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGQWxzYWNlMRMw\n\ +EQYDVQQHDApTdHJhc2JvdXJnMRgwFgYDVQQKDA93d3cuZnJlZWxhbi5vcmcxEDAO\n\ +BgNVBAsMB2ZyZWVsYW4xLTArBgNVBAMMJEZyZWVsYW4gU2FtcGxlIENlcnRpZmlj\n\ +YXRlIEF1dGhvcml0eTEiMCAGCSqGSIb3DQEJARYTY29udGFjdEBmcmVlbGFuLm9y\n\ +ZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAODp+8oQcK+MTuWPZVxJ\n\ +ZR75paK4zcUngupYXWSGWFXPTV7vssFk6vInePArTL+T9KwHfiZ29Pp3UbzDlysY\n\ +Kz9f9Ae50jGD6xVPwXgQ/VI979GyFXzhiEMtSYykF04tBJiDl2/FZxbHPpNxC39t\n\ +14kwuDqBin9N/ZbT5+45tbbS8ziXS+QgL5hD2q2eYCWayrGEt1Y+jDAdHDHmGnZ8\n\ +d4hbgILJAs3IInOCDjC4c1gwHFb8G4QHHTwVhjhqpkq2hQHgzWBC1l2Dku/oDYev\n\ +Zu/pfpTo3z6+NOYBrUWseQmIuG+DGMQA9KOuSQveyTywBm4G4vZKn0sCu1/v2+9T\n\ +BGv41tgS/Yf6oeeQVrbS4RFY1r9qTK6DW9wkTTesa4xoDKQrWjSJ7+aa8tvBXLGX\n\ +x2xdRNWLeRMuGBSOihwXmDr+rCJRauT7pItN5X+uWNTX1ofNksQSUMaFJ5K7L0LU\n\ +iQqU2Yyt/8UphdVZL4EFkGSA13UDWtb9mM1hY0h65LlSYwCchEphrtI9cuV+ITrS\n\ +NcN6cP/dqDx1/jWd6dqjNu7+dugwX5elQS9uUYCFmugR5s1m2eeBg3QuC7gZLE0N\n\ +NbgS7oSxKJe9KeOcw68jHWfBKsCfBfQ4fU2t/ntMybT3hCdEMQu4dgM5Tyw/UeFq\n\ +0SaJyTl+G1bTzS0FW6uUp6NLAgMBAAGjUDBOMB0GA1UdDgQWBBQjbC09PildeLhs\n\ +Pqriuy4ebIfyUzAfBgNVHSMEGDAWgBQjbC09PildeLhsPqriuy4ebIfyUzAMBgNV\n\ +HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCwRJpJCgp7S+k9BT6X3kBefonE\n\ +EOYtyWXBPpuyG3Qlm1rdhc66DCGForDmTxjMmHYtNmAVnM37ILW7MoflWrAkaY19\n\ +gv88Fzwa5e6rWK4fTSpiEOc5WB2A3HPN9wJnhQXt1WWMDD7jJSLxLIwFqkzpDbDE\n\ +9122TtnIbmKNv0UQpzPV3Ygbqojy6eZHUOT05NaOT7vviv5QwMAH5WeRfiCys8CG\n\ +Sno/o830OniEHvePTYswLlX22LyfSHeoTQCCI8pocytl7IwARKCvBgeFqvPrMiqP\n\ +ch16FiU9II8KaMgpebrUSz3J1BApOOd1LBd42BeTAkNSxjRvbh8/lDWfnE7ODbKc\n\ +b6Ad3V9flFb5OBZH4aTi6QfrDnBmbLgLL8o/MLM+d3Kg94XRU9LjC2rjivQ6MC53\n\ +EnWNobcJFY+soXsJokGtFxKgIx8XrhF5GOsT2f1pmMlYL4cjlU0uWkPOOkhq8tIp\n\ +R8cBYphzXu1v6h2AaZLRq184e30ZO98omKyQoQ2KAm5AZayRrZZtjvEZPNamSuVQ\n\ +iPe3o/4tyQGq+jEMAEjLlDECu0dEa6RFntcbBPMBP3wZwE2bI9GYgvyaZd63DNdm\n\ +Xd65m0mmfOWYttfrDT3Q95YP54nHpIxKBw1eFOzrnXOqbKVmJ/1FDP2yWeooKVLf\n\ +KvbxUcDaVvXB0EU0bg==\n\ +-----END CERTIFICATE-----"; + +char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIJKQIBAAKCAgEA3W29+ID6194bH6ejLrIC4hb2Ugo8v6ZC+Mrck2dNYMNPjcOK\n\ +ABvxxEtBamnSaeU/IY7FC/giN622LEtV/3oDcrua0+yWuVafyxmZyTKUb4/GUgaf\n\ +RQPf/eiX9urWurtIK7XgNGFNUjYPq4dSJQPPhwCHE/LKAykWnZBXRrX0Dq4XyApN\n\ +ku0IpjIjEXH+8ixE12wH8wt7DEvdO7T3N3CfUbaITl1qBX+Nm2Z6q4Ag/u5rl8NJ\n\ +fXg71ZmXA3XOj7zFvpyapRIZcPmkvZYn7SMCp8dXyXHPdpSiIWL2uB3KiO4JrUYv\n\ +t2GzLBUThp+lNSZaZ/Q3yOaAAUkOx+1h08285Pi+P8lO+H2Xic4SvMq1xtLg2bNo\n\ +PC5KnbRfuFPuUD2/3dSiiragJ6uYDLOyWJDivKGt/72OVTEPAL9o6T2pGZrwbQui\n\ +FGrGTMZOvWMSpQtNl+tCCXlT4mWqJDRwuMGrI4DnnGzt3IKqNwS4Qyo9KqjMIPwn\n\ +XZAmWPm3FOKe4sFwc5fpawKO01JZewDsYTDxVj+cwXwFxbE2yBiFz2FAHwfopwaH\n\ +35p3C6lkcgP2k/zgAlnBluzACUI+MKJ/G0gv/uAhj1OHJQ3L6kn1SpvQ41/ueBjl\n\ +unExqQSYD7GtZ1Kg8uOcq2r+WISE3Qc9MpQFFkUVllmgWGwYDuN3Zsez95kCAwEA\n\ +AQKCAgBymEHxouau4z6MUlisaOn/Ej0mVi/8S1JrqakgDB1Kj6nTRzhbOBsWKJBR\n\ +PzTrIv5aIqYtvJwQzrDyGYcHMaEpNpg5Rz716jPGi5hAPRH+7pyHhO/Watv4bvB+\n\ +lCjO+O+v12+SDC1U96+CaQUFLQSw7H/7vfH4UsJmhvX0HWSSWFzsZRCiklOgl1/4\n\ +vlNgB7MU/c7bZLyor3ZuWQh8Q6fgRSQj0kp1T/78RrwDl8r7xG4gW6vj6F6m+9bg\n\ +ro5Zayu3qxqJhWVvR3OPvm8pVa4hIJR5J5Jj3yZNOwdOX/Saiv6tEx7MvB5bGQlC\n\ +6co5SIEPPZ/FNC1Y/PNOWrb/Q4GW1AScdICZu7wIkKzWAJCo59A8Luv5FV8vm4R2\n\ +4JkyB6kXcVfowrjYXqDF/UX0ddDLLGF96ZStte3PXX8PQWY89FZuBkGw6NRZInHi\n\ +xinN2V8cm7Cw85d9Ez2zEGB4KC7LI+JgLQtdg3XvbdfhOi06eGjgK2mwfOqT8Sq+\n\ +v9POIJXTNEI3fi3dB86af/8OXRtOrAa1mik2msDI1Goi7cKQbC3fz/p1ISQCptvs\n\ +YvNwstDDutkA9o9araQy5b0LC6w5k+CSdVNbd8O2EUd0OBOUjblHKvdZ3Voz8EDF\n\ +ywYimmNGje1lK8nh2ndpja5q3ipDs1hKg5UujoGfei2gn0ch5QKCAQEA8O+IHOOu\n\ +T/lUgWspophE0Y1aUJQPqgK3EiKB84apwLfz2eAPSBff2dCN7Xp6s//u0fo41LE5\n\ +P0ds/5eu9PDlNF6HH5H3OYpV/57v5O2OSBQdB/+3TmNmQGYJCSzouIS3YNOUPQ1z\n\ +FFvRateN91BW7wKFHr0+M4zG6ezfutAQywWNoce7oGaYTT8z/yWXqmFidDqng5w5\n\ +6d8t40ScozIVacGug+lRi8lbTC+3Tp0r+la66h49upged3hFOvGXIOybvYcE98K2\n\ +GpNl9cc4q6O1WLdR7QC91ZNflKOKE8fALLZ/stEXL0p2bixbSnbIdxOEUch/iQhM\n\ +chxlsRFLjxV1dwKCAQEA60X6LyefIlXzU3PA+gIRYV0g8FOxzxXfvqvYeyOGwDaa\n\ +p/Ex50z76jIJK8wlW5Ei7U6xsxxw3E9DLH7Sf3H4KiGouBVIdcv9+IR0LcdYPR9V\n\ +oCQ1Mm5a7fjnm/FJwTokdgWGSwmFTH7/jGcNHZ8lumlRFCj6VcLT/nRxM6dgIXSo\n\ +w1D9QGC9V+e6KOZ6VR5xK0h8pOtkqoGrbFLu26GPBSuguPJXt0fwJt9PAG+6VvxJ\n\ +89NLML/n+g2/jVKXhfTT1Mbb3Fx4lnbLnkP+JrvYIaoQ1PZNggILYCUGJJTLtqOT\n\ +gkg1S41/X8EFg671kAB6ZYPbd5WnL14Xp0a9MOB/bwKCAQEA6WVAl6u/al1/jTdA\n\ +R+/1ioHB4Zjsa6bhrUGcXUowGy6XnJG+e/oUsS2kr04cm03sDaC1eOSNLk2Euzw3\n\ +EbRidI61mtGNikIF+PAAN+YgFJbXYK5I5jjIDs5JJohIkKaP9c5AJbxnpGslvLg/\n\ +IDrFXBc22YY9QTa4YldCi/eOrP0eLIANs95u3zXAqwPBnh1kgG9pYsbuGy5Fh4kp\n\ +q7WSpLYo1kQo6J8QQAdhLVh4B7QIsU7GQYGm0djCR81Mt2o9nCW1nEUUnz32YVay\n\ +ASM/Q0eip1I2kzSGPLkHww2XjjjkD1cZfIhHnYZ+kO3sV92iKo9tbFOLqmbz48l7\n\ +RoplFQKCAQEA6i+DcoCL5A+N3tlvkuuQBUw/xzhn2uu5BP/kwd2A+b7gfp6Uv9lf\n\ +P6SCgHf6D4UOMQyN0O1UYdb71ESAnp8BGF7cpC97KtXcfQzK3+53JJAWGQsxcHts\n\ +Q0foss6gTZfkRx4EqJhXeOdI06aX5Y5ObZj7PYf0dn0xqyyYqYPHKkYG3jO1gelJ\n\ +T0C3ipKv3h4pI55Jg5dTYm0kBvUeELxlsg3VM4L2UNdocikBaDvOTVte+Taut12u\n\ +OLaKns9BR/OFD1zJ6DSbS5n/4A9p4YBFCG1Rx8lLKUeDrzXrQWpiw+9amunpMsUr\n\ +rlJhfMwgXjA7pOR1BjmOapXMEZNWKlqsPQKCAQByVDxIwMQczUFwQMXcu2IbA3Z8\n\ +Czhf66+vQWh+hLRzQOY4hPBNceUiekpHRLwdHaxSlDTqB7VPq+2gSkVrCX8/XTFb\n\ +SeVHTYE7iy0Ckyme+2xcmsl/DiUHfEy+XNcDgOutS5MnWXANqMQEoaLW+NPLI3Lu\n\ +V1sCMYTd7HN9tw7whqLg18wB1zomSMVGT4DkkmAzq4zSKI1FNYp8KA3OE1Emwq+0\n\ +wRsQuawQVLCUEP3To6kYOwTzJq7jhiUK6FnjLjeTrNQSVdoqwoJrlTAHgXVV3q7q\n\ +v3TGd3xXD9yQIjmugNgxNiwAZzhJs/ZJy++fPSJ1XQxbd9qPghgGoe/ff6G7\n\ +-----END RSA PRIVATE KEY-----"; + + + +DDS_Security_ValidationResult_t +validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + + DDS_Security_SecurityException *ex); +DDS_Security_boolean +get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c new file mode 100644 index 0000000..d42e4f5 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.c @@ -0,0 +1,347 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_authentication.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_authentication_impl { + dds_security_authentication base; + int id; //sample internal member +} dds_security_authentication_impl; + +DDS_Security_ValidationResult_t validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + + unsigned i; + DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; + dds_security_authentication_impl *implementation = + (dds_security_authentication_impl *) instance; + char *identity_ca = NULL; + char *identity_certificate = NULL; + char *private_key = NULL; + + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(adjusted_participant_guid); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(candidate_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + implementation->id = 2; + + memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); + + for( i=0; i< participant_qos->property.value._length; i++) + { + + //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); + printf("%s\n",participant_qos->property.value._buffer[i].name); + if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) + { + private_key = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) + { + identity_ca = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) + { + identity_certificate = participant_qos->property.value._buffer[i].value; + } + } + + if( strcmp(identity_certificate, test_identity_certificate) != 0){ + + result = DDS_SECURITY_VALIDATION_FAILED; + printf("FAILED: Could not get identity_certificate value properly\n"); + } + else if( strcmp(identity_ca, test_ca_certificate) != 0){ + printf("FAILED: Could not get identity_ca value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + }else if( strcmp(private_key, test_privatekey) != 0){ + printf("FAILED: Could not get private_key value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + + if( result == DDS_SECURITY_VALIDATION_OK ) + { + printf("DDS_SECURITY_VALIDATION_OK\n"); + } + + + return result; +} + +DDS_Security_boolean get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + memset(identity_token, 0, sizeof(*identity_token)); + + return true; +} + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_status_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(permissions_credential); + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_ValidationResult_t validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(local_auth_request_token); + DDSRT_UNUSED_ARG(remote_auth_request_token); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_token); + DDSRT_UNUSED_ARG(remote_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(sharedsecret_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_authentication( const char *argument, void **context) +{ + + DDSRT_UNUSED_ARG(argument); + DDSRT_UNUSED_ARG(context); + + /* return error code for test purposes */ + return 1; +} + +int32_t finalize_authentication(void *instance) +{ + + ddsrt_free((dds_security_authentication_impl*) instance); + + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h new file mode 100644 index 0000000..faceace --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_init_error/mock_authentication.h @@ -0,0 +1,217 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/authentication_init_error_export.h" + +SECURITY_EXPORT int32_t +init_authentication(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_authentication(void *context); + +char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\ +VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\ +YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\ +Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\ +kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\ +9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\ ++imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\ +/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\ +Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\ +kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\ +Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\ +jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\ +gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\ +By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\ +xEEFrw==\n\ +-----END CERTIFICATE-----"; + +char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\ +ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\ +ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\ +bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\ +0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\ +SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\ +72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\ +tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\ +9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\ +FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\ +CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\ +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\ +AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\ +ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\ +Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\ +NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\ +sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\ +AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\ +O9IAQi5pa15gXjSbUg==\n\ +-----END CERTIFICATE-----"; + +char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\ +k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\ +DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\ +FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\ +m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\ +8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\ +8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\ +E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\ +wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\ +tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\ +MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\ +ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\ +CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\ +LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\ +rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\ +paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\ +9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\ +HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\ +wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\ +/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\ +P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\ +MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\ +H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\ +ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\ +LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\ +-----END RSA PRIVATE KEY-----"; + + +DDS_Security_ValidationResult_t +validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + + DDS_Security_SecurityException *ex); +DDS_Security_boolean +get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c new file mode 100644 index 0000000..ee4efe2 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.c @@ -0,0 +1,396 @@ +/* + * authentication.c + * + * Created on: Jan 12, 2018 + * Author: kurtulus oksuztepe + * + * Description: This file implements the Authentication interface for DDS Security 1.2 + * + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include "mock_authentication.h" +#include +#include +#include + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_authentication_impl { + dds_security_authentication base; + int id; //sample internal member +} dds_security_authentication_impl; + +DDS_Security_ValidationResult_t validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + DDS_Security_SecurityException *ex) +{ + + unsigned i; + DDS_Security_ValidationResult_t result=DDS_SECURITY_VALIDATION_OK; + dds_security_authentication_impl *implementation = + (dds_security_authentication_impl *) instance; + char *identity_ca = NULL; + char *identity_certificate = NULL; + char *private_key = NULL; + + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(adjusted_participant_guid); + DDSRT_UNUSED_ARG(domain_id); + DDSRT_UNUSED_ARG(participant_qos); + DDSRT_UNUSED_ARG(candidate_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + implementation->id = 2; + + memcpy(adjusted_participant_guid, candidate_participant_guid, sizeof(DDS_Security_GUID_t)); + + for( i=0; i< participant_qos->property.value._length; i++) + { + + //printf("%s: %s",participant_qos->property.value._buffer[i].name, participant_qos->property.value._buffer[i].value); + printf("%s\n",participant_qos->property.value._buffer[i].name); + if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.private_key") == 0) + { + private_key = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_ca") == 0) + { + identity_ca = participant_qos->property.value._buffer[i].value; + } else if( strcmp(participant_qos->property.value._buffer[i].name, "dds.sec.auth.identity_certificate") == 0) + { + identity_certificate = participant_qos->property.value._buffer[i].value; + } + } + + if( strcmp(identity_certificate, test_identity_certificate) != 0){ + + result = DDS_SECURITY_VALIDATION_FAILED; + printf("FAILED: Could not get identity_certificate value properly\n"); + } + else if( strcmp(identity_ca, test_ca_certificate) != 0){ + printf("FAILED: Could not get identity_ca value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + }else if( strcmp(private_key, test_privatekey) != 0){ + printf("FAILED: Could not get private_key value properly\n"); + result = DDS_SECURITY_VALIDATION_FAILED; + } + + if( result == DDS_SECURITY_VALIDATION_OK ) + { + printf("DDS_SECURITY_VALIDATION_OK\n"); + } + + + return result; +} + +DDS_Security_boolean get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + memset(identity_token, 0, sizeof(*identity_token)); + + return true; +} + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_status_token); + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handle); + DDSRT_UNUSED_ARG(permissions_credential); + DDSRT_UNUSED_ARG(permissions_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_ValidationResult_t validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(remote_identity_handle); + DDSRT_UNUSED_ARG(local_auth_request_token); + DDSRT_UNUSED_ARG(remote_auth_request_token); + DDSRT_UNUSED_ARG(local_identity_handle); + DDSRT_UNUSED_ARG(remote_identity_token); + DDSRT_UNUSED_ARG(remote_participant_guid); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(initiator_identity_handle); + DDSRT_UNUSED_ARG(replier_identity_handle); + DDSRT_UNUSED_ARG(serialized_local_participant_data); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_ValidationResult_t process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_message_out); + DDSRT_UNUSED_ARG(handshake_message_in); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return DDS_SECURITY_VALIDATION_OK; +} + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return 0; +} + +DDS_Security_boolean get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(listener); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(peer_credential_token); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(handshake_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_identity_handle(dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(identity_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(sharedsecret_handle); + DDSRT_UNUSED_ARG(ex); + DDSRT_UNUSED_ARG(instance); + + return true; +} + +int32_t init_authentication( const char *argument, void **context) +{ + + dds_security_authentication_impl *authentication; + + DDSRT_UNUSED_ARG(argument); + + //allocate implementation wrapper + authentication = (dds_security_authentication_impl*) ddsrt_malloc( + sizeof(dds_security_authentication_impl)); + memset(authentication, 0, sizeof(dds_security_authentication_impl)); + + //assign the interface functions + authentication->base.validate_local_identity = &validate_local_identity; + + authentication->base.get_identity_token = &get_identity_token; + + authentication->base.get_identity_status_token = &get_identity_status_token; + + authentication->base.set_permissions_credential_and_token = + &set_permissions_credential_and_token; + + authentication->base.validate_remote_identity = &validate_remote_identity; + + authentication->base.begin_handshake_request = &begin_handshake_request; + + authentication->base.begin_handshake_reply = &begin_handshake_reply; + + authentication->base.process_handshake = &process_handshake; + + /* missing function + authentication->base.get_shared_secret = &get_shared_secret; + */ + + authentication->base.get_authenticated_peer_credential_token = + &get_authenticated_peer_credential_token; + + authentication->base.set_listener = &set_listener; + + authentication->base.return_identity_token = &return_identity_token; + + authentication->base.return_identity_status_token = + &return_identity_status_token; + + authentication->base.return_authenticated_peer_credential_token = + &return_authenticated_peer_credential_token; + + authentication->base.return_handshake_handle = &return_handshake_handle; + + authentication->base.return_identity_handle = &return_identity_handle; + + authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle; + + //prepare implementation wrapper + authentication->id = 1; + + //return the instance + *context = authentication; + return 0; +} + +int32_t finalize_authentication(void *instance) +{ + + ddsrt_free((dds_security_authentication_impl*) instance); + + return 0; +} diff --git a/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h new file mode 100644 index 0000000..d3854b1 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/authentication_missing_function/mock_authentication.h @@ -0,0 +1,218 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#ifndef SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ +#define SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ + +#include "dds/security/authentication_missing_function_export.h" + +SECURITY_EXPORT int32_t +init_authentication(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_authentication(void *context); + +char *test_identity_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIDYDCCAkigAwIBAgIBBDANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowdTELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRAwDgYDVQQKEwdBRExpbmsgMREwDwYDVQQLEwhJU1Qg\n\ +VGVzdDETMBEGA1UEAxMKQWxpY2UgVGVzdDEfMB0GCSqGSIb3DQEJARYQYWxpY2VA\n\ +YWRsaW5rLmlzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBW+tEZ\n\ +Baw7EQCEXyzH9n7IkZ8PQIKe8hG1LAOGYOF/oUYQZJO/HxbWoC4rFqOC20+A6is6\n\ +kFwr1Zzp/Wurk9CrFXo5Nomi6ActH6LUM57nYqN68w6U38z/XkQxVY/ESZ5dySfD\n\ +9Q1C8R+zdE8gwbimdYmwX7ioz336nghM2CoAHPDRthQeJupl8x4V7isOltr9CGx8\n\ ++imJXbGr39OK6u87cNLeu23sUkOIC0lSRMIqIQK3oJtHS70J2qecXdqp9MhE7Xky\n\ +/GPlI8ptQ1gJ8A3cAOvtI9mtMJMszs2EKWTLfeTcmfJHKKhKjvCgDdh3Jan4x5YP\n\ +Yg7HG6H+ceOUkMMCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkvuqZzyJ3Nu4/Eo5\n\ +kD0nVgYGBUl7cspu+636q39zPSrxLEDMUWz+u8oXLpyGcgiZ8lZulPTV8dmOn+3C\n\ +Vg55c5C+gbnbX3MDyb3wB17296RmxYf6YNul4sFOmj6+g2i+Dw9WH0PBCVKbA84F\n\ +jR3Gx2Pfoifor3DvT0YFSsjNIRt090u4dQglbIb6cWEafC7O24t5jFhGPvJ7L9SE\n\ +gB0Drh/HmKTVuaqaRkoOKkKaKuWoXsszK1ZFda1DHommnR5LpYPsDRQ2fVM4EuBF\n\ +By03727uneuG8HLuNcLEV9H0i7LxtyfFkyCPUQvWG5jehb7xPOz/Ml26NAwwjlTJ\n\ +xEEFrw==\n\ +-----END CERTIFICATE-----"; + +char *test_ca_certificate="data:,-----BEGIN CERTIFICATE-----\n\ +MIIEKTCCAxGgAwIBAgIBATANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJOTDEL\n\ +MAkGA1UECBMCT1YxEzARBgNVBAoTCkFETGluayBJU1QxGTAXBgNVBAMTEElkZW50\n\ +aXR5IENBIFRlc3QxJjAkBgkqhkiG9w0BCQEWF2luZm9AaXN0LmFkbGlua3RlY2gu\n\ +Y29tMB4XDTE4MDMxMjAwMDAwMFoXDTI3MDMxMTIzNTk1OVowcjELMAkGA1UEBhMC\n\ +TkwxCzAJBgNVBAgTAk9WMRMwEQYDVQQKEwpBRExpbmsgSVNUMRkwFwYDVQQDExBJ\n\ +ZGVudGl0eSBDQSBUZXN0MSYwJAYJKoZIhvcNAQkBFhdpbmZvQGlzdC5hZGxpbmt0\n\ +ZWNoLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANa/ENFfGVXg\n\ +bPLTzBdDfiZQcp5dWZ//Pb8ErFOJu8uosVHFv8t69dgjHgNHB4OsjmjnR7GfKUZT\n\ +0cMvWJnjsC7DDlBwFET9rj4k40n96bbVCH9I7+tNhsoqzc6Eu+5h4sk7VfNGTM2Z\n\ +SyCd4GiSZRuA44rRbhXI7/LDpr4hY5J9ZDo5AM9ZyoLAoh774H3CZWD67S35XvUs\n\ +72dzE6uKG/vxBbvZ7eW2GLO6ewa9UxlnLVMPfJdpkp/xYXwwcPW2+2YXCge1ujxs\n\ +tjrOQJ5HUySh6DkE/kZpx8zwYWm9AaCrsvCIX1thsqgvKy+U5v1FS1L58eGc6s//\n\ +9yMgNhU29R0CAwEAAaOByTCBxjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBRNVUJN\n\ +FzhJPReYT4QSx6dK53CXCTAfBgNVHSMEGDAWgBRNVUJNFzhJPReYT4QSx6dK53CX\n\ +CTAPBgNVHQ8BAf8EBQMDB/+AMGUGA1UdJQEB/wRbMFkGCCsGAQUFBwMBBggrBgEF\n\ +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkGCCsG\n\ +AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTANBgkqhkiG9w0BAQsFAAOCAQEAcOLF\n\ +ZYdJguj0uxeXB8v3xnUr1AWz9+gwg0URdfNLU2KvF2lsb/uznv6168b3/FcPgezN\n\ +Ihl9GqB+RvGwgXS/1UelCGbQiIUdsNxk246P4uOGPIyW32RoJcYPWZcpY+cw11tQ\n\ +NOnk994Y5/8ad1DmcxVLLqq5kwpXGWQufV1zOONq8B+mCvcVAmM4vkyF/de56Lwa\n\ +sAMpk1p77uhaDnuq2lIR4q3QHX2wGctFid5Q375DRscFQteY01r/dtwBBrMn0wuL\n\ +AMNx9ZGD+zAoOUaslpIlEQ+keAxk3jgGMWFMxF81YfhEnXzevSQXWpyek86XUyFL\n\ +O9IAQi5pa15gXjSbUg==\n\ +-----END CERTIFICATE-----"; + +char *test_privatekey = "data:,-----BEGIN RSA PRIVATE KEY-----\n\ +MIIEowIBAAKCAQEA0Fb60RkFrDsRAIRfLMf2fsiRnw9Agp7yEbUsA4Zg4X+hRhBk\n\ +k78fFtagLisWo4LbT4DqKzqQXCvVnOn9a6uT0KsVejk2iaLoBy0fotQznudio3rz\n\ +DpTfzP9eRDFVj8RJnl3JJ8P1DULxH7N0TyDBuKZ1ibBfuKjPffqeCEzYKgAc8NG2\n\ +FB4m6mXzHhXuKw6W2v0IbHz6KYldsavf04rq7ztw0t67bexSQ4gLSVJEwiohAreg\n\ +m0dLvQnap5xd2qn0yETteTL8Y+Ujym1DWAnwDdwA6+0j2a0wkyzOzYQpZMt95NyZ\n\ +8kcoqEqO8KAN2HclqfjHlg9iDscbof5x45SQwwIDAQABAoIBAG0dYPeqd0IhHWJ7\n\ +8azufbchLMN1pX/D51xG2uptssfnpHuhkkufSZUYi4QipRS2ME6PYhWJ8pmTi6lH\n\ +E6cUkbI0KGd/F4U2gPdhNrR9Fxwea5bbifkVF7Gx/ZkRjZJiZ3w9+mCNTQbJDKhh\n\ +wITAzzT6WYznhvqbzzBX1fTa6kv0GAQtX7aHKM+XIwkhX2gzU5TU80bvH8aMrT05\n\ +tAMGQqkUeRnpo0yucBl4VmTZzd/+X/d2UyXR0my15jE5iH5o+p+E6qTRE9D+MGUd\n\ +MQ6Ftj0Untqy1lcog1ZLL6zPlnwcD4jgY5VCYDgvabnrSwymOJapPLsAEdWdq+U5\n\ +ec44BMECgYEA/+3qPUrd4XxA517qO3fCGBvf2Gkr7w5ZDeATOTHGuD8QZeK0nxPl\n\ +CWhRjdgkqo0fyf1cjczL5XgYayo+YxkO1Z4RUU+8lJAHlVx9izOQo+MTQfkwH4BK\n\ +LYlHxMoHJwAOXXoE+dmBaDh5xT0mDUGU750r763L6EFovE4qRBn9hxkCgYEA0GWz\n\ +rpOPNxb419WxG9npoQYdCZ5IbmEOGDH3ReggVzWHmW8sqtkqTZm5srcyDpqAc1Gu\n\ +paUveMblEBbU+NFJjLWOfwB5PCp8jsrqRgCQSxolShiVkc3Vu3oyzMus9PDge1eo\n\ +9mwVGO7ojQKWRu/WVAakENPaAjeyyhv4dqSNnjsCgYEAlwe8yszqoY1k8+U0T0G+\n\ +HeIdOCXgkmOiNCj+zyrLvaEhuS6PLq1b5TBVqGJcSPWdQ+MrglbQIKu9pUg5ptt7\n\ +wJ5WU+i9PeK9Ruxc/g/BFKYFkFJQjtZzb+nqm3wpul8zGwDN/O/ZiTqCyd3rHbmM\n\ +/dZ/viKPCZHIEBAEq0m3LskCgYBndzcAo+5k8ZjWwBfQth5SfhCIp/daJgGzbYtR\n\ +P/BenAsY2KOap3tjT8Fsw5usuHSxzIojX6H0Gvu7Qzq11mLn43Q+BeQrRQTWeFRc\n\ +MQdy4iZFZXNNEp7dF8yE9VKHwdgSJPGUdxD6chMvf2tRCN6mlS171VLV6wVvZvez\n\ +H/vX5QKBgD2Dq/NHpjCpAsECP9awmNF5Akn5WJbRGmegwXIih2mOtgtYYDeuQyxY\n\ +ZCrdJFfIUjUVPagshEmUklKhkYMYpzy2PQDVtaVcm6UNFroxT5h+J+KDs1LN1H8G\n\ +LsASrzyAg8EpRulwXEfLrWKiu9DKv8bMEgO4Ovgz8zTKJZIFhcac\n\ +-----END RSA PRIVATE KEY-----"; + + +DDS_Security_ValidationResult_t +validate_local_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *local_identity_handle, + DDS_Security_GUID_t *adjusted_participant_guid, + const DDS_Security_DomainId domain_id, + const DDS_Security_Qos *participant_qos, + const DDS_Security_GUID_t *candidate_participant_guid, + + DDS_Security_SecurityException *ex); +DDS_Security_boolean +get_identity_token(dds_security_authentication *instance, + DDS_Security_IdentityToken *identity_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +set_permissions_credential_and_token( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle handle, + const DDS_Security_PermissionsCredentialToken *permissions_credential, + const DDS_Security_PermissionsToken *permissions_token, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +validate_remote_identity( + dds_security_authentication *instance, + DDS_Security_IdentityHandle *remote_identity_handle, + DDS_Security_AuthRequestMessageToken *local_auth_request_token, + const DDS_Security_AuthRequestMessageToken *remote_auth_request_token, + const DDS_Security_IdentityHandle local_identity_handle, + const DDS_Security_IdentityToken *remote_identity_token, + const DDS_Security_GUID_t *remote_participant_guid, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_request( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +begin_handshake_reply( + dds_security_authentication *instance, + DDS_Security_HandshakeHandle *handshake_handle, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_IdentityHandle initiator_identity_handle, + const DDS_Security_IdentityHandle replier_identity_handle, + const DDS_Security_OctetSeq *serialized_local_participant_data, + DDS_Security_SecurityException *ex); + +DDS_Security_ValidationResult_t +process_handshake( + dds_security_authentication *instance, + DDS_Security_HandshakeMessageToken *handshake_message_out, + const DDS_Security_HandshakeMessageToken *handshake_message_in, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_SharedSecretHandle get_shared_secret( + dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +get_authenticated_peer_credential_token( + dds_security_authentication *instance, + DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); + + +DDS_Security_boolean get_identity_status_token( + dds_security_authentication *instance, + DDS_Security_IdentityStatusToken *identity_status_token, + const DDS_Security_IdentityHandle handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean set_listener(dds_security_authentication *instance, + const dds_security_authentication_listener *listener, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_token(dds_security_authentication *instance, + const DDS_Security_IdentityToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_identity_status_token( + dds_security_authentication *instance, + const DDS_Security_IdentityStatusToken *token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_authenticated_peer_credential_token( + dds_security_authentication *instance, + const DDS_Security_AuthenticatedPeerCredentialToken *peer_credential_token, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean +return_handshake_handle(dds_security_authentication *instance, + const DDS_Security_HandshakeHandle handshake_handle, + DDS_Security_SecurityException *ex); +DDS_Security_boolean +return_identity_handle( + dds_security_authentication *instance, + const DDS_Security_IdentityHandle identity_handle, + DDS_Security_SecurityException *ex); + +DDS_Security_boolean return_sharedsecret_handle( + dds_security_authentication *instance, + const DDS_Security_SharedSecretHandle sharedsecret_handle, + DDS_Security_SecurityException *ex); + + + +#endif /* SECURITY_BUILTIN_PLUGINS_AUTHENTICATION_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c new file mode 100644 index 0000000..7f664bf --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.c @@ -0,0 +1,667 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include +#include +#include +#include "mock_cryptography.h" +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_cryptography_impl { + dds_security_cryptography base; + int member; +} dds_security_cryptography_impl; + + +dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void); +void dds_security_crypto_key_exchange__dealloc( + dds_security_crypto_key_exchange* instance); + +dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void); +void dds_security_crypto_key_factory__dealloc( + dds_security_crypto_key_factory* instance); + +/** + * CryptoTransform Interface + */ + +/* + * Allocation function for implementer structure (with internal variables) transparently. + * + */ + +dds_security_crypto_transform* dds_security_crypto_transform__alloc(void); +void dds_security_crypto_transform__dealloc( + dds_security_crypto_transform* instance); + + +int32_t init_crypto( const char *argument, void **context) +{ + + dds_security_cryptography_impl *cryptography; + + dds_security_crypto_key_exchange *crypto_key_exchange; + dds_security_crypto_key_factory *crypto_key_factory; + dds_security_crypto_transform *crypto_transform; + + + DDSRT_UNUSED_ARG(argument); + + //allocate new instance + cryptography = (dds_security_cryptography_impl*) ddsrt_malloc( + sizeof(dds_security_cryptography_impl)); + + //assign the sub components + crypto_key_exchange = dds_security_crypto_key_exchange__alloc(); + crypto_key_factory = dds_security_crypto_key_factory__alloc(); + crypto_transform = dds_security_crypto_transform__alloc(); + + + cryptography->base.crypto_key_exchange = crypto_key_exchange; + cryptography->base.crypto_key_factory = crypto_key_factory; + cryptography->base.crypto_transform = crypto_transform; + + //return the instance + *context = cryptography; + return 0; +} + +int32_t finalize_crypto( void *instance) +{ + + dds_security_cryptography_impl* instance_impl = + (dds_security_cryptography_impl*) instance; + + //deallocate components + dds_security_crypto_key_exchange__dealloc( + instance_impl->base.crypto_key_exchange); + dds_security_crypto_key_factory__dealloc( + instance_impl->base.crypto_key_factory); + dds_security_crypto_transform__dealloc(instance_impl->base.crypto_transform); + //deallocate cryptography + ddsrt_free(instance_impl); + + return 0; +} + + + + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_key_exchange_impl { + dds_security_crypto_key_exchange base; + int member; +} dds_security_crypto_key_exchange_impl; + +/** + * Function implementations + */ +static DDS_Security_boolean create_local_participant_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_participant_crypto_tokens); + DDSRT_UNUSED_ARG(local_participant_crypto); + DDSRT_UNUSED_ARG(remote_participant_crypto); + DDSRT_UNUSED_ARG(ex); + return true; + +} + +static DDS_Security_boolean set_remote_participant_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_ParticipantCryptoTokenSeq *remote_participant_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_participant_crypto); + DDSRT_UNUSED_ARG(remote_participant_crypto); + DDSRT_UNUSED_ARG(remote_participant_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean create_local_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawriter_crypto_tokens); + DDSRT_UNUSED_ARG(local_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datareader_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean set_remote_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean create_local_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_cryto_tokens); + DDSRT_UNUSED_ARG(local_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean set_remote_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datareader_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean return_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_CryptoTokenSeq *crypto_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(crypto_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void) +{ + dds_security_crypto_key_exchange_impl *instance; + instance = (dds_security_crypto_key_exchange_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_key_exchange_impl)); + + instance->base.create_local_participant_crypto_tokens = + &create_local_participant_crypto_tokens; + + instance->base.set_remote_participant_crypto_tokens = + &set_remote_participant_crypto_tokens; + + instance->base.create_local_datawriter_crypto_tokens = + &create_local_datawriter_crypto_tokens; + + instance->base.set_remote_datawriter_crypto_tokens = + &set_remote_datawriter_crypto_tokens; + + instance->base.create_local_datareader_crypto_tokens = + &create_local_datareader_crypto_tokens; + + instance->base.set_remote_datareader_crypto_tokens = + &set_remote_datareader_crypto_tokens; + + instance->base.return_crypto_tokens = &return_crypto_tokens; + + return (dds_security_crypto_key_exchange*) instance; +} + +void dds_security_crypto_key_exchange__dealloc( + dds_security_crypto_key_exchange* instance) +{ + + ddsrt_free((dds_security_crypto_key_exchange_impl*) instance); +} + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_key_factory_impl { + dds_security_crypto_key_factory base; + int member; +} dds_security_crypto_key_factory_impl; + +/** + * Function implementations + */ + +static DDS_Security_ParticipantCryptoHandle register_local_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_IdentityHandle participant_identity, + const DDS_Security_PermissionsHandle participant_permissions, + const DDS_Security_PropertySeq *participant_properties, + const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_identity); + DDSRT_UNUSED_ARG(participant_permissions); + DDSRT_UNUSED_ARG(participant_properties); + DDSRT_UNUSED_ARG(participant_security_attributes); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, + const DDS_Security_IdentityHandle remote_participant_identity, + const DDS_Security_PermissionsHandle remote_participant_permissions, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_participant_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_identity); + DDSRT_UNUSED_ARG(remote_participant_permissions); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatawriterCryptoHandle register_local_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datawriter_properties, + const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto); + DDSRT_UNUSED_ARG(datawriter_properties); + DDSRT_UNUSED_ARG(datawriter_security_attributes); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle local_datawritert_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_SharedSecretHandle shared_secret, + const DDS_Security_boolean relay_only, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawritert_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_crypto); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(relay_only); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatareaderCryptoHandle register_local_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datareader_properties, + const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto); + DDSRT_UNUSED_ARG(datareader_properties); + DDSRT_UNUSED_ARG(datareader_security_attributes); + DDSRT_UNUSED_ARG(ex); + + return 0; +} + +static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_crypt); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datawriter_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datareader_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void) +{ + dds_security_crypto_key_factory_impl *instance; + instance = (dds_security_crypto_key_factory_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_key_factory_impl)); + + instance->base.register_local_participant = ®ister_local_participant; + + instance->base.register_matched_remote_participant = + ®ister_matched_remote_participant; + + instance->base.register_local_datawriter = ®ister_local_datawriter; + + instance->base.register_matched_remote_datareader = + ®ister_matched_remote_datareader; + + instance->base.register_local_datareader = ®ister_local_datareader; + + instance->base.register_matched_remote_datawriter = + ®ister_matched_remote_datawriter; + + instance->base.unregister_participant = &unregister_participant; + + instance->base.unregister_datawriter = &unregister_datawriter; + + instance->base.unregister_datareader = &unregister_datareader; + + return (dds_security_crypto_key_factory*) instance; +} + +void dds_security_crypto_key_factory__dealloc( + dds_security_crypto_key_factory* instance) +{ + + ddsrt_free((dds_security_crypto_key_factory_impl*) instance); +} + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_transform_impl { + dds_security_crypto_transform base; + int member; +} dds_security_crypto_transform_impl; + +/** + * Function implementations + */ +static DDS_Security_boolean encode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_buffer, + DDS_Security_OctetSeq *extra_inline_qos, + const DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(extra_inline_qos); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, + int32_t *receiving_datareader_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(receiving_datareader_crypto_list); + DDSRT_UNUSED_ARG(receiving_datareader_crypto_list_index); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(sending_datareader_crypto); + DDSRT_UNUSED_ARG(receiving_datawriter_crypto_list); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_rtps_message( dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, + int32_t *receiving_participant_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_message); + DDSRT_UNUSED_ARG(plain_rtps_message); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(receiving_participant_crypto_list); + DDSRT_UNUSED_ARG(receiving_participant_crypto_list_index); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_rtps_message( dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(receiving_participant_crypto); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + + +static DDS_Security_boolean preprocess_secure_submsg( + dds_security_crypto_transform *instance, + DDS_Security_DatawriterCryptoHandle *datawriter_crypto, + DDS_Security_DatareaderCryptoHandle *datareader_crypto, + DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datawriter_crypto); + DDSRT_UNUSED_ARG(datareader_crypto); + DDSRT_UNUSED_ARG(secure_submessage_category); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(receiving_participant_crypto); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(receiving_datareader_crypto); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_rtps_message); + DDSRT_UNUSED_ARG(encoded_rtps_message); + DDSRT_UNUSED_ARG(receiving_datawriter_crypto); + DDSRT_UNUSED_ARG(sending_datareader_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_OctetSeq *inline_qos, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(inline_qos); + DDSRT_UNUSED_ARG(receiving_datareader_crypto); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +dds_security_crypto_transform* dds_security_crypto_transform__alloc(void) +{ + dds_security_crypto_transform_impl *instance; + instance = (dds_security_crypto_transform_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_transform_impl)); + + memset( instance, 0, sizeof(dds_security_crypto_transform_impl)); + + instance->base.encode_datawriter_submessage = &encode_datawriter_submessage; + + instance->base.encode_datareader_submessage = &encode_datareader_submessage; + + instance->base.encode_rtps_message = &encode_rtps_message; + + instance->base.decode_rtps_message = &decode_rtps_message; + + instance->base.preprocess_secure_submsg = &preprocess_secure_submsg; + + instance->base.decode_datawriter_submessage = &decode_datawriter_submessage; + + instance->base.decode_datareader_submessage = &decode_datareader_submessage; + + instance->base.decode_serialized_payload = &decode_serialized_payload; + + instance->base.encode_serialized_payload = &encode_serialized_payload; + + return (dds_security_crypto_transform*) instance; +} + +void dds_security_crypto_transform__dealloc( + dds_security_crypto_transform* instance) +{ + + ddsrt_free((dds_security_crypto_transform_impl*) instance); +} + + diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h new file mode 100644 index 0000000..e532a94 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_all_ok/mock_cryptography.h @@ -0,0 +1,21 @@ +/* + * authentication.h + * + * Created on: Jan 15, 2018 + * Author: kurtulus oksuztepe + */ + +#ifndef SECURITY_CRYPTO_OK_H_ +#define SECURITY_CRYPTO_OK_H_ + +#include "dds/security/cryptography_all_ok_export.h" +#include "dds/security/dds_security_api.h" + +SECURITY_EXPORT int32_t +init_crypto(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_crypto(void *context); + + +#endif /* SECURITY_CRYPTO_OK_H_ */ diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c new file mode 100644 index 0000000..3a72441 --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.c @@ -0,0 +1,656 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/misc.h" +#include +#include +#include +#include "mock_cryptography.h" +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_cryptography_impl { + dds_security_cryptography base; + int member; +} dds_security_cryptography_impl; + + +dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void); +void dds_security_crypto_key_exchange__dealloc( + dds_security_crypto_key_exchange* instance); + +dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void); +void dds_security_crypto_key_factory__dealloc( + dds_security_crypto_key_factory* instance); + +/** + * CryptoTransform Interface + */ + +/* + * Allocation function for implementer structure (with internal variables) transparently. + * + */ + +dds_security_crypto_transform* dds_security_crypto_transform__alloc(void); +void dds_security_crypto_transform__dealloc( + dds_security_crypto_transform* instance); + + +int32_t init_crypto( const char *argument, void **context) +{ + + dds_security_cryptography_impl *cryptography; + + dds_security_crypto_key_exchange *crypto_key_exchange; + dds_security_crypto_key_factory *crypto_key_factory; + dds_security_crypto_transform *crypto_transform; + + + DDSRT_UNUSED_ARG(argument); + + //allocate new instance + cryptography = (dds_security_cryptography_impl*) ddsrt_malloc( + sizeof(dds_security_cryptography_impl)); + + memset( cryptography, 0, sizeof(dds_security_cryptography_impl)); + //assign the sub components + crypto_key_exchange = dds_security_crypto_key_exchange__alloc(); + crypto_key_factory = dds_security_crypto_key_factory__alloc(); + crypto_transform = dds_security_crypto_transform__alloc(); + + + cryptography->base.crypto_key_exchange = crypto_key_exchange; + cryptography->base.crypto_key_factory = crypto_key_factory; + cryptography->base.crypto_transform = crypto_transform; + + //return the instance + *context = cryptography; + return 0; +} + +int32_t finalize_crypto( void *instance) +{ + + dds_security_cryptography_impl* instance_impl = + (dds_security_cryptography_impl*) instance; + + //deallocate components + dds_security_crypto_key_exchange__dealloc( + instance_impl->base.crypto_key_exchange); + dds_security_crypto_key_factory__dealloc( + instance_impl->base.crypto_key_factory); + dds_security_crypto_transform__dealloc(instance_impl->base.crypto_transform); + //deallocate cryptography + ddsrt_free(instance_impl); + + return 0; +} + + + + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_key_exchange_impl { + dds_security_crypto_key_exchange base; + int member; +} dds_security_crypto_key_exchange_impl; + +/** + * Function implementations + */ +static DDS_Security_boolean create_local_participant_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_ParticipantCryptoTokenSeq *local_participant_crypto_tokens, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_participant_crypto_tokens); + DDSRT_UNUSED_ARG(local_participant_crypto); + DDSRT_UNUSED_ARG(remote_participant_crypto); + DDSRT_UNUSED_ARG(ex); + return true; + +} + +static DDS_Security_boolean create_local_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatawriterCryptoTokenSeq *local_datawriter_crypto_tokens, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawriter_crypto_tokens); + DDSRT_UNUSED_ARG(local_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datareader_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean set_remote_datawriter_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + const DDS_Security_DatawriterCryptoTokenSeq *remote_datawriter_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean create_local_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_DatareaderCryptoTokenSeq *local_datareader_cryto_tokens, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle remote_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_cryto_tokens); + DDSRT_UNUSED_ARG(local_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean set_remote_datareader_crypto_tokens( + dds_security_crypto_key_exchange *instance, + const DDS_Security_DatawriterCryptoHandle local_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle remote_datareader_crypto, + const DDS_Security_DatareaderCryptoTokenSeq *remote_datareader_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawriter_crypto); + DDSRT_UNUSED_ARG(remote_datareader_crypto); + DDSRT_UNUSED_ARG(remote_datareader_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean return_crypto_tokens( + dds_security_crypto_key_exchange *instance, + DDS_Security_CryptoTokenSeq *crypto_tokens, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(crypto_tokens); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +dds_security_crypto_key_exchange* dds_security_crypto_key_exchange__alloc(void) +{ + dds_security_crypto_key_exchange_impl *instance; + instance = (dds_security_crypto_key_exchange_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_key_exchange_impl)); + + memset( instance, 0, sizeof(dds_security_crypto_key_exchange_impl)); + + instance->base.create_local_participant_crypto_tokens = + &create_local_participant_crypto_tokens; + + /* Do not assign it for testing purposes + instance->base.set_remote_participant_crypto_tokens = + &set_remote_participant_crypto_tokens; + */ + + instance->base.create_local_datawriter_crypto_tokens = + &create_local_datawriter_crypto_tokens; + + instance->base.set_remote_datawriter_crypto_tokens = + &set_remote_datawriter_crypto_tokens; + + instance->base.create_local_datareader_crypto_tokens = + &create_local_datareader_crypto_tokens; + + instance->base.set_remote_datareader_crypto_tokens = + &set_remote_datareader_crypto_tokens; + + instance->base.return_crypto_tokens = &return_crypto_tokens; + + return (dds_security_crypto_key_exchange*) instance; +} + +void dds_security_crypto_key_exchange__dealloc( + dds_security_crypto_key_exchange* instance) +{ + + ddsrt_free((dds_security_crypto_key_exchange_impl*) instance); +} + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_key_factory_impl { + dds_security_crypto_key_factory base; + int member; +} dds_security_crypto_key_factory_impl; + +/** + * Function implementations + */ + +static DDS_Security_ParticipantCryptoHandle register_local_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_IdentityHandle participant_identity, + const DDS_Security_PermissionsHandle participant_permissions, + const DDS_Security_PropertySeq *participant_properties, + const DDS_Security_ParticipantSecurityAttributes *participant_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_identity); + DDSRT_UNUSED_ARG(participant_permissions); + DDSRT_UNUSED_ARG(participant_properties); + DDSRT_UNUSED_ARG(participant_security_attributes); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_ParticipantCryptoHandle register_matched_remote_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle local_participant_crypto_handle, + const DDS_Security_IdentityHandle remote_participant_identity, + const DDS_Security_PermissionsHandle remote_participant_permissions, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_participant_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_identity); + DDSRT_UNUSED_ARG(remote_participant_permissions); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatawriterCryptoHandle register_local_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datawriter_properties, + const DDS_Security_EndpointSecurityAttributes *datawriter_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto); + DDSRT_UNUSED_ARG(datawriter_properties); + DDSRT_UNUSED_ARG(datawriter_security_attributes); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatareaderCryptoHandle register_matched_remote_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle local_datawritert_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypto, + const DDS_Security_SharedSecretHandle shared_secret, + const DDS_Security_boolean relay_only, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datawritert_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_crypto); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(relay_only); + DDSRT_UNUSED_ARG(ex); + return 0; +} + +static DDS_Security_DatareaderCryptoHandle register_local_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto, + const DDS_Security_PropertySeq *datareader_properties, + const DDS_Security_EndpointSecurityAttributes *datareader_security_attributes, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto); + DDSRT_UNUSED_ARG(datareader_properties); + DDSRT_UNUSED_ARG(datareader_security_attributes); + DDSRT_UNUSED_ARG(ex); + + return 0; +} + +static DDS_Security_DatawriterCryptoHandle register_matched_remote_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle local_datareader_crypto_handle, + const DDS_Security_ParticipantCryptoHandle remote_participant_crypt, + const DDS_Security_SharedSecretHandle shared_secret, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(local_datareader_crypto_handle); + DDSRT_UNUSED_ARG(remote_participant_crypt); + DDSRT_UNUSED_ARG(shared_secret); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_participant( + dds_security_crypto_key_factory *instance, + const DDS_Security_ParticipantCryptoHandle participant_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(participant_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_datawriter( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatawriterCryptoHandle datawriter_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datawriter_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +static DDS_Security_boolean unregister_datareader( + dds_security_crypto_key_factory *instance, + const DDS_Security_DatareaderCryptoHandle datareader_crypto_handle, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datareader_crypto_handle); + DDSRT_UNUSED_ARG(ex); + return true; +} + +dds_security_crypto_key_factory* dds_security_crypto_key_factory__alloc(void) +{ + dds_security_crypto_key_factory_impl *instance; + instance = (dds_security_crypto_key_factory_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_key_factory_impl)); + + memset( instance, 0, sizeof(dds_security_crypto_key_factory_impl)); + instance->base.register_local_participant = ®ister_local_participant; + + instance->base.register_matched_remote_participant = + ®ister_matched_remote_participant; + + instance->base.register_local_datawriter = ®ister_local_datawriter; + + instance->base.register_matched_remote_datareader = + ®ister_matched_remote_datareader; + + instance->base.register_local_datareader = ®ister_local_datareader; + + instance->base.register_matched_remote_datawriter = + ®ister_matched_remote_datawriter; + + instance->base.unregister_participant = &unregister_participant; + + instance->base.unregister_datawriter = &unregister_datawriter; + + instance->base.unregister_datareader = &unregister_datareader; + + return (dds_security_crypto_key_factory*) instance; +} + +void dds_security_crypto_key_factory__dealloc( + dds_security_crypto_key_factory* instance) +{ + + ddsrt_free((dds_security_crypto_key_factory_impl*) instance); +} + + + +/** + * Implementation structure for storing encapsulated members of the instance + * while giving only the interface definition to user + */ + +typedef struct dds_security_crypto_transform_impl { + dds_security_crypto_transform base; + int member; +} dds_security_crypto_transform_impl; + +/** + * Function implementations + */ +static DDS_Security_boolean encode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_buffer, + DDS_Security_OctetSeq *extra_inline_qos, + const DDS_Security_OctetSeq *plain_buffer, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(extra_inline_qos); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandleSeq *receiving_datareader_crypto_list, + int32_t *receiving_datareader_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(receiving_datareader_crypto_list); + DDSRT_UNUSED_ARG(receiving_datareader_crypto_list_index); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + const DDS_Security_DatawriterCryptoHandleSeq *receiving_datawriter_crypto_list, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(sending_datareader_crypto); + DDSRT_UNUSED_ARG(receiving_datawriter_crypto_list); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean encode_rtps_message( dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + const DDS_Security_ParticipantCryptoHandleSeq *receiving_participant_crypto_list, + int32_t *receiving_participant_crypto_list_index, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(encoded_rtps_message); + DDSRT_UNUSED_ARG(plain_rtps_message); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(receiving_participant_crypto_list); + DDSRT_UNUSED_ARG(receiving_participant_crypto_list_index); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_rtps_message( dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(receiving_participant_crypto); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean preprocess_secure_submsg( + dds_security_crypto_transform *instance, + DDS_Security_DatawriterCryptoHandle *datawriter_crypto, + DDS_Security_DatareaderCryptoHandle *datareader_crypto, + DDS_Security_SecureSubmessageCategory_t *secure_submessage_category, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_ParticipantCryptoHandle receiving_participant_crypto, + const DDS_Security_ParticipantCryptoHandle sending_participant_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(datawriter_crypto); + DDSRT_UNUSED_ARG(datareader_crypto); + DDSRT_UNUSED_ARG(secure_submessage_category); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(receiving_participant_crypto); + DDSRT_UNUSED_ARG(sending_participant_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_datawriter_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_submessage, + const DDS_Security_OctetSeq *encoded_rtps_submessage, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_rtps_submessage); + DDSRT_UNUSED_ARG(encoded_rtps_submessage); + DDSRT_UNUSED_ARG(receiving_datareader_crypto); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_datareader_submessage( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_rtps_message, + const DDS_Security_OctetSeq *encoded_rtps_message, + const DDS_Security_DatawriterCryptoHandle receiving_datawriter_crypto, + const DDS_Security_DatareaderCryptoHandle sending_datareader_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_rtps_message); + DDSRT_UNUSED_ARG(encoded_rtps_message); + DDSRT_UNUSED_ARG(receiving_datawriter_crypto); + DDSRT_UNUSED_ARG(sending_datareader_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +static DDS_Security_boolean decode_serialized_payload( + dds_security_crypto_transform *instance, + DDS_Security_OctetSeq *plain_buffer, const DDS_Security_OctetSeq *encoded_buffer, + const DDS_Security_OctetSeq *inline_qos, + const DDS_Security_DatareaderCryptoHandle receiving_datareader_crypto, + const DDS_Security_DatawriterCryptoHandle sending_datawriter_crypto, + DDS_Security_SecurityException *ex) +{ + DDSRT_UNUSED_ARG(instance); + DDSRT_UNUSED_ARG(plain_buffer); + DDSRT_UNUSED_ARG(encoded_buffer); + DDSRT_UNUSED_ARG(inline_qos); + DDSRT_UNUSED_ARG(receiving_datareader_crypto); + DDSRT_UNUSED_ARG(sending_datawriter_crypto); + DDSRT_UNUSED_ARG(ex); + + return true; +} + +dds_security_crypto_transform* dds_security_crypto_transform__alloc(void) +{ + dds_security_crypto_transform_impl *instance; + instance = (dds_security_crypto_transform_impl*) ddsrt_malloc( + sizeof(dds_security_crypto_transform_impl)); + + + + instance->base.encode_datawriter_submessage = &encode_datawriter_submessage; + + instance->base.encode_datareader_submessage = &encode_datareader_submessage; + + instance->base.encode_rtps_message = &encode_rtps_message; + + instance->base.decode_rtps_message = &decode_rtps_message; + + instance->base.preprocess_secure_submsg = &preprocess_secure_submsg; + + instance->base.decode_datawriter_submessage = &decode_datawriter_submessage; + + instance->base.decode_datareader_submessage = &decode_datareader_submessage; + + instance->base.decode_serialized_payload = &decode_serialized_payload; + + instance->base.encode_serialized_payload = &encode_serialized_payload; + + return (dds_security_crypto_transform*) instance; +} + +void dds_security_crypto_transform__dealloc( + dds_security_crypto_transform* instance) +{ + + ddsrt_free((dds_security_crypto_transform_impl*) instance); +} + + diff --git a/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h new file mode 100644 index 0000000..2908eeb --- /dev/null +++ b/src/security/core/tests/plugin_loading/plugin_mock/cryptography_missing_function/mock_cryptography.h @@ -0,0 +1,26 @@ +/* + * Copyright(c) 2006 to 2019 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#ifndef SECURITY_CRYPTO_MISSING_H_ +#define SECURITY_CRYPTO_MISSING_H_ + +#include "dds/security/cryptography_missing_function_export.h" +#include "dds/security/dds_security_api.h" + +SECURITY_EXPORT int32_t +init_crypto(const char *argument, void **context); + +SECURITY_EXPORT int32_t +finalize_crypto(void *context); + + +#endif /* SECURITY_CRYPTO_MISSING_H_ */