DDS Security dynamic plugin loading

Security plugin loading with the given configuration has been added. The configuration can be given by either the Cyclone DDS configuration file or ParticipantQoS during participant creation. ParticipantQoS is required by DDS Security spec. However, the configuration file is an additional useful feature that helps the user to add security to the DDS application without changing the binary. If ParticipantQoS has a Property starting with the name "dds.sec", then the configuration file is ignored. If the participant is the first participant, the security component is initialized. If the participant is the last active participant, then the security component is de-initialized. Signed-off-by: Kurtulus Oksuztepe <kurtulus.oksuztepe@adlinktech.com>
2019-11-20 16:54:28 +01:00 · 2019-11-20 16:54:28 +01:00 · b81ef4042b
commit b81ef4042b
parent b561cb821f
43 changed files with 8709 additions and 615 deletions
--- a/src/security/builtin_plugins/authentication/src/auth_utils.c
+++ b/src/security/builtin_plugins/authentication/src/auth_utils.c
@ -79,7 +79,7 @@ get_openssl_error_message(

 char *
 get_certificate_subject_name(
-        const X509 *cert,
+        X509 *cert,
        DDS_Security_SecurityException *ex)
 {
    X509_NAME *name;
--- a/src/security/builtin_plugins/authentication/src/auth_utils.h
+++ b/src/security/builtin_plugins/authentication/src/auth_utils.h
@ -61,7 +61,7 @@ get_openssl_error_message(
 */
 char*
 get_certificate_subject_name(
-        const X509 *cert,
+        X509 *cert,
        DDS_Security_SecurityException *ex);

 /* Return the expiry date of contained in a X509 certificate
--- a/src/security/builtin_plugins/authentication/src/authentication.c
+++ b/src/security/builtin_plugins/authentication/src/authentication.c
@ -199,7 +199,6 @@ typedef struct HandshakeInfo {

 typedef struct dds_security_authentication_impl {
    dds_security_authentication base;
-    int id; //sample internal member
    ddsrt_mutex_t lock;
    struct ddsrt_hh *objectHash;
    struct ddsrt_hh *remoteGuidHash;
@ -969,8 +968,6 @@ validate_local_identity(
        goto err_bad_param;
    }

-    implementation->id = 2;
-
    identityCertPEM = DDS_Security_Property_get_value(&participant_qos->property.value, PROPERTY_IDENTITY_CERT);
    if (!identityCertPEM) {
        result = DDS_SECURITY_VALIDATION_FAILED;
@ -3387,7 +3384,8 @@ DDS_Security_boolean return_sharedsecret_handle(
    return true;
 }

-int32_t init_authentication( const char *argument, void **context)
+int32_t
+init_authentication( const char *argument, void **context)
 {

    dds_security_authentication_impl *authentication;
@ -3442,9 +3440,6 @@ int32_t init_authentication( const char *argument, void **context)

    authentication->base.return_sharedsecret_handle = &return_sharedsecret_handle;

-    //prepare implementation wrapper
-    authentication->id = 1;
-
    ddsrt_mutex_init(&authentication->lock);

    authentication->objectHash = ddsrt_hh_new(32, security_object_hash, security_object_equal);
--- a/src/security/builtin_plugins/tests/CMakeLists.txt
+++ b/src/security/builtin_plugins/tests/CMakeLists.txt
@ -50,9 +50,10 @@ set(security_crypto_test_sources

 add_cunit_executable(cunit_security_plugins ${security_auth_test_sources} ${security_crypto_test_sources})
 if(OPENSSL_FOUND)
+  target_link_libraries(cunit_security_plugins PRIVATE ddsc dds_security_crypto)
  target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL)
 else()
-  message(FATAL_ERROR "To build without openssl support, set DDSC_ENABLE_OPENSSL to OFF")
+  message(FATAL_ERROR "To build with openssl support, set ENABLE_OPENSSL to ON")
 endif()

 target_include_directories(
@ -65,7 +66,7 @@ target_include_directories(
      "$<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>"
 )

-target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api dds_security_crypto)
+

 set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}")