The configuration was changed in b25f10ff to consider the DDSSecurity
tag deprecated (there is no other), which gave rise to warnings in test
output.
Signed-off-by: Erik Boasson <eb@ilities.com>
Some of the tests wait until reader/writing matching has completed in
multiple steps and/or interleave entity creation and waiting for
matching. This commit moves the waiting to the end and uses a (mostly
arbitrary) absolute timeout rather than an arbitrary relative one that
could (but fortunately never -- or rarely -- did) add up to durations
that could easily cause the overall test to time out.
For the specific case of the access control permission expiry test (a
particularly problematic case), it uses the first expiry time and gives
a bit more time for the discovery. This appears to significantly reduce
the number of failures.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Compute the time at which the handshake must have completed from the
initial timeout specification, rather than using it as a timeout for
the individual steps of the handshake
* If the handshake fails because an expected message is not present,
print this, including whether the timeout occured because the message
queue was empty or because the expected message could not be found in
a non-empty queue.
* Replace the 0.5s per-step timeout to a single 2s timeout.
Signed-off-by: Erik Boasson <eb@ilities.com>
Introduced a test that checks for the correct matching behavious for combinations
of the read/write access control settings in the governance xml (enable read/write
access control in the topic rules) and in the permissions xml (the publish/subscribe
grants for a topic).
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add validate_local_permissions to the set of access control plugin
hooks tests, and add discovery_protection_enabled as an additional
parameter for the access control hook tests.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add testing liveness protection to the existing discovery protection
test. The test checks if the P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_WRITER
is using the encode_decode_submessage function of the crypto plugin
to secure liveliness messages.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
A test that checks that the security handshake fails in case of non-matching
encoding settings in the governance xml. All combinations of values for
rtps, discovery and liveliness protection are checked. For meta-data and
payload encoding, this test checks that a reader and writer do not connect
in case of non-matching values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Adding a test that checks the effects of using different configuration settings
for discovery protection. This test set uses the cryptography wrapper to count
the number of invocations of the encode and decode functions during a session
and checks the counts with the expected values.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Add test cases for the join_access_control governance setting and for
the access control plugin check_create_ and check_remote_ hooks,
using a wrapper plugin that simulates failure for each of these,
to test the DDSI integration with the access control plugin.
This commit also contains fixes for:
- an assert on DDS_RETCODE_OK in dds_create_reader and
dds_create_writer that cased the application to terminate in case
creation of a reader or writer is not allowed by security
- do not match a proxy reader that has the 'relay_only' set to
true, which is currently unsupported
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
expiry tests and add timestamps to test logging to get more stable
test results on Travis and enable analysing timeing issues.
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
Refactoring security core tests and adding more tests:
- Dynamically generate ca and identity certificates in authentication tests, so that certificate expiry is tested.
Added writing/reading samples to these tests to ensure that nodes can (or cannot) communicate in a specific test case
- Secure communication tests: improved the validation of encryption in wrapper
- Added test for access control plugin settings
- Replaced the in-code test identities (and included ca private keys), added an additional identity
Signed-off-by: Dennis Potman <dennis.potman@adlinktech.com>
