Feature: secure discovery server (#3283)

* Adding system test for secure discovery server (#3154) * Refs #16499: Added secure ds server system test Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16499: Added security props to secure_ds XML file Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Co-authored-by: Mario Dominguez <mariodominguez@eprosima.com> * PDP endpoints refactor (#3162) * Refs #16500. Modelling PDP <-> PDPEndpoints relationship. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Builtin endpoints constants moved to separate header. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added BuiltinReader aggregate. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added BuiltinWriter aggregate. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added SimplePDPEndpoints container. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Refactor on PDPSimple. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Remove references to builtin endpoints on PDP. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update PDPSimple to PDP refactor Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Improvements on PDP::initializeParticipantProxyData Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added DiscoveryServerPDPEndpoints container. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update PDPClient to PDP refactor Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update PDPServer to PDP refactor Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update EDPServer to PDP refactor. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update PDPListener to PDP refactor. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Update PDPServerListener to PDP refactor. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Ensure endpoints are assigned before being used. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Fix warning. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Uncrustify Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Apply suggestion. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com> Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com> * PKI exchange finished (#3170) * Refs #16500. PDPServer: Empty methods for secure endpoints creation. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Implementing PDPServer::should_protect_discovery() Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added DiscoveryServerPDPEndpointsSecure container. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Added constants for new entity ids. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Create reliable endpoints refactor. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Avoid automatically matching endpoints when secure. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Stateless reader creation on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Logs improved. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16501: Added PDPSecurityInitiatorListener Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Take reader mutex upwards Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: removed createparticipant() and LOG comment Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Added PDPClient SecureEndpoints Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Removed if(pdata != nullptr) Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16500. Setting writer guid inside message group. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. FakeWriter class for direct sending of DATA(p). Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Using FakeWriter on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16500. Using FakeWriter on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16501: Added pdp() method on RTPSParticipantImpl Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: pdp() instead of pdpsimple() in SecurityManager Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: PDP.h header in SecurityManager.cpp & couple of forward declarations in PDP.h Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Security Unittests Fixed Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Fix assertion when built with statistics (#3169) * Refs #16597. Fixes on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16597. Fixes on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16501: Added functor cb to PDPSecurityInitiatorListener Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Added PDPSecurityInitiatorListener Functor response callback in PDPServer.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Uncrustify Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501. Fix build without security. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16501: Address requested changes Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16501: Build PDPSecurityInitiatorListener only If SECURITY Is Enabled. Also in Tests Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Co-authored-by: Miguel Company <MiguelCompany@eprosima.com> * Secure PDP exchange (#3175) * Refs #16603. Initial changes on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Removed unused method on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Matching on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Initial refactor on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Using discovered_builtin_* on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Additional changes on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Fixes on PDPServer::assignRemoteEndpoints. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Fixes on PDPServer::removeRemoteEndpoints. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Perform matching on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Use security manager on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Using discovered_builtin_* on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Pairing endpoints moved to PDP. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Pairing endpoints on PDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Pairing endpoints on PDPServer. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Uncrustify. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Fixed communications without security. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Take into account that notifyAboveRemoteEndpoints is called only once. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Temporarily disabling secure endpoints on EDPClient. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #16603. Temporarily using mangled prefix on system test. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Secure EDP exchange (#3181) * Refs #16622: Enable Secure Available BuiltinPoints for a PDPServer Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Revert "Refs #16603. Temporarily disabling secure endpoints on EDPClient." This reverts commit dead9c9. Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Automatic GUID mangling when using secure DS (#3178) * Refs #16596: Added check_guid_comes_from() in SecurityManager Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Added check_guid_comes_from() to Authentication interface and PKIDH plugin Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Removed remote_readers vector<GUID> from PDPCLient.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Added data_matches_with_server() in PDPClient.cpp and PDPCLient.h Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Revert "Refs #16603. Temporarily using mangled prefix on system test." This reverts commit 1b68139. Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Added guids_mangling_info_ to SecurityManager Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Added public method get_remote_server_participant_proxy_data() and protected data_matches_with_server() in PDP.h PDP.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: data_matches_with_server() override in PDPClient Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Added data_matches_with_server in createParticipantProxyData() PDPClient.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: substitute mp_PDP->get_participant_proxy_data() by mp_PDP->get_remote_server_participant_proxy_data() in DSClientEvent.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes: Added notify_participant_authorized() method to postpone notifyboveendpoints() call. check_guids_comes_from() included in DiscoveredParticipantInfo. guids_mangling_info_ removed. Doxygen corrections. Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes: Renamed data_matches_with_server() to data_matches_with_prefix() and left only in PDP. Removed unnecessary method get_remote_server_participant_proxy_data(). Added data_matches_with_prefix() to get_participant_proxy_data(). DSClientEvent call reverted to get_participant_proxy_data() Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes: Restored previous TODO in idrect_send in PDPClient.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: PDPServer data_matches_with_prefix() translation Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes doxygen check_guid_comes_from() corrected Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes: add missing notify_participant_authorized() call && minor comments Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Uncrustify format changes (local) Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16596: Requested changes Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Secure DS POC (#3189) * Refs #16498: system test correction Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16498: compiation errors when compiling with NO_SECURITY Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16498: SecurityAuthentication tests corrections refactor pdpsimple() with pdp() Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16498: Windows warning in PDP.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16498: Uncrustify Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Operative SecureDS-SecureDS (#3212) * Refs #16739: Initate security handshake in Server to Server interaction Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Client to Server PDP Disposal correction. Fill remote_readers list on direct_send() with mangled prefixes Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Return true in discovered_reader/writer if remote_guid was saved in remote_pending queue in SecurityManager.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Fill corresponding remote_readers correctly on participant send_announcement disposal && send the disposal only if we have someone to inform in PDPServer.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs 16739: Uncrusify Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Send the disposal only if we have someone to inform in PDPClient.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Choose correct edp endpoint in EDPServerListeners Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Added get_builtin_pairs() methods in EDPSimple Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Added remove_related_alive_from_history_nts to DiscoveryDatabase (moved from EDPServer) Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Added process_disposal() and process_and_release_change() methods to EDPServer Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: PDPServer refactor. Modified process_disposals() && process_changes_release_() methods and removed remove_related_alive_from_history_nts() Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Check for nullptr in process_and_release_change() from EDPServer Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: output to LOG_ERROR case corrected in process_changes_release_ PDPServer Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Change const reference by plain bool parameter in process_and_release_change() and rename it in EDPServer Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: process changes release minor fixes && Restore logic on PDPServer.cpp Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Corrected LOG_ERROR print conditions Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Uncrustify Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Added true parameter on process_change_release() PDPServer when change to release is from a remote participant Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Address Revision comments Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16739: Linter Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Extended Secure DS system tests. Additional files included (#3245) Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Fix simple test scenarios (#3249) * Refs #16880: PDPClient fixes to accomplish simple test scenarios. CMakelists spaces corrected Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16880: Correction compilation erros WITHOUT_SECURITY Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16880: Applied suggested changes Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16880: Uncrustify Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Secure DS-DS communication tests (#3256) Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #16741: Check return value on PDPSecurityInitiator for processing the response Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Added Security print to fast-discovery-server executable (#3276) * Refs #17090: Added CLI tests for Security Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #17090: Added Security print to fast-discovery-server executable Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #17090: Linter Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Refs #17090: Addressed suggested changes Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> --------- Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> * Fix linters. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #17141. Fix doxygen. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs #17141. Update versions.md Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> --------- Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com> Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> Co-authored-by: Mario Dominguez <mariodominguez@eprosima.com> Co-authored-by: Mario Domínguez López <116071334+Mario-DL@users.noreply.github.com>
eProsima · Dec 26, 2023 · 4f53410 · 4f53410
1 parent 4979aae
commit 4f53410
Show file tree

Hide file tree

Showing 81 changed files with 5,216 additions and 643 deletions.
diff --git a/include/fastdds/rtps/builtin/data/BuiltinEndpoints.hpp b/include/fastdds/rtps/builtin/data/BuiltinEndpoints.hpp
@@ -0,0 +1,47 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file BuiltinEndpoints.hpp
+ */
+
+#ifndef FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP
+#define FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP
+
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_ANNOUNCER              (0x00000001 << 0)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_DETECTOR               (0x00000001 << 1)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_ANNOUNCER              (0x00000001 << 2)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_DETECTOR               (0x00000001 << 3)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_ANNOUNCER             (0x00000001 << 4)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_DETECTOR              (0x00000001 << 5)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_ANNOUNCER        (0x00000001 << 6)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_DETECTOR         (0x00000001 << 7)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_ANNOUNCER        (0x00000001 << 8)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_DETECTOR         (0x00000001 << 9)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_WRITER         (0x00000001 << 10)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_READER         (0x00000001 << 11)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_WRITER  (0x00000001 << 12)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_READER  (0x00000001 << 13)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_WRITER    (0x00000001 << 14)
+#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_READER    (0x00000001 << 15)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_ANNOUNCER       (0x00000001 << 16)
+#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_DETECTOR        (0x00000001 << 17)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_ANNOUNCER      (0x00000001 << 18)
+#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_DETECTOR       (0x00000001 << 19)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_WRITER  (0x00000001 << 20)
+#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_READER  (0x00000001 << 21)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER       (0x00000001 << 26)
+#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_DETECTOR        (0x00000001 << 27)
+
+#endif // FASTDDS_RTPS_BUILTIN_DATA__BUILTINENDPOINTS_HPP
diff --git a/include/fastdds/rtps/builtin/data/ParticipantProxyData.h b/include/fastdds/rtps/builtin/data/ParticipantProxyData.h
@@ -26,6 +26,7 @@
 #include <fastdds/rtps/attributes/RTPSParticipantAllocationAttributes.hpp>
 #include <fastdds/rtps/attributes/WriterAttributes.h>
 #include <fastdds/rtps/attributes/ReaderAttributes.h>
+#include <fastdds/rtps/builtin/data/BuiltinEndpoints.hpp>
 #include <fastdds/rtps/common/Token.h>
 #include <fastdds/rtps/common/RemoteLocators.hpp>
 
@@ -38,31 +39,6 @@
 #define BUILTIN_PARTICIPANT_DATA_MAX_SIZE 100
 #define TYPELOOKUP_DATA_MAX_SIZE 5000
 
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_ANNOUNCER              (0x00000001 << 0)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_DETECTOR               (0x00000001 << 1)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_ANNOUNCER              (0x00000001 << 2)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_DETECTOR               (0x00000001 << 3)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_ANNOUNCER             (0x00000001 << 4)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_DETECTOR              (0x00000001 << 5)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_ANNOUNCER        (0x00000001 << 6)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_PROXY_DETECTOR         (0x00000001 << 7)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_ANNOUNCER        (0x00000001 << 8)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_STATE_DETECTOR         (0x00000001 << 9)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_WRITER         (0x00000001 << 10)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_DATA_READER         (0x00000001 << 11)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_WRITER  (0x00000001 << 12)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REQUEST_DATA_READER  (0x00000001 << 13)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_WRITER    (0x00000001 << 14)
-#define BUILTIN_ENDPOINT_TYPELOOKUP_SERVICE_REPLY_DATA_READER    (0x00000001 << 15)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_ANNOUNCER       (0x00000001 << 16)
-#define DISC_BUILTIN_ENDPOINT_PUBLICATION_SECURE_DETECTOR        (0x00000001 << 17)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_ANNOUNCER      (0x00000001 << 18)
-#define DISC_BUILTIN_ENDPOINT_SUBSCRIPTION_SECURE_DETECTOR       (0x00000001 << 19)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_WRITER  (0x00000001 << 20)
-#define BUILTIN_ENDPOINT_PARTICIPANT_MESSAGE_SECURE_DATA_READER  (0x00000001 << 21)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_ANNOUNCER       (0x00000001 << 26)
-#define DISC_BUILTIN_ENDPOINT_PARTICIPANT_SECURE_DETECTOR        (0x00000001 << 27)
-
 namespace eprosima {
 namespace fastrtps {
 namespace rtps {

diff --git a/include/fastdds/rtps/builtin/discovery/endpoint/EDPSimple.h b/include/fastdds/rtps/builtin/discovery/endpoint/EDPSimple.h
@@ -225,6 +225,23 @@ class EDPSimple : public EDP
             t_p_StatefulWriter& writer,
             key_list& demises);
 
+    /**
+     * Get a pointer pair of the corresponding writer builtin endpoint for the entity_id
+     * @param [in] entity_id The entity_id to obtain the pair from.
+     * @return A pair of nullptrs if operation was unsuccessful
+     */
+    t_p_StatefulWriter get_builtin_writer_history_pair_by_entity(
+            const EntityId_t& entity_id);
+
+    /**
+     * Get a pointer pair of the corresponding reader builtin endpoint for the entity_id.
+     * If a builtin writer Entity is passed, the equivalent reader entity builtin is returned.
+     * @param [in] entity_id The entity_id to obtain the pair from.
+     * @return A pair of nullptrs if operation was unsuccessful
+     */
+    t_p_StatefulReader get_builtin_reader_history_pair_by_entity(
+            const EntityId_t& entity_id);
+
     std::shared_ptr<ITopicPayloadPool> pub_writer_payload_pool_;
     std::shared_ptr<ITopicPayloadPool> pub_reader_payload_pool_;
     std::shared_ptr<ITopicPayloadPool> sub_writer_payload_pool_;

diff --git a/include/fastdds/rtps/builtin/discovery/participant/PDP.h b/include/fastdds/rtps/builtin/discovery/participant/PDP.h
@@ -22,8 +22,9 @@
 #ifndef DOXYGEN_SHOULD_SKIP_THIS_PUBLIC
 
 #include <atomic>
-#include <mutex>
 #include <functional>
+#include <memory>
+#include <mutex>
 
 #include <fastdds/rtps/attributes/RTPSParticipantAttributes.h>
 #include <fastdds/rtps/builtin/data/ReaderProxyData.h>
@@ -40,11 +41,18 @@ namespace fastdds {
 namespace rtps {
 
 class PDPServerListener;
+class PDPEndpoints;
 
 } // namespace rtps
 } // namespace fastdds
 
 namespace fastrtps {
+namespace types {
+
+class TypeObject;
+class TypeIdentifier;
+
+} // namespace types
 namespace rtps {
 
 class RTPSWriter;
@@ -74,6 +82,7 @@ class PDP
     friend class PDPListener;
     friend class PDPServerListener;
     friend class fastdds::rtps::PDPServerListener;
+    friend class PDPSecurityInitiatorListener;
 
 public:
 
@@ -128,7 +137,7 @@ class PDP
     virtual void announceParticipantState(
             bool new_change,
             bool dispose = false,
-            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT);
+            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT) = 0;
 
     //!Stop the RTPSParticipantAnnouncement (only used in tests).
     virtual void stopParticipantAnnouncement();
@@ -378,6 +387,16 @@ class PDP
         return temp_writer_proxies_;
     }
 
+#if HAVE_SECURITY
+    virtual bool pairing_remote_writer_with_local_reader_after_security(
+            const GUID_t& local_reader,
+            const WriterProxyData& remote_writer_data);
+
+    virtual bool pairing_remote_reader_with_local_writer_after_security(
+            const GUID_t& local_writer,
+            const ReaderProxyData& remote_reader_data);
+#endif // HAVE_SECURITY
+
 protected:
 
     //!Pointer to the builtin protocols object.
@@ -386,10 +405,8 @@ class PDP
     RTPSParticipantImpl* mp_RTPSParticipant;
     //!Discovery attributes.
     BuiltinAttributes m_discovery;
-    //!Pointer to the PDPWriter.
-    RTPSWriter* mp_PDPWriter;
-    //!Pointer to the PDPReader.
-    RTPSReader* mp_PDPReader;
+    //!Builtin PDP endpoints
+    std::unique_ptr<fastdds::rtps::PDPEndpoints> builtin_endpoints_;
     //!Pointer to the EDP object.
     EDP* mp_EDP;
     //!Number of participant proxy data objects created
@@ -410,14 +427,6 @@ class PDP
     std::atomic_bool m_hasChangedLocalPDP;
     //!Listener for the SPDP messages.
     ReaderListener* mp_listener;
-    //!WriterHistory
-    WriterHistory* mp_PDPWriterHistory;
-    //!Writer payload pool
-    std::shared_ptr<ITopicPayloadPool> writer_payload_pool_;
-    //!Reader History
-    ReaderHistory* mp_PDPReaderHistory;
-    //!Reader payload pool
-    std::shared_ptr<ITopicPayloadPool> reader_payload_pool_;
     //! ProxyPool for temporary reader proxies
     ProxyPool<ReaderProxyData> temp_reader_proxies_;
     //! ProxyPool for temporary writer proxies
@@ -444,6 +453,19 @@ class PDP
             bool with_lease_duration,
             const ParticipantProxyData* participant_proxy_data = nullptr);
 
+    /**
+     * Checks whether two participant prefixes are equal by calculating the mangled
+     * GUID and comparing it with the remote participant prefix.
+     *
+     * @param guid_prefix the original desired guid_prefix to compare
+     * @param participant_data The participant proxy data to compare against
+     *
+     * @return true when prefixes are equivalent
+     */
+    bool data_matches_with_prefix(
+            const GuidPrefix_t& guid_prefix,
+            const ParticipantProxyData& participant_data);
+
     /**
      * Gets the key of a participant proxy data.
      *
@@ -456,6 +478,26 @@ class PDP
             const GUID_t& participant_guid,
             InstanceHandle_t& key);
 
+    /**
+     * Force the sending of our local DPD to all remote RTPSParticipants and multicast Locators.
+     * @param writer RTPSWriter to use for sending the announcement
+     * @param history history where the change should be added
+     * @param new_change If true a new change (with new seqNum) is created and sent;If false the last change is re-sent
+     * @param dispose sets change kind to NOT_ALIVE_DISPOSED_UNREGISTERED
+     * @param wparams allows to identify the change
+     */
+    void announceParticipantState(
+            RTPSWriter& writer,
+            WriterHistory& history,
+            bool new_change,
+            bool dispose = false,
+            WriteParams& wparams = WriteParams::WRITE_PARAM_DEFAULT);
+
+    /**
+     * Called after creating the builtin endpoints to update the metatraffic unicast locators of BuiltinProtocols
+     */
+    virtual void update_builtin_locators() = 0;
+
 private:
 
     //!TimedEvent to periodically resend the local RTPSParticipant information.

diff --git a/include/fastdds/rtps/builtin/discovery/participant/PDPSimple.h b/include/fastdds/rtps/builtin/discovery/participant/PDPSimple.h
@@ -119,6 +119,8 @@ class PDPSimple : public PDP
             int16_t userDefinedId,
             EndpointKind_t kind);
 
+    void update_builtin_locators() override;
+
 private:
 
     void initializeParticipantProxyData(

diff --git a/include/fastdds/rtps/common/EntityId_t.hpp b/include/fastdds/rtps/common/EntityId_t.hpp
@@ -361,6 +361,11 @@ const EntityId_t participant_volatile_message_secure_reader_entity_id =
 
 const EntityId_t c_EntityId_WriterLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_WRITER;
 const EntityId_t c_EntityId_ReaderLivelinessSecure = ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_SECURE_READER;
+
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_reader =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_READER;
+const EntityId_t c_EntityId_spdp_reliable_participant_secure_writer =
+        ENTITYID_SPDP_RELIABLE_BUILTIN_PARTICIPANT_SECURE_WRITER;
 #endif // if HAVE_SECURITY
 
 const EntityId_t ds_server_virtual_writer = ENTITYID_DS_SERVER_VIRTUAL_WRITER;

diff --git a/include/fastdds/rtps/security/authentication/Authentication.h b/include/fastdds/rtps/security/authentication/Authentication.h
@@ -249,6 +249,24 @@ class Authentication
             PermissionsCredentialToken* token,
             SecurityException& ex) = 0;
 
+    /**
+     * Returns whether a mangled GUID is the same as the original
+     * @param identity_handle Identity Handle of remote peer
+     * @param adjusted Mangled GUID prefix
+     * @param original Original GUID prefix candidate to compare
+     * @return true when @c adjusted corresponds to @c original
+     */
+    virtual bool check_guid_comes_from(
+            IdentityHandle* identity_handle,
+            const GUID_t& adjusted,
+            const GUID_t& original)
+    {
+        static_cast<void>(identity_handle);
+
+        //! By default, return this comparison
+        return adjusted == original;
+    }
+
     bool set_logger(
             Logging* logger,
             SecurityException& /*exception*/)

diff --git a/src/cpp/CMakeLists.txt b/src/cpp/CMakeLists.txt
@@ -290,6 +290,7 @@ set(${PROJECT_NAME}_security_source_files
     rtps/security/logging/Logging.cpp
     rtps/security/SecurityManager.cpp
     rtps/security/SecurityPluginFactory.cpp
+    rtps/builtin/discovery/participant/DS/PDPSecurityInitiatorListener.cpp
     security/authentication/PKIDH.cpp
     security/accesscontrol/Permissions.cpp
     security/cryptography/AESGCMGMAC.cpp

diff --git a/src/cpp/rtps/builtin/BuiltinReader.hpp b/src/cpp/rtps/builtin/BuiltinReader.hpp
@@ -0,0 +1,84 @@
+// Copyright 2022 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @file BuiltinReader.hpp
+ */
+
+#ifndef RTPS_BUILTIN__BUILTINREADER_HPP_
+#define RTPS_BUILTIN__BUILTINREADER_HPP_
+
+#include <memory>
+
+#include <fastdds/rtps/history/ReaderHistory.h>
+
+#include <rtps/history/ITopicPayloadPool.h>
+#include <rtps/history/PoolConfig.h>
+
+namespace eprosima {
+namespace fastdds {
+namespace rtps {
+
+/**
+ * Keeps data of a builtin reader
+ */
+template<typename TReader>
+struct BuiltinReader
+{
+    ~BuiltinReader()
+    {
+        release();
+    }
+
+    void release()
+    {
+        if (history_)
+        {
+            auto cfg = fastrtps::rtps::PoolConfig::from_history_attributes(history_->m_att);
+            history_.reset();
+            if (payload_pool_)
+            {
+                payload_pool_->release_history(cfg, true);
+            }
+        }
+    }
+
+    void remove_from_history(
+            const fastrtps::rtps::InstanceHandle_t& key)
+    {
+        history_->getMutex()->lock();
+        for (auto it = history_->changesBegin(); it != history_->changesEnd(); ++it)
+        {
+            if ((*it)->instanceHandle == key)
+            {
+                history_->remove_change(*it);
+                break;
+            }
+        }
+        history_->getMutex()->unlock();
+    }
+
+    //! Payload pool for the topic
+    std::shared_ptr<fastrtps::rtps::ITopicPayloadPool> payload_pool_;
+    //! History for the builtin reader
+    std::unique_ptr<fastrtps::rtps::ReaderHistory> history_;
+    //! Builtin RTPS reader
+    TReader* reader_ = nullptr;
+};
+
+} // namespace rtps
+} // namespace fastdds
+} // namespace eprosima
+
+#endif  // RTPS_BUILTIN__BUILTINREADER_HPP_