Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[17090] Added Security print to fast-discovery-server executable #3276

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 27 additions & 4 deletions test/system/tools/fds/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -39,24 +39,47 @@ if(PYTHONINTERP_FOUND)
test_fast_discovery_non_existent_profile
)

if(SECURITY)
set(TESTS
${TESTS}
test_fast_discovery_security_disabled
test_fast_discovery_security_enabled_xml_prefix
test_fast_discovery_security_enabled_cli_prefix
)

configure_file(${PROJECT_SOURCE_DIR}/test/certs/maincacert.pem
${CMAKE_CURRENT_BINARY_DIR}/maincacert.pem COPYONLY)
configure_file(${PROJECT_SOURCE_DIR}/test/certs/mainsubcert.pem
${CMAKE_CURRENT_BINARY_DIR}/mainsubcert.pem COPYONLY)
configure_file(${PROJECT_SOURCE_DIR}/test/certs/mainsubkey.pem
${CMAKE_CURRENT_BINARY_DIR}/mainsubkey.pem COPYONLY)
configure_file(${PROJECT_SOURCE_DIR}/test/certs/governance_helloworld_all_enable.smime
${CMAKE_CURRENT_BINARY_DIR}/governance_helloworld_all_enable.smime COPYONLY)
configure_file(${PROJECT_SOURCE_DIR}/test/certs/permissions_helloworld.smime
${CMAKE_CURRENT_BINARY_DIR}/permissions_helloworld.smime COPYONLY)

configure_file("test_xml_secure_discovery_server.xml" "test_xml_secure_discovery_server.xml" COPYONLY)
endif()


# windows auxiliary script to fork test execution
set(PWS_LAUNCHER
${CMAKE_CURRENT_SOURCE_DIR}/launcher.ps1
)

# Calculate environment
set(TEST_ENVIRONMENT
set(TEST_ENVIRONMENT
"PATH=$ENV{PATH};$<TARGET_FILE_DIR:fastcdr>;$<TARGET_FILE_DIR:fastrtps>")

if(WIN32)

if(TARGET tinyxml2 OR TARGET tinyxml2::tinyxml2)
set(TEST_ENVIRONMENT
set(TEST_ENVIRONMENT
"${TEST_ENVIRONMENT};$<TARGET_FILE_DIR:${TINYXML2_LIBRARY}>")
elseif(EXISTS TINYXML2_LIBRARY)
elseif(EXISTS TINYXML2_LIBRARY)
get_filename_component(
TINYXML2_LIBRARY_DIR ${TINYXML2_LIBRARY} DIRECTORY)
set(TEST_ENVIRONMENT
set(TEST_ENVIRONMENT
"${TEST_ENVIRONMENT};${TINYXML2_LIBRARY_DIR}")
unset(TINYXML2_LIBRARY_DIR)
endif()
Expand Down
131 changes: 131 additions & 0 deletions test/system/tools/fds/test_xml_secure_discovery_server.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dds xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles" >
<profiles>
<participant profile_name="secure_ds_with_prefix" is_default_profile="true">
<rtps>
<prefix>44.53.00.5f.45.50.52.4f.53.49.4d.41</prefix>
<builtin>
<discovery_config>
<discoveryProtocol>SERVER</discoveryProtocol>
</discovery_config>
<metatrafficUnicastLocatorList>
<locator>
<udpv4>
<address>127.0.0.1</address>
<port>11811</port>
</udpv4>
</locator>
</metatrafficUnicastLocatorList>
</builtin>
<propertiesPolicy>
<properties>
<!-- Activate Auth:PKI-DH plugin -->
<property>
<name>dds.sec.auth.plugin</name>
<value>builtin.PKI-DH</value>
</property>
<!-- Configure Auth:PKI-DH plugin -->
<property>
<name>dds.sec.auth.builtin.PKI-DH.identity_ca</name>
<value>file://maincacert.pem</value>
</property>
<property>
<name>dds.sec.auth.builtin.PKI-DH.identity_certificate</name>
<value>file://mainsubcert.pem</value>
</property>
<property>
<name>dds.sec.auth.builtin.PKI-DH.private_key</name>
<value>file://mainsubkey.pem</value>
</property>
<!-- Activate Access:Permissions plugin -->
<property>
<name>dds.sec.access.plugin</name>
<value>builtin.Access-Permissions</value>
</property>
<!-- Configure Access:Permissions plugin -->
<property>
<name>dds.sec.access.builtin.Access-Permissions.permissions_ca</name>
<value>file://maincacert.pem</value>
</property>
<property>
<name>dds.sec.access.builtin.Access-Permissions.governance</name>
<value>file://governance_helloworld_all_enable.smime</value>
</property>
<property>
<name>dds.sec.access.builtin.Access-Permissions.permissions</name>
<value>file://permissions_helloworld.smime</value>
</property>
<!-- Activate Crypto:AES-GCM-GMAC plugin -->
<property>
<name>dds.sec.crypto.plugin</name>
<value>builtin.AES-GCM-GMAC</value>
</property>
</properties>
</propertiesPolicy>
</rtps>
</participant>
<participant profile_name="secure_ds_no_prefix">
<rtps>
<builtin>
<discovery_config>
<discoveryProtocol>SERVER</discoveryProtocol>
</discovery_config>
<metatrafficUnicastLocatorList>
<locator>
<udpv4>
<address>127.0.0.1</address>
<port>11811</port>
</udpv4>
</locator>
</metatrafficUnicastLocatorList>
</builtin>
<propertiesPolicy>
<properties>
<!-- Activate Auth:PKI-DH plugin -->
<property>
<name>dds.sec.auth.plugin</name>
<value>builtin.PKI-DH</value>
</property>
<!-- Configure Auth:PKI-DH plugin -->
<property>
<name>dds.sec.auth.builtin.PKI-DH.identity_ca</name>
<value>file://maincacert.pem</value>
</property>
<property>
<name>dds.sec.auth.builtin.PKI-DH.identity_certificate</name>
<value>file://mainsubcert.pem</value>
</property>
<property>
<name>dds.sec.auth.builtin.PKI-DH.private_key</name>
<value>file://mainsubkey.pem</value>
</property>
<!-- Activate Access:Permissions plugin -->
<property>
<name>dds.sec.access.plugin</name>
<value>builtin.Access-Permissions</value>
</property>
<!-- Configure Access:Permissions plugin -->
<property>
<name>dds.sec.access.builtin.Access-Permissions.permissions_ca</name>
<value>file://maincacert.pem</value>
</property>
<property>
<name>dds.sec.access.builtin.Access-Permissions.governance</name>
<value>file://governance_helloworld_all_enable.smime</value>
</property>
<property>
<name>dds.sec.access.builtin.Access-Permissions.permissions</name>
<value>file://permissions_helloworld.smime</value>
</property>
<!-- Activate Crypto:AES-GCM-GMAC plugin -->
<property>
<name>dds.sec.crypto.plugin</name>
<value>builtin.AES-GCM-GMAC</value>
</property>
</properties>
</propertiesPolicy>
</rtps>
</participant>
</profiles>
</dds>

63 changes: 60 additions & 3 deletions test/system/tools/fds/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ def test_fast_discovery_parse_XML_file_URI_profile(fast_discovery_tool):
for add in EXPECTED_SERVER_ADDRESS:
exit_code = check_output(output, err, add, False)
if exit_code != 0:
sys.exit(exit_code)
sys.exit(exit_code)
sys.exit(exit_code)


Expand Down Expand Up @@ -474,7 +474,7 @@ def test_fast_discovery_backup(fast_discovery_tool):
if exit_code != 0:
sys.exit(exit_code)
for add in EXPECTED_SERVER_ADDRESS:
exit_code = check_output(output, err, add, False)
exit_code = check_output(output, err, add, False)
if exit_code != 0:
sys.exit(exit_code)

Expand All @@ -492,7 +492,7 @@ def test_fast_discovery_backup(fast_discovery_tool):
if exit_code != 0:
sys.exit(exit_code)
for add in EXPECTED_XML_SERVER_ADDRESS:
exit_code = check_output(output, err, add, False)
exit_code = check_output(output, err, add, False)
if exit_code != 0:
sys.exit(exit_code)

Expand Down Expand Up @@ -565,6 +565,57 @@ def test_fast_discovery_non_existent_profile(fast_discovery_tool):
exit_code = check_output(output, err, "Error loading specified profile from XML file", True)
sys.exit(exit_code)

def test_fast_discovery_security_disabled(fast_discovery_tool):
"""Test failure when Security is YES without being secure"""

command = [fast_discovery_tool, '-i', '0']
output, err, exit_code = send_command(command)
if exit_code != 0:
print(output)
sys.exit(exit_code)

exit_code = check_output(output, err, "Security: NO", True)
MiguelCompany marked this conversation as resolved.
Show resolved Hide resolved
sys.exit(exit_code)

def test_fast_discovery_security_enabled_xml_prefix(fast_discovery_tool):
"""Test failure when the printed guid is not the specified in the XML file"""

XML_file_path = "test_xml_secure_discovery_server.xml"
command = [fast_discovery_tool, '-x', XML_file_path]
output, err, exit_code = send_command(command)
if exit_code != 0:
print(output)
sys.exit(exit_code)
EXPECTED_OUTPUTS = [
"Security: YES",
"44.53.00.5f.45.50.52.4f.53.49.4d.41",
]
for pattern in EXPECTED_OUTPUTS:
exit_code = check_output(output, err, pattern, False)
if exit_code != 0:
break

sys.exit(exit_code)

def test_fast_discovery_security_enabled_cli_prefix(fast_discovery_tool):
"""Test failure when the printed guid is not the specified in the XML file"""

XML_file_path = "test_xml_secure_discovery_server.xml"
command = [fast_discovery_tool, '-i', '0', '-x', 'secure_ds_no_prefix@' + XML_file_path]
output, err, exit_code = send_command(command)
if exit_code != 0:
print(output)
sys.exit(exit_code)
EXPECTED_OUTPUTS = [
"Security: YES",
"44.53.00.5f.45.50.52.4f.53.49.4d.41",
]
for pattern in EXPECTED_OUTPUTS:
exit_code = check_output(output, err, pattern, False)
if exit_code != 0:
break

sys.exit(exit_code)

if __name__ == '__main__':

Expand Down Expand Up @@ -615,6 +666,12 @@ def test_fast_discovery_non_existent_profile(fast_discovery_tool):
test_fast_discovery_invalid_locator(args.binary_path),
'test_fast_discovery_non_existent_profile': lambda:
test_fast_discovery_non_existent_profile(args.binary_path),
'test_fast_discovery_security_disabled': lambda:
test_fast_discovery_security_disabled(args.binary_path),
'test_fast_discovery_security_enabled_xml_prefix': lambda:
test_fast_discovery_security_enabled_xml_prefix(args.binary_path),
'test_fast_discovery_security_enabled_cli_prefix': lambda:
test_fast_discovery_security_enabled_cli_prefix(args.binary_path)
}

tests[args.test_name]()
13 changes: 12 additions & 1 deletion tools/fds/server.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,8 @@ int fastdds_discovery_server(
}
}

fastrtps::rtps::GuidPrefix_t guid_prefix = participantQos.wire_protocol().prefix;

// Create the server
int return_value = 0;
DomainParticipant* pServer = DomainParticipantFactory::get_instance()->create_participant(0, participantQos);
Expand All @@ -394,13 +396,22 @@ int fastdds_discovery_server(
// Handle signal SIGINT for every thread
signal(SIGINT, sigint_handler);

bool has_security = false;
if (guid_prefix != pServer->guid().guidPrefix)
{
has_security = true;
}

// Print running server attributes
std::cout << "### Server is running ###" << std::endl;
std::cout << " Participant Type: " <<
participantQos.wire_protocol().builtin.discovery_config.discoveryProtocol <<
std::endl;
std::cout << " Security: " << (has_security ? "YES" : "NO") << std::endl;
std::cout << " Server ID: " << server_id << std::endl;
std::cout << " Server GUID prefix: " << pServer->guid().guidPrefix << std::endl;
std::cout << " Server GUID prefix: " <<
(has_security ? participantQos.wire_protocol().prefix : pServer->guid().guidPrefix) <<
std::endl;
std::cout << " Server Addresses: ";
for (auto locator_it = participantQos.wire_protocol().builtin.metatrafficUnicastLocatorList.begin();
locator_it != participantQos.wire_protocol().builtin.metatrafficUnicastLocatorList.end();)
Expand Down