[17090] Added Security print to fast-discovery-server executable

test/system/tools/fds/CMakeLists.txt

@@ -39,24 +39,47 @@ if(PYTHONINTERP_FOUND)
  test_fast_discovery_non_existent_profile
  )
 
+ if(SECURITY)
+ set(TESTS
+ ${TESTS}
+ test_fast_discovery_security_disabled
+ test_fast_discovery_security_enabled_xml_prefix
+ test_fast_discovery_security_enabled_cli_prefix
+ )
+
+ configure_file(${PROJECT_SOURCE_DIR}/test/certs/maincacert.pem
+ ${CMAKE_CURRENT_BINARY_DIR}/maincacert.pem COPYONLY)
+ configure_file(${PROJECT_SOURCE_DIR}/test/certs/mainsubcert.pem
+ ${CMAKE_CURRENT_BINARY_DIR}/mainsubcert.pem COPYONLY)
+ configure_file(${PROJECT_SOURCE_DIR}/test/certs/mainsubkey.pem
+ ${CMAKE_CURRENT_BINARY_DIR}/mainsubkey.pem COPYONLY)
+ configure_file(${PROJECT_SOURCE_DIR}/test/certs/governance_helloworld_all_enable.smime
+ ${CMAKE_CURRENT_BINARY_DIR}/governance_helloworld_all_enable.smime COPYONLY)
+ configure_file(${PROJECT_SOURCE_DIR}/test/certs/permissions_helloworld.smime
+ ${CMAKE_CURRENT_BINARY_DIR}/permissions_helloworld.smime COPYONLY)
+
+ configure_file("test_xml_secure_discovery_server.xml" "test_xml_secure_discovery_server.xml" COPYONLY)
+ endif()
+
+
  # windows auxiliary script to fork test execution
  set(PWS_LAUNCHER
  ${CMAKE_CURRENT_SOURCE_DIR}/launcher.ps1
  )
 
  # Calculate environment
- set(TEST_ENVIRONMENT 
+ set(TEST_ENVIRONMENT
  "PATH=$ENV{PATH};$<TARGET_FILE_DIR:fastcdr>;$<TARGET_FILE_DIR:fastrtps>")
 
  if(WIN32)
 
  if(TARGET tinyxml2 OR TARGET tinyxml2::tinyxml2)
- set(TEST_ENVIRONMENT 
+ set(TEST_ENVIRONMENT
  "${TEST_ENVIRONMENT};$<TARGET_FILE_DIR:${TINYXML2_LIBRARY}>")
- elseif(EXISTS TINYXML2_LIBRARY) 
+ elseif(EXISTS TINYXML2_LIBRARY)
  get_filename_component(
  TINYXML2_LIBRARY_DIR ${TINYXML2_LIBRARY} DIRECTORY)
- set(TEST_ENVIRONMENT 
+ set(TEST_ENVIRONMENT
  "${TEST_ENVIRONMENT};${TINYXML2_LIBRARY_DIR}")
  unset(TINYXML2_LIBRARY_DIR)
  endif()

test/system/tools/fds/test_xml_secure_discovery_server.xml

@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dds xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles" >
+ <profiles>
+ <participant profile_name="secure_ds_with_prefix" is_default_profile="true">
+ <rtps>
+ <prefix>44.53.00.5f.45.50.52.4f.53.49.4d.41</prefix>
+ <builtin>
+ <discovery_config>
+ <discoveryProtocol>SERVER</discoveryProtocol>
+ </discovery_config>
+ <metatrafficUnicastLocatorList>
+ <locator>
+ <udpv4>
+ <address>127.0.0.1</address>
+ <port>11811</port>
+ </udpv4>
+ </locator>
+ </metatrafficUnicastLocatorList>
+ </builtin>
+ <propertiesPolicy>
+ <properties>
+ <!-- Activate Auth:PKI-DH plugin -->
+ <property>
+ <name>dds.sec.auth.plugin</name>
+ <value>builtin.PKI-DH</value>
+ </property>
+ <!-- Configure Auth:PKI-DH plugin -->
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.identity_ca</name>
+ <value>file://maincacert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.identity_certificate</name>
+ <value>file://mainsubcert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.private_key</name>
+ <value>file://mainsubkey.pem</value>
+ </property>
+ <!-- Activate Access:Permissions plugin -->
+ <property>
+ <name>dds.sec.access.plugin</name>
+ <value>builtin.Access-Permissions</value>
+ </property>
+ <!-- Configure Access:Permissions plugin -->
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.permissions_ca</name>
+ <value>file://maincacert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.governance</name>
+ <value>file://governance_helloworld_all_enable.smime</value>
+ </property>
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.permissions</name>
+ <value>file://permissions_helloworld.smime</value>
+ </property>
+ <!-- Activate Crypto:AES-GCM-GMAC plugin -->
+ <property>
+ <name>dds.sec.crypto.plugin</name>
+ <value>builtin.AES-GCM-GMAC</value>
+ </property>
+ </properties>
+ </propertiesPolicy>
+ </rtps>
+ </participant>
+ <participant profile_name="secure_ds_no_prefix">
+ <rtps>
+ <builtin>
+ <discovery_config>
+ <discoveryProtocol>SERVER</discoveryProtocol>
+ </discovery_config>
+ <metatrafficUnicastLocatorList>
+ <locator>
+ <udpv4>
+ <address>127.0.0.1</address>
+ <port>11811</port>
+ </udpv4>
+ </locator>
+ </metatrafficUnicastLocatorList>
+ </builtin>
+ <propertiesPolicy>
+ <properties>
+ <!-- Activate Auth:PKI-DH plugin -->
+ <property>
+ <name>dds.sec.auth.plugin</name>
+ <value>builtin.PKI-DH</value>
+ </property>
+ <!-- Configure Auth:PKI-DH plugin -->
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.identity_ca</name>
+ <value>file://maincacert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.identity_certificate</name>
+ <value>file://mainsubcert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.auth.builtin.PKI-DH.private_key</name>
+ <value>file://mainsubkey.pem</value>
+ </property>
+ <!-- Activate Access:Permissions plugin -->
+ <property>
+ <name>dds.sec.access.plugin</name>
+ <value>builtin.Access-Permissions</value>
+ </property>
+ <!-- Configure Access:Permissions plugin -->
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.permissions_ca</name>
+ <value>file://maincacert.pem</value>
+ </property>
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.governance</name>
+ <value>file://governance_helloworld_all_enable.smime</value>
+ </property>
+ <property>
+ <name>dds.sec.access.builtin.Access-Permissions.permissions</name>
+ <value>file://permissions_helloworld.smime</value>
+ </property>
+ <!-- Activate Crypto:AES-GCM-GMAC plugin -->
+ <property>
+ <name>dds.sec.crypto.plugin</name>
+ <value>builtin.AES-GCM-GMAC</value>
+ </property>
+ </properties>
+ </propertiesPolicy>
+ </rtps>
+ </participant>
+ </profiles>
+</dds>
+

test/system/tools/fds/tests.py

@@ -264,7 +264,7 @@ def test_fast_discovery_parse_XML_file_URI_profile(fast_discovery_tool):
  for add in EXPECTED_SERVER_ADDRESS:
  exit_code = check_output(output, err, add, False)
  if exit_code != 0:
- sys.exit(exit_code) 
+ sys.exit(exit_code)
  sys.exit(exit_code)
 
 
@@ -474,7 +474,7 @@ def test_fast_discovery_backup(fast_discovery_tool):
  if exit_code != 0:
  sys.exit(exit_code)
  for add in EXPECTED_SERVER_ADDRESS:
- exit_code = check_output(output, err, add, False) 
+ exit_code = check_output(output, err, add, False)
  if exit_code != 0:
  sys.exit(exit_code)
 
@@ -492,7 +492,7 @@ def test_fast_discovery_backup(fast_discovery_tool):
  if exit_code != 0:
  sys.exit(exit_code)
  for add in EXPECTED_XML_SERVER_ADDRESS:
- exit_code = check_output(output, err, add, False) 
+ exit_code = check_output(output, err, add, False)
  if exit_code != 0:
  sys.exit(exit_code)
 
@@ -565,6 +565,35 @@ def test_fast_discovery_non_existent_profile(fast_discovery_tool):
  exit_code = check_output(output, err, "Error loading specified profile from XML file", True)
  sys.exit(exit_code)
 
+def test_fast_discovery_security_disabled(fast_discovery_tool):
+ """Test failure when Security is YES without being secure"""
+
+ command = [fast_discovery_tool, '-i', '0']
+ output, err, exit_code = send_command(command)
+ exit_code = check_output(output, err, "Security: NO", True)
+ sys.exit(exit_code)
+
+def test_fast_discovery_security_enabled_xml_prefix(fast_discovery_tool):
+ """Test failure when the printed guid is not the specified in the XML file"""
+
+ XML_file_path = "test_xml_secure_discovery_server.xml"
+ command = [fast_discovery_tool, '-x', XML_file_path]
+ output, err, exit_code = send_command(command)
+ exit_code = check_output(output, err, "Security: YES", True)
+ output, err, exit_code = send_command(command)
+ exit_code = check_output(output, err, "44.53.00.5f.45.50.52.4f.53.49.4d.41", True)
+ sys.exit(exit_code)
+
+def test_fast_discovery_security_enabled_cli_prefix(fast_discovery_tool):
+ """Test failure when the printed guid is not the specified in the XML file"""
+
+ XML_file_path = "test_xml_secure_discovery_server.xml"
+ command = [fast_discovery_tool, '-i', '0', '-x', 'secure_ds_no_prefix@' + XML_file_path]
+ output, err, exit_code = send_command(command)
+ exit_code = check_output(output, err, "Security: YES", True)
+ output, err, exit_code = send_command(command)
+ exit_code = check_output(output, err, "44.53.00.5f.45.50.52.4f.53.49.4d.41", True)
+ sys.exit(exit_code)
 
 if __name__ == '__main__':
 
@@ -615,6 +644,12 @@ def test_fast_discovery_non_existent_profile(fast_discovery_tool):
  test_fast_discovery_invalid_locator(args.binary_path),
  'test_fast_discovery_non_existent_profile': lambda:
  test_fast_discovery_non_existent_profile(args.binary_path),
+ 'test_fast_discovery_security_disabled': lambda:
+ test_fast_discovery_security_disabled(args.binary_path),
+ 'test_fast_discovery_security_enabled_xml_prefix': lambda:
+ test_fast_discovery_security_enabled_xml_prefix(args.binary_path),
+ 'test_fast_discovery_security_enabled_cli_prefix': lambda:
+ test_fast_discovery_security_enabled_cli_prefix(args.binary_path)
  }
 
  tests[args.test_name]()

tools/fds/server.cpp

@@ -378,6 +378,8 @@ int fastdds_discovery_server(
  }
  }
 
+ fastrtps::rtps::GuidPrefix_t guid_prefix = participantQos.wire_protocol().prefix;
+
  // Create the server
  int return_value = 0;
  DomainParticipant* pServer = DomainParticipantFactory::get_instance()->create_participant(0, participantQos);
@@ -394,13 +396,22 @@ int fastdds_discovery_server(
  // Handle signal SIGINT for every thread
  signal(SIGINT, sigint_handler);
 
+ bool has_security = false;
+ if (guid_prefix != pServer->guid().guidPrefix)
+ {
+ has_security = true;
+ }
+
  // Print running server attributes
  std::cout << "### Server is running ###" << std::endl;
  std::cout << " Participant Type: " <<
  participantQos.wire_protocol().builtin.discovery_config.discoveryProtocol <<
  std::endl;
+ std::cout << " Security: " << (has_security ? "YES" : "NO") << std::endl;
  std::cout << " Server ID: " << server_id << std::endl;
- std::cout << " Server GUID prefix: " << pServer->guid().guidPrefix << std::endl;
+ std::cout << " Server GUID prefix: " <<
+ (has_security ? participantQos.wire_protocol().prefix : pServer->guid().guidPrefix) <<
+ std::endl;
  std::cout << " Server Addresses: ";
  for (auto locator_it = participantQos.wire_protocol().builtin.metatrafficUnicastLocatorList.begin();
  locator_it != participantQos.wire_protocol().builtin.metatrafficUnicastLocatorList.end();)